Dear,
I'm currently modifying tz_vmm to use openssl (librcrypto) to generate RSA key pair on i.mx53 QSB. (That is, RSA key pair is generated inside the Secure World.)
Whenever I try to execute the following code, the error occurs.
The source code in tz_vmm (main.cc) =========================================================== /* key pair generation */ int generate_keypair(){ int keylen; char *pem_key; BIGNUM *e=NULL;
keypair = RSA_new();
e = BN_new(); BN_set_word(e, 65537);
if (!RSA_generate_key_ex(keypair, 2048, e, NULL)) PERR("failed to generate key pair");
/* the big number is no longer used */ BN_free(e); e = NULL;
/* To get the C-string PEM form: */ BIO *pub = BIO_new(BIO_s_mem()); PEM_write_bio_RSAPublicKey(pub, keypair);
keylen = BIO_pending(pub); pem_key = (char*)malloc(keylen+1); BIO_read(pub, pem_key, keylen); pem_key[keylen+1] = '\0';
BIO_free_all(pub);
return keylen; }
The error code (imx53 QSB) ============================================================ [init -> tz_vmm] read_rtc: rtc not configured, returning 0 [init -> tz_vmm] no plugin found for fcntl(2) [init -> tz_vmm] no plugin found for write(2) [init -> tz_vmm] failed to generate key pair
What should I do to fix up this error? Any comment is welcome.
I'm looking forward to your kind response.
My Best Regards, Jaemin Park
Hello Jaemin,
* Jaemin Park <jmpark81@...9...> [2015-12-09 17:52:19 +0900]:
I'm currently modifying tz_vmm to use openssl (librcrypto) to generate RSA key pair on i.mx53 QSB. (That is, RSA key pair is generated inside the Secure World.)
Whenever I try to execute the following code, the error occurs.
The source code in tz_vmm (main.cc)
/* key pair generation */ int generate_keypair(){ int keylen; char *pem_key; BIGNUM *e=NULL;
keypair = RSA_new(); e = BN_new(); BN_set_word(e, 65537); if (!RSA_generate_key_ex(keypair, 2048, e, NULL)) PERR("failed to generate key pair"); /* the big number is no longer used */ BN_free(e); e = NULL; /* To get the C-string PEM form: */ BIO *pub = BIO_new(BIO_s_mem()); PEM_write_bio_RSAPublicKey(pub, keypair); keylen = BIO_pending(pub); pem_key = (char*)malloc(keylen+1); BIO_read(pub, pem_key, keylen); pem_key[keylen+1] = '\0'; BIO_free_all(pub); return keylen; }The error code (imx53 QSB)
[init -> tz_vmm] read_rtc: rtc not configured, returning 0 [init -> tz_vmm] no plugin found for fcntl(2) [init -> tz_vmm] no plugin found for write(2) [init -> tz_vmm] failed to generate key pair
What should I do to fix up this error? Any comment is welcome.
The 'no plugin found' messages inform you that the component could not open fd 2 (= stderr). You have to point the libc to the VFS node that provides stderr (see [1]). I suspect libcrypto wants to print some error message. On a side note, our libcrypto port uses the normal POSIX backend and wants to use '/dev/random'. Therefore you have to configure the VFS to provide this node.
Note that there is currently no random source besides an older version of the jitterentropy RNG [2] available on Genode. So, for all use cases that go beyond mere experimentation, the generated keys should be considered as insecure if you only use this as source.
Regards Josef
[1] http://genode.org/documentation/release-notes/14.05#Per-process_virtual_file... [2] http://www.chronox.de/jent.html
Hi,
Thank you for your response.
I could figure out the problems in my test program. I'll also consider your comments on "random", but currently I'm implementing the test program only. (It's fine till now.)
On Wed, Dec 9, 2015 at 8:05 PM, Josef Söntgen < josef.soentgen@...1...> wrote:
Hello Jaemin,
- Jaemin Park <jmpark81@...9...> [2015-12-09 17:52:19 +0900]:
I'm currently modifying tz_vmm to use openssl (librcrypto) to generate
RSA
key pair on i.mx53 QSB. (That is, RSA key pair is generated inside the Secure World.)
Whenever I try to execute the following code, the error occurs.
The source code in tz_vmm (main.cc)
/* key pair generation */ int generate_keypair(){ int keylen; char *pem_key; BIGNUM *e=NULL;
keypair = RSA_new(); e = BN_new(); BN_set_word(e, 65537); if (!RSA_generate_key_ex(keypair, 2048, e, NULL)) PERR("failed to generate key pair"); /* the big number is no longer used */ BN_free(e); e = NULL; /* To get the C-string PEM form: */ BIO *pub = BIO_new(BIO_s_mem()); PEM_write_bio_RSAPublicKey(pub, keypair); keylen = BIO_pending(pub); pem_key = (char*)malloc(keylen+1); BIO_read(pub, pem_key, keylen); pem_key[keylen+1] = '\0'; BIO_free_all(pub); return keylen; }The error code (imx53 QSB)
[init -> tz_vmm] read_rtc: rtc not configured, returning 0 [init -> tz_vmm] no plugin found for fcntl(2) [init -> tz_vmm] no plugin found for write(2) [init -> tz_vmm] failed to generate key pair
What should I do to fix up this error? Any comment is welcome.
The 'no plugin found' messages inform you that the component could not open fd 2 (= stderr). You have to point the libc to the VFS node that provides stderr (see [1]). I suspect libcrypto wants to print some error message. On a side note, our libcrypto port uses the normal POSIX backend and wants to use '/dev/random'. Therefore you have to configure the VFS to provide this node.
Note that there is currently no random source besides an older version of the jitterentropy RNG [2] available on Genode. So, for all use cases that go beyond mere experimentation, the generated keys should be considered as insecure if you only use this as source.
Regards Josef
[1] http://genode.org/documentation/release-notes/14.05#Per-process_virtual_file... [2] http://www.chronox.de/jent.html
genode-main mailing list genode-main@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/genode-main
I think everyone has questioned the quality of Jitterentropy (for safety's sake) so I ported over the TestU01 suite, which from what I've read is notable for giving failing scores to most of the popular RNGs. Jitterentropy passes the shortest two of the four test batteries, but is two slow to practically test against the larger two tests.
Speed aside, I think it is looking like a good entropy source, but then again I wouldn't be shocked if OpenSSL runs a crappy amplifier over top of /dev/random.
I have the tests in my external repo: https://github.com/ehmry/genode-emery https://github.com/ehmry/genode-emery/commit/769d1fa7fe0185b57675527f966e7b7... https://github.com/ehmry/genode-emery/commit/cd48931ee05b228bbd47269b338fb1b...
Test output http://ipfs.io/ipfs/QmePQrzxbDeXbjzq654hURU642QzJc3Eujh46gHvpUkBvL jitterentropy_alphabet.log http://ipfs.io/ipfs/QmZrRdnBbSByJxLxy4m2ihktKwebp5NhG9ZoSPYhwWZg4D jitterentropy_rabbit.log
TestU01 documentation http://simul.iro.umontreal.ca/testu01/tu01.html
Cheers, Emery
On Fri, Dec 11, 2015 at 11:59:27AM +0900, Jaemin Park wrote:
I'll also consider your comments on "random", but currently I'm implementing the test program only. (It's fine till now.)
On Wed, Dec 9, 2015 at 8:05 PM, Josef Söntgen <
Note that there is currently no random source besides an older version of the jitterentropy RNG [2] available on Genode. So, for all use cases that go beyond mere experimentation, the generated keys should be considered as insecure if you only use this as source.
-
Emery Hemingway -
Jaemin Park -
Josef Söntgen