-
Notifications
You must be signed in to change notification settings - Fork 61
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add TPM crypto callback support for RSA key generation #311
Conversation
026a17b
to
84866a5
Compare
03498df
to
249f9d4
Compare
f7f9353
to
a48b074
Compare
35213b1
to
4b433f2
Compare
…wc_ecc_make_key can use curve_id 0 (to detect), but we can get it from the "dp".
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It should be documented that WOLFSSL_PUBLIC_MP
is required for all the examples in examples/run_examples.sh
to succeed. Any reason not to add it to the recommended wolfSSL config in the readme?
Also seeing a failure in the csr test:
:~/git/wolfTPM $ ./examples/csr/csr -cert
TPM2 CSR Example
Trying TPM @ /dev/spidev0.0 (33 MHz)
Trying TPM @ /dev/spidev0.1 (33 MHz)
Found TPM @ /dev/spidev0.1
TPM2: Caps 0x30000697, Did 0x001b, Vid 0x15d1, Rid 0x16
TPM2_Startup pass
TPM2_SelfTest pass
TPM2_ReadPublic Handle 0x81000200: pub 282, name 34, qualifiedName 34
Loading SRK: Storage 0x81000200 (282 bytes)
Reading 506 bytes from rsa_test_blob.raw
Public Area (size 278):
Type: RSA (0x1), name: SHA256 (0xB), objAttr: 0x60460, authPolicy sz: 0
RSA: sym algorithm: NULL (0x10), sym keyBits: 0, sym mode: Unknown (0x0)
scheme: NULL (0x10), scheme hash: Unknown (0x0)
keyBits: 2048, exponent: 0x10001, unique size 256
Reading the private part of the key
TPM2_Load Key Handle 0x80000001
Loaded key to 0x80000001
TPM2_FlushContext: Closed handle 0x80000001
Failure 0xffffff39: Random Number Generator failed
That is correct. The ECC encrypt scheme requires direct mp_ math functions. It has already been added to wolfSSL's |
…cKey or ecdhKey population.
dec9783
to
05756ed
Compare
…and supports RSA and ECC. Requires wolfSSL/wolfTPM#311 Added CI testing for wolfPKCS11 with wolfTPM backend and single threaded. The keystore will use TPM NV if `WOLFPKCS11_TPM_STORE` is defined.
…LS tests, to avoid real random port collision with SWTPM sockets. Resolves TLS issue with "ERROR: failed to bind! errno 98".
05756ed
to
1853127
Compare
32c1e90
to
5013754
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tested with RPi / Infineon TPM
…and supports RSA and ECC. Requires wolfSSL/wolfTPM#311 Added CI testing for wolfPKCS11 with wolfTPM backend and single threaded.
Required for wolfSSL/wolfPKCS11#23
ECC_PRIVATEKEY_ONLY
).