tpm2: replace hash_pin() with tpm2_digest_*() functions

The hash_pin() function is just a specific use case of the digest functions.

diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c
index 1a8bc0da72c4e3b5c4363d50e4cf2be39ea726ce..e7489edebcfedebc5295b8be23f85dc9107cf118 100644 (file)
--- a/src/shared/tpm2-util.c
+++ b/src/shared/tpm2-util.c
@@ -1380,21 +1380,6 @@ int tpm2_get_good_pcr_banks_strv(
 #endif
 }
 
-static void hash_pin(const char *pin, size_t len, TPM2B_AUTH *auth) {
-        struct sha256_ctx hash;
-
-        assert(auth);
-        assert(pin);
-
-        auth->size = SHA256_DIGEST_SIZE;
-
-        CLEANUP_ERASE(hash);
-
-        sha256_init_ctx(&hash);
-        sha256_process_bytes(pin, len, &hash);
-        sha256_finish_ctx(&hash, auth->buffer);
-}
-
 /* Hash data into the digest.
  *
  * If 'extend' is true, the hashing operation starts with the existing digest hash (and the digest is
@@ -1518,7 +1503,9 @@ static int tpm2_make_encryption_session(
 
                 CLEANUP_ERASE(auth);
 
-                hash_pin(pin, strlen(pin), &auth);
+                r = tpm2_digest_buffer(TPM2_ALG_SHA256, &auth, pin, strlen(pin), /* extend= */ false);
+                if (r < 0)
+                        return r;
 
                 rc = sym_Esys_TR_SetAuth(c->esys_context, bind_key->esys_handle, &auth);
                 if (rc != TSS2_RC_SUCCESS)
@@ -2193,8 +2180,11 @@ int tpm2_seal(const char *device,
                 .size = sizeof(hmac_sensitive.sensitive),
                 .sensitive.data.size = 32,
         };
-        if (pin)
-                hash_pin(pin, strlen(pin), &hmac_sensitive.sensitive.userAuth);
+        if (pin) {
+                r = tpm2_digest_buffer(TPM2_ALG_SHA256, &hmac_sensitive.sensitive.userAuth, pin, strlen(pin), /* extend= */ false);
+                if (r < 0)
+                        return r;
+        }
 
         assert(sizeof(hmac_sensitive.sensitive.data.buffer) >= hmac_sensitive.sensitive.data.size);