On Sun, Sep 14, 2025 at 11:24:24PM -0400, James Bottomley wrote: > On Sun, 2025-09-14 at 19:08 +0300, Jarkko Sakkinen wrote: > > Hi, > > > > In practice, while implementing tpm2sh and its self-contained TPM > > emulator called "MockTPM", I've noticed that 'tpm2key.asn1.' has a > > major bottleneck, but luckily it is easy to squash. > > > > Parent handle should never be persisted, as it defies the existential > > reason of having a file format in the first place. > > Actually, if you read the spec:it describes how to handle non- > persistent parents by defining the exact form of the P256 parent you > derive from the permanent handle in section 3.1.8: > > https://www.hansenpartnership.com/draft-bottomley-tpm2-keys.html > > This is the way all the implementations (well except the kernel, but > that's fixable) do it.
Even if you fix it to persistent handle, the problem does not go magically go away. Read public attributes are ubiquitos and cryptographically correct way to do the binding. > > > To address this issue I just added couple of optional fields to > > TPMKey: > > > > parentName [6] EXPLICIT OCTET STRING OPTIONAL, > > parentPubkey [7] EXPLICIT OCTET STRING OPTIONAL > > So that's a bit redundant, since if you know the key, you know its > name. What I know is irrelevant here :-) > > > By persisting this information TPM2_GetCapability + TPM2_ReadPublic > > can be used to acquire an appropriate handle. > > It can, how? If the parent is a primary, you can't insert it from a > public key, you have to derive it and if it's non-primary, you need its > parent to do the insertion. Transient handle is like file handle and persistent handle is like inode number. Neither unambigiuously (and this is dead obvious) does not identify any possible key. Further by binding key correctly, the requirement of being persistent key goes away, which is a limiting factor. > > > I'd highly recommend to add this quirk to anything that processes > > this ASN.1 format. > > Well, patches to the standard are accepted: > > https://groups.io/g/openssl-tpm2-engine/topics > > But first verify you don't simply need to use the non-persistent > format. > > Regards, > > James > > > BR, Jarkko
