On Tue May 21, 2024 at 8:47 AM EEST, Bharat Bhushan wrote:
>
>
> > -Original Message-
> > From: Jarkko Sakkinen
> > Sent: Tuesday, May 21, 2024 8:47 AM
> > To: Herbert Xu
> > Cc: linux-integr...@vger.kernel.org; keyri...@vger.kernel.org;
> > andreas.fu...@infineon.com; James Prestwood ;
>
> -Original Message-
> From: Jarkko Sakkinen
> Sent: Tuesday, May 21, 2024 8:47 AM
> To: Herbert Xu
> Cc: linux-integr...@vger.kernel.org; keyri...@vger.kernel.org;
> andreas.fu...@infineon.com; James Prestwood ;
> David Woodhouse ; Eric Biggers
> ; James Bottomley
> ; Jarkko Sakkinen
On Tue May 21, 2024 at 10:25 AM EEST, Bharat Bhushan wrote:
> > + rc = crypto_akcipher_encrypt(req);
> > + rc = crypto_wait_req(rc, &cwait);
> > +
>
> Few Minor comments,
> Extra line here
Yeah, makes sense.
> > + if (!rc)
> > + rc = req->dst_len;
> > +
> > + akcipher_request
## Overview
Introduce tpm2_key_rsa module, which implements asymmetric TPM2 RSA key.
The feature can be enabled with the CONFIG_ASYMMETRIC_TPM2_KEY_RSA_SUBTYPE
kconfig option.
The idea in the design is to over time to have submodule per key type
For instance, tpm2_key_ecdsa could be one potentia
ASN.1 template is required for TPM2 asymmetric keys, as it needs to be
piggy-packed with the input data before applying TPM2_RSA_Decrypt. This
patch prepares crypto subsystem for the addition of those keys.
Signed-off-by: Jarkko Sakkinen
---
crypto/rsa-pkcs1pad.c | 16 ++--
i
Expand asn1_encode_integer() to variable size integers, meaning that it
will get a blob in big-endian format as integer and length of the blob as
parameters. This is required in order to encode RSA public key modulus.
Signed-off-by: Jarkko Sakkinen
---
v3:
* Fix off-by-one in indices when returni
Move tpm2_key_decode() to the TPM driver and export the symbols to make
them callable from trusted keys. It can re-used for asymmetric keys.
Signed-off-by: Jarkko Sakkinen
---
v2:
Do not allocate blob twice. Use the one inside struct tpm2_key.
---
drivers/char/tpm/Kconfig |
Extend parser to TPM_LoadableKey. Add field for oid to struct tpm2_key
so that callers can differentiate different key types.
Signed-off-by: Jarkko Sakkinen
---
v3:
* Fixup klog messages:
https://lore.kernel.org/linux-integrity/sn7pr18mb53140f4341bc441c1c11586ee3...@sn7pr18mb5314.namprd18.prod
From: James Prestwood
Based on earlier work by James Prestwood.
Add ASN.1 compatible asymmetric TPM2 RSA key subtype:
1. Signing and decryption (with the private key) is handled by
TPM2_RSA_Decrypt.
2. Encryption (with the public key) is handled by the kernel RSA
implementation.
Link: ht
On Tue, 2024-05-21 at 06:16 +0300, Jarkko Sakkinen wrote:
[...]
> diff --git a/include/crypto/tpm2_key.h b/include/crypto/tpm2_key.h
> new file mode 100644
> index ..acf41b2e0c92
> --- /dev/null
> +++ b/include/crypto/tpm2_key.h
> @@ -0,0 +1,33 @@
> +/* SPDX-License-Identifier: GPL-2.0-
On Tue, May 21, 2024 at 10:53:18AM +0800, Herbert Xu wrote:
> On Mon, May 20, 2024 at 11:49:56AM -0400, Nícolas F. R. A. Prado wrote:
> >
> > Unfortunately this patch didn't work either. The warning is still there
> > unchanged.
>
> OK perhaps we can do it by calling current_is_async ourselves.
>
On Tue May 21, 2024 at 9:18 PM EEST, James Bottomley wrote:
> On Tue, 2024-05-21 at 06:16 +0300, Jarkko Sakkinen wrote:
> [...]
