Re: [PATCH v2 02/19] crypto: sig - Introduce sig_alg backend

Keyrings Archive mirror
 help / color / mirror / Atom feed

From: "Jarkko Sakkinen" <jarkko@kernel.org>
To: "Lukas Wunner" <lukas@wunner.de>
Cc: "Herbert Xu" <herbert@gondor.apana.org.au>,
	"David S. Miller" <davem@davemloft.net>,
	"Eric Biggers" <ebiggers@google.com>,
	"Stefan Berger" <stefanb@linux.ibm.com>,
	"Vitaly Chikunov" <vt@altlinux.org>,
	"Tadeusz Struk" <tstruk@gigaio.com>,
	"David Howells" <dhowells@redhat.com>,
	"Andrew Zaborowski" <andrew.zaborowski@intel.com>,
	"Saulo Alessandre" <saulo.alessandre@tse.jus.br>,
	"Jonathan Cameron" <Jonathan.Cameron@huawei.com>,
	"Ignat Korchagin" <ignat@cloudflare.com>,
	"Marek Behun" <kabel@kernel.org>,
	"Varad Gautam" <varadgautam@google.com>,
	"Stephan Mueller" <smueller@chronox.de>,
	"Denis Kenzior" <denkenz@gmail.com>,
	<linux-crypto@vger.kernel.org>, <keyrings@vger.kernel.org>
Subject: Re: [PATCH v2 02/19] crypto: sig - Introduce sig_alg backend
Date: Mon, 18 Nov 2024 09:56:47 +0200	[thread overview]
Message-ID: <D5P575JLB4XC.3EYK7NN905Z5Z@kernel.org> (raw)
In-Reply-To: <ZuMIaEktrP4j1s9l@wunner.de>

On Thu Sep 12, 2024 at 6:27 PM EEST, Lukas Wunner wrote:
> On Thu, Sep 12, 2024 at 05:19:15PM +0300, Jarkko Sakkinen wrote:
> > I try to understand these in detail because I rebase later on my TPM2
> > ECDSA patches (series last updated in April) on top of this. I'll hold
> > with that for the sake of less possible conflicts with this larger
> > series.
> > 
> > Many of the questions rised during the Spring about akcipher so now is
> > my chance to fill the dots by asking them here.
>
> I assume you're referring to:
> https://lore.kernel.org/all/20240528210823.28798-1-jarkko@kernel.org/

Returning to this as I started to update the series. Sorry if for
possible duplicates with my earelier response.

> Help me understand this:
> Once you import a private key to a TPM, can you get it out again?

No.

> Can you generate private keys on the TPM which cannot be retrieved?

Yes.

>
> It would be good if the cover letter or one of the commits in your
> series explained this.  Some of the commit messages are overly terse
> and consist of just two or three bullet points.

Yes.

I'm picking right now the use case where key is uploaded to the TPM
because:

1. The creation part is more complex as data flow starts from user
   space so it pretty much tests the edges also for a generated
   private key.
2. I can drop the code related to public key and add only signing
   operation, not signature verification.

My test script will along the lines of [1]. The new version of the
series is not yet fully working so also the test is due to change.
The idea is to get flow working where a normal public key can verify
a signature made by the TPM chip.

One area what I know probably might not be correct, is what I put
in the 'describe' callbacks:

static void tpm2_key_ecc_describe(const struct key *asymmetric_key,
				    struct seq_file *m)
{
	struct tpm2_key *key = asymmetric_key->payload.data[asym_crypto];

	if (!key) {
		pr_err("key missing");
		return;
	}

	seq_puts(m, "TPM2/ECDSA");
}

So any ideas what to put here are welcome (obviously).

[1]
#!/usr/bin/env bash

set -e

PRIMARY=0x81000001

function egress {
  keyctl clear @u
  tpm2_evictcontrol -C o -c $PRIMARY 2> /dev/null
  tpm2_getcap handles-transient
  tpm2_getcap handles-persistent
}
trap egress EXIT

openssl ecparam -name prime256v1 -genkey -noout -out ecc.pem
openssl pkcs8 -topk8 -inform PEM -outform DER -nocrypt -in ecc.pem -out ecc_pkcs8.der

tpm2_createprimary --hierarchy o -G ecc -c owner.txt
tpm2_evictcontrol -c owner.txt $PRIMARY

# EC parameters to TPM2 blob:
tpm2_import -C $PRIMARY -G ecc -i ecc.pem -u tpm2.pub -r tpm2.priv

# TPM2 blob to ASN.1:
tpm2_encodeobject -C $PRIMARY -u tpm2.pub -r tpm2.priv -o tpm2.pem
openssl asn1parse -inform pem -in tpm2.pem -noout -out tpm2.der

# Populate asymmetric keys:
tpm2_ecc_key=$(keyctl padd asymmetric "tpm_ecc" @u < tpm2.der)
kernel_ecc_key=$(keyctl padd asymmetric "kernel_ecc" @u < ecc_pkcs8.der)

echo "SECRET" > doc.txt

echo TPM2 ECC SIGN
keyctl pkey_sign "$tpm2_ecc_key" 0 doc.txt hash=sha256 > doc.txt.sig

echo TPM2 VERIFY
keyctl pkey_verify "$kernel_ecc_key" 0 doc.txt doc.txt.sig hash=sha256

BR, Jarkko

next prev parent reply	other threads:[~2024-11-18  7:56 UTC|newest]

