Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp5449150imm;
        Tue, 18 Sep 2018 09:40:32 -0700 (PDT)
X-Google-Smtp-Source: ANB0VdaHQGDmq6RCfO2wBE3odBsP/dLxKLyYVL1m0dusv6EMI/c0lKCe+iw/Ilf93y7gr8ghU7vq
X-Received: by 2002:a63:40c7:: with SMTP id n190-v6mr29049018pga.116.1537288832860;
        Tue, 18 Sep 2018 09:40:32 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1537288832; cv=none;
        d=google.com; s=arc-20160816;
        b=ZhDBDDsMhEbhHqk4R8/MZaQhgocHXZ5B77vZ/77dM0ezN5pZb6+3+lK9a3/tvmbX3M
         9SFpkUfhuPFKKzs7kQy5hi1UVrUb97D7DFozKKcqDHzuShBqL9ZRWxTWc2ee/E37CiFt
         b5KH9WisRW+1OA3WLqhDCsHhMAPDwIiEo5hJf5mdRyQAA5PoY1k61gWex7maHrdsBb1o
         B60bvLdcFj6SyhIbwsTbninZCr+VYMeqtN1QCrjUF7Br1nqhEN4MOhlSn+alpnLwc0uT
         37suOSbA+9BgX9uTNFVsYnt+CFQgzdDzQbf8xqX7hI53zZ5SE9p2tAgu5cU+QWJuc1HR
         8Ljw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :content-language:in-reply-to:mime-version:user-agent:date
         :message-id:from:references:cc:to:subject:dkim-signature;
        bh=VZs5gu9VeFKZSibqK+Xlu8440jTsIjOk4EkOPNtPH3c=;
        b=xme2Vv1CiO8aqEqSJH7m3+plSZaD2k0tMg68M0FKp7B6ESXmugP8M2Vfco7I+xxE0J
         rjfv49WE6z+irmUEj7TmheSH8LjzCps7UOGe3WnszAEPs3e/sexkpuHVyzgbG4AohIVX
         yBwI6Q3tCBTURso7BjbWhzU+U8abgNaAwUkDZieCRjG3qKha0AQIaeK/PqhBY7sILBI3
         rhY9cBO+HmM0R084uEfGpSKj2yTrbrW9SBz8Y5VGS60UH/iPfBusf9lpGUSFQtcN4JuU
         zwtSsgeALhGZCfxPxZvA+R1gBhsP8uThE1iwL3IDT1J84cB/l0q4/oxmAcLSv3fx/Csm
         ZgLg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=Ub8lV9wV;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id x69-v6si19925101pfe.318.2018.09.18.09.40.16;
        Tue, 18 Sep 2018 09:40:32 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=Ub8lV9wV;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1730407AbeIRWLK (ORCPT <rfc822;yxhlfx@gmail.com> + 99 others);
        Tue, 18 Sep 2018 18:11:10 -0400
Received: from mail-ot1-f47.google.com ([209.85.210.47]:38522 "EHLO
        mail-ot1-f47.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1729859AbeIRWLJ (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 18 Sep 2018 18:11:09 -0400
Received: by mail-ot1-f47.google.com with SMTP id n5-v6so2656920otl.5;
        Tue, 18 Sep 2018 09:37:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=subject:to:cc:references:from:message-id:date:user-agent
         :mime-version:in-reply-to:content-language:content-transfer-encoding;
        bh=VZs5gu9VeFKZSibqK+Xlu8440jTsIjOk4EkOPNtPH3c=;
        b=Ub8lV9wVzSLY1T476QbusMWO1IgPcSgZr7E1maUAXRv/DNCV9Cc7RfdfuN5UQz1CjU
         Rcdkts3L3wArHZHUMr3lqNqZt6v3y3TkqGaSlE+WTBYnJ4ly62cXUhOjEmag3pC1Do98
         9SsaCrRsHLOQcH0gyb+Hz5M/1/8QFBnvgxu/W9yef20r2FjzyxlGfJmvf1wux9xgmHlz
         /XtCZJZj1by8Yg7xP429us1VxLTwCsDtvjA9yROSrH5tkrdFlma6sI1zeLgOsvpIIZvr
         89l53US5cx2jO7N+8X1Pxz+TDz5neA6RqESkWeLRm0LQzzYJ+jur79stryGRYUnTQWSs
