From: Lennart Poettering Date: Mon, 3 Jun 2024 15:44:15 +0000 (+0200) Subject: tpm2-util: rename tpm2_extend_bytes()→tpm2_pcr_extend_bytes() and make it take struct... X-Git-Tag: v259-rc1~183^2~13 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d412b1629c54a6cc40dff225394661e09d20c461;p=thirdparty%2Fsystemd.git tpm2-util: rename tpm2_extend_bytes()→tpm2_pcr_extend_bytes() and make it take struct iovec We soon want to add the ability to extend into nvindexes in addition to PCRs, hence rename the function to make clear it is about pcr extension. While we are at it, switch things over to "struct iovec" as we generally try to do it now in tpm2-util.[ch] these days. --- diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c index 7351e5dc2a4..09939bfa48d 100644 --- a/src/cryptsetup/cryptsetup.c +++ b/src/cryptsetup/cryptsetup.c @@ -1047,7 +1047,7 @@ static int measure_volume_key( if (!s) return log_oom(); - r = tpm2_extend_bytes(c, l ?: arg_tpm2_measure_banks, arg_tpm2_measure_pcr, s, SIZE_MAX, volume_key, volume_key_size, TPM2_EVENT_VOLUME_KEY, s); + r = tpm2_pcr_extend_bytes(c, l ?: arg_tpm2_measure_banks, arg_tpm2_measure_pcr, &IOVEC_MAKE_STRING(s), &IOVEC_MAKE(volume_key, volume_key_size), TPM2_EVENT_VOLUME_KEY, s); if (r < 0) return log_error_errno(r, "Could not extend PCR: %m"); diff --git a/src/pcrextend/pcrextend.c b/src/pcrextend/pcrextend.c index 75b561da904..cc50ad3ff79 100644 --- a/src/pcrextend/pcrextend.c +++ b/src/pcrextend/pcrextend.c @@ -233,7 +233,7 @@ static int extend_now(unsigned pcr, const void *data, size_t size, Tpm2Userspace log_debug("Measuring '%s' into PCR index %u, banks %s.", safe, pcr, joined_banks); - r = tpm2_extend_bytes(c, arg_banks, pcr, data, size, /* secret= */ NULL, /* secret_size= */ 0, event, safe); + r = tpm2_pcr_extend_bytes(c, arg_banks, pcr, &IOVEC_MAKE(data, size), /* secret= */ NULL, event, safe); if (r < 0) return log_error_errno(r, "Could not extend PCR: %m"); diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c index ba6171f15fe..38c1d73dc71 100644 --- a/src/shared/tpm2-util.c +++ b/src/shared/tpm2-util.c @@ -6321,14 +6321,12 @@ static int tpm2_userspace_log( } #endif -int tpm2_extend_bytes( +int tpm2_pcr_extend_bytes( Tpm2Context *c, char **banks, unsigned pcr_index, - const void *data, - size_t data_size, - const void *secret, - size_t secret_size, + const struct iovec *data, + const struct iovec *secret, Tpm2UserspaceEventType event_type, const char *description) { @@ -6338,17 +6336,15 @@ int tpm2_extend_bytes( TSS2_RC rc; assert(c); - assert(data || data_size == 0); - assert(secret || secret_size == 0); - - if (data_size == SIZE_MAX) - data_size = strlen(data); - if (secret_size == SIZE_MAX) - secret_size = strlen(secret); + assert(iovec_is_valid(data)); + assert(iovec_is_valid(secret)); if (pcr_index >= TPM2_PCRS_MAX) return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Can't measure into unsupported PCR %u, refusing.", pcr_index); + if (!iovec_is_set(data)) + data = &iovec_empty; + if (strv_isempty(banks)) return 0; @@ -6376,10 +6372,10 @@ int tpm2_extend_bytes( * secret for other purposes, maybe because it needs a shorter secret derived from it for * some unrelated purpose, who knows). Hence we instead measure an HMAC signature of a * private non-secret string instead. */ - if (secret_size > 0) { - if (!HMAC(implementation, secret, secret_size, data, data_size, (unsigned char*) &values.digests[values.count].digest, NULL)) + if (iovec_is_set(secret) > 0) { + if (!HMAC(implementation, secret->iov_base, secret->iov_len, data->iov_base, data->iov_len, (unsigned char*) &values.digests[values.count].digest, NULL)) return log_debug_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE), "Failed to calculate HMAC of data to measure."); - } else if (EVP_Digest(data, data_size, (unsigned char*) &values.digests[values.count].digest, NULL, implementation, NULL) != 1) + } else if (EVP_Digest(data->iov_base, data->iov_len, (unsigned char*) &values.digests[values.count].digest, NULL, implementation, NULL) != 1) return log_debug_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE), "Failed to hash data to measure."); values.count++; diff --git a/src/shared/tpm2-util.h b/src/shared/tpm2-util.h index b051c8435e1..0fc3b550500 100644 --- a/src/shared/tpm2-util.h +++ b/src/shared/tpm2-util.h @@ -149,7 +149,7 @@ typedef enum Tpm2UserspaceEventType { const char* tpm2_userspace_event_type_to_string(Tpm2UserspaceEventType type) _const_; Tpm2UserspaceEventType tpm2_userspace_event_type_from_string(const char *s) _pure_; -int tpm2_extend_bytes(Tpm2Context *c, char **banks, unsigned pcr_index, const void *data, size_t data_size, const void *secret, size_t secret_size, Tpm2UserspaceEventType event, const char *description); +int tpm2_pcr_extend_bytes(Tpm2Context *c, char **banks, unsigned pcr_index, const struct iovec *data, const struct iovec *secret, Tpm2UserspaceEventType event, const char *description); uint32_t tpm2_tpms_pcr_selection_to_mask(const TPMS_PCR_SELECTION *s); void tpm2_tpms_pcr_selection_from_mask(uint32_t mask, TPMI_ALG_HASH hash, TPMS_PCR_SELECTION *ret);