From: David Woodhouse Date: Fri, 12 Oct 2018 20:53:29 +0000 (-0700) Subject: Clean up persistent/generated handle checks a little X-Git-Tag: v8.00~42 X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=7415fbb12824cf58732fcaf35d7173c7571045b9;p=users%2Fdwmw2%2Fopenconnect.git Clean up persistent/generated handle checks a little Signed-off-by: David Woodhouse --- diff --git a/gnutls_tpm2_esys.c b/gnutls_tpm2_esys.c index 282dcd25..7bc43a3f 100644 --- a/gnutls_tpm2_esys.c +++ b/gnutls_tpm2_esys.c @@ -229,7 +229,8 @@ static int init_tpm2_primary(struct openconnect_info *vpninfo, return 0; } -#define parent_is_generated(vpninfo) (vpninfo->tpm2->parent >> TPM2_HR_SHIFT == TPM2_HT_PERMANENT) +#define parent_is_generated(parent) ((parent) >> TPM2_HR_SHIFT == TPM2_HT_PERMANENT) +#define parent_is_persistent(parent) ((parent) >> TPM2_HR_SHIFT == TPM2_HT_PERSISTENT) static int init_tpm2_key(ESYS_CONTEXT **ctx, ESYS_TR *keyHandle, struct openconnect_info *vpninfo) @@ -261,7 +262,7 @@ static int init_tpm2_key(ESYS_CONTEXT **ctx, ESYS_TR *keyHandle, goto error; } - if (parent_is_generated(vpninfo)) { + if (parent_is_generated(vpninfo->tpm2->parent)) { if (init_tpm2_primary(vpninfo, *ctx, &parentHandle)) goto error; } else { @@ -322,7 +323,7 @@ static int init_tpm2_key(ESYS_CONTEXT **ctx, ESYS_TR *keyHandle, goto error; } - if (parent_is_generated(vpninfo)) { + if (parent_is_generated(vpninfo->tpm2->parent)) { r = Esys_FlushContext(*ctx, parentHandle); if (r) { vpn_progress(vpninfo, PRG_ERR, @@ -334,7 +335,7 @@ static int init_tpm2_key(ESYS_CONTEXT **ctx, ESYS_TR *keyHandle, return 0; error: - if (parent_is_generated(vpninfo) && parentHandle != ESYS_TR_NONE) + if (parent_is_generated(vpninfo->tpm2->parent) && parentHandle != ESYS_TR_NONE) Esys_FlushContext(*ctx, parentHandle); if (*keyHandle != ESYS_TR_NONE) Esys_FlushContext(*ctx, *keyHandle); @@ -521,7 +522,7 @@ int install_tpm2_key(struct openconnect_info *vpninfo, gnutls_privkey_t *pkey, g { TSS2_RC r; - if (parent >> TPM2_HR_SHIFT != TPM2_HT_PERSISTENT && + if (!parent_is_persistent(parent) && parent != TPM2_RH_OWNER && parent != TPM2_RH_NULL && parent != TPM2_RH_ENDORSEMENT && parent != TPM2_RH_PLATFORM) { vpn_progress(vpninfo, PRG_ERR, diff --git a/gnutls_tpm2_ibm.c b/gnutls_tpm2_ibm.c index a7584532..b983f81e 100644 --- a/gnutls_tpm2_ibm.c +++ b/gnutls_tpm2_ibm.c @@ -179,14 +179,9 @@ static void tpm2_flush_handle(TSS_CONTEXT *tssContext, TPM_HANDLE h) TPM_RH_NULL, NULL, 0); } -static void tpm2_flush_srk(TSS_CONTEXT *tssContext, TPM_HANDLE hSRK) -{ - /* only flush if it's a volatile key which we must have created */ - if ((hSRK & 0xFF000000) == 0x80000000) - tpm2_flush_handle(tssContext, hSRK); -} - +#define parent_is_generated(parent) ((parent) >> HR_SHIFT == TPM_HT_PERMANENT) +#define parent_is_persistent(parent) ((parent) >> HR_SHIFT == TPM_HT_PERSISTENT) static TPM_RC tpm2_load_srk(TSS_CONTEXT *tssContext, TPM_HANDLE *h, const char *auth, TPM_HANDLE hierarchy, @@ -285,7 +280,7 @@ static TPM_HANDLE tpm2_load_key(struct openconnect_info *vpninfo, TSS_CONTEXT ** memset(&in, 0, sizeof(in)); memset(&out, 0, sizeof(out)); - if (vpninfo->tpm2->parent >> HR_SHIFT == TPM_HT_PERSISTENT) { + if (parent_is_persistent(vpninfo->tpm2->parent)) { if (!pass) { TPMT_PUBLIC pub; rc = tpm2_readpublic(tssContext, vpninfo->tpm2->parent, &pub); @@ -344,7 +339,8 @@ static TPM_HANDLE tpm2_load_key(struct openconnect_info *vpninfo, TSS_CONTEXT ** key = out.objectHandle; out_flush_srk: - tpm2_flush_srk(tssContext, in.parentHandle); + if (parent_is_generated(vpninfo->tpm2->parent)) + tpm2_flush_handle(tssContext, in.parentHandle); out: vpninfo->tpm2->parent_pass = pass; if (!key) @@ -522,7 +518,7 @@ int install_tpm2_key(struct openconnect_info *vpninfo, gnutls_privkey_t *pkey, g BYTE *der; INT32 dersize; - if (parent >> HR_SHIFT != TPM_HT_PERSISTENT && + if (!parent_is_persistent(parent) && parent != TPM_RH_OWNER && parent != TPM_RH_NULL && parent != TPM_RH_ENDORSEMENT && parent != TPM_RH_PLATFORM) { vpn_progress(vpninfo, PRG_ERR,