On Fri May 24, 2024 at 12:25 AM EEST, Jarkko Sakkinen wrote: > ## Overview > > Introduce tpm2_key_rsa module, which implements asymmetric TPM2 RSA key. > The feature can be enabled with the CONFIG_ASYMMETRIC_TPM2_KEY_RSA_SUBTYPE > kconfig option. This feature allows the private key to be uploaded to > the TPM2 for signing, and software can use the public key to verify > the signatures. Since barely v6.9 is out I wrote over night also tpm2_key_ecdsa i.e. ECC/ECDSA based module :-) It was a good idea. I realized e.g. actually documented in the API fact that I should return -EBADMSG as legit undetected. Also found a memory corruption bugs. I renamed extract_pub to probe because that made me sort of realized the role better too. Some of the code could later on put to up-level struct tpm2_key but it is not a functional requirement. I.e. top-level does raw parsing and then these modules check each that if this is for them (e.g. ECDSA) then eat it. Otherwise, pass over. I did do some rudimentary testing and it seems to be quite good, and my pattern seems to work. I.e. different modules for RSA and ECDSA fit well how asymmetric keys are probed and allows to do as a sysadmin appropriate configuration for the use case. My biggest concern is undocumented parameters API in akcipher. BR, Jarkko
