From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.0 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, USER_AGENT_SANE_2 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9CC16C43603 for ; Mon, 9 Dec 2019 22:43:32 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 3CDBC206E0 for ; Mon, 9 Dec 2019 22:43:32 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=hansenpartnership.com header.i=@hansenpartnership.com header.b="ejhSM5hA"; dkim=fail reason="signature verification failed" (1024-bit key) header.d=hansenpartnership.com header.i=@hansenpartnership.com header.b="pEXx5gL4" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726366AbfLIWnc (ORCPT ); Mon, 9 Dec 2019 17:43:32 -0500 Received: from bedivere.hansenpartnership.com ([66.63.167.143]:36022 "EHLO bedivere.hansenpartnership.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726207AbfLIWnb (ORCPT ); Mon, 9 Dec 2019 17:43:31 -0500 Received: from localhost (localhost [127.0.0.1]) by bedivere.hansenpartnership.com (Postfix) with ESMTP id 011AB8EE112; Mon, 9 Dec 2019 14:43:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=hansenpartnership.com; s=20151216; t=1575931411; bh=tI86EOiTxTwFYLwOcFaF7VRk0cDONI7QpU9xwxLbrkQ=; h=Subject:From:To:Cc:Date:In-Reply-To:References:From; b=ejhSM5hAFH8j6FZfjva+MYz3GZoo5Z4BOZMxXPsidcA+60gCdws0p43YVkZjI5LgK z5TA4lqDK+syZjAEe4+XfZ/zwdtqG0Cgi4p9OH34U7TTabb3QDtFWTYvZWp2EPJ1OR 9h3DL/3pG3BFsBedaFhecLD10Y14cy5snfbUS+gc= Received: from bedivere.hansenpartnership.com ([127.0.0.1]) by localhost (bedivere.hansenpartnership.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5Ng0Oy8grPlk; Mon, 9 Dec 2019 14:43:30 -0800 (PST) Received: from jarvis.lan (unknown [50.35.76.230]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by bedivere.hansenpartnership.com (Postfix) with ESMTPSA id C5D128EE0FC; Mon, 9 Dec 2019 14:43:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=hansenpartnership.com; s=20151216; t=1575931410; bh=tI86EOiTxTwFYLwOcFaF7VRk0cDONI7QpU9xwxLbrkQ=; h=Subject:From:To:Cc:Date:In-Reply-To:References:From; b=pEXx5gL44K2Bx2aPlI/vvIOGIj0YQcdNR/xFnt0CFkzMe+Canmi/dIVJWj0Vxfv/R 2hTSmtMX9xvxJI2ZYGl4V+08rI0RklrnjwWBG6VC4BDYyJaZHs1KEM3mPHyJhzUWzZ AMRAWx1TSq7LWVgLzO/wn1D8Sqf3hlQVewp+UdRs= Message-ID: <1575931408.31378.37.camel@HansenPartnership.com> Subject: Re: [PATCH 2/8] lib: add asn.1 encoder From: James Bottomley To: Matthew Garrett Cc: linux-integrity , Mimi Zohar , Jarkko Sakkinen Date: Mon, 09 Dec 2019 14:43:28 -0800 In-Reply-To: References: <1575781600.14069.8.camel@HansenPartnership.com> <1575781706.14069.10.camel@HansenPartnership.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.26.6 Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org On Mon, 2019-12-09 at 14:05 -0800, Matthew Garrett wrote: > On Sat, Dec 7, 2019 at 9:08 PM James Bottomley > wrote: > > > > We have a need in the TPM trusted keys to return the ASN.1 form of > > the TPM key blob so it can be operated on by tools outside of the > > kernel. To do that, we have to be able to read and write the key > > format. The current ASN.1 decoder does fine for reading, but we > > need pieces of an ASN.1 encoder to return the key blob. > > Is there a reason the kernel needs to do this encoding, rather than > having something in userland do the translation? Well, yes, we'd have to define a format to pass up first and then you'd always need an encoder programme to do it. Given it's fairly simple to encode the key format, doing it directly in ASN.1 ... especially as we already read ASN.1 keys, seems to be the best for the user. James