FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

SE050: OpenSSL (SSS) integration

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

SE050: OpenSSL (SSS) integration

‎09-06-2024 06:10 AM
902 Views
rhuber
Contributor II

I am trying to write TPM agnostic code that could potentially run on other platforms but with other engines.

Look at the following code:

const char *key_uri = "sss://key/ID=0x00000001";
const char *engine_id = "e4sss";

if (!OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL)) {
}

ENGINE_load_builtin_engines();

e = ENGINE_by_id(engine_id);
if (!e) {

}

if (!ENGINE_init(e)) {
return 1;
}

ENGINE_set_default(e, ENGINE_METHOD_ALL);

// Step 5: Load the private key from the specified key URI
pkey = ENGINE_load_private_key(e, key_uri, NULL, NULL);
if (!pkey) {
fprintf(stderr, "Failed to load private key from URI: %s\n", key_uri);
ENGINE_free(e);
return 1;
}

Here the program breaks, the key can not be loaded.

What am I doing wrong?

0 Kudos
Reply
2 Replies

‎10-17-2024 01:31 AM
753 Views
rhuber
Contributor II

Hello @Kan_Li 

thank you for your answer,

Unfortunately this code does not answer my question how to use a key_uri,

this example raise however another question that I am strungeling with, maybe you could answer this as well?

if I have an application that communicate with the TPM over OpenSSL and the engine e4sss.

What happens if the same application would communicate with the TPM directly?

My experience so far is that e4sss will drop it's communication and a restart of the application is needed.

Is this by design?

Thank you again for your answer

 

/Richard

0 Kudos
Reply

‎09-09-2024 09:49 PM
864 Views
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @rhuber ,

 

We provide a demo in simw-top\demos\linux\tls_client\src to show how load OpenSSL engine and use client key pair provisioned in SE, please kindly refer to this demo for details.

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

Reply