From: Jarkko Sakkinen <jarkko@kernel.org>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: linux-integrity@vger.kernel.org, keyrings@vger.kernel.org,
Andreas.Fuchs@infineon.com, James Prestwood <prestwoj@gmail.com>,
David Woodhouse <dwmw2@infradead.org>,
Eric Biggers <ebiggers@kernel.org>,
James Bottomley <James.Bottomley@hansenpartnership.com>,
Jarkko Sakkinen <jarkko@kernel.org>,
"David S. Miller" <davem@davemloft.net>,
linux-crypto@vger.kernel.org (open list:CRYPTO API),
linux-kernel@vger.kernel.org (open list)
Subject: [PATCH v3 0/5] KEYS: asymmetric: tpm2_key_rsa
Date: Tue, 21 May 2024 18:26:42 +0300 [thread overview]
Message-ID: <20240521152659.26438-1-jarkko@kernel.org> (raw)
## Overview
Introduce tpm2_key_rsa module, which implements asymmetric TPM2 RSA key.
The feature can be enabled with the CONFIG_ASYMMETRIC_TPM2_KEY_RSA_SUBTYPE
kconfig option.
The idea in the design is to over time to have submodule per key type
For instance, tpm2_key_ecdsa could be one potential future addition in
the future. Perhaps, it might sense to consider at that point also a
top-level tpm2_key module. The gist is that the naming convention is
free from potential future bottlencks.
## Change Log
v3:
* Dropped special policy when RH_NULL is given. Kernel will just try to
use the handle as parent given.
* Thus could drop the patch exporting tpm2_load_context().
v2:
* Cleaned up all the low-hanging fruit for the sake of saving everyones
time. After this I move into reactive mode (I promise) ;-)
## Testing
tpm2_createprimary --hierarchy o -G rsa2048 -c owner.txt
tpm2_evictcontrol -c owner.txt 0x81000001
tpm2_getcap handles-persistent
openssl genrsa -out private.pem 2048
tpm2_import -C 0x81000001 -G rsa -i private.pem -u key.pub -r key.priv
tpm2_encodeobject -C 0x81000001 -u key.pub -r key.priv -o key.priv.pem
openssl asn1parse -inform pem -in key.priv.pem -noout -out key.priv.der
serial=`cat key.priv.der | keyctl padd asymmetric tpm @u`
echo "abcdefg" > plaintext.txt
keyctl pkey_encrypt $serial 0 plaintext.txt enc=pkcs1 > encrypted.dat
keyctl pkey_decrypt $serial 0 encrypted.dat enc=pkcs1 > decrypted.dat
keyctl pkey_sign $serial 0 plaintext.txt enc=pkcs1 hash=sha256 > signed.dat
keyctl pkey_verify $serial 0 plaintext.txt signed.dat enc=pkcs1 hash=sha256
## References
- v2: https://lore.kernel.org/linux-integrity/20240521031645.17008-1-jarkko@kernel.org/
- v1: https://lore.kernel.org/linux-integrity/20240520184727.22038-1-jarkko@kernel.org/
- Derived from https://lore.kernel.org/all/20200518172704.29608-1-prestwoj@gmail.com/
James Prestwood (1):
keys: asymmetric: ASYMMETRIC_TPM2_KEY_RSA_SUBTYPE
Jarkko Sakkinen (4):
crypto: rsa-pkcs1pad: export rsa1_asn_lookup()
lib: Expand asn1_encode_integer() to variable size integers
KEYS: trusted: Move tpm2_key_decode() to the TPM driver
tpm: tpm2_key: Extend parser to TPM_LoadableKey
crypto/asymmetric_keys/Kconfig | 16 +
crypto/asymmetric_keys/Makefile | 1 +
crypto/asymmetric_keys/tpm2_key_rsa.c | 688 ++++++++++++++++++
crypto/rsa-pkcs1pad.c | 16 +-
drivers/char/tpm/Kconfig | 1 +
drivers/char/tpm/Makefile | 5 +
drivers/char/tpm/tpm2_key.c | 118 +++
.../char/tpm}/tpm2key.asn1 | 0
include/crypto/rsa-pkcs1pad.h | 20 +
include/crypto/tpm2_key.h | 35 +
include/linux/asn1_encoder.h | 3 +-
include/linux/tpm.h | 2 +
lib/asn1_encoder.c | 185 ++---
security/keys/trusted-keys/Makefile | 2 -
security/keys/trusted-keys/trusted_tpm2.c | 135 +---
15 files changed, 1020 insertions(+), 207 deletions(-)
create mode 100644 crypto/asymmetric_keys/tpm2_key_rsa.c
create mode 100644 drivers/char/tpm/tpm2_key.c
rename {security/keys/trusted-keys => drivers/char/tpm}/tpm2key.asn1 (100%)
create mode 100644 include/crypto/rsa-pkcs1pad.h
create mode 100644 include/crypto/tpm2_key.h
--
2.45.1
next reply other threads:[~2024-05-21 15:27 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-21 15:26 Jarkko Sakkinen [this message]
2024-05-21 15:26 ` [PATCH v3 1/5] crypto: rsa-pkcs1pad: export rsa1_asn_lookup() Jarkko Sakkinen
2024-05-21 15:26 ` [PATCH v3 2/5] lib: Expand asn1_encode_integer() to variable size integers Jarkko Sakkinen
2024-05-21 15:26 ` [PATCH v3 3/5] KEYS: trusted: Move tpm2_key_decode() to the TPM driver Jarkko Sakkinen
2024-05-21 15:26 ` [PATCH v3 4/5] tpm: tpm2_key: Extend parser to TPM_LoadableKey Jarkko Sakkinen
2024-05-21 15:26 ` [PATCH v3 5/5] keys: asymmetric: ASYMMETRIC_TPM2_KEY_RSA_SUBTYPE Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240521152659.26438-1-jarkko@kernel.org \
--to=jarkko@kernel.org \
--cc=Andreas.Fuchs@infineon.com \
--cc=James.Bottomley@hansenpartnership.com \
--cc=davem@davemloft.net \
--cc=dwmw2@infradead.org \
--cc=ebiggers@kernel.org \
--cc=herbert@gondor.apana.org.au \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=prestwoj@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.