OpenSSL error 2406C06E

n3k0m4 · September 10, 2021, 8:23am

Hello JerryChang,
I am using r32_release_v6.1 as a version of l4t.
To be able to reproduce the error you can swipe the code of crypto_service from Hwkey-agent to this:

/*
 * Copyright (c) 2020, NVIDIA Corporation. All Rights Reserved.
 *
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to deal
 * in the Software without restriction, including without limitation the rights
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 * copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:

 * The above copyright notice and this permission notice shall be included in
 * all copies or substantial portions of the Software.

 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 * THE SOFTWARE.
 */

#include <crypto_service.h>
#include <ekb_helper.h>
#include <openssl/aes.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#include <openssl/bn.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
#include <openssl/rsa.h>
#include <openssl/evp.h>
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/rand.h>

int padding = RSA_PKCS1_PADDING;
static char publicKey[] = "-----BEGIN PUBLIC KEY-----\n"
						  "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy8Dbv8prpJ/0kKhlGeJY\n"
						  "ozo2t60EG8L0561g13R29LvMR5hyvGZlGJpmn65+A4xHXInJYiPuKzrKUnApeLZ+\n"
						  "vw1HocOAZtWK0z3r26uA8kQYOKX9Qt/DbCdvsF9wF8gRK0ptx9M6R13NvBxvVQAp\n"
						  "fc9jB9nTzphOgM4JiEYvlV8FLhg9yZovMYd6Wwf3aoXK891VQxTr/kQYoq1Yp+68\n"
						  "i6T4nNq7NWC+UNVjQHxNQMQMzU6lWCX8zyg3yH88OAQkUXIXKfQ+NkvYQ1cxaMoV\n"
						  "PpY72+eVthKzpMeyHkBn7ciumk5qgLTEJAfWZpe4f4eFZj/Rc8Y8Jj2IS5kVPjUy\n"
						  "wQIDAQAB\n"
						  "-----END PUBLIC KEY-----\n";

static char privateKey[] = "-----BEGIN RSA PRIVATE KEY-----\n"
						   "MIIEowIBAAKCAQEAy8Dbv8prpJ/0kKhlGeJYozo2t60EG8L0561g13R29LvMR5hy\n"
						   "vGZlGJpmn65+A4xHXInJYiPuKzrKUnApeLZ+vw1HocOAZtWK0z3r26uA8kQYOKX9\n"
						   "Qt/DbCdvsF9wF8gRK0ptx9M6R13NvBxvVQApfc9jB9nTzphOgM4JiEYvlV8FLhg9\n"
						   "yZovMYd6Wwf3aoXK891VQxTr/kQYoq1Yp+68i6T4nNq7NWC+UNVjQHxNQMQMzU6l\n"
						   "WCX8zyg3yH88OAQkUXIXKfQ+NkvYQ1cxaMoVPpY72+eVthKzpMeyHkBn7ciumk5q\n"
						   "gLTEJAfWZpe4f4eFZj/Rc8Y8Jj2IS5kVPjUywQIDAQABAoIBADhg1u1Mv1hAAlX8\n"
						   "omz1Gn2f4AAW2aos2cM5UDCNw1SYmj+9SRIkaxjRsE/C4o9sw1oxrg1/z6kajV0e\n"
						   "N/t008FdlVKHXAIYWF93JMoVvIpMmT8jft6AN/y3NMpivgt2inmmEJZYNioFJKZG\n"
						   "X+/vKYvsVISZm2fw8NfnKvAQK55yu+GRWBZGOeS9K+LbYvOwcrjKhHz66m4bedKd\n"
						   "gVAix6NE5iwmjNXktSQlJMCjbtdNXg/xo1/G4kG2p/MO1HLcKfe1N5FgBiXj3Qjl\n"
						   "vgvjJZkh1as2KTgaPOBqZaP03738VnYg23ISyvfT/teArVGtxrmFP7939EvJFKpF\n"
						   "1wTxuDkCgYEA7t0DR37zt+dEJy+5vm7zSmN97VenwQJFWMiulkHGa0yU3lLasxxu\n"
						   "m0oUtndIjenIvSx6t3Y+agK2F3EPbb0AZ5wZ1p1IXs4vktgeQwSSBdqcM8LZFDvZ\n"
						   "uPboQnJoRdIkd62XnP5ekIEIBAfOp8v2wFpSfE7nNH2u4CpAXNSF9HsCgYEA2l8D\n"
						   "JrDE5m9Kkn+J4l+AdGfeBL1igPF3DnuPoV67BpgiaAgI4h25UJzXiDKKoa706S0D\n"
						   "4XB74zOLX11MaGPMIdhlG+SgeQfNoC5lE4ZWXNyESJH1SVgRGT9nBC2vtL6bxCVV\n"
						   "WBkTeC5D6c/QXcai6yw6OYyNNdp0uznKURe1xvMCgYBVYYcEjWqMuAvyferFGV+5\n"
						   "nWqr5gM+yJMFM2bEqupD/HHSLoeiMm2O8KIKvwSeRYzNohKTdZ7FwgZYxr8fGMoG\n"
						   "PxQ1VK9DxCvZL4tRpVaU5Rmknud9hg9DQG6xIbgIDR+f79sb8QjYWmcFGc1SyWOA\n"
						   "SkjlykZ2yt4xnqi3BfiD9QKBgGqLgRYXmXp1QoVIBRaWUi55nzHg1XbkWZqPXvz1\n"
						   "I3uMLv1jLjJlHk3euKqTPmC05HoApKwSHeA0/gOBmg404xyAYJTDcCidTg6hlF96\n"
						   "ZBja3xApZuxqM62F6dV4FQqzFX0WWhWp5n301N33r0qR6FumMKJzmVJ1TA8tmzEF\n"
						   "yINRAoGBAJqioYs8rK6eXzA8ywYLjqTLu/yQSLBn/4ta36K8DyCoLNlNxSuox+A5\n"
						   "w6z2vEfRVQDq4Hm4vBzjdi3QfYLNkTiTqLcvgWZ+eX44ogXtdTDO7c+GeMKWz4XX\n"
						   "uJSUVL5+CVjKLjZEJ6Qc2WZLl94xSwL71E41H4YciVnSCQxVc4Jw\n"
						   "-----END RSA PRIVATE KEY-----\n";
static RSA *createRSA(char *key, int pubtype)
{
	RSA *rsa = NULL;
	BIO *bio = NULL;

