Consolidate tpm2_get_session_handle()

Signed-off-by: David Woodhouse <dwmw2@infradead.org>

diff --git a/gnutls_tpm2_ibm.c b/gnutls_tpm2_ibm.c
index b983f81e4677ccc446456dda37ec0ba8073884d3..3d389a6437b9df576a4807e6d773678125be609f 100644 (file)
--- a/gnutls_tpm2_ibm.c
+++ b/gnutls_tpm2_ibm.c
@@ -86,8 +86,9 @@ static TPM_RC tpm2_readpublic(TSS_CONTEXT *tssContext, TPM_HANDLE handle,
        return rc;
 }
 
-static TPM_RC tpm2_get_bound_handle(TSS_CONTEXT *tssContext, TPM_HANDLE *handle,
-                                   TPM_HANDLE bind, const char *auth)
+static TPM_RC tpm2_get_session_handle(TSS_CONTEXT *tssContext, TPM_HANDLE *handle,
+                                     TPM_HANDLE bind, const char *auth,
+                                     TPM_HANDLE salt_key)
 {
        TPM_RC rc;
        StartAuthSession_In in;
@@ -104,39 +105,6 @@ static TPM_RC tpm2_get_bound_handle(TSS_CONTEXT *tssContext, TPM_HANDLE *handle,
        in.symmetric.algorithm = TPM_ALG_AES;
        in.symmetric.keyBits.aes = 128;
        in.symmetric.mode.aes = TPM_ALG_CFB;
-       rc = TSS_Execute(tssContext,
-                        (RESPONSE_PARAMETERS *)&out,
-                        (COMMAND_PARAMETERS *)&in,
-                        (EXTRA_PARAMETERS *)&extra,
-                        TPM_CC_StartAuthSession,
-                        TPM_RH_NULL, NULL, 0);
-       if (rc) {
-               tpm2_error(rc, "TPM2_StartAuthSession");
-               return rc;
-       }
-
-       *handle = out.sessionHandle;
-
-       return TPM_RC_SUCCESS;
-}
-
-static TPM_RC tpm2_get_session_handle(TSS_CONTEXT *tssContext, TPM_HANDLE *handle,
-                                     TPM_HANDLE salt_key, TPM_SE sessionType)
-{
-       TPM_RC rc;
-       StartAuthSession_In in;
-       StartAuthSession_Out out;
-       StartAuthSession_Extra extra;
-
-       memset(&in, 0, sizeof(in));
-       memset(&extra, 0 , sizeof(extra));
-       in.bind = TPM_RH_NULL;
-       in.sessionType = sessionType;
-       in.authHash = TPM_ALG_SHA256;
-       in.tpmKey = TPM_RH_NULL;
-       in.symmetric.algorithm = TPM_ALG_AES;
-       in.symmetric.keyBits.aes = 128;
-       in.symmetric.mode.aes = TPM_ALG_CFB;
        if (salt_key) {
                /* For the TSS to use a key as salt, it must have
                 * access to the public part.  It does this by keeping
@@ -234,7 +202,7 @@ static TPM_RC tpm2_load_srk(TSS_CONTEXT *tssContext, TPM_HANDLE *h,
 
        /* use a bound session here because we have no known key objects
         * to encrypt a salt to */
-       rc = tpm2_get_bound_handle(tssContext, &session, hierarchy, auth);
+       rc = tpm2_get_session_handle(tssContext, &session, hierarchy, auth, 0);
        if (rc)
                return rc;
 
@@ -305,8 +273,7 @@ static TPM_HANDLE tpm2_load_key(struct openconnect_info *vpninfo, TSS_CONTEXT **
                if (rc)
                        goto out;
        }
-       rc = tpm2_get_session_handle(tssContext, &session, in.parentHandle,
-                                    TPM_SE_HMAC);
+       rc = tpm2_get_session_handle(tssContext, &session, 0, NULL, in.parentHandle);
        if (rc)
                goto out_flush_srk;
 
@@ -385,7 +352,7 @@ int tpm2_rsa_sign_hash_fn(gnutls_privkey_t key, gnutls_sign_algorithm_t algo,
        if (!in.keyHandle)
                return GNUTLS_E_PK_SIGN_FAILED;
 
-       rc = tpm2_get_session_handle(tssContext, &authHandle, 0, TPM_SE_HMAC);
+       rc = tpm2_get_session_handle(tssContext, &authHandle, 0, NULL, 0);
        if (rc)
                goto out;
 
@@ -472,7 +439,7 @@ int tpm2_ec_sign_hash_fn(gnutls_privkey_t key, gnutls_sign_algorithm_t algo,
        if (!in.keyHandle)
                return GNUTLS_E_PK_SIGN_FAILED;
 
-       rc = tpm2_get_session_handle(tssContext, &authHandle, 0, TPM_SE_HMAC);
+       rc = tpm2_get_session_handle(tssContext, &authHandle, 0, NULL, 0);
        if (rc)
                goto out;