No subject
bogus at does.not.exist.com
bogus at does.not.exist.com
Sat Jan 5 04:54:40 PST 2008
one to use the stored key. So depending on the implementing of the TPM
engine, it might be possible that I have to add another configuration
option like "key_pw" (the pin would serve as tpm_pw).
I just thought of sending my ideas to this list from time to time in
order hear whether I'm doing complete rubbish or not :-) So, any
comments are appreciated.
Regards
Carolin
Jouni Malinen wrote:
> On Fri, Jan 18, 2008 at 02:06:45PM +0100, Carolin Latze wrote:
>
>
>> I had a look at the smart card integration into wpa_supplicant and saw
>> that the smart card is only used to store the private key. The
>> wpa_supplicant just copies the private key from the smart card into its
>> own memory and works as always.
>>
>
> That's not accurate. OpenSSL engine can be used to perform private key
> operations with wpa_supplicant having to ever see the key. Likewise,
> tls_openssl.c has support for using Windows CryptoAPI for RSA private
> key operations; again, without copying the private key.
>
> I would assume you could follow either of these options: enhance OpenSSL
> engine to handle the private kehy operations with TPM or implement
> TPM-specific RSA operations in tls_openssl.c (see the CryptoAPI example
> there; e.g., tls_cryptoapi_cert() registers the specific RSA operations
> to get OpenSSL to call CryptoAPI wrappers in tls_openssl.c for RSA
> functions).
>
>
>> I had a look at the source code and think, that I have to extend the
>> tls_openssl.c. Is that right? I see, that this file is also responsible
>> for the communication with the smart card, so it seems a good place for
>> the TPM.
>>
>
> If you are going to be using OpenSSL, yes, that would likely be a good
> location for modifications.
>
>
>> Are there more smart card related things in the code? (Yes, I know, in
>> the config file, but are there more?) I mean, is it sufficient to modify
>> tls_openssl.c?
>>
>
> As far as EAP-TLS is concerned, smartcard access is mostly contained in
> tls_*.c, i.e., in case of OpenSSL, in tls_openssl.c.
>
>
--
Carolin Latze
Research Assistant
Department of Computer Science
Boulevard de P?rolles 90
CH-1700 Fribourg
phone: +41 26 300 83 30
More information about the Hostap
mailing list