securekeylib - error in compilation

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

securekeylib - error in compilation

3,447 Views
antonio_santagi
Contributor IV

Hello,

 I am following the guide at : 

https://source.codeaurora.org/external/imxsupport/imx_sec_apps/tree/enhanced-openssl/README.md

 

It is all good up to the point :

### To install library:

cd securekey_lib

make

when I try this, I get these errors : 

cc1: error: /include: No such file or directory [-Werror=missing-include-dirs]
cc1: error: /include: No such file or directory [-Werror=missing-include-dirs]
src/securekey.c:10:10: fatal error: tee_client_api.h: No such file or directory
#include <tee_client_api.h>
^~~~~~~~~~~~~~~~~~

what does that "error: /include No such file or directory" refer to?

I checked the Makefile and added exported definition of CURDIR. 

is there anything else needed to define that is not in stated in the Readme instructions ?

I am sure OPTEE_CLIENT_EXPORT is set correctly.

In general I can build correctly other OP-TEE examples apps.

thank you

 

 

0 Kudos
Reply
8 Replies

3,234 Views
petter-osterlund
Contributor II

I have also fallen into the NXP "trap" using enhanced-openssl, saw it in the Video but then it is hell to get parts to compile. But now that I get exactly the same c-code compile errors that you others have. How can any of this ever been used? Passing in a char instead of a pointer e.g - how can that ever have worked? And then the set_verify() lacking the second callback function parameter.

Even if i get this all working eventually it seems just be a proof of concept but we wanted it for production.

0 Kudos
Reply

3,424 Views
antonio_santagi
Contributor IV

thank you, but versions I am using are more recent, so should I revert to older version ?I think we can't do that for some reasons.

0 Kudos
Reply

3,435 Views
antonio_santagi
Contributor IV

checked the history of ec.h at 

https://git.openssl.org/?p=openssl.git;a=history;f=include/openssl/ec.h;h=7978d96a34c693328cd0743c69... 

and method has always been with these parameters, since the very beginning : 

+void EC_KEY_METHOD_set_verify(EC_KEY_METHOD *meth,
+                              int (*verify)(int type, const unsigned
+                                            char *dgst, int dgst_len,
+                                            const unsigned char *sigbuf,
+                                            int sig_len, EC_KEY *eckey),
+                              int (*verify_sig)(const unsigned char *dgst,
+                                                int dgst_len,
+                                                const ECDSA_SIG *sig,
+                                                EC_KEY *eckey));
 
so, how can the eng_secure_obj.c file 
call the method with non matching number of parameters ?
 
0 Kudos
Reply

3,441 Views
antonio_santagi
Contributor IV

original reference to this topic is on application note AN12632 at : 

https://www.nxp.com.cn/docs/en/application-note/AN12632.pdf 

0 Kudos
Reply

3,441 Views
antonio_santagi
Contributor IV

I have solved some problems adapting symbol definitions in the Makefile.

Now I got the securekeylib compiled but I am stuck compiling the

 secureobj_openssl_engine

It's the last step stated at https://source.codeaurora.org/external/imxsupport/imx_sec_apps/tree/enhanced-openssl/README.md 

eng_secure_obj.c: In function ‘bind’:
eng_secure_obj.c:819:2: error: too few arguments to function ‘EC_KEY_METHOD_set_verify’
EC_KEY_METHOD_set_verify(secureobj_ec, secure_obj_ec_verify_sig);
I get :

^~~~~~~~~~~~~~~~~~~~~~~~

In file included from /home/develop/openssl/1.1.1b-r0/image/usr/include//openssl/engine.h:22,
from eng_secure_obj.c:16:
/home/develop/openssl/1.1.1b-r0/image/usr/include//openssl/ec.h:1312:6: note: declared here
void EC_KEY_METHOD_set_verify(EC_KEY_METHOD *meth,

 

I am using the imx bsp 4.9.35 rather than what is stated in the readme where they use 

4.14.98-2.0.0

could this be the cause of the problem ?

 

0 Kudos
Reply

3,432 Views
IvanRuiz
NXP Employee
NXP Employee

Hello,

 

It is an older version, the recommendation is to use the one stated in the readme.

 

BR,

Ivan.

