[12/17] oid_registry: Add TCG defined OIDS for TPM keys
diff mbox series

Message ID 20200518172704.29608-13-prestwoj@gmail.com
State New
Headers show
  • Asymmetric key operations on TPM2
Related show

Commit Message

James Prestwood May 18, 2020, 5:26 p.m. UTC
From: James Bottomley <James.Bottomley@HansenPartnership.com>

The TCG has defined an OID prefix "" for the various TPM
key uses.  We've defined three of the available numbers: TPM Loadable key.  This is an asymmetric key (Usually
		RSA2048 or Elliptic Curve) which can be imported by a
		TPM2_Load() operation. TPM Importable Key.  This is an asymmetric key (Usually
		RSA2048 or Elliptic Curve) which can be imported by a
		TPM2_Import() operation.

Both loadable and importable keys are specific to a given TPM, the
difference is that a loadable key is wrapped with the symmetric
secret, so must have been created by the TPM itself.  An importable
key is wrapped with a DH shared secret, and may be created without
access to the TPM provided you know the public part of the parent key. TPM Sealed Data.  This is a set of data (up to 128
		bytes) which is sealed by the TPM.  It usually
		represents a symmetric key and must be unsealed before

The ASN.1 binary key form starts of with this OID as the first element
of a sequence, giving the binary form a unique recognizable identity
marker regardless of encoding.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Acked-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
 include/linux/oid_registry.h | 5 +++++
 1 file changed, 5 insertions(+)

diff mbox series

diff --git a/include/linux/oid_registry.h b/include/linux/oid_registry.h
index 657d6bf2c064..f6e2276e5f30 100644
--- a/include/linux/oid_registry.h
+++ b/include/linux/oid_registry.h
@@ -107,6 +107,11 @@  enum OID {
 	OID_gostTC26Sign512B,		/* 1.2.643. */
 	OID_gostTC26Sign512C,		/* 1.2.643. */
+	/* TCG defined OIDS for TPM based keys */
+	OID_TPMLoadableKey,		/* */
+	OID_TPMImportableKey,		/* */
+	OID_TPMSealedData,		/* */