lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 28 May 2024 06:51:15 +0300
From: Jarkko Sakkinen <jarkko@...nel.org>
To: Herbert Xu <herbert@...dor.apana.org.au>
Cc: linux-integrity@...r.kernel.org,
	keyrings@...r.kernel.org,
	Andreas.Fuchs@...ineon.com,
	James Prestwood <prestwoj@...il.com>,
	David Woodhouse <dwmw2@...radead.org>,
	Eric Biggers <ebiggers@...nel.org>,
	James Bottomley <James.Bottomley@...senpartnership.com>,
	linux-crypto@...r.kernel.org,
	Stefan Berger <stefanb@...ux.ibm.com>,
	Jarkko Sakkinen <jarkko@...nel.org>,
	"David S. Miller" <davem@...emloft.net>,
	linux-kernel@...r.kernel.org (open list)
Subject: [PATCH v6 0/6] KEYS: asymmetric: tpm2_key_{rsa,ecdsa}

Testing
=======

RSA
---

tpm2_createprimary --hierarchy o -G rsa2048 -c owner.txt
tpm2_evictcontrol -c owner.txt 0x81000001
tpm2_getcap handles-persistent
openssl genrsa -out private.pem 2048
tpm2_import -C 0x81000001 -G rsa -i private.pem -u key.pub -r key.priv
tpm2_encodeobject -C 0x81000001 -u key.pub -r key.priv -o key.priv.pem
openssl asn1parse -inform pem -in key.priv.pem -noout -out key.priv.der
serial=`cat key.priv.der | keyctl padd asymmetric tpm @u`
echo "abcdefg" > plaintext.txt
keyctl pkey_encrypt $serial 0 plaintext.txt enc=pkcs1 > encrypted.dat
keyctl pkey_decrypt $serial 0 encrypted.dat enc=pkcs1 > decrypted.dat
keyctl pkey_sign $serial 0 plaintext.txt enc=pkcs1 hash=sha256 > signed.dat
keyctl pkey_verify $serial 0 plaintext.txt signed.dat enc=pkcs1 hash=sha256

ECDSA
-----

tpm2_createprimary --hierarchy o -G ecc -c owner.txt
tpm2_evictcontrol -c owner.txt 0x81000001
openssl ecparam -name prime256v1 -genkey -noout -out private.pem
tpm2_import -C 0x81000001 -G ecc -i private.pem -u key.pub -r key.priv
tpm2_encodeobject -C 0x81000001 -u key.pub -r key.priv -o key.priv.pem
openssl asn1parse -inform pem -in key.priv.pem -noout -out key.priv.der
serial=`cat key.priv.der | keyctl padd asymmetric tpm @u`
echo "abcdefg" > plaintext.txt
keyctl pkey_sign $serial 0 plaintext.txt hash=sha256 > signed.dat
keyctl pkey_verify $serial 0 plaintext.txt signed.dat hash=sha256

Open Issues
===========

* When verifying ECDSA signature, _ecdsa_verify() returns -EKEYREJECTED.

References
==========

* v5: https://lore.kernel.org/linux-integrity/20240523212515.4875-1-jarkko@kernel.org/
* v4: https://lore.kernel.org/linux-integrity/20240522005252.17841-1-jarkko@kernel.org/
* v3: https://lore.kernel.org/linux-integrity/20240521152659.26438-1-jarkko@kernel.org/
* v2: https://lore.kernel.org/linux-integrity/336755.1716327854@warthog.procyon.org.uk/
* v1: https://lore.kernel.org/linux-integrity/20240520184727.22038-1-jarkko@kernel.org/
* Derived from https://lore.kernel.org/all/20200518172704.29608-1-prestwoj@gmail.com/

Jarkko Sakkinen (6):
  tpm: Open code tpm_buf_parameters()
  crypto: rsa-pkcs1pad: export rsa1_asn_lookup()
  KEYS: trusted: Change -EINVAL to -E2BIG
  crypto: tpm2_key: Introduce a TPM2 key type
  keys: asymmetric: Add tpm2_key_rsa
  keys: asymmetric: Add tpm2_key_ecdsa

 crypto/Kconfig                            |   7 +
 crypto/Makefile                           |   6 +
 crypto/asymmetric_keys/Kconfig            |  30 +
 crypto/asymmetric_keys/Makefile           |   2 +
 crypto/asymmetric_keys/tpm2_key_ecdsa.c   | 441 ++++++++++++++
 crypto/asymmetric_keys/tpm2_key_rsa.c     | 678 ++++++++++++++++++++++
 crypto/ecdsa.c                            |   1 -
 crypto/rsa-pkcs1pad.c                     |  16 +-
 crypto/tpm2_key.asn1                      |  11 +
 crypto/tpm2_key.c                         | 134 +++++
 drivers/char/tpm/tpm-buf.c                |  26 -
 drivers/char/tpm/tpm2-cmd.c               |  10 +-
 include/crypto/rsa-pkcs1pad.h             |  20 +
 include/crypto/tpm2_key.h                 |  46 ++
 include/linux/tpm.h                       |  10 +-
 security/keys/trusted-keys/Kconfig        |   2 +-
 security/keys/trusted-keys/Makefile       |   2 -
 security/keys/trusted-keys/tpm2key.asn1   |  11 -
 security/keys/trusted-keys/trusted_tpm2.c | 141 +----
 19 files changed, 1433 insertions(+), 161 deletions(-)
 create mode 100644 crypto/asymmetric_keys/tpm2_key_ecdsa.c
 create mode 100644 crypto/asymmetric_keys/tpm2_key_rsa.c
 create mode 100644 crypto/tpm2_key.asn1
 create mode 100644 crypto/tpm2_key.c
 create mode 100644 include/crypto/rsa-pkcs1pad.h
 create mode 100644 include/crypto/tpm2_key.h
 delete mode 100644 security/keys/trusted-keys/tpm2key.asn1

-- 
2.45.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