帮助
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

SE050: OpenSSL (SSS) integration

取消
开启建议
自动建议可通过在您键入时建议可能的匹配,而快速缩小您的搜索结果范围。
显示结果 
显示  仅  | 搜索替代 
您的意思是: 

SE050: OpenSSL (SSS) integration

‎09-06-2024 06:10 AM
901 次查看
rhuber
Contributor II

I am trying to write TPM agnostic code that could potentially run on other platforms but with other engines.

Look at the following code:

const char *key_uri = "sss://key/ID=0x00000001";
const char *engine_id = "e4sss";

if (!OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL)) {
}

ENGINE_load_builtin_engines();

e = ENGINE_by_id(engine_id);
if (!e) {

}

if (!ENGINE_init(e)) {
return 1;
}

ENGINE_set_default(e, ENGINE_METHOD_ALL);

// Step 5: Load the private key from the specified key URI
pkey = ENGINE_load_private_key(e, key_uri, NULL, NULL);
if (!pkey) {
fprintf(stderr, "Failed to load private key from URI: %s\n", key_uri);
ENGINE_free(e);
return 1;
}

Here the program breaks, the key can not be loaded.

What am I doing wrong?

0 项奖励
回复
2 回复数

‎10-17-2024 01:31 AM
752 次查看
rhuber
Contributor II

Hello @Kan_Li 

thank you for your answer,

Unfortunately this code does not answer my question how to use a key_uri,

this example raise however another question that I am strungeling with, maybe you could answer this as well?

if I have an application that communicate with the TPM over OpenSSL and the engine e4sss.

What happens if the same application would communicate with the TPM directly?

My experience so far is that e4sss will drop it's communication and a restart of the application is needed.

Is this by design?

Thank you again for your answer

 

/Richard

0 项奖励
回复

‎09-09-2024 09:49 PM
863 次查看
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @rhuber ,

 

We provide a demo in simw-top\demos\linux\tls_client\src to show how load OpenSSL engine and use client key pair provisioned in SE, please kindly refer to this demo for details.

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

回复