Re: [PATCH 00/22] KEYS: Support TPM-wrapped key and crypto ops

From: David Howells
Date: Tue Sep 18 2018 - 12:33:46 EST

Next message: Vinod: "Re: [PATCH 2/3] dmaengine: Add Slave and Cyclic mode support for Actions Semi Owl S900 SoC"
Previous message: Dmitry Torokhov: "Re: [PATCH] Input: elantech - enable middle button of touchpad on ThinkPad P72"
In reply to: Denis Kenzior: "Re: [PATCH 00/22] KEYS: Support TPM-wrapped key and crypto ops"
Next in thread: Denis Kenzior: "Re: [PATCH 00/22] KEYS: Support TPM-wrapped key and crypto ops"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

David Woodhouse <dwmw2@xxxxxxxxxxxxx> wrote:

> You are passing the raw DER to the kernel in both cases, right?

I haven't put a PEM stripper and base64 decoder into the kernel, though we
certainly could do that. We could even do the decode in-place in the same
buffer since the resulting data would be smaller than the original.

> And the kernel just happens to know that if it receives a bare OCTET-STRING
> it's supposed to treat it as a TPMv1.2 key?

It passes it to each parser in turn till one says it can parse it. It's not
ideal, but it seems to work - so far. Better would be to annotate it in some
way. I have considered annotating the type field so that the payload doesn't
have to have it added:

keyctl padd asymmetric.x509 "" @s </tmp/foo.x509
keyctl padd asymmetric.pkcs#8 ...
keyctl padd asymmetric.tpm ...

However, this doesn't work with "keyctl update" or "keyctl instantiate".

David

Next message: Vinod: "Re: [PATCH 2/3] dmaengine: Add Slave and Cyclic mode support for Actions Semi Owl S900 SoC"
Previous message: Dmitry Torokhov: "Re: [PATCH] Input: elantech - enable middle button of touchpad on ThinkPad P72"
In reply to: Denis Kenzior: "Re: [PATCH 00/22] KEYS: Support TPM-wrapped key and crypto ops"
Next in thread: Denis Kenzior: "Re: [PATCH 00/22] KEYS: Support TPM-wrapped key and crypto ops"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]