pax_global_header00006660000000000000000000000064151027646700014522gustar00rootroot0000000000000052 comment=d94cf988f2d5731919f476bda1be5641f6164e52 go-tpm-tools-0.4.7/000077500000000000000000000000001510276467000140735ustar00rootroot00000000000000go-tpm-tools-0.4.7/.github/000077500000000000000000000000001510276467000154335ustar00rootroot00000000000000go-tpm-tools-0.4.7/.github/workflows/000077500000000000000000000000001510276467000174705ustar00rootroot00000000000000go-tpm-tools-0.4.7/.github/workflows/ci.yml000066400000000000000000000112431510276467000206070ustar00rootroot00000000000000# # Copyright 2020 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); you may not # use this file except in compliance with the License. You may obtain a copy of # the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations under # the License. # name: CI on: push: tags: - v* branches: - master - main pull_request: jobs: build: strategy: matrix: go-version: [1.21.x] # TODO: Get this working on windows-latest os: [ubuntu-latest] architecture: [x32, x64] include: - os: macos-latest architecture: arm64 go-version: 1.21.x - os: macos-14-large architecture: x64 go-version: 1.21.x name: Generate/Build/Test (${{ matrix.os }}, ${{ matrix.architecture }}, Go ${{ matrix.go-version }}) runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v3 - uses: actions/setup-go@v4 with: go-version: ${{ matrix.go-version }} architecture: ${{ matrix.architecture }} - name: Install Protoc uses: arduino/setup-protoc@v1 with: repo-token: ${{ secrets.GITHUB_TOKEN }} version: "3.20.1" - name: Install protoc-gen-go run: go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.28.0 - name: Check Protobuf Generation run: | go generate ./... ./cmd/... ./launcher/... ./verifier/... git diff -G'^[^/]' --exit-code - name: Install Linux 64-bit packages run: sudo apt-get -y install libssl-dev if: runner.os == 'Linux' && matrix.architecture == 'x64' - name: Install Linux 32-bit packages run: sudo dpkg --add-architecture i386; sudo apt-get update; sudo apt-get -y install libssl-dev:i386 libgcc-s1:i386 gcc-multilib if: runner.os == 'Linux' && matrix.architecture == 'x32' - name: Install Mac packages run: | brew install openssl if: runner.os == 'macOS' - name: Install Windows packages run: choco install openssl if: runner.os == 'Windows' - name: Build all modules except launcher run: go build -v ./... ./cmd/... ./verifier/... - name: Build launcher module run: go build -v ./launcher/... if: runner.os == 'Linux' - name: Run specific tests under root permission run: | GO_EXECUTABLE_PATH=$(which go) sudo $GO_EXECUTABLE_PATH test -v -run "TestFetchImageSignaturesDockerPublic" ./launcher if: runner.os == 'Linux' - name: Run all tests in launcher to capture potential data race run: go test -v -race ./launcher/... if: (runner.os == 'Linux') && matrix.architecture == 'x64' - name: Test all modules except launcher run: go test -v ./... ./cmd/... ./verifier/... -skip='TestCacheConcurrentSetGet|TestHwAttestationPass|TestHardwareAttestationPass' lint: strategy: matrix: go-version: [1.21.x] os: [ubuntu-latest] dir: ["./", "./cmd", "./launcher"] name: Lint ${{ matrix.dir }} (${{ matrix.os }}, Go ${{ matrix.go-version }}) runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v3 - uses: actions/setup-go@v2 with: go-version: ${{ matrix.go-version }} - name: Run golangci-lint uses: golangci/golangci-lint-action@v3.2.0 with: version: latest working-directory: ${{ matrix.dir }} args: > -D errcheck -E stylecheck -E goimports -E misspell -E revive -E gofmt -E goimports --exclude-use-default=false --max-same-issues=0 --max-issues-per-linter=0 --timeout 2m lintc: strategy: matrix: go-version: [1.21.x] os: [ubuntu-latest] name: Lint CGO (${{ matrix.os }}, Go ${{ matrix.go-version }}) runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v3 - uses: actions/setup-go@v2 with: go-version: ${{ matrix.go-version }} - name: Install Linux packages run: sudo apt-get -y install libssl-dev - name: Check for CGO Warnings (gcc) run: CGO_CFLAGS=-Werror CC=gcc go build ./... - name: Check for CGO Warnings (clang) run: CGO_CFLAGS=-Werror CC=clang go build ./... go-tpm-tools-0.4.7/.github/workflows/releaser.yaml000066400000000000000000000032061510276467000221570ustar00rootroot00000000000000name: release on: push: branches: tags: - 'v*' workflow_dispatch: inputs: refToBuild: description: 'Branch, tag or commit SHA1 to build' required: false type: string jobs: release: permissions: contents: write strategy: matrix: # We can cross-compile from Linux to macOS and Windows. See .goreleaser.yaml # So running just on ubuntu is sufficient. go-version: [1.21.x] os: [ubuntu-latest] name: Release (${{ matrix.os}}, Go ${{ matrix.go-version }}) runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v4 with: fetch-depth: 0 ref: ${{ inputs.refToBuild }} - uses: actions/setup-go@v5 with: go-version: ${{ matrix.go-version }} cache: true - shell: bash run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_ENV - id: cache uses: actions/cache@v3 with: path: dist/${{ matrix.os }} key: ${{ matrix.go }}-${{ env.sha_short }} - name: Install Linux packages run: sudo apt-get -y install libssl-dev if: runner.os == 'Linux' - name: Build all modules run: go build -v ./... ./cmd/... ./launcher/... ./verifier/... - name: Run GoReleaser uses: goreleaser/goreleaser-action@v6 if: success() && (startsWith(github.ref, 'refs/tags/') || startsWith(inputs.refToBuild, 'refs/tags/')) && steps.cache.outputs.cache-hit != 'true' with: version: latest args: release --clean env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} go-tpm-tools-0.4.7/.gitignore000066400000000000000000000002641510276467000160650ustar00rootroot00000000000000launcher/launcher/launcher *.test *.test.exe cmd/gotpm/gotpm gotpm gotpm.exe files/pkg files/src files/go-tpm-tools *.pkg.tar.xz .vscode* *.code-workspace main go.work go.work.sum go-tpm-tools-0.4.7/.goreleaser.yaml000066400000000000000000000016321510276467000171670ustar00rootroot00000000000000builds: - goos: - linux - windows - darwin goarch: - amd64 - arm64 env: - CGO_ENABLED=0 id: "gotpm" main: ./cmd/gotpm binary: gotpm archives: - format: tar.gz # this name template makes the OS and Arch compatible with the results of uname. name_template: >- {{ .ProjectName }}_ {{- title .Os }}_ {{- if eq .Arch "amd64" }}x86_64 {{- else if eq .Arch "386" }}i386 {{- else }}{{ .Arch }}{{ end }} {{- if .Arm }}v{{ .Arm }}{{ end }} # use zip for windows archives format_overrides: - goos: windows format: zip checksum: name_template: 'checksums.txt' snapshot: name_template: "{{ incpatch .Version }}-next" changelog: sort: asc filters: exclude: - '^docs:' - '^test:' # yaml-language-server: $schema=https://goreleaser.com/static/schema.json # vim: set ts=2 sw=2 tw=0 fo=cnqoj go-tpm-tools-0.4.7/CONTRIBUTING.md000066400000000000000000000023131510276467000163230ustar00rootroot00000000000000# How to Contribute We'd love to accept your patches and contributions to this project. There are just a few small guidelines you need to follow. ## Contributor License Agreement Contributions to this project must be accompanied by a Contributor License Agreement. You (or your employer) retain the copyright to your contribution; this simply gives us permission to use and redistribute your contributions as part of the project. Head over to to see your current agreements on file or to sign a new one. You generally only need to submit a CLA once, so if you've already submitted one (even if it was for a different project), you probably don't need to do it again. ## Code reviews All submissions, including submissions by project members, require review. We use GitHub pull requests for this purpose. Consult [GitHub Help](https://help.github.com/articles/about-pull-requests/) for more information on using pull requests. ## Community Guidelines This project follows [Google's Open Source Community Guidelines](https://opensource.google.com/conduct/). ## Releasing a new version See [`RELEASING.md`](RELEASING.md) for instructions on how to cut a new version of go-tpm-tools. go-tpm-tools-0.4.7/LICENSE000066400000000000000000000416311510276467000151050ustar00rootroot00000000000000 Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. -------------------------------------------------------------------- Microsoft simulator code (in simulator/ms-tpm-20-ref) uses the following licenses: -------------------------------------------------------------------- Microsoft Reference Implementation for TPM 2.0 The copyright in this software is being made available under the BSD License, included below. This software may be subject to other third party and contributor rights, including patent rights, and no such rights are granted under this license. Copyright (c) Microsoft Corporation All rights reserved. BSD License Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -------------------------------------------------------------------- Copyright (c) Intel Corporation All rights reserved. BSD License Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -------------------------------------------------------------------- A portion of the source code is derived from the TPM specification, which has a TCG copyright. It is reproduced here for reference. -------------------------------------------------------------------- Licenses and Notices Copyright Licenses: * Trusted Computing Group (TCG) grants to the user of the source code in this specification (the "Source Code") a worldwide, irrevocable, nonexclusive, royalty free, copyright license to reproduce, create derivative works, distribute, display and perform the Source Code and derivative works thereof, and to grant others the rights granted herein. * The TCG grants to the user of the other parts of the specification (other than the Source Code) the rights to reproduce, distribute, display, and perform the specification solely for the purpose of developing products based on such documents. Source Code Distribution Conditions: * Redistributions of Source Code must retain the above copyright licenses, this list of conditions and the following disclaimers. * Redistributions in binary form must reproduce the above copyright licenses, this list of conditions and the following disclaimers in the documentation and/or other materials provided with the distribution. Disclaimers: * THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. Contact TCG Administration (admin@trustedcomputinggroup.org) for information on specification licensing rights available through TCG membership agreements. * THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. * Without limitation, TCG and its members and licensors disclaim all liability, including liability for infringement of any proprietary rights, relating to use of information in this specification and to the implementation of this specification, and TCG disclaims all liability for cost of procurement of substitute goods or services, lost profits, loss of use, loss of data or any incidental, consequential, direct, indirect, or special damages, whether under contract, tort, warranty or otherwise, arising in any way out of use or reliance upon this specification or any information herein. Any marks and brands contained herein are the property of their respective owners. go-tpm-tools-0.4.7/README.md000066400000000000000000000152601510276467000153560ustar00rootroot00000000000000# Go-TPM tools [![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/google/go-tpm-tools)](https://github.com/google/go-tpm-tools/releases) [![Build Status](https://github.com/google/go-tpm-tools/workflows/CI/badge.svg)](https://github.com/google/go-tpm-tools/actions?query=workflow%3ACI) [![Go Reference](https://pkg.go.dev/badge/github.com/google/go-tpm-tools.svg)](https://pkg.go.dev/github.com/google/go-tpm-tools) ![GitHub go.mod Go version](https://img.shields.io/github/go-mod/go-version/google/go-tpm-tools) [![Go Report Card](https://goreportcard.com/badge/github.com/google/go-tpm-tools)](https://goreportcard.com/report/github.com/google/go-tpm-tools) [![License](https://img.shields.io/badge/LICENSE-Apache2.0-ff69b4.svg)](http://www.apache.org/licenses/LICENSE-2.0.html) The `go-tpm-tools` module is a [TPM 2.0](https://trustedcomputinggroup.org/resource/trusted-platform-module-2-0-a-brief-introduction/) support library designed to complement [Go-TPM](https://github.com/google/go-tpm). It contains the following public packages: - [`client`](https://pkg.go.dev/github.com/google/go-tpm-tools/client): A Go package providing simplified abstractions and utility functions for interacting with a TPM 2.0, including: - Signing - Attestation - Reading PCRs - Sealing/Unsealing data - Importing Data and Keys - Reading NVData - Getting the TCG Event Log - [`server`](https://pkg.go.dev/github.com/google/go-tpm-tools/server): A Go package providing functionality for a remote server to send, receive, and interpret TPM 2.0 data. None of the commands in this package issue TPM commands, but instead handle: - TCG Event Log parsing - Attestation verification - Creating data for Importing into a TPM - [`proto`](https://pkg.go.dev/github.com/google/go-tpm-tools/proto): Common [Protocol Buffer](https://developers.google.com/protocol-buffers) messages that are exchanged between the `client` and `server` libraries. This package also contains helper methods for validating these messages. - [`simulator`](https://pkg.go.dev/github.com/google/go-tpm-tools/simulator): Go bindings to the Microsoft's [TPM 2.0 simulator](https://github.com/Microsoft/ms-tpm-20-ref/). This repository also contains `gotpm`, a command line tool for using the TPM. Run `gotpm --help` and `gotpm --help` for more documentation. ### Use prebuilt `gotpm` binary You can download the binary from a [release](https://github.com/google/go-tpm-tools/releases) directly. ```bash # VERSION: 0.4.4 ARCH: Linux_x86_64 curl -L https://github.com/google/go-tpm-tools/releases/download/[VERSION]/go-tpm-tools_[ARCH].tar.gz -o go-tpm-tools.tar.gz tar xvf go-tpm-tools.tar.gz # You may need to copy the binary to a directory with executable permissions. # NOTE: on Container-Optimized OS, /var/lib/google/ is executable ./gotpm --help ``` ### Building and Installing `gotpm` `gotpm` can be directly installed from this repo by running: ```bash go install github.com/google/go-tpm-tools/cmd/gotpm@latest # gotpm will be installed to $GOBIN gotpm --help ``` Alternatively, to build `gotpm` from a cloned version of this repo, run: ```bash cd /my/path/to/cloned/go-tpm-tools/cmd/gotpm go build # gotpm will be in the cmd/gotpm subdirectory of the repo ./gotpm --help ``` ## Minimum Required Go Version This project currently requires Go 1.20 or newer. Any update to the minimum required Go version will be released as a **minor** version update. ## `openssl` errors when building `simulator` Similarly, when building the `simulator` library (or tests), you may get an error that looks like: ``` fatal error: openssl/aes.h: No such file or directory 47 | // #include | ^~~~~~~~~~~~~~~~ compilation terminated. ``` This is because the `simulator` library depends on having the [OpenSSL](https://www.openssl.org/) headers installed. To fix this error, install the appropriate header package: ### Linux ```bash # Ubuntu/Debian based systems sudo apt install libssl-dev # Redhat/Centos based systems sudo yum install openssl-devel # Arch Linux (headers/library in the same package) sudo pacman -S openssl ``` ### macOS First, install [Homebrew](https://brew.sh/). Then run: ```bash brew install openssl ``` ### Windows First, install [Chocolatey](https://chocolatey.org/). Then run: ```bash choco install openssl ``` ### Custom install location If you want to use a different installation of OpenSSL, or you are getting linker errors like `ld: library not found for -lcrypto`, you can directly point Go your installation. We will assume your installation is located at `$OPENSSL_PATH` (with `lib` and `include` subdirectories). #### Add OpenSSL to the include and library path at the command line This solution does not require modifying go-tpm-tools code and is useful when working on other projects that depend on go-tpm-tools/simulator. ``` C_INCLUDE_PATH="$OPENSSL_PATH/include" LIBRARY_PATH="$OPENSSL_PATH/lib" go test ... ``` #### Add OpenSSL to the include and library path in the code This solution modifies your local copy of the go-tpm-tools simulator source and removes the need to provide the paths on the command line. Modify the `CFLAGS`/`LDFLAGS` options beginning with `#cgo darwin` or `#cgo windows` in `simulator/internal/internal.go` to point at your installation. This could look something like: ```diff // #cgo darwin CFLAGS: -I $OPENSSL_PATH/include // #cgo darwin LDFLAGS: -L $OPENSSL_PATH/lib ``` Remember to revert your modifications to `simulator/internal/internal.go` before committing your changes. ## No TPM 1.2 support Unlike [Go-TPM](https://github.com/google/go-tpm) (which supports TPM 1.2 and TPM 2.0), this module explicitly only supports TPM 2.0. Users should avoid use of TPM 1.2 due to the inherent reliance on SHA1 (which is [quite broken](https://sha-mbles.github.io/)). ## Confidential VMs with Intel TDX For Ubuntu image, the `tdx_guest` module was moved to linux-modules-extra package in the 1016 and newer kernels. You should be able to install the module, and either manually load the module or reboot. To install the linux-modules-extra package, run: ```console sudo apt-get install linux-modules-extra-gcp ``` To manually load the module, run: ```console sudo modprobe tdx_guest ``` ## Legal Copyright 2018 Google Inc. under the [Apache 2.0 License](https://www.apache.org/licenses/LICENSE-2.0). Microsoft's TPM simulator code is licensed under a [3-clause BSD