From nobody Thu Dec 18 02:24:18 2025 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A173C342CB5; Tue, 16 Dec 2025 07:45:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765871120; cv=none; b=OPJ2T/5JU8N36X9hBA0wyICFToskzmERObFHDC4RbuMG3ZERQrH7mPyoPB47lPEz+eQO+eBr/WQmn5M1Xnz5Vhg2pWZoq+YOih5tOMXKOY78/4ythMGFfzkY8bE1Zvxupm5sUS0vVZmiuPgz5XAGNqxKHaGg/KtKy1oN6WjGlts= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765871120; c=relaxed/simple; bh=9z1wVQJ20sb+PyEwaOgUsDg90w63BGYT0g7MKMfuuMo=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=ujH5pjtyZt/xclvNUdUaUgp4mnK/KYm0xxHenYdeFRDvD/0C2lRJSujDFb2sf+v6mk9RbD2c5PtteMqpe2Gb4H1J9P5t3PurhHkCF9xO5OmS1dfpbnEIciXGjmAReTAeDC/VKHIJn4OY2+s1z0YqjB07u7aIpSTpK6Tu5sOK3Lw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=he14/CXi; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="he14/CXi" Received: by smtp.kernel.org (Postfix) with ESMTPSA id B0FF4C4CEF1; Tue, 16 Dec 2025 07:45:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1765871120; bh=9z1wVQJ20sb+PyEwaOgUsDg90w63BGYT0g7MKMfuuMo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=he14/CXiv2SU5OM69lksjjPr8AM47h08E4dqHOrVJcnuoLnuz07Ps7qCpJVPqMIWS +OHYaf2t/p8po6NfxuotGspSrBgyiCCQrnvpcw8vtka/OTANQKayaKDJPFs4MeDMCy Ll0rWtxCl1FOgWlBZbwzKnKp/sL5uGxVdQU7PWc2kOhlM2rnDgqBCeFc6GxKCY8gzA r8UWcElclGbEitr7fBbihTZF0fBsQYf5G1OeQ1ahNpEddzC7ul94fiJ19knjQ8Q9ax jnmGOXt1JUMokWPC4enUR5+/Cr/9gnXYE0ShmeuELVySU0Bf3HSHs28EQDq2fu/4gr uFiHGyqWKHLMg== From: Jarkko Sakkinen To: linux-integrity@vger.kernel.org Cc: Jarkko Sakkinen , Jonathan McDowell , David Howells , Jarkko Sakkinen , Paul Moore , James Morris , "Serge E. Hallyn" , James Bottomley , Mimi Zohar , keyrings@vger.kernel.org (open list:KEYS/KEYRINGS), linux-security-module@vger.kernel.org (open list:SECURITY SUBSYSTEM), linux-kernel@vger.kernel.org (open list) Subject: [PATCH v7 04/12] KEYS: trusted: Open code tpm2_buf_append() Date: Tue, 16 Dec 2025 09:44:45 +0200 Message-Id: <20251216074454.2192499-5-jarkko@kernel.org> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20251216074454.2192499-1-jarkko@kernel.org> References: <20251216074454.2192499-1-jarkko@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Jarkko Sakkinen tpm2_buf_append_auth() has a single call site and most of its parameters are redundant. Open code it to the call site so that less cross-referencing is required while browsing the source code. Signed-off-by: Jarkko Sakkinen Reviewed-by: Jonathan McDowell --- v6: - Trimmed the patch by removing comment update as it is out of scope. --- security/keys/trusted-keys/trusted_tpm2.c | 40 ++++------------------- 1 file changed, 7 insertions(+), 33 deletions(-) diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trus= ted-keys/trusted_tpm2.c index a7ea4a1c3bed..d3a5c5f2b926 100644 --- a/security/keys/trusted-keys/trusted_tpm2.c +++ b/security/keys/trusted-keys/trusted_tpm2.c @@ -190,36 +190,6 @@ int tpm2_key_priv(void *context, size_t hdrlen, return 0; } =20 -/** - * tpm2_buf_append_auth() - append TPMS_AUTH_COMMAND to the buffer. - * - * @buf: an allocated tpm_buf instance - * @session_handle: session handle - * @nonce: the session nonce, may be NULL if not used - * @nonce_len: the session nonce length, may be 0 if not used - * @attributes: the session attributes - * @hmac: the session HMAC or password, may be NULL if not used - * @hmac_len: the session HMAC or password length, maybe 0 if not used - */ -static void tpm2_buf_append_auth(struct tpm_buf *buf, u32 session_handle, - const u8 *nonce, u16 nonce_len, - u8 attributes, - const u8 *hmac, u16 hmac_len) -{ - tpm_buf_append_u32(buf, 9 + nonce_len + hmac_len); - tpm_buf_append_u32(buf, session_handle); - tpm_buf_append_u16(buf, nonce_len); - - if (nonce && nonce_len) - tpm_buf_append(buf, nonce, nonce_len); - - tpm_buf_append_u8(buf, attributes); - tpm_buf_append_u16(buf, hmac_len); - - if (hmac && hmac_len) - tpm_buf_append(buf, hmac, hmac_len); -} - /** * tpm2_seal_trusted() - seal the payload of a trusted key * @@ -518,9 +488,13 @@ static int tpm2_unseal_cmd(struct tpm_chip *chip, * could repeat our actions with the exfiltrated * password. */ - tpm2_buf_append_auth(&buf, options->policyhandle, - NULL /* nonce */, 0, 0, - options->blobauth, options->blobauth_len); + tpm_buf_append_u32(&buf, 9 + options->blobauth_len); + tpm_buf_append_u32(&buf, options->policyhandle); + tpm_buf_append_u16(&buf, 0); + tpm_buf_append_u8(&buf, 0); + tpm_buf_append_u16(&buf, options->blobauth_len); + tpm_buf_append(&buf, options->blobauth, options->blobauth_len); + if (tpm2_chip_auth(chip)) { tpm_buf_append_hmac_session(chip, &buf, TPM2_SA_ENCRYPT, NULL, 0); } else { --=20 2.39.5