in azure-protected-vm-secrets/Tss2Wrapper.cpp [175:234]
std::vector<unsigned char> Tss2Wrapper::Tss2RsaEncrypt(std::vector<unsigned char> const&plaintextData) {
TSS2_RC r;
ESYS_TR primaryHandle = ESYS_TR_NONE;
ESYS_TR persistObjHandle = ESYS_TR_NONE;
TPM2B_PUBLIC* outPublic = nullptr;
TPM2B_CREATION_DATA* creationData = nullptr;
TPM2B_DIGEST* creationHash = nullptr;
TPMT_TK_CREATION* creationTicket = nullptr;
TPM2B_PUBLIC_KEY_RSA* cipher = nullptr;
TPM2B_PUBLIC_KEY_RSA* plain2 = nullptr;
TPM2B_DATA* null_data = nullptr;
std::vector<unsigned char> retval = std::vector<unsigned char>();
TPM2B_AUTH authValuePrimary = {
0, // size
{} // buffer
};
r = Esys_TR_FromTPMPublic(
this->ctx->Get(), KEYHANDLE,
ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE,
&primaryHandle);
if (r != TSS2_RC_SUCCESS)
{
// TpmError, Subclass Handles, handlePresentError
throw TpmError(r, "Failed to read tpm object from handle",
ErrorCode::TpmError_Handles_handlePresentError);
}
r = Esys_TR_SetAuth(this->ctx->Get(), primaryHandle,
&authValuePrimary);
if (r != TSS2_RC_SUCCESS)
{
// TpmError, Subclass Auth, setAuthError
throw TpmError(r, "Failed to set auth",
ErrorCode::TpmError_Auth_setAuthError);
}
size_t plain_size = 3;
TPM2B_PUBLIC_KEY_RSA plain = { 0 };
std::copy(plaintextData.begin(), plaintextData.end(), plain.buffer);
plain.size = plaintextData.size();
TPMT_RSA_DECRYPT scheme;
scheme.scheme = TPM2_ALG_RSAES;
r = Esys_RSA_Encrypt(this->ctx->Get(), primaryHandle, ESYS_TR_NONE,
ESYS_TR_NONE, ESYS_TR_NONE, &plain, &scheme,
null_data, &cipher);
if (r != TSS2_RC_SUCCESS)
{
// CryptoError, Subclass TpmRsa, encryptError
throw TpmError(r, "Failed to Encrypt data",
ErrorCode::CryptographyError_TpmRsa_encryptError);
}
Esys_Free(null_data);
retval.insert(retval.end(), cipher->buffer, cipher->buffer + cipher->size);
return retval;
}