From 02195933bca518deddc58b7d02a7e4d650e66dda Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=BD=D0=B0=D0=B1?= <nabijaczleweli@nabijaczleweli.xyz>
Date: Sat, 3 Dec 2022 21:32:50 +0100
Subject: [PATCH] Use SHA256 as the default name algorithm for the TPM2 primary
 key

This mirrors an analogous change in tpm2-tools
  https://github.com/tpm2-software/tpm2-tools/commit/5900ed818f9a8b90de1662a6ea942b3153667127
and brings us back in line with the internally-documented equivalent
line-up; quoth the above:
> Using SHA1 as the default was a poor choice,
> as the whole point of TPM2.0 was SHA256+ algorithm support.

And the change to the code we butchered from tpm2-tss:
  https://github.com/tpm2-software/tpm2-tss/commit/3c1e7173b3dedc08afa537ed34cee0b4a744000f
> Due to the fact that sha1 is outdated and the integration tests are
> often used as an example for developers, the integration tests that
> still use sha1 have been converted to sha256.
---
 src/tpm2.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/tpm2.cpp b/src/tpm2.cpp
index f8bd452..35c34b6 100644
--- a/src/tpm2.cpp
+++ b/src/tpm2.cpp
@@ -326,7 +326,7 @@ int tpm2_seal(const char * dataset, ESYS_CONTEXT * tpm2_ctx, ESYS_TR tpm2_sessio
 		// Adapted from tpm2-tss-3.0.1/test/integration/esys-create-primary-hmac.int.c
 		TPM2B_PUBLIC pub{};
 		pub.publicArea.type             = TPM2_ALG_RSA;
-		pub.publicArea.nameAlg          = TPM2_ALG_SHA1;
+		pub.publicArea.nameAlg          = TPM2_ALG_SHA256;
 		pub.publicArea.objectAttributes = TPMA_OBJECT_USERWITHAUTH | TPMA_OBJECT_RESTRICTED | TPMA_OBJECT_DECRYPT | TPMA_OBJECT_FIXEDTPM | TPMA_OBJECT_FIXEDPARENT |
 		                                  TPMA_OBJECT_SENSITIVEDATAORIGIN;
 		pub.publicArea.parameters.rsaDetail.symmetric.algorithm   = TPM2_ALG_AES;