	bio = BIO_new(BIO_s_mem());
	if (bio == NULL)
	{
		TLOGI("bio is NULL!\n");
	}

	BIO_puts(bio, key);
	if (pubtype == 1)
	{
		rsa = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL);
	}
	else
	{
		rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL);
	}
	if (rsa == NULL)
	{
		TLOGI("wrong again\n");
	}
	BIO_free(bio);
	return rsa;
}
static int private_decrypt(unsigned char *enc_data, int data_len, char *key, unsigned char *decrypted)
{
	RSA *rsa = createRSA(key, 0);
	if (rsa != NULL)
	{
		int result = RSA_private_decrypt(data_len, enc_data, decrypted, rsa, RSA_PKCS1_PADDING);
		RSA_free(rsa);
		return result;
	}
	return 0;
}
int public_encrypt(unsigned char *data, int data_len, char *key, unsigned char *encrypted)
{
	RSA *rsa = createRSA(key, 1);
	if (rsa != NULL)
	{
		int result = RSA_public_encrypt(data_len, data, encrypted, rsa, padding);
		RSA_free(rsa);
		return result;
	}
	return 0;
}

void crypto_srv_process_req(iovec_t *ipc_msg, int len)
{
	crypto_srv_msg_t *msg = ipc_msg[0].base;
	uint8_t *payload = ipc_msg[1].base;
	int payload_len = msg->payload_len;
	uint8_t *data = NULL;
	uint8_t *key_in_ekb;
	unsigned long err;
	/*
	AES_KEY aes_key;
	int aes_enc_flag;
	int idx;
	*/

	key_in_ekb = ekb_get_key(EKB_USER_KEY_DISK_ENCRYPTION);
	if (key_in_ekb == NULL)
	{
		TLOGE("%s: get key in ekb failed\n", __func__);
		return;
	}

	data = malloc(CRYPTO_SRV_PAYLOAD_SIZE);
	if (data == NULL)
	{
		TLOGE("%s: malloc failed\n", __func__);
		return;
	}
	memcpy(data, payload, payload_len);
	if (msg->cmd == CRYPTO_SRV_CMD_ENCRYPT)
	{
		int size_ = public_encrypt(data, 1, publicKey, payload);
	}
	else
	{
		int size_ = private_decrypt(data, 1, privateKey, payload);
		
	}
	free(data);
}

The client app will take the input file from (./hwkey-agent -e -i input -o output -t) and encrypts it using RSA public encrypt then writes the result into the output file. If the output file is the same as the input it means that the call to RSA_public_encrypt did not pass.
Thanks for following up.

Topic		Replies	Views
error:2406C06E:random number generator:RAND_DRBG_instantiate:error retrieving entropy Jetson AGX Xavier security	3	263	May 7, 2024
Unable to use OpenSSL methods Jetson Xavier NX security	24	2814	October 18, 2021
How to use OpenSSL RSA in trusty? Jetson Xavier NX security	7	1303	October 18, 2021
[TRUSTY] - RSA Encryption / Decryption Jetson AGX Xavier security	7	973	December 17, 2021
Jetson TK1 ECDSA verify failure?? Jetson TK1	5	1648	August 23, 2014
[Boot Secure on TX2]how to flash package on TX2 use RSA key? Jetson TX2	10	1810	October 18, 2021
Xavier NX secure boot support with RSA 3072 key Jetson Xavier NX boot , security	3	668	October 18, 2021
L4T v28.2 odm_fuse with Ubuntu 16.04 Jetson TX2	17	2367	October 18, 2021
Postmortem: Jetson Xavier AGX will not get past Boot ROM after burning PKC+SBK+KEK256 Jetson AGX Xavier security	9	2000	April 20, 2022
How to run the CA (hwkey-app) and TA (hwkey-agent) on target (Jetson AGX Xavier) Jetson AGX Xavier security	14	1878	September 5, 2021

OpenSSL error 2406C06E

Related topics