SOLVED: Force use of engine all the time

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I know I've called this "solved", but I've achieved my objective about 98% 
so there's only a little bit left to go.

My changes to the source code for LibOpenSSL are confined to the file 
"rand_lib.c".

Firstly, I've added the following code:

#include <assert.h>
#include <sys/stat.h> 
#include <fcntl.h>

static int Dummy__seed(const void *buf, int num) { (void)buf; (void)num; 
return 1; }

static void Dummy__cleanup(void) { /* Do Nothing */ return; }

static int Dummy__add(const void *buf, int num, double randomness) { 
(void)buf; (void)num; (void)randomness; return 1; }

static int Dummy__status(void) { /* Do Nothing */ return 1; }

static void Do_Whatever_Needs_Done_For_TPM2(void)
{
	CRYPTO_THREAD_write_lock(rand_meth_lock);
	CRYPTO_THREAD_write_lock(rand_engine_lock);

	/* Initialize the dynamic engine loader */
	ENGINE_load_dynamic();

	ENGINE *tpm2_engine;
 
	/* If the first fails, try the second one */
	(tpm2_engine = ENGINE_by_id("tpm2tss")) || (tpm2_engine = 
ENGINE_by_id("libtpm2tss"));
	
	if ( NULL == tpm2_engine )
	{
		assert( 0 == "Do_Whatever_Needs_Done_For_TPM2: NULL == 
ENGINE_by_id" );
		abort();
	}

#   define TPM2TSS_SET_TCTI  (ENGINE_CMD_BASE + 1)
	
    if ( 0 == ENGINE_ctrl(tpm2_engine, TPM2TSS_SET_TCTI, 0, "device", 
NULL) )
    {
		assert( 0 == "Do_Whatever_Needs_Done_For_TPM2: 0 == 
ENGINE_ctrl(tcti:device)" );
		abort();
    }	
    
	int const init_res = ENGINE_init(tpm2_engine);
	
	if ( 0 == init_res )
	{
		assert( 0 == "Do_Whatever_Needs_Done_For_TPM2: 0 == 
ENGINE_init" );
		abort();
	}
		
	RAND_METHOD const *const p_rm = ENGINE_get_RAND(tpm2_engine);

	if ( NULL == p_rm )
	{
		assert( 0 == "Do_Whatever_Needs_Done_For_TPM2: NULL == 
ENGINE_get_RAND" );
		abort();
	}
	
	static RAND_METHOD funcptrs = {
		Dummy__seed,          /* seed() */
		0,							/* bytes() */
		Dummy__cleanup,       /* cleanup() */
		Dummy__add,           /* add() */
		0,			                /* pseudorand() */
		Dummy__status         /* status() */
	};
	
	funcptrs.bytes = p_rm->bytes;  //rand_meth.bytes;
	funcptrs.pseudorand = p_rm->bytes;  //rand_meth.pseudorand;
	funct_ref = tpm2_engine;
	default_RAND_meth = &funcptrs;
	rand_meth = funcptrs;  /* Even set the Drbg func pointers */

	/* DON'T DO THIS - - - ENGINE_set_default(tpm2_engine, 
ENGINE_METHOD_RAND); */
	
	CRYPTO_THREAD_unlock(rand_meth_lock);
	CRYPTO_THREAD_unlock(rand_engine_lock);
}


And then I add one line to the funciton "do_rand_init":

    Do_Whatever_Needs_Done_For_TPM2();

So my device starts up just fine, and the first thing I notice is that it 
takes a little longer to boot up (maybe because it takes a long longer to 
get random numbers from hardware?).

So, when I do the following at the command line:

    openssl rand -hex 128

It sometimes gives me back 128 bytes immediately, although sometimes it 
gives this:

ERROR:tcti:src/tss2-tcti/tcti-device.c:319:Tss2_Tcti_Device_Init() Failed 
to open device file /dev/tpm0: Device or resource busy
WARNING:esys:src/tss2-esys/esys_tcti_default.c:83:tcti_from_init() TCTI 
init for function 0x7f6528b376f6 failed with a000a
WARNING:esys:src/tss2-esys/esys_tcti_default.c:113:tcti_from_info() Could 
not initialize TCTI named: tcti-device
ERROR:esys:src/tss2-esys/esys_tcti_default.c:150:tcti_from_file() Could 
not initialize TCTI file: libtss2-tcti-default.so
WARNING:esys:src/tss2-esys/esys_tcti_default.c:137:tcti_from_file() Could 
not load TCTI file: libtss2-tcti-tabrmd.so

In order to try get around this problem of more than one thread (or 
process) acessing /dev/tpm0 simultaneously, I added a global named mutex 
to my code, and while it does improve things, it doesn't irradicate the 
problem completely.

I don't think any code other than "libcrypto.so" is using the TPM2, and so 
I don't know why I'm getting "device or resource busy" (considering I'm 
using a global named mutex)". I see that there's also a TPM2 tcti called 
"abrmd", and I'm not sure if this purpose is exactly what it's for.

Any ideas?





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux