[v2,3/8] oid_registry: Add TCG defined OIDS for TPM keys

Message ID	1575936406.31378.53.camel@HansenPartnership.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <SRS0=SOqD=2A=vger.kernel.org=linux-integrity-owner@kernel.org> Message-ID: <1575936406.31378.53.camel@HansenPartnership.com> Subject: [PATCH v2 3/8] oid_registry: Add TCG defined OIDS for TPM keys From: James Bottomley <James.Bottomley@HansenPartnership.com> To: linux-integrity@vger.kernel.org Cc: Mimi Zohar <zohar@linux.ibm.com>, Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>, David Woodhouse <dwmw2@infradead.org>, keyrings@vger.kernel.org Date: Mon, 09 Dec 2019 16:06:46 -0800 In-Reply-To: <1575936272.31378.50.camel@HansenPartnership.com> References: <1575936272.31378.50.camel@HansenPartnership.com> Content-Type: text/plain; charset="UTF-8" Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk
Series	Fix TPM 2.0 trusted keys \| expand [v2,0/8] Fix TPM 2.0 trusted keys [v2,1/8] security: keys: trusted: flush the key handle after use [v2,2/8] lib: add asn.1 encoder [v2,3/8] oid_registry: Add TCG defined OIDS for TPM keys [v2,4/8] security: keys: trusted: use ASN.1 tpm2 key format for the blobs [v2,5/8] security: keys: trusted: Make sealed key properly interoperable [v2,6/8] security: keys: trusted: add PCR policy to TPM2 keys [v2,7/8] security: keys: trusted: add ability to specify arbitrary policy [v2,8/8] security: keys: trusted: implement counter/timer policy

Message ID

1575936406.31378.53.camel@HansenPartnership.com (mailing list archive)

State

New, archived

Headers

Message-ID: <1575936406.31378.53.camel@HansenPartnership.com>
Subject: [PATCH v2 3/8] oid_registry: Add TCG defined OIDS for TPM keys
From: James Bottomley <James.Bottomley@HansenPartnership.com>
To: linux-integrity@vger.kernel.org
Cc: Mimi Zohar <zohar@linux.ibm.com>,
        Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
        David Woodhouse <dwmw2@infradead.org>, keyrings@vger.kernel.org
Date: Mon, 09 Dec 2019 16:06:46 -0800
In-Reply-To: <1575936272.31378.50.camel@HansenPartnership.com>
References: <1575936272.31378.50.camel@HansenPartnership.com>
Content-Type: text/plain; charset="UTF-8"
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Sender: linux-integrity-owner@vger.kernel.org
Precedence: bulk

Series

Fix TPM 2.0 trusted keys | expand

Commit Message

James Bottomley Dec. 10, 2019, 12:06 a.m. UTC

The TCG has defined an OID prefix "2.23.133.10.1" for the various TPM
key uses.  We've defined three of the available numbers:

2.23.133.10.1.3 TPM Loadable key.  This is an asymmetric key (Usually
		RSA2048 or Elliptic Curve) which can be imported by a
		TPM2_Load() operation.

2.23.133.10.1.4 TPM Importable Key.  This is an asymmetric key (Usually
		RSA2048 or Elliptic Curve) which can be imported by a
		TPM2_Import() operation.

Both loadable and importable keys are specific to a given TPM, the
difference is that a loadable key is wrapped with the symmetric
secret, so must have been created by the TPM itself.  An importable
key is wrapped with a DH shared secret, and may be created without
access to the TPM provided you know the public part of the parent key.

2.23.133.10.1.5 TPM Sealed Data.  This is a set of data (up to 128
		bytes) which is sealed by the TPM.  It usually
		represents a symmetric key and must be unsealed before
		use.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
---
 include/linux/oid_registry.h | 5 +++++
 1 file changed, 5 insertions(+)

Comments

David Woodhouse Dec. 10, 2019, 8:18 a.m. UTC | #1

On Mon, 2019-12-09 at 16:06 -0800, James Bottomley wrote:
> +       /* TCG defined OIDS for TPM based keys */
> +       OID_TPMLoadableKey,             /* 2.23.133.10.1.3 */
> +       OID_TPMImporableKey,            /* 2.23.133.10.1.4 */


There's a t missing from OID_TPMImpoTableKey. Sorry, missed that last
time.

James Bottomley Dec. 10, 2019, 1:22 p.m. UTC | #2

On Tue, 2019-12-10 at 08:18 +0000, David Woodhouse wrote:
> On Mon, 2019-12-09 at 16:06 -0800, James Bottomley wrote:
> > +       /* TCG defined OIDS for TPM based keys */
> > +       OID_TPMLoadableKey,             /* 2.23.133.10.1.3 */
> > +       OID_TPMImporableKey,            /* 2.23.133.10.1.4 */
> 
> 
> There's a t missing from OID_TPMImpoTableKey. Sorry, missed that last
> time.

Heh, yes, will fix.

James

diff --git a/include/linux/oid_registry.h b/include/linux/oid_registry.h
index 657d6bf2c064..a4cee888f9b0 100644
--- a/include/linux/oid_registry.h
+++ b/include/linux/oid_registry.h
@@ -107,6 +107,11 @@  enum OID {
 	OID_gostTC26Sign512B,		/* 1.2.643.7.1.2.1.2.2 */
 	OID_gostTC26Sign512C,		/* 1.2.643.7.1.2.1.2.3 */
 
+	/* TCG defined OIDS for TPM based keys */
+	OID_TPMLoadableKey,		/* 2.23.133.10.1.3 */
+	OID_TPMImporableKey,		/* 2.23.133.10.1.4 */
+	OID_TPMSealedData,		/* 2.23.133.10.1.5 */
+
 	OID__NR
 };

[v2,3/8] oid_registry: Add TCG defined OIDS for TPM keys

Commit Message

Comments

Patch