license](https://opensource.org/licenses/BSD-3-Clause) and the [TCG software license](https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-1-Architecture-01.38.pdf). See the [`LICENSE`](LICENSE) file for more information. This is not an official Google product. go-tpm-tools-0.4.7/RELEASING.md000066400000000000000000000105141510276467000157270ustar00rootroot00000000000000# Releasing a new version of `go-tpm-tools` This repository contains multiple Go modules, so care is needed when creating a new version. Be sure to follow these steps as it's very easy to accidentally cut a release (as GitHub doesn't have sufficiently advanced [tag protections](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/configuring-tag-protection-rules)). ## Create the main release PR Create a standalone PR titled "Release vX.Y.Z" against the `main` branch. This PR should (ideally) be an empty commit, but might contain some minor changes if we want to get them in for a specific release. You can create an empty commit by running: ``` git commit --allow-empty ``` The description of the PR should just be the release notes that we want to publish in the GitHub Release. The notes should just have one-line summaries of the PRs in the release. Trivial PRs can be omitted and related PRs can be combined in a single line. It should have the following subsections: - "Breaking Changes" (backwards-incompatible changes to the package API) - "New Features" (backwards-compatible changes to the package API) - "Bug Fixes" (fixes to any particular issues) - "Other Changes" (non-breaking code changes or Doc/CI updates) Sections can be omitted if there wouldn't be any PRs under them. The [`v0.3.2` release notes](https://github.com/google/go-tpm-tools/releases/tag/v0.3.2) are a good example. We don't need to specifically mention who wrote what PR or link to the "Full Changelog". Users can just look this stuff up on GitHub on their own. This commit _should not_ change the version numbers in [`go.work`](go.work), [`cmd/go.mod`](cmd/go.mod), or [`launcher/go.mod`](launcher/go.mod). When reviewing the PR, the reviewers and author should decide if the release will be a major, minor, or patch release. Note that the PR should only consist of a single commit and be "squashed" instead of "merged". ## Tag the releases After the new release is in the `main` branch, we need to create git tags so that the Go version system can find the releases. Generally the author of the PR should do this. Tagging can be done via the GitHub Web UI. On the [Releases Page](https://github.com/google/go-tpm-tools/releases), click [Draft a New Release](https://github.com/google/go-tpm-tools/releases/new). In that draft, create the git tag corresponding to your release, and copy the approved release notes into the description. Check that the preview of the release notes looks good, and click "Publish release". The release and tag should now be visible on GitHub. ## Follow-up Submodule update PR After the main release has been merged and tagged, we need to update the go.mod files in the various submodules. First, you should update the version number in: - [`go.work`](go.work) - [`cmd/go.mod`](cmd/go.mod) - [`launcher/go.mod`](launcher/go.mod) Next, we cleanup the modules by running: - run `go mod tidy` in each module directory - run `go work sync` in the root directory - this requires Go 1.20 or later Finally, create a PR with the title "Submodule update for vX.Y.Z". This PR doesn't need a description. The reviewers should just check that the above steps were done. Note that the PR should only consist of a single commit and be "squashed" instead of "merged". ## Tagging the submodules The submodules must be tagged separately from the main library release. This is best done on the git command line. After the Submodule update PR has been merged, checkout the repo and check that your `HEAD` is on the commit for the submodule update PR on the `main` branch. This _should not_ be normal release commit `vX.Y.Z`, but a later commit. Then, run the following command: ``` git tag "cmd/vX.Y.Z" && git tag "launcher/vX.Y.Z" ``` replacing `vX.Y.Z` with the actual version number. Finally, double check that you've tagged the correct commit, and then push the tags to the `main` branch by running: ``` git push origin "cmd/vX.Y.Z" "launcher/vX.Y.Z" ``` The tags should then be visible at https://github.com/google/go-tpm-tools/tags ## (Googlers only) sync code back into google3 Follow the directions at http://go/thirdpartygo#updating-imported-code to import the three modules back into google3. You will need to run the import script for each module. It's fine for the imports for all the modules to be in one CL. go-tpm-tools-0.4.7/cel/000077500000000000000000000000001510276467000146365ustar00rootroot00000000000000go-tpm-tools-0.4.7/cel/canonical_eventlog.go000066400000000000000000000322751510276467000210300ustar00rootroot00000000000000// Package cel contains some basic operations of Canonical Eventlog. // Based on Canonical EventLog Spec (Draft) Version: TCG_IWG_CEL_v1_r0p37. package cel import ( "bytes" "crypto" "encoding/binary" "fmt" "io" "github.com/google/go-configfs-tsm/configfs/configfsi" "github.com/google/go-eventlog/register" "github.com/google/go-tdx-guest/rtmr" "github.com/google/go-tpm-tools/client" "github.com/google/go-tpm/legacy/tpm2" "github.com/google/go-tpm/tpmutil" ) const ( // CEL spec 5.1 recnumTypeValue uint8 = 0 // PCRTypeValue indicates a PCR event index PCRTypeValue uint8 = 1 _ uint8 = 2 // nvindex field is not supported yet digestsTypeValue uint8 = 3 // CCMRTypeValue indicates a RTMR event index CCMRTypeValue uint8 = 108 // not in the CEL spec tlvTypeFieldLength int = 1 tlvLengthFieldLength int = 4 recnumValueLength uint32 = 8 // support up to 2^64 records regIndexValueLength uint32 = 1 // support up to 256 registers ) // TLV definition according to CEL spec TCG_IWG_CEL_v1_r0p37, page 16. // Length is implicitly defined by len(Value), using uint32 big-endian // when encoding. type TLV struct { Type uint8 Value []byte } // MarshalBinary marshals a TLV to a byte slice. func (t TLV) MarshalBinary() (data []byte, err error) { buf := make([]byte, len(t.Value)+tlvTypeFieldLength+tlvLengthFieldLength) buf[0] = t.Type binary.BigEndian.PutUint32(buf[tlvTypeFieldLength:], uint32(len(t.Value))) copy(buf[tlvTypeFieldLength+tlvLengthFieldLength:], t.Value) return buf, nil } // UnmarshalBinary unmarshal a byte slice to a TLV. func (t *TLV) UnmarshalBinary(data []byte) error { valueLength := binary.BigEndian.Uint32(data[tlvTypeFieldLength : tlvTypeFieldLength+tlvLengthFieldLength]) if valueLength != uint32(len(data[tlvTypeFieldLength+tlvLengthFieldLength:])) { return fmt.Errorf("TLV Length doesn't match the size of its Value") } t.Type = data[0] t.Value = data[tlvTypeFieldLength+tlvLengthFieldLength:] return nil } // UnmarshalFirstTLV reads and parse the first TLV from the bytes buffer. The function will // return io.EOF if the buf ends unexpectedly or cannot fill the TLV. func UnmarshalFirstTLV(buf *bytes.Buffer) (tlv TLV, err error) { typeByte, err := buf.ReadByte() if err != nil { return tlv, err } var data []byte data = append(data, typeByte) // get the length lengthBytes := make([]byte, tlvLengthFieldLength) bytesRead, err := buf.Read(lengthBytes) if err != nil { return TLV{}, err } if bytesRead != tlvLengthFieldLength { return TLV{}, io.EOF } valueLength := binary.BigEndian.Uint32(lengthBytes) data = append(data, lengthBytes...) valueBytes := make([]byte, valueLength) bytesRead, err = buf.Read(valueBytes) if err != nil { return TLV{}, err } if uint32(bytesRead) != valueLength { return TLV{}, io.EOF } data = append(data, valueBytes...) if err = (&tlv).UnmarshalBinary(data); err != nil { return TLV{}, err } return tlv, nil } // Record represents a Canonical Eventlog Record. type Record struct { RecNum uint64 // Generic Measurement Register index number, register type // is determined by IndexType Index uint8 IndexType uint8 Digests map[crypto.Hash][]byte Content TLV } // Content is a interface for the content in CELR. type Content interface { GenerateDigest(crypto.Hash) ([]byte, error) GetTLV() (TLV, error) } // CEL represents a Canonical Eventlog, which contains a list of Records. type CEL struct { Records []Record } // generateDigestMap computes hashes with the given hash algos and the given event func generateDigestMap(hashAlgos []crypto.Hash, event Content) (map[crypto.Hash][]byte, error) { digestsMap := make(map[crypto.Hash][]byte) for _, hashAlgo := range hashAlgos { digest, err := event.GenerateDigest(hashAlgo) if err != nil { return digestsMap, err } digestsMap[hashAlgo] = digest } return digestsMap, nil } // AppendEventRTMR appends a new RTMR record to the CEL. rtmrIndex indicates the RTMR to extend. // The index showing up in the record will be rtmrIndex + 1. func (c *CEL) AppendEventRTMR(client configfsi.Client, rtmrIndex int, event Content) error { digestsMap, err := generateDigestMap([]crypto.Hash{crypto.SHA384}, event) if err != nil { return err } eventTlv, err := event.GetTLV() if err != nil { return err } err = rtmr.ExtendDigestClient(client, rtmrIndex, digestsMap[crypto.SHA384]) if err != nil { return err } celrRTMR := Record{ RecNum: uint64(len(c.Records)), Index: uint8(rtmrIndex) + 1, // CCMR conversion from RTMR Digests: digestsMap, Content: eventTlv, IndexType: CCMRTypeValue, } c.Records = append(c.Records, celrRTMR) return nil } // AppendEvent appends a new PCR record to the CEL. // // Deprecated: Use AppendEventPCR or AppendEventRTMR directly. func (c *CEL) AppendEvent(tpm io.ReadWriteCloser, pcr int, event Content) error { return c.AppendEventPCR(tpm, pcr, event) } // AppendEventPCR appends a new PCR record to the CEL and extend the digest of // event to the given PCR in all available banks. func (c *CEL) AppendEventPCR(tpm io.ReadWriteCloser, pcr int, event Content) error { pcrSels, err := client.AllocatedPCRs(tpm) if err != nil { return err } var hashAlgos []crypto.Hash for _, sel := range pcrSels { hashAlgo, err := sel.Hash.Hash() if err != nil { return err } hashAlgos = append(hashAlgos, hashAlgo) } digestsMap, err := generateDigestMap(hashAlgos, event) if err != nil { return err } for hs, dgst := range digestsMap { tpm2Alg, err := tpm2.HashToAlgorithm(hs) if err != nil { return err } if err := tpm2.PCRExtend(tpm, tpmutil.Handle(pcr), tpm2Alg, dgst, ""); err != nil { return fmt.Errorf("failed to extend event to PCR%d: %v", pcr, err) } } eventTlv, err := event.GetTLV() if err != nil { return err } celrPCR := Record{ RecNum: uint64(len(c.Records)), Index: uint8(pcr), Digests: digestsMap, Content: eventTlv, IndexType: PCRTypeValue, } c.Records = append(c.Records, celrPCR) return nil } func createRecNumField(recNum uint64) TLV { value := make([]byte, recnumValueLength) binary.BigEndian.PutUint64(value, recNum) return TLV{recnumTypeValue, value} } // UnmarshalRecNum takes in a TLV with its type equals to the recnum type value (0), and // return its record number. func unmarshalRecNum(tlv TLV) (uint64, error) { if tlv.Type != recnumTypeValue { return 0, fmt.Errorf("type of the TLV [%d] indicates it is not a recnum field [%d]", tlv.Type, recnumTypeValue) } if uint32(len(tlv.Value)) != recnumValueLength { return 0, fmt.Errorf( "length of the value of the TLV [%d] doesn't match the defined length [%d] of value for recnum", len(tlv.Value), recnumValueLength) } return binary.BigEndian.Uint64(tlv.Value), nil } func createIndexField(indexType uint8, indexNum uint8) TLV { return TLV{indexType, []byte{indexNum}} } // unmarshalIndex takes in a TLV with its type equals to the PCR or CCMR type value, and // return its index number. func unmarshalIndex(tlv TLV) (indexType uint8, pcrNum uint8, err error) { if tlv.Type != PCRTypeValue && tlv.Type != CCMRTypeValue { return 0, 0, fmt.Errorf("type of the TLV [%d] indicates it is not a PCR [%d] or a CCMR [%d] field ", tlv.Type, PCRTypeValue, CCMRTypeValue) } if uint32(len(tlv.Value)) != regIndexValueLength { return 0, 0, fmt.Errorf( "length of the value of the TLV [%d] doesn't match the defined length [%d] of value for a register index field", len(tlv.Value), regIndexValueLength) } return tlv.Type, tlv.Value[0], nil } func createDigestField(digestMap map[crypto.Hash][]byte) (TLV, error) { var buf bytes.Buffer for hashAlgo, hash := range digestMap { if len(hash) != hashAlgo.Size() { return TLV{}, fmt.Errorf("digest length [%d] doesn't match the expected length [%d] for the hash algorithm", len(hash), hashAlgo.Size()) } tpmHashAlg, err := tpm2.HashToAlgorithm(hashAlgo) if err != nil { return TLV{}, err } singleDigestTLV := TLV{uint8(tpmHashAlg), hash} d, err := singleDigestTLV.MarshalBinary() if err != nil { return TLV{}, err } _, err = buf.Write(d) if err != nil { return TLV{}, err } } return TLV{digestsTypeValue, buf.Bytes()}, nil } // UnmarshalDigests takes in a TLV with its type equals to the digests type value (3), and // return its digests content in a map, the key is its TPM hash algorithm. func unmarshalDigests(tlv TLV) (digestsMap map[crypto.Hash][]byte, err error) { if tlv.Type != digestsTypeValue { return nil, fmt.Errorf("type of the TLV indicates it doesn't contain digests") } buf := bytes.NewBuffer(tlv.Value) digestsMap = make(map[crypto.Hash][]byte) for buf.Len() > 0 { digestTLV, err := UnmarshalFirstTLV(buf) if err == io.EOF { return nil, fmt.Errorf("buffer ends unexpectedly") } else if err != nil { return nil, err } hashAlg, err := tpm2.Algorithm(digestTLV.Type).Hash() if err != nil { return nil, err } digestsMap[hashAlg] = digestTLV.Value } return digestsMap, nil } // EncodeCELR encodes the CELR to bytes according to the CEL spec and write them // to the bytes byffer. func (r *Record) EncodeCELR(buf *bytes.Buffer) error { recnumField, err := createRecNumField(r.RecNum).MarshalBinary() if err != nil { return err } indexField, err := createIndexField(r.IndexType, r.Index).MarshalBinary() if err != nil { return err } digests, err := createDigestField(r.Digests) if err != nil { return err } digestsField, err := digests.MarshalBinary() if err != nil { return err } eventField, err := r.Content.MarshalBinary() if err != nil { return err } _, err = buf.Write(recnumField) if err != nil { return err } _, err = buf.Write(indexField) if err != nil { return err } _, err = buf.Write(digestsField) if err != nil { return err } _, err = buf.Write(eventField) if err != nil { return err } return nil } // EncodeCEL encodes the CEL to bytes according to the CEL spec and write them // to the bytes buffer. func (c *CEL) EncodeCEL(buf *bytes.Buffer) error { for _, record := range c.Records { if err := record.EncodeCELR(buf); err != nil { return err } } return nil } // DecodeToCEL will read the buf for CEL, will return err if the buffer // is not complete. func DecodeToCEL(buf *bytes.Buffer) (CEL, error) { var cel CEL for buf.Len() > 0 { celr, err := DecodeToCELR(buf) if err == io.EOF { return CEL{}, fmt.Errorf("buffer ends unexpectedly") } if err != nil { return CEL{}, err } cel.Records = append(cel.Records, celr) } return cel, nil } // DecodeToCELR will read the buf for the next CELR, will return err if // failed to unmarshal a correct CELR TLV from the buffer. func DecodeToCELR(buf *bytes.Buffer) (r Record, err error) { recnum, err := UnmarshalFirstTLV(buf) if err != nil { return Record{}, err } r.RecNum, err = unmarshalRecNum(recnum) if err != nil { return Record{}, err } regIndex, err := UnmarshalFirstTLV(buf) if err != nil { return Record{}, err } r.IndexType, r.Index, err = unmarshalIndex(regIndex) if err != nil { return Record{}, err } digests, err := UnmarshalFirstTLV(buf) if err != nil { return Record{}, err } r.Digests, err = unmarshalDigests(digests) if err != nil { return Record{}, err } r.Content, err = UnmarshalFirstTLV(buf) if err != nil { return Record{}, err } return r, nil } // Replay takes the digests from a Canonical Event Log and carries out the // extend sequence for each register (PCR, RTMR) in the log. It then compares // the final digests against a bank of register values to see if they match. // make sure CEL has only one indexType event func (c *CEL) Replay(regs register.MRBank) error { cryptoHash, err := regs.CryptoHash() if err != nil { return err } replayed := make(map[uint8][]byte) for _, record := range c.Records { if _, ok := replayed[record.Index]; !ok { replayed[record.Index] = make([]byte, cryptoHash.Size()) } hasher := cryptoHash.New() digestsMap := record.Digests digest, ok := digestsMap[cryptoHash] if !ok { return fmt.Errorf("the CEL record did not contain a %v digest", cryptoHash) } hasher.Write(replayed[record.Index]) hasher.Write(digest) replayed[record.Index] = hasher.Sum(nil) } // to a map for easy matching registers := make(map[int][]byte) for _, r := range regs.MRs() { registers[r.Idx()] = r.Dgst() } var failedReplayRegs []uint8 for replayReg, replayDigest := range replayed { bankDigest, ok := registers[int(replayReg)] if !ok { return fmt.Errorf("the CEL contains record(s) for register %d without a matching register in the given bank to verify", replayReg) } if !bytes.Equal(bankDigest, replayDigest) { failedReplayRegs = append(failedReplayRegs, replayReg) } } if len(failedReplayRegs) == 0 { return nil } return fmt.Errorf("CEL replay failed for these registers in bank %v: %v", cryptoHash, failedReplayRegs) } // VerifyDigests checks the digest generated by the given record's content to make sure they are equal to // the digests in the digestMap. func VerifyDigests(c Content, digestMap map[crypto.Hash][]byte) error { for hash, digest := range digestMap { generatedDigest, err := c.GenerateDigest(hash) if err != nil { return err } if !bytes.Equal(generatedDigest, digest) { return fmt.Errorf("CEL record content digest verification failed for %s", hash) } } return nil } go-tpm-tools-0.4.7/cel/canonical_eventlog_test.go000066400000000000000000000174021510276467000220620ustar00rootroot00000000000000package cel import ( "bytes" "crypto" "crypto/rand" "io" "reflect" "testing" "github.com/google/go-configfs-tsm/configfs/configfsi" "github.com/google/go-configfs-tsm/configfs/fakertmr" configfstsmrtmr "github.com/google/go-configfs-tsm/rtmr" "github.com/google/go-eventlog/proto/state" "github.com/google/go-eventlog/register" "github.com/google/go-tpm-tools/client" "github.com/google/go-tpm-tools/internal/test" "github.com/google/go-tpm/legacy/tpm2" "github.com/google/go-tpm/tpmutil" ) var measuredHashes = []crypto.Hash{crypto.SHA1, crypto.SHA256} func TestCELEncodingDecoding(t *testing.T) { tpm := test.GetTPM(t) defer client.CheckedClose(t, tpm) cel := &CEL{} cosEvent := CosTlv{ImageDigestType, []byte("sha256:781d8dfdd92118436bd914442c8339e653b83f6bf3c1a7a98efcfb7c4fed7483")} appendPcrEventOrFatal(t, cel, tpm, test.DebugPCR, cosEvent) cosEvent2 := CosTlv{ImageRefType, []byte("docker.io/bazel/experimental/test:latest")} appendPcrEventOrFatal(t, cel, tpm, test.ApplicationPCR, cosEvent2) var buf bytes.Buffer if err := cel.EncodeCEL(&buf); err != nil { t.Fatal(err) } decodedcel, err := DecodeToCEL(&buf) if err != nil { t.Fatal(err) } if len(decodedcel.Records) != 2 { t.Errorf("should have two records") } if decodedcel.Records[0].RecNum != 0 { t.Errorf("recnum mismatch") } if decodedcel.Records[1].RecNum != 1 { t.Errorf("recnum mismatch") } if decodedcel.Records[0].IndexType != PCRTypeValue { t.Errorf("index type mismatch") } if decodedcel.Records[0].Index != uint8(test.DebugPCR) { t.Errorf("pcr value mismatch") } if decodedcel.Records[1].IndexType != PCRTypeValue { t.Errorf("index type mismatch") } if decodedcel.Records[1].Index != uint8(test.ApplicationPCR) { t.Errorf("pcr value mismatch") } if !reflect.DeepEqual(decodedcel.Records, cel.Records) { t.Errorf("decoded CEL doesn't equal to the original one") } } func TestCELMeasureAndReplay(t *testing.T) { tpm := test.GetTPM(t) defer client.CheckedClose(t, tpm) fakeRTMR := fakertmr.CreateRtmrSubsystem(t.TempDir()) err := tpm2.PCRReset(tpm, tpmutil.Handle(test.DebugPCR)) if err != nil { t.Fatal(err) } err = tpm2.PCRReset(tpm, tpmutil.Handle(test.ApplicationPCR)) if err != nil { t.Fatal(err) } cel := &CEL{} celRTMR := &CEL{} cosEvent := CosTlv{ImageRefType, []byte("docker.io/bazel/experimental/test:latest")} someEvent2 := make([]byte, 10) rand.Read(someEvent2) cosEvent2 := CosTlv{ImageDigestType, someEvent2} appendPcrEventOrFatal(t, cel, tpm, test.DebugPCR, cosEvent) appendRtmrEventOrFatal(t, celRTMR, fakeRTMR, CosRTMR, cosEvent) appendPcrEventOrFatal(t, cel, tpm, test.DebugPCR, cosEvent2) appendRtmrEventOrFatal(t, celRTMR, fakeRTMR, CosRTMR, cosEvent) appendPcrEventOrFatal(t, cel, tpm, test.ApplicationPCR, cosEvent2) appendRtmrEventOrFatal(t, celRTMR, fakeRTMR, CosRTMR, cosEvent2) appendPcrEventOrFatal(t, cel, tpm, test.ApplicationPCR, cosEvent) appendRtmrEventOrFatal(t, celRTMR, fakeRTMR, CosRTMR, cosEvent) appendPcrEventOrFatal(t, cel, tpm, test.ApplicationPCR, cosEvent) appendRtmrEventOrFatal(t, celRTMR, fakeRTMR, CosRTMR, cosEvent) replay(t, cel, tpm, measuredHashes, []int{test.DebugPCR, test.ApplicationPCR}, true /*shouldSucceed*/) // Supersets should pass. replay(t, cel, tpm, measuredHashes, []int{0, 13, 14, test.DebugPCR, 22, test.ApplicationPCR}, true /*shouldSucceed*/) replayRTMR(t, celRTMR, fakeRTMR, []int{0, 1, 2, 3}, true /*shouldSucceed*/) } func TestCELReplayFailTamperedDigest(t *testing.T) { tpm := test.GetTPM(t) defer client.CheckedClose(t, tpm) cel := &CEL{} cosEvent := CosTlv{ImageRefType, []byte("docker.io/bazel/experimental/test:latest")} someEvent2 := make([]byte, 10) rand.Read(someEvent2) cosEvent2 := CosTlv{ImageDigestType, someEvent2} appendPcrEventOrFatal(t, cel, tpm, test.DebugPCR, cosEvent) appendPcrEventOrFatal(t, cel, tpm, test.DebugPCR, cosEvent2) appendPcrEventOrFatal(t, cel, tpm, test.ApplicationPCR, cosEvent2) appendPcrEventOrFatal(t, cel, tpm, test.ApplicationPCR, cosEvent) appendPcrEventOrFatal(t, cel, tpm, test.ApplicationPCR, cosEvent) modifiedRecord := cel.Records[3] for hash := range modifiedRecord.Digests { newDigest := make([]byte, hash.Size()) rand.Read(newDigest) modifiedRecord.Digests[hash] = newDigest } replay(t, cel, tpm, measuredHashes, []int{test.DebugPCR, test.ApplicationPCR}, false /*shouldSucceed*/) } func TestCELReplayEmpty(t *testing.T) { tpm := test.GetTPM(t) defer client.CheckedClose(t, tpm) cel := &CEL{} replay(t, cel, tpm, []crypto.Hash{crypto.SHA1, crypto.SHA256}, []int{test.DebugPCR, test.ApplicationPCR}, true /*shouldSucceed*/) } func TestCELReplayFailMissingPCRsInBank(t *testing.T) { tpm := test.GetTPM(t) defer client.CheckedClose(t, tpm) cel := &CEL{} someEvent := make([]byte, 10) someEvent2 := make([]byte, 10) rand.Read(someEvent2) appendPcrEventOrFatal(t, cel, tpm, test.DebugPCR, CosTlv{ImageRefType, someEvent}) appendPcrEventOrFatal(t, cel, tpm, test.ApplicationPCR, CosTlv{ImageDigestType, someEvent2}) replay(t, cel, tpm, measuredHashes, []int{test.DebugPCR}, false /*shouldSucceed*/) replay(t, cel, tpm, measuredHashes, []int{test.ApplicationPCR}, false /*shouldSucceed*/) } func TestCELMeasureToAllPCRBanks(t *testing.T) { tpm := test.GetTPM(t) defer client.CheckedClose(t, tpm) pcrs, err := client.ReadAllPCRs(tpm) if err != nil { t.Fatal(err) } for _, bank := range pcrs { // make sure debug pcr is empty before the append if !isZeroBytes(bank.Pcrs[uint32(test.DebugPCR)]) { t.Fatalf("PCR %d in bank %s is not empty before appending event", test.DebugPCR, bank.Hash.String()) } } cel := &CEL{} someEvent := make([]byte, 10) appendPcrEventOrFatal(t, cel, tpm, test.DebugPCR, CosTlv{ImageRefType, someEvent}) pcrs, err = client.ReadAllPCRs(tpm) if err != nil { t.Fatal(err) } for _, bank := range pcrs { // make sure debug pcr is NOT empty after the append if isZeroBytes(bank.Pcrs[uint32(test.DebugPCR)]) { t.Fatalf("PCR %d in bank %s is empty after appending event", test.DebugPCR, bank.Hash.String()) } } } func isZeroBytes(bs []byte) bool { allZeros := make([]byte, len(bs)) return bytes.Equal(allZeros, bs) } func replay(t *testing.T, cel *CEL, tpm io.ReadWriteCloser, measuredHashes []crypto.Hash, pcrs []int, shouldSucceed bool) { for _, hash := range measuredHashes { tpm2Hash, err := tpm2.HashToAlgorithm(hash) if err != nil { t.Fatal(err) } pcrMap, err := tpm2.ReadPCRs(tpm, tpm2.PCRSelection{Hash: tpm2Hash, PCRs: pcrs}) if err != nil { t.Fatal(err) } pcrBank := register.PCRBank{TCGHashAlgo: state.HashAlgo(tpm2Hash)} for index, val := range pcrMap { pcrBank.PCRs = append(pcrBank.PCRs, register.PCR{ Index: index, Digest: val, DigestAlg: hash}) } if err := cel.Replay(pcrBank); shouldSucceed && err != nil { t.Errorf("failed to replay CEL on %v bank: %v", hash, err) } } } func replayRTMR(t *testing.T, cel *CEL, rtmr *fakertmr.RtmrSubsystem, rtmrs []int, shouldSucceed bool) { rtmrBank := register.RTMRBank{} // RTMR 0 to 3 for _, rtmrIndex := range rtmrs { digest, err := configfstsmrtmr.GetDigest(rtmr, rtmrIndex) if err != nil { t.Fatal(err) } rtmrBank.RTMRs = append(rtmrBank.RTMRs, register.RTMR{ Index: rtmrIndex, Digest: digest.Digest}) } if err := cel.Replay(rtmrBank); shouldSucceed && err != nil { t.Errorf("failed to replay RTMR: %v", err) } } func appendPcrEventOrFatal(t *testing.T, cel *CEL, tpm io.ReadWriteCloser, pcr int, event Content) { if err := cel.AppendEventPCR(tpm, pcr, event); err != nil { t.Fatalf("failed to append PCR event: %v", err) } } func appendRtmrEventOrFatal(t *testing.T, cel *CEL, rtmrClient configfsi.Client, rtmr int, event Content) { if err := cel.AppendEventRTMR(rtmrClient, rtmr, event); err != nil { t.Fatalf("failed to append RTMR event: %v", err) } } go-tpm-tools-0.4.7/cel/cos_tlv.go000066400000000000000000000076761510276467000166560ustar00rootroot00000000000000package cel import ( "crypto" "fmt" "regexp" "strings" "unicode/utf8" ) const ( // CosEventType indicates the CELR event is a COS content // TODO: the value needs to be reserved in the CEL spec CosEventType uint8 = 80 // CosEventPCR is the PCR which should be used for CosEventType events. CosEventPCR = 13 // CosRTMR is the RTMR to be extended for COS events // According to https://uefi.org/specs/UEFI/2.10/38_Confidential_Computing.html // CCELMRIndex TDX Register // 0 MRTD // 1 RTMR[0] // 2 RTMR[1] // 3 RTMR[2] // So: // 4 RTMR[3] CosRTMR = 3 // CosCCELMRIndex is the CCMR index to use in eventlog for COS events. CosCCELMRIndex = 4 ) // CosType represent a COS content type in a CEL record content. type CosType uint8 // Type for COS nested events const ( ImageRefType CosType = iota ImageDigestType RestartPolicyType ImageIDType ArgType EnvVarType OverrideArgType OverrideEnvType // EventContent is empty on success, or contains an error message on failure. LaunchSeparatorType MemoryMonitorType GpuCCModeType ) // CosTlv is a specific event type created for the COS (Google Container-Optimized OS), // used as a CEL content. type CosTlv struct { EventType CosType EventContent []byte } // GetTLV returns the TLV representation of the COS TLV. func (c CosTlv) GetTLV() (TLV, error) { data, err := TLV{uint8(c.EventType), c.EventContent}.MarshalBinary() if err != nil { return TLV{}, err } return TLV{ Type: CosEventType, Value: data, }, nil } // GenerateDigest generates the digest for the given COS TLV. The whole TLV struct will // be marshaled to bytes and feed into the hash algo. func (c CosTlv) GenerateDigest(hashAlgo crypto.Hash) ([]byte, error) { contentTLV, err := c.GetTLV() if err != nil { return nil, err } b, err := contentTLV.MarshalBinary() if err != nil { return nil, err } hash := hashAlgo.New() if _, err = hash.Write(b); err != nil { return nil, err } return hash.Sum(nil), nil } // ParseToCosTlv constructs a CosTlv from a TLV. It will check for the correct COS event // type, and unmarshal the nested event. func (t TLV) ParseToCosTlv() (CosTlv, error) { if !t.IsCosTlv() { return CosTlv{}, fmt.Errorf("TLV type %v is not a COS event", t.Type) } nestedEvent := TLV{} err := nestedEvent.UnmarshalBinary(t.Value) if err != nil { return CosTlv{}, err } return CosTlv{CosType(nestedEvent.Type), nestedEvent.Value}, nil } // IsCosTlv check whether a TLV is a COS TLV by its Type value. func (t TLV) IsCosTlv() bool { return t.Type == CosEventType } // FormatEnvVar takes in an environment variable name and its value, run some checks. Concats // the name and value by '=' and returns it if valid; returns an error if the name or value // is invalid. func FormatEnvVar(name string, value string) (string, error) { if !utf8.ValidString(name) { return "", fmt.Errorf("malformed env name, contains non-utf8 character: [%s]", name) } if !utf8.ValidString(value) { return "", fmt.Errorf("malformed env value, contains non-utf8 character: [%s]", value) } var envVarNameRegexp = regexp.MustCompile("^[a-zA-Z_][a-zA-Z0-9_]*$") if !envVarNameRegexp.MatchString(name) { return "", fmt.Errorf("malformed env name [%s], env name must start with an alpha character or '_', followed by a string of alphanumeric characters or '_' (%s)", name, envVarNameRegexp) } return name + "=" + value, nil } // ParseEnvVar takes in environment variable as a string (foo=bar), parses it and returns its name // and value, or an error if it fails the validation check. func ParseEnvVar(envvar string) (string, string, error) { // switch to strings.Cut when upgrading to go 1.18 e := strings.SplitN(string(envvar), "=", 2) if len(e) < 2 { return "", "", fmt.Errorf("malformed env var, doesn't contain '=': [%s]", envvar) } if _, err := FormatEnvVar(e[0], e[1]); err != nil { return "", "", err } return e[0], e[1], nil } go-tpm-tools-0.4.7/cel/cos_tlv_test.go000066400000000000000000000111351510276467000176760ustar00rootroot00000000000000package cel import ( "bytes" "strings" "testing" "github.com/google/go-cmp/cmp" "github.com/google/go-tpm-tools/client" "github.com/google/go-tpm-tools/internal/test" pb "github.com/google/go-tpm-tools/proto/attest" ) func TestCosEventlog(t *testing.T) { tpm := test.GetTPM(t) defer client.CheckedClose(t, tpm) cel := &CEL{} testEvents := []struct { cosNestedEventType CosType pcr int eventPayload []byte }{ {ImageRefType, test.DebugPCR, []byte("docker.io/bazel/experimental/test:latest")}, {ImageDigestType, test.DebugPCR, []byte("sha256:781d8dfdd92118436bd914442c8339e653b83f6bf3c1a7a98efcfb7c4fed7483")}, {RestartPolicyType, test.DebugPCR, []byte(pb.RestartPolicy_Never.String())}, {ImageIDType, test.DebugPCR, []byte("sha256:5DF4A1AC347DCF8CF5E9D0ABC04B04DB847D1B88D3B1CC1006F0ACB68E5A1F4B")}, {EnvVarType, test.DebugPCR, []byte("foo=bar")}, {EnvVarType, test.DebugPCR, []byte("override-env-1=foo")}, {EnvVarType, test.DebugPCR, []byte("baz=foo=bar")}, {EnvVarType, test.DebugPCR, []byte("empty=")}, {EnvVarType, test.DebugPCR, []byte("override-env-2=foo")}, {OverrideEnvType, test.DebugPCR, []byte("override-env-1=foo")}, {OverrideEnvType, test.DebugPCR, []byte("override-env-2=foo")}, {ArgType, test.DebugPCR, []byte("--x")}, {ArgType, test.DebugPCR, []byte("--override-arg-1")}, {ArgType, test.DebugPCR, []byte("--override-arg-2")}, {OverrideArgType, test.DebugPCR, []byte("--override-arg1")}, {OverrideArgType, test.DebugPCR, []byte("--override-arg2")}, } for _, testEvent := range testEvents { cosEvent := CosTlv{testEvent.cosNestedEventType, testEvent.eventPayload} if err := cel.AppendEventPCR(tpm, testEvent.pcr, cosEvent); err != nil { t.Fatal(err) } } var buf bytes.Buffer if err := cel.EncodeCEL(&buf); err != nil { t.Fatal(err) } decodedcel, err := DecodeToCEL(&buf) if err != nil { t.Fatal(err) } if len(decodedcel.Records) != len(testEvents) { t.Errorf("should have %d records, but got %d", len(testEvents), len(decodedcel.Records)) } for i, testEvent := range testEvents { extractedCos, err := decodedcel.Records[i].Content.ParseToCosTlv() if err != nil { t.Fatal(err) } want := CosTlv{testEvent.cosNestedEventType, testEvent.eventPayload} if !cmp.Equal(extractedCos, want) { t.Errorf("decoded COS TLV got %+v, want %+v", extractedCos, want) } } } func TestParseEnvVar(t *testing.T) { tests := []struct { testName string envVar string envName string envValue string expectedErrSubstring string }{ {"normal case 1", "foo=bar", "foo", "bar", ""}, {"normal case 2", "FOO=1", "FOO", "1", ""}, {"normal case 3", "SESSION_MANAGER=\"`\\local/:@?%/tmp/.u/1,unix/.com:/tmp/.u/5\"", "SESSION_MANAGER", "\"`\\local/:@?%/tmp/.u/1,unix/.com:/tmp/.u/5\"", ""}, {"no =", "foo", "", "", "malformed env var, doesn't contain '='"}, {"empty", "", "", "", "malformed env var, doesn't contain '='"}, {"empty value", "foo=", "foo", "", ""}, {"multiple =", "foo=bar=baz=", "foo", "bar=baz=", ""}, {"bad name", "3foo=bar=baz=", "", "", "env name must start with an alpha character or '_'"}, {"bad name quote", "foo\"=bar=baz=", "", "", "env name must start with an alpha character or '_'"}, {"empty name", "=bar=baz=", "", "", "env name must start with an alpha character or '_'"}, {"non utf-8 value", string([]byte{'f', '=', 0xC0, 2, 2, '='}), "", "", "malformed env value, contains non-utf8 character"}, {"non utf-8 name", string([]byte{'a', 0xC0, 2, 2, '='}), "", "", "malformed env name, contains non-utf8 character"}, } for _, test := range tests { t.Run(test.testName, func(t *testing.T) { n, v, err := ParseEnvVar(test.envVar) if n != test.envName { t.Errorf("envName mismatch, want [%s], got [%s]", test.envName, n) } if v != test.envValue { t.Errorf("envValue mismatch, want [%s], got [%s]", test.envValue, v) } if test.expectedErrSubstring == "" { if err != nil { t.Errorf("expected no error, but got [%s]", err) } else { formattedEnvVar, err := FormatEnvVar(test.envName, test.envValue) if err != nil { t.Errorf("expected no error, but got [%s]", err) } else if formattedEnvVar != test.envVar { t.Errorf("formattedEnvVar mismatch, want [%s], got [%s]", test.envVar, formattedEnvVar) } } } else { if err == nil { t.Errorf("expected error substring [%s], but got no error", test.expectedErrSubstring) } else if !strings.Contains(err.Error(), test.expectedErrSubstring) { t.Errorf("expected error substring [%s], but got [%v]", test.expectedErrSubstring, err) } } }) } } go-tpm-tools-0.4.7/client/000077500000000000000000000000001510276467000153515ustar00rootroot00000000000000go-tpm-tools-0.4.7/client/attest.go000066400000000000000000000263321510276467000172120ustar00rootroot00000000000000package client import ( "fmt" "net/http" sabi "github.com/google/go-sev-guest/abi" sg "github.com/google/go-sev-guest/client" tg "github.com/google/go-tdx-guest/client" tabi "github.com/google/go-tdx-guest/client/linuxabi" tpb "github.com/google/go-tdx-guest/proto/tdx" "github.com/google/go-tpm-tools/internal" pb "github.com/google/go-tpm-tools/proto/attest" ) // TEEDevice is an interface to add an attestation report from a TEE technology's // attestation driver or quote provider. type TEEDevice interface { // AddAttestation uses the TEE device's attestation driver or quote provider to collect an // attestation report, then adds it to the correct field of `attestation`. AddAttestation(attestation *pb.Attestation, options AttestOpts) error // Close finalizes any resources in use by the TEEDevice. Close() error } // AttestOpts allows for customizing the functionality of Attest. type AttestOpts struct { // A unique, application-specific nonce used to guarantee freshness of the // attestation. This must not be empty, and should generally be long enough // to make brute force attacks infeasible. // // For security reasons, applications should not allow for attesting with // arbitrary, externally-provided nonces. The nonce should be prefixed or // otherwise bound (i.e. via a KDF) to application-specific data. For more // information on why this is an issue, see this paper on robust remote // attestation protocols: // https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.70.4562&rep=rep1&type=pdf Nonce []byte // TCG Event Log to add to the attestation. // If not specified then it take Event Log by calling GetEventLog(). TCGEventLog []byte // TCG Canonical Event Log to add to the attestation. // Currently, we only support PCR replay for PCRs orthogonal to those in the // firmware event log, where PCRs 0-9 and 14 are often measured. If the two // logs overlap, server-side verification using this library may fail. // Deprecated: Manually populate the pb.Attestation instead. CanonicalEventLog []byte // If non-nil, will be used to fetch the AK certificate chain for validation. // Key.Attest() will construct the certificate chain by making GET requests to // the contents of Key.cert.IssuingCertificateURL using this client. CertChainFetcher *http.Client // TEEDevice implements the TEEDevice interface for collecting a Trusted execution // environment attestation. If nil, then Attest will try all known TEE devices, // and TEENonce must be nil. If not nil, Attest will not call Close() on the device. TEEDevice TEEDevice // TEENonce is the nonce that will be used in the TEE's attestation collection // mechanism. It is expected to be the size required by the technology. If nil, // then the nonce will be populated with Nonce, either truncated or zero-filled // depending on the technology's size. Leaving this nil is not recommended. If // nil, then TEEDevice must be nil. TEENonce []byte // Setting this skips attaching the TEE attestation SkipTeeAttestation bool } // SevSnpQuoteProvider encapsulates the SEV-SNP attestation device to add its attestation report // to a pb.Attestation. type SevSnpQuoteProvider struct { QuoteProvider sg.QuoteProvider } // TdxDevice encapsulates the TDX attestation device to add its attestation quote // to a pb.Attestation. // Deprecated: TdxDevice is deprecated. It is recommended to use TdxQuoteProvider. type TdxDevice struct { Device tg.Device } // TdxQuoteProvider encapsulates the TDX attestation device to add its attestation quote // to a pb.Attestation. type TdxQuoteProvider struct { QuoteProvider tg.QuoteProvider } // AddAttestation will get the SEV-SNP attestation report given opts.TEENonce with // associated certificates and add them to `attestation`. If opts.TEENonce is empty, // then uses contents of opts.Nonce. func (d *SevSnpQuoteProvider) AddAttestation(attestation *pb.Attestation, opts AttestOpts) error { var snpNonce [sabi.ReportDataSize]byte if len(opts.TEENonce) == 0 { copy(snpNonce[:], opts.Nonce) } else if len(opts.TEENonce) != sabi.ReportDataSize { return fmt.Errorf("the TEENonce size is %d. SEV-SNP device requires 64", len(opts.TEENonce)) } else { copy(snpNonce[:], opts.TEENonce) } raw, err := d.QuoteProvider.GetRawQuote(snpNonce) if err != nil { return err } extReport, err := sabi.ReportCertsToProto(raw) if err != nil { return err } attestation.TeeAttestation = &pb.Attestation_SevSnpAttestation{ SevSnpAttestation: extReport, } return nil } // Close is a no-op. func (d *SevSnpQuoteProvider) Close() error { return nil } // CreateSevSnpQuoteProvider creates the SEV-SNP quote provider and wraps it with behavior // that allows it to add an attestation quote to pb.Attestation. func CreateSevSnpQuoteProvider() (TEEDevice, error) { qp, err := sg.GetQuoteProvider() if err != nil { return nil, err } if !qp.IsSupported() { return nil, fmt.Errorf("sev-snp attestation reports not available") } return &SevSnpQuoteProvider{QuoteProvider: qp}, nil } // CreateTdxDevice opens the TDX attestation driver and wraps it with behavior // that allows it to add an attestation quote to pb.Attestation. // Deprecated: TdxDevice is deprecated, and use of CreateTdxQuoteProvider is // recommended to create a TEEDevice. func CreateTdxDevice() (*TdxDevice, error) { d, err := tg.OpenDevice() if err != nil { return nil, err } return &TdxDevice{Device: d}, nil } // AddAttestation will get the TDX attestation quote given opts.TEENonce // and add them to `attestation`. If opts.TEENonce is empty, then uses // contents of opts.Nonce. func (d *TdxDevice) AddAttestation(attestation *pb.Attestation, opts AttestOpts) error { var tdxNonce [tabi.TdReportDataSize]byte err := fillTdxNonce(opts, tdxNonce[:]) if err != nil { return err } quote, err := tg.GetQuote(d.Device, tdxNonce) if err != nil { return err } return setTeeAttestationTdxQuote(quote, attestation) } // Close will free the device handle held by the TdxDevice. Calling more // than once has no effect. func (d *TdxDevice) Close() error { if d.Device != nil { err := d.Device.Close() d.Device = nil return err } return nil } // CreateTdxQuoteProvider creates the TDX quote provider and wraps it with behavior // that allows it to add an attestation quote to pb.Attestation. func CreateTdxQuoteProvider() (*TdxQuoteProvider, error) { qp, err := tg.GetQuoteProvider() if err != nil { return nil, err } if qp.IsSupported() != nil { // TDX quote provider has a fallback mechanism to fetch attestation quote // via device driver in case ConfigFS is not supported, so checking for TDX // device availability here. Once Device interface is fully removed from // subsequent go-tdx-guest versions, then below OpenDevice call should be // removed as well. d, err2 := tg.OpenDevice() if err2 != nil { return nil, fmt.Errorf("neither TDX device, nor quote provider is supported") } d.Close() } return &TdxQuoteProvider{QuoteProvider: qp}, nil } // AddAttestation will get the TDX attestation quote given opts.TEENonce // and add them to `attestation`. If opts.TEENonce is empty, then uses // contents of opts.Nonce. func (qp *TdxQuoteProvider) AddAttestation(attestation *pb.Attestation, opts AttestOpts) error { var tdxNonce [tabi.TdReportDataSize]byte err := fillTdxNonce(opts, tdxNonce[:]) if err != nil { return err } quote, err := tg.GetQuote(qp.QuoteProvider, tdxNonce) if err != nil { return err } return setTeeAttestationTdxQuote(quote, attestation) } // Close will free resources held by QuoteProvider. func (qp *TdxQuoteProvider) Close() error { return nil } func fillTdxNonce(opts AttestOpts, tdxNonce []byte) error { if len(opts.TEENonce) == 0 { copy(tdxNonce[:], opts.Nonce) } else if len(opts.TEENonce) != tabi.TdReportDataSize { return fmt.Errorf("the TEENonce size is %d. Intel TDX device requires %d", len(opts.TEENonce), tabi.TdReportDataSize) } else { copy(tdxNonce[:], opts.TEENonce) } return nil } func setTeeAttestationTdxQuote(quote any, attestation *pb.Attestation) error { switch q := quote.(type) { case *tpb.QuoteV4: attestation.TeeAttestation = &pb.Attestation_TdxAttestation{ TdxAttestation: q, } default: return fmt.Errorf("unsupported quote type: %T", quote) } return nil } // Does best effort to get a TEE hardware rooted attestation, but won't fail fatally // unless the user provided a TEEDevice object. func getTEEAttestationReport(attestation *pb.Attestation, opts AttestOpts) error { if opts.SkipTeeAttestation { return nil } device := opts.TEEDevice if device != nil { return device.AddAttestation(attestation, opts) } // TEEDevice can't be nil while TEENonce is non-nil if opts.TEENonce != nil { return fmt.Errorf("got non-nil TEENonce when TEEDevice is nil: %v", opts.TEENonce) } // Try SEV-SNP. if sevqp, err := CreateSevSnpQuoteProvider(); err == nil { // Don't return errors if the attestation collection fails, since // the user didn't specify a TEEDevice. sevqp.AddAttestation(attestation, opts) return nil } // Try TDX. if quoteProvider, err := CreateTdxQuoteProvider(); err == nil { // Don't return errors if the attestation collection fails, since // the user didn't specify a TEEDevice. quoteProvider.AddAttestation(attestation, opts) quoteProvider.Close() return nil } // Add more devices here. return nil } // Attest generates an Attestation containing the TCG Event Log and a Quote over // all PCR banks. The provided nonce can be used to guarantee freshness of the // attestation. This function will return an error if the key is not a // restricted signing key. // // AttestOpts is used for additional configuration of the Attestation process. // This is primarily used to pass the attestation's nonce: // // attestation, err := key.Attest(client.AttestOpts{Nonce: my_nonce}) func (k *Key) Attest(opts AttestOpts) (*pb.Attestation, error) { if len(opts.Nonce) == 0 { return nil, fmt.Errorf("provided nonce must not be empty") } sels, err := AllocatedPCRs(k.rw) if err != nil { return nil, err } attestation := pb.Attestation{} if attestation.AkPub, err = k.PublicArea().Encode(); err != nil { return nil, fmt.Errorf("failed to encode public area: %w", err) } attestation.AkCert = k.CertDERBytes() for _, sel := range sels { quote, err := k.Quote(sel, opts.Nonce) if err != nil { return nil, err } attestation.Quotes = append(attestation.Quotes, quote) } if opts.TCGEventLog == nil { if attestation.EventLog, err = GetEventLog(k.rw); err != nil { return nil, fmt.Errorf("failed to retrieve TCG Event Log: %w", err) } } else { attestation.EventLog = opts.TCGEventLog } if len(opts.CanonicalEventLog) != 0 { attestation.CanonicalEventLog = opts.CanonicalEventLog } // Attempt to construct certificate chain. fetchIssuingCertificate checks if // AK cert is present and contains intermediate cert URLs. if opts.CertChainFetcher != nil { attestation.IntermediateCerts, err = internal.GetCertificateChain(k.cert, opts.CertChainFetcher) if err != nil { return nil, fmt.Errorf("fetching certificate chain: %w", err) } } // TODO: issues/504 this should be outside of this function, not related to TPM attestation if err := getTEEAttestationReport(&attestation, opts); err != nil { return nil, fmt.Errorf("collecting TEE attestation report: %w", err) } return &attestation, nil } go-tpm-tools-0.4.7/client/attest_network_test.go000066400000000000000000000014741510276467000220220ustar00rootroot00000000000000package client import ( "crypto/x509" "net/http" "testing" "github.com/google/go-tpm-tools/internal" "github.com/google/go-tpm-tools/internal/test" pb "github.com/google/go-tpm-tools/proto/attest" "google.golang.org/protobuf/proto" ) var externalClient = http.DefaultClient func TestNetworkFetchIssuingCertificate(t *testing.T) { attestBytes := test.COS85Nonce9009 att := &pb.Attestation{} if err := proto.Unmarshal(attestBytes, att); err != nil { t.Fatalf("Failed to unmarshal test attestation: %v", err) } akCert, err := x509.ParseCertificate(att.AkCert) if err != nil { t.Fatalf("Error parsing AK Cert: %v", err) } certChain, err := internal.GetCertificateChain(akCert, externalClient) if err != nil { t.Error(err) } if len(certChain) == 0 { t.Error("Did not retrieve any certificates.") } } go-tpm-tools-0.4.7/client/attest_test.go000066400000000000000000000211231510276467000202420ustar00rootroot00000000000000package client import ( "bytes" "crypto/x509" "net/http" "net/http/httptest" "strings" "testing" "time" sgtest "github.com/google/go-sev-guest/testing" testclient "github.com/google/go-sev-guest/testing/client" tgtest "github.com/google/go-tdx-guest/testing" tgtestclient "github.com/google/go-tdx-guest/testing/client" tgtestdata "github.com/google/go-tdx-guest/testing/testdata" "github.com/google/go-tpm-tools/internal/test" pb "github.com/google/go-tpm-tools/proto/attest" ) var localClient = http.DefaultClient func TestKeyAttestSucceedsWithCertChainRetrieval(t *testing.T) { testCA, caKey := test.GetTestCert(t, nil, nil, nil) caServer := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, _ *http.Request) { rw.WriteHeader(http.StatusOK) rw.Write(testCA.Raw) })) defer caServer.Close() leafCert, _ := test.GetTestCert(t, []string{caServer.URL}, testCA, caKey) rwc := test.GetTPM(t) defer CheckedClose(t, rwc) ak, err := AttestationKeyRSA(rwc) if err != nil { t.Fatalf("Failed to generate test AK: %v", err) } ak.cert = leafCert attestation, err := ak.Attest(AttestOpts{Nonce: []byte("some nonce"), CertChainFetcher: localClient}) if err != nil { t.Fatalf("Attest returned with error: %v", err) } // Expect one cert retrieved. if len(attestation.IntermediateCerts) != 1 { t.Fatalf("Got %v intermediate certs, want 1.", len(attestation.IntermediateCerts)) } if !bytes.Equal(attestation.IntermediateCerts[0], testCA.Raw) { t.Errorf("Attestation does not contain the expected intermediate cert: got %v, want %v", attestation.IntermediateCerts[0], testCA.Raw) } } func TestKeyAttestGetCertificateChainConditions(t *testing.T) { rwc := test.GetTPM(t) defer CheckedClose(t, rwc) ak, err := AttestationKeyRSA(rwc) if err != nil { t.Fatalf("Failed to generate test AK: %v", err) } akCert, _ := test.GetTestCert(t, nil, nil, nil) testcases := []struct { name string fetchCertChainClient *http.Client cert *x509.Certificate }{ { name: "CertChainFetcher is nil", fetchCertChainClient: nil, cert: nil, }, { name: "CertChainFetcher is present, key.cert is nil", fetchCertChainClient: localClient, cert: nil, }, { name: "CertChainFetcher is present, key.cert has nil IssuingCertificateURL", fetchCertChainClient: localClient, cert: akCert, }, } for _, tc := range testcases { t.Run(tc.name, func(t *testing.T) { ak.cert = tc.cert att, err := ak.Attest(AttestOpts{Nonce: []byte("some nonce"), CertChainFetcher: tc.fetchCertChainClient}) if err != nil { t.Fatalf("Attest returned error: %v", err) } if len(att.IntermediateCerts) != 0 { t.Errorf("Attest() returned with intermediate certs, expected no certs retrieved.") } }) } } func TestSevSnpQuoteProvider(t *testing.T) { rwc := test.GetTPM(t) defer CheckedClose(t, rwc) ak, err := AttestationKeyRSA(rwc) if err != nil { t.Fatalf("Failed to generate test AK: %v", err) } someNonce := []byte("some nonce") var someNonce64 [64]byte copy(someNonce64[:], someNonce) var nonce64 [64]byte copy(nonce64[:], []byte("noncey business")) sevTestQp, _, _, _ := testclient.GetSevQuoteProvider([]sgtest.TestCase{ { Input: someNonce64, Output: sgtest.TestRawReport(someNonce64), }, { Input: nonce64, Output: sgtest.TestRawReport(nonce64), }, }, &sgtest.DeviceOptions{Now: time.Now()}, t) testcases := []struct { name string opts AttestOpts wantReportData [64]byte wantErr string }{ { name: "Happy case no nonce", opts: AttestOpts{ Nonce: someNonce, CertChainFetcher: localClient, TEEDevice: &SevSnpQuoteProvider{sevTestQp}, }, wantReportData: someNonce64, }, { name: "Happy case with nonce", opts: AttestOpts{ Nonce: someNonce, CertChainFetcher: localClient, TEEDevice: &SevSnpQuoteProvider{sevTestQp}, TEENonce: nonce64[:], }, wantReportData: nonce64, }, { name: "TEE nonce without TEE", opts: AttestOpts{ Nonce: someNonce, CertChainFetcher: localClient, TEENonce: nonce64[:], }, wantErr: "got non-nil TEENonce when TEEDevice is nil", }, } for _, tc := range testcases { t.Run(tc.name, func(t *testing.T) { att, err := ak.Attest(tc.opts) if (err == nil && tc.wantErr != "") || (err != nil && !strings.Contains(err.Error(), tc.wantErr)) { t.Fatalf("Attest(%v) = %v, want %q", tc.opts, err, tc.wantErr) } // Successful attestation should include a SEV-SNP attestation. if err == nil { snp, ok := att.GetTeeAttestation().(*pb.Attestation_SevSnpAttestation) if !ok { t.Fatalf("Attestation missing SEV-SNP attestation: %v", att.GetTeeAttestation()) } report := snp.SevSnpAttestation.Report if !bytes.Equal(report.GetReportData(), tc.wantReportData[:]) { t.Fatalf("SEV-SNP nonces differ. Got %v, want %v", report.GetReportData(), tc.wantReportData) } } }) } } func TestTdxDevice(t *testing.T) { rwc := test.GetTPM(t) defer CheckedClose(t, rwc) ak, err := AttestationKeyRSA(rwc) if err != nil { t.Fatalf("Failed to generate test AK: %v", err) } someNonce := []byte("some nonce") var someNonce64 [64]byte copy(someNonce64[:], someNonce) var nonce64 [64]byte copy(nonce64[:], []byte("noncey business")) tdxTestDevice := tgtestclient.GetTdxGuest([]tgtest.TestCase{ { Input: someNonce64, Quote: tgtestdata.RawQuote, }, { Input: nonce64, Quote: tgtestdata.RawQuote, }, }, t) defer tdxTestDevice.Close() testcases := []struct { name string opts AttestOpts wantReportData [64]byte wantErr string }{ { name: "Happy case no nonce", opts: AttestOpts{ Nonce: someNonce, TEEDevice: &TdxDevice{tdxTestDevice}, }, wantReportData: someNonce64, }, { name: "Happy case with nonce", opts: AttestOpts{ Nonce: someNonce, TEEDevice: &TdxDevice{tdxTestDevice}, TEENonce: nonce64[:], }, wantReportData: nonce64, }, { name: "TEE nonce without TEE", opts: AttestOpts{ Nonce: someNonce, TEENonce: nonce64[:], }, wantErr: "got non-nil TEENonce when TEEDevice is nil", }, } for _, tc := range testcases { t.Run(tc.name, func(t *testing.T) { att, err := ak.Attest(tc.opts) if (err == nil && tc.wantErr != "") || (err != nil && !strings.Contains(err.Error(), tc.wantErr)) { t.Fatalf("Attest(%v) = %v, want %q", tc.opts, err, tc.wantErr) } // Successful attestation should include a TDX attestation. if err == nil { _, ok := att.GetTeeAttestation().(*pb.Attestation_TdxAttestation) if !ok { t.Fatalf("Attestation missing TDX attestation: %v", att.GetTeeAttestation()) } } }) } } func TestTdxQuoteProvider(t *testing.T) { rwc := test.GetTPM(t) defer CheckedClose(t, rwc) ak, err := AttestationKeyRSA(rwc) if err != nil { t.Fatalf("Failed to generate test AK: %v", err) } someNonce := []byte("some nonce") var someNonce64 [64]byte copy(someNonce64[:], someNonce) var nonce64 [64]byte copy(nonce64[:], []byte("noncey business")) mockTdxQuoteProvider := tgtestclient.GetMockTdxQuoteProvider([]tgtest.TestCase{ { Input: someNonce64, Quote: tgtestdata.RawQuote, }, { Input: nonce64, Quote: tgtestdata.RawQuote, }, }, t) testcases := []struct { name string opts AttestOpts wantReportData [64]byte wantErr string }{ { name: "Happy case no nonce", opts: AttestOpts{ Nonce: someNonce, TEEDevice: &TdxQuoteProvider{mockTdxQuoteProvider}, }, wantReportData: someNonce64, }, { name: "Happy case with nonce", opts: AttestOpts{ Nonce: someNonce, TEEDevice: &TdxQuoteProvider{mockTdxQuoteProvider}, TEENonce: nonce64[:], }, wantReportData: nonce64, }, { name: "TEE nonce without TEE", opts: AttestOpts{ Nonce: someNonce, TEENonce: nonce64[:], }, wantErr: "got non-nil TEENonce when TEEDevice is nil", }, } for _, tc := range testcases { t.Run(tc.name, func(t *testing.T) { att, err := ak.Attest(tc.opts) if (err == nil && tc.wantErr != "") || (err != nil && !strings.Contains(err.Error(), tc.wantErr)) { t.Fatalf("Attest(%v) = %v, want %q", tc.opts, err, tc.wantErr) } // Successful attestation should include a TDX attestation. if err == nil { _, ok := att.GetTeeAttestation().