From patchwork Tue Dec 10 00:06:46 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: James Bottomley <James.Bottomley@HansenPartnership.com>
X-Patchwork-Id: 11281075
Return-Path: <SRS0=SOqD=2A=vger.kernel.org=linux-integrity-owner@kernel.org>
Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org
 [172.30.200.123])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id E1179138C
	for <patchwork-linux-integrity@patchwork.kernel.org>;
 Tue, 10 Dec 2019 00:06:49 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id BF41F2071E
	for <patchwork-linux-integrity@patchwork.kernel.org>;
 Tue, 10 Dec 2019 00:06:49 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=fail reason="signature verification failed" (1024-bit key)
 header.d=hansenpartnership.com header.i=@hansenpartnership.com
 header.b="d4ADc2Ft";
	dkim=fail reason="signature verification failed" (1024-bit key)
 header.d=hansenpartnership.com header.i=@hansenpartnership.com
 header.b="d4ADc2Ft"
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727435AbfLJAGt (ORCPT
        <rfc822;patchwork-linux-integrity@patchwork.kernel.org>);
        Mon, 9 Dec 2019 19:06:49 -0500
Received: from bedivere.hansenpartnership.com ([66.63.167.143]:37938 "EHLO
        bedivere.hansenpartnership.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1726495AbfLJAGs (ORCPT
        <rfc822;linux-integrity@vger.kernel.org>);
        Mon, 9 Dec 2019 19:06:48 -0500
Received: from localhost (localhost [127.0.0.1])
        by bedivere.hansenpartnership.com (Postfix) with ESMTP id D43ED8EE18E;
        Mon,  9 Dec 2019 16:06:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=hansenpartnership.com;
        s=20151216; t=1575936407;
        bh=4FmAxKQz7ECJGSh7N2RP7M0+Pg0ss+HhRBx0TU9I6GY=;
        h=Subject:From:To:Cc:Date:In-Reply-To:References:From;
        b=d4ADc2FtQp6KfDa8rDPIr2ZsQe5uDA1lS8/3PLYFZx7Lt1izohpsDgINhomdal8/q
         mLUzJ1w95A6Untc2yS3TLbmgMOv8JVKcsEA7AcHwRZ2c5GUfDULNfPp0OL2eISGMzp
         I30+rUN07X5cqcFxFvEawf8rU+jtcvYWMB3f0Oc4=
Received: from bedivere.hansenpartnership.com ([127.0.0.1])
        by localhost (bedivere.hansenpartnership.com [127.0.0.1])
 (amavisd-new, port 10024)
        with ESMTP id xyFq5MdwQ-pw; Mon,  9 Dec 2019 16:06:47 -0800 (PST)
Received: from jarvis.lan (unknown [50.35.76.230])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by bedivere.hansenpartnership.com (Postfix) with ESMTPSA id
 4DFFC8EE0FC;
        Mon,  9 Dec 2019 16:06:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=hansenpartnership.com;
        s=20151216; t=1575936407;
        bh=4FmAxKQz7ECJGSh7N2RP7M0+Pg0ss+HhRBx0TU9I6GY=;
        h=Subject:From:To:Cc:Date:In-Reply-To:References:From;
        b=d4ADc2FtQp6KfDa8rDPIr2ZsQe5uDA1lS8/3PLYFZx7Lt1izohpsDgINhomdal8/q
         mLUzJ1w95A6Untc2yS3TLbmgMOv8JVKcsEA7AcHwRZ2c5GUfDULNfPp0OL2eISGMzp
         I30+rUN07X5cqcFxFvEawf8rU+jtcvYWMB3f0Oc4=
Message-ID: <1575936406.31378.53.camel@HansenPartnership.com>
Subject: [PATCH v2 3/8] oid_registry: Add TCG defined OIDS for TPM keys
From: James Bottomley <James.Bottomley@HansenPartnership.com>
To: linux-integrity@vger.kernel.org
Cc: Mimi Zohar <zohar@linux.ibm.com>,
        Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
        David Woodhouse <dwmw2@infradead.org>, keyrings@vger.kernel.org
Date: Mon, 09 Dec 2019 16:06:46 -0800
In-Reply-To: <1575936272.31378.50.camel@HansenPartnership.com>
References: <1575936272.31378.50.camel@HansenPartnership.com>
X-Mailer: Evolution 3.26.6 
Mime-Version: 1.0
Sender: linux-integrity-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-integrity.vger.kernel.org>
X-Mailing-List: linux-integrity@vger.kernel.org

The TCG has defined an OID prefix "2.23.133.10.1" for the various TPM
key uses.  We've defined three of the available numbers:

2.23.133.10.1.3 TPM Loadable key.  This is an asymmetric key (Usually
		RSA2048 or Elliptic Curve) which can be imported by a
		TPM2_Load() operation.

2.23.133.10.1.4 TPM Importable Key.  This is an asymmetric key (Usually
		RSA2048 or Elliptic Curve) which can be imported by a
		TPM2_Import() operation.

Both loadable and importable keys are specific to a given TPM, the
difference is that a loadable key is wrapped with the symmetric
secret, so must have been created by the TPM itself.  An importable
key is wrapped with a DH shared secret, and may be created without
access to the TPM provided you know the public part of the parent key.

2.23.133.10.1.5 TPM Sealed Data.  This is a set of data (up to 128
		bytes) which is sealed by the TPM.  It usually
		represents a symmetric key and must be unsealed before
		use.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
---
 include/linux/oid_registry.h | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/include/linux/oid_registry.h b/include/linux/oid_registry.h
index 657d6bf2c064..a4cee888f9b0 100644
--- a/include/linux/oid_registry.h
+++ b/include/linux/oid_registry.h
@@ -107,6 +107,11 @@ enum OID {
 	OID_gostTC26Sign512B,		/* 1.2.643.7.1.2.1.2.2 */
 	OID_gostTC26Sign512C,		/* 1.2.643.7.1.2.1.2.3 */
 
+	/* TCG defined OIDS for TPM based keys */
+	OID_TPMLoadableKey,		/* 2.23.133.10.1.3 */
+	OID_TPMImporableKey,		/* 2.23.133.10.1.4 */
+	OID_TPMSealedData,		/* 2.23.133.10.1.5 */
+
 	OID__NR
 };