From: "Jarkko Sakkinen" <jarkko@kernel.org>
To: "Jarkko Sakkinen" <jarkko@kernel.org>,
"Herbert Xu" <herbert@gondor.apana.org.au>
Cc: <linux-integrity@vger.kernel.org>, <keyrings@vger.kernel.org>,
<Andreas.Fuchs@infineon.com>,
"James Prestwood" <prestwoj@gmail.com>,
"David Woodhouse" <dwmw2@infradead.org>,
"Eric Biggers" <ebiggers@kernel.org>,
"James Bottomley" <James.Bottomley@hansenpartnership.com>,
<linux-crypto@vger.kernel.org>,
"David S. Miller" <davem@davemloft.net>,
"open list" <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v5 0/5] KEYS: asymmetric: tpm2_key_rsa
Date: Fri, 24 May 2024 12:18:02 +0300 [thread overview]
Message-ID: <D1HRGEEB313K.NFAX1EFJKJPU@kernel.org> (raw)
In-Reply-To: <20240523212515.4875-1-jarkko@kernel.org>
On Fri May 24, 2024 at 12:25 AM EEST, Jarkko Sakkinen wrote:
> ## Overview
>
> Introduce tpm2_key_rsa module, which implements asymmetric TPM2 RSA key.
> The feature can be enabled with the CONFIG_ASYMMETRIC_TPM2_KEY_RSA_SUBTYPE
> kconfig option. This feature allows the private key to be uploaded to
> the TPM2 for signing, and software can use the public key to verify
> the signatures.
Since barely v6.9 is out I wrote over night also tpm2_key_ecdsa i.e.
ECC/ECDSA based module :-)
It was a good idea. I realized e.g. actually documented in the API
fact that I should return -EBADMSG as legit undetected. Also found
a memory corruption bugs.
I renamed extract_pub to probe because that made me sort of realized
the role better too. Some of the code could later on put to up-level
struct tpm2_key but it is not a functional requirement.
I.e. top-level does raw parsing and then these modules check each
that if this is for them (e.g. ECDSA) then eat it. Otherwise, pass
over.
I did do some rudimentary testing and it seems to be quite good, and
my pattern seems to work. I.e. different modules for RSA and ECDSA
fit well how asymmetric keys are probed and allows to do as a sysadmin
appropriate configuration for the use case.
My biggest concern is undocumented parameters API in akcipher.
BR, Jarkko
prev parent reply other threads:[~2024-05-24 9:18 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-23 21:25 [PATCH v5 0/5] KEYS: asymmetric: tpm2_key_rsa Jarkko Sakkinen
2024-05-23 21:25 ` [PATCH v5 1/5] crypto: rsa-pkcs1pad: export rsa1_asn_lookup() Jarkko Sakkinen
2024-05-23 21:25 ` [PATCH v5 2/5] KEYS: trusted: Change -EINVAL to -E2BIG Jarkko Sakkinen
2024-05-23 21:25 ` [PATCH v5 3/5] KEYS: trusted: Move tpm2_key_decode() to the TPM driver Jarkko Sakkinen
2024-05-23 21:25 ` [PATCH v5 4/5] tpm: tpm2_key: Extend parser to TPM_LoadableKey Jarkko Sakkinen
2024-05-23 21:25 ` [PATCH v5 5/5] keys: asymmetric: ASYMMETRIC_TPM2_KEY_RSA_SUBTYPE Jarkko Sakkinen
2024-05-23 21:39 ` Jarkko Sakkinen
2024-05-23 21:52 ` Jarkko Sakkinen
2024-05-23 22:02 ` Jarkko Sakkinen
2024-05-24 9:18 ` Jarkko Sakkinen [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=D1HRGEEB313K.NFAX1EFJKJPU@kernel.org \
--to=jarkko@kernel.org \
--cc=Andreas.Fuchs@infineon.com \
--cc=James.Bottomley@hansenpartnership.com \
--cc=davem@davemloft.net \
--cc=dwmw2@infradead.org \
--cc=ebiggers@kernel.org \
--cc=herbert@gondor.apana.org.au \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=prestwoj@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).