Testing
===
RSA
---
tpm2_createprimary --hierarchy o -G rsa2048 -c owner.txt
tpm2_evictcontrol -c owner.txt 0x8101
tpm2_getcap handles-persistent
openssl genrsa -out private.pem 2048
tpm2_import -C 0x8101 -G rsa -i private.pem -u key.pub -r key.priv
tpm2_encodeobject -C 0x8101 -u
ASN.1 template is required for TPM2 asymmetric keys, as it needs to be
piggy-packed with the input data before applying TPM2_RSA_Decrypt. This
patch prepares crypto subsystem for the addition of those keys.
Signed-off-by: Jarkko Sakkinen
---
crypto/rsa-pkcs1pad.c | 16 ++--
i
Report -E2BIG instead of -EINVAL when too large size for the key blob is
requested.
Signed-off-by: Jarkko Sakkinen
---
security/keys/trusted-keys/trusted_tpm2.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/security/keys/trusted-keys/trusted_tpm2.c
b/security/keys/trusted-
TPM2 ASN.1 format is required for trusted keys and asymmetric keys. Move it
to crypto in order to make it available for both. Implement validation with
coverage of all TPMT_PUBLIC shared fields. Key type specific fields must be
covered by the different subsystems using this.
A Kconfig option CRYPT
* Asymmetric TPM2 ECDSA key with signing and verification.
* Enabled with CONFIG_ASYMMETRIC_TPM2_KEY_ECDSA_SUBTYPE.
Cc: Stefan Berger
Signed-off-by: Jarkko Sakkinen
---
v7:
* Rewrote the signature encoder.
* Added the missing sha256() call to the signature verifier.
v6:
* The very first version.
* Asymmetric TPM2 RSA key with signing and verification.
* Encryption and decryption when pcks1 encoding is used.
* Enabled with CONFIG_ASYMMETRIC_TPM2_KEY_ECDSA_SUBTYPE.
Signed-off-by: James Prestwood
Co-developed-by: Jarkko Sakkinen
Signed-off-by: Jarkko Sakkinen
---
v6:
* Validate RSA parame
On Wed May 29, 2024 at 12:08 AM EEST, Jarkko Sakkinen wrote:
> + /* Encode the ASN.1 signature: */
> +#define TPM2_KEY_ECDSA_SIG_SIZE (2 + 2 * (2 +
> SHA256_DIGEST_SIZE) + r_0 + s_0)
> + pr_info("sig_size=%d\n", TPM2_KEY_ECDSA_SIG_SIZE);
> + ptr[0] = 0x30; /* SEQUENCE */
>
On Wed May 29, 2024 at 12:42 AM EEST, Jarkko Sakkinen wrote:
> On Wed May 29, 2024 at 12:08 AM EEST, Jarkko Sakkinen wrote:
> > + /* Encode the ASN.1 signature: */
> > +#define TPM2_KEY_ECDSA_SIG_SIZE(2 + 2 * (2 +
> > SHA256_DIGEST_SIZE) + r_0 + s_0)
> > + pr_info("sig_size=%d\n",
On 5/28/24 17:08, Jarkko Sakkinen wrote:
* Asymmetric TPM2 ECDSA key with signing and verification.
* Enabled with CONFIG_ASYMMETRIC_TPM2_KEY_ECDSA_SUBTYPE.
Cc: Stefan Berger
Signed-off-by: Jarkko Sakkinen
---
v7:
* Rewrote the signature encoder.
* Added the missing sha256() call to the sig
On 5/28/24 17:08, Jarkko Sakkinen wrote:
ASN.1 template is required for TPM2 asymmetric keys, as it needs to be
piggy-packed with the input data before applying TPM2_RSA_Decrypt. This
piggy-backed
patch prepares crypto subsystem for the addition of those keys.
Signed-off-by: Jarkko Sakkin
On Wed May 29, 2024 at 2:15 AM EEST, Stefan Berger wrote:
> > + ptr[TPM2_KEY_ECDSA_SIG_R_TAG] = 0x02; /* INTEGER */
> > + ptr[TPM2_KEY_ECDSA_SIG_R_SIZE] = SHA256_DIGEST_SIZE + r_0;
>
> The size of the signature has nothing to do with the size of the hash.
> SHA256_DIGEST_SIZE (32) happens to m
On Wed May 29, 2024 at 2:20 AM EEST, Stefan Berger wrote:
>
>
> On 5/28/24 17:08, Jarkko Sakkinen wrote:
> > ASN.1 template is required for TPM2 asymmetric keys, as it needs to be
> > piggy-packed with the input data before applying TPM2_RSA_Decrypt. This
>
> piggy-backed
Right! I consciously wrot
On 5/28/24 17:08, Jarkko Sakkinen wrote:
Report -E2BIG instead of -EINVAL when too large size for the key blob is
requested.
Signed-off-by: Jarkko Sakkinen
Reviewed-by: Stefan Berger
---
security/keys/trusted-keys/trusted_tpm2.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
13 matches
Mail list logo
