[prev in list] [next in list] [prev in thread] [next in thread]
List: linux-keyrings
Subject: Re: [PATCH v15 4/5] security: keys: trusted: use ASN.1 TPM2 key format for the blobs
From: James Bottomley <James.Bottomley () HansenPartnership ! com>
Date: 2021-01-30 17:12:58
Message-ID: 2ead01f03be0022e42cb94e83cfdf674d2046119.camel () HansenPartnership ! com
[Download RAW message or body]
On Sat, 2021-01-30 at 18:29 +0200, Jarkko Sakkinen wrote:
> On Wed, Jan 27, 2021 at 11:06:16AM -0800, James Bottomley wrote:
> > Modify the TPM2 key format blob output to export and import in the
> > ASN.1 form for TPM2 sealed object keys. For compatibility with
> > prior
> > trusted keys, the importer will also accept two TPM2B quantities
> > representing the public and private parts of the key. However, the
> > export via keyctl pipe will only output the ASN.1 format.
> >
> > The benefit of the ASN.1 format is that it's a standard and thus
> > the
> > exported key can be used by userspace tools (openssl_tpm2_engine,
> > openconnect and tpm2-tss-engine). The format includes policy
> > specifications, thus it gets us out of having to construct policy
> > handles in userspace and the format includes the parent meaning you
> > don't have to keep passing it in each time.
> >
> > This patch only implements basic handling for the ASN.1 format, so
> > keys with passwords but no policy.
> >
> > Signed-off-by: James Bottomley <
> > James.Bottomley@HansenPartnership.com>
> > Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
>
> This one had some coding style errors:
>
> WARNING: Possible repeated word: 'for'
> #147: FILE: security/keys/trusted-keys/tpm2key.asn1:2:
> +--- ASN.1 for for TPM 2.0 keys
>
> ERROR: space required after that ',' (ctx:VxV)
> #198: FILE: security/keys/trusted-keys/trusted_tpm2.c:29:
> +static u32 tpm2key_oid[] = { 2,23,133,10,1,5 };
> ^
>
> ERROR: space required after that ',' (ctx:VxV)
> #198: FILE: security/keys/trusted-keys/trusted_tpm2.c:29:
> +static u32 tpm2key_oid[] = { 2,23,133,10,1,5 };
> ^
>
> ERROR: space required after that ',' (ctx:VxV)
> #198: FILE: security/keys/trusted-keys/trusted_tpm2.c:29:
> +static u32 tpm2key_oid[] = { 2,23,133,10,1,5 };
> ^
>
> ERROR: space required after that ',' (ctx:VxV)
> #198: FILE: security/keys/trusted-keys/trusted_tpm2.c:29:
> +static u32 tpm2key_oid[] = { 2,23,133,10,1,5 };
> ^
>
> ERROR: space required after that ',' (ctx:VxV)
> #198: FILE: security/keys/trusted-keys/trusted_tpm2.c:29:
> +static u32 tpm2key_oid[] = { 2,23,133,10,1,5 };
THat's actually deliberate. the OID representation is traditionally a
sequence of numbers separated by a full stop, so it should be
2.23.133.10.1.5
Since we use an array to represent each number, the closest seemed to
be replacing the '.' with ',' hence leaving no spaces. I don't think
it hugely matters, but just saying there was a reason for the style
deviation.
> I fixed them by hand. I will apply these now to my master branch
> first, but can you just sanity check that your changes still work for
> you?
>
> Cutting hairs, but better to be safe than sorry when doing even a
> single change to the source code.
OK, I'll rebase on your tree and see what happens.
James
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic