From: David Woodhouse <dwmw2@infradead.org>
Date: Fri, 12 Oct 2018 21:00:53 +0000 (-0700)
Subject: Consolidate tpm2_get_session_handle()
X-Git-Tag: v8.00~41
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=2cd9cc554f085981a87566e8cc8955a29a9c3b85;p=users%2Fdwmw2%2Fopenconnect.git

Consolidate tpm2_get_session_handle()

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
---

diff --git a/gnutls_tpm2_ibm.c b/gnutls_tpm2_ibm.c
index b983f81e..3d389a64 100644
--- a/gnutls_tpm2_ibm.c
+++ b/gnutls_tpm2_ibm.c
@@ -86,8 +86,9 @@ static TPM_RC tpm2_readpublic(TSS_CONTEXT *tssContext, TPM_HANDLE handle,
 	return rc;
 }
 
-static TPM_RC tpm2_get_bound_handle(TSS_CONTEXT *tssContext, TPM_HANDLE *handle,
-				    TPM_HANDLE bind, const char *auth)
+static TPM_RC tpm2_get_session_handle(TSS_CONTEXT *tssContext, TPM_HANDLE *handle,
+				      TPM_HANDLE bind, const char *auth,
+				      TPM_HANDLE salt_key)
 {
 	TPM_RC rc;
 	StartAuthSession_In in;
@@ -104,39 +105,6 @@ static TPM_RC tpm2_get_bound_handle(TSS_CONTEXT *tssContext, TPM_HANDLE *handle,
 	in.symmetric.algorithm = TPM_ALG_AES;
 	in.symmetric.keyBits.aes = 128;
 	in.symmetric.mode.aes = TPM_ALG_CFB;
-	rc = TSS_Execute(tssContext,
-			 (RESPONSE_PARAMETERS *)&out,
-			 (COMMAND_PARAMETERS *)&in,
-			 (EXTRA_PARAMETERS *)&extra,
-			 TPM_CC_StartAuthSession,
-			 TPM_RH_NULL, NULL, 0);
-	if (rc) {
-		tpm2_error(rc, "TPM2_StartAuthSession");
-		return rc;
-	}
-
-	*handle = out.sessionHandle;
-
-	return TPM_RC_SUCCESS;
-}
-
-static TPM_RC tpm2_get_session_handle(TSS_CONTEXT *tssContext, TPM_HANDLE *handle,
-				      TPM_HANDLE salt_key, TPM_SE sessionType)
-{
-	TPM_RC rc;
-	StartAuthSession_In in;
-	StartAuthSession_Out out;
-	StartAuthSession_Extra extra;
-
-	memset(&in, 0, sizeof(in));
-	memset(&extra, 0 , sizeof(extra));
-	in.bind = TPM_RH_NULL;
-	in.sessionType = sessionType;
-	in.authHash = TPM_ALG_SHA256;
-	in.tpmKey = TPM_RH_NULL;
-	in.symmetric.algorithm = TPM_ALG_AES;
-	in.symmetric.keyBits.aes = 128;
-	in.symmetric.mode.aes = TPM_ALG_CFB;
 	if (salt_key) {
 		/* For the TSS to use a key as salt, it must have
 		 * access to the public part.  It does this by keeping
@@ -234,7 +202,7 @@ static TPM_RC tpm2_load_srk(TSS_CONTEXT *tssContext, TPM_HANDLE *h,
 
 	/* use a bound session here because we have no known key objects
 	 * to encrypt a salt to */
-	rc = tpm2_get_bound_handle(tssContext, &session, hierarchy, auth);
+	rc = tpm2_get_session_handle(tssContext, &session, hierarchy, auth, 0);
 	if (rc)
 		return rc;
 
@@ -305,8 +273,7 @@ static TPM_HANDLE tpm2_load_key(struct openconnect_info *vpninfo, TSS_CONTEXT **
 		if (rc)
 			goto out;
 	}
-	rc = tpm2_get_session_handle(tssContext, &session, in.parentHandle,
-				     TPM_SE_HMAC);
+	rc = tpm2_get_session_handle(tssContext, &session, 0, NULL, in.parentHandle);
 	if (rc)
 		goto out_flush_srk;
 
@@ -385,7 +352,7 @@ int tpm2_rsa_sign_hash_fn(gnutls_privkey_t key, gnutls_sign_algorithm_t algo,
 	if (!in.keyHandle)
 		return GNUTLS_E_PK_SIGN_FAILED;
 
-	rc = tpm2_get_session_handle(tssContext, &authHandle, 0, TPM_SE_HMAC);
+	rc = tpm2_get_session_handle(tssContext, &authHandle, 0, NULL, 0);
 	if (rc)
 		goto out;
 
@@ -472,7 +439,7 @@ int tpm2_ec_sign_hash_fn(gnutls_privkey_t key, gnutls_sign_algorithm_t algo,
 	if (!in.keyHandle)
 		return GNUTLS_E_PK_SIGN_FAILED;
 
-	rc = tpm2_get_session_handle(tssContext, &authHandle, 0, TPM_SE_HMAC);
+	rc = tpm2_get_session_handle(tssContext, &authHandle, 0, NULL, 0);
 	if (rc)
 		goto out;