0 Kudos
Reply

3,325 Views
matteo-facchinetti
Contributor II

Hello,

I stuck in a similar way of Antonio but
I'm using exactly the same version described in the readme:
https://source.codeaurora.org/external/imxsupport/imx_sec_apps/tree/enhanced-openssl/README.md so:
- IMX BSP version imx-4.14.98-2.0.0_ga
- openssl 1.0.2p-r0

and secureobj_openssl_engine give errors when compiling:

main problem is secure_obj_ec_sign() and secure_obj_ec_verify_sig() have different number of parameter rather then the function pointer prototype described in the ecdsa.h header in the openssl library.

from ecdsa.h:

void ECDSA_METHOD_set_sign(
    ECDSA_METHOD *ecdsa_method,
    ECDSA_SIG *(*ecdsa_do_sign (const unsigned char
                                                        *dgst, int dgst_len,
                                                        const BIGNUM *inv,
                                                        const BIGNUM *rp,
                                                        EC_KEY *eckey)
);

void ECDSA_METHOD_set_verify(
    ECDSA_METHOD *ecdsa_method,
    int (*ecdsa_do_verify) (const unsigned char
                                         *dgst, int dgst_len,
                                         const ECDSA_SIG *sig,
                                         EC_KEY *eckey)
);

from the eng_secure_obj.c:

static int secure_obj_ec_sign (
     int type, const unsigned char *dgst,
     int dlen, unsigned char *sig,
     unsigned int *siglen,
     const BIGNUM *kinv, const BIGNUM *r,
     EC_KEY *eckey
)

static int secure_obj_ec_verify_sig(
    int type,
    const unsigned char *dgst,
    int dgst_len,
    const unsigned char *sigbuf,
    int sig_len,
    EC_KEY *eckey
)

So functions paramenters don't mach....

 

What are exactly the condicion where the openssl engine is build?


In attachment the compiler output:

