systemd/SOURCES/0497-tpm2-rename-tpm2-alg-id-string-functions.patch

238 lines
12 KiB
Diff

From 73fd8e125a5c22cd341c056b774ab6cb2122b951 Mon Sep 17 00:00:00 2001
From: Dan Streetman <ddstreet@ieee.org>
Date: Fri, 9 Dec 2022 17:20:24 -0500
Subject: [PATCH] tpm2: rename tpm2 alg id<->string functions
The 'pcr_bank' functions operate on hash algs, and are not specific to the PCR
banks, while the 'primary_alg' functions operate on asymmetric algs, and are
not specific to primary keys.
(cherry picked from commit 7bfe0a48d9df6e9488aaec2eeb5bfec051681e40)
Related: RHEL-16182
---
src/boot/measure.c | 2 +-
.../cryptsetup-token-systemd-tpm2.c | 8 ++--
src/shared/creds-util.c | 4 +-
src/shared/tpm2-util.c | 44 +++++++++----------
src/shared/tpm2-util.h | 8 ++--
5 files changed, 33 insertions(+), 33 deletions(-)
diff --git a/src/boot/measure.c b/src/boot/measure.c
index 84a7c357a4..8af3a337d6 100644
--- a/src/boot/measure.c
+++ b/src/boot/measure.c
@@ -837,7 +837,7 @@ static int verb_sign(int argc, char *argv[], void *userdata) {
assert(sizeof(intermediate_digest.buffer) >= SHA256_DIGEST_SIZE);
sha256_direct(p->value, p->value_size, intermediate_digest.buffer);
- int tpmalg = tpm2_pcr_bank_from_string(EVP_MD_name(p->md));
+ int tpmalg = tpm2_hash_alg_from_string(EVP_MD_name(p->md));
if (tpmalg < 0) {
log_error_errno(tpmalg, "Unsupported PCR bank");
goto finish;
diff --git a/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-tpm2.c b/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-tpm2.c
index 1eb924529c..98bcaac4d8 100644
--- a/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-tpm2.c
+++ b/src/cryptsetup/cryptsetup-tokens/cryptsetup-token-systemd-tpm2.c
@@ -220,10 +220,10 @@ _public_ void cryptsetup_token_dump(
return (void) crypt_log_debug_errno(cd, r, "Can not dump " TOKEN_NAME " content: %m");
crypt_log(cd, "\ttpm2-hash-pcrs: %s\n", strna(hash_pcrs_str));
- crypt_log(cd, "\ttpm2-pcr-bank: %s\n", strna(tpm2_pcr_bank_to_string(pcr_bank)));
+ crypt_log(cd, "\ttpm2-pcr-bank: %s\n", strna(tpm2_hash_alg_to_string(pcr_bank)));
crypt_log(cd, "\ttpm2-pubkey:" CRYPT_DUMP_LINE_SEP "%s\n", pubkey_str);
crypt_log(cd, "\ttpm2-pubkey-pcrs: %s\n", strna(pubkey_pcrs_str));
- crypt_log(cd, "\ttpm2-primary-alg: %s\n", strna(tpm2_primary_alg_to_string(primary_alg)));
+ crypt_log(cd, "\ttpm2-primary-alg: %s\n", strna(tpm2_asym_alg_to_string(primary_alg)));
crypt_log(cd, "\ttpm2-blob: %s\n", blob_str);
crypt_log(cd, "\ttpm2-policy-hash:" CRYPT_DUMP_LINE_SEP "%s\n", policy_hash_str);
crypt_log(cd, "\ttpm2-pin: %s\n", true_false(flags & TPM2_FLAGS_USE_PIN));
@@ -281,7 +281,7 @@ _public_ int cryptsetup_token_validate(
return 1;
}
- if (tpm2_pcr_bank_from_string(json_variant_string(w)) < 0) {
+ if (tpm2_hash_alg_from_string(json_variant_string(w)) < 0) {
crypt_log_debug(cd, "TPM2 PCR bank invalid or not supported: %s.", json_variant_string(w));
return 1;
}
@@ -298,7 +298,7 @@ _public_ int cryptsetup_token_validate(
return 1;
}
- if (tpm2_primary_alg_from_string(json_variant_string(w)) < 0) {
+ if (tpm2_asym_alg_from_string(json_variant_string(w)) < 0) {
crypt_log_debug(cd, "TPM2 primary key algorithm invalid or not supported: %s", json_variant_string(w));
return 1;
}
diff --git a/src/shared/creds-util.c b/src/shared/creds-util.c
index 9ac0320c58..e9cafb8097 100644
--- a/src/shared/creds-util.c
+++ b/src/shared/creds-util.c
@@ -944,9 +944,9 @@ int decrypt_credential_and_warn(
if (!TPM2_PCR_MASK_VALID(t->pcr_mask))
return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "TPM2 PCR mask out of range.");
- if (!tpm2_pcr_bank_to_string(le16toh(t->pcr_bank)))
+ if (!tpm2_hash_alg_to_string(le16toh(t->pcr_bank)))
return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "TPM2 PCR bank invalid or not supported");
- if (!tpm2_primary_alg_to_string(le16toh(t->primary_alg)))
+ if (!tpm2_asym_alg_to_string(le16toh(t->primary_alg)))
return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "TPM2 primary key algorithm invalid or not supported.");
if (le32toh(t->blob_size) > CREDENTIAL_FIELD_SIZE_MAX)
return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Unexpected TPM2 blob size.");
diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c
index 278cdf3692..fe4d63b775 100644
--- a/src/shared/tpm2-util.c
+++ b/src/shared/tpm2-util.c
@@ -528,7 +528,7 @@ static int tpm2_bank_has24(const TPMS_PCR_SELECTION *selection) {
* TPM2 on a Client PC must have at least 24 PCRs. If this TPM has less, just skip over it. */
if (selection->sizeofSelect < TPM2_PCRS_MAX/8) {
log_debug("Skipping TPM2 PCR bank %s with fewer than 24 PCRs.",
- strna(tpm2_pcr_bank_to_string(selection->hash)));
+ strna(tpm2_hash_alg_to_string(selection->hash)));
return false;
}
@@ -545,7 +545,7 @@ static int tpm2_bank_has24(const TPMS_PCR_SELECTION *selection) {
if (!valid)
log_debug("TPM2 PCR bank %s has fewer than 24 PCR bits enabled, ignoring.",
- strna(tpm2_pcr_bank_to_string(selection->hash)));
+ strna(tpm2_hash_alg_to_string(selection->hash)));
return valid;
}
@@ -747,7 +747,7 @@ int tpm2_get_good_pcr_banks_strv(
const EVP_MD *implementation;
const char *salg;
- salg = tpm2_pcr_bank_to_string(algs[i]);
+ salg = tpm2_hash_alg_to_string(algs[i]);
if (!salg)
return log_error_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE), "TPM2 operates with unknown PCR algorithm, can't measure.");
@@ -971,7 +971,7 @@ static int find_signature(
if (!json_variant_is_object(v))
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Signature is not a JSON object.");
- k = tpm2_pcr_bank_to_string(pcr_bank);
+ k = tpm2_hash_alg_to_string(pcr_bank);
if (!k)
return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Don't know PCR bank %" PRIu16, pcr_bank);
@@ -1956,7 +1956,7 @@ int tpm2_extend_bytes(
if ((size_t) EVP_MD_size(implementation) > sizeof(values.digests[values.count].digest))
return log_error_errno(SYNTHETIC_ERRNO(E2BIG), "Hash result too large for TPM2.");
- id = tpm2_pcr_bank_from_string(EVP_MD_name(implementation));
+ id = tpm2_hash_alg_from_string(EVP_MD_name(implementation));
if (id < 0)
return log_error_errno(id, "Can't map hash name to TPM2.");
@@ -2140,8 +2140,8 @@ int tpm2_make_luks2_json(
JSON_BUILD_PAIR("keyslots", JSON_BUILD_ARRAY(JSON_BUILD_STRING(keyslot_as_string))),
JSON_BUILD_PAIR("tpm2-blob", JSON_BUILD_BASE64(blob, blob_size)),
JSON_BUILD_PAIR("tpm2-pcrs", JSON_BUILD_VARIANT(hmj)),
- JSON_BUILD_PAIR_CONDITION(!!tpm2_pcr_bank_to_string(pcr_bank), "tpm2-pcr-bank", JSON_BUILD_STRING(tpm2_pcr_bank_to_string(pcr_bank))),
- JSON_BUILD_PAIR_CONDITION(!!tpm2_primary_alg_to_string(primary_alg), "tpm2-primary-alg", JSON_BUILD_STRING(tpm2_primary_alg_to_string(primary_alg))),
+ JSON_BUILD_PAIR_CONDITION(!!tpm2_hash_alg_to_string(pcr_bank), "tpm2-pcr-bank", JSON_BUILD_STRING(tpm2_hash_alg_to_string(pcr_bank))),
+ JSON_BUILD_PAIR_CONDITION(!!tpm2_asym_alg_to_string(primary_alg), "tpm2-primary-alg", JSON_BUILD_STRING(tpm2_asym_alg_to_string(primary_alg))),
JSON_BUILD_PAIR("tpm2-policy-hash", JSON_BUILD_HEX(policy_hash, policy_hash_size)),
JSON_BUILD_PAIR("tpm2-pin", JSON_BUILD_BOOLEAN(flags & TPM2_FLAGS_USE_PIN)),
JSON_BUILD_PAIR_CONDITION(pubkey_pcr_mask != 0, "tpm2_pubkey_pcrs", JSON_BUILD_VARIANT(pkmj)),
@@ -2209,7 +2209,7 @@ int tpm2_parse_luks2_json(
if (!json_variant_is_string(w))
return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "TPM2 PCR bank is not a string.");
- r = tpm2_pcr_bank_from_string(json_variant_string(w));
+ r = tpm2_hash_alg_from_string(json_variant_string(w));
if (r < 0)
return log_debug_errno(r, "TPM2 PCR bank invalid or not supported: %s", json_variant_string(w));
@@ -2225,9 +2225,9 @@ int tpm2_parse_luks2_json(
if (!json_variant_is_string(w))
return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "TPM2 primary key algorithm is not a string.");
- r = tpm2_primary_alg_from_string(json_variant_string(w));
+ r = tpm2_asym_alg_from_string(json_variant_string(w));
if (r < 0)
- return log_debug_errno(r, "TPM2 primary key algorithm invalid or not supported: %s", json_variant_string(w));
+ return log_debug_errno(r, "TPM2 asymmetric algorithm invalid or not supported: %s", json_variant_string(w));
primary_alg = r;
}
@@ -2299,31 +2299,31 @@ int tpm2_parse_luks2_json(
return 0;
}
-const char *tpm2_pcr_bank_to_string(uint16_t bank) {
- if (bank == TPM2_ALG_SHA1)
+const char *tpm2_hash_alg_to_string(uint16_t alg) {
+ if (alg == TPM2_ALG_SHA1)
return "sha1";
- if (bank == TPM2_ALG_SHA256)
+ if (alg == TPM2_ALG_SHA256)
return "sha256";
- if (bank == TPM2_ALG_SHA384)
+ if (alg == TPM2_ALG_SHA384)
return "sha384";
- if (bank == TPM2_ALG_SHA512)
+ if (alg == TPM2_ALG_SHA512)
return "sha512";
return NULL;
}
-int tpm2_pcr_bank_from_string(const char *bank) {
- if (strcaseeq_ptr(bank, "sha1"))
+int tpm2_hash_alg_from_string(const char *alg) {
+ if (strcaseeq_ptr(alg, "sha1"))
return TPM2_ALG_SHA1;
- if (strcaseeq_ptr(bank, "sha256"))
+ if (strcaseeq_ptr(alg, "sha256"))
return TPM2_ALG_SHA256;
- if (strcaseeq_ptr(bank, "sha384"))
+ if (strcaseeq_ptr(alg, "sha384"))
return TPM2_ALG_SHA384;
- if (strcaseeq_ptr(bank, "sha512"))
+ if (strcaseeq_ptr(alg, "sha512"))
return TPM2_ALG_SHA512;
return -EINVAL;
}
-const char *tpm2_primary_alg_to_string(uint16_t alg) {
+const char *tpm2_asym_alg_to_string(uint16_t alg) {
if (alg == TPM2_ALG_ECC)
return "ecc";
if (alg == TPM2_ALG_RSA)
@@ -2331,7 +2331,7 @@ const char *tpm2_primary_alg_to_string(uint16_t alg) {
return NULL;
}
-int tpm2_primary_alg_from_string(const char *alg) {
+int tpm2_asym_alg_from_string(const char *alg) {
if (strcaseeq_ptr(alg, "ecc"))
return TPM2_ALG_ECC;
if (strcaseeq_ptr(alg, "rsa"))
diff --git a/src/shared/tpm2-util.h b/src/shared/tpm2-util.h
index 96e6c31b0a..9e302021ab 100644
--- a/src/shared/tpm2-util.h
+++ b/src/shared/tpm2-util.h
@@ -125,11 +125,11 @@ static inline bool TPM2_PCR_MASK_VALID(uint64_t pcr_mask) {
#define TPM2_ALG_RSA 0x1
#endif
-const char *tpm2_pcr_bank_to_string(uint16_t bank);
-int tpm2_pcr_bank_from_string(const char *bank);
+const char *tpm2_hash_alg_to_string(uint16_t alg);
+int tpm2_hash_alg_from_string(const char *alg);
-const char *tpm2_primary_alg_to_string(uint16_t alg);
-int tpm2_primary_alg_from_string(const char *alg);
+const char *tpm2_asym_alg_to_string(uint16_t alg);
+int tpm2_asym_alg_from_string(const char *alg);
typedef struct {
uint32_t search_pcr_mask;