From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 933CE33E1
	for <tpm-protocol@lists.linux.dev>; Mon,  1 Sep 2025 18:10:42 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1756750242; cv=none; b=shUk7tYRLg/+wjfTy/yNyqaMvt4Z5sfVvQUvP1FSD3VwheKUqQAeOunooGvETClxJq9o+uylEf6KSF6JoPgmKNWgjbWBIc/QBM74Rf3uvZNrBy8JAf8kPLf1/0Wu+jr5qecpK1Ww62BrAgXDeuhgRYpVoYyqMKBeMjACKY7Ln24=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1756750242; c=relaxed/simple;
	bh=ELzZf3B/f5IdAp7fWYLuGOQtj1e/aNb6W7p5fMzWa2A=;
	h=From:To:Cc:Subject:Date:Message-Id:MIME-Version; b=IIMe0XLPngsjALuRveXFI7adOA7IPmrhDIvjza+URjfJmGOTnqsIwvKsduLWHaRIrd/U4h1WTohnpIQcaMpAtl+aouKIxfnVCrSMMIfyXpVdPK1y0HTP27goFTicLpuz0cPiaRbtrcKCa1Gaf8kUVWYnbVaRHV2DYyI0pZ3wDq0=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=FAHbKZMM; arc=none smtp.client-ip=10.30.226.201
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="FAHbKZMM"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0FE91C4CEF1;
	Mon,  1 Sep 2025 18:10:41 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1756750242;
	bh=ELzZf3B/f5IdAp7fWYLuGOQtj1e/aNb6W7p5fMzWa2A=;
	h=From:To:Cc:Subject:Date:From;
	b=FAHbKZMMVGPooaKNgYnDGlr/BHV/vGK+zeF71onkkz24FSjuocjFLQh0dIO9UKCyn
	 Kdq/YjAx/NVCktYPxL0f3gHMK+cyQvyjj5vailRyznnHIjht9IBCTnADX895jngslK
	 8McLePJJ9KclLupvq4qUX5F+JesamTvPdm2XmJrMt+w19kElmaKGyA1Z7FvrzqUQq4
	 NjcZdiWLHx9Xa+49diWoEey75fJ+LrgfQv0phB7g2EJY/HxgQFtpgso8O0oZcY3YBp
	 5AgaETwonHTVi5PFNMagjHaMBGGLARurhzaD9elIax3GC8409Jn5j/ZvZ7i2Fa+gJt
	 GepYyqexZo4MA==
From: Jarkko Sakkinen <jarkko@kernel.org>
To: tpm-protocol@lists.linux.dev
Cc: Jarkko Sakkinen <jarkko@kernel.org>
Subject: [PATCH] fix(data): add the missing null variant to TpmuHa
Date: Mon,  1 Sep 2025 21:10:37 +0300
Message-Id: <20250901181037.2262746-1-jarkko@kernel.org>
X-Mailer: git-send-email 2.39.5
Precedence: bulk
X-Mailing-List: tpm-protocol@lists.linux.dev
List-Id: <tpm-protocol.lists.linux.dev>
List-Subscribe: <mailto:tpm-protocol+subscribe@lists.linux.dev>
List-Unsubscribe: <mailto:tpm-protocol+unsubscribe@lists.linux.dev>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Add the forgoten Null variant to `TpmuHa` and change `TpmuHa::default` to
return this variant. This fix will in effect address a data corruption bug
in `TpmtHa::default`, which triggered the analysis for the root cause:

1. `hash_alg` is set to null
2. `digest` is set to SHA-256.

With the commit applied the algorithm mismatch ceases to exist.

Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
---
 src/data/tpmu.rs | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/src/data/tpmu.rs b/src/data/tpmu.rs
index 0fb64f7..2d7e80f 100644
--- a/src/data/tpmu.rs
+++ b/src/data/tpmu.rs
@@ -84,6 +84,7 @@ impl TpmParseTagged for TpmuCapabilities {
 
 #[derive(Debug, PartialEq, Eq, Clone, Copy)]
 pub enum TpmuHa {
+    Null,
     Sha1([u8; 20]),
     Sha256([u8; 32]),
     Sha384([u8; 48]),
@@ -98,12 +99,19 @@ impl TpmTagged for TpmuHa {
 
 impl TpmBuild for TpmuHa {
     fn build(&self, writer: &mut TpmWriter) -> TpmResult<()> {
-        writer.write_bytes(self)
+        match self {
+            Self::Null => Ok(()),
+            _ => writer.write_bytes(self),
+        }
     }
 }
 
 impl TpmParseTagged for TpmuHa {
     fn parse_tagged(tag: TpmAlgId, buf: &[u8]) -> TpmResult<(Self, &[u8])> {
+        if tag == TpmAlgId::Null {
+            return Ok((Self::Null, buf));
+        }
+
         let digest_size = tpm_hash_size(&tag).ok_or(TpmErrorKind::InvalidValue)?;
         if buf.len() < digest_size {
             return Err(TpmErrorKind::ParseUnderflow);
@@ -126,7 +134,7 @@ impl TpmParseTagged for TpmuHa {
 
 impl Default for TpmuHa {
     fn default() -> Self {
-        Self::Sha256([0; 32])
+        Self::Null
     }
 }
 
@@ -138,6 +146,7 @@ impl TpmSized for TpmuHa {
             Self::Sha256(d) | Self::Sm3_256(d) => d.len(),
             Self::Sha384(d) => d.len(),
             Self::Sha512(d) => d.len(),
+            Self::Null => 0,
         }
     }
 }
@@ -151,6 +160,7 @@ impl Deref for TpmuHa {
             Self::Sha256(d) | Self::Sm3_256(d) => d,
             Self::Sha384(d) => d,
             Self::Sha512(d) => d,
+            Self::Null => &[],
         }
     }
 }
-- 
2.39.5