[gnutls-devel] GnuTLS | Bring support for TPM 2.0 (#594)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Thu Aug 8 16:05:32 CEST 2019

Nikos Mavrogiannopoulos commented:

@dwmw2 I'm slow proceeding assuming that (1) will happen and in the meantime creating [a test tool to convert such keys](https://gitlab.com/nmav/gnutls/blob/tmp-tpm2/tests/tpm2-key.c). I created also [a basic test-suite](https://gitlab.com/nmav/gnutls/blob/tmp-tpm2/tests/tpm2.sh) based on Stefan's swtpm, but I seem to be unable to make it pass (the testsuite generates keys and tries to sign a certificate).

The error is during the signing:
Signing certificate...
|<2>| signing structure using ECDSA-SHA256
|<2>| tpm2: EC sign function called for 32 bytes.
|<2>| tpm2: Establishing connection with TPM.
WARNING:esys:src/tss2-esys/esys_tcti_default.c:134:tcti_from_file() Could not load TCTI file: libtss2-tcti-default.so 
WARNING:esys:src/tss2-esys/esys_tcti_default.c:134:tcti_from_file() Could not load TCTI file: libtss2-tcti-tabrmd.so 
WARNING:esys:src/tss2-esys/api/Esys_ReadPublic.c:326:Esys_ReadPublic_Finish() Received TPM Error 
ERROR:esys:src/tss2-esys/esys_tr.c:219:Esys_TR_FromTPMPublic_Finish() Error ReadPublic ErrorCode (0x00000184) 
ERROR:esys:src/tss2-esys/esys_tr.c:309:Esys_TR_FromTPMPublic() Error TR FromTPMPublic ErrorCode (0x00000184) 
|<3>| ASSERT: tpm2_esys.c[init_tpm2_key]:291
|<2>| tpm2: Esys_TR_FromTPMPublic failed for handle 0x2f326c72: 0x184
|<3>| ASSERT: privkey.c[privkey_sign_and_hash_data]:1298
|<3>| ASSERT: sign.c[_gnutls_x509_pkix_sign]:187
|<3>| ASSERT: x509_write.c[gnutls_x509_crt_privkey_sign]:1834

That points to a [failure in `Esys_TR_FromTPMPublic`](https://gitlab.com/nmav/gnutls/blob/tmp-tpm2/lib/tpm2_esys.c#L288) with 0x184 as error. I cannot figure it out. Do you see something obvious in [the keys I generate](https://gitlab.com/nmav/gnutls/blob/tmp-tpm2/tests/tpm2.sh#L191) with tpm2-tools?

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/594#note_201651055
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190808/45faa6b8/attachment.html>

More information about the Gnutls-devel mailing list