Comments (5)
I'll take a look. The code is supposed to work as it did previously, with some minor adjustments.
from aws-nitro-enclaves-cose.
I was able to reproduce the issue. I don't think it's strictly related to aws-nitro-enclaves-cose, but rather to either openssl itself or the openssl crate. openssl is trying to initialize it's entropy pool, even if it does not require it, and is getting stuck because of it. I've tried using this with our latest artifacts (including PR aws/aws-nitro-enclaves-sdk-bootstrap#9) and it finishes without issues. I'll look into a mitigation for Rust until these artifacts are ready to be published, to help seed the random pool directly.
from aws-nitro-enclaves-cose.
I was able to reproduce the issue. I don't think it's strictly related to aws-nitro-enclaves-cose, but rather to either openssl itself or the openssl crate. openssl is trying to initialize it's entropy pool, even if it does not require it, and is getting stuck because of it. I've tried using this with our latest artifacts (including PR aws/aws-nitro-enclaves-sdk-bootstrap#9) and it finishes without issues. I'll look into a mitigation for Rust until these artifacts are ready to be published, to help seed the random pool directly.
Thanks for your great job, I'm looking forward to seeing this can be done
from aws-nitro-enclaves-cose.
This bit of code seeds the random pool with entropy from NSM:
use nsm_io::{Request, Response};
use std::convert::TryInto;
use std::fs::OpenOptions;
use std::io::Write;
use std::os::unix::io::AsRawFd;
const RND_IOC_MAGIC: u8 = b'R';
const RND_IOC_ADDTOENTCNT: u8 = 0x01;
nix::ioctl_write_ptr!(add_entropy_count, RND_IOC_MAGIC, RND_IOC_ADDTOENTCNT, libc::c_int);
fn seed_entropy(nsm_fd: i32, target: usize) {
let mut written = 0;
let mut file = OpenOptions::new().write(true).open("/dev/random").unwrap();
while written < target {
let request = Request::GetRandom;
let response = nsm_driver::nsm_process_request(nsm_fd, request);
let rand_bytes = match response {
Response::GetRandom { random } => random,
response => panic!("unexpected response {:?}", response),
};
file.write_all(rand_bytes.as_slice()).unwrap();
written = written.saturating_add(rand_bytes.len());
}
unsafe {
let bits: libc::c_int = written.try_into().unwrap();
add_entropy_count(file.as_raw_fd().into(), &bits as *const libc::c_int).unwrap();
}
}
fn main() {
let nsm_fd = nsm_driver::nsm_init();
seed_entropy(nsm_fd, 1024);
nsm_driver::nsm_exit(nsm_fd);
}
from aws-nitro-enclaves-cose.
Let me know if this works for you, and if not, please re-open the issue.
from aws-nitro-enclaves-cose.
Related Issues (12)
- Update crate for current verson HOT 2
- Implement COSE Encryption objects HOT 2
- running in enclave got "/bin/sh: /myapp: not found" error HOT 7
- tag new release HOT 5
- Question on crypto backends HOT 2
- Implement Parsec backend
- Can Attestation Documents be verified using this ? HOT 1
- Failed to parse NSM attestation document as `CoseSign1` HOT 3
- Add support for signing with asymmetric AWS KMS keys
- Build error with latest serde versions
- Use ciborium or minicbpr instead of serde_cbor
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aws-nitro-enclaves-cose.