if (!s)
return log_oom();
- r = tpm2_extend_bytes(c, l ?: arg_tpm2_measure_banks, arg_tpm2_measure_pcr, s, SIZE_MAX, volume_key, volume_key_size, TPM2_EVENT_VOLUME_KEY, s);
+ r = tpm2_pcr_extend_bytes(c, l ?: arg_tpm2_measure_banks, arg_tpm2_measure_pcr, &IOVEC_MAKE_STRING(s), &IOVEC_MAKE(volume_key, volume_key_size), TPM2_EVENT_VOLUME_KEY, s);
if (r < 0)
return log_error_errno(r, "Could not extend PCR: %m");
log_debug("Measuring '%s' into PCR index %u, banks %s.", safe, pcr, joined_banks);
- r = tpm2_extend_bytes(c, arg_banks, pcr, data, size, /* secret= */ NULL, /* secret_size= */ 0, event, safe);
+ r = tpm2_pcr_extend_bytes(c, arg_banks, pcr, &IOVEC_MAKE(data, size), /* secret= */ NULL, event, safe);
if (r < 0)
return log_error_errno(r, "Could not extend PCR: %m");
}
#endif
-int tpm2_extend_bytes(
+int tpm2_pcr_extend_bytes(
Tpm2Context *c,
char **banks,
unsigned pcr_index,
- const void *data,
- size_t data_size,
- const void *secret,
- size_t secret_size,
+ const struct iovec *data,
+ const struct iovec *secret,
Tpm2UserspaceEventType event_type,
const char *description) {
TSS2_RC rc;
assert(c);
- assert(data || data_size == 0);
- assert(secret || secret_size == 0);
-
- if (data_size == SIZE_MAX)
- data_size = strlen(data);
- if (secret_size == SIZE_MAX)
- secret_size = strlen(secret);
+ assert(iovec_is_valid(data));
+ assert(iovec_is_valid(secret));
if (pcr_index >= TPM2_PCRS_MAX)
return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Can't measure into unsupported PCR %u, refusing.", pcr_index);
+ if (!iovec_is_set(data))
+ data = &iovec_empty;
+
if (strv_isempty(banks))
return 0;
* secret for other purposes, maybe because it needs a shorter secret derived from it for
* some unrelated purpose, who knows). Hence we instead measure an HMAC signature of a
* private non-secret string instead. */
- if (secret_size > 0) {
- if (!HMAC(implementation, secret, secret_size, data, data_size, (unsigned char*) &values.digests[values.count].digest, NULL))
+ if (iovec_is_set(secret) > 0) {
+ if (!HMAC(implementation, secret->iov_base, secret->iov_len, data->iov_base, data->iov_len, (unsigned char*) &values.digests[values.count].digest, NULL))
return log_debug_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE), "Failed to calculate HMAC of data to measure.");
- } else if (EVP_Digest(data, data_size, (unsigned char*) &values.digests[values.count].digest, NULL, implementation, NULL) != 1)
+ } else if (EVP_Digest(data->iov_base, data->iov_len, (unsigned char*) &values.digests[values.count].digest, NULL, implementation, NULL) != 1)
return log_debug_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE), "Failed to hash data to measure.");
values.count++;
const char* tpm2_userspace_event_type_to_string(Tpm2UserspaceEventType type) _const_;
Tpm2UserspaceEventType tpm2_userspace_event_type_from_string(const char *s) _pure_;
-int tpm2_extend_bytes(Tpm2Context *c, char **banks, unsigned pcr_index, const void *data, size_t data_size, const void *secret, size_t secret_size, Tpm2UserspaceEventType event, const char *description);
+int tpm2_pcr_extend_bytes(Tpm2Context *c, char **banks, unsigned pcr_index, const struct iovec *data, const struct iovec *secret, Tpm2UserspaceEventType event, const char *description);
uint32_t tpm2_tpms_pcr_selection_to_mask(const TPMS_PCR_SELECTION *s);
void tpm2_tpms_pcr_selection_from_mask(uint32_t mask, TPMI_ALG_HASH hash, TPMS_PCR_SELECTION *ret);
projects / thirdparty / systemd.git / commitdiff
