func Unseal()

in tpm/tpm.go [95:133]

• 29 lines of code
• 6 McCabe index (conditional complexity)

func Unseal(tpmPath string, pcr int, srkPassword, objectPassword string, privateArea, publicArea []byte) ([]byte, error) {
	rwc, err := tpm2.OpenTPM(tpmPath)
	if err != nil {
		return nil, fmt.Errorf("can't open TPM %q: %v", tpmPath, err)
	}
	defer rwc.Close()

	// Create the parent key against which to seal the data
	srkHandle, _, err := tpm2.CreatePrimary(rwc, tpm2.HandleOwner, tpm2.PCRSelection{}, "", srkPassword, srkTemplate)
	if err != nil {
		return nil, fmt.Errorf("can't create primary key: %v", err)
	}
	defer tpm2.FlushContext(rwc, srkHandle)

	glog.Infof("Created parent key with handle: 0x%x\n", srkHandle)

	// Load the sealed data into the TPM.
	objectHandle, _, err := tpm2.Load(rwc, srkHandle, srkPassword, publicArea, privateArea)
	if err != nil {
		return nil, fmt.Errorf("unable to load data: %v", err)
	}
	defer tpm2.FlushContext(rwc, objectHandle)

	glog.Infof("Loaded sealed data with handle: 0x%x\n", objectHandle)

	// Create the authorization session
	sessHandle, _, err := policyPCRPasswordSession(rwc, pcr, objectPassword)
	if err != nil {
		return nil, fmt.Errorf("unable to get auth session: %v", err)
	}
	defer tpm2.FlushContext(rwc, sessHandle)

	// Unseal the data
	unsealedData, err := tpm2.UnsealWithSession(rwc, sessHandle, objectHandle, objectPassword)
	if err != nil {
		return nil, fmt.Errorf("unable to Unseal data: %v", err)
	}
	return unsealedData, nil
}