| Building Secure Object OpenSSL Engine App
| aarch64-poky-linux-gcc --sysroot=/opt/kas/imx-linux-sumo/build-xwayland/tmp/work/aarch64-poky-linux/securestorage-ta/r2-r0/recipe-sysroot -I/opt/kas/imx-linux-sumo/build-xwayland/tmp/work/aarch64-poky-linux/securestorage-ta/r2-r0/recipe-sysroot/usr/include/include -o app/sobj_eng_app app/sobj_eng_app.c -L -lssl -lcrypto
| eng_secure_obj.c: In function 'secure_obj_ec_verify_sig':
| eng_secure_obj.c:345:27: warning: passing argument 2 of 'ECDSA_verify' makes pointer from integer without a cast [-Wint-conversion]
| ret = ECDSA_verify(type, *dgst, dgst_len, *sigbuf,
| ^
| In file included from /opt/kas/imx-linux-sumo/build-xwayland/tmp/work/aarch64-poky-linux/securestorage-ta/r2-r0/recipe-sysroot/usr/include/openssl/engine.h:89:0,
| from eng_secure_obj.c:16:
| /opt/kas/imx-linux-sumo/build-xwayland/tmp/work/aarch64-poky-linux/securestorage-ta/r2-r0/recipe-sysroot/usr/include/openssl/ecdsa.h:221:5: note: expected 'const unsigned char *' but argument is of type 'unsigned char'
| int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen,
| ^~~~~~~~~~~~
| eng_secure_obj.c:345:44: warning: passing argument 4 of 'ECDSA_verify' makes pointer from integer without a cast [-Wint-conversion]
| ret = ECDSA_verify(type, *dgst, dgst_len, *sigbuf,
| ^
| In file included from /opt/kas/imx-linux-sumo/build-xwayland/tmp/work/aarch64-poky-linux/securestorage-ta/r2-r0/recipe-sysroot/usr/include/openssl/engine.h:89:0,
| from eng_secure_obj.c:16:
| /opt/kas/imx-linux-sumo/build-xwayland/tmp/work/aarch64-poky-linux/securestorage-ta/r2-r0/recipe-sysroot/usr/include/openssl/ecdsa.h:221:5: note: expected 'const unsigned char *' but argument is of type 'unsigned char'
| int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen,
| ^~~~~~~~~~~~
| eng_secure_obj.c: In function 'bind':
| eng_secure_obj.c:763:38: warning: passing argument 2 of 'ECDSA_METHOD_set_sign' from incompatible pointer type [-Wincompatible-pointer-types]
| ECDSA_METHOD_set_sign(secureobj_ec, secure_obj_ec_sign);
| ^~~~~~~~~~~~~~~~~~
| In file included from /opt/kas/imx-linux-sumo/build-xwayland/tmp/work/aarch64-poky-linux/securestorage-ta/r2-r0/recipe-sysroot/usr/include/openssl/engine.h:89:0,
| from eng_secure_obj.c:16:
| /opt/kas/imx-linux-sumo/build-xwayland/tmp/work/aarch64-poky-linux/securestorage-ta/r2-r0/recipe-sysroot/usr/include/openssl/ecdsa.h:262:6: note: expected 'ECDSA_SIG * (*)(const unsigned char *, int, const BIGNUM *, const BIGNUM *, EC_KEY *) {aka struct ECDSA_SIG_st * (*)(const unsigned char *, int, const struct bignum_st *, const struct bignum_st *, struct ec_key_st *)}' but argument is of type 'int (*)(int, const unsigned char *, int, unsigned char *, unsigned int *, const BIGNUM *, const BIGNUM *, EC_KEY *) {aka int (*)(int, const unsigned char *, int, unsigned char *, unsigned int *, const struct bignum_st *, const struct bignum_st *, struct ec_key_st *)}'
| void ECDSA_METHOD_set_sign(ECDSA_METHOD *ecdsa_method,
| ^~~~~~~~~~~~~~~~~~~~~
| eng_secure_obj.c:765:40: warning: passing argument 2 of 'ECDSA_METHOD_set_verify' from incompatible pointer type [-Wincompatible-pointer-types]
| /(secureobj_ec, secure_obj_ec_verify_sig);
| ^~~~~~~~~~~~~~~~~~~~~~~~
| In file included from /opt/kas/imx-linux-sumo/build-xwayland/tmp/work/aarch64-poky-linux/securestorage-ta/r2-r0/recipe-sysroot/usr/include/openssl/engine.h:89:0,
| from eng_secure_obj.c:16:
| /opt/kas/imx-linux-sumo/build-xwayland/tmp/work/aarch64-poky-linux/securestorage-ta/r2-r0/recipe-sysroot/usr/include/openssl/ecdsa.h:285:6: note: expected 'int (*)(const unsigned char *, int, const ECDSA_SIG *, EC_KEY *) {aka int (*)(const unsigned char *, int, const struct ECDSA_SIG_st *, struct ec_key_st *)}' but argument is of type 'int (*)(int, const unsigned char *, int, const unsigned char *, int, EC_KEY *) {aka int (*)(int, const unsigned char *, int, const unsigned char *, int, struct ec_key_st *)}'
| void ECDSA_METHOD_set_verify(ECDSA_METHOD *ecdsa_method,
| ^~~~~~~~~~~~~~~~~~~~~~~
| aarch64-poky-linux-gcc --sysroot=/opt/kas/imx-linux-sumo/build-xwayland/tmp/work/aarch64-poky-linux/securestorage-ta/r2-r0/recipe-sysroot -shared -fPIC -o libeng_secure_obj.so *.o -lpthread -L -lcrypto -L../SecureKey_Lib/out/securekey_lib -lsecure_obj
| /opt/kas/imx-linux-sumo/build-xwayland/tmp/work/aarch64-poky-linux/securestorage-ta/r2-r0/recipe-sysroot-native/usr/bin/aarch64-poky-linux/../../libexec/aarch64-poky-linux/gcc/aarch64-poky-linux/7.3.0/ld: cannot find -lsecure_obj
| collect2: error: ld returned 1 exit status
| Makefile:8: recipe for target 'engine' failed
| make: *** [engine] Error 1
| ERROR: oe_runmake failed
| WARNING: exit code 1 from a shell command.
| ERROR: Function failed: do_compile (log file is located at /opt/kas/imx-linux-sumo/build-xwayland/tmp/work/aarch64-poky-linux/securestorage-ta/r2-r0/temp/log.do_compile.407)
ERROR: Task (/opt/kas/imx-linux-sumo/sources/meta-teox/recipes-security/optee-imx/securestorage-ta.bb:do_compile) failed with exit code '1'

0 Kudos
Reply

3,410 Views

Hi, 

Please see also: https://www.nxp.com/docs/en/application-note/AN12838.pdf. Depending on your use-case, it can be a good option.

Regards,

Andreea 

0 Kudos
Reply