mirror of
https://github.com/systemd/systemd-stable.git
synced 2025-01-06 13:17:44 +03:00
tpm2: rename tpm2 alg id<->string functions
The 'pcr_bank' functions operate on hash algs, and are not specific to the PCR banks, while the 'primary_alg' functions operate on asymmetric algs, and are not specific to primary keys.
This commit is contained in:
Dan Streetman
Zbigniew Jędrzejewski-Szmek
parent
92fc007902
commit
7bfe0a48d9
@ -855,7 +855,7 @@ static int verb_sign(int argc, char *argv[], void *userdata) {
|
||||
assert(sizeof(intermediate_digest.buffer) >= SHA256_DIGEST_SIZE);
|
||||
sha256_direct(p->value, p->value_size, intermediate_digest.buffer);
|
||||
|
||||
int tpmalg = tpm2_pcr_bank_from_string(EVP_MD_name(p->md));
|
||||
int tpmalg = tpm2_hash_alg_from_string(EVP_MD_name(p->md));
|
||||
if (tpmalg < 0) {
|
||||
log_error_errno(tpmalg, "Unsupported PCR bank");
|
||||
goto finish;
|
||||
|
||||
@ -226,10 +226,10 @@ _public_ void cryptsetup_token_dump(
|
||||
return (void) crypt_log_debug_errno(cd, r, "Can not dump " TOKEN_NAME " content: %m");
|
||||
|
||||
crypt_log(cd, "\ttpm2-hash-pcrs: %s\n", strna(hash_pcrs_str));
|
||||
crypt_log(cd, "\ttpm2-pcr-bank: %s\n", strna(tpm2_pcr_bank_to_string(pcr_bank)));
|
||||
crypt_log(cd, "\ttpm2-pcr-bank: %s\n", strna(tpm2_hash_alg_to_string(pcr_bank)));
|
||||
crypt_log(cd, "\ttpm2-pubkey:" CRYPT_DUMP_LINE_SEP "%s\n", pubkey_str);
|
||||
crypt_log(cd, "\ttpm2-pubkey-pcrs: %s\n", strna(pubkey_pcrs_str));
|
||||
crypt_log(cd, "\ttpm2-primary-alg: %s\n", strna(tpm2_primary_alg_to_string(primary_alg)));
|
||||
crypt_log(cd, "\ttpm2-primary-alg: %s\n", strna(tpm2_asym_alg_to_string(primary_alg)));
|
||||
crypt_log(cd, "\ttpm2-blob: %s\n", blob_str);
|
||||
crypt_log(cd, "\ttpm2-policy-hash:" CRYPT_DUMP_LINE_SEP "%s\n", policy_hash_str);
|
||||
crypt_log(cd, "\ttpm2-pin: %s\n", true_false(flags & TPM2_FLAGS_USE_PIN));
|
||||
@ -288,7 +288,7 @@ _public_ int cryptsetup_token_validate(
|
||||
return 1;
|
||||
}
|
||||
|
||||
if (tpm2_pcr_bank_from_string(json_variant_string(w)) < 0) {
|
||||
if (tpm2_hash_alg_from_string(json_variant_string(w)) < 0) {
|
||||
crypt_log_debug(cd, "TPM2 PCR bank invalid or not supported: %s.", json_variant_string(w));
|
||||
return 1;
|
||||
}
|
||||
@ -305,7 +305,7 @@ _public_ int cryptsetup_token_validate(
|
||||
return 1;
|
||||
}
|
||||
|
||||
if (tpm2_primary_alg_from_string(json_variant_string(w)) < 0) {
|
||||
if (tpm2_asym_alg_from_string(json_variant_string(w)) < 0) {
|
||||
crypt_log_debug(cd, "TPM2 primary key algorithm invalid or not supported: %s", json_variant_string(w));
|
||||
return 1;
|
||||
}
|
||||
|
||||
@ -990,9 +990,9 @@ int decrypt_credential_and_warn(
|
||||
|
||||
if (!TPM2_PCR_MASK_VALID(t->pcr_mask))
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "TPM2 PCR mask out of range.");
|
||||
if (!tpm2_pcr_bank_to_string(le16toh(t->pcr_bank)))
|
||||
if (!tpm2_hash_alg_to_string(le16toh(t->pcr_bank)))
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "TPM2 PCR bank invalid or not supported");
|
||||
if (!tpm2_primary_alg_to_string(le16toh(t->primary_alg)))
|
||||
if (!tpm2_asym_alg_to_string(le16toh(t->primary_alg)))
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "TPM2 primary key algorithm invalid or not supported.");
|
||||
if (le32toh(t->blob_size) > CREDENTIAL_FIELD_SIZE_MAX)
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EBADMSG), "Unexpected TPM2 blob size.");
