On Thu May 23, 2024 at 4:36 PM EEST, David Howells wrote: > Jarkko Sakkinen <jarkko@xxxxxxxxxx> wrote: > > > There's no reason to encode OID_TPMSealedData at run-time, as it never > > changes. > > > > Replace it with the encoded version, which has exactly the same size: > > > > 67 81 05 0A 01 05 > > > > Include OBJECT IDENTIFIER (0x06) tag and length as the epilogue so that > > the OID can be simply copied to the blob. > > This seems reasonable. We have a limited set of OIDs we can generate > (currently 1). Better to store the BER-encoded form and copy that in rather > than trying to turn a pretty-printed OID into the BER encoding unless we > absolutely have to. Yup, I crafted a plan in response to James about possibility to generate all from a CSV file (oid_registry.gen.[sh] and oid_registry.h incldues oid_registry.gen.h for compat). No bandwidth to work in it, but happy to review it. > > David BR, Jarkko
