search

tpm2-software / tpm2-tss-engine

OpenSSL Engine for TPM2 devices
https://tpm2-software.github.io
BSD 3-Clause "New" or "Revised" License
149 stars 100 forks source link

TSSPRIVKEY structure specification? #85

Closed mpeylo closed 5 years ago

mpeylo commented 5 years ago

Hi,

Just for my general understanding: I was wondering whether the ASN.1 structure of TSSPRIVKEY (TSS2 PRIVATE KEY) and OID_loadableKey 2.23.133.10.1.3 is somewhere formally specified outside of this project. I cannot find anything about that.

Cheers, Martin

AndreasFuchsTPM commented 5 years ago

Please see this email thread: https://lists.01.org/pipermail/tpm2/2018-October/000868.html and this issue: https://github.com/tpm2-software/tpm2-tss-engine/issues/11 With mostly taking over the format from IBM from here https://mta.openssl.org/pipermail/openssl-dev/2016-December/008936.html

mpeylo commented 5 years ago

Thank you for the fast reply.

I checked the code by James Bottomley, version 2.2.0. It appears that the ASN.1 is compatible with the "newer form of the key file" there - while that adds "policy" and "secrets" as EXT_OPT [1] and [2] respectively.

So I conclude that the file format can be expected to be somewhat stable and it'll survive any engine updates in the foreseeable future. 👍

Might there be any value from having a Wireshark dissector for the PEM formatted TSS files (respectively if that's for any reason on the wire)? I wouldn't do it immediately, but it's not a big effort, so I might get to that in the near future.

AndreasFuchsTPM commented 5 years ago

Yep, and thanks for the feedback as well. I guess it would be highly valuable. Love to see it. I'll close the issue though on here, but keep using it for any questions around this.