Received: by 2002:a89:d88:0:b0:1fa:5c73:8e2d with SMTP id eb8csp417255lqb; Fri, 24 May 2024 02:20:20 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCXkMgZo2WNGIDYTn8YZKyyk5on1BVCl6mRtps6oTCiIhxY/tu1TM9RaCITVs7NY/mCeNEkFwBZ+KKOl5HYuw6F54HjihKQncVmwzpNizQ== X-Google-Smtp-Source: AGHT+IGAo//dQTdbGFubiHme3MxG/6iT/fivKpq095+3cVZODgX6OxbY2MgWqNrmeNoIky4Fm1uJ X-Received: by 2002:a05:690c:802:b0:627:7871:e172 with SMTP id 00721157ae682-62a08fdc095mr17350867b3.51.1716542419632; Fri, 24 May 2024 02:20:19 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1716542419; cv=pass; d=google.com; s=arc-20160816; b=oAWazWdzuZINEMJAFKL6DWVuSpOzGFsOJT71WHjeC/oSdxuy1FwE/PR47SI9NSRDfp rZwjYz4HgGLSsiZaKeEHjBVc5HWrIW+s5heJ/rEDG0jq8J94lxmRtPiBsrE1dSTSRBWb omB/YIqzA2wQiMH9jC+8VNXVGMNC40LJGPry1y74Jo4nZgH3KtdyXYaXJmfZHmbz6brm POiPhREin7dSZYSlBdQIIohBR9Vn6+MSr0E+6kSmjV24ysTym6gjHw8cd826MFY69TRQ 8k0IVQjEZ8xuYLTbZ4aYJVZeb3w0phyhofyaferiEi0p2MtDJdw12kJWksURIRdUAAUp vxIQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:references:subject:cc:to:from:message-id:date :content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:dkim-signature; bh=QXBDfBTQ6SvU3OzM7OF0LeXsDtpvLic3l/yHUSbrv1k=; fh=dk6EwHGLpgyLLhOHJMRy9NELqDmBQ9B8V7vT4qO5nI0=; b=Mj4K5wQwARSiPDcvdeQkXE3668sd+ZIdwAlFTd7vhR5h3ZikChPI9KB/rEAcPvEAET 7yLcA0IETJKSG3ignXKsHWgE4pRJUBy0sChAYRQLlNzy/d9HUAgiPWBX9s4xhP1art4N PjZUOkkc/RYIq8J1GsZmrDSw0ucgejoK1dIZCTnHLSpeaR4tYPIS1i05a4aQdqOYVf2s yV8SzrlpaqHHreIHm6i0ZgYclZlFRERFe1MOikjxKgXD2YgqbpfT0EYw+MTCfXhiK/ts L4v0F6wbaoIidR9CIV6sVJe0d6rtnfrSKdFMXpM7wwL/xoZ0yY1G1n+l0S/LufM3k+UY zgVA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=ExULWq+D; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-crypto+bounces-4382-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-crypto+bounces-4382-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id 6a1803df08f44-6ac162dd7c8si11700876d6.581.2024.05.24.02.20.19 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 24 May 2024 02:20:19 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto+bounces-4382-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=ExULWq+D; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-crypto+bounces-4382-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-crypto+bounces-4382-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id 5C5681C21EF3 for ; Fri, 24 May 2024 09:20:19 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 5613A8529A; Fri, 24 May 2024 09:18:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="ExULWq+D" X-Original-To: linux-crypto@vger.kernel.org Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 05FAA83CAE; Fri, 24 May 2024 09:18:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716542288; cv=none; b=M6aHf5pHaNOmqDil1hPhwsZPZk8vHQSquTKM11Rf87uc9e6hzosU7jgcayrC2YBh5pdymULOakclbQDFEWoOZ9YnZ5PTeTMs5rlu3joX5DXYwNFJkBNyOcJ1aZlaNsFWnMkPR9IvtDiyV/AOrj5XWXIApcKT1RQ3SDm06oj+Iqk= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716542288; c=relaxed/simple; bh=QXBDfBTQ6SvU3OzM7OF0LeXsDtpvLic3l/yHUSbrv1k=; h=Mime-Version:Content-Type:Date:Message-Id:From:To:Cc:Subject: References:In-Reply-To; b=GlpqX4gMQv26qzvE60/EoOuO6z927TeQ4eHAGC5a7+YoyZEy6I82riRjA1qbrMm+V3JUuevz7t1auhaeveWU1FR684hAjPz4ZlF+GzuWrZXroNM78S8bzsUbvm6Bo5jNyDu7k2WUnBRM6DKYcGX06XpB05tjq95jrCT/Fc8axqA= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=ExULWq+D; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id E3AB7C2BBFC; Fri, 24 May 2024 09:18:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1716542287; bh=QXBDfBTQ6SvU3OzM7OF0LeXsDtpvLic3l/yHUSbrv1k=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=ExULWq+DL7Ly/Ig2hnMERo7+ZkvZmbbWtBtxkrorvBTAEKfsu8yFcozaoFf9ijVK3 bYEZoYytcdQ7vFGojzIAts9UoMaanm6d3EFvwiQPxbm9lwUNcJkxrDs5WIk8+i/c+l JGsaBiXRZZsyPjoZSKeIT2rcntP+i9rzApp7VXtnt8X7DMQ5sfYmAuNTQLHJbBDFKw fEDoXLyOMUBlJXLZ+FCRNs0vyNHLdi/Mdn5STjyhCJVVmwmxN9lnHynaHbsHahpjvh FSqeD1Ct+YkRkdZfPT/Q4vOihui6jGo7cK4pmKI0j2I1S52bO9LD7+DHntoSA0MO84 y008KspEcz8eA== Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 Date: Fri, 24 May 2024 12:18:02 +0300 Message-Id: From: "Jarkko Sakkinen" To: "Jarkko Sakkinen" , "Herbert Xu" Cc: , , , "James Prestwood" , "David Woodhouse" , "Eric Biggers" , "James Bottomley" , , "David S. Miller" , "open list" Subject: Re: [PATCH v5 0/5] KEYS: asymmetric: tpm2_key_rsa X-Mailer: aerc 0.17.0 References: <20240523212515.4875-1-jarkko@kernel.org> In-Reply-To: <20240523212515.4875-1-jarkko@kernel.org> On Fri May 24, 2024 at 12:25 AM EEST, Jarkko Sakkinen wrote: > ## Overview > > Introduce tpm2_key_rsa module, which implements asymmetric TPM2 RSA key. > The feature can be enabled with the CONFIG_ASYMMETRIC_TPM2_KEY_RSA_SUBTYP= E=20 > kconfig option. This feature allows the private key to be uploaded to > the TPM2 for signing, and software can use the public key to verify > the signatures. Since barely v6.9 is out I wrote over night also tpm2_key_ecdsa i.e. ECC/ECDSA based module :-) It was a good idea. I realized e.g. actually documented in the API fact that I should return -EBADMSG as legit undetected. Also found a memory corruption bugs. I renamed extract_pub to probe because that made me sort of realized the role better too. Some of the code could later on put to up-level struct tpm2_key but it is not a functional requirement. I.e. top-level does raw parsing and then these modules check each that if this is for them (e.g. ECDSA) then eat it. Otherwise, pass over. I did do some rudimentary testing and it seems to be quite good, and my pattern seems to work. I.e. different modules for RSA and ECDSA fit well how asymmetric keys are probed and allows to do as a sysadmin appropriate configuration for the use case. My biggest concern is undocumented parameters API in akcipher. BR, Jarkko