Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

During SSL handshake, error coming as "write_all: failed to write to ostream: Error sending data: Broken pipe" #829

Open
ssonnagi opened this issue Jan 17, 2023 · 0 comments
Open

During SSL handshake, error coming as "write_all: failed to write to ostream: Error sending data: Broken pipe" #829

ssonnagi opened this issue Jan 17, 2023 · 0 comments

Comments

@ssonnagi
Copy link

I am using
openssl 3.0.2
TPM2-OPENSSL
ibmtpm -1682
tpm2-abrmd

i have also posted same question in tpm2-tss, as i don't know where to put it exactly, as error belongs to tpm2-tss.
i am trying integrate tpm2 with librdkafka, trying to use tpm2 generated private keys and certificate for mTLS of kafka on the client side.
steps i followed :

  1. tpm2_createek -G rsa -c ek_rsa.ctx
  2. tpm2_createak -C ek_rsa.ctx -G rsa -g sha256 -s rsassa -c ak_rsa.ctx
  3. tpm2_evictcontrol -c ak_rsa.ctx | cut -d ' ' -f 2 | head -n 1
  • 0x81000001
  1. openssl req -provider tpm2 -new -config requestCert.conf -key handle:0x81000001 -out clientKafka.csr
  2. openssl x509 -req -days 365 -in clientKafka.csr -CA rootCA.pem -CAkey rootCA.key -CAserial rootCA.srl -out clientKafka.pem
  3. tpm2_nvdefine -C o -s 1196 -a "authwrite|ownerwrite|authread|ownerread|no_da" 2
  4. tpm2_nvwrite -C o -i /home/tss/certTest/clientKafka.pem 2
  5. tpm2_getcap handles-nv-index
  • 0x1000002

brief code of SSLHandShake.cpp

int main()
{
    OSSL_LIB_CTX *tpm2_libctx = NULL;
    tpm2_libctx = OSSL_LIB_CTX_new();

    OSSL_PROVIDER *prov = NULL;
    prov = OSSL_PROVIDER_load(tpm2_libctx, "tpm2");
    prov = OSSL_PROVIDER_load(tpm2_libctx, "default");
	
   X509 *TPMCert = NULL;
   EVP_PKEY *TPMpkey = NULL;
	
   OSSL_STORE_CTX *storeCtx = NULL;
   OSSL_STORE_open_ex("handle:0x81000001", tpm2_libctx,"?provider=tpm2","handle", NULL, NULL,NULL, NULL);
   while (!OSSL_STORE_eof(storeCtx)) {
	OSSL_STORE_INFO *info = OSSL_STORE_load(storeCtx);
	switch (OSSL_STORE_INFO_get_type(info)) {
	case OSSL_STORE_INFO_PKEY:
		 TPMpkey = OSSL_STORE_INFO_get1_PKEY(info);
		break;
	}
    }
    OSSL_STORE_close(storeCtx);
		
    storeCtx = OSSL_STORE_open_ex("handle:0x1000002", tpm2_libctx,"?provider=tpm2","handle", NULL, NULL,NULL, NULL);
    while (!OSSL_STORE_eof(storeCtx)) {
        OSSL_STORE_INFO *info = OSSL_STORE_load(storeCtx);
        switch (OSSL_STORE_INFO_get_type(info)) {
            case OSSL_STORE_INFO_CERT:
            {
                TPMCert = OSSL_STORE_INFO_get1_CERT(info);
                break;
            }
        }
    }
    OSSL_STORE_close(storeCtx);
	
	SSL_CTX *ctx = NULL;
	ctx = SSL_CTX_new_ex(tpm2_libctx, NULL, TLS_client_method());
	
	r = int SSL_CTX_load_verify_file(ctx, "rootCA.pem");
	
	r = SSL_CTX_use_certificate(ctx, TPMCert);
	
	r = SSL_CTX_use_PrivateKey(ctx, TPMpkey);
	
	r = SSL_CTX_check_private_key(ctx);
	
	r = SSL_do_handshake(trans_ssl);
}

While running the above compiled code, gets the error "write_all: failed to write to ostream: Error sending data: Broken pipe" on abrmd and "tpm2::cannot sign: 722 tpm:parameter(2):unsupported or incompatible scheme" on tpm2

Am i following correct steps? is anything wrong? please help me to overcome this error.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ssonnagi