> > diff --git a/include/crypto/tpm2_key.h b/include/crypto/tpm2_key.h
> > new file mode 100644
> > index ..acf41b2e0c92
> > --- /dev/null
> > +++ b/include/cr
Jarkko Sakkinen wrote:
> On Tue May 21, 2024 at 9:18 PM EEST, James Bottomley wrote:
> ...
> You don't save a single byte of memory with any constant that dictates
> the size requirements for multiple modules in two disjoint subsystems.
I think James is just suggesting you replace your limit arg
On Tue, 2024-05-21 at 22:44 +0100, David Howells wrote:
> Jarkko Sakkinen wrote:
>
> > On Tue May 21, 2024 at 9:18 PM EEST, James Bottomley wrote:
> > ...
> > You don't save a single byte of memory with any constant that
> > dictates the size requirements for multiple modules in two disjoint
> >
On Wed May 22, 2024 at 12:44 AM EEST, David Howells wrote:
> Jarkko Sakkinen wrote:
>
> > On Tue May 21, 2024 at 9:18 PM EEST, James Bottomley wrote:
> > ...
> > You don't save a single byte of memory with any constant that dictates
> > the size requirements for multiple modules in two disjoint su
On Wed May 22, 2024 at 12:59 AM EEST, James Bottomley wrote:
> On Tue, 2024-05-21 at 22:44 +0100, David Howells wrote:
> > Jarkko Sakkinen wrote:
> >
> > > On Tue May 21, 2024 at 9:18 PM EEST, James Bottomley wrote:
> > > ...
> > > You don't save a single byte of memory with any constant that
> >
On Wed May 22, 2024 at 1:45 AM EEST, Jarkko Sakkinen wrote:
> On Wed May 22, 2024 at 12:59 AM EEST, James Bottomley wrote:
> > On Tue, 2024-05-21 at 22:44 +0100, David Howells wrote:
> > > Jarkko Sakkinen wrote:
> > >
> > > > On Tue May 21, 2024 at 9:18 PM EEST, James Bottomley wrote:
> > > > ...
## Overview
Introduce tpm2_key_rsa module, which implements asymmetric TPM2 RSA key.
The feature can be enabled with the CONFIG_ASYMMETRIC_TPM2_KEY_RSA_SUBTYPE
kconfig option. This feature allows the private key to be uploaded to
the TPM2 for signing, and software can use the public key to verify
ASN.1 template is required for TPM2 asymmetric keys, as it needs to be
piggy-packed with the input data before applying TPM2_RSA_Decrypt. This
patch prepares crypto subsystem for the addition of those keys.
Signed-off-by: Jarkko Sakkinen
---
crypto/rsa-pkcs1pad.c | 16 ++--
i
Report -E2BIG instead of -EINVAL when too large size for the key blob is
requested.
Signed-off-by: Jarkko Sakkinen
---
security/keys/trusted-keys/trusted_tpm2.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/security/keys/trusted-keys/trusted_tpm2.c
b/security/keys/trusted-
Move tpm2_key_decode() to the TPM driver and export the symbols to make
them callable from trusted keys. It can re-used for asymmetric keys.
Signed-off-by: Jarkko Sakkinen
---
v2:
Do not allocate blob twice. Use the one inside struct tpm2_key.
---
drivers/char/tpm/Kconfig |
Extend parser to TPM_LoadableKey. Add field for oid to struct tpm2_key
so that callers can differentiate different key types.
Signed-off-by: Jarkko Sakkinen
---
v3:
* Fixup klog messages:
https://lore.kernel.org/linux-integrity/sn7pr18mb53140f4341bc441c1c11586ee3...@sn7pr18mb5314.namprd18.prod
From: James Prestwood
Based on earlier work by James Prestwood.
Add ASN.1 compatible asymmetric TPM2 RSA key subtype:
1. Signing and decryption (with the private key) is handled by
TPM2_RSA_Decrypt.
2. Encryption (with the public key) is handled by the kernel RSA
implementation.
Signed-o
On Tue, May 21, 2024 at 03:37:16PM -0400, Nícolas F. R. A. Prado wrote:
>
> FWIW this patch fixes the warning. So feel free to add
>
> Tested-by: Nícolas F. R. A. Prado
Could you please test this patch instead?
---8<---
A potential deadlock was reported with the config file at
https://web.arch
24 matches
Mail list logo