Thread overview: 53+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-09-10 14:30 [PATCH v2 00/19] Migrate to sig_alg and templatize ecdsa Lukas Wunner
2024-09-10 14:30 ` [PATCH v2 01/19] crypto: ecdsa - Drop unused test vector elements Lukas Wunner
2024-09-10 18:49   ` Stefan Berger
2024-09-11 11:52   ` Jarkko Sakkinen
2024-09-12  7:59     ` Lukas Wunner
2024-09-10 14:30 ` [PATCH v2 02/19] crypto: sig - Introduce sig_alg backend Lukas Wunner
2024-09-11 12:12   ` Jarkko Sakkinen
2024-09-12  7:54     ` Lukas Wunner
2024-09-12 14:19       ` Jarkko Sakkinen
2024-09-12 15:27         ` Lukas Wunner
2024-09-12 17:14           ` Jarkko Sakkinen
2024-11-18  7:56           ` Jarkko Sakkinen [this message]
2024-09-13 18:40   ` Jonathan Cameron
2024-09-10 14:30 ` [PATCH v2 03/19] crypto: ecdsa - Migrate to " Lukas Wunner
2024-09-10 14:30 ` [PATCH v2 04/19] crypto: ecrdsa " Lukas Wunner
2024-09-11 12:49   ` Jarkko Sakkinen
2024-09-12  8:05     ` Lukas Wunner
2024-09-12 14:20       ` Jarkko Sakkinen
2024-09-10 14:30 ` [PATCH v2 05/19] crypto: rsa-pkcs1pad - Deduplicate set_{pub,priv}_key callbacks Lukas Wunner
2024-09-10 19:03   ` Stefan Berger
2024-09-11 12:54   ` Jarkko Sakkinen
2024-09-10 14:30 ` [PATCH v2 06/19] crypto: rsassa-pkcs1 - Migrate to sig_alg backend Lukas Wunner
2024-09-11 12:56   ` Jarkko Sakkinen
2024-10-21 16:08   ` Klara Modin
2024-10-21 19:02     ` Lukas Wunner
2024-10-22 10:15       ` Klara Modin
2024-10-23 10:19       ` Klara Modin
2024-10-25  7:17         ` Lukas Wunner
2024-10-25 16:50           ` Eric Biggers
2024-10-26  9:40           ` Klara Modin
2024-10-28 11:45           ` Klara Modin
2024-09-10 14:30 ` [PATCH v2 07/19] crypto: rsassa-pkcs1 - Harden digest length verification Lukas Wunner
2024-09-11 12:58   ` Jarkko Sakkinen
2024-09-10 14:30 ` [PATCH v2 08/19] crypto: rsassa-pkcs1 - Avoid copying hash prefix Lukas Wunner
2024-09-11 13:00   ` Jarkko Sakkinen
2024-09-10 14:30 ` [PATCH v2 09/19] crypto: virtio - Drop sign/verify operations Lukas Wunner
2024-09-10 14:30 ` [PATCH v2 10/19] crypto: drivers " Lukas Wunner
2024-09-10 14:30 ` [PATCH v2 11/19] crypto: akcipher " Lukas Wunner
2024-09-10 14:30 ` [PATCH v2 12/19] crypto: sig - Move crypto_sig_*() API calls to include file Lukas Wunner
2024-09-10 19:24   ` Stefan Berger
2024-09-10 14:30 ` [PATCH v2 13/19] ASN.1: Clean up include statements in public headers Lukas Wunner
2024-09-10 14:30 ` [PATCH v2 14/19] crypto: ecdsa - Avoid signed integer overflow on signature decoding Lukas Wunner
2024-09-10 14:30 ` [PATCH v2 15/19] crypto: ecdsa - Move X9.62 signature decoding into template Lukas Wunner
2024-09-10 20:46   ` Stefan Berger
2024-09-10 14:30 ` [PATCH v2 16/19] crypto: sig - Rename crypto_sig_maxsize() to crypto_sig_keysize() Lukas Wunner
2024-09-11 13:02   ` Jarkko Sakkinen
2024-09-12  8:12     ` Lukas Wunner
2024-09-10 14:30 ` [PATCH v2 17/19] crypto: ecdsa - Move X9.62 signature size calculation into template Lukas Wunner
2024-09-10 14:30 ` [PATCH v2 18/19] crypto: ecdsa - Support P1363 signature decoding Lukas Wunner
2024-09-10 21:46   ` Stefan Berger
2024-09-10 14:30 ` [PATCH v2 19/19] crypto: ecrdsa - Fix signature size calculation Lukas Wunner
2024-10-01  9:17 ` [PATCH v2 00/19] Migrate to sig_alg and templatize ecdsa Lukas Wunner
2024-10-05  5:27 ` Herbert Xu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=D5P575JLB4XC.3EYK7NN905Z5Z@kernel.org \
    --to=jarkko@kernel.org \
    --cc=Jonathan.Cameron@huawei.com \
    --cc=andrew.zaborowski@intel.com \
    --cc=davem@davemloft.net \
    --cc=denkenz@gmail.com \
    --cc=dhowells@redhat.com \
    --cc=ebiggers@google.com \
    --cc=herbert@gondor.apana.org.au \
    --cc=ignat@cloudflare.com \
    --cc=kabel@kernel.org \
    --cc=keyrings@vger.kernel.org \
    --cc=linux-crypto@vger.kernel.org \
    --cc=lukas@wunner.de \
    --cc=saulo.alessandre@tse.jus.br \
    --cc=smueller@chronox.de \
    --cc=stefanb@linux.ibm.com \
    --cc=tstruk@gigaio.com \
    --cc=varadgautam@google.com \
    --cc=vt@altlinux.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).