'Re: [PATCH v15 4/5] security: keys: trusted: use ASN.1 TPM2 key format for the blobs'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-keyrings
Subject:    Re: [PATCH v15 4/5] security: keys: trusted: use ASN.1 TPM2 key format for the blobs
From:       James Bottomley <James.Bottomley () HansenPartnership ! com>
Date:       2021-01-30 17:12:58
Message-ID: 2ead01f03be0022e42cb94e83cfdf674d2046119.camel () HansenPartnership ! com
[Download RAW message or body]

On Sat, 2021-01-30 at 18:29 +0200, Jarkko Sakkinen wrote:
> On Wed, Jan 27, 2021 at 11:06:16AM -0800, James Bottomley wrote:
> > Modify the TPM2 key format blob output to export and import in the
> > ASN.1 form for TPM2 sealed object keys.  For compatibility with
> > prior
> > trusted keys, the importer will also accept two TPM2B quantities
> > representing the public and private parts of the key.  However, the
> > export via keyctl pipe will only output the ASN.1 format.
> > 
> > The benefit of the ASN.1 format is that it's a standard and thus
> > the
> > exported key can be used by userspace tools (openssl_tpm2_engine,
> > openconnect and tpm2-tss-engine).  The format includes policy
> > specifications, thus it gets us out of having to construct policy
> > handles in userspace and the format includes the parent meaning you
> > don't have to keep passing it in each time.
> > 
> > This patch only implements basic handling for the ASN.1 format, so
> > keys with passwords but no policy.
> > 
> > Signed-off-by: James Bottomley <
> > James.Bottomley@HansenPartnership.com>
> > Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
> 
> This one had some coding style errors:
> 
> WARNING: Possible repeated word: 'for'
> #147: FILE: security/keys/trusted-keys/tpm2key.asn1:2:
> +--- ASN.1 for for TPM 2.0 keys
> 
> ERROR: space required after that ',' (ctx:VxV)
> #198: FILE: security/keys/trusted-keys/trusted_tpm2.c:29:
> +static u32 tpm2key_oid[] = { 2,23,133,10,1,5 };
>                                ^
> 
> ERROR: space required after that ',' (ctx:VxV)
> #198: FILE: security/keys/trusted-keys/trusted_tpm2.c:29:
> +static u32 tpm2key_oid[] = { 2,23,133,10,1,5 };
>                                   ^
> 
> ERROR: space required after that ',' (ctx:VxV)
> #198: FILE: security/keys/trusted-keys/trusted_tpm2.c:29:
> +static u32 tpm2key_oid[] = { 2,23,133,10,1,5 };
>                                       ^
> 
> ERROR: space required after that ',' (ctx:VxV)
> #198: FILE: security/keys/trusted-keys/trusted_tpm2.c:29:
> +static u32 tpm2key_oid[] = { 2,23,133,10,1,5 };
>                                          ^
> 
> ERROR: space required after that ',' (ctx:VxV)
> #198: FILE: security/keys/trusted-keys/trusted_tpm2.c:29:
> +static u32 tpm2key_oid[] = { 2,23,133,10,1,5 };

THat's actually deliberate.  the OID representation is traditionally a
sequence of numbers separated by a full stop, so it should be

2.23.133.10.1.5

Since we use an array to represent each number, the closest seemed to
be replacing the '.' with ',' hence leaving no spaces.  I don't think
it hugely matters, but just saying there was a reason for the style
deviation.

> I fixed them by hand. I will apply these now to my master branch
> first, but can you just sanity check that your changes still work for
> you?
> 
> Cutting hairs, but better to be safe than sorry when doing even a
> single change to the source code.

OK, I'll rebase on your tree and see what happens.

James


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic