From: James Bottomley <James.Bottomley@HansenPartnership.com>
To: David Howells <dhowells@redhat.com>
Cc: David Woodhouse <dwmw2@infradead.org>,
linux-integrity@vger.kernel.org, Mimi Zohar <zohar@linux.ibm.com>,
Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
keyrings@vger.kernel.org
Subject: Re: [PATCH v2 2/8] lib: add asn.1 encoder
Date: Fri, 20 Dec 2019 08:06:33 -0800 [thread overview]
Message-ID: <1576857993.3411.3.camel@HansenPartnership.com> (raw)
In-Reply-To: <1576710652.3396.18.camel@HansenPartnership.com>
On Thu, 2019-12-19 at 08:10 +0900, James Bottomley wrote:
> On Wed, 2019-12-18 at 10:50 +0000, David Howells wrote:
> > James Bottomley <James.Bottomley@HansenPartnership.com> wrote:
> >
> > > +/**
> > > + * asn1_encode_octet_string - encode an ASN.1 OCTET STRING
> > > + * @data: pointer to encode at
> > > + * @data_len: bytes remaining in @data buffer
> > > + * @string: string to be encoded
> > > + * @len: length of string
> > > + *
> > > + * Note ASN.1 octet strings may contain zeros, so the length is
> > > obligatory.
> > > + */
> > > +int asn1_encode_octet_string(unsigned char **data, int
> > > *data_len,
> > > + const unsigned char *string, u32
> > > len)
> >
> > I wonder if it makes more sense to pass in an end pointer and
> > return
> > the new data pointer (or an error), ie.:
> >
> > unsigned char *asn1_encode_octet_string(unsigned char *data,
> > unsigned char *data_end,
> > const unsigned char *string,
> > u32 len)
>
> On the first point: people are prone to get off by one confusion on
> data_end pointers (should they point to the last byte in the buffer
> or
> one beyond). If I look at how I use the API, I've no real use for
> either length remaining or the end pointer, so I think it makes no
> difference to the consumer, it's just stuff you have to do for the
> API.
> If I look at the internal API use, we definitely need the length
> remaining, so I've a marginal preference for that format, but since
> it's easy to work out it is very marginal.
>
> > Further, I wonder - does it actually make more sense to encode
> > backwards, ie. start at the end of the buffer and do the last
> > element
> > first, working towards the front.
>
> Heh, let me ask you this: do you use a reverse polish notation
> calculator ... The problem is that it makes the ASN.1 hard to
> construct for the API user and hard to read for the reviewer because
> of the order reversal. Debugging is going to be a pain because
> you're going to get the output of asn1parse and have to read it
> backwards to see where the problems are.
I coded this up to see what it would look like, and I think it can all
be made to work with error pass through. The latter is because you
want to build up sequences of
data = asn1_encode...(data, ...);
data = asn1_encode...(data, ...);
data = asn1_encode...(data, ...);
And only check for errors when you're finished. I think the interface
looks nicer than a modifying pointer, so if you wait for the v4 patches
they'll show this new interface with the consumers.
James
next prev parent reply other threads:[~2019-12-20 16:07 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-10 0:04 [PATCH v2 0/8] Fix TPM 2.0 trusted keys James Bottomley
2019-12-10 0:05 ` [PATCH v2 1/8] security: keys: trusted: flush the key handle after use James Bottomley
2019-12-10 0:06 ` [PATCH v2 2/8] lib: add asn.1 encoder James Bottomley
2019-12-10 8:18 ` David Woodhouse
2019-12-10 13:20 ` James Bottomley
2019-12-10 14:08 ` David Howells
2019-12-10 18:53 ` James Bottomley
2019-12-10 22:37 ` David Woodhouse
2019-12-11 13:02 ` James Bottomley
2019-12-18 10:50 ` David Howells
2019-12-18 23:10 ` James Bottomley
2019-12-20 16:06 ` James Bottomley [this message]
2019-12-10 0:06 ` [PATCH v2 3/8] oid_registry: Add TCG defined OIDS for TPM keys James Bottomley
2019-12-10 8:18 ` David Woodhouse
2019-12-10 13:22 ` James Bottomley
2019-12-10 0:07 ` [PATCH v2 4/8] security: keys: trusted: use ASN.1 tpm2 key format for the blobs James Bottomley
2019-12-10 0:08 ` [PATCH v2 5/8] security: keys: trusted: Make sealed key properly interoperable James Bottomley
2019-12-10 0:08 ` [PATCH v2 6/8] security: keys: trusted: add PCR policy to TPM2 keys James Bottomley
2019-12-10 0:09 ` [PATCH v2 7/8] security: keys: trusted: add ability to specify arbitrary policy James Bottomley
2019-12-10 0:10 ` [PATCH v2 8/8] security: keys: trusted: implement counter/timer policy James Bottomley
2019-12-11 17:59 ` [PATCH v2 0/8] Fix TPM 2.0 trusted keys Jarkko Sakkinen
2019-12-14 20:37 ` James Bottomley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1576857993.3411.3.camel@HansenPartnership.com \
--to=james.bottomley@hansenpartnership.com \
--cc=dhowells@redhat.com \
--cc=dwmw2@infradead.org \
--cc=jarkko.sakkinen@linux.intel.com \
--cc=keyrings@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).