Fixes for loading TPM based key. Requires wolfSSL/wolfTPM#428

dgarske · dgarske · commit fb42349047ec · 2025-07-23T12:17:22.000-07:00
diff --git a/src/internal.c b/src/internal.c
@@ -8294,6 +8294,11 @@ static int WP11_Object_LoadTpmKey(WP11_Object* object)
         return BAD_FUNC_ARG;
     }
 
+    if (object->opFlag & WP11_FLAG_TPM) {
+        return wolfTPM2_LoadKey(&object->slot->tpmDev, &object->tpmKey,
+            &object->slot->tpmCtx.storageKey->handle);
+    }
+
     switch (object->type) {
     #ifndef NO_RSA
         case CKK_RSA:
@@ -8449,6 +8454,9 @@ int WP11_Rsa_GenerateKeyPair(WP11_Object* pub, WP11_Object* priv,
                 ret = wc_MakeRsaKey(&priv->data.rsaKey, pub->size, e, &rng);
             #ifdef WOLFPKCS11_TPM
                 if (ret == 0) {
+                    /* set flag indicating this is TPM based key */
+                    priv->opFlag |= WP11_FLAG_TPM;
+
                     /* unload handle and reload when used */
                     wolfTPM2_UnloadHandle(&priv->slot->tpmDev, &priv->tpmKey.handle);
                 }
@@ -9182,7 +9190,7 @@ int WP11_Ec_GenerateKeyPair(WP11_Object* pub, WP11_Object* priv,
         CK_ULONG len = sizeof(isSign);
         ret = WP11_Object_GetAttr(priv, CKA_SIGN, &isSign, &len);
         if (ret == 0 && isSign)
-            priv->slot->tpmCtx.eccKey = (WOLFTPM2_KEY*)&priv->tpmKey;
+            priv->slot->tpmCtx.ecdsaKey = &priv->tpmKey;
         else
             priv->slot->tpmCtx.ecdhKey = (WOLFTPM2_KEY*)&priv->tpmKey;
     #endif
@@ -9197,6 +9205,9 @@ int WP11_Ec_GenerateKeyPair(WP11_Object* pub, WP11_Object* priv,
                                     &priv->data.ecKey, priv->data.ecKey.dp->id);
         #ifdef WOLFPKCS11_TPM
             if (ret == 0) {
+                /* set flag indicating this is TPM based key */
+                priv->opFlag |= WP11_FLAG_TPM;
+
                 /* unload handle and reload when used */
                 wolfTPM2_UnloadHandle(&slot->tpmDev, &priv->tpmKey.handle);
             }
