From: Dan Streetman Date: Wed, 14 Dec 2022 15:46:13 +0000 (-0500) Subject: tpm2: replace hash_pin() with tpm2_digest_*() functions X-Git-Tag: v254-rc1~359^2~8 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=94a4ff2dc1e753fc5715b5d240092e38456898f0;p=thirdparty%2Fsystemd.git tpm2: replace hash_pin() with tpm2_digest_*() functions The hash_pin() function is just a specific use case of the digest functions. --- diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c index 1a8bc0da72c..e7489edebcf 100644 --- a/src/shared/tpm2-util.c +++ b/src/shared/tpm2-util.c @@ -1380,21 +1380,6 @@ int tpm2_get_good_pcr_banks_strv( #endif } -static void hash_pin(const char *pin, size_t len, TPM2B_AUTH *auth) { - struct sha256_ctx hash; - - assert(auth); - assert(pin); - - auth->size = SHA256_DIGEST_SIZE; - - CLEANUP_ERASE(hash); - - sha256_init_ctx(&hash); - sha256_process_bytes(pin, len, &hash); - sha256_finish_ctx(&hash, auth->buffer); -} - /* Hash data into the digest. * * If 'extend' is true, the hashing operation starts with the existing digest hash (and the digest is @@ -1518,7 +1503,9 @@ static int tpm2_make_encryption_session( CLEANUP_ERASE(auth); - hash_pin(pin, strlen(pin), &auth); + r = tpm2_digest_buffer(TPM2_ALG_SHA256, &auth, pin, strlen(pin), /* extend= */ false); + if (r < 0) + return r; rc = sym_Esys_TR_SetAuth(c->esys_context, bind_key->esys_handle, &auth); if (rc != TSS2_RC_SUCCESS) @@ -2193,8 +2180,11 @@ int tpm2_seal(const char *device, .size = sizeof(hmac_sensitive.sensitive), .sensitive.data.size = 32, }; - if (pin) - hash_pin(pin, strlen(pin), &hmac_sensitive.sensitive.userAuth); + if (pin) { + r = tpm2_digest_buffer(TPM2_ALG_SHA256, &hmac_sensitive.sensitive.userAuth, pin, strlen(pin), /* extend= */ false); + if (r < 0) + return r; + } assert(sizeof(hmac_sensitive.sensitive.data.buffer) >= hmac_sensitive.sensitive.data.size);