Re: [PATCH RFC v2 0/5] Asymmetric TPM2 key type

From: Jarkko Sakkinen
Date: Sun May 19 2024 - 08:49:42 EST

Next message: Conor Dooley: "Re: [PATCH RFC v2 1/8] spi: dt-bindings: spi-peripheral-props: add spi-offloads property"
Previous message: Mario Limonciello: "[PATCH] pinctrl: amd: Set up affinity for GPIO lines when enabling interrupt"
In reply to: Jarkko Sakkinen: "[PATCH RFC v2 5/5] keys: asymmetric: ASYMMETRIC_TPM2_KEY_RSA_SUBTYPE"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun May 19, 2024 at 3:25 AM EEST, Jarkko Sakkinen wrote:
> ## Overview
>
> Introduce tpm2_key_rsa implementing asymmetric TPM RSA key.
>
> I submit this first as RFC as I could not execute the keyctl padd in the
> following sequence (returns EBADF):
>
> tpm2_createprimary --hierarchy o -G rsa2048 -c owner.txt
> tpm2_evictcontrol -c owner.txt 0x81000001
> tpm2_getcap handles-persistent
> openssl genrsa -out private.pem 2048
> tpm2_import -C 0x81000001 -G rsa -i private.pem -u key.pub -r key.priv
> tpm2_encodeobject -C 0x81000001 -u key.pub -r key.priv -o key.priv.pem
> openssl asn1parse -inform pem -in key.priv.pem -noout -out key.priv.der
> key_serial=`cat key.priv.der | keyctl padd asymmetric tpm @u`

After v2 changes it ends up to -EINVAL and:

OID is "2.23.133.10.1.3" which is not TPMSealedData

which makes total sense. James' old patch set has already TPMLoadableKey
parsing PoC'd so I use that as the reference.

After the sequence above successfully completes keyctl public key ops
are accesible by using $key_serial as the serial.

BR, Jarkko

Next message: Conor Dooley: "Re: [PATCH RFC v2 1/8] spi: dt-bindings: spi-peripheral-props: add spi-offloads property"
Previous message: Mario Limonciello: "[PATCH] pinctrl: amd: Set up affinity for GPIO lines when enabling interrupt"
In reply to: Jarkko Sakkinen: "[PATCH RFC v2 5/5] keys: asymmetric: ASYMMETRIC_TPM2_KEY_RSA_SUBTYPE"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]