[PATCH v14 2/5] oid_registry: Add TCG defined OIDS for TPM keys

linux-integrity.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: James Bottomley <James.Bottomley@HansenPartnership.com>
To: linux-integrity@vger.kernel.org
Cc: Mimi Zohar <zohar@linux.ibm.com>,
	Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
	David Woodhouse <dwmw2@infradead.org>,
	keyrings@vger.kernel.org, David Howells <dhowells@redhat.com>
Subject: [PATCH v14 2/5] oid_registry: Add TCG defined OIDS for TPM keys
Date: Sun, 29 Nov 2020 14:20:01 -0800	[thread overview]
Message-ID: <20201129222004.4428-3-James.Bottomley@HansenPartnership.com> (raw)
In-Reply-To: <20201129222004.4428-1-James.Bottomley@HansenPartnership.com>

The TCG has defined an OID prefix "2.23.133.10.1" for the various TPM
key uses.  We've defined three of the available numbers:

2.23.133.10.1.3 TPM Loadable key.  This is an asymmetric key (Usually
		RSA2048 or Elliptic Curve) which can be imported by a
		TPM2_Load() operation.

2.23.133.10.1.4 TPM Importable Key.  This is an asymmetric key (Usually
		RSA2048 or Elliptic Curve) which can be imported by a
		TPM2_Import() operation.

Both loadable and importable keys are specific to a given TPM, the
difference is that a loadable key is wrapped with the symmetric
secret, so must have been created by the TPM itself.  An importable
key is wrapped with a DH shared secret, and may be created without
access to the TPM provided you know the public part of the parent key.

2.23.133.10.1.5 TPM Sealed Data.  This is a set of data (up to 128
		bytes) which is sealed by the TPM.  It usually
		represents a symmetric key and must be unsealed before
		use.

The ASN.1 binary key form starts of with this OID as the first element
of a sequence, giving the binary form a unique recognizable identity
marker regardless of encoding.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Acked-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Reviewed-by: David Howells <dhowells@redhat.com>

---

v3: correct OID_TPMImportableKey name
v7: add ack
v9: add review
---
 include/linux/oid_registry.h | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/include/linux/oid_registry.h b/include/linux/oid_registry.h
index 4462ed2c18cd..d06988d1565e 100644
--- a/include/linux/oid_registry.h
+++ b/include/linux/oid_registry.h
@@ -113,6 +113,11 @@ enum OID {
 	OID_SM2_with_SM3,		/* 1.2.156.10197.1.501 */
 	OID_sm3WithRSAEncryption,	/* 1.2.156.10197.1.504 */
 
+	/* TCG defined OIDS for TPM based keys */
+	OID_TPMLoadableKey,		/* 2.23.133.10.1.3 */
+	OID_TPMImportableKey,		/* 2.23.133.10.1.4 */
+	OID_TPMSealedData,		/* 2.23.133.10.1.5 */
+
 	OID__NR
 };
 
-- 
2.26.2

next prev parent reply	other threads:[~2020-11-29 22:23 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-11-29 22:19 [PATCH v14 0/5] TPM 2.0 trusted key rework James Bottomley
2020-11-29 22:20 ` [PATCH v14 1/5] lib: add ASN.1 encoder James Bottomley
2020-12-04  4:43   ` Jarkko Sakkinen
2020-12-04  4:44     ` Jarkko Sakkinen
2020-12-04 13:40   ` David Howells
2020-11-29 22:20 ` James Bottomley [this message]
2020-12-04 13:44   ` [PATCH v14 2/5] oid_registry: Add TCG defined OIDS for TPM keys David Howells
2020-12-04 16:01     ` James Bottomley
2020-11-29 22:20 ` [PATCH v14 3/5] security: keys: trusted: fix TPM2 authorizations James Bottomley
2020-12-22 23:01   ` Ken Goldman
2020-12-23 19:58     ` James Bottomley
2021-01-04 21:56       ` Jarkko Sakkinen
2020-11-29 22:20 ` [PATCH v14 4/5] security: keys: trusted: use ASN.1 TPM2 key format for the blobs James Bottomley
2020-11-30  2:10   ` kernel test robot
2020-11-30 19:58     ` James Bottomley
2020-12-04  4:49       ` Jarkko Sakkinen
2020-12-04  4:50         ` Jarkko Sakkinen
2020-12-07 16:23           ` James Bottomley
2020-12-08 11:02             ` Jarkko Sakkinen
2020-11-29 22:20 ` [PATCH v14 5/5] security: keys: trusted: Make sealed key properly interoperable James Bottomley

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:4462ed2c18c dfblob:d06988d1565 )
 OR (
bs:"[PATCH v14 2/5] oid_registry: Add TCG defined OIDS for TPM keys" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20201129222004.4428-3-James.Bottomley@HansenPartnership.com \
    --to=james.bottomley@hansenpartnership.com \
    --cc=dhowells@redhat.com \
    --cc=dwmw2@infradead.org \
    --cc=jarkko.sakkinen@linux.intel.com \
    --cc=keyrings@vger.kernel.org \
    --cc=linux-integrity@vger.kernel.org \
    --cc=zohar@linux.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).