|
||||
|
||||
@ -529,7 +529,7 @@ static int tpm2_bank_has24(const TPMS_PCR_SELECTION *selection) {
|
||||
* TPM2 on a Client PC must have at least 24 PCRs. If this TPM has less, just skip over it. */
|
||||
if (selection->sizeofSelect < TPM2_PCRS_MAX/8) {
|
||||
log_debug("Skipping TPM2 PCR bank %s with fewer than 24 PCRs.",
|
||||
strna(tpm2_pcr_bank_to_string(selection->hash)));
|
||||
strna(tpm2_hash_alg_to_string(selection->hash)));
|
||||
return false;
|
||||
}
|
||||
|
||||
@ -546,7 +546,7 @@ static int tpm2_bank_has24(const TPMS_PCR_SELECTION *selection) {
|
||||
|
||||
if (!valid)
|
||||
log_debug("TPM2 PCR bank %s has fewer than 24 PCR bits enabled, ignoring.",
|
||||
strna(tpm2_pcr_bank_to_string(selection->hash)));
|
||||
strna(tpm2_hash_alg_to_string(selection->hash)));
|
||||
|
||||
return valid;
|
||||
}
|
||||
@ -748,7 +748,7 @@ int tpm2_get_good_pcr_banks_strv(
|
||||
const EVP_MD *implementation;
|
||||
const char *salg;
|
||||
|
||||
salg = tpm2_pcr_bank_to_string(algs[i]);
|
||||
salg = tpm2_hash_alg_to_string(algs[i]);
|
||||
if (!salg)
|
||||
return log_error_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE), "TPM2 operates with unknown PCR algorithm, can't measure.");
|
||||
|
||||
@ -972,7 +972,7 @@ static int find_signature(
|
||||
if (!json_variant_is_object(v))
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Signature is not a JSON object.");
|
||||
|
||||
k = tpm2_pcr_bank_to_string(pcr_bank);
|
||||
k = tpm2_hash_alg_to_string(pcr_bank);
|
||||
if (!k)
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Don't know PCR bank %" PRIu16, pcr_bank);
|
||||
|
||||
@ -1957,7 +1957,7 @@ int tpm2_extend_bytes(
|
||||
if ((size_t) EVP_MD_size(implementation) > sizeof(values.digests[values.count].digest))
|
||||
return log_error_errno(SYNTHETIC_ERRNO(E2BIG), "Hash result too large for TPM2.");
|
||||
|
||||
id = tpm2_pcr_bank_from_string(EVP_MD_name(implementation));
|
||||
id = tpm2_hash_alg_from_string(EVP_MD_name(implementation));
|
||||
if (id < 0)
|
||||
return log_error_errno(id, "Can't map hash name to TPM2.");
|
||||
|
||||
@ -2143,8 +2143,8 @@ int tpm2_make_luks2_json(
|
||||
JSON_BUILD_PAIR("keyslots", JSON_BUILD_ARRAY(JSON_BUILD_STRING(keyslot_as_string))),
|
||||
JSON_BUILD_PAIR("tpm2-blob", JSON_BUILD_BASE64(blob, blob_size)),
|
||||
JSON_BUILD_PAIR("tpm2-pcrs", JSON_BUILD_VARIANT(hmj)),
|
||||
JSON_BUILD_PAIR_CONDITION(!!tpm2_pcr_bank_to_string(pcr_bank), "tpm2-pcr-bank", JSON_BUILD_STRING(tpm2_pcr_bank_to_string(pcr_bank))),
|
||||
JSON_BUILD_PAIR_CONDITION(!!tpm2_primary_alg_to_string(primary_alg), "tpm2-primary-alg", JSON_BUILD_STRING(tpm2_primary_alg_to_string(primary_alg))),
|
||||
JSON_BUILD_PAIR_CONDITION(!!tpm2_hash_alg_to_string(pcr_bank), "tpm2-pcr-bank", JSON_BUILD_STRING(tpm2_hash_alg_to_string(pcr_bank))),
|
||||
JSON_BUILD_PAIR_CONDITION(!!tpm2_asym_alg_to_string(primary_alg), "tpm2-primary-alg", JSON_BUILD_STRING(tpm2_asym_alg_to_string(primary_alg))),
|
||||
JSON_BUILD_PAIR("tpm2-policy-hash", JSON_BUILD_HEX(policy_hash, policy_hash_size)),
|
||||
JSON_BUILD_PAIR("tpm2-pin", JSON_BUILD_BOOLEAN(flags & TPM2_FLAGS_USE_PIN)),
|
||||
JSON_BUILD_PAIR_CONDITION(pubkey_pcr_mask != 0, "tpm2_pubkey_pcrs", JSON_BUILD_VARIANT(pkmj)),
|
||||
@ -2215,7 +2215,7 @@ int tpm2_parse_luks2_json(
|
||||
if (!json_variant_is_string(w))
|
||||
return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "TPM2 PCR bank is not a string.");
|
||||
|
||||
r = tpm2_pcr_bank_from_string(json_variant_string(w));
|
||||
r = tpm2_hash_alg_from_string(json_variant_string(w));
|
||||
if (r < 0)
|
||||
return log_debug_errno(r, "TPM2 PCR bank invalid or not supported: %s", json_variant_string(w));
|
||||
|
||||
@ -2231,9 +2231,9 @@ int tpm2_parse_luks2_json(
|
||||
if (!json_variant_is_string(w))
|
||||
return log_debug_errno(SYNTHETIC_ERRNO(EINVAL), "TPM2 primary key algorithm is not a string.");
|
||||
|
||||
r = tpm2_primary_alg_from_string(json_variant_string(w));
|
||||
r = tpm2_asym_alg_from_string(json_variant_string(w));
|
||||
if (r < 0)
|
||||
return log_debug_errno(r, "TPM2 primary key algorithm invalid or not supported: %s", json_variant_string(w));
|
||||
return log_debug_errno(r, "TPM2 asymmetric algorithm invalid or not supported: %s", json_variant_string(w));
|
||||
|
||||
primary_alg = r;
|
||||
}
|
||||
@ -2316,31 +2316,31 @@ int tpm2_parse_luks2_json(
|
||||
return 0;
|
||||
}
|
||||
|
||||
const char *tpm2_pcr_bank_to_string(uint16_t bank) {
|
||||
if (bank == TPM2_ALG_SHA1)
|
||||
const char *tpm2_hash_alg_to_string(uint16_t alg) {
|
||||
if (alg == TPM2_ALG_SHA1)
|
||||
return "sha1";
|
||||
if (bank == TPM2_ALG_SHA256)
|
||||
if (alg == TPM2_ALG_SHA256)
|
||||
return "sha256";
|
||||
if (bank == TPM2_ALG_SHA384)
|
||||
if (alg == TPM2_ALG_SHA384)
|
||||
return "sha384";
|
||||
if (bank == TPM2_ALG_SHA512)
|
||||
if (alg == TPM2_ALG_SHA512)
|
||||
return "sha512";
|
||||
return NULL;
|
||||
}
|
||||
|
||||
int tpm2_pcr_bank_from_string(const char *bank) {
|
||||
if (strcaseeq_ptr(bank, "sha1"))
|
||||
int tpm2_hash_alg_from_string(const char *alg) {
|
||||
if (strcaseeq_ptr(alg, "sha1"))
|
||||
return TPM2_ALG_SHA1;
|
||||
if (strcaseeq_ptr(bank, "sha256"))
|
||||
if (strcaseeq_ptr(alg, "sha256"))
|
||||
return TPM2_ALG_SHA256;
|
||||
if (strcaseeq_ptr(bank, "sha384"))
|
||||
if (strcaseeq_ptr(alg, "sha384"))
|
||||
return TPM2_ALG_SHA384;
|
||||
if (strcaseeq_ptr(bank, "sha512"))
|
||||
if (strcaseeq_ptr(alg, "sha512"))
|
||||
return TPM2_ALG_SHA512;
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
const char *tpm2_primary_alg_to_string(uint16_t alg) {
|
||||
const char *tpm2_asym_alg_to_string(uint16_t alg) {
|
||||
if (alg == TPM2_ALG_ECC)
|
||||
return "ecc";
|
||||
if (alg == TPM2_ALG_RSA)
|
||||
@ -2348,7 +2348,7 @@ const char *tpm2_primary_alg_to_string(uint16_t alg) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
int tpm2_primary_alg_from_string(const char *alg) {
|
||||
int tpm2_asym_alg_from_string(const char *alg) {
|
||||
if (strcaseeq_ptr(alg, "ecc"))
|
||||
return TPM2_ALG_ECC;
|
||||
if (strcaseeq_ptr(alg, "rsa"))
|
||||
|
||||
@ -126,11 +126,11 @@ static inline bool TPM2_PCR_MASK_VALID(uint64_t pcr_mask) {
|
||||
#define TPM2_ALG_RSA 0x1
|
||||
#endif
|
||||
|
||||
const char *tpm2_pcr_bank_to_string(uint16_t bank);
|
||||
int tpm2_pcr_bank_from_string(const char *bank);
|
||||
const char *tpm2_hash_alg_to_string(uint16_t alg);
|
||||
int tpm2_hash_alg_from_string(const char *alg);
|
||||
|
||||
const char *tpm2_primary_alg_to_string(uint16_t alg);
|
||||
int tpm2_primary_alg_from_string(const char *alg);
|
||||
const char *tpm2_asym_alg_to_string(uint16_t alg);
|
||||
int tpm2_asym_alg_from_string(const char *alg);
|
||||
|
||||
typedef struct {
|
||||
uint32_t search_pcr_mask;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user