From 73fd8e125a5c22cd341c056b774ab6cb2122b951 Mon Sep 17 00:00:00 2001 From: Dan Streetman Date: Fri, 9 Dec 2022 17:20:24 -0500 Subject: [PATCH] tpm2: rename tpm2 alg id<->string functions The 'pcr_bank' functions operate on hash algs, and are not specific to the PCR banks, while the 'primary_alg' functions operate on asymmetric algs, and are not specific to primary keys. (cherry picked from commit 7bfe0a48d9df6e9488aaec2eeb5bfec051681e40) Related: RHEL-16182 --- src/boot/measure.c | 2 +- .../cryptsetup-token-systemd-tpm2.c | 8 ++-- src/shared/creds-util.c | 4 +- src/shared/tpm2-util.c | 44 +++++++++---------- src/shared/tpm2-util.h | 8 ++-- 5 files changed, 33 insertions(+), 33 deletions(-) diff --git a/src/boot/measure.c b/src/boot/measure.c index 84a7c357a4..8af3a337d6 100644 --- a/src/boot/measure.c +++ b/src/boot/measure.c @@ -837,7 +837,7 @@ static int verb_sign(int argc, char *argv[], void *userdata) { assert(sizeof(intermediate_digest.buffer) >= SHA256_DIGEST_SIZE); sha256_direct(p->value, p->value_size, intermediate_digest.buffer); - int tpmalg = tpm2_pcr_bank_from_string(EVP_MD_name(p->md)); + int tpmalg = tpm2_hash_alg_from_string(EVP_MD_name(p->md)); if (tpmalg < 0) { log_error_errno(tpmalg, "Unsupported PCR bank"); goto finish; diff --git a/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-tpm2.c b/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-tpm2.c index 1eb924529c..98bcaac4d8 100644 --- a/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-tpm2.c +++ b/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-tpm2.c @@ -220,10 +220,10 @@ _public_ void cryptsetup_token_dump( return (void) crypt_log_debug_errno(cd, r, "Can not dump " TOKEN_NAME " content: %m"); crypt_log(cd, "\ttpm2-hash-pcrs: %s\n", strna(hash_pcrs_str)); - crypt_log(cd, "\ttpm2-pcr-bank: %s\n", strna(tpm2_pcr_bank_to_string(pcr_bank))); + crypt_log(cd, "\ttpm2-pcr-bank: %s\n", strna(tpm2_hash_alg_to_string(pcr_bank))); crypt_log(cd, "\ttpm2-pubkey:" CRYPT_DUMP_LINE_SEP "%s\n", pubkey_str); crypt_log(cd, "\ttpm2-pubkey-pcrs: %s\n", strna(pubkey_pcrs_str)); - crypt_log(cd, "\ttpm2-primary-alg: %s\n", strna(tpm2_primary_alg_to_string(primary_alg))); + crypt_log(cd, "\ttpm2-primary-alg: %s\n", strna(tpm2_asym_alg_to_string(primary_alg))); crypt_log(cd, "\ttpm2-blob: %s\n", blob_str); crypt_log(cd, "\ttpm2-policy-hash:" CRYPT_DUMP_LINE_SEP "%s\n", policy_hash_str); crypt_log(cd, "\ttpm2-pin: %s\n", true_false(flags & TPM2_FLAGS_USE_PIN)); @@ -281,7 +281,7 @@ _public_ int cryptsetup_token_validate( return 1; } - if (tpm2_pcr_bank_from_string(json_variant_string(w)) < 0) { + if (tpm2_hash_alg_from_string(json_variant_string(w)) < 0) { crypt_log_debug(cd, "TPM2 PCR bank invalid or not supported: %s.", json_variant_string(w)); return 1; } @@ -298,7 +298,7 @@ _public_ int cryptsetup_token_validate( return 1; } - if (tpm2_primary_alg_from_string(json_variant_string(w)) < 0) { + if (tpm2_asym_alg_from_string(json_variant_string(w)) < 0) { crypt_log_debug(cd, "TPM2 primary key algorithm invalid or not supported: %s", json_variant_string(w)); return 1; } diff --git a/src/shared/creds-util.c b/src/shared/creds-util.c index 9ac0320c58..e9cafb8097 100644 --- a/src/shared/creds-util.c +++ b/src/shared/creds-util.c @@ -944,9 +944,9 @@ int decrypt_credential_and_warn( if (!TPM2_PCR_MASK_VALID(t->pcr_mask)) return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "TPM2 PCR mask out of range."); - if (!tpm2_pcr_bank_to_string(le16toh(t->pcr_bank))) + if (!tpm2_hash_alg_to_string(le16toh(t->pcr_bank))) return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "TPM2 PCR bank invalid or not supported"); - if (!tpm2_primary_alg_to_string(le16toh(t->primary_alg))) + if (!tpm2_asym_alg_to_string(le16toh(t->primary_alg))) return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "TPM2 primary key algorithm invalid or not supported."); if (le32toh(t->blob_size) > CREDENTIAL_FIELD_SIZE_MAX) return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Unexpected TPM2 blob size."); diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c index 278cdf3692..fe4d63b775 100644 --- a/src/shared/tpm2-util.c +++ b/src/shared/tpm2-util.c @@ -528,7 +528,7 @@ static int tpm2_bank_has24(const TPMS_PCR_SELECTION *selection) { * TPM2 on a Client PC must have at least 24 PCRs. If this TPM has less, just skip over it. */ if (selection->sizeofSelect < TPM2_PCRS_MAX/8) { log_debug("Skipping TPM2 PCR bank %s with fewer than 24 PCRs.", - strna(tpm2_pcr_bank_to_string(selection->hash))); + strna(tpm2_hash_alg_to_string(selection->hash))); return false; } @@ -545,7 +545,7 @@ static int tpm2_bank_has24(const TPMS_PCR_SELECTION *selection) { if (!valid) log_debug("TPM2 PCR bank %s has fewer than 24 PCR bits enabled, ignoring.", - strna(tpm2_pcr_bank_to_string(selection->hash))); + strna(tpm2_hash_alg_to_string(selection->hash))); return valid; } @@ -747,7 +747,7 @@ int tpm2_get_good_pcr_banks_strv( const EVP_MD *implementation; const char *salg; - salg = tpm2_pcr_bank_to_string(algs[i]); + salg = tpm2_hash_alg_to_string(algs[i]); if (!salg) return log_error_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE), "TPM2 operates with unknown PCR algorithm, can't measure."); @@ -971,7 +971,7 @@ static int find_signature( if (!json_variant_is_object(v)) return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Signature is not a JSON object."); - k = tpm2_pcr_bank_to_string(pcr_bank); + k = tpm2_hash_alg_to_string(pcr_bank); if (!k) return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Don't know PCR bank %" PRIu16, pcr_bank); @@ -1956,7 +1956,7 @@ int tpm2_extend_bytes( if ((size_t) EVP_MD_size(implementation) > sizeof(values.digests[values.count].digest)) return log_error_errno(SYNTHETIC_ERRNO(E2BIG), "Hash result too large for TPM2."); - id = tpm2_pcr_bank_from_string(EVP_MD_name(implementation)); + id = tpm2_hash_alg_from_string(EVP_MD_name(implementation)); if (id < 0) return log_error_errno(id, "Can't map hash name to TPM2."); @@ -2140,8 +2140,8 @@ int tpm2_make_luks2_json( JSON_BUILD_PAIR("keyslots", JSON_BUILD_ARRAY(JSON_BUILD_STRING(keyslot_as_string))), JSON_BUILD_PAIR("tpm2-blob", JSON_BUILD_BASE64(blob, blob_size)), JSON_BUILD_PAIR("tpm2-pcrs", JSON_BUILD_VARIANT(hmj)), - JSON_BUILD_PAIR_CONDITION(!!tpm2_pcr_bank_to_string(pcr_bank), "tpm2-pcr-bank", JSON_BUILD_STRING(tpm2_pcr_bank_to_string(pcr_bank))), - JSON_BUILD_PAIR_CONDITION(!!tpm2_primary_alg_to_string(primary_alg), "tpm2-primary-alg", JSON_BUILD_STRING(tpm2_primary_alg_to_string(primary_alg))), + JSON_BUILD_PAIR_CONDITION(!!tpm2_hash_alg_to_string(pcr_bank), "tpm2-pcr-bank", JSON_BUILD_STRING(tpm2_hash_alg_to_string(pcr_bank))), + JSON_BUILD_PAIR_CONDITION(!!tpm2_asym_alg_to_string(primary_alg), "tpm2-primary-alg", JSON_BUILD_STRING(tpm2_asym_alg_to_string(primary_alg))), JSON_BUILD_PAIR("tpm2-policy-hash", JSON_BUILD_HEX(policy_hash, policy_hash_size)), JSON_BUILD_PAIR("tpm2-pin", JSON_BUILD_BOOLEAN(flags & TPM2_FLAGS_USE_PIN)), JSON_BUILD_PAIR_CONDITION(pubkey_pcr_mask != 0, "tpm2_pubkey_pcrs", JSON_BUILD_VARIANT(pkmj)), @@ -2209,7 +2209,7 @@ int tpm2_parse_luks2_json( if (!json_variant_is_string(w)) return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "TPM2 PCR bank is not a string."); - r = tpm2_pcr_bank_from_string(json_variant_string(w)); + r = tpm2_hash_alg_from_string(json_variant_string(w)); if (r < 0) return log_debug_errno(r, "TPM2 PCR bank invalid or not supported: %s", json_variant_string(w)); @@ -2225,9 +2225,9 @@ int tpm2_parse_luks2_json( if (!json_variant_is_string(w)) return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "TPM2 primary key algorithm is not a string."); - r = tpm2_primary_alg_from_string(json_variant_string(w)); + r = tpm2_asym_alg_from_string(json_variant_string(w)); if (r < 0) - return log_debug_errno(r, "TPM2 primary key algorithm invalid or not supported: %s", json_variant_string(w)); + return log_debug_errno(r, "TPM2 asymmetric algorithm invalid or not supported: %s", json_variant_string(w)); primary_alg = r; } @@ -2299,31 +2299,31 @@ int tpm2_parse_luks2_json( return 0; } -const char *tpm2_pcr_bank_to_string(uint16_t bank) { - if (bank == TPM2_ALG_SHA1) +const char *tpm2_hash_alg_to_string(uint16_t alg) { + if (alg == TPM2_ALG_SHA1) return "sha1"; - if (bank == TPM2_ALG_SHA256) + if (alg == TPM2_ALG_SHA256) return "sha256"; - if (bank == TPM2_ALG_SHA384) + if (alg == TPM2_ALG_SHA384) return "sha384"; - if (bank == TPM2_ALG_SHA512) + if (alg == TPM2_ALG_SHA512) return "sha512"; return NULL; } -int tpm2_pcr_bank_from_string(const char *bank) { - if (strcaseeq_ptr(bank, "sha1")) +int tpm2_hash_alg_from_string(const char *alg) { + if (strcaseeq_ptr(alg, "sha1")) return TPM2_ALG_SHA1; - if (strcaseeq_ptr(bank, "sha256")) + if (strcaseeq_ptr(alg, "sha256")) return TPM2_ALG_SHA256; - if (strcaseeq_ptr(bank, "sha384")) + if (strcaseeq_ptr(alg, "sha384")) return TPM2_ALG_SHA384; - if (strcaseeq_ptr(bank, "sha512")) + if (strcaseeq_ptr(alg, "sha512")) return TPM2_ALG_SHA512; return -EINVAL; } -const char *tpm2_primary_alg_to_string(uint16_t alg) { +const char *tpm2_asym_alg_to_string(uint16_t alg) { if (alg == TPM2_ALG_ECC) return "ecc"; if (alg == TPM2_ALG_RSA) @@ -2331,7 +2331,7 @@ const char *tpm2_primary_alg_to_string(uint16_t alg) { return NULL; } -int tpm2_primary_alg_from_string(const char *alg) { +int tpm2_asym_alg_from_string(const char *alg) { if (strcaseeq_ptr(alg, "ecc")) return TPM2_ALG_ECC; if (strcaseeq_ptr(alg, "rsa")) diff --git a/src/shared/tpm2-util.h b/src/shared/tpm2-util.h index 96e6c31b0a..9e302021ab 100644 --- a/src/shared/tpm2-util.h +++ b/src/shared/tpm2-util.h @@ -125,11 +125,11 @@ static inline bool TPM2_PCR_MASK_VALID(uint64_t pcr_mask) { #define TPM2_ALG_RSA 0x1 #endif -const char *tpm2_pcr_bank_to_string(uint16_t bank); -int tpm2_pcr_bank_from_string(const char *bank); +const char *tpm2_hash_alg_to_string(uint16_t alg); +int tpm2_hash_alg_from_string(const char *alg); -const char *tpm2_primary_alg_to_string(uint16_t alg); -int tpm2_primary_alg_from_string(const char *alg); +const char *tpm2_asym_alg_to_string(uint16_t alg); +int tpm2_asym_alg_from_string(const char *alg); typedef struct { uint32_t search_pcr_mask;