From 58d0129fdeb3c7455f958a91ba1afdb7858a29ff Mon Sep 17 00:00:00 2001
From: Imran Desai <imran.desai@intel.com>
Date: Thu, 25 Jan 2024 10:14:33 -0700
Subject: [PATCH] tpm2_hash: Change default hashing alg from sha1 to sha256

Signed-off-by: Imran Desai <imran.desai@intel.com>
---
 test/integration/tests/hash.sh | 12 ++++++------
 tools/tpm2_hash.c              |  2 +-
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/test/integration/tests/hash.sh b/test/integration/tests/hash.sh
index f6dcdc3ff..a457b7336 100644
--- a/test/integration/tests/hash.sh
+++ b/test/integration/tests/hash.sh
@@ -50,12 +50,12 @@ cleanup "no-shut-down"
 # Test stdout output as well as no options.
 # Validate that hash outputs are in hex as expected.
 tpm_hash_val=`echo 1234 | tpm2 hash -C n --hex`
-sha1sum_val=`echo 1234 | shasum -a 1  | cut -d\  -f 1-2 | tr -d '[:space:]'`
-if [ "$tpm_hash_val" != "$sha1sum_val" ]; then
+sha256sum_val=`echo 1234 | shasum -a 256  | cut -d\  -f 1-2 | tr -d '[:space:]'`
+if [ "$tpm_hash_val" != "$sha256sum_val" ]; then
   echo "Expected tpm and sha1sum to produce same hashes."
   echo "Got:"
   echo "  tpm2 hash: $tpm_hash_val"
-  echo "  sha1sum:   $sha1sum_val"
+  echo "  sha256sum: $sha256sum_val"
   exit 1
 fi
 
@@ -63,12 +63,12 @@ fi
 # The tpm works on a 1024 block size.
 dd if=/dev/urandom of=$hash_in_file bs=2093 count=1 2>/dev/null
 tpm_hash_val=`tpm2 hash --hex $hash_in_file`
-sha1sum_val=`shasum -a 1 $hash_in_file | cut -d\  -f 1-2 | tr -d '[:space:]'`
-if [ "$tpm_hash_val" != "$sha1sum_val" ]; then
+sha256sum_val=`shasum -a 256 $hash_in_file | cut -d\  -f 1-2 | tr -d '[:space:]'`
+if [ "$tpm_hash_val" != "$sha256sum_val" ]; then
   echo "Expected tpm and sha1sum to produce same hashes"
   echo "Got:"
   echo "  tpm2 hash: $tpm_hash_val"
-  echo "  sha1sum:   $sha1sum_val"
+  echo "  sha256sum: $sha256sum_val"
   exit 1
 fi
 
diff --git a/tools/tpm2_hash.c b/tools/tpm2_hash.c
index 567ec6351..346420279 100644
--- a/tools/tpm2_hash.c
+++ b/tools/tpm2_hash.c
@@ -25,7 +25,7 @@ struct tpm_hash_ctx {
 
 static tpm_hash_ctx ctx = {
     .hierarchy_value = TPM2_RH_OWNER,
-    .halg = TPM2_ALG_SHA1,
+    .halg = TPM2_ALG_SHA256,
 };
 
 static tool_rc hash_and_save(ESYS_CONTEXT *context) {