Re: [PATCH v15 4/5] security: keys: trusted: use ASN.1 TPM2 key format for the blobs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, 2021-01-30 at 18:29 +0200, Jarkko Sakkinen wrote:
> On Wed, Jan 27, 2021 at 11:06:16AM -0800, James Bottomley wrote:
> > Modify the TPM2 key format blob output to export and import in the
> > ASN.1 form for TPM2 sealed object keys.  For compatibility with
> > prior
> > trusted keys, the importer will also accept two TPM2B quantities
> > representing the public and private parts of the key.  However, the
> > export via keyctl pipe will only output the ASN.1 format.
> > 
> > The benefit of the ASN.1 format is that it's a standard and thus
> > the
> > exported key can be used by userspace tools (openssl_tpm2_engine,
> > openconnect and tpm2-tss-engine).  The format includes policy
> > specifications, thus it gets us out of having to construct policy
> > handles in userspace and the format includes the parent meaning you
> > don't have to keep passing it in each time.
> > 
> > This patch only implements basic handling for the ASN.1 format, so
> > keys with passwords but no policy.
> > 
> > Signed-off-by: James Bottomley <
> > James.Bottomley@xxxxxxxxxxxxxxxxxxxxx>
> > Tested-by: Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx>
> 
> This one had some coding style errors:
> 
> WARNING: Possible repeated word: 'for'
> #147: FILE: security/keys/trusted-keys/tpm2key.asn1:2:
> +--- ASN.1 for for TPM 2.0 keys
> 
> ERROR: space required after that ',' (ctx:VxV)
> #198: FILE: security/keys/trusted-keys/trusted_tpm2.c:29:
> +static u32 tpm2key_oid[] = { 2,23,133,10,1,5 };
>                                ^
> 
> ERROR: space required after that ',' (ctx:VxV)
> #198: FILE: security/keys/trusted-keys/trusted_tpm2.c:29:
> +static u32 tpm2key_oid[] = { 2,23,133,10,1,5 };
>                                   ^
> 
> ERROR: space required after that ',' (ctx:VxV)
> #198: FILE: security/keys/trusted-keys/trusted_tpm2.c:29:
> +static u32 tpm2key_oid[] = { 2,23,133,10,1,5 };
>                                       ^
> 
> ERROR: space required after that ',' (ctx:VxV)
> #198: FILE: security/keys/trusted-keys/trusted_tpm2.c:29:
> +static u32 tpm2key_oid[] = { 2,23,133,10,1,5 };
>                                          ^
> 
> ERROR: space required after that ',' (ctx:VxV)
> #198: FILE: security/keys/trusted-keys/trusted_tpm2.c:29:
> +static u32 tpm2key_oid[] = { 2,23,133,10,1,5 };

THat's actually deliberate.  the OID representation is traditionally a
sequence of numbers separated by a full stop, so it should be

2.23.133.10.1.5

Since we use an array to represent each number, the closest seemed to
be replacing the '.' with ',' hence leaving no spaces.  I don't think
it hugely matters, but just saying there was a reason for the style
deviation.

> I fixed them by hand. I will apply these now to my master branch
> first, but can you just sanity check that your changes still work for
> you?
> 
> Cutting hairs, but better to be safe than sorry when doing even a
> single change to the source code.

OK, I'll rebase on your tree and see what happens.

James





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux