wolfSSH support for using TPM based key for authentication #754
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dgarske
requested changes
Dec 13, 2024
There was a problem hiding this comment.
Various errors building without TPM:
src/ssh.c:1810:15: error: call to undeclared function 'wc_PubKeyPemToDer'; ISO C99 and later do not support implicit function declarations [-Wimplicit-function-declaration]
ret = wc_PubKeyPemToDer(in, inSz, newKey, newKeySz);
^
src/ssh.c:1810:15: note: did you mean 'wc_KeyPemToDer'?
/Users/runner/work/wolfssh/wolfssh/build-dir/include/wolfssl/wolfcrypt/asn_public.h:692:21: note: 'wc_KeyPemToDer' declared here
WOLFSSL_API int wc_KeyPemToDer(const unsigned char* pem, int pemSz,
^
1 error generated.
make[1]: *** [src/libwolfssh_la-ssh.lo] Error 1
make[1]: *** Waiting for unfinished jobs....
src/internal.c:12950:25: error: unused variable 'sigSz' [-Werror,-Wunused-variable]
int sigSz;
^
1 error generated.
…t passing make check with normal config
dgarske
requested changes
Dec 17, 2024
dgarske
requested changes
Dec 26, 2024
|
|
||
| #define TPM2_DEMO_STORAGE_KEY_HANDLE 0x81000200 /* Persistent Storage Key Handle (RSA) */ | ||
|
|
||
| static const char gStorageKeyAuth[] = "ThisIsMyStorageKeyAuth"; |
There was a problem hiding this comment.
The SRK handle and password being hard coded is not good. Both of these should be macros wrapped with #ifndef at a minimum. Ideally they would be arguments to the example client or not needed at all.
If I were writing this example I would create the key using the endorsement primary key... then you would not need anything related to the SRK... It's a pretty easy change, mostly to your README.md to create the key under the endorsement hierarchy using -eh.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
wolfSSH tpm support using client side public key authentication with rsa. Code working just like the non tpm public key authentication.with rsa
Testing
Just SSH
For ssh public key auth with rsa use
./examples/echoserver/echoserverand for client side use the command:With TPM
For tpm based public key auth with rsa use a tpm simulator and
./examples/echoserver/echoserverand for client use the command:Note: refer to the README for detailed build steps and further information.