         ZU7Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:subject:to:cc:references:from:message-id:date
         :user-agent:mime-version:in-reply-to:content-language
         :content-transfer-encoding;
        bh=VZs5gu9VeFKZSibqK+Xlu8440jTsIjOk4EkOPNtPH3c=;
        b=dMCAwj7MBCyIfd7j7MZG5aLHDsCk82sKz8EXCnvWttb89fMxqoh1sk+iFgNNEU3x70
         Z8iRbkvLsGzkFYC3LltggLzC5FtYgwLP5kCxxKMEsOEmGSql45LV9v4EDshmRDgVsCWy
         ndf/E1EHtUZjjXPFFwqk2iIo4qlhjzy6WUkpc4Yt2+6z7WdOwL5MfuzEXB+oDlRAwfHM
         F26yWpuBvjfHJpaWxQmJ0hz+PJeuKJuomVffsluxl4erRZP3mt7Ud2AqezWp7i2YxvJO
         TElV1+tJv0zvmeZCFWM043+KAtnFgmYopPiFzkGrG6Pzl+HWkfBl26BeIvZa/gNXvB7F
         YZ5A==
X-Gm-Message-State: APzg51C5EPGQY7onbn74IzwMwr6XhJ2E07Tw/duknNi2LoR6BHq7wIiH
        R5e/MgzCrFxMKzdC//ZZOPPpSC6T
X-Received: by 2002:a9d:47:: with SMTP id 65-v6mr15944720ota.6.1537288666529;
        Tue, 18 Sep 2018 09:37:46 -0700 (PDT)
Received: from [192.168.1.249] (cpe-70-114-247-242.austin.res.rr.com. [70.114.247.242])
        by smtp.googlemail.com with ESMTPSA id v5-v6sm7980467oix.36.2018.09.18.09.37.45
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Tue, 18 Sep 2018 09:37:46 -0700 (PDT)
Subject: Re: [PATCH 00/22] KEYS: Support TPM-wrapped key and crypto ops
To:     David Howells <dhowells@redhat.com>,
        David Woodhouse <dwmw2@infradead.org>
Cc:     jmorris@namei.org, keyrings@vger.kernel.org,
        linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org
References: <0d51fca9a29458a40121df0c5380af91e3429c08.camel@infradead.org>
 <fdee179b-cfdf-7a2b-3193-e114f0084ecb@gmail.com>
 <153618445730.7946.10001472635835806478.stgit@warthog.procyon.org.uk>
 <1537253993.20009.62.camel@infradead.org>
 <14067.1537285833@warthog.procyon.org.uk>
 <745318a0-51bd-be8f-2251-44701ad75830@gmail.com>
 <19247.1537288419@warthog.procyon.org.uk>
From:   Denis Kenzior <denkenz@gmail.com>
Message-ID: <14f91823-474e-1b46-d305-12229dac8967@gmail.com>
Date:   Tue, 18 Sep 2018 00:51:07 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.3.0
MIME-Version: 1.0
In-Reply-To: <19247.1537288419@warthog.procyon.org.uk>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi David,

> It passes it to each parser in turn till one says it can parse it.  It's not
> ideal, but it seems to work - so far.  Better would be to annotate it in some
> way.  I have considered annotating the type field so that the payload doesn't
> have to have it added:
> 
> 	keyctl padd asymmetric.x509 "" @s </tmp/foo.x509
> 	keyctl padd asymmetric.pkcs#8 ...
> 	keyctl padd asymmetric.tpm ...
> 
> However, this doesn't work with "keyctl update" or "keyctl instantiate".
> 

In theory the PEM file already contains the type of the certificate, at 
least at a high level.  E.g. private, public, tpm.  So if we accept PEM 
files directly that could be potentially a faster way of determining the 
parser to use and would still work with keyctl update/instantiate, right?

Regards,
-Denis