diff mbox series

[v14,2/5] oid_registry: Add TCG defined OIDS for TPM keys

Message ID 20201129222004.4428-3-James.Bottomley@HansenPartnership.com (mailing list archive)
State New, archived
Headers show
Series TPM 2.0 trusted key rework | expand

Commit Message

James Bottomley Nov. 29, 2020, 10:20 p.m. UTC 
The TCG has defined an OID prefix "2.23.133.10.1" for the various TPM
key uses.  We've defined three of the available numbers:

2.23.133.10.1.3 TPM Loadable key.  This is an asymmetric key (Usually
		RSA2048 or Elliptic Curve) which can be imported by a
		TPM2_Load() operation.

2.23.133.10.1.4 TPM Importable Key.  This is an asymmetric key (Usually
		RSA2048 or Elliptic Curve) which can be imported by a
		TPM2_Import() operation.

Both loadable and importable keys are specific to a given TPM, the
difference is that a loadable key is wrapped with the symmetric
secret, so must have been created by the TPM itself.  An importable
key is wrapped with a DH shared secret, and may be created without
access to the TPM provided you know the public part of the parent key.

2.23.133.10.1.5 TPM Sealed Data.  This is a set of data (up to 128
		bytes) which is sealed by the TPM.  It usually
		represents a symmetric key and must be unsealed before
		use.

The ASN.1 binary key form starts of with this OID as the first element
of a sequence, giving the binary form a unique recognizable identity
marker regardless of encoding.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Acked-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Reviewed-by: David Howells <dhowells@redhat.com>

---

v3: correct OID_TPMImportableKey name
v7: add ack
v9: add review
---
 include/linux/oid_registry.h | 5 +++++
 1 file changed, 5 insertions(+)

Comments

David Howells Dec. 4, 2020, 1:44 p.m. UTC | #1 
James Bottomley <James.Bottomley@HansenPartnership.com> wrote:

> The TCG has defined an OID prefix "2.23.133.10.1" for the various TPM
> key uses.

Is this registered?  I've checked a couple of OID registry sites
(eg. www.oid-info.com) and it seems to be unknown.

David
James Bottomley Dec. 4, 2020, 4:01 p.m. UTC | #2 
On Fri, 2020-12-04 at 13:44 +0000, David Howells wrote:
> James Bottomley <James.Bottomley@HansenPartnership.com> wrote:
> 
> > The TCG has defined an OID prefix "2.23.133.10.1" for the various
> > TPM key uses.
> 
> Is this registered?  I've checked a couple of OID registry sites
> (eg. www.oid-info.com) and it seems to be unknown.

Yes, TCG owns 2.23.133, although I still don't think Monty has
published it yet:

https://lore.kernel.org/linux-integrity/26ED11907FC0F446BB0296B5357EEF0E316CDBB0@CINMBCNA02.e2k.ad.ge.com/

James
diff mbox series

Patch

diff --git a/include/linux/oid_registry.h b/include/linux/oid_registry.h
index 4462ed2c18cd..d06988d1565e 100644
--- a/include/linux/oid_registry.h
+++ b/include/linux/oid_registry.h
@@ -113,6 +113,11 @@  enum OID {
 	OID_SM2_with_SM3,		/* 1.2.156.10197.1.501 */
 	OID_sm3WithRSAEncryption,	/* 1.2.156.10197.1.504 */
 
+	/* TCG defined OIDS for TPM based keys */
+	OID_TPMLoadableKey,		/* 2.23.133.10.1.3 */
+	OID_TPMImportableKey,		/* 2.23.133.10.1.4 */
+	OID_TPMSealedData,		/* 2.23.133.10.1.5 */
+
 	OID__NR
 };