There's no reason to encode OID_TPMSealedData at run-time, as it never
changes.

Replace it with the encoded version, which has exactly the same size:

        67 81 05 0A 01 05

Include OBJECT IDENTIFIER (0x06) tag and length as the epilogue so that
the OID can be simply copied to the blob.

Signed-off-by: Jarkko Sakkinen <jar...@kernel.org>
---
 include/linux/asn1_encoder.h              |  4 -
 lib/asn1_encoder.c                        | 91 -----------------------
 security/keys/trusted-keys/trusted_tpm2.c | 10 ++-
 3 files changed, 7 insertions(+), 98 deletions(-)

diff --git a/include/linux/asn1_encoder.h b/include/linux/asn1_encoder.h
index 08cd0c2ad34f..afeefdfe2525 100644
--- a/include/linux/asn1_encoder.h
+++ b/include/linux/asn1_encoder.h
@@ -8,14 +8,10 @@
 #include <linux/asn1_ber_bytecode.h>
 #include <linux/bug.h>
 
-#define asn1_oid_len(oid) (sizeof(oid)/sizeof(u32))
 unsigned char *
 asn1_encode_integer(unsigned char *data, const unsigned char *end_data,
                    s64 integer);
 unsigned char *
-asn1_encode_oid(unsigned char *data, const unsigned char *end_data,
-               u32 oid[], int oid_len);
-unsigned char *
 asn1_encode_tag(unsigned char *data, const unsigned char *end_data,
                u32 tag, const unsigned char *string, int len);
 unsigned char *
diff --git a/lib/asn1_encoder.c b/lib/asn1_encoder.c
index 0fd3c454a468..c0db3cbebe89 100644
--- a/lib/asn1_encoder.c
+++ b/lib/asn1_encoder.c
@@ -85,97 +85,6 @@ asn1_encode_integer(unsigned char *data, const unsigned char 
*end_data,
 }
 EXPORT_SYMBOL_GPL(asn1_encode_integer);
 
-/* calculate the base 128 digit values setting the top bit of the first octet 
*/
-static int asn1_encode_oid_digit(unsigned char **_data, int *data_len, u32 oid)
-{
-       unsigned char *data = *_data;
-       int start = 7 + 7 + 7 + 7;
-       int ret = 0;
-
-       if (*data_len < 1)
-               return -EINVAL;
-
-       /* quick case */
-       if (oid == 0) {
-               *data++ = 0x80;
-               (*data_len)--;
-               goto out;
-       }
-
-       while (oid >> start == 0)
-               start -= 7;
-
-       while (start > 0 && *data_len > 0) {
-               u8 byte;
-
-               byte = oid >> start;
-               oid = oid - (byte << start);
-               start -= 7;
-               byte |= 0x80;
-               *data++ = byte;
-               (*data_len)--;
-       }
-
-       if (*data_len > 0) {
-               *data++ = oid;
-               (*data_len)--;
-       } else {
-               ret = -EINVAL;
-       }
-
- out:
-       *_data = data;
-       return ret;
-}
-
-/**
- * asn1_encode_oid() - encode an oid to ASN.1
- * @data:      position to begin encoding at
- * @end_data:  end of data pointer, points one beyond last usable byte in @data
- * @oid:       array of oids
- * @oid_len:   length of oid array
- *
- * this encodes an OID up to ASN.1 when presented as an array of OID values
- */
-unsigned char *
-asn1_encode_oid(unsigned char *data, const unsigned char *end_data,
-               u32 oid[], int oid_len)
-{
-       int data_len = end_data - data;
-       unsigned char *d = data + 2;
-       int i, ret;
-
-       if (WARN(oid_len < 2, "OID must have at least two elements"))
-               return ERR_PTR(-EINVAL);
-
-       if (WARN(oid_len > 32, "OID is too large"))
-               return ERR_PTR(-EINVAL);
-
-       if (IS_ERR(data))
-               return data;
-
-
-       /* need at least 3 bytes for tag, length and OID encoding */
-       if (data_len < 3)
-               return ERR_PTR(-EINVAL);
-
-       data[0] = _tag(UNIV, PRIM, OID);
-       *d++ = oid[0] * 40 + oid[1];
-
-       data_len -= 3;
-
-       for (i = 2; i < oid_len; i++) {
-               ret = asn1_encode_oid_digit(&d, &data_len, oid[i]);
-               if (ret < 0)
-                       return ERR_PTR(ret);
-       }
-
-       data[1] = d - data - 2;
-
-       return d;
-}
-EXPORT_SYMBOL_GPL(asn1_encode_oid);
-
 /**
  * asn1_encode_length() - encode a length to follow an ASN.1 tag
  * @data: pointer to encode at
diff --git a/security/keys/trusted-keys/trusted_tpm2.c 
b/security/keys/trusted-keys/trusted_tpm2.c
index 8b7dd73d94c1..dadeed35627c 100644
--- a/security/keys/trusted-keys/trusted_tpm2.c
+++ b/security/keys/trusted-keys/trusted_tpm2.c
@@ -26,7 +26,8 @@ static struct tpm2_hash tpm2_hash_map[] = {
        {HASH_ALGO_SM3_256, TPM_ALG_SM3_256},
 };
 
-static u32 tpm2key_oid[] = { 2, 23, 133, 10, 1, 5 };
+/* Encoded OID_TPMSealedData. */
+static u8 OID_TPMSealedData_ASN1[] = {0x06, 0x06, 0x67, 0x81, 0x05, 0x0a, 0x01 
0x05};
 
 static int tpm2_key_encode(struct trusted_key_payload *payload,
                           struct trusted_key_options *options,
@@ -51,8 +52,8 @@ static int tpm2_key_encode(struct trusted_key_payload 
*payload,
        if (!scratch)
                return -ENOMEM;
 
-       work = asn1_encode_oid(work, end_work, tpm2key_oid,
-                              asn1_oid_len(tpm2key_oid));
+       work = memcpy(work, OID_TPMSealedData_ASN1, 
sizeof(OID_TPMSealedData_ASN1));
+       work += OID_TPMSealedData_ASN1;
 
        if (options->blobauth_len == 0) {
                unsigned char bool[3], *w = bool;
@@ -90,6 +91,9 @@ static int tpm2_key_encode(struct trusted_key_payload 
*payload,
                goto err;
        }
 
+       print_hex_dump(KERN_INFO, "", DUMP_PREFIX_NONE, 16, 1,
+                      payload->blob, work1 - payload->blob, 0);
+
        kfree(scratch);
        return work1 - payload->blob;
 
-- 
2.45.1


Reply via email to