[2/3] KEYS: trusted: use encode_OID for OID encoding

Message ID	20240524125955.20739-3-James.Bottomley@HansenPartnership.com (mailing list archive)
State	New, archived
Headers	show Received: from bedivere.hansenpartnership.com (bedivere.hansenpartnership.com [96.44.175.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A00BC126F14; Fri, 24 May 2024 13:01:30 +0000 (UTC) From: James Bottomley <James.Bottomley@HansenPartnership.com> To: linux-integrity@vger.kernel.org Cc: Jarkko Sakkinen <jarkko@kernel.org>, keyrings@vger.kernel.org, David Howells <dhowells@redhat.com> Subject: [PATCH 2/3] KEYS: trusted: use encode_OID for OID encoding Date: Fri, 24 May 2024 08:59:54 -0400 Message-Id: <20240524125955.20739-3-James.Bottomley@HansenPartnership.com> In-Reply-To: <20240524125955.20739-1-James.Bottomley@HansenPartnership.com> References: <20240524125955.20739-1-James.Bottomley@HansenPartnership.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	replace asn1_encode_oid with encode_OID \| expand [0/3] replace asn1_encode_oid with encode_OID [1/3] lib/oid_registry: add ability to ASN.1 encode OIDs [2/3] KEYS: trusted: use encode_OID for OID encoding [3/3] lib: asn1_encode: remove obsolete asn1_encode_oid

Message ID

20240524125955.20739-3-James.Bottomley@HansenPartnership.com (mailing list archive)

State

New, archived

Headers

From: James Bottomley <James.Bottomley@HansenPartnership.com>
To: linux-integrity@vger.kernel.org
Cc: Jarkko Sakkinen <jarkko@kernel.org>,
	keyrings@vger.kernel.org,
	David Howells <dhowells@redhat.com>
Subject: [PATCH 2/3] KEYS: trusted: use encode_OID for OID encoding
Date: Fri, 24 May 2024 08:59:54 -0400
Message-Id: <20240524125955.20739-3-James.Bottomley@HansenPartnership.com>
In-Reply-To: <20240524125955.20739-1-James.Bottomley@HansenPartnership.com>
References: <20240524125955.20739-1-James.Bottomley@HansenPartnership.com>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

replace asn1_encode_oid with encode_OID | expand

Commit Message

James Bottomley May 24, 2024, 12:59 p.m. UTC

The new routine takes the OID enum instead of needing the u32 OID
array explicitly which reduces duplication and the potential for
mistakes.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
---
 security/keys/trusted-keys/trusted_tpm2.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

Comments

Jarkko Sakkinen May 24, 2024, 1:35 p.m. UTC | #1

On Fri May 24, 2024 at 3:59 PM EEST, James Bottomley wrote:
> The new routine takes the OID enum instead of needing the u32 OID
> array explicitly which reduces duplication and the potential for
> mistakes.
>
> Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
> ---
>  security/keys/trusted-keys/trusted_tpm2.c | 9 +++++----
>  1 file changed, 5 insertions(+), 4 deletions(-)
>
> diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c
> index 9c7ac2e423d3..b6f34ff0ca5c 100644
> --- a/security/keys/trusted-keys/trusted_tpm2.c
> +++ b/security/keys/trusted-keys/trusted_tpm2.c
> @@ -19,8 +19,6 @@
>  #include "tpm2key.asn1.h"
>  #include "tpm2-policy.h"
>  
> -static u32 tpm2key_oid[] = { 2, 23, 133, 10, 1, 5 };
> -
>  static int tpm2_key_encode(struct trusted_key_payload *payload,
>  			   struct trusted_key_options *options,
>  			   u8 *src, u32 len)
> @@ -31,6 +29,7 @@ static int tpm2_key_encode(struct trusted_key_payload *payload,
>  	u8 *end_work = scratch + SCRATCH_SIZE;
>  	u8 *priv, *pub;
>  	u16 priv_len, pub_len;
> +	int ret;
>  
>  	priv_len = get_unaligned_be16(src) + 2;
>  	priv = src;
> @@ -43,8 +42,10 @@ static int tpm2_key_encode(struct trusted_key_payload *payload,
>  	if (!scratch)
>  		return -ENOMEM;
>  
> -	work = asn1_encode_oid(work, end_work, tpm2key_oid,
> -			       asn1_oid_len(tpm2key_oid));
> +	ret = encode_OID(OID_TPMSealedData, work, end_work - work);
> +	if (ret < 0)
> +		return ret;
> +	work += ret;
>  
>  	if (options->blobauth_len == 0) {
>  		unsigned char bool[3], *w = bool;

Yupe, it's better this way.

BR, Jarkko

diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c
index 9c7ac2e423d3..b6f34ff0ca5c 100644
--- a/security/keys/trusted-keys/trusted_tpm2.c
+++ b/security/keys/trusted-keys/trusted_tpm2.c
@@ -19,8 +19,6 @@ 
 #include "tpm2key.asn1.h"
 #include "tpm2-policy.h"
 
-static u32 tpm2key_oid[] = { 2, 23, 133, 10, 1, 5 };
-
 static int tpm2_key_encode(struct trusted_key_payload *payload,
 			   struct trusted_key_options *options,
 			   u8 *src, u32 len)
@@ -31,6 +29,7 @@  static int tpm2_key_encode(struct trusted_key_payload *payload,
 	u8 *end_work = scratch + SCRATCH_SIZE;
 	u8 *priv, *pub;
 	u16 priv_len, pub_len;
+	int ret;
 
 	priv_len = get_unaligned_be16(src) + 2;
 	priv = src;
@@ -43,8 +42,10 @@  static int tpm2_key_encode(struct trusted_key_payload *payload,
 	if (!scratch)
 		return -ENOMEM;
 
-	work = asn1_encode_oid(work, end_work, tpm2key_oid,
-			       asn1_oid_len(tpm2key_oid));
+	ret = encode_OID(OID_TPMSealedData, work, end_work - work);
+	if (ret < 0)
+		return ret;
+	work += ret;
 
 	if (options->blobauth_len == 0) {
 		unsigned char bool[3], *w = bool;

[2/3] KEYS: trusted: use encode_OID for OID encoding

Commit Message

Comments

Patch