[PATCH v2] KEYS: trusted: Use ASN.1 encoded OID
Jarkko Sakkinen
jarkko at kernel.org
Thu May 23 13:57:53 UTC 2024
On Thu May 23, 2024 at 4:41 PM EEST, Ben Boeckel wrote:
> On Thu, May 23, 2024 at 16:23:37 +0300, Jarkko Sakkinen wrote:
> > There's no reason to encode OID_TPMSealedData at run-time, as it never
> > changes.
> >
> > Replace it with the encoded version, which has exactly the same size:
> >
> > 67 81 05 0A 01 05
>
> Is it the same size? It looks considerably smaller to me (6*4 bytes
> versus 8 bytes).
Not in that sense but in practice the old array stored byte values.
Forgot for that reason that it was actually u32 array.
I can change it to "same number of elements".
>
> > Include OBJECT IDENTIFIER (0x06) tag and length as the epilogue so that
> > the OID can be simply copied to the blob.
>
> An "epilogue" occurs at the end, but it seems to be at the beginning
> here (that would be a "prologue").
Yup, typo.
> > -static u32 tpm2key_oid[] = { 2, 23, 133, 10, 1, 5 };
> > +/* Encoded OID_TPMSealedData. */
> > +static u8 OID_TPMSealedData_ASN1[] = {0x06, 0x06, 0x67, 0x81, 0x05, 0x0a, 0x01, 0x05};
>
> I'd say that a comment of what it encodes would be good to have for
> context, but the source tree has `OID_TPMSealedData` in a header with
> the value in a comment there, so that seems good enough to me.
OK. I named it this way to promote generation these from CSV file
(see my other response to James).
>
> > as it never changes.
>
> Should it, perhaps be `const` too?
Yup.
>
> --Ben
Thanks for the remarks!
BR, Jarkko
More information about the Linux-security-module-archive
mailing list