From: Jarkko Sakkinen <jarkko@kernel.org>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: linux-integrity@vger.kernel.org, keyrings@vger.kernel.org,
Andreas.Fuchs@infineon.com, James Prestwood <prestwoj@gmail.com>,
David Woodhouse <dwmw2@infradead.org>,
Jarkko Sakkinen <jarkko@kernel.org>,
David Howells <dhowells@redhat.com>,
"David S. Miller" <davem@davemloft.net>,
Peter Huewe <peterhuewe@gmx.de>, Jason Gunthorpe <jgg@ziepe.ca>,
James Bottomley <James.Bottomley@HansenPartnership.com>,
Stefan Berger <stefanb@linux.ibm.com>,
Ard Biesheuvel <ardb@kernel.org>,
Mario Limonciello <mario.limonciello@amd.com>,
linux-crypto@vger.kernel.org (open list:CRYPTO API),
linux-kernel@vger.kernel.org (open list)
Subject: [PATCH RFC v2 0/5] Asymmetric TPM2 key type
Date: Sun, 19 May 2024 03:25:35 +0300 [thread overview]
Message-ID: <20240519002616.4432-1-jarkko@kernel.org> (raw)
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset=y, Size: 2470 bytes --]
## Overview
Introduce tpm2_key_rsa implementing asymmetric TPM RSA key.
I submit this first as RFC as I could not execute the keyctl padd in the
following sequence (returns EBADF):
tpm2_createprimary --hierarchy o -G rsa2048 -c owner.txt
tpm2_evictcontrol -c owner.txt 0x81000001
tpm2_getcap handles-persistent
openssl genrsa -out private.pem 2048
tpm2_import -C 0x81000001 -G rsa -i private.pem -u key.pub -r key.priv
tpm2_encodeobject -C 0x81000001 -u key.pub -r key.priv -o key.priv.pem
openssl asn1parse -inform pem -in key.priv.pem -noout -out key.priv.der
key_serial=`cat key.priv.der | keyctl padd asymmetric tpm @u`
This is derived work from James Prestwood’s earlier work from 2020:
https://lore.kernel.org/all/20200518172704.29608-1-prestwoj@gmail.com/
## Change Log
v2:
Sorry for rush update. I noticed that not all changes were in the
commits. This version just fixes those compilation errors.
James Prestwood (1):
keys: asymmetric: ASYMMETRIC_TPM2_KEY_RSA_SUBTYPE
Jarkko Sakkinen (4):
crypto: rsa-pkcs1pad: export rsa1_asn_lookup()
tpm: export tpm2_load_context()
KEYS: trusted: Do not use WARN when encode fails
KEYS: trusted: Migrate tpm2_key_{encode,decode}() to TPM driver
crypto/asymmetric_keys/Kconfig | 13 +
crypto/asymmetric_keys/Makefile | 1 +
crypto/asymmetric_keys/tpm2_key_rsa.c | 655 ++++++++++++++++++
crypto/rsa-pkcs1pad.c | 16 +-
drivers/char/tpm/Kconfig | 2 +
drivers/char/tpm/Makefile | 5 +
drivers/char/tpm/tpm.h | 2 -
drivers/char/tpm/tpm2-cmd.c | 77 ++
drivers/char/tpm/tpm2-space.c | 61 --
drivers/char/tpm/tpm2_key.c | 192 +++++
.../char/tpm}/tpm2key.asn1 | 0
include/crypto/rsa-pkcs1pad.h | 20 +
include/crypto/tpm2_key.h | 36 +
include/linux/tpm.h | 3 +
security/keys/trusted-keys/Makefile | 2 -
security/keys/trusted-keys/trusted_tpm2.c | 183 +----
16 files changed, 1032 insertions(+), 236 deletions(-)
create mode 100644 crypto/asymmetric_keys/tpm2_key_rsa.c
create mode 100644 drivers/char/tpm/tpm2_key.c
rename {security/keys/trusted-keys => drivers/char/tpm}/tpm2key.asn1 (100%)
create mode 100644 include/crypto/rsa-pkcs1pad.h
create mode 100644 include/crypto/tpm2_key.h
--
2.45.1
next reply other threads:[~2024-05-19 0:26 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-19 0:25 Jarkko Sakkinen [this message]
2024-05-19 0:25 ` [PATCH RFC v2 1/5] crypto: rsa-pkcs1pad: export rsa1_asn_lookup() Jarkko Sakkinen
2024-05-19 0:25 ` [PATCH RFC v2 2/5] tpm: export tpm2_load_context() Jarkko Sakkinen
2024-05-19 0:25 ` [PATCH RFC v2 3/5] KEYS: trusted: Do not use WARN when encode fails Jarkko Sakkinen
2024-05-19 0:25 ` [PATCH RFC v2 4/5] KEYS: trusted: Migrate tpm2_key_{encode,decode}() to TPM driver Jarkko Sakkinen
2024-05-19 0:25 ` [PATCH RFC v2 5/5] keys: asymmetric: ASYMMETRIC_TPM2_KEY_RSA_SUBTYPE Jarkko Sakkinen
2024-05-19 12:49 ` [PATCH RFC v2 0/5] Asymmetric TPM2 key type Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240519002616.4432-1-jarkko@kernel.org \
--to=jarkko@kernel.org \
--cc=Andreas.Fuchs@infineon.com \
--cc=James.Bottomley@HansenPartnership.com \
--cc=ardb@kernel.org \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=dwmw2@infradead.org \
--cc=herbert@gondor.apana.org.au \
--cc=jgg@ziepe.ca \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mario.limonciello@amd.com \
--cc=peterhuewe@gmx.de \
--cc=prestwoj@gmail.com \
--cc=stefanb@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.