[PATCH v2] KEYS: trusted: Use ASN.1 encoded OID

Ben Boeckel me at benboeckel.net
Thu May 23 13:41:03 UTC 2024


On Thu, May 23, 2024 at 16:23:37 +0300, Jarkko Sakkinen wrote:
> There's no reason to encode OID_TPMSealedData at run-time, as it never
> changes.
> 
> Replace it with the encoded version, which has exactly the same size:
> 
> 	67 81 05 0A 01 05

Is it the same size? It looks considerably smaller to me (6*4 bytes
versus 8 bytes).

> Include OBJECT IDENTIFIER (0x06) tag and length as the epilogue so that
> the OID can be simply copied to the blob.

An "epilogue" occurs at the end, but it seems to be at the beginning
here (that would be a "prologue").

> -static u32 tpm2key_oid[] = { 2, 23, 133, 10, 1, 5 };
> +/* Encoded OID_TPMSealedData. */
> +static u8 OID_TPMSealedData_ASN1[] = {0x06, 0x06, 0x67, 0x81, 0x05, 0x0a, 0x01, 0x05};

I'd say that a comment of what it encodes would be good to have for
context, but the source tree has `OID_TPMSealedData` in a header with
the value in a comment there, so that seems good enough to me.

> as it never changes.

Should it, perhaps be `const` too?

--Ben



More information about the Linux-security-module-archive mailing list