www.infradead.org Git - users/jedix/linux-maple.git/commit

author	James Bottomley <James.Bottomley@HansenPartnership.com>
	Wed, 27 Jan 2021 19:06:16 +0000 (11:06 -0800)
committer	Jarkko Sakkinen <jarkko@kernel.org>
	Fri, 9 Apr 2021 05:58:30 +0000 (08:58 +0300)
commit	14676f1eb79660b6ee262644fa788a5c42ac19e4
tree	df309d146e64c0be0a7731b4a16a0102b62c58a2	tree
parent	d31ce6573346ba2dd883902dd566a4211337d21a	commit \| diff

security: keys: trusted: use ASN.1 TPM2 key format for the blobs

Modify the TPM2 key format blob output to export and import in the
ASN.1 form for TPM2 sealed object keys.  For compatibility with prior
trusted keys, the importer will also accept two TPM2B quantities
representing the public and private parts of the key.  However, the
export via keyctl pipe will only output the ASN.1 format.

The benefit of the ASN.1 format is that it's a standard and thus the
exported key can be used by userspace tools (openssl_tpm2_engine,
openconnect and tpm2-tss-engine).  The format includes policy
specifications, thus it gets us out of having to construct policy
handles in userspace and the format includes the parent meaning you
don't have to keep passing it in each time.

This patch only implements basic handling for the ASN.1 format, so
keys with passwords but no policy.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Tested-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>

Documentation/security/keys/trusted-encrypted.rst		diff \| blob \| history
include/keys/trusted-type.h		diff \| blob \| history
security/keys/Kconfig		diff \| blob \| history
security/keys/trusted-keys/Makefile		diff \| blob \| history
security/keys/trusted-keys/tpm2key.asn1	[new file with mode: 0644]	blob
security/keys/trusted-keys/trusted_tpm1.c		diff \| blob \| history
security/keys/trusted-keys/trusted_tpm2.c		diff \| blob \| history