tpm2: simplify tpm2_seal() blob creation

TPM2 marshalling will never increase the total size, only possibly decrease. There is no need for checking for insufficient size if the buffer size is set to the sizeof both objects to be marshalled.
author: Dan Streetman <ddstreet@ieee.org> 2022-12-19 09:58:05 -0500
committer: Luca Boccassi <luca.boccassi@gmail.com> 2023-02-17 14:02:15 +0000
commit: e8858f1104d87179abd8d9c413292e42f1eaf7c0 (patch)
tree: 3002d4c15093d9a9994465815bffaf29b89374d9
parent: a133d2c366ea0661f4c57c9ddda3e6742dfc2566 (diff)
download: systemd-e8858f1104d87179abd8d9c413292e42f1eaf7c0.tar.gz
1 files changed, 14 insertions, 26 deletions
diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c
index 4345b95106..6027a680fa 100644
--- a/src/shared/tpm2-util.c
+++ b/src/shared/tpm2-util.c
@@ -1423,12 +1423,11 @@ int tpm2_seal(const char *device,
         _cleanup_(Esys_Freep) TPM2B_PUBLIC *public = NULL;
         static const TPML_PCR_SELECTION creation_pcr = {};
         _cleanup_(erase_and_freep) void *secret = NULL;
-        _cleanup_free_ void *blob = NULL, *hash = NULL;
+        _cleanup_free_ void *hash = NULL;
         TPM2B_SENSITIVE_CREATE hmac_sensitive;
         TPMI_ALG_PUBLIC primary_alg;
         TPM2B_PUBLIC hmac_template;
         TPMI_ALG_HASH pcr_bank;
-        size_t k, blob_size;
         usec_t start;
         TSS2_RC rc;
         int r;
@@ -1558,33 +1557,22 @@ int tpm2_seal(const char *device,
 
         log_debug("Marshalling private and public part of HMAC key.");
 
-        k = ALIGN8(sizeof(*private)) + ALIGN8(sizeof(*public)); /* Some roughly sensible start value */
-        for (;;) {
-                _cleanup_free_ void *buf = NULL;
-                size_t offset = 0;
-
-                buf = malloc(k);
-                if (!buf)
-                        return log_oom();
+        _cleanup_free_ void *blob = NULL;
+        size_t max_size = sizeof(*private) + sizeof(*public), blob_size = 0;
 
-                rc = sym_Tss2_MU_TPM2B_PRIVATE_Marshal(private, buf, k, &offset);
-                if (rc == TSS2_RC_SUCCESS) {
-                        rc = sym_Tss2_MU_TPM2B_PUBLIC_Marshal(public, buf, k, &offset);
-                        if (rc == TSS2_RC_SUCCESS) {
-                                blob = TAKE_PTR(buf);
-                                blob_size = offset;
-                                break;
-                        }
-                }
-                if (rc != TSS2_MU_RC_INSUFFICIENT_BUFFER)
-                        return log_error_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE),
-                                               "Failed to marshal private/public key: %s", sym_Tss2_RC_Decode(rc));
+        blob = malloc0(max_size);
+        if (!blob)
+                return log_oom();
 
-                if (k > SIZE_MAX / 2)
-                        return log_oom();
+        rc = sym_Tss2_MU_TPM2B_PRIVATE_Marshal(private, blob, max_size, &blob_size);
+        if (rc != TSS2_RC_SUCCESS)
+                return log_error_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE),
+                                       "Failed to marshal private key: %s", sym_Tss2_RC_Decode(rc));
 
-                k *= 2;
-        }
+        rc = sym_Tss2_MU_TPM2B_PUBLIC_Marshal(public, blob, max_size, &blob_size);
+        if (rc != TSS2_RC_SUCCESS)
+                return log_error_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE),
+                                       "Failed to marshal public key: %s", sym_Tss2_RC_Decode(rc));
 
         hash = memdup(policy_digest->buffer, policy_digest->size);
         if (!hash)
author	Dan Streetman <ddstreet@ieee.org>	2022-12-19 09:58:05 -0500
committer	Luca Boccassi <luca.boccassi@gmail.com>	2023-02-17 14:02:15 +0000
commit	e8858f1104d87179abd8d9c413292e42f1eaf7c0 (patch)
tree	3002d4c15093d9a9994465815bffaf29b89374d9
parent	a133d2c366ea0661f4c57c9ddda3e6742dfc2566 (diff)
download	systemd-e8858f1104d87179abd8d9c413292e42f1eaf7c0.tar.gz