Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp5438831imm; Tue, 18 Sep 2018 09:31:08 -0700 (PDT) X-Google-Smtp-Source: ANB0VdZlPhWGVQUoe4rc1w862jaxDP/bmfw78Xv08+9/E3Ngb7vyyiCUPaLSVLUkDqinSTDGuoq/ X-Received: by 2002:a62:5cc1:: with SMTP id q184-v6mr32212732pfb.241.1537288268745; Tue, 18 Sep 2018 09:31:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1537288268; cv=none; d=google.com; s=arc-20160816; b=KrlbXOl2jMRNaw+S0O+zMrxU/NB0oQdp6xDF0CAnkbwVNqvU/U9t7KOLW36CU5NCgP oB1utF9pieFWWZmzEJ3iPvCF+jPz6wtEnlyrk3a9UKxJUPGzdZ53vJIHTLeoAaGbA0Kq kdRAGRo3cFcMegeNQGCeQ59u+yPyJ7XaXpEDJR+EtoGgRf8CkOyzhriNhuRn4B5BT/bE 98VNUKiurShoy8ufDj2vfTlUmv5TdbDeuFQjBFfuc7w14GFxu/NWu9sJA/POnEgdBxMW H8Hj+U6a7C5s24TvR3/WIX+/klZ/BA3ubMKR5JQSxbMtOmCrqs4wPotNv2Xgcvh5jBSd 91YQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature; bh=sycfl4Qu134g5AA/VseYN5xXSyE8MlcSoCyRotftmfk=; b=c1RyPtta3veUbUT4949FmIFPgrckDQHuYs/k1leQzSDrNENciLBhuWoUzw6IrXRMby OzvoQCWHfdZQ53edoKhyGo0OZwYzq2IPLemHb0EdmGltv7pCrRZ6TBdujNvxXobQ+rxD v7iYTPDvdLQjVAdbBzJgxBuQXsXoAYbxEUH9fk89nJY1pS27T8x/dV54vut3Z1+CCxrF G0Id1sNwJLO7ouKaYeRf5v3ZpZXrFRfUbDfZivr/IFYUr15qnpZFhmX7u3ijKwUMy9mz c0YrW8f+PGKfjL2eeDTa66F0mnFRx6faiDoEygRHr86Bh4DWMjc2qSjPKTqQQBoPzh8g kREw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=cjSh2GtI; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v14-v6si18442437pgo.449.2018.09.18.09.30.52; Tue, 18 Sep 2018 09:31:08 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=cjSh2GtI; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730268AbeIRWCA (ORCPT + 99 others); Tue, 18 Sep 2018 18:02:00 -0400 Received: from mail-ot1-f66.google.com ([209.85.210.66]:39404 "EHLO mail-ot1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728065AbeIRWCA (ORCPT ); Tue, 18 Sep 2018 18:02:00 -0400 Received: by mail-ot1-f66.google.com with SMTP id c12-v6so2613700otl.6; Tue, 18 Sep 2018 09:28:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=sycfl4Qu134g5AA/VseYN5xXSyE8MlcSoCyRotftmfk=; b=cjSh2GtIZhrAs8RUyYDHgPCzn2PM6dRXrStr06QdSF65ylP1eLKDnSj7b9RwAu2rTc vcXjyBbqs04S+nimk4riEib5xQ3cE/nVRvLErTUKLk5ENAyNqqa+zShG6r+EvE8mIE+r r51bojoFgsyBz3qC0+bajqiHjF0cTJMMmXenuI8O/A0QbPmL6AdE1y2HcGR4uT7Zf4g2 6GOFunS3k3X7eWCyoV8lUnkbZNdUaScVVzHsQKmSzTzn3MQXrScAAAXLM13NkJe8m5mv RU6BTJG/BTBxLXMylDAQ9ZL1Yzu9fgnk+5tAB5YoQXzTdPVJwk0t6mhUaqjH9tbKIFNe lnYQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=sycfl4Qu134g5AA/VseYN5xXSyE8MlcSoCyRotftmfk=; b=hXPSsKCe6429ub5KLo63RT/EiQIQmllfosi8IRJqt5lJiQr5HN6xur365StjHehp90 5ZLf4T8fuVNiVYAswrVXEQCfeI72tqkm726Mad++N/hyLwV01LWDeyIwK9l9HlXJDJjt ZNTlfjSwvMqpQ0+0xHyMKjgrVGNaH4fFSMBJ6ifLClDVXj/snf89VBEg4hnc+0Olvivp rIS/etClhvDwRydLZgMU1kSXKDE/7aHKKg/3Xe3S2L7kH1ArY0oK4ocW4qB94ukygs1D 0bTM6/DdxFWtPJ07AZ3atWRfaFD4HRYN1i1oZNeZYcZ7sJpJ6TzbAvvCJRF2/MblIbQu 9q5Q== X-Gm-Message-State: APzg51CO2ZTw+NEsWPEP3qo5s7Nc0VyzrFv1Z8uWdgTPg1oapKCslbCX bcWohZIumAMak4OgOiAsXR+fbv/m X-Received: by 2002:a9d:1422:: with SMTP id h31-v6mr16037767oth.41.1537288119163; Tue, 18 Sep 2018 09:28:39 -0700 (PDT) Received: from [192.168.1.249] (cpe-70-114-247-242.austin.res.rr.com. [70.114.247.242]) by smtp.googlemail.com with ESMTPSA id t141-v6sm9768252oif.18.2018.09.18.09.28.37 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 18 Sep 2018 09:28:38 -0700 (PDT) Subject: Re: [PATCH 00/22] KEYS: Support TPM-wrapped key and crypto ops To: David Woodhouse , David Howells Cc: jmorris@namei.org, keyrings@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org References: <153618445730.7946.10001472635835806478.stgit@warthog.procyon.org.uk> <1537253993.20009.62.camel@infradead.org> <14067.1537285833@warthog.procyon.org.uk> <745318a0-51bd-be8f-2251-44701ad75830@gmail.com> <0d51fca9a29458a40121df0c5380af91e3429c08.camel@infradead.org> From: Denis Kenzior Message-ID: <2c5a34af-c2ae-b98c-e5d3-d89462ad3a20@gmail.com> Date: Tue, 18 Sep 2018 00:41:59 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 In-Reply-To: <0d51fca9a29458a40121df0c5380af91e3429c08.camel@infradead.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi David, On 09/18/2018 11:17 AM, David Woodhouse wrote: > On Tue, 2018-09-18 at 00:24 -0500, Denis Kenzior wrote: >> Hi David, >> >> On 09/18/2018 10:50 AM, David Howells wrote: >>> Denis Kenzior wrote: >>> >>>> openssl asn1parse -inform pem -in /tmp/privkey.2048.tpm -noout \ >>>> -out /tmp/privkey.2048.der >>> >>> You can use "... -out - | ..." instead. >> >> Aha! okay, that is even more elegant. Your openssl-fu is better than >> mine :) > > 'grep -v ^----- | base64 -d' also works most of the time :) > > You are passing the raw DER to the kernel in both cases, right? And the > kernel just happens to know that if it receives a bare OCTET-STRING > it's supposed to treat it as a TPMv1.2 key? > Short answer: right. Long answer: The kernel runs all the registered parsers until all fail or one of them recognizes the format. All the currently supported asymmetric key formats are DER based, e.g. PKCS8, PKCS7, TPM-1.2, etc. All these have a very specific DER structure with the TPM-1.2 being the simplest format. Regards, -Denis