RSA key pair generation in tz_vmm
Josef Söntgen
josef.soentgen at ...1...
Wed Dec 9 12:05:51 CET 2015
Hello Jaemin,
* Jaemin Park <jmpark81 at ...9...> [2015-12-09 17:52:19 +0900]:
> I'm currently modifying tz_vmm to use openssl (librcrypto) to generate RSA
> key pair on i.mx53 QSB.
> (That is, RSA key pair is generated inside the Secure World.)
>
> Whenever I try to execute the following code, the error occurs.
>
> The source code in tz_vmm (main.cc)
> ===========================================================
> /* key pair generation */
> int generate_keypair(){
> int keylen;
> char *pem_key;
> BIGNUM *e=NULL;
>
> keypair = RSA_new();
>
> e = BN_new();
> BN_set_word(e, 65537);
>
> if (!RSA_generate_key_ex(keypair, 2048, e, NULL))
> PERR("failed to generate key pair");
>
> /* the big number is no longer used */
> BN_free(e);
> e = NULL;
>
> /* To get the C-string PEM form: */
> BIO *pub = BIO_new(BIO_s_mem());
> PEM_write_bio_RSAPublicKey(pub, keypair);
>
> keylen = BIO_pending(pub);
> pem_key = (char*)malloc(keylen+1);
> BIO_read(pub, pem_key, keylen);
> pem_key[keylen+1] = '\0';
>
> BIO_free_all(pub);
>
> return keylen;
> }
>
> The error code (imx53 QSB)
> ============================================================
> [init -> tz_vmm] read_rtc: rtc not configured, returning 0
> [init -> tz_vmm] no plugin found for fcntl(2)
> [init -> tz_vmm] no plugin found for write(2)
> [init -> tz_vmm] failed to generate key pair
>
> What should I do to fix up this error?
> Any comment is welcome.
The 'no plugin found' messages inform you that the component could not
open fd 2 (= stderr). You have to point the libc to the VFS node that
provides stderr (see [1]). I suspect libcrypto wants to print some
error message. On a side note, our libcrypto port uses the normal POSIX
backend and wants to use '/dev/random'. Therefore you have to configure
the VFS to provide this node.
Note that there is currently no random source besides an older version
of the jitterentropy RNG [2] available on Genode. So, for all use cases
that go beyond mere experimentation, the generated keys should be
considered as insecure if you only use this as source.
Regards Josef
[1] http://genode.org/documentation/release-notes/14.05#Per-process_virtual_file_systems
[2] http://www.chronox.de/jent.html
More information about the users
mailing list