Now that we're going to be using the NULL primary to salt sessions, the Intel TSS shim needs fixing to cope with this. In the Intel TSS, there are two internal handles representing NULL: ESYS_TR_NONE and ESYS_TR_RH_NULL. We translate TPM_RH_NULL to ESYS_TR_NONE because most of the time it does mean no value. However, for the NULL primary handle we must use ESYS_TR_RH_NULL, so check for that specific case and fix it. Additionally remove the intel_handle() code which was supposed to do this: it's unused because 0 is never passed in as a handle number.
Signed-off-by: James Bottomley <[email protected]> --- src/include/intel-tss.h | 18 +++++------------- 1 file changed, 5 insertions(+), 13 deletions(-) diff --git a/src/include/intel-tss.h b/src/include/intel-tss.h index 1870b4e..5b8db20 100644 --- a/src/include/intel-tss.h +++ b/src/include/intel-tss.h @@ -251,14 +251,6 @@ intel_sess_helper(TSS_CONTEXT *tssContext, TPM_HANDLE auth, TPMA_SESSION flags) TPMA_SESSION_CONTINUESESSION | flags); } -static inline TPM_HANDLE -intel_handle(TPM_HANDLE h) -{ - if (h == 0) - return ESYS_TR_NONE; - return h; -} - static inline void TSS_Delete(TSS_CONTEXT *tssContext) { @@ -937,8 +929,10 @@ tpm2_CreatePrimary(TSS_CONTEXT *tssContext, TPM_HANDLE primaryHandle, TPM2B_PUBLIC *opub; TPM_RC rc; - /* FIXME will generate wrong value for NULL hierarchy */ - primaryHandle = intel_handle(primaryHandle); + + /* TPM_RH_NULL is mapped to ESYS_TR_NONE, which won't work here */ + if (primaryHandle == TPM_RH_NULL) + primaryHandle = INT_TPM_RH_NULL; outsideInfo.size = 0; creationPcr.count = 0; @@ -993,9 +987,7 @@ tpm2_StartAuthSession(TSS_CONTEXT *tssContext, TPM_HANDLE tpmKey, TPM_HANDLE *sessionHandle, const char *bindPassword) { - bind = intel_handle(bind); - tpmKey = intel_handle(tpmKey); - if (bind != ESYS_TR_NONE) + if (bind != TPM_RH_NULL) intel_auth_helper(tssContext, bind, bindPassword); return Esys_StartAuthSession(tssContext, tpmKey, bind, ESYS_TR_NONE, -- 2.35.3
