[PATCH RESEND] KEYS: trusted: Use ASN.1 encoded OID

Jarkko Sakkinen jarkko at kernel.org
Thu May 23 17:03:03 UTC 2024


On Thu May 23, 2024 at 6:55 PM EEST, Jarkko Sakkinen wrote:
> I was already considering do we need the encoder at all but I think
> for dynamic assets like octect strings and variable size integers
> it has its place. Obviously is not very mature at this point.

Also, I've been opening up discussion of opt-in and *experimental*
ASN1_RUST feature.

I think it is inevident that it needs to be done at some point because
for ASN.1 like format this would have benefits, and also given that it
used to process security sensitive data.

So metrics for this would something along the lines:

- Depending on ASN1_RUST setting, the C API's would be implemented
  either C or Rust.
- OID database could be shared from C-side to Rust simply with
  bindgen.
- C API should be streamline and matured a bit to cover mostly
  dynamic assets (integers, octect strings and such). Since the
  number of call sites is small improving should be easy.
- After tpm2_key_rsa is landed as it is now as per how buffer
  processing goes it can be brought to use encoder.
- I'd consider have just a single ASN1 flag instead of a separate
  ASN1_ENCODER flag. It simplifies thing and is not significant
  cost for vmlinux size so not worth it IMHO.

As for sending patches for e.g. improving OID database, I'd like to
land the current tpm2_key_rsa first because then in possible OID
series that can be also applied to it (and encoder). It does stuff
that affects all this work. And as said we need also tpm2_key_ecdsa.

Right, there's also

https://datatracker.ietf.org/doc/draft-woodhouse-cert-best-practice/

I checked from David that this TPM2 asymmetric key work is relevant
for this spec although I readily know some applications for it, and 
he acknowledged that. I should probably link that to the next
version.

Asymmetric keys essentially make TPM2 a peer in x.509 ecosystem,
which has bunch of especially enterprise and data center type
of use cases.

I guess this summarizes the big picture. I've been messing around
mailing lists and developed these thoughts but this along the
lines how I see big picture, including integration to the Rust
ecosystem (in non-intrusive way).

But yeah, tpm2_key_rsa needs to be the first step.

I don't have an employer for kernel development at the moment (probably
at some point I do, my contract researcher sabbatical ends at end of
Sep) no money to come to the plumbers to discuss about all this at the
boot-time security mc so I need to spam my input for that I guess ;-)

BR, Jarkko



More information about the Linux-security-module-archive mailing list