• James Bottomley's avatar
    security: keys: trusted: use ASN.1 TPM2 key format for the blobs · f2219745
    James Bottomley authored
    Modify the TPM2 key format blob output to export and import in the
    ASN.1 form for TPM2 sealed object keys.  For compatibility with prior
    trusted keys, the importer will also accept two TPM2B quantities
    representing the public and private parts of the key.  However, the
    export via keyctl pipe will only output the ASN.1 format.
    
    The benefit of the ASN.1 format is that it's a standard and thus the
    exported key can be used by userspace tools (openssl_tpm2_engine,
    openconnect and tpm2-tss-engine).  The format includes policy
    specifications, thus it gets us out of having to construct policy
    handles in userspace and the format includes the parent meaning you
    don't have to keep passing it in each time.
    
    This patch only implements basic handling for the ASN.1 format, so
    keys with passwords but no policy.
    Signed-off-by: default avatarJames Bottomley <James.Bottomley@HansenPartnership.com>
    Tested-by: default avatarJarkko Sakkinen <jarkko@kernel.org>
    Signed-off-by: default avatarJarkko Sakkinen <jarkko@kernel.org>
    f2219745
trusted_tpm2.c 11.9 KB