From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 17 Aug 2022 15:30:29 +0000 (+0200)
Subject: tpm2-util: expose more hash algorithms
X-Git-Tag: v252-rc1~404
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=98193c39c6d7f5cd6d79fc59ecbeca7ef96d563f;p=thirdparty%2Fsystemd.git

tpm2-util: expose more hash algorithms

swtpm supports them, hence maybe support them in our codebase, too
---

diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c
index 9bbd5fb27cb..e1a51908936 100644
--- a/src/shared/tpm2-util.c
+++ b/src/shared/tpm2-util.c
@@ -1443,20 +1443,26 @@ int tpm2_make_luks2_json(
 }
 
 const char *tpm2_pcr_bank_to_string(uint16_t bank) {
-        /* For now, let's officially only support these two. We can extend this later on, should the need
-         * arise. */
-        if (bank == TPM2_ALG_SHA256)
-                return "sha256";
         if (bank == TPM2_ALG_SHA1)
                 return "sha1";
+        if (bank == TPM2_ALG_SHA256)
+                return "sha256";
+        if (bank == TPM2_ALG_SHA384)
+                return "sha384";
+        if (bank == TPM2_ALG_SHA512)
+                return "sha512";
         return NULL;
 }
 
 int tpm2_pcr_bank_from_string(const char *bank) {
-        if (streq_ptr(bank, "sha256"))
-                return TPM2_ALG_SHA256;
         if (streq_ptr(bank, "sha1"))
                 return TPM2_ALG_SHA1;
+        if (streq_ptr(bank, "sha256"))
+                return TPM2_ALG_SHA256;
+        if (streq_ptr(bank, "sha384"))
+                return TPM2_ALG_SHA384;
+        if (streq_ptr(bank, "sha512"))
+                return TPM2_ALG_SHA512;
         return -EINVAL;
 }
 
diff --git a/src/shared/tpm2-util.h b/src/shared/tpm2-util.h
index ed6a5d1ca2c..220eb341ecf 100644
--- a/src/shared/tpm2-util.h
+++ b/src/shared/tpm2-util.h
@@ -67,12 +67,20 @@ static inline bool TPM2_PCR_MASK_VALID(uint64_t pcr_mask) {
 
 /* We want the helpers below to work also if TPM2 libs are not available, hence define these four defines if
  * they are missing. */
+#ifndef TPM2_ALG_SHA1
+#define TPM2_ALG_SHA1 0x4
+#endif
+
 #ifndef TPM2_ALG_SHA256
 #define TPM2_ALG_SHA256 0xB
 #endif
 
-#ifndef TPM2_ALG_SHA1
-#define TPM2_ALG_SHA1 0x4
+#ifndef TPM2_ALG_SHA384
+#define TPM2_ALG_SHA384 0xC
+#endif
+
+#ifndef TPM2_ALG_SHA512
+#define TPM2_ALG_SHA512 0xD
 #endif
 
 #ifndef TPM2_ALG_ECC