Re: RSA key pair generation in tz_vmm

Wed, 09 Dec 2015 03:12:12 -0800 

Hello Jaemin,

* Jaemin Park <jmpar...@gmail.com> [2015-12-09 17:52:19 +0900]:
> I'm currently modifying tz_vmm to use openssl (librcrypto) to generate RSA
> key pair on i.mx53 QSB.
> (That is, RSA key pair is generated inside the Secure World.)
> 
> Whenever I try to execute the following code, the error occurs.
> 
> The source code in tz_vmm (main.cc)
> ===========================================================
> /* key pair generation */
>                 int generate_keypair(){
>                         int keylen;
>                         char *pem_key;
>                         BIGNUM *e=NULL;
> 
>                         keypair = RSA_new();
> 
>                         e = BN_new();
>                         BN_set_word(e, 65537);
> 
>                         if (!RSA_generate_key_ex(keypair, 2048, e, NULL))
>                                 PERR("failed to generate key pair");
> 
>                         /* the big number is no longer used */
>                         BN_free(e);
>                         e = NULL;
> 
>                         /* To get the C-string PEM form: */
>                         BIO *pub = BIO_new(BIO_s_mem());
>                         PEM_write_bio_RSAPublicKey(pub, keypair);
> 
>                         keylen = BIO_pending(pub);
>                         pem_key = (char*)malloc(keylen+1);
>                         BIO_read(pub, pem_key, keylen);
>                         pem_key[keylen+1] = '\0';
> 
>                         BIO_free_all(pub);
> 
>                         return keylen;
>                 }
> 
> The error code (imx53 QSB)
> ============================================================
> [init -> tz_vmm] read_rtc: rtc not configured, returning 0
> [init -> tz_vmm] no plugin found for fcntl(2)
> [init -> tz_vmm] no plugin found for write(2)
> [init -> tz_vmm] failed to generate key pair
> 
> What should I do to fix up this error?
> Any comment is welcome.

The 'no plugin found' messages inform you that the component could not
open fd 2 (= stderr). You have to point the libc to the VFS node that
provides stderr (see [1]). I suspect libcrypto wants to print some
error message. On a side note, our libcrypto port uses the normal POSIX
backend and wants to use '/dev/random'. Therefore you have to configure
the VFS to provide this node.

Note that there is currently no random source besides an older version
of the jitterentropy RNG [2] available on Genode. So, for all use cases
that go beyond mere experimentation, the generated keys should be
considered as insecure if you only use this as source.


Regards Josef

[1] 
http://genode.org/documentation/release-notes/14.05#Per-process_virtual_file_systems
[2] http://www.chronox.de/jent.html

------------------------------------------------------------------------------
_______________________________________________
genode-main mailing list
genode-main@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/genode-main

Reply via email to