Topic: Need help!
Hello,
This is my first post in this forum. The earliest post on tpm.dev went unanswered. I hope someone can help clarify here. My question is two-fold:
FIRST: I wish to have equivalent of the below function, but for TPM:
if (wolfSSL_CTX_use_PrivateKey_file(ctx, KEY_FILE, WOLFSSL_FILETYPE_PEM) != SSL_SUCCESS)
{
// Turn off TLS
return 0;
}
Note: Here, KEY_FILE is a plain .crt text file on filesystem containing a private key. (This was used prior to TPM present on hardware).
SECOND: Regarding signing inside of TPM2 chip, I see i could use the following function:
/* [This is part of wolftpm2/tls/tls_server.c example:
* Private key only exists on the TPM and crypto callbacks are used for
* signing. Public key is required to enable TLS server auth.
* This API accepts public keys when crypto callbacks are enabled */
if (wolfSSL_CTX_use_PrivateKey_buffer(ctx, buffer, buffer_size, WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS)
{
..
}
It seems for the above function to use TPM2, we need to enable Crypto-callback and TPM2 should take care of signing using the callback. The following are the Steps I followed:
1. Generated raw file using keygen tool in wolftpm/examples (I renamed it to keyblob.bin)
2. I imported this to TPM to receive a temporary TPM2 handle (which went OK).
3. I have a public certificate (named test.crt) which contains public key (signed using CSR by Certificate Authority). so, this public certificate corresponds to the CSR generated by TPM for this private key.
4. I have enabled the crypto-dev callbacks.
So, now I have the TPM2 handle and certificate file. How can i register to the above buffer function using these for signing operations? In code I did:
readKeyblob -> get the private key
wolftpm2_load -> get the handle for the key stored by TPM
wolfSSL_CTX_use_PrivateKey_buffer -> The parameters were (ctx, keyBlob.priv.buffer, sizeof(keyBlob.priv.size)
What am I doing wrong?