Re: [PATCH v2] KEYS: trusted: Use ASN.1 encoded OID

[Jarkko Sakkinen]

On Thu May 23, 2024 at 4:41 PM EEST, Ben Boeckel wrote:
> On Thu, May 23, 2024 at 16:23:37 +0300, Jarkko Sakkinen wrote:
> > There's no reason to encode OID_TPMSealedData at run-time, as it never
> > changes.
> > 
> > Replace it with the encoded version, which has exactly the same size:
> > 
> > 	67 81 05 0A 01 05
>
> Is it the same size? It looks considerably smaller to me (6*4 bytes
> versus 8 bytes).

Not in that sense but in practice the old array stored byte values.
Forgot for that reason that it was actually u32 array.

I can change it to "same number of elements".

>
> > Include OBJECT IDENTIFIER (0x06) tag and length as the epilogue so that
> > the OID can be simply copied to the blob.
>
> An "epilogue" occurs at the end, but it seems to be at the beginning
> here (that would be a "prologue").

Yup, typo.

> > -static u32 tpm2key_oid[] = { 2, 23, 133, 10, 1, 5 };
> > +/* Encoded OID_TPMSealedData. */
> > +static u8 OID_TPMSealedData_ASN1[] = {0x06, 0x06, 0x67, 0x81, 0x05, 0x0a, 0x01, 0x05};
>
> I'd say that a comment of what it encodes would be good to have for
> context, but the source tree has `OID_TPMSealedData` in a header with
> the value in a comment there, so that seems good enough to me.

OK. I named it this way to promote generation these from CSV file 
(see my other response to James).


>
> > as it never changes.
>
> Should it, perhaps be `const` too?

Yup.

>
> --Ben

Thanks for the remarks!

BR, Jarkko