From 3bd6a10eeaaa863d54573226828f6e0c204442ee Mon Sep 17 00:00:00 2001 From: Dan Streetman Date: Wed, 14 Dec 2022 10:46:13 -0500 Subject: [PATCH] tpm2: replace hash_pin() with tpm2_digest_*() functions The hash_pin() function is just a specific use case of the digest functions. (cherry picked from commit 94a4ff2dc1e753fc5715b5d240092e38456898f0) Related: RHEL-16182 --- src/shared/tpm2-util.c | 26 ++++++++------------------ 1 file changed, 8 insertions(+), 18 deletions(-) diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c index d397c505f5..f1950189d5 100644 --- a/src/shared/tpm2-util.c +++ b/src/shared/tpm2-util.c @@ -1369,21 +1369,6 @@ int tpm2_get_good_pcr_banks_strv( return 0; } -static void hash_pin(const char *pin, size_t len, TPM2B_AUTH *auth) { - struct sha256_ctx hash; - - assert(auth); - assert(pin); - - auth->size = SHA256_DIGEST_SIZE; - - CLEANUP_ERASE(hash); - - sha256_init_ctx(&hash); - sha256_process_bytes(pin, len, &hash); - sha256_finish_ctx(&hash, auth->buffer); -} - /* Hash data into the digest. * * If 'extend' is true, the hashing operation starts with the existing digest hash (and the digest is @@ -1507,7 +1492,9 @@ static int tpm2_make_encryption_session( CLEANUP_ERASE(auth); - hash_pin(pin, strlen(pin), &auth); + r = tpm2_digest_buffer(TPM2_ALG_SHA256, &auth, pin, strlen(pin), /* extend= */ false); + if (r < 0) + return r; rc = sym_Esys_TR_SetAuth(c->esys_context, bind_key->esys_handle, &auth); if (rc != TSS2_RC_SUCCESS) @@ -2182,8 +2169,11 @@ int tpm2_seal(const char *device, .size = sizeof(hmac_sensitive.sensitive), .sensitive.data.size = 32, }; - if (pin) - hash_pin(pin, strlen(pin), &hmac_sensitive.sensitive.userAuth); + if (pin) { + r = tpm2_digest_buffer(TPM2_ALG_SHA256, &hmac_sensitive.sensitive.userAuth, pin, strlen(pin), /* extend= */ false); + if (r < 0) + return r; + } assert(sizeof(hmac_sensitive.sensitive.data.buffer) >= hmac_sensitive.sensitive.data.size);