From: "Jarkko Sakkinen" <jarkko@kernel.org>
To: "Jarkko Sakkinen" <jarkko@kernel.org>,
"Herbert Xu" <herbert@gondor.apana.org.au>
Cc: <linux-integrity@vger.kernel.org>, <keyrings@vger.kernel.org>,
<Andreas.Fuchs@infineon.com>,
"James Prestwood" <prestwoj@gmail.com>,
"David Woodhouse" <dwmw2@infradead.org>,
"David Howells" <dhowells@redhat.com>,
"David S. Miller" <davem@davemloft.net>,
"Peter Huewe" <peterhuewe@gmx.de>,
"Jason Gunthorpe" <jgg@ziepe.ca>,
"James Bottomley" <James.Bottomley@HansenPartnership.com>,
"Stefan Berger" <stefanb@linux.ibm.com>,
"Ard Biesheuvel" <ardb@kernel.org>,
"Mario Limonciello" <mario.limonciello@amd.com>,
"open list:CRYPTO API" <linux-crypto@vger.kernel.org>,
"open list" <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH RFC v2 0/5] Asymmetric TPM2 key type
Date: Sun, 19 May 2024 15:49:28 +0300 [thread overview]
Message-ID: <D1DMTJYL7TFC.3J3FM36K06ECD@kernel.org> (raw)
In-Reply-To: <20240519002616.4432-1-jarkko@kernel.org>
On Sun May 19, 2024 at 3:25 AM EEST, Jarkko Sakkinen wrote:
> ## Overview
>
> Introduce tpm2_key_rsa implementing asymmetric TPM RSA key.
>
> I submit this first as RFC as I could not execute the keyctl padd in the
> following sequence (returns EBADF):
>
> tpm2_createprimary --hierarchy o -G rsa2048 -c owner.txt
> tpm2_evictcontrol -c owner.txt 0x81000001
> tpm2_getcap handles-persistent
> openssl genrsa -out private.pem 2048
> tpm2_import -C 0x81000001 -G rsa -i private.pem -u key.pub -r key.priv
> tpm2_encodeobject -C 0x81000001 -u key.pub -r key.priv -o key.priv.pem
> openssl asn1parse -inform pem -in key.priv.pem -noout -out key.priv.der
> key_serial=`cat key.priv.der | keyctl padd asymmetric tpm @u`
After v2 changes it ends up to -EINVAL and:
OID is "2.23.133.10.1.3" which is not TPMSealedData
which makes total sense. James' old patch set has already TPMLoadableKey
parsing PoC'd so I use that as the reference.
After the sequence above successfully completes keyctl public key ops
are accesible by using $key_serial as the serial.
BR, Jarkko
prev parent reply other threads:[~2024-05-19 12:49 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-19 0:25 [PATCH RFC v2 0/5] Asymmetric TPM2 key type Jarkko Sakkinen
2024-05-19 0:25 ` [PATCH RFC v2 1/5] crypto: rsa-pkcs1pad: export rsa1_asn_lookup() Jarkko Sakkinen
2024-05-19 0:25 ` [PATCH RFC v2 2/5] tpm: export tpm2_load_context() Jarkko Sakkinen
2024-05-19 0:25 ` [PATCH RFC v2 3/5] KEYS: trusted: Do not use WARN when encode fails Jarkko Sakkinen
2024-05-19 0:25 ` [PATCH RFC v2 4/5] KEYS: trusted: Migrate tpm2_key_{encode,decode}() to TPM driver Jarkko Sakkinen
2024-05-19 0:25 ` [PATCH RFC v2 5/5] keys: asymmetric: ASYMMETRIC_TPM2_KEY_RSA_SUBTYPE Jarkko Sakkinen
2024-05-19 12:49 ` Jarkko Sakkinen [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=D1DMTJYL7TFC.3J3FM36K06ECD@kernel.org \
--to=jarkko@kernel.org \
--cc=Andreas.Fuchs@infineon.com \
--cc=James.Bottomley@HansenPartnership.com \
--cc=ardb@kernel.org \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=dwmw2@infradead.org \
--cc=herbert@gondor.apana.org.au \
--cc=jgg@ziepe.ca \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mario.limonciello@amd.com \
--cc=peterhuewe@gmx.de \
--cc=prestwoj@gmail.com \
--cc=stefanb@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.