tpm2: add salt to pin

Add a salt to the pin and store it in the TPM2 LUKS header for future this. This adds entropy to user supplied pins and helps brute forcing the passphrase on the key residing in the TPM or brute forcing bind key encrypted sessions with low entropy passphrases. Signed-off-by: malikabhi05 <abhishek.malik@intel.com> Signed-off-by: William Roberts <william.c.roberts@intel.com>
author: William Roberts <william.c.roberts@intel.com> 2023-01-18 08:45:53 -0600
committer: Luca Boccassi <luca.boccassi@gmail.com> 2023-01-18 21:58:33 +0000
commit: aae6eb96117acd54ce5ac572aac6a11b34c4ad99 (patch)
tree: 82c3781c1d15e1c3bf2c50abbd5f94eab782c879 /src/partition
parent: f2af682cd6308f9b26035b83063e6aa8593e468c (diff)
download: systemd-aae6eb96117acd54ce5ac572aac6a11b34c4ad99.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/src/partition/repart.c b/src/partition/repart.c
index 586a5edd2d..7c4a1ee01c 100644
--- a/src/partition/repart.c
+++ b/src/partition/repart.c
@@ -3390,6 +3390,7 @@ static int partition_encrypt(Context *context, Partition *p, const char *node) {
                                 primary_alg,
                                 blob, blob_size,
                                 hash, hash_size,
+                                NULL, 0, /* no salt because tpm2_seal has no pin */
                                 0,
                                 &v);
                 if (r < 0)
author	William Roberts <william.c.roberts@intel.com>	2023-01-18 08:45:53 -0600
committer	Luca Boccassi <luca.boccassi@gmail.com>	2023-01-18 21:58:33 +0000
commit	aae6eb96117acd54ce5ac572aac6a11b34c4ad99 (patch)
tree	82c3781c1d15e1c3bf2c50abbd5f94eab782c879 /src/partition
parent	f2af682cd6308f9b26035b83063e6aa8593e468c (diff)
download	systemd-aae6eb96117acd54ce5ac572aac6a11b34c4ad99.tar.gz