(*pb.Attestation_TdxAttestation) if !ok { t.Fatalf("Attestation missing TDX attestation: %v", att.GetTeeAttestation()) } } }) } } go-tpm-tools-0.4.7/client/close.go000066400000000000000000000012161510276467000170050ustar00rootroot00000000000000package client import ( "io" "testing" "github.com/google/go-tpm/legacy/tpm2" ) // CheckedClose closes the simulator and asserts that there were no leaked handles. func CheckedClose(tb testing.TB, rwc io.ReadWriteCloser) { for _, t := range []tpm2.HandleType{ tpm2.HandleTypeLoadedSession, tpm2.HandleTypeSavedSession, tpm2.HandleTypeTransient, } { handles, err := Handles(rwc, t) if err != nil { tb.Errorf("failed to fetch handles of type %v: %v", t, err) } if len(handles) != 0 { tb.Errorf("tests leaked handles: %v", handles) } } if err := rwc.Close(); err != nil { tb.Errorf("when closing simulator: %v", err) } } go-tpm-tools-0.4.7/client/eventlog.go000066400000000000000000000011351510276467000175230ustar00rootroot00000000000000package client import "io" // GetEventLog grabs the crypto-agile TCG event log for the system. The TPM can // override this implementation by implementing EventLogGetter. func GetEventLog(rw io.ReadWriter) ([]byte, error) { if elg, ok := rw.(EventLogGetter); ok { return elg.EventLog() } return getRealEventLog() } // EventLogGetter allows a TPM (io.ReadWriter) to specify a particular // implementation for GetEventLog(). This is useful for testing and necessary // for Windows Event Log support (which requires a handle to the TPM). type EventLogGetter interface { EventLog() ([]byte, error) } go-tpm-tools-0.4.7/client/eventlog_linux.go000066400000000000000000000002221510276467000207360ustar00rootroot00000000000000package client import "os" func getRealEventLog() ([]byte, error) { return os.ReadFile("/sys/kernel/security/tpm0/binary_bios_measurements") } go-tpm-tools-0.4.7/client/eventlog_other.go000066400000000000000000000002711510276467000207240ustar00rootroot00000000000000//go:build !linux // +build !linux package client import "errors" func getRealEventLog() ([]byte, error) { return nil, errors.New("failed to get event log: only Linux supported") } go-tpm-tools-0.4.7/client/example_test.go000066400000000000000000000171521510276467000204000ustar00rootroot00000000000000package client_test import ( "crypto" "crypto/ecdsa" "crypto/rand" "fmt" "io" "log" "github.com/google/go-tpm-tools/client" "github.com/google/go-tpm-tools/internal" "github.com/google/go-tpm-tools/server" "github.com/google/go-tpm-tools/simulator" "github.com/google/go-tpm/legacy/tpm2" ) var tpmHashAlg = tpm2.AlgSHA256 var hashAlg = crypto.SHA256 func ExampleKey_Quote() { // On verifier, make the nonce. nonce := make([]byte, 8) if _, err := io.ReadFull(rand.Reader, nonce); err != nil { log.Fatalf("failed to create nonce: %v", err) } // On client machine, generate the TPM quote. // TODO: use real TPM. simulator, err := simulator.Get() if err != nil { log.Fatalf("failed to initialize simulator: %v", err) } defer simulator.Close() ak, err := client.AttestationKeyECC(simulator) if err != nil { log.Fatalf("failed to create attestation key: %v", err) } defer ak.Close() pcr7 := tpm2.PCRSelection{ Hash: tpm2.AlgSHA256, PCRs: []int{7}, } quote, err := ak.Quote(pcr7, nonce) if err != nil { log.Fatalf("failed to create quote: %v", err) } // On verifier, verify the quote against a stored public key/AK // certificate's public part and the nonce passed. if err := internal.VerifyQuote(quote, ak.PublicKey(), nonce); err != nil { // TODO: handle verify error. log.Fatalf("failed to verify quote: %v", err) } // Output: } func ExampleKey_Import_eK() { // On client machine, EK should already exist. // TODO: use real TPM. simulator, err := simulator.Get() if err != nil { log.Fatalf("failed to initialize simulator: %v", err) } defer simulator.Close() ek, err := client.EndorsementKeyECC(simulator) if err != nil { log.Fatalf("failed to create endorsement key: %v", err) } // Pass EK pub to remote server, typically via an EK cert. // The server can then associate the EK public to the corresponding client. // Data to seal to EK public. secret := []byte("secret data") // ek.PublicKey already verified using the manufacturer-signed EK cert. importBlob, err := server.CreateImportBlob(ek.PublicKey(), secret, nil) if err != nil { log.Fatalf("failed to create import blob: %v", err) } // On client, import the EK. output, err := ek.Import(importBlob) if err != nil { // TODO: handle import failure. log.Fatalf("failed to import blob: %v", err) } fmt.Println(string(output)) // TODO: use output of ek.Import. // Output: secret data } func ExampleKey_Attest() { // On verifier, make the nonce. nonce := make([]byte, 8) if _, err := io.ReadFull(rand.Reader, nonce); err != nil { log.Fatalf("failed to create nonce: %v", err) } // On client machine, generate the TPM quote. // TODO: use real TPM. simulator, err := simulator.Get() if err != nil { log.Fatalf("failed to initialize simulator: %v", err) } defer simulator.Close() ak, err := client.AttestationKeyECC(simulator) if err != nil { log.Fatalf("failed to create attestation key: %v", err) } defer ak.Close() attestation, err := ak.Attest(client.AttestOpts{Nonce: nonce}) if err != nil { log.Fatalf("failed to attest: %v", err) } // TODO: establish trust in the AK (typically via an AK certificate signed // by the manufacturer). // On verifier, verify the Attestation message. This: // - checks the quote(s) against a stored public key/AK // certificate's public part and the expected nonce. // - replays the event log against the quoted PCRs // - extracts events into a MachineState message. // TODO: decide which hash algorithm to use in the quotes. SHA1 is // typically undesirable but is the only event log option on some distros. _, err = server.VerifyAttestation(attestation, server.VerifyOpts{Nonce: nonce, TrustedAKs: []crypto.PublicKey{ak.PublicKey()}}) if err != nil { // TODO: handle parsing or replay error. log.Fatalf("failed to read PCRs: %v", err) } fmt.Println(attestation) // TODO: use events output of ParseMachineState. } func Example_sealAndUnseal() { // TODO: use real TPM. simulator, err := simulator.Get() if err != nil { log.Fatalf("failed to initialize simulator: %v", err) } defer simulator.Close() srk, err := client.StorageRootKeyECC(simulator) if err != nil { log.Fatalf("failed to create storage root key: %v", err) } sealedSecret := []byte("secret password") sel := tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{7}} // Seal the data to the current value of PCR7. sealedBlob, err := srk.Seal([]byte(sealedSecret), client.SealOpts{Current: sel}) if err != nil { log.Fatalf("failed to seal to SRK: %v", err) } // Validate by unsealing the sealed blob. Because it is possible that a TPM can seal a secret // properly but fail to certify it (thus we shouldn't unseal it because the creation status // cannot be verify). This ensures we can unseal the sealed blob, and that its contents are // equal to what we sealed. output, err := srk.Unseal(sealedBlob, client.UnsealOpts{CertifyCurrent: sel}) if err != nil { // TODO: handle unseal error. log.Fatalf("failed to unseal blob: %v", err) } // TODO: use unseal output. fmt.Println(string(output)) // Output: secret password } func ExampleKey_GetSigner() { // TODO: use real TPM. simulator, err := simulator.Get() if err != nil { log.Fatalf("failed to initialize simulator: %v", err) } defer simulator.Close() exampleECCSignerTemplate := tpm2.Public{ Type: tpm2.AlgECC, NameAlg: tpm2.AlgSHA256, Attributes: tpm2.FlagSign | tpm2.FlagFixedTPM | tpm2.FlagFixedParent | tpm2.FlagSensitiveDataOrigin | tpm2.FlagUserWithAuth, ECCParameters: &tpm2.ECCParams{ CurveID: tpm2.CurveNISTP256, Sign: &tpm2.SigScheme{ Alg: tpm2.AlgECDSA, Hash: tpmHashAlg, }, }, } key, err := client.NewKey(simulator, tpm2.HandleOwner, exampleECCSignerTemplate) if err != nil { log.Fatalf("failed to create signing key: %v", err) } defer key.Close() toSign := []byte("message to sign") hash := hashAlg.New() hash.Write(toSign) digest := hash.Sum(nil) cryptoSigner, err := key.GetSigner() if err != nil { log.Fatalf("failed to create crypto signer: %v", err) } sig, err := cryptoSigner.Sign(nil, digest, hashAlg) if err != nil { log.Fatalf("failed to sign: %v", err) } // Verifier needs to establish trust in signer.Public() (via a certificate, // TPM2_ActivateCredential, TPM2_Certify). if !ecdsa.VerifyASN1(cryptoSigner.Public().(*ecdsa.PublicKey), digest, sig) { // TODO: handle signature verification failure. log.Fatal("failed to verify digest") } // Output: } func ExampleKey_SignData() { // TODO: use real TPM. simulator, err := simulator.Get() if err != nil { log.Fatalf("failed to initialize simulator: %v", err) } defer simulator.Close() exampleECCSignerTemplate := tpm2.Public{ Type: tpm2.AlgECC, NameAlg: tpm2.AlgSHA256, Attributes: tpm2.FlagSign | tpm2.FlagFixedTPM | tpm2.FlagFixedParent | tpm2.FlagSensitiveDataOrigin | tpm2.FlagUserWithAuth, ECCParameters: &tpm2.ECCParams{ CurveID: tpm2.CurveNISTP256, Sign: &tpm2.SigScheme{ Alg: tpm2.AlgECDSA, Hash: tpmHashAlg, }, }, } key, err := client.NewKey(simulator, tpm2.HandleOwner, exampleECCSignerTemplate) if err != nil { log.Fatalf("failed to create signing key: %v", err) } defer key.Close() toSign := []byte("message to sign") hash := hashAlg.New() hash.Write(toSign) digest := hash.Sum(nil) sig, err := key.SignData(toSign) if err != nil { log.Fatalf("failed to sign data: %v", err) } // Verifier needs to establish trust in signer.Public() (via a certificate, // TPM2_ActivateCredential, TPM2_Certify). if !ecdsa.VerifyASN1(key.PublicKey().(*ecdsa.PublicKey), digest, sig) { // TODO: handle signature verification failure. log.Fatal("failed to verify digest") } // Output: } go-tpm-tools-0.4.7/client/handles.go000066400000000000000000000041221510276467000173150ustar00rootroot00000000000000package client import ( "fmt" "io" "math" "github.com/google/go-tpm/legacy/tpm2" "github.com/google/go-tpm/tpmutil" ) // Reserved Handles from "TCG TPM v2.0 Provisioning Guidance" - v1r1 - Table 2 const ( EKReservedHandle = tpmutil.Handle(0x81010001) EKECCReservedHandle = tpmutil.Handle(0x81010002) SRKReservedHandle = tpmutil.Handle(0x81000001) SRKECCReservedHandle = tpmutil.Handle(0x81000002) ) // From "TCG EK Credential Profile", v2.3r2 Section 2.2.1.4 const ( // RSA 2048 EK Cert. EKCertNVIndexRSA uint32 = 0x01c00002 // ECC P256 EK Cert. EKCertNVIndexECC uint32 = 0x01c0000a ) // Picked available handles from TPM 2.0 Handles and Localities 2.3.1 - Table 11 // go-tpm-tools will use handles in the range from 0x81008F00 to 0x81008FFF const ( DefaultAKECCHandle = tpmutil.Handle(0x81008F00) DefaultAKRSAHandle = tpmutil.Handle(0x81008F01) ) // GCE Attestation Key NV Indices const ( // RSA 2048 AK. GceAKCertNVIndexRSA uint32 = 0x01c10000 GceAKTemplateNVIndexRSA uint32 = 0x01c10001 // ECC P256 AK. GceAKCertNVIndexECC uint32 = 0x01c10002 GceAKTemplateNVIndexECC uint32 = 0x01c10003 ) func isHierarchy(h tpmutil.Handle) bool { return h == tpm2.HandleOwner || h == tpm2.HandleEndorsement || h == tpm2.HandlePlatform || h == tpm2.HandleNull } // Handles returns a slice of tpmutil.Handle objects of all handles within // the TPM rw of type handleType. func Handles(rw io.ReadWriter, handleType tpm2.HandleType) ([]tpmutil.Handle, error) { // Handle type is determined by the most-significant octet (MSO) of the property. property := uint32(handleType) << 24 vals, moreData, err := tpm2.GetCapability(rw, tpm2.CapabilityHandles, math.MaxUint32, property) if err != nil { return nil, err } if moreData { return nil, fmt.Errorf("tpm2.GetCapability() should never return moreData==true for tpm2.CapabilityHandles") } handles := make([]tpmutil.Handle, len(vals)) for i, v := range vals { handle, ok := v.(tpmutil.Handle) if !ok { return nil, fmt.Errorf("unable to assert type tpmutil.Handle of value %#v", v) } handles[i] = handle } return handles, nil } go-tpm-tools-0.4.7/client/handles_test.go000066400000000000000000000016341510276467000203610ustar00rootroot00000000000000package client_test import ( "reflect" "testing" "github.com/google/go-tpm-tools/client" "github.com/google/go-tpm-tools/internal/test" "github.com/google/go-tpm/legacy/tpm2" "github.com/google/go-tpm/tpmutil" ) const ( // Maximum number of handles to keys tests can create within a simulator. maxHandles = 3 ) func TestHandles(t *testing.T) { rwc := test.GetTPM(t) defer client.CheckedClose(t, rwc) expected := make([]tpmutil.Handle, 0) for i := 0; i < maxHandles; i++ { expected = append(expected, test.LoadRandomExternalKey(t, rwc)) handles, err := client.Handles(rwc, tpm2.HandleTypeTransient) if err != nil { t.Fatal(err) } if !reflect.DeepEqual(handles, expected) { t.Errorf("Handles mismatch got: %v; want: %v", handles, expected) } } // Don't leak our handles for _, handle := range expected { if err := tpm2.FlushContext(rwc, handle); err != nil { t.Error(err) } } } go-tpm-tools-0.4.7/client/import.go000066400000000000000000000043471510276467000172220ustar00rootroot00000000000000package client import ( "fmt" "github.com/google/go-tpm-tools/internal" pb "github.com/google/go-tpm-tools/proto/tpm" "github.com/google/go-tpm/legacy/tpm2" "github.com/google/go-tpm/tpmutil" ) func loadHandle(k *Key, blob *pb.ImportBlob) (tpmutil.Handle, error) { auth, err := k.session.Auth() if err != nil { return tpm2.HandleNull, err } private, err := tpm2.Import(k.rw, k.Handle(), auth, blob.PublicArea, blob.Duplicate, blob.EncryptedSeed, nil, nil) if err != nil { return tpm2.HandleNull, fmt.Errorf("import failed: %w", err) } auth, err = k.session.Auth() if err != nil { return tpm2.HandleNull, err } handle, _, err := tpm2.LoadUsingAuth(k.rw, k.Handle(), auth, blob.PublicArea, private) if err != nil { return tpm2.HandleNull, fmt.Errorf("load failed: %w", err) } return handle, nil } // Import decrypts the secret contained in an encoded import request. // The key used must be an encryption key (signing keys cannot be used). // The req parameter should come from server.CreateImportBlob. func (k *Key) Import(blob *pb.ImportBlob) ([]byte, error) { handle, err := loadHandle(k, blob) if err != nil { return nil, err } defer tpm2.FlushContext(k.rw, handle) unsealSession, err := NewPCRSession(k.rw, internal.PCRSelection(blob.Pcrs)) if err != nil { return nil, err } defer unsealSession.Close() auth, err := unsealSession.Auth() if err != nil { return nil, err } out, err := tpm2.UnsealWithSession(k.rw, auth.Session, handle, "") if err != nil { return nil, fmt.Errorf("unseal failed: %w", err) } return out, nil } // ImportSigningKey returns the signing key contained in an encoded import request. // The parent key must be an encryption key (signing keys cannot be used). // The req parameter should come from server.CreateSigningKeyImportBlob. func (k *Key) ImportSigningKey(blob *pb.ImportBlob) (key *Key, err error) { handle, err := loadHandle(k, blob) if err != nil { return nil, err } key = &Key{rw: k.rw, handle: handle} defer func() { if err != nil { key.Close() } }() if key.pubArea, _, _, err = tpm2.ReadPublic(k.rw, handle); err != nil { return } if key.session, err = NewPCRSession(k.rw, internal.PCRSelection(blob.Pcrs)); err != nil { return } return key, key.finish() } go-tpm-tools-0.4.7/client/import_certify.go000066400000000000000000000074161510276467000207470ustar00rootroot00000000000000package client import ( "fmt" tpb "github.com/google/go-tpm-tools/proto/tpm" "github.com/google/go-tpm/tpm2" "github.com/google/go-tpm/tpm2/transport" ) // This file aims to implement the attester side of https://trustedcomputinggroup.org/wp-content/uploads/EK-Based-Key-Attestation-with-TPM-Firmware-Version-V1-RC1_9July2025.pdf#page=8 // For reference: https://github.com/TrustedComputingGroup/tpm-fw-attestation-reference-code func ekResponse(tpm transport.TPM) (*tpm2.CreatePrimaryResponse, error) { // SVSM currently only supports attesting an RSA EK. // We may parameterize this later for more options. return tpm2.CreatePrimary{ PrimaryHandle: tpm2.TPMRHEndorsement, InPublic: tpm2.New2B(tpm2.RSAEKTemplate), }.Execute(tpm) } func makeAK(tpm transport.TPM, keyAlgo tpm2.TPMAlgID) (*tpm2.CreatePrimaryResponse, error) { var public []byte var err error switch keyAlgo { case tpm2.TPMAlgECC: public, err = AKTemplateECC().Encode() case tpm2.TPMAlgRSA: public, err = AKTemplateRSA().Encode() default: return nil, fmt.Errorf("unsupported keyAlgo %v", keyAlgo) } if err != nil { return nil, fmt.Errorf("failed to create AK: %w", err) } cp, err := tpm2.CreatePrimary{ PrimaryHandle: tpm2.TPMRHOwner, InPublic: tpm2.BytesAs2B[tpm2.TPMTPublic](public), }.Execute(tpm) if err != nil { return nil, err } return cp, nil } // CreateCertifiedAKBlob creates an AK and certifies it, thus solving the TPM registration challenge. func CreateCertifiedAKBlob(tpm transport.TPM, req *tpb.ImportBlob, keyAlgo tpm2.TPMAlgID) (*tpb.CertifiedBlob, error) { ek, err := ekResponse(tpm) if err != nil { return nil, fmt.Errorf("failed to create RSA EK: %w", err) } // Import the restricted HMAC key. imported, err := tpm2.Import{ ParentHandle: tpm2.AuthHandle{ Handle: ek.ObjectHandle, Name: ek.Name, Auth: tpm2.Policy(tpm2.TPMAlgSHA256, 32, ekPolicy), }, ObjectPublic: