diff options
author | James Bottomley <James.Bottomley@HansenPartnership.com> | 2021-01-27 11:06:16 -0800 |
---|---|---|
committer | Jarkko Sakkinen <jarkko@kernel.org> | 2021-04-14 16:30:30 +0300 |
commit | f2219745250f388edacabe6cca73654131c67d0a (patch) | |
tree | 051936ef02a33f9a08ab24994178b7cff3d6b946 /include | |
parent | de66514d934d70ce73c302ce0644b54970fc7196 (diff) |
security: keys: trusted: use ASN.1 TPM2 key format for the blobs
Modify the TPM2 key format blob output to export and import in the
ASN.1 form for TPM2 sealed object keys. For compatibility with prior
trusted keys, the importer will also accept two TPM2B quantities
representing the public and private parts of the key. However, the
export via keyctl pipe will only output the ASN.1 format.
The benefit of the ASN.1 format is that it's a standard and thus the
exported key can be used by userspace tools (openssl_tpm2_engine,
openconnect and tpm2-tss-engine). The format includes policy
specifications, thus it gets us out of having to construct policy
handles in userspace and the format includes the parent meaning you
don't have to keep passing it in each time.
This patch only implements basic handling for the ASN.1 format, so
keys with passwords but no policy.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Tested-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
Diffstat (limited to 'include')
-rw-r--r-- | include/keys/trusted-type.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/include/keys/trusted-type.h b/include/keys/trusted-type.h index b2ed3481c6a0..b2d87ad21714 100644 --- a/include/keys/trusted-type.h +++ b/include/keys/trusted-type.h @@ -22,6 +22,7 @@ struct trusted_key_payload { unsigned int key_len; unsigned int blob_len; unsigned char migratable; + unsigned char old_format; unsigned char key[MAX_KEY_SIZE + 1]; unsigned char blob[MAX_BLOB_SIZE]; }; |