[Openvpn-users] PKCS#11: Cannot get certificate object, PKCS#11: Unable get evp object

Thu, 14 Oct 2021 01:49:31 -0700 

Hello!

Recently I have been working on authenticating users using TPM2. I am using
tpm2-pkcs11 project.

Sadly I can't get it to work with openvpn. I have tried changing format of
pkcs11-id as suggested in different threads but with no success.

openvpn package: 2.5.4-1.fc34
pkcs11-helper: 1.27.0-3.fc34

Output of `openvpn --show-pkcs11-ids
/usr/lib64/pkcs11/libtpm2_pkcs11.so.0.0.0`

Serialized id:
 
pkcs11:model=;token=tpm2_ecc;manufacturer=STMicro;serial=0000000000000000;id=d8bc0f69db86ae61

I have tried both:

pkcs11-id
'pkcs11:model=;token=tpm2_ecc;manufacturer=STMicro;serial=0000000000000000;id=d8bc0f69db86ae61'
and
pkcs11-id 'STMicro//0000000000000000/tpm2_ecc/d8bc0f69db86ae61'

First one returns PKCS#11: Cannot deserialize id
19-'CKR_ATTRIBUTE_VALUE_INVALID'
Second one returns:

2021-10-14 10:43:03 PKCS#11: Cannot get certificate object
2021-10-14 10:43:03 PKCS#11: Cannot get certificate object
2021-10-14 10:43:03 PKCS#11: Unable get evp object
2021-10-14 10:43:03 Cannot load certificate
"STMicro//0000000000000000/tpm2_ecc/d8bc0f69db86ae61" using PKCS#11
interface
2021-10-14 10:43:03 Error: private key password verification failed
2021-10-14 10:43:03 Exiting due to fatal error

I suspect it can be related to empty model field. When provided any value
it returns:
for pkcs11-id 'STMicro/test/0000000000000000/tpm2_ecc/d8bc0f69db86ae61'

2021-10-14 10:45:11 PKCS#11: Adding PKCS#11 provider
'/usr/lib64/pkcs11/libtpm2_pkcs11.so.0.0.0'
ERROR: Listing FAPI token objects failed.
🔐 NEED-OK|token-insertion-request|Please insert tpm2_ecc token:
*****************************
2021-10-14 10:45:14 PKCS#11: Cannot get certificate object
2021-10-14 10:45:14 PKCS#11: Cannot get certificate object
2021-10-14 10:45:14 PKCS#11: Unable get evp object
2021-10-14 10:45:14 Cannot load certificate
"STMicro/test/0000000000000000/tpm2_ecc/d8bc0f69db86ae61" using PKCS#11
interface
2021-10-14 10:45:14 Error: private key password verification failed
2021-10-14 10:45:14 Exiting due to fatal error


Thank you for any help!
Jakub

_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users






















					Reply via email to