f221974525
Modify the TPM2 key format blob output to export and import in the ASN.1 form for TPM2 sealed object keys. For compatibility with prior trusted keys, the importer will also accept two TPM2B quantities representing the public and private parts of the key. However, the export via keyctl pipe will only output the ASN.1 format. The benefit of the ASN.1 format is that it's a standard and thus the exported key can be used by userspace tools (openssl_tpm2_engine, openconnect and tpm2-tss-engine). The format includes policy specifications, thus it gets us out of having to construct policy handles in userspace and the format includes the parent meaning you don't have to keep passing it in each time. This patch only implements basic handling for the ASN.1 format, so keys with passwords but no policy. Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com> Tested-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
12 lines
266 B
Groff
12 lines
266 B
Groff
---
|
|
--- ASN.1 for TPM 2.0 keys
|
|
---
|
|
|
|
TPMKey ::= SEQUENCE {
|
|
type OBJECT IDENTIFIER ({tpm2_key_type}),
|
|
emptyAuth [0] EXPLICIT BOOLEAN OPTIONAL,
|
|
parent INTEGER ({tpm2_key_parent}),
|
|
pubkey OCTET STRING ({tpm2_key_pub}),
|
|
privkey OCTET STRING ({tpm2_key_priv})
|
|
}
|