in cvm-attestation/tpm_wrapper.py [0:0]
def decrypt_with_ephemeral_key(self, encrypted_data, pcr_list, handle, tpm):
#tpm = Tpm()
#tpm.connect()
pcr_select = self.get_pcr_select(pcr_list)
pcrs = self.get_pcr_values(pcr_list)
nonceCaller = crypto.randomBytes(20)
respSas = tpm.StartAuthSession(None, None, nonceCaller, None, TPM_SE.POLICY, NullSymDef, TPM_ALG_ID.SHA256)
hSess = respSas.handle
self.log.info('DRS >> StartAuthSession(POLICY_SESS) returned ' + str(tpm.lastResponseCode) + '; sess handle: ' + str(hSess.handle))
sess = Session(hSess, respSas.nonceTPM)
# Retrieve the policy digest computed by the TPM
pcr_digest = self.sha256_hash_update(pcrs)
tpm.PolicyPCR(hSess, bytes.fromhex(pcr_digest), pcr_select)
self.log.info('DRS >> PolicyGetDigest() returned ' + str(tpm.lastResponseCode))
try:
decrypted_data \
= tpm.withSession(sess).RSA_Decrypt(handle, encrypted_data, TPMS_SCHEME_RSAES(), None)
self.log.info('Decrypted Inner Decryption Key...')
tpm.close()
return decrypted_data
except Exception as e:
self.log.info("Exception: ", e)
# clear the tpm slots
self.cleanSlots(tpm, TPM_HT.TRANSIENT)
self.cleanSlots(tpm, TPM_HT.LOADED_SESSION)
tpm.close()
return ""