Hi Nikos,
On 06/10/2012 02:47 AM, Nikos Mavrogiannopoulos wrote:
On 06/09/2012 12:36 PM, Carolin Latze wrote:
Hi all
I tried to port some of my really old code to a new version of GnuTLS. I
used a signing callback in order to let the TPM sign data. However since
gnutls_sign_callback_set is deprecated now I tried to move to
gnutls_privkey_import_ext. Here is what I did:
I defined an empty privkey structure (since the privkey is stored within
the TPM):
const gnutls_datum_t key = { NULL, 0 };
I took my old sign callback and assigned it to that structure:
gnutls_privkey_import_ext(&key,NULL,NULL,gnutls_tpm_sign,NULL,0);
Hello,
Did you check the error code from this function? It should have failed
because it requires a sign function and a decryption function. You also
do not set the public key algorithm to be used and put a NULL there.
I also tried with GNUTLS_PK_RSA, but that did not help. And yeah I also
switched on logging with a level of 15, but did not really see what the
problem could. Well I thought it would be the pk algorithm, but as I
said, that did not solve the problem.
If you do not want to use decryption, then put a dummy function that
always returns an error code and then make sure you use ciphersuites
that require signing (DHE-RSA/ECDHE-RSA).
Ok, I will try that.
PKCS#11 is not really an option since that comes with some limitations
on the TPM...
I see that trousers comes with a PKCS #11 module (or they claim to).
I've never tried it, but doesn't it work?
It does. But the TPM has never been designed to meet the PKCS#11 spec,
so it requires for instance to set some keys to NULL. I could do that
but I need to clear and reset my TPM to do that and I was hoping that I
could prevent that. Maybe that is the next thing I try if I don't manage
to get the other function to work.
Regards
Carolin
_______________________________________________
Help-gnutls mailing list
[email protected]
https://lists.gnu.org/mailman/listinfo/help-gnutls
