Re: [PATCH v2] KEYS: trusted: Use ASN.1 encoded OID

From: Ben Boeckel
Date: Thu May 23 2024 - 09:41:19 EST

Next message: Robin Murphy: "Re: [RFC PATCH] iommu: Optimize IOMMU UnMap"
Previous message: Wentong Wu: "[PATCH v2] mei: vsc: Don't stop/restart mei device during system suspend/resume"
In reply to: Jarkko Sakkinen: "Re: [PATCH v2] KEYS: trusted: Use ASN.1 encoded OID"
Next in thread: Jarkko Sakkinen: "Re: [PATCH v2] KEYS: trusted: Use ASN.1 encoded OID"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, May 23, 2024 at 16:23:37 +0300, Jarkko Sakkinen wrote:
> There's no reason to encode OID_TPMSealedData at run-time, as it never
> changes.
>
> Replace it with the encoded version, which has exactly the same size:
>
> 67 81 05 0A 01 05

Is it the same size? It looks considerably smaller to me (6*4 bytes
versus 8 bytes).

> Include OBJECT IDENTIFIER (0x06) tag and length as the epilogue so that
> the OID can be simply copied to the blob.

An "epilogue" occurs at the end, but it seems to be at the beginning
here (that would be a "prologue").

> -static u32 tpm2key_oid[] = { 2, 23, 133, 10, 1, 5 };
> +/* Encoded OID_TPMSealedData. */
> +static u8 OID_TPMSealedData_ASN1[] = {0x06, 0x06, 0x67, 0x81, 0x05, 0x0a, 0x01, 0x05};

I'd say that a comment of what it encodes would be good to have for
context, but the source tree has `OID_TPMSealedData` in a header with
the value in a comment there, so that seems good enough to me.

> as it never changes.

Should it, perhaps be `const` too?

--Ben

Next message: Robin Murphy: "Re: [RFC PATCH] iommu: Optimize IOMMU UnMap"
Previous message: Wentong Wu: "[PATCH v2] mei: vsc: Don't stop/restart mei device during system suspend/resume"
In reply to: Jarkko Sakkinen: "Re: [PATCH v2] KEYS: trusted: Use ASN.1 encoded OID"
Next in thread: Jarkko Sakkinen: "Re: [PATCH v2] KEYS: trusted: Use ASN.1 encoded OID"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]