tpm2.BytesAs2B[tpm2.TPMTPublic](req.GetPublicArea()), Duplicate: tpm2.TPM2BPrivate{Buffer: req.GetDuplicate()}, InSymSeed: tpm2.TPM2BEncryptedSecret{Buffer: req.GetEncryptedSeed()}, }.Execute(tpm) if err != nil { tpm2.FlushContext{ FlushHandle: ek.ObjectHandle, }.Execute(tpm) return nil, fmt.Errorf("failed to import blob: %w", err) } // Load the imported HMAC key. loaded, err := tpm2.Load{ ParentHandle: tpm2.AuthHandle{ Handle: ek.ObjectHandle, Name: ek.Name, Auth: tpm2.Policy(tpm2.TPMAlgSHA256, 32, ekPolicy), }, InPublic: tpm2.BytesAs2B[tpm2.TPMTPublic](req.GetPublicArea()), InPrivate: imported.OutPrivate, }.Execute(tpm) // Flush before checking error and potentially early returning since we need to flush in both situations. tpm2.FlushContext{ FlushHandle: ek.ObjectHandle, }.Execute(tpm) if err != nil { return nil, fmt.Errorf("failed to load HMAC: %w", err) } defer tpm2.FlushContext{ FlushHandle: loaded.ObjectHandle, }.Execute(tpm) ak, err := makeAK(tpm, keyAlgo) if err != nil { return nil, err } defer tpm2.FlushContext{ FlushHandle: ak.ObjectHandle, }.Execute(tpm) // Certify a newly created AK. certified, err := tpm2.Certify{ ObjectHandle: tpm2.NamedHandle{ Handle: ak.ObjectHandle, Name: ak.Name, }, SignHandle: tpm2.NamedHandle{ Handle: loaded.ObjectHandle, Name: loaded.Name, }, }.Execute(tpm) if err != nil { return nil, fmt.Errorf("failed to certify blob: %w", err) } return &tpb.CertifiedBlob{ PubArea: ak.OutPublic.Bytes(), CertifyInfo: certified.CertifyInfo.Bytes(), RawSig: tpm2.Marshal(certified.Signature), }, nil } func ekPolicy(t transport.TPM, handle tpm2.TPMISHPolicy, nonceTPM tpm2.TPM2BNonce) error { cmd := tpm2.PolicySecret{ AuthHandle: tpm2.TPMRHEndorsement, PolicySession: handle, NonceTPM: nonceTPM, } _, err := cmd.Execute(t) return err } go-tpm-tools-0.4.7/client/import_certify_test.go000066400000000000000000000157341510276467000220100ustar00rootroot00000000000000package client_test import ( "bytes" "crypto/hmac" "crypto/sha256" "strings" "testing" "github.com/google/go-tpm-tools/client" "github.com/google/go-tpm-tools/internal/test" tpb "github.com/google/go-tpm-tools/proto/tpm" "github.com/google/go-tpm-tools/server" "github.com/google/go-tpm/tpm2" "github.com/google/go-tpm/tpm2/transport" ) func TestCreateCertifiedAKBlob(t *testing.T) { rwc := test.GetTPM(t) tpm := transport.FromReadWriter(rwc) defer client.CheckedClose(t, rwc) ek, err := client.EndorsementKeyRSA(rwc) if err != nil { t.Fatalf("failed to get rsa ek: %v", ek) } defer ek.Close() pubBytes, err := ek.PublicArea().Encode() if err != nil { t.Fatalf("ek public area encode failed: %v", err) } pub, err := tpm2.Unmarshal[tpm2.TPMTPublic](pubBytes) if err != nil { t.Fatalf("Unmarshal public key failed: %v", err) } testcases := []struct { name string keyAlgo tpm2.TPMAlgID }{ {"RSA", tpm2.TPMAlgRSA}, {"ECC", tpm2.TPMAlgECC}, } for _, tc := range testcases { t.Run(tc.name, func(t *testing.T) { challenge, secret, err := server.CreateRestrictedHMACBlob(pub) if err != nil { t.Fatalf("server.CreateChallenge failed: %v", err) } response, err := client.CreateCertifiedAKBlob(tpm, challenge, tc.keyAlgo) if err != nil { t.Fatalf("SolveChallengeImportCertify failed: %v", err) } if err := server.VerifyCertifiedAKBlob(response, secret); err != nil { t.Errorf("server.VerifyCertifiedAKBlob failed: %v", err) } }) } } func TestVerifyCertifiedAKBlobErrors(t *testing.T) { rwc := test.GetTPM(t) defer client.CheckedClose(t, rwc) tpm := transport.FromReadWriter(rwc) ek, err := client.EndorsementKeyRSA(rwc) if err != nil { t.Fatalf("failed to get rsa ek: %v", ek) } defer ek.Close() pubBytes, err := ek.PublicArea().Encode() if err != nil { t.Fatalf("ek public area encode failed: %v", err) } ekPub, err := tpm2.Unmarshal[tpm2.TPMTPublic](pubBytes) if err != nil { t.Fatalf("Unmarshal public key failed: %v", err) } challenge, secret, err := server.CreateRestrictedHMACBlob(ekPub) if err != nil { t.Fatalf("server.CreateChallenge failed: %v", err) } response, err := client.CreateCertifiedAKBlob(tpm, challenge, tpm2.TPMAlgECC) if err != nil { t.Fatalf("SolveChallengeImportCertify failed: %v", err) } // Make a copy of the valid data to tamper with goodAkPub := bytes.Clone(response.GetPubArea()) goodCertifyInfo := bytes.Clone(response.GetCertifyInfo()) goodSignature := bytes.Clone(response.GetRawSig()) // helper to re-sign a modified certifyInfo reSign := func(certifyInfo []byte) []byte { sig, err := tpm2.Unmarshal[tpm2.TPMTSignature](goodSignature) if err != nil { t.Fatalf("unmarshaling good signature: %v", err) } hmacVal, err := sig.Signature.HMAC() if err != nil { t.Fatalf("getting hmac from signature: %v", err) } digest := sha256.Sum256(certifyInfo) h := hmac.New(sha256.New, secret) h.Write(digest[:]) hmacVal.Digest = h.Sum(nil) return tpm2.Marshal(sig) } testcases := []struct { name string getReq func(t *testing.T) *tpb.CertifiedBlob secret []byte wantErrString string }{ { name: "Bad Secret", getReq: func(_ *testing.T) *tpb.CertifiedBlob { return response }, secret: []byte("bad secret"), wantErrString: "invalid HMAC", }, { name: "Wrong HMAC Hash Alg", getReq: func(t *testing.T) *tpb.CertifiedBlob { sig, err := tpm2.Unmarshal[tpm2.TPMTSignature](goodSignature) if err != nil { t.Fatalf("unmarshaling good signature: %v", err) } hmacVal, err := sig.Signature.HMAC() if err != nil { t.Fatalf("getting hmac from signature: %v", err) } hmacVal.HashAlg = tpm2.TPMAlgSHA1 return &tpb.CertifiedBlob{ PubArea: goodAkPub, CertifyInfo: goodCertifyInfo, RawSig: tpm2.Marshal(sig), } }, secret: secret, wantErrString: "wrong hash algorithm", }, { name: "Bad HMAC Digest", getReq: func(t *testing.T) *tpb.CertifiedBlob { sig, err := tpm2.Unmarshal[tpm2.TPMTSignature](goodSignature) if err != nil { t.Fatalf("unmarshaling good signature: %v", err) } hmacVal, err := sig.Signature.HMAC() if err != nil { t.Fatalf("getting hmac from signature: %v", err) } hmacVal.Digest[0] ^= 0xff return &tpb.CertifiedBlob{ PubArea: goodAkPub, CertifyInfo: goodCertifyInfo, RawSig: tpm2.Marshal(sig), } }, secret: secret, wantErrString: "invalid HMAC", }, { name: "Tampered CertifyInfo", getReq: func(_ *testing.T) *tpb.CertifiedBlob { badCertifyInfo := bytes.Clone(goodCertifyInfo) badCertifyInfo[0] ^= 0xff return &tpb.CertifiedBlob{ PubArea: goodAkPub, CertifyInfo: badCertifyInfo, RawSig: goodSignature, } }, secret: secret, wantErrString: "invalid HMAC", }, { name: "Bad Attest Magic", getReq: func(t *testing.T) *tpb.CertifiedBlob { attest, err := tpm2.Unmarshal[tpm2.TPMSAttest](goodCertifyInfo) if err != nil { t.Fatalf("unmarshaling good certify info: %v", err) } attest.Magic = 0 badCertifyInfo := tpm2.Marshal(attest) return &tpb.CertifiedBlob{ PubArea: goodAkPub, CertifyInfo: badCertifyInfo, RawSig: reSign(badCertifyInfo), } }, secret: secret, wantErrString: "attestation statement was invalid", }, { name: "Bad Certified Name", getReq: func(t *testing.T) *tpb.CertifiedBlob { attest, err := tpm2.Unmarshal[tpm2.TPMSAttest](goodCertifyInfo) if err != nil { t.Fatalf("unmarshaling good certify info: %v", err) } certify, err := attest.Attested.Certify() if err != nil { t.Fatalf("getting certify from attest: %v", err) } certify.Name.Buffer[0] ^= 0xff badCertifyInfo := tpm2.Marshal(attest) return &tpb.CertifiedBlob{ PubArea: goodAkPub, CertifyInfo: badCertifyInfo, RawSig: reSign(badCertifyInfo), } }, secret: secret, wantErrString: "incorrect name", }, { name: "QualifiedName matches Name", getReq: func(t *testing.T) *tpb.CertifiedBlob { attest, err := tpm2.Unmarshal[tpm2.TPMSAttest](goodCertifyInfo) if err != nil { t.Fatalf("unmarshaling good certify info: %v", err) } certify, err := attest.Attested.Certify() if err != nil { t.Fatalf("getting certify from attest: %v", err) } certify.QualifiedName.Buffer = bytes.Clone(certify.Name.Buffer) badCertifyInfo := tpm2.Marshal(attest) return &tpb.CertifiedBlob{ PubArea: goodAkPub, CertifyInfo: badCertifyInfo, RawSig: reSign(badCertifyInfo), } }, secret: secret, wantErrString: "incorrect name", }, } for _, tc := range testcases { t.Run(tc.name, func(t *testing.T) { err := server.VerifyCertifiedAKBlob(tc.getReq(t), tc.secret) if err == nil || !strings.Contains(err.Error(), tc.wantErrString) { t.Errorf("got err: %v, want err containing: %q", err, tc.wantErrString) } }) } } go-tpm-tools-0.4.7/client/keys.go000066400000000000000000000446521510276467000166660ustar00rootroot00000000000000// Package client contains some high-level TPM 2.0 functions. package client import ( "bytes" "crypto" "crypto/subtle" "crypto/x509" "errors" "fmt" "io" "github.com/google/go-tpm-tools/internal" pb "github.com/google/go-tpm-tools/proto/tpm" "github.com/google/go-tpm/legacy/tpm2" "github.com/google/go-tpm/tpmutil" ) // Key wraps an active asymmetric TPM2 key. This can either be a signing key or // an encryption key. Users of Key should be sure to call Close() when the Key // is no longer needed, so that the underlying TPM handle can be freed. // Concurrent accesses on Key are not safe, with the exception of the // Sign method called on the crypto.Signer returned by Key.GetSigner. type Key struct { rw io.ReadWriter handle tpmutil.Handle pubArea tpm2.Public pubKey crypto.PublicKey name tpm2.Name session Session cert *x509.Certificate } // EndorsementKeyRSA generates and loads a key from DefaultEKTemplateRSA. func EndorsementKeyRSA(rw io.ReadWriter) (*Key, error) { ekRsa, err := NewCachedKey(rw, tpm2.HandleEndorsement, DefaultEKTemplateRSA(), EKReservedHandle) if err != nil { return nil, err } if err := ekRsa.trySetCertificateFromNvram(EKCertNVIndexRSA); err != nil { ekRsa.Close() return nil, err } return ekRsa, nil } // EndorsementKeyECC generates and loads a key from DefaultEKTemplateECC. func EndorsementKeyECC(rw io.ReadWriter) (*Key, error) { ekEcc, err := NewCachedKey(rw, tpm2.HandleEndorsement, DefaultEKTemplateECC(), EKECCReservedHandle) if err != nil { return nil, err } if err := ekEcc.trySetCertificateFromNvram(EKCertNVIndexECC); err != nil { ekEcc.Close() return nil, err } return ekEcc, nil } // StorageRootKeyRSA generates and loads a key from SRKTemplateRSA. func StorageRootKeyRSA(rw io.ReadWriter) (*Key, error) { return NewCachedKey(rw, tpm2.HandleOwner, SRKTemplateRSA(), SRKReservedHandle) } // StorageRootKeyECC generates and loads a key from SRKTemplateECC. func StorageRootKeyECC(rw io.ReadWriter) (*Key, error) { return NewCachedKey(rw, tpm2.HandleOwner, SRKTemplateECC(), SRKECCReservedHandle) } // AttestationKeyRSA generates and loads a key from AKTemplateRSA in the Owner hierarchy. func AttestationKeyRSA(rw io.ReadWriter) (*Key, error) { return NewCachedKey(rw, tpm2.HandleOwner, AKTemplateRSA(), DefaultAKRSAHandle) } // AttestationKeyECC generates and loads a key from AKTemplateECC in the Owner hierarchy. func AttestationKeyECC(rw io.ReadWriter) (*Key, error) { return NewCachedKey(rw, tpm2.HandleOwner, AKTemplateECC(), DefaultAKECCHandle) } // EndorsementKeyFromNvIndex generates and loads an endorsement key using the // template stored at the provided nvdata index. This is useful for TPMs which // have a preinstalled AK template. func EndorsementKeyFromNvIndex(rw io.ReadWriter, idx uint32) (*Key, error) { return KeyFromNvIndex(rw, tpm2.HandleEndorsement, idx) } // GceAttestationKeyRSA generates and loads the GCE RSA AK. Note that this // function will only work on a GCE VM. Unlike AttestationKeyRSA, this key uses // the Endorsement Hierarchy and its template loaded from GceAKTemplateNVIndexRSA. func GceAttestationKeyRSA(rw io.ReadWriter) (*Key, error) { akRsa, err := EndorsementKeyFromNvIndex(rw, GceAKTemplateNVIndexRSA) if err != nil { return nil, err } if err := akRsa.trySetCertificateFromNvram(GceAKCertNVIndexRSA); err != nil { akRsa.Close() return nil, err } return akRsa, nil } // GceAttestationKeyECC generates and loads the GCE ECC AK. Note that this // function will only work on a GCE VM. Unlike AttestationKeyECC, this key uses // the Endorsement Hierarchy and its template loaded from GceAKTemplateNVIndexECC. func GceAttestationKeyECC(rw io.ReadWriter) (*Key, error) { akEcc, err := EndorsementKeyFromNvIndex(rw, GceAKTemplateNVIndexECC) if err != nil { return nil, err } if err := akEcc.trySetCertificateFromNvram(GceAKCertNVIndexECC); err != nil { akEcc.Close() return nil, err } return akEcc, nil } // LoadCachedKey loads a key from cachedHandle. // If the key is not found, an error is returned. // This function will not overwrite an existing key, unlike NewCachedKey. func LoadCachedKey(rw io.ReadWriter, cachedHandle tpmutil.Handle, keySession Session) (k *Key, err error) { cachedPub, _, _, err := tpm2.ReadPublic(rw, cachedHandle) if err != nil { return nil, fmt.Errorf("failed to read public area of cached key: %w", err) } k = &Key{rw: rw, handle: cachedHandle, pubArea: cachedPub, session: keySession} return k, k.finish() } // KeyFromNvIndex generates and loads a key under the provided parent // (possibly a hierarchy root tpm2.Handle{Owner|Endorsement|Platform|Null}) // using the template stored at the provided nvdata index. func KeyFromNvIndex(rw io.ReadWriter, parent tpmutil.Handle, idx uint32) (*Key, error) { data, err := tpm2.NVReadEx(rw, tpmutil.Handle(idx), tpm2.HandleOwner, "", 0) if err != nil { return nil, fmt.Errorf("read error at index %d: %w", idx, err) } template, err := tpm2.DecodePublic(data) if err != nil { return nil, fmt.Errorf("index %d data was not a TPM key template: %w", idx, err) } return NewKey(rw, parent, template) } // NewCachedKey is almost identical to NewKey, except that it initially tries to // see if the a key matching the provided template is at cachedHandle. If so, // that key is returned. If not, the key is created as in NewKey, and that key // is persisted to the cachedHandle, overwriting any existing key there. func NewCachedKey(rw io.ReadWriter, parent tpmutil.Handle, template tpm2.Public, cachedHandle tpmutil.Handle) (k *Key, err error) { owner := tpm2.HandleOwner if parent == tpm2.HandlePlatform { owner = tpm2.HandlePlatform } else if parent == tpm2.HandleNull { return nil, fmt.Errorf("cannot cache objects in the null hierarchy") } cachedPub, _, _, err := tpm2.ReadPublic(rw, cachedHandle) if err == nil { if cachedPub.MatchesTemplate(template) { k = &Key{rw: rw, handle: cachedHandle, pubArea: cachedPub} return k, k.finish() } // Kick out old cached key if it does not match if err = tpm2.EvictControl(rw, "", owner, cachedHandle, cachedHandle); err != nil { return nil, err } } k, err = NewKey(rw, parent, template) if err != nil { return nil, err } defer tpm2.FlushContext(rw, k.handle) if err = tpm2.EvictControl(rw, "", owner, k.handle, cachedHandle); err != nil { return nil, err } k.handle = cachedHandle return k, nil } // NewKey generates a key from the template and loads that key into the TPM // under the specified parent. NewKey can call many different TPM commands: // - If parent is tpm2.Handle{Owner|Endorsement|Platform|Null} a primary key // is created in the specified hierarchy (using CreatePrimary). // - If parent is a valid key handle, a normal key object is created under // that parent (using Create and Load). NOTE: Not yet supported. // // This function also assumes that the desired key: // - Does not have its usage locked to specific PCR values // - Usable with empty authorization sessions (i.e. doesn't need a password) func NewKey(rw io.ReadWriter, parent tpmutil.Handle, template tpm2.Public) (k *Key, err error) { if !isHierarchy(parent) { // TODO add support for normal objects with Create() and Load() return nil, fmt.Errorf("unsupported parent handle: %x", parent) } handle, pubArea, _, _, _, _, err := tpm2.CreatePrimaryEx(rw, parent, tpm2.PCRSelection{}, "", "", template) if err != nil { return nil, err } defer func() { if err != nil { tpm2.FlushContext(rw, handle) } }() k = &Key{rw: rw, handle: handle} if k.pubArea, err = tpm2.DecodePublic(pubArea); err != nil { return } return k, k.finish() } func (k *Key) finish() error { var err error if k.pubKey, err = k.pubArea.Key(); err != nil { return err } if k.name, err = k.pubArea.Name(); err != nil { return err } // We determine the right type of session based on the auth policy if k.session == nil { if bytes.Equal(k.pubArea.AuthPolicy, defaultEKAuthPolicy()) { if k.session, err = NewEKSession(k.rw); err != nil { return err } } else if len(k.pubArea.AuthPolicy) == 0 { k.session = NullSession{} } else { return fmt.Errorf("unknown auth policy when creating key") } } return nil } // Handle allows this key to be used directly with other go-tpm commands. func (k *Key) Handle() tpmutil.Handle { return k.handle } // Name is hash of this key's public area. Only the Digest field will ever be // populated. It is useful for various TPM commands related to authorization. // This is equivalent to k.PublicArea.Name(), except that is cannot fail. func (k *Key) Name() tpm2.Name { return k.name } // PublicArea exposes the key's entire public area. This is useful for // determining additional properties of the underlying TPM key. func (k *Key) PublicArea() tpm2.Public { return k.pubArea } // PublicKey provides a go interface to the loaded key's public area. func (k *Key) PublicKey() crypto.PublicKey { return k.pubKey } // Close should be called when the key is no longer needed. This is important to // do as most TPMs can only have a small number of key simultaneously loaded. func (k *Key) Close() { if k.session != nil { k.session.Close() } tpm2.FlushContext(k.rw, k.handle) } // Seal seals the sensitive byte buffer to a key. This key must be an SRK (we // currently do not support sealing to EKs). Optionally, the SealOpts struct can // be modified to provide sealed-to PCRs. In this case, the sensitive data can // only be unsealed if the seal-time PCRs are in the SealOpts-specified state. // There must not be overlap in PCRs between SealOpts' Current and Target. // During the sealing process, certification