On Thu, May 23, 2024 at 16:23:37 +0300, Jarkko Sakkinen wrote:
> There's no reason to encode OID_TPMSealedData at run-time, as it never
> changes.
>
> Replace it with the encoded version, which has exactly the same size:
>
> 67 81 05 0A 01 05
Is it the same size? It looks considerably smaller to me (6*4 bytes
versus 8 bytes).
> Include OBJECT IDENTIFIER (0x06) tag and length as the epilogue so that
> the OID can be simply copied to the blob.
An "epilogue" occurs at the end, but it seems to be at the beginning
here (that would be a "prologue").
> -static u32 tpm2key_oid[] = { 2, 23, 133, 10, 1, 5 };
> +/* Encoded OID_TPMSealedData. */
> +static u8 OID_TPMSealedData_ASN1[] = {0x06, 0x06, 0x67, 0x81, 0x05, 0x0a, 0x01, 0x05};
I'd say that a comment of what it encodes would be good to have for
context, but the source tree has `OID_TPMSealedData` in a header with
the value in a comment there, so that seems good enough to me.
> as it never changes.
Should it, perhaps be `const` too?
--Ben
