Description
Hello,
This may be the wrong forum to ask this question. Please point me to the right one in that case.
I am trying to write a TLS client that does mutual TLS with the server. As part of the client's authentication, it needs to sign the data with its private key. In this case, the private key is within the TPM.
There is a C library function that provides an API to access the TPM. So, my code doesn't need to talk directly to the TPM. This has been done because my microservice is part of a docker swarm and it cannot directly "bind" to devices like "/dev/tpm".
So, the C API takes 4 parameters:
- a pointer to a message of 32 bytes
- an msg_len variable set to 32
- a pointer to a signature buffer of size 256 bytes
- a sig_len variable set to 256.
The API talks to the TPM via serialized access and returns the response back (ie: when it returns, you can use the signed data present in the signature buffer).
I realize that i need to write a custom openssl engine in C for this. However, I'm not able to figure out how to link that to the rest of my rust code. Any pointers would be greatly appreciated.
regards,
venkatesh