RSA key pair generation in tz_vmm
Jaemin Park
jmpark81 at ...9...
Fri Dec 11 03:59:27 CET 2015
Hi,
Thank you for your response.
I could figure out the problems in my test program.
I'll also consider your comments on "random", but currently I'm
implementing the test program only. (It's fine till now.)
On Wed, Dec 9, 2015 at 8:05 PM, Josef Söntgen <
josef.soentgen at ...1...> wrote:
> Hello Jaemin,
>
> * Jaemin Park <jmpark81 at ...9...> [2015-12-09 17:52:19 +0900]:
> > I'm currently modifying tz_vmm to use openssl (librcrypto) to generate
> RSA
> > key pair on i.mx53 QSB.
> > (That is, RSA key pair is generated inside the Secure World.)
> >
> > Whenever I try to execute the following code, the error occurs.
> >
> > The source code in tz_vmm (main.cc)
> > ===========================================================
> > /* key pair generation */
> > int generate_keypair(){
> > int keylen;
> > char *pem_key;
> > BIGNUM *e=NULL;
> >
> > keypair = RSA_new();
> >
> > e = BN_new();
> > BN_set_word(e, 65537);
> >
> > if (!RSA_generate_key_ex(keypair, 2048, e, NULL))
> > PERR("failed to generate key pair");
> >
> > /* the big number is no longer used */
> > BN_free(e);
> > e = NULL;
> >
> > /* To get the C-string PEM form: */
> > BIO *pub = BIO_new(BIO_s_mem());
> > PEM_write_bio_RSAPublicKey(pub, keypair);
> >
> > keylen = BIO_pending(pub);
> > pem_key = (char*)malloc(keylen+1);
> > BIO_read(pub, pem_key, keylen);
> > pem_key[keylen+1] = '\0';
> >
> > BIO_free_all(pub);
> >
> > return keylen;
> > }
> >
> > The error code (imx53 QSB)
> > ============================================================
> > [init -> tz_vmm] read_rtc: rtc not configured, returning 0
> > [init -> tz_vmm] no plugin found for fcntl(2)
> > [init -> tz_vmm] no plugin found for write(2)
> > [init -> tz_vmm] failed to generate key pair
> >
> > What should I do to fix up this error?
> > Any comment is welcome.
>
> The 'no plugin found' messages inform you that the component could not
> open fd 2 (= stderr). You have to point the libc to the VFS node that
> provides stderr (see [1]). I suspect libcrypto wants to print some
> error message. On a side note, our libcrypto port uses the normal POSIX
> backend and wants to use '/dev/random'. Therefore you have to configure
> the VFS to provide this node.
>
> Note that there is currently no random source besides an older version
> of the jitterentropy RNG [2] available on Genode. So, for all use cases
> that go beyond mere experimentation, the generated keys should be
> considered as insecure if you only use this as source.
>
>
> Regards Josef
>
> [1]
> http://genode.org/documentation/release-notes/14.05#Per-process_virtual_file_systems
> [2] http://www.chronox.de/jent.html
>
>
> ------------------------------------------------------------------------------
> _______________________________________________
> genode-main mailing list
> genode-main at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/genode-main
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.genode.org/pipermail/users/attachments/20151211/c8770d3c/attachment.html>
More information about the users
mailing list