You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
66 lines
2.2 KiB
66 lines
2.2 KiB
From 3bd6a10eeaaa863d54573226828f6e0c204442ee Mon Sep 17 00:00:00 2001
|
|
From: Dan Streetman <ddstreet@ieee.org>
|
|
Date: Wed, 14 Dec 2022 10:46:13 -0500
|
|
Subject: [PATCH] tpm2: replace hash_pin() with tpm2_digest_*() functions
|
|
|
|
The hash_pin() function is just a specific use case of the digest functions.
|
|
|
|
(cherry picked from commit 94a4ff2dc1e753fc5715b5d240092e38456898f0)
|
|
|
|
Related: RHEL-16182
|
|
---
|
|
src/shared/tpm2-util.c | 26 ++++++++------------------
|
|
1 file changed, 8 insertions(+), 18 deletions(-)
|
|
|
|
diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c
|
|
index d397c505f5..f1950189d5 100644
|
|
--- a/src/shared/tpm2-util.c
|
|
+++ b/src/shared/tpm2-util.c
|
|
@@ -1369,21 +1369,6 @@ int tpm2_get_good_pcr_banks_strv(
|
|
return 0;
|
|
}
|
|
|
|
-static void hash_pin(const char *pin, size_t len, TPM2B_AUTH *auth) {
|
|
- struct sha256_ctx hash;
|
|
-
|
|
- assert(auth);
|
|
- assert(pin);
|
|
-
|
|
- auth->size = SHA256_DIGEST_SIZE;
|
|
-
|
|
- CLEANUP_ERASE(hash);
|
|
-
|
|
- sha256_init_ctx(&hash);
|
|
- sha256_process_bytes(pin, len, &hash);
|
|
- sha256_finish_ctx(&hash, auth->buffer);
|
|
-}
|
|
-
|
|
/* Hash data into the digest.
|
|
*
|
|
* If 'extend' is true, the hashing operation starts with the existing digest hash (and the digest is
|
|
@@ -1507,7 +1492,9 @@ static int tpm2_make_encryption_session(
|
|
|
|
CLEANUP_ERASE(auth);
|
|
|
|
- hash_pin(pin, strlen(pin), &auth);
|
|
+ r = tpm2_digest_buffer(TPM2_ALG_SHA256, &auth, pin, strlen(pin), /* extend= */ false);
|
|
+ if (r < 0)
|
|
+ return r;
|
|
|
|
rc = sym_Esys_TR_SetAuth(c->esys_context, bind_key->esys_handle, &auth);
|
|
if (rc != TSS2_RC_SUCCESS)
|
|
@@ -2182,8 +2169,11 @@ int tpm2_seal(const char *device,
|
|
.size = sizeof(hmac_sensitive.sensitive),
|
|
.sensitive.data.size = 32,
|
|
};
|
|
- if (pin)
|
|
- hash_pin(pin, strlen(pin), &hmac_sensitive.sensitive.userAuth);
|
|
+ if (pin) {
|
|
+ r = tpm2_digest_buffer(TPM2_ALG_SHA256, &hmac_sensitive.sensitive.userAuth, pin, strlen(pin), /* extend= */ false);
|
|
+ if (r < 0)
|
|
+ return r;
|
|
+ }
|
|
|
|
assert(sizeof(hmac_sensitive.sensitive.data.buffer) >= hmac_sensitive.sensitive.data.size);
|
|
|