how to use gnutls_privkey_import_ext
latze at angry-red-pla.net
Sun Jun 10 11:58:31 CEST 2012
On 06/10/2012 11:55 AM, Nikos Mavrogiannopoulos wrote:
> On 06/10/2012 11:37 AM, Carolin Latze wrote:
>>> Did you check the error code from this function? It should have failed
>>> because it requires a sign function and a decryption function. You also
>>> do not set the public key algorithm to be used and put a NULL there.
>> I also tried with GNUTLS_PK_RSA, but that did not help. And yeah I also
>> switched on logging with a level of 15, but did not really see what the
>> problem could. Well I thought it would be the pk algorithm, but as I
>> said, that did not solve the problem.
> Note that I didn't refer to logging but to checking the error code
> returned by the function. If such a function fails the results are
> inpredictable (like the crash you see). If possible send me an output of
> valgrind with the crash to see whether an error code can be returned
> instead of crash.
I will try that.
>>> I see that trousers comes with a PKCS #11 module (or they claim to).
>>> I've never tried it, but doesn't it work?
>> It does. But the TPM has never been designed to meet the PKCS#11 spec,
>> so it requires for instance to set some keys to NULL. I could do that
>> but I need to clear and reset my TPM to do that and I was hoping that I
>> could prevent that. Maybe that is the next thing I try if I don't manage
>> to get the other function to work.
> This function works (I know it is used in windows which usually has no
> pkcs #11), so if you have more issues let me know. Just make sure you
> provide functions of the correct type (note that the parameters in
> gnutls_privkey_sign_func are different than the old gnutls_sign_func).
Aha, ok, that helps :) I will rewrite the sign callback then.
> btw. If you manage to use the TPM with this, would be nice if you point
> me to your code (if it is lgpl). Would be nice to have some code to use TPM.
More information about the Gnutls-help