From nobody Sat Feb 7 11:31:20 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 02E4D2F3624; Sun, 25 Jan 2026 19:26:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769369163; cv=none; b=i+Fasg4s/KmLDP0Nprd8DTLgQsLALIHhXC9kLKbBOnFcilhZ0s/y8dPiA1JAc0gQCN/kPS/JFoQsan95VQhFl+z0xZ3M/mt9IJd4i9tGwWfPoxB1EjKGDiAC7EbTg2uOT4+ao2MuXn8rxGOY4CHERYgzhVI9JvB7jsMtaXkxn2M= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769369163; c=relaxed/simple; bh=wd/PVTcrKpAz5gWg6nlyquqYBSfSvIMeV0DjFCJN4ms=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=KnQM+veMoiXA1Q2iVyuULc91TyNNqs/OcnHrX2L+6qs9eb/Ic5qG0TX5vLGSrqxaBj1v3F7KSf9AGrBA05FKWzCiKSJD1nHQsiESaLS8Kge/bOEmRzrV98K0AsTsxvhNSZjuX5ju/kTM6ETkrP20HZzO+RbUPYkqsZFWuZ6x6PM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=FqKm7dcE; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="FqKm7dcE" Received: by smtp.kernel.org (Postfix) with ESMTPSA id F291BC4CEF1; Sun, 25 Jan 2026 19:26:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1769369162; bh=wd/PVTcrKpAz5gWg6nlyquqYBSfSvIMeV0DjFCJN4ms=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=FqKm7dcEUtXj8VaL4SHDnYGjUU+r7eb+rrGeBiDaQS3nKCAZzUOAVKIRTaSc5igqX hsFanVDNpvaCKyHrG/fba9eISX+W1sXLlBeyyxYbpHMQlnSDoyYdQgg1A11lO953lR IhHgncmagL9NChyaJF4bkJncnNHVV5RS/Lum/zbCRAailtLqSo8t8u00C2E60kIBq+ yCuTr701dP6nplMo/1soVjdfV670KzrRe0fYE+PBvpNh1qJHlMM6EqiHAaGnPOdNlr Y+QcI4/edcXC7iOGn+LRK2cE7owPt2JEuqVF7y6WUVgA1ZJkWHNDQGd0J87Z6a59Lb C8duCl47KU9jg== From: Jarkko Sakkinen To: linux-integrity@vger.kernel.org Cc: Jarkko Sakkinen , Jonathan McDowell , James Bottomley , Jarkko Sakkinen , Mimi Zohar , David Howells , Paul Moore , James Morris , "Serge E. Hallyn" , keyrings@vger.kernel.org (open list:KEYS-TRUSTED), linux-security-module@vger.kernel.org (open list:SECURITY SUBSYSTEM), linux-kernel@vger.kernel.org (open list) Subject: [PATCH v9 05/11] KEYS: trusted: Open code tpm2_buf_append() Date: Sun, 25 Jan 2026 21:25:15 +0200 Message-ID: <20260125192526.782202-6-jarkko@kernel.org> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20260125192526.782202-1-jarkko@kernel.org> References: <20260125192526.782202-1-jarkko@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Jarkko Sakkinen tpm2_buf_append_auth() has a single call site and most of its parameters are redundant. Open code it to the call site so that less cross-referencing is required while browsing the source code. Signed-off-by: Jarkko Sakkinen Reviewed-by: Jonathan McDowell --- v6: - Trimmed the patch by removing comment update as it is out of scope. --- security/keys/trusted-keys/trusted_tpm2.c | 40 ++++------------------- 1 file changed, 7 insertions(+), 33 deletions(-) diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trus= ted-keys/trusted_tpm2.c index 6340823f8b53..4894aae6ef70 100644 --- a/security/keys/trusted-keys/trusted_tpm2.c +++ b/security/keys/trusted-keys/trusted_tpm2.c @@ -190,36 +190,6 @@ int tpm2_key_priv(void *context, size_t hdrlen, return 0; } =20 -/** - * tpm2_buf_append_auth() - append TPMS_AUTH_COMMAND to the buffer. - * - * @buf: an allocated tpm_buf instance - * @session_handle: session handle - * @nonce: the session nonce, may be NULL if not used - * @nonce_len: the session nonce length, may be 0 if not used - * @attributes: the session attributes - * @hmac: the session HMAC or password, may be NULL if not used - * @hmac_len: the session HMAC or password length, maybe 0 if not used - */ -static void tpm2_buf_append_auth(struct tpm_buf *buf, u32 session_handle, - const u8 *nonce, u16 nonce_len, - u8 attributes, - const u8 *hmac, u16 hmac_len) -{ - tpm_buf_append_u32(buf, 9 + nonce_len + hmac_len); - tpm_buf_append_u32(buf, session_handle); - tpm_buf_append_u16(buf, nonce_len); - - if (nonce && nonce_len) - tpm_buf_append(buf, nonce, nonce_len); - - tpm_buf_append_u8(buf, attributes); - tpm_buf_append_u16(buf, hmac_len); - - if (hmac && hmac_len) - tpm_buf_append(buf, hmac, hmac_len); -} - /** * tpm2_seal_trusted() - seal the payload of a trusted key * @@ -518,9 +488,13 @@ static int tpm2_unseal_cmd(struct tpm_chip *chip, * could repeat our actions with the exfiltrated * password. */ - tpm2_buf_append_auth(&buf, options->policyhandle, - NULL /* nonce */, 0, 0, - options->blobauth, options->blobauth_len); + tpm_buf_append_u32(&buf, 9 + options->blobauth_len); + tpm_buf_append_u32(&buf, options->policyhandle); + tpm_buf_append_u16(&buf, 0); + tpm_buf_append_u8(&buf, 0); + tpm_buf_append_u16(&buf, options->blobauth_len); + tpm_buf_append(&buf, options->blobauth, options->blobauth_len); + if (tpm2_chip_auth(chip)) { tpm_buf_append_hmac_session(chip, &buf, TPM2_SA_ENCRYPT, NULL, 0); } else { --=20 2.52.0