Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for RSA 3072 keys #244

Merged
merged 4 commits into from
May 5, 2020
Merged

Add support for RSA 3072 keys #244

merged 4 commits into from
May 5, 2020

Commits on May 4, 2020

  1. swtpm_setup: Report supported RSA key sizes useful for EK key creation 

    Extend the --print-capabilities option to also report supported RSA
key sizes. Only the TPM 2 may support anything else than 2048 bit RSA
keys, so we only consult 'swtpm socket --tpm2 --print-capabilities'
and grep for 2048 and 3072 key sizes and report them.
If nothing is found, nothing is reported, as before, and 2048 bit RSA
keys should be assumed.

'swtpm_setup --tpm2 --print-capabilities' may now show the following:
{
  "type": "swtpm_setup",
  "features": [
    "cmdarg-keyfile-fd",
    "cmdarg-pwdfile-fd",
    "tpm2-rsa-keysize-2048",
    "tpm2-rsa-keysize-3072"
  ]
}

Also adjust a test case to use a regular expression for matching
against an expected string that may nor may not have rsa-keysize
verbs.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
    @stefanberger
    stefanberger committed May 4, 2020
    Configuration menu
    Copy the full SHA
    9c943b3 View commit details
    Browse the repository at this point in the history

  2. swtpm_setup: Add support for RSA 3072 bit EK keys 

    Extend the creation of the EK key to support also 3072 bits RSA keys.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
    @stefanberger
    stefanberger committed May 4, 2020
    Configuration menu
    Copy the full SHA
    7af93fd View commit details
    Browse the repository at this point in the history

  3. tests: Extend swtpm_setup test cases to also test with RSA 3072 bit keys 

    Extend a few test cases to also test with RSA 3072 bit keys if they
are supported.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
    @stefanberger
    stefanberger committed May 4, 2020
    Configuration menu
    Copy the full SHA
    d5cdc94 View commit details
    Browse the repository at this point in the history

  4. swtpm_setup: Allow to create largest possible EK 

    By passing '--rsa-keysize max' allow to create the largest possible RSA
EK key.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
    @stefanberger
    stefanberger committed May 4, 2020
    Configuration menu
    Copy the full SHA
    d46624f View commit details
    Browse the repository at this point in the history