Received: by 2002:ab2:7855:0:b0:1f9:5764:f03e with SMTP id m21csp1024842lqp; Thu, 23 May 2024 07:07:21 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVe0mF2wRA4ctFvak+tMkbX4Tsm0KUSSQs2YZJ2FWykuzjT+reFR32J28h2/3haCWcbdYwtib76r/JAUs5fpq8lp+f4cS/mQKoeI5u+uQ== X-Google-Smtp-Source: AGHT+IEZJpv6g239G9UF8ipiSIM9bB5SEtdKNtDaTDsi8z4+J5oFS99HvrNA5qGGpMZk6aFyMGY2 X-Received: by 2002:a05:6a21:2708:b0:1b0:259e:c8e0 with SMTP id adf61e73a8af0-1b1f8a8d7c2mr4618777637.59.1716473241274; Thu, 23 May 2024 07:07:21 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1716473241; cv=pass; d=google.com; s=arc-20160816; b=JStxmZfBJjX0nh9iwE4gOCG3LCZMyjzHzcZZRrgNJz7DxQbk2a7Oz673RC197DO5iz 6jPRsrc93cIvp1ROEvq41cPThLppH1IXmekV2JLYaCuNpw1LEe4E6G6VzMfzLuJdp0x0 G01BttwQ8FkW/Bkhigsr9MFOE4V8KZkdqsak9eDQ2lj4P8K4PgwpXT9d5e3fR8SMvjPr nbWYKXpPpJ3lZ7pb/K9rw1DcUHw5AviEj2omJBxwW3MP1IP7oFdWhc4Mw+a8bjAFt6+i S84gtJgcO4Z88PINYbTXPuA5uEStuLjpdYxSBNLL6gznpSoV/re1k6O62rAXzIcw0iTj kFTw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:references:cc:to:from:subject:message-id:date :content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:dkim-signature; bh=mh4lgHURt5hxSTaT8yvriesymyGqoLkTmFEST3IH+ZQ=; fh=Gqo6XPvI8PtVvH1fOvfMFe387sMIuokEHWSI58pG2/c=; b=JlBZRTOalwgiruPUWalw5RpVgTCPlvCTJMCvg1hZqkNFBmeWz0pOnMN18BfOmdwLcF n8KvrrrYH8RHPn7bVWc7+RGTNBWqoFnP+zJXX/2SUq62H7M48F7LYS+FF9/EnVXKuuug FWx8uqUvE5rTFopePtcguPwxE+tTq84EAuQK+JFsRTgG4T8ZQRi91AzWGNKLwo2/ffHi W2VeLxZfWs679sxRa3tPVIL3QC3/pozzGvqF2seUTSX1UEb+aK3Wp9TNDh76uKOpWU9f qcWN0NGBDj+jTGXJoWlzA/Serof+XOTDzdg/wbaTI4nJv0YPJQWUcaCPLeDwXW7i05YU AWpg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=psZsFl9w; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-crypto+bounces-4356-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-crypto+bounces-4356-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id 41be03b00d2f7-66586e6a9efsi9328359a12.747.2024.05.23.07.07.20 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 May 2024 07:07:21 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto+bounces-4356-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=psZsFl9w; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-crypto+bounces-4356-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-crypto+bounces-4356-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 02843B23BBC for ; Thu, 23 May 2024 14:01:09 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 93F3514B941; Thu, 23 May 2024 14:00:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="psZsFl9w" X-Original-To: linux-crypto@vger.kernel.org Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 38CD61DFCF; Thu, 23 May 2024 14:00:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716472844; cv=none; b=ZhbSODWC0KNddp8uOZv9uQcG/DBcMCpG1JgHh71l5j46UqAyMzBHGZ/Eqy174lvrU6FUVRXfBsYKJ8498GyJhtnB3tz/R6/fkMQBzfELRf9i6aTrfw7/bIxadBzQbO9TVV5g5eHVfUtS4bOp/WEbTbUm8NLtLcHiBJcHVMhQZ+I= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716472844; c=relaxed/simple; bh=g2wrvqWke5gA9/lbD8RQMqZzkfJoHpqwiVs/RmRTzr4=; h=Mime-Version:Content-Type:Date:Message-Id:Subject:From:To:Cc: References:In-Reply-To; b=Py/3aPm+QCI+TRVf6+jkYIthvxPM9uS9Zd4HVLQMS7e9SesFpdfVFW/9731T2nn6cje4aJFfenTRLtXvkxLqvdAeX9BpjrzbhxzCs1j15sXr6hlfoDZAgafk/VWmBi7tvMmX5QN6/87LtZIZ45m8j/jlejExubkv/YCHIU9UazU= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=psZsFl9w; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id CA831C32781; Thu, 23 May 2024 14:00:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1716472844; bh=g2wrvqWke5gA9/lbD8RQMqZzkfJoHpqwiVs/RmRTzr4=; h=Date:Subject:From:To:Cc:References:In-Reply-To:From; b=psZsFl9woJqpNRxeB6ga91wgwUKA43qJkrtIjMRwJsuxhuCWHvATheNyRKZRQq+Mw 5QEoeK04FHgTX3ttw14Wfz/UP8lQ9BTqUDc8V1vco7aSjTLonN4Hpe9G7AUevLTWJo vkz59hM96LssCBwtL30vX2WxL+UqjSEz/lh7M1TKwvdvqd4hKaYQzPsJTVHI6Qsx3z P2gRxAH0DSw1+w6I0Ib8KDRHP17KgOYbhTOEoQMDRTmbiOaJN26cgrOiMb14vonUV+ 2ZZK6vyxa+XgQBY3ARIFiXjY13c7PFkz7W07F0Tu8wuT1/8nrVrfTNfWCtgJawwuKh w2Pi9qHYwnvuA== Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 Date: Thu, 23 May 2024 17:00:38 +0300 Message-Id: Subject: Re: [PATCH v2] KEYS: trusted: Use ASN.1 encoded OID From: "Jarkko Sakkinen" To: "David Howells" Cc: , , "David Woodhouse" , "Eric Biggers" , "James Bottomley" , "Herbert Xu" , "David S. Miller" , "Andrew Morton" , "Mimi Zohar" , "Paul Moore" , "James Morris" , "Serge E. Hallyn" , "open list:CRYPTO API" , "open list" , "open list:SECURITY SUBSYSTEM" X-Mailer: aerc 0.17.0 References: <20240523132341.32092-1-jarkko@kernel.org> <575953.1716471389@warthog.procyon.org.uk> In-Reply-To: <575953.1716471389@warthog.procyon.org.uk> On Thu May 23, 2024 at 4:36 PM EEST, David Howells wrote: > Jarkko Sakkinen wrote: > > > There's no reason to encode OID_TPMSealedData at run-time, as it never > > changes. > >=20 > > Replace it with the encoded version, which has exactly the same size: > >=20 > > 67 81 05 0A 01 05 > >=20 > > Include OBJECT IDENTIFIER (0x06) tag and length as the epilogue so that > > the OID can be simply copied to the blob. > > This seems reasonable. We have a limited set of OIDs we can generate > (currently 1). Better to store the BER-encoded form and copy that in rat= her > than trying to turn a pretty-printed OID into the BER encoding unless we > absolutely have to. Yup, I crafted a plan in response to James about possibility to generate all from a CSV file (oid_registry.gen.[sh] and oid_registry.h incldues oid_registry.gen.h for compat).=20 No bandwidth to work in it, but happy to review it. > > David BR, Jarkko