Re: [PATCH 00/22] KEYS: Support TPM-wrapped key and crypto ops

From: David Howells
Date: Tue Sep 18 2018 - 13:18:43 EST

Next message: zhe.he: "[PATCH v2 1/2] printk: Fix panic caused by passing log_buf_len to command line"
Previous message: Juergen Gross: "Re: [PATCH] xen: issue warning message when out of grant maptrack entries"
In reply to: Denis Kenzior: "Re: [PATCH 00/22] KEYS: Support TPM-wrapped key and crypto ops"
Next in thread: Marcel Holtmann: "Re: [PATCH 00/22] KEYS: Support TPM-wrapped key and crypto ops"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Denis Kenzior <denkenz@xxxxxxxxx> wrote:

> > Yes. It shouldn't be much code, either. You still have to check for X.509
> > DER since the kernel currently supports that.
>
> For reasons of backward compatibility, correct? The kernel also has
> mscode.asn1 which we would need to support as well. Since we can't break
> compatibility then perhaps this doesn't buy us a whole lot in the end.

Don't worry about mscode - that's not an asymmetric key parser. That's only
ever used directly from verify_pefile_signature().

Currently, we have to retain support for DER-encoded X.509.

But there's no reason we can't have a PEM parser that decodes the PEM and
selects X.509, PKCS#8 or TPM based on the ascii header in that. PKCS#8 and
TPM don't need to take DER directly.

David

Next message: zhe.he: "[PATCH v2 1/2] printk: Fix panic caused by passing log_buf_len to command line"
Previous message: Juergen Gross: "Re: [PATCH] xen: issue warning message when out of grant maptrack entries"
In reply to: Denis Kenzior: "Re: [PATCH 00/22] KEYS: Support TPM-wrapped key and crypto ops"
Next in thread: Marcel Holtmann: "Re: [PATCH 00/22] KEYS: Support TPM-wrapped key and crypto ops"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]