data will be created allowing // Unseal() to validate the state of the TPM during the sealing process. func (k *Key) Seal(sensitive []byte, opts SealOpts) (*pb.SealedBytes, error) { var pcrs *pb.PCRs var err error var auth []byte pcrs, err = mergePCRSelAndProto(k.rw, opts.Current, opts.Target) if err != nil { return nil, fmt.Errorf("invalid SealOpts: %v", err) } if len(pcrs.GetPcrs()) > 0 { auth = internal.PCRSessionAuth(pcrs, SessionHashAlg) } certifySel := FullPcrSel(CertifyHashAlgTpm) sb, err := sealHelper(k.rw, k.Handle(), auth, sensitive, certifySel) if err != nil { return nil, err } for pcrNum := range pcrs.GetPcrs() { sb.Pcrs = append(sb.Pcrs, pcrNum) } sb.Hash = pcrs.GetHash() sb.Srk = pb.ObjectType(k.pubArea.Type) return sb, nil } func sealHelper(rw io.ReadWriter, parentHandle tpmutil.Handle, auth []byte, sensitive []byte, certifyPCRsSel tpm2.PCRSelection) (*pb.SealedBytes, error) { inPublic := tpm2.Public{ Type: tpm2.AlgKeyedHash, NameAlg: SessionHashAlgTpm, Attributes: tpm2.FlagFixedTPM | tpm2.FlagFixedParent, AuthPolicy: auth, } if auth == nil { inPublic.Attributes |= tpm2.FlagUserWithAuth } else { inPublic.Attributes |= tpm2.FlagAdminWithPolicy } priv, pub, creationData, _, ticket, err := tpm2.CreateKeyWithSensitive(rw, parentHandle, certifyPCRsSel, "", "", inPublic, sensitive) if err != nil { return nil, fmt.Errorf("failed to create key: %w", err) } certifiedPcr, err := ReadPCRs(rw, certifyPCRsSel) if err != nil { return nil, fmt.Errorf("failed to read PCRs: %w", err) } computedDigest := internal.PCRDigest(certifiedPcr, SessionHashAlg) decodedCreationData, err := tpm2.DecodeCreationData(creationData) if err != nil { return nil, fmt.Errorf("failed to decode creation data: %w", err) } // make sure PCRs haven't being altered after sealing if subtle.ConstantTimeCompare(computedDigest, decodedCreationData.PCRDigest) == 0 { return nil, fmt.Errorf("PCRs have been modified after sealing") } sb := &pb.SealedBytes{} sb.CertifiedPcrs = certifiedPcr sb.Priv = priv sb.Pub = pub sb.CreationData = creationData if sb.Ticket, err = tpmutil.Pack(ticket); err != nil { return nil, err } return sb, nil } // Unseal attempts to reverse the process of Seal(), using the PCRs, public, and // private data in proto.SealedBytes. Optionally, the UnsealOpts parameter can // be used to verify the state of the TPM when the data was sealed. The // zero-value UnsealOpts can be passed to skip certification. func (k *Key) Unseal(in *pb.SealedBytes, opts UnsealOpts) ([]byte, error) { if in.Srk != pb.ObjectType(k.pubArea.Type) { return nil, fmt.Errorf("expected key of type %v, got %v", in.Srk, k.pubArea.Type) } sealed, _, err := tpm2.Load( k.rw, k.Handle(), /*parentPassword=*/ "", in.GetPub(), in.GetPriv()) if err != nil { return nil, fmt.Errorf("failed to load sealed object: %w", err) } defer tpm2.FlushContext(k.rw, sealed) pcrs, err := mergePCRSelAndProto(k.rw, opts.CertifyCurrent, opts.CertifyExpected) if err != nil { return nil, fmt.Errorf("invalid UnsealOpts: %v", err) } if len(pcrs.GetPcrs()) > 0 { if err := internal.CheckSubset(pcrs, in.GetCertifiedPcrs()); err != nil { return nil, fmt.Errorf("failed to certify PCRs: %w", err) } var ticket tpm2.Ticket if _, err = tpmutil.Unpack(in.GetTicket(), &ticket); err != nil { return nil, fmt.Errorf("ticket unpack failed: %w", err) } creationHash := SessionHashAlg.New() creationHash.Write(in.GetCreationData()) _, _, certErr := tpm2.CertifyCreation(k.rw, "", sealed, tpm2.HandleNull, nil, creationHash.Sum(nil), tpm2.SigScheme{}, ticket) // There is a bug in some older TPMs, where they are unable to // CertifyCreation when using a Null signing handle (despite this // being allowed by all versions of the TPM spec). To work around // this bug, we use a temporary signing key and ignore the signed // result. To reduce the cost of this workaround, we use a cached // ECC signing key. // We can detect this bug, as it triggers a RCInsufficient // Unmarshaling error. var ( paramError tpm2.ParameterError handleError tpm2.HandleError ) if (errors.As(certErr, ¶mError) && paramError.Code == tpm2.RCInsufficient) || (errors.As(certErr, &handleError) && handleError.Code == tpm2.RCInsufficient) { signer, err := AttestationKeyECC(k.rw) if err != nil { return nil, fmt.Errorf("failed to create fallback signing key: %w", err) } defer signer.Close() _, _, certErr = tpm2.CertifyCreation(k.rw, "", sealed, signer.Handle(), nil, creationHash.Sum(nil), tpm2.SigScheme{}, ticket) } if certErr != nil { return nil, fmt.Errorf("failed to certify creation: %w", certErr) } // verify certify PCRs haven't been modified decodedCreationData, err := tpm2.DecodeCreationData(in.GetCreationData()) if err != nil { return nil, fmt.Errorf("failed to decode creation data: %w", err) } if !internal.SamePCRSelection(in.GetCertifiedPcrs(), decodedCreationData.PCRSelection) { return nil, fmt.Errorf("certify PCRs does not match the PCR selection in the creation data") } expectedDigest := internal.PCRDigest(in.GetCertifiedPcrs(), SessionHashAlg) if subtle.ConstantTimeCompare(decodedCreationData.PCRDigest, expectedDigest) == 0 { return nil, fmt.Errorf("certify PCRs digest does not match the digest in the creation data") } } sel := tpm2.PCRSelection{Hash: tpm2.Algorithm(in.GetHash())} for _, pcr := range in.GetPcrs() { sel.PCRs = append(sel.PCRs, int(pcr)) } session, err := NewPCRSession(k.rw, sel) if err != nil { return nil, fmt.Errorf("failed to create session: %w", err) } defer session.Close() auth, err := session.Auth() if err != nil { return nil, err } return tpm2.UnsealWithSession(k.rw, auth.Session, sealed, "") } // Quote will tell TPM to compute a hash of a set of given PCR selection, together with // some extra data (typically a nonce), sign it with the given signing key, and return // the signature and the attestation data. This function will return an error if // the key is not a restricted signing key. func (k *Key) Quote(selpcr tpm2.PCRSelection, extraData []byte) (*pb.Quote, error) { // Make sure that we have a valid signing key before trying quote var err error if _, err = internal.GetSigningHashAlg(k.pubArea); err != nil { return nil, err } if !k.hasAttribute(tpm2.FlagRestricted) { return nil, fmt.Errorf("unrestricted keys are insecure to use with Quote") } quote := &pb.Quote{} quote.Quote, quote.RawSig, err = tpm2.QuoteRaw(k.rw, k.Handle(), "", "", extraData, selpcr, tpm2.AlgNull) if err != nil { return nil, fmt.Errorf("failed to quote: %w", err) } quote.Pcrs, err = ReadPCRs(k.rw, selpcr) if err != nil { return nil, fmt.Errorf("failed to read PCRs: %w", err) } // Verify the quote client-side to make sure we didn't mess things up. // NOTE: the quote still must be verified server-side as well. if err := internal.VerifyQuote(quote, k.PublicKey(), extraData); err != nil { return nil, fmt.Errorf("failed to verify quote: %w", err) } return quote, nil } // Reseal is a shortcut to call Unseal() followed by Seal(). // CertifyOpt(nillable) will be used in Unseal(), and SealOpt(nillable) // will be used in Seal() func (k *Key) Reseal(in *pb.SealedBytes, uOpts UnsealOpts, sOpts SealOpts) (*pb.SealedBytes, error) { sensitive, err := k.Unseal(in, uOpts) if err != nil { return nil, fmt.Errorf("failed to unseal: %w", err) } return k.Seal(sensitive, sOpts) } func (k *Key) hasAttribute(attr tpm2.KeyProp) bool { return k.pubArea.Attributes&attr != 0 } // Cert returns the parsed certificate (or nil) for the given key. func (k *Key) Cert() *x509.Certificate { return k.cert } // CertDERBytes provides the ASN.1 DER content of the key's certificate. If the // key does not have a certficate, returns nil. func (k *Key) CertDERBytes() []byte { if k.cert == nil { return nil } return k.cert.Raw } // SetCert assigns the provided certificate to the key after verifying it matches the key. func (k *Key) SetCert(cert *x509.Certificate) error { certPubKey := cert.PublicKey.(crypto.PublicKey) // This cast cannot fail if !internal.PubKeysEqual(certPubKey, k.pubKey) { return errors.New("certificate does not match key") } k.cert = cert return nil } // Attempt to fetch a key's certificate from NVRAM. If the certificate is simply // missing, this function succeeds (and no certificate is set). This is to allow // for AKs and EKs that simply don't have a certificate. However, if the // certificate read from NVRAM is either malformed or does not match the key, we // return an error. func (k *Key) trySetCertificateFromNvram(index uint32) error { certASN1, err := tpm2.NVReadEx(k.rw, tpmutil.Handle(index), tpm2.HandleOwner, "", 0) if err != nil { // Either the cert data is missing, or we are not allowed to read it return nil } x509Cert, err := x509.ParseCertificate(certASN1) if err != nil { return fmt.Errorf("failed to parse certificate from NV memory: %w", err) } return k.SetCert(x509Cert) } go-tpm-tools-0.4.7/client/keys_test.go000066400000000000000000000174351510276467000177240ustar00rootroot00000000000000package client_test import ( "crypto" "crypto/rand" "crypto/rsa" "crypto/x509" "io" "math/big" "reflect" "testing" "time" "github.com/google/go-tpm/legacy/tpm2" "github.com/google/go-tpm/tpmutil" "github.com/google/go-tpm-tools/client" "github.com/google/go-tpm-tools/internal/test" ) func TestNameMatchesPublicArea(t *testing.T) { rwc := test.GetTPM(t) defer client.CheckedClose(t, rwc) ek, err := client.EndorsementKeyRSA(rwc) if err != nil { t.Fatal(err) } defer ek.Close() matches, err := ek.Name().MatchesPublic(ek.PublicArea()) if err != nil { t.Fatal(err) } if !matches { t.Fatal("Returned name and computed name do not match") } } func TestCreateSigningKeysInHierarchies(t *testing.T) { rwc := test.GetTPM(t) defer client.CheckedClose(t, rwc) template := client.AKTemplateRSA() // We are not authorized to create keys in the Platform Hierarchy for _, hierarchy := range []tpmutil.Handle{tpm2.HandleOwner, tpm2.HandleEndorsement, tpm2.HandleNull} { key, err := client.NewKey(rwc, hierarchy, template) if err != nil { t.Errorf("Hierarchy %+v: %s", hierarchy, err) } else { key.Close() } } } func TestCachedRSAKeys(t *testing.T) { rwc := test.GetTPM(t) defer client.CheckedClose(t, rwc) keys := []struct { name string getKey func(io.ReadWriter) (*client.Key, error) }{ {"SRK", client.StorageRootKeyRSA}, {"EK", client.EndorsementKeyRSA}, } for _, k := range keys { t.Run(k.name, func(t *testing.T) { // Get the key the first time and persist srk, err := k.getKey(rwc) if err != nil { t.Fatal(err) } defer srk.Close() pub := srk.PublicKey() if tpm2.FlushContext(rwc, srk.Handle()) == nil { t.Error("Trying to flush persistent keys should fail.") } // Get the cached key (should be the same) srk, err = k.getKey(rwc) if err != nil { t.Fatal(err) } defer srk.Close() if !reflect.DeepEqual(srk.PublicKey(), pub) { t.Errorf("Expected pub key: %v got: %v", pub, srk.PublicKey()) } // We should still get the same key if we evict the handle if err := tpm2.EvictControl(rwc, "", tpm2.HandleOwner, srk.Handle(), srk.Handle()); err != nil { t.Errorf("Evicting control failed: %v", err) } srk, err = k.getKey(rwc) if err != nil { t.Fatal(err) } defer srk.Close() if !reflect.DeepEqual(srk.PublicKey(), pub) { t.Errorf("Expected pub key: %v got: %v", pub, srk.PublicKey()) } }) } } func TestKeyCreation(t *testing.T) { rwc := test.GetTPM(t) defer client.CheckedClose(t, rwc) keys := []struct { name string getKey func(io.ReadWriter) (*client.Key, error) }{ {"SRK-ECC", client.StorageRootKeyECC}, {"EK-ECC", client.EndorsementKeyECC}, {"AK-ECC", client.AttestationKeyECC}, {"SRK-RSA", client.StorageRootKeyRSA}, {"EK-RSA", client.EndorsementKeyRSA}, {"AK-RSA", client.AttestationKeyRSA}, } for _, k := range keys { t.Run(k.name, func(t *testing.T) { key, err := k.getKey(rwc) if err != nil { t.Fatal(err) } key.Close() }) } } func BenchmarkKeyCreation(b *testing.B) { rwc := test.GetTPM(b) defer client.CheckedClose(b, rwc) benchmarks := []struct { name string getKey func(io.ReadWriter) (*client.Key, error) }{ {"SRK-ECC-Cached", client.StorageRootKeyECC}, {"EK-ECC-Cached", client.EndorsementKeyECC}, {"AK-ECC-Cached", client.AttestationKeyECC}, {"SRK-ECC", func(rw io.ReadWriter) (*client.Key, error) { return client.NewKey(rw, tpm2.HandleOwner, client.SRKTemplateECC()) }}, {"EK-ECC", func(rw io.ReadWriter) (*client.Key, error) { return client.NewKey(rw, tpm2.HandleEndorsement, client.DefaultEKTemplateECC()) }}, {"AK-ECC", func(rw io.ReadWriter) (*client.Key, error) { return client.NewKey(rw, tpm2.HandleOwner, client.AKTemplateECC()) }}, {"SRK-RSA-Cached", client.StorageRootKeyRSA}, {"EK-RSA-Cached", client.EndorsementKeyRSA}, {"AK-RSA-Cached", client.AttestationKeyRSA}, {"SRK-RSA", func(rw io.ReadWriter) (*client.Key, error) { return client.NewKey(rw, tpm2.HandleEndorsement, client.SRKTemplateRSA()) }}, {"EK-RSA", func(rw io.ReadWriter) (*client.Key, error) { return client.NewKey(rw, tpm2.HandleOwner, client.DefaultEKTemplateRSA()) }}, {"AK-RSA", func(rw io.ReadWriter) (*client.Key, error) { return client.NewKey(rw, tpm2.HandleOwner, client.AKTemplateRSA()) }}, } for _, bm := range benchmarks { b.Run(bm.name, func(b *testing.B) { // Don't count time to populate the cache b.StopTimer() key, err := bm.getKey(rwc) if err != nil { b.Fatal(err) } key.Close() b.StartTimer() for i := 0; i < b.N; i++ { key, err := bm.getKey(rwc) if err != nil { b.Fatal(err) } key.Close() } }) } } // Returns an x509 Certificate for the provided pubkey, signed with the provided parent certificate and key. // If the provided fields are nil, will create a self-signed certificate. func getTestCert(t *testing.T, pubKey crypto.PublicKey, parentCert *x509.Certificate, parentKey *rsa.PrivateKey) (*x509.Certificate, *rsa.PrivateKey) { t.Helper() certKey, _ := rsa.GenerateKey(rand.Reader, 2048) template := &x509.Certificate{ SerialNumber: big.NewInt(1), NotBefore: time.Now(), NotAfter: time.Now().AddDate(10, 0, 0), KeyUsage: x509.KeyUsageCertSign | x509.KeyUsageCRLSign, ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, BasicConstraintsValid: true, IsCA: true, MaxPathLenZero: true, } if pubKey == nil && parentCert == nil && parentKey == nil { pubKey = certKey.Public() parentCert = template parentKey = certKey } certBytes, err := x509.CreateCertificate(rand.Reader, template, parentCert, pubKey, parentKey) if err != nil { t.Fatalf("Unable to create test certificate: %v", err) } cert, err := x509.ParseCertificate(certBytes) if err != nil { t.Fatalf("Unable to parse test certificate: %v", err) } return cert, certKey } func TestSetCert(t *testing.T) { rwc := test.GetTPM(t) defer client.CheckedClose(t, rwc) key, err := client.AttestationKeyECC(rwc) if err != nil { t.Fatalf("Unable to create key: %v", err) } ca, caKey := getTestCert(t, nil, nil, nil) akCert, _ := getTestCert(t, key.PublicKey(), ca, caKey) if err = key.SetCert(akCert); err != nil { t.Errorf("SetCert() returned error: %v", err) } } func TestSetCertFailsIfCertificateIsNotForKey(t *testing.T) { rwc := test.GetTPM(t) defer client.CheckedClose(t, rwc) key, err := client.AttestationKeyECC(rwc) if err != nil { t.Fatalf("Unable to create key: %v", err) } otherKey, _ := rsa.GenerateKey(rand.Reader, 2048) ca, caKey := getTestCert(t, nil, nil, nil) akCert, _ := getTestCert(t, otherKey.Public(), ca, caKey) if err = key.SetCert(akCert); err == nil { t.Error("SetCert() returned successfully, expected error") } } func TestLoadCachedKey(t *testing.T) { rwc := test.GetTPM(t) defer client.CheckedClose(t, rwc) createdKey, err := client.NewKey(rwc, tpm2.HandleNull, client.SRKTemplateRSA()) if err != nil { t.Fatalf("NewKey() returned error: %v", err) } defer createdKey.Close() handles := []struct { name string handle tpmutil.Handle errExpected bool }{ {"successful retrieval with handle", createdKey.Handle(), false}, {"error for bad handle", tpmutil.Handle(0x0), true}, } for _, k := range handles { t.Run(k.name, func(t *testing.T) { loadedKey, err := client.LoadCachedKey(rwc, createdKey.Handle(), client.NullSession{}) if k.errExpected && err == nil { t.Fatal("LoadCachedKey() returned successfully, expected error") } else if !k.errExpected && err != nil { t.Fatalf("LoadCachedKey() returned error: %v", err) } else if k.errExpected { return } defer loadedKey.Close() if !reflect.DeepEqual(createdKey, loadedKey) { t.Errorf("Loaded key does not match created key") } }) } } go-tpm-tools-0.4.7/client/pcr.go000066400000000000000000000110321510276467000164610ustar00rootroot00000000000000package client import ( "crypto" "fmt" "io" "math" pb "github.com/google/go-tpm-tools/proto/tpm" "github.com/google/go-tpm/legacy/tpm2" ) // NumPCRs is set to the spec minimum of 24, as that's all go-tpm supports. const NumPCRs = 24 // We hard-code SHA256 as the policy session hash algorithms. Note that this // differs from the PCR hash algorithm (which selects the bank of PCRs to use) // and the Public area Name algorithm. We also chose this for compatibility with // github.com/google/go-tpm/legacy/tpm2, as it hardcodes the nameAlg as SHA256 in // several places. Two constants are used to avoid repeated conversions. const ( SessionHashAlg = crypto.SHA256 SessionHashAlgTpm = tpm2.AlgSHA256 ) // CertifyHashAlgTpm is the hard-coded algorithm used in certify PCRs. const CertifyHashAlgTpm = tpm2.AlgSHA256 // AllocatedPCRs returns a list of selections corresponding to the TPM's implemented PCRs. func AllocatedPCRs(rw io.ReadWriter) ([]tpm2.PCRSelection, error) { caps, moreData, err := tpm2.GetCapability(rw, tpm2.CapabilityPCRs, math.MaxUint32, 0) if err != nil { return nil, fmt.Errorf("listing implemented PCR banks: %w", err) } if moreData { return nil, fmt.Errorf("extra data from GetCapability") } var sels []tpm2.PCRSelection for _, cap := range caps { sel, ok := cap.(tpm2.PCRSelection) if !ok { return nil, fmt.Errorf("unexpected data from GetCapability") } // skip empty (unallocated) PCR selections if len(sel.PCRs) == 0 { continue } sels = append(sels, sel) } return sels, nil } // ReadPCRs fetches all the PCR values specified in sel, making multiple calls // to the TPM if necessary. func ReadPCRs(rw io.ReadWriter, sel tpm2.PCRSelection) (*pb.PCRs, error) { pl := pb.PCRs{ Hash: pb.HashAlgo(sel.Hash), Pcrs: map[uint32][]byte{}, } for i := 0; i < len(sel.PCRs); i += 8 { end := min(i+8, len(sel.PCRs)) pcrSel := tpm2.PCRSelection{ Hash: sel.Hash, PCRs: sel.PCRs[i:end], } pcrMap, err := tpm2.ReadPCRs(rw, pcrSel) if err != nil { return nil, err } for pcr, val := range pcrMap { pl.Pcrs[uint32(pcr)] = val } } return &pl, nil } // ReadAllPCRs fetches all the PCR values from all implemented PCR banks. func ReadAllPCRs(rw io.ReadWriter) ([]*pb.PCRs, error) { sels, err := AllocatedPCRs(rw) if err != nil { return nil, err } allPcrs := make([]*pb.PCRs, len(sels)) for i, sel := range sels { allPcrs[i], err = ReadPCRs(rw, sel) if err != nil { return nil, fmt.Errorf("reading bank %x PCRs: %w", sel.Hash, err) } } return allPcrs, nil } // SealOpts specifies the PCR values that should be used for Seal(). type SealOpts struct { // Current seals data to the current specified PCR selection. Current tpm2.PCRSelection // Target predictively seals data to the given specified PCR values. Target *pb.PCRs } // UnsealOpts specifies the options that should be used for Unseal(). // Currently, it specifies the PCRs that need to pass certification in order to // successfully unseal. // CertifyHashAlgTpm is the hard-coded algorithm that must be used with // UnsealOpts. type UnsealOpts struct { // CertifyCurrent certifies that a selection of current PCRs have the same // value when sealing. CertifyCurrent tpm2.PCRSelection // CertifyExpected certifies that the TPM had a specific set of PCR values when sealing. CertifyExpected *pb.PCRs } // FullPcrSel will return a full PCR selection based on the total PCR number // of the TPM with the given hash algo. func FullPcrSel(hash tpm2.Algorithm) tpm2.PCRSelection { sel := tpm2.PCRSelection{Hash: hash} for i := 0; i < NumPCRs; i++ { sel.PCRs = append(sel.PCRs, int(i)) } return sel } func mergePCRSelAndProto(rw io.ReadWriter, sel tpm2.PCRSelection, proto *pb.PCRs) (*pb.PCRs, error) { if proto == nil || len(proto.GetPcrs()) == 0 { return ReadPCRs(rw, sel) } if len(sel.PCRs) == 0 { return proto, nil } if sel.Hash != tpm2.Algorithm(proto.Hash) { return nil, fmt.Errorf("current hash (%v) differs from target hash (%v)", sel.Hash, tpm2.Algorithm(proto.Hash)) } // At this point, both sel and proto are non-empty. // Verify no overlap in sel and proto PCR indexes. overlap := make([]int, 0) targetMap := proto.GetPcrs() for _, pcrVal := range sel.PCRs { if _, found := targetMap[uint32(pcrVal)]; found { overlap = append(overlap, pcrVal) } } if len(overlap) != 0 { return nil, fmt.Errorf("found PCR overlap: %v", overlap) } currentPcrs, err := ReadPCRs(rw, sel) if err != nil { return nil, err } for pcr, val := range proto.GetPcrs() { currentPcrs.Pcrs[pcr] = val } return currentPcrs, nil } go-tpm-tools-0.4.7/client/pcr_test.go000066400000000000000000000070771510276467000175360ustar00rootroot00000000000000package client_test import ( "bytes" "crypto/sha1" "crypto/sha256" "crypto/sha512" "fmt" "testing" "github.com/google/go-tpm-tools/client" "github.com/google/go-tpm-tools/internal" "github.com/google/go-tpm-tools/internal/test" "github.com/google/go-tpm/legacy/tpm2" "github.com/google/go-tpm/tpmutil" ) var extends = map[tpm2.Algorithm][]struct { digest []byte }{ tpm2.AlgSHA1: { {bytes.Repeat([]byte{0x00}, sha1.Size)}, {bytes.Repeat([]byte{0x01}, sha1.Size)}, {bytes.Repeat([]byte{0x02}, sha1.Size)}}, tpm2.AlgSHA256: { {bytes.Repeat([]byte{0x00}, sha256.Size)}, {bytes.Repeat([]byte{0x01}, sha256.Size)}, {bytes.Repeat([]byte{0x02}, sha256.Size)}}, tpm2.AlgSHA384: { {bytes.Repeat([]byte{0x00}, sha512.Size384)}, {bytes.Repeat([]byte{0x01}, sha512.Size384)}, {bytes.Repeat([]byte{0x02}, sha512.Size384)}}, } func pcrExtend(alg tpm2.Algorithm, oldVal, newVal []byte) ([]byte, error) { hCon, err := alg.Hash() if err != nil { return nil, fmt.Errorf("not a valid hash type: %v", alg) } h := hCon.New() h.Write(oldVal) h.Write(newVal) return h.Sum(nil), nil } func TestReadPCRs(t *testing.T) { rwc := test.GetTPM(t) defer client.CheckedClose(t, rwc) cases := []struct { name string hashalg tpm2.Algorithm }{ {"SHA1", tpm2.AlgSHA1}, {"SHA256", tpm2.AlgSHA256}, {"SHA384", tpm2.AlgSHA384}, } for _, c := range cases { t.Run(c.name, func(t *testing.T) { test.SkipOnUnsupportedAlg(t, rwc, c.hashalg) pcrbank, err := tpm2.ReadPCR(rwc, test.DebugPCR, c.hashalg) if err != nil { t.Fatal(err) } for _, d := range extends[c.hashalg] { if err := tpm2.PCRExtend(rwc, tpmutil.Handle(test.DebugPCR), c.hashalg, d.digest, ""); err != nil { t.Fatalf("failed to extend pcr for test %v", err) } pcrVal, err := pcrExtend(c.hashalg, pcrbank, d.digest) if err != nil { t.Fatalf("could not extend pcr: %v", err) } pcrbank = pcrVal sel := tpm2.PCRSelection{Hash: c.hashalg, PCRs: []int{test.DebugPCR}} proto, err := client.ReadPCRs(rwc, sel) if err != nil { t.Fatalf("failed to read pcrs %v", err) } if !bytes.Equal(proto.Pcrs[uint32(test.DebugPCR)], pcrbank) { t.Errorf("%v not equal to expected %v", proto.Pcrs[uint32(test.DebugPCR)], pcrbank) } } }) } } func TestCheckContainedPCRs(t *testing.T) { rwc := test.GetTPM(t) defer client.CheckedClose(t, rwc) sel := client.FullPcrSel(tpm2.AlgSHA256) baseline, err := client.ReadPCRs(rwc, sel) if err != nil { t.Fatalf("Failed to Read PCRs: %v", err) } toBeCertified, err := client.ReadPCRs(rwc, tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{1, 2, 3}}) if err != nil { t.Fatalf("failed to read pcrs %v", err) } if err := internal.CheckSubset(toBeCertified, baseline); err != nil { t.Fatalf("Validation should pass: %v", err) } if err := tpm2.PCRExtend(rwc, tpmutil.Handle(test.DebugPCR), tpm2.AlgSHA256, bytes.Repeat([]byte{0x00}, sha256.Size), ""); err != nil { t.Fatalf("failed to extend pcr for test %v", err) } toBeCertified, err = client.ReadPCRs(rwc, tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{1, 3, test.DebugPCR}}) if err != nil { t.Fatalf("failed to read pcrs %v", err) } if err := internal.CheckSubset(toBeCertified, baseline); err == nil { t.Fatalf("validation should fail due to PCR %d changed", test.DebugPCR) } toBeCertified, err = client.ReadPCRs(rwc, tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{}}) if err != nil { t.Fatalf("failed to read pcrs %v", err) } if err := internal.CheckSubset(toBeCertified, baseline); err != nil { t.Fatalf("empty pcrs is always validate") } } go-tpm-tools-0.4.7/client/quote_test.go000066400000000000000000000073551510276467000201060ustar00rootroot00000000000000package client_test import ( "bytes" "crypto/ecdsa" "crypto/rsa" "fmt" "io" "testing" "github.com/google/go-attestation/attest" "github.com/google/go-tpm-tools/client" "github.com/google/go-tpm-tools/internal/test" "github.com/google/go-tpm/legacy/tpm2" ) func TestQuote(t *testing.T) { rwc := test.GetTPM(t) defer client.CheckedClose(t, rwc) keys := []struct { name string getKey func(io.ReadWriter) (*client.Key, error) }{ {"AK-ECC", client.AttestationKeyECC}, {"AK-RSA", client.AttestationKeyRSA}, } pcrSels := []tpm2.PCRSelection{ { Hash: tpm2.AlgSHA256, PCRs: []int{7}, }, client.FullPcrSel(tpm2.AlgSHA256), } for _, key := range keys { for _, sel := range pcrSels { name := fmt.Sprintf("%s-%d", key.name, len(sel.PCRs)) t.Run(name, func(t *testing.T) { ak, err := key.getKey(rwc) if err != nil { t.Errorf("failed to generate AK: %v", err) } defer ak.Close() quoted, err := ak.Quote(sel, []byte("test")) if err != nil { t.Errorf("failed to quote: %v", err) } sig, err := tpm2.DecodeSignature(bytes.NewBuffer(quoted.GetRawSig())) if err != nil { t.Errorf("signature decoding failed: %v", err) } switch pub := ak.PublicKey().(type) { case *ecdsa.PublicKey: hash, err := sig.ECC.HashAlg.Hash() if err != nil { t.Fatalf("not a valid hash type: %v", sig.ECC.HashAlg) } hashCon := hash.New() hashCon.Write(quoted.GetQuote()) if !ecdsa.Verify(pub, hashCon.Sum(nil)[:], sig.ECC.R, sig.ECC.S) { t.Errorf("ECC signature verification failed") } case *rsa.PublicKey: hash, err := sig.RSA.HashAlg.Hash() if err != nil { t.Fatalf("not a valid hash type: %v", sig.RSA.HashAlg) } hashCon := hash.New() hashCon.Write(quoted.GetQuote()) if err = rsa.VerifyPKCS1v15(pub, hash, hashCon.Sum(nil), []byte(sig.RSA.Signature)); err != nil { t.Errorf("RSA signature verification failed: %v", err) } } }) } } } func TestQuoteShouldFailWithNonSigningKey(t *testing.T) { rwc := test.GetTPM(t) defer client.CheckedClose(t, rwc) srk, err := client.StorageRootKeyRSA(rwc) if err != nil { t.Errorf("failed to generate SRK: %v", err) } defer srk.Close() selpcr := tpm2.PCRSelection{ Hash: tpm2.AlgSHA1, PCRs: []int{7}, } _, err = srk.Quote(selpcr, []byte("test")) if err == nil { t.Errorf("Quote with a non-signing key should fail") } t.Log(err) } // Basic tests of Key.Attest, more advanced methods are in server package func TestAttest(t *testing.T) { rwc := test.GetTPM(t) defer client.CheckedClose(t, rwc) keys := []struct { name string getKey func(io.ReadWriter) (*client.Key, error) shouldSucceed bool }{ {"AK-ECC", client.AttestationKeyECC, true}, {"AK-RSA", client.AttestationKeyRSA, true}, {"EK-ECC", client.EndorsementKeyECC, false}, {"EK-RSA", client.EndorsementKeyRSA, false}, } for _, key := range keys { t.Run(key.name, func(t *testing.T) { ak, err := key.getKey(rwc) if err != nil { t.Fatalf("failed to generate AK: %v", err) } defer ak.Close() attestation, err := ak.Attest(client.AttestOpts{Nonce: []byte("some nonce")}) if !key.shouldSucceed { if err == nil { t.Error("expected failure when calling Attest") } return } if err != nil { t.Fatalf("failed to attest: %v", err) } // Basic check, make sure we got multiple banks, and fields parse if _, err = tpm2.DecodePublic(attestation.AkPub); err != nil { t.Errorf("failed to decode AkPub: %v", err) } if len(attestation.Quotes) <= 1 { t.Error("expected multiple quotes") } if _, err = attest.ParseEventLog(attestation.EventLog); err != nil { t.Errorf("failed to parse event log: %v", err) } }) } } go-tpm-tools-0.4.7/client/seal_test.go000066400000000000000000000320371510276467000176700ustar00rootroot00000000000000package client_test import ( "bytes" "crypto/sha256" "io" "reflect" "testing" "github.com/google/go-tpm/legacy/tpm2" "github.com/google/go-tpm/tpmutil" "github.com/google/go-tpm-tools/client" "github.com/google/go-tpm-tools/internal/test" pb "github.com/google/go-tpm-tools/proto/tpm" ) func TestSeal(t *testing.T) { rwc := test.GetTPM(t) defer client.CheckedClose(t, rwc) keys := []struct { name string getSRK func(io.ReadWriter) (*client.Key, error) }{ {"RSA", client.StorageRootKeyRSA}, {"ECC", client.StorageRootKeyECC}, } for _, key := range keys { t.Run(key.name, func(t *testing.T) { srk, err := key.getSRK(rwc) if err != nil { t.Fatalf("can't create %s srk from template: %v", key.name, err) } defer srk.Close() secret := []byte("test") pcrToChange := test.DebugPCR sel := tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{7, pcrToChange}} sealed, err := srk.Seal(secret, client.SealOpts{Current: sel}) if err != nil { t.Fatalf("failed to seal: %v", err) } opts := client.UnsealOpts{ CertifyCurrent: tpm2.PCRSelection{ Hash: tpm2.AlgSHA256, PCRs: []int{7}, }, } unseal, err := srk.Unseal(sealed, opts) if err != nil { t.Fatalf("failed to unseal: %v", err) } if !bytes.Equal(secret, unseal) { t.Fatalf("unsealed (%v) not equal to secret (%v)", unseal, secret) } extension := bytes.Repeat([]byte{0xAA}, sha256.Size) if err = tpm2.PCRExtend(rwc, tpmutil.Handle(pcrToChange), tpm2.AlgSHA256, extension, ""); err != nil { t.Fatalf("failed to extend pcr: %v", err) } // unseal should not succeed. if _, err = srk.Unseal(sealed, opts); err == nil { t.Fatalf("unseal should have caused an error: %v", err) } }) } } func TestSelfReseal(t *testing.T) { rwc := test.GetTPM(t) defer client.CheckedClose(t, rwc) key, err := client.StorageRootKeyRSA(rwc) if err != nil { t.Fatalf("can't create srk from template: %v", err) } defer key.Close() secret := []byte("test") pcrList := []int{0, 4, 7} sOpts := client.SealOpts{ Current: tpm2.PCRSelection{ Hash: tpm2.AlgSHA256, PCRs: pcrList, }, } sealed, err := key.Seal(secret, sOpts) if err != nil { t.Fatalf("failed to seal: %v", err) } uOpts := client.UnsealOpts{ CertifyCurrent: tpm2.PCRSelection{ Hash: tpm2.AlgSHA256, PCRs: []int{7}, }, } unseal, err := key.Unseal(sealed, uOpts) if err != nil { t.Fatalf("failed to unseal: %v", err) } if !bytes.Equal(secret, unseal) { t.Errorf("unsealed (%v) not equal to secret (%v)", unseal, secret) } sealed, err = key.Reseal(sealed, uOpts, sOpts) if err != nil { t.Fatalf("failed to reseal: %v", err) } unseal, err = key.Unseal(sealed, uOpts) if err != nil { t.Fatalf("failed to unseal after resealing: %v", err) } if !bytes.Equal(secret, unseal) { t.Errorf("unsealed (%v) not equal to secret (%v)", unseal, secret) } } func computePCRValue(base []byte, extensions [][]byte) []byte { for _, extension := range extensions { sum := sha256.Sum256(append(base, extension...)) base = sum[:] } return base } func TestComputePCRValue(t *testing.T) { rwc := test.GetTPM(t) defer client.CheckedClose(t, rwc) pcrNum := test.DebugPCR extensions := [][]byte{ bytes.Repeat([]byte{0xAA}, sha256.Size), bytes.Repeat([]byte{0xAB}, sha256.Size), bytes.Repeat([]byte{0xAC}, sha256.Size), bytes.Repeat([]byte{0xAD}, sha256.Size), } pcrBase, err := tpm2.ReadPCR(rwc, pcrNum, tpm2.AlgSHA256) if err != nil { t.Fatalf("failed to read pcr %v", err) } for _, extension := range extensions { err := tpm2.PCRExtend(rwc, tpmutil.Handle(pcrNum), tpm2.AlgSHA256, extension, "") if err != nil { t.Fatalf("failed to extend pcr: %v", err) } } pcrVal, err := tpm2.ReadPCR(rwc, pcrNum, tpm2.AlgSHA256) if err != nil { t.Fatalf("failed to read pcr %v", err) } computedValue := computePCRValue(pcrBase, extensions) if !bytes.Equal(pcrVal, computedValue) { t.Fatalf("pcrVal (%v) not equal to computedValue (%v)", pcrVal, computedValue) } } func TestReseal(t *testing.T) { rwc := test.GetTPM(t) defer client.CheckedClose(t, rwc) key, err := client.StorageRootKeyRSA(rwc) if err != nil { t.Fatalf("can't create srk from template: %v", err) } defer key.Close() secret := []byte("test") pcrToChange := test.DebugPCR sel := tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{7, pcrToChange}} sealed, err := key.Seal(secret, client.SealOpts{Current: sel}) if err != nil { t.Fatalf("failed to seal: %v", err) } uOpts := client.UnsealOpts{ CertifyCurrent: sel, } unseal, err := key.Unseal(sealed, uOpts) if err != nil { t.Fatalf("failed to unseal: %v", err) } if !bytes.Equal(secret, unseal) { t.Fatalf("unsealed (%v) not equal to secret (%v)", unseal, secret) } // create a new set of PCRs value for modification predictedPcrsValue, err := client.ReadPCRs(rwc, sel) if err != nil { t.Fatalf("failed to read PCRs value: %v", err) } // change pcr value to the predicted future value for resealing extensions := [][]byte{bytes.Repeat([]byte{0xAA}, sha256.Size)} predictedPcrsValue.GetPcrs()[uint32(pcrToChange)] = computePCRValue(predictedPcrsValue.GetPcrs()[uint32(pcrToChange)], extensions) sOpts := client.SealOpts{Target: predictedPcrsValue} resealed, err := key.Reseal(sealed, uOpts, sOpts) if err != nil { t.Fatalf("failed to reseal: %v", err) } // unseal should not succeed since pcr has not been extended. if _, err = key.Unseal(resealed, client.UnsealOpts{}); err == nil { t.Fatalf("unseal should have failed: %v", err) } // save the current PCR value for certification before extend the PCRs oldPcrsValue, err := client.ReadPCRs(rwc, sel) if err != nil { t.Fatalf("failed to read PCRs value: %v", err) } for _, extension := range extensions { err = tpm2.PCRExtend(rwc, tpmutil.Handle(pcrToChange), tpm2.AlgSHA256, extension, "") if err != nil { t.Fatalf("failed to extend pcr: %v", err) } } // unseal should fail when certifying current PCR values, as one PCR has changed _, err = key.Unseal(resealed, client.UnsealOpts{CertifyCurrent: sel}) if err == nil { t.Fatalf("unseal should fail since the certify PCRs have changed.") } // certify original PCR values (PCR values at seal-time) will work unseal, err = key.Unseal(resealed, client.UnsealOpts{CertifyExpected: oldPcrsValue}) if err != nil { t.Fatalf("failed to unseal: %v", err) } if !bytes.Equal(secret, unseal) { t.Errorf("unsealed (%v) not equal to secret (%v)", unseal, secret) } } func TestSealResealWithEmptyPCRs(t *testing.T) { rwc := test.GetTPM(t) defer client.CheckedClose(t, rwc) key, err := client.StorageRootKeyRSA(rwc) if err != nil { t.Fatalf("can't create srk from template: %v", err) } defer key.Close() secret := []byte("test") pcrToChange := test.DebugPCR sealed, err := key.Seal(secret, client.SealOpts{}) if err != nil { t.Fatalf("failed to seal: %v", err) } opts := client.UnsealOpts{ CertifyCurrent: tpm2.PCRSelection{ Hash: tpm2.AlgSHA256, PCRs: []int{pcrToChange}, }, } unseal, err := key.Unseal(sealed, opts) if err != nil { t.Fatalf("failed to unseal: %v", err) } if !bytes.Equal(secret, unseal) { t.Fatalf("unsealed (%v) not equal to secret (%v)", unseal, secret) } extension := bytes.Repeat([]byte{0xAA}, sha256.Size) if err = tpm2.PCRExtend(rwc, tpmutil.Handle(pcrToChange), tpm2.AlgSHA256, extension, ""); err != nil { t.Fatalf("failed to extend pcr: %v", err) } // unseal should fail as the PCR has changed (not as same as when sealing) _, err = key.Unseal(sealed, opts) if err == nil { t.Fatalf("unseal should fail as PCR 7 changed") } // reseal should succeed as UnsealOpts is empty sealed, err = key.Reseal(sealed, client.UnsealOpts{}, client.SealOpts{}) if err != nil { t.Fatalf("failed to reseal: %v", err) } // unseal should success as the above Reseal() "refreshes" the certify PCRs