[PATCH v9 05/11] KEYS: trusted: Open code tpm2_buf_append()

public inbox for linux-integrity@vger.kernel.org
 help / color / mirror / Atom feed

From: Jarkko Sakkinen <jarkko@kernel.org>
To: linux-integrity@vger.kernel.org
Cc: Jarkko Sakkinen <jarkko.sakkinen@opinsys.com>,
	Jonathan McDowell <noodles@earth.li>,
	James Bottomley <James.Bottomley@HansenPartnership.com>,
	Jarkko Sakkinen <jarkko@kernel.org>,
	Mimi Zohar <zohar@linux.ibm.com>,
	David Howells <dhowells@redhat.com>,
	Paul Moore <paul@paul-moore.com>,
	James Morris <jmorris@namei.org>,
	"Serge E. Hallyn" <serge@hallyn.com>,
	keyrings@vger.kernel.org (open list:KEYS-TRUSTED),
	linux-security-module@vger.kernel.org (open list:SECURITY
	SUBSYSTEM), linux-kernel@vger.kernel.org (open list)
Subject: [PATCH v9 05/11] KEYS: trusted: Open code tpm2_buf_append()
Date: Sun, 25 Jan 2026 21:25:15 +0200	[thread overview]
Message-ID: <20260125192526.782202-6-jarkko@kernel.org> (raw)
In-Reply-To: <20260125192526.782202-1-jarkko@kernel.org>

From: Jarkko Sakkinen <jarkko.sakkinen@opinsys.com>

tpm2_buf_append_auth() has a single call site and most of its parameters
are redundant. Open code it to the call site so that less cross-referencing
is required while browsing the source code.

Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@opinsys.com>
Reviewed-by: Jonathan McDowell <noodles@earth.li>
---
v6:
- Trimmed the patch by removing comment update as it is out of scope.
---
 security/keys/trusted-keys/trusted_tpm2.c | 40 ++++-------------------
 1 file changed, 7 insertions(+), 33 deletions(-)

diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c
index 6340823f8b53..4894aae6ef70 100644
--- a/security/keys/trusted-keys/trusted_tpm2.c
+++ b/security/keys/trusted-keys/trusted_tpm2.c
@@ -190,36 +190,6 @@ int tpm2_key_priv(void *context, size_t hdrlen,
 	return 0;
 }
 
-/**
- * tpm2_buf_append_auth() - append TPMS_AUTH_COMMAND to the buffer.
- *
- * @buf: an allocated tpm_buf instance
- * @session_handle: session handle
- * @nonce: the session nonce, may be NULL if not used
- * @nonce_len: the session nonce length, may be 0 if not used
- * @attributes: the session attributes
- * @hmac: the session HMAC or password, may be NULL if not used
- * @hmac_len: the session HMAC or password length, maybe 0 if not used
- */
-static void tpm2_buf_append_auth(struct tpm_buf *buf, u32 session_handle,
-				 const u8 *nonce, u16 nonce_len,
-				 u8 attributes,
-				 const u8 *hmac, u16 hmac_len)
-{
-	tpm_buf_append_u32(buf, 9 + nonce_len + hmac_len);
-	tpm_buf_append_u32(buf, session_handle);
-	tpm_buf_append_u16(buf, nonce_len);
-
-	if (nonce && nonce_len)
-		tpm_buf_append(buf, nonce, nonce_len);
-
-	tpm_buf_append_u8(buf, attributes);
-	tpm_buf_append_u16(buf, hmac_len);
-
-	if (hmac && hmac_len)
-		tpm_buf_append(buf, hmac, hmac_len);
-}
-
 /**
  * tpm2_seal_trusted() - seal the payload of a trusted key
  *
@@ -518,9 +488,13 @@ static int tpm2_unseal_cmd(struct tpm_chip *chip,
 		 * could repeat our actions with the exfiltrated
 		 * password.
 		 */
-		tpm2_buf_append_auth(&buf, options->policyhandle,
-				     NULL /* nonce */, 0, 0,
-				     options->blobauth, options->blobauth_len);
+		tpm_buf_append_u32(&buf, 9 + options->blobauth_len);
+		tpm_buf_append_u32(&buf, options->policyhandle);
+		tpm_buf_append_u16(&buf, 0);
+		tpm_buf_append_u8(&buf, 0);
+		tpm_buf_append_u16(&buf, options->blobauth_len);
+		tpm_buf_append(&buf, options->blobauth, options->blobauth_len);
+
 		if (tpm2_chip_auth(chip)) {
 			tpm_buf_append_hmac_session(chip, &buf, TPM2_SA_ENCRYPT, NULL, 0);
 		} else  {
-- 
2.52.0

next prev parent reply	other threads:[~2026-01-25 19:26 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-01-25 19:25 [PATCH v9 00/11] Streamline TPM2 HMAC sessions Jarkko Sakkinen
2026-01-25 19:25 ` [PATCH v9 01/11] KEYS: trusted: Use get_random-fallback for TPM Jarkko Sakkinen
2026-01-29 16:18   ` Roberto Sassu
2026-02-01 22:25     ` Jarkko Sakkinen
2026-02-20 18:04   ` Mimi Zohar
2026-02-20 18:30     ` Chris Fenner
2026-03-03 21:32       ` Jarkko Sakkinen
2026-03-05 15:37         ` Mimi Zohar
2026-03-18 17:36           ` Chris Fenner
2026-03-19 14:28             ` Mimi Zohar
2026-03-23  5:26               ` Jarkko Sakkinen
2026-03-23  5:34                 ` Jarkko Sakkinen
2026-03-23  5:46                   ` Jarkko Sakkinen
2026-03-23  5:24           ` Jarkko Sakkinen
2026-03-03 21:30     ` Jarkko Sakkinen
2026-01-25 19:25 ` [PATCH v9 02/11] KEYS: trusted: Use get_random_bytes_wait() instead of tpm_get_random() Jarkko Sakkinen
2026-01-25 19:25 ` [PATCH v9 03/11] tpm: Change tpm_get_random() opportunistic Jarkko Sakkinen
2026-01-25 19:25 ` [PATCH v9 04/11] tpm2-sessions: Define TPM2_NAME_MAX_SIZE Jarkko Sakkinen
2026-01-25 19:25 ` Jarkko Sakkinen [this message]
2026-01-25 19:25 ` [PATCH v9 06/11] KEYS: trusted: Remove dead branch from tpm2_unseal_cmd Jarkko Sakkinen
2026-01-25 19:25 ` [PATCH v9 07/11] KEYS: trusted: Re-orchestrate tpm2_read_public() calls Jarkko Sakkinen
2026-01-25 19:25 ` [PATCH v9 08/11] tpm2-sessions: Remove the support for more than one authorization Jarkko Sakkinen
2026-01-25 19:25 ` [PATCH v9 09/11] tpm-buf: Remove tpm_buf_append_handle Jarkko Sakkinen
2026-01-25 19:25 ` [PATCH v9 10/11] tpm-buf: Merge TPM_BUF_BOUNDARY_ERROR and TPM_BUF_OVERFLOW Jarkko Sakkinen
2026-01-25 19:25 ` [PATCH v9 11/11] tpm-buf: Implement managed allocations Jarkko Sakkinen
2026-02-08 14:09   ` Jarkko Sakkinen

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:6340823f8b5 dfblob:4894aae6ef7 )
 OR (
bs:"[PATCH v9 05/11] KEYS: trusted: Open code tpm2_buf_append()" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260125192526.782202-6-jarkko@kernel.org \
    --to=jarkko@kernel.org \
    --cc=James.Bottomley@HansenPartnership.com \
    --cc=dhowells@redhat.com \
    --cc=jarkko.sakkinen@opinsys.com \
    --cc=jmorris@namei.org \
    --cc=keyrings@vger.kernel.org \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=noodles@earth.li \
    --cc=paul@paul-moore.com \
    --cc=serge@hallyn.com \
    --cc=zohar@linux.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox