Re: [PATCH v2] KEYS: trusted: Use ASN.1 encoded OID

From: Jarkko Sakkinen
Date: Thu May 23 2024 - 10:01:12 EST

Next message: Jarkko Sakkinen: "Re: [PATCH v2] KEYS: trusted: Use ASN.1 encoded OID"
Previous message: syzbot: "[syzbot] [bcachefs?] UBSAN: shift-out-of-bounds in bch2_btree_node_read_done"
In reply to: David Howells: "Re: [PATCH v2] KEYS: trusted: Use ASN.1 encoded OID"
Next in thread: David Howells: "Re: [PATCH v2] KEYS: trusted: Use ASN.1 encoded OID"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu May 23, 2024 at 4:36 PM EEST, David Howells wrote:
> Jarkko Sakkinen <jarkko@xxxxxxxxxx> wrote:
>
> > There's no reason to encode OID_TPMSealedData at run-time, as it never
> > changes.
> >
> > Replace it with the encoded version, which has exactly the same size:
> >
> > 67 81 05 0A 01 05
> >
> > Include OBJECT IDENTIFIER (0x06) tag and length as the epilogue so that
> > the OID can be simply copied to the blob.
>
> This seems reasonable. We have a limited set of OIDs we can generate
> (currently 1). Better to store the BER-encoded form and copy that in rather
> than trying to turn a pretty-printed OID into the BER encoding unless we
> absolutely have to.

Yup, I crafted a plan in response to James about possibility to generate
all from a CSV file (oid_registry.gen.[sh] and oid_registry.h incldues
oid_registry.gen.h for compat).

No bandwidth to work in it, but happy to review it.

>
> David

BR, Jarkko

Next message: Jarkko Sakkinen: "Re: [PATCH v2] KEYS: trusted: Use ASN.1 encoded OID"
Previous message: syzbot: "[syzbot] [bcachefs?] UBSAN: shift-out-of-bounds in bch2_btree_node_read_done"
In reply to: David Howells: "Re: [PATCH v2] KEYS: trusted: Use ASN.1 encoded OID"
Next in thread: David Howells: "Re: [PATCH v2] KEYS: trusted: Use ASN.1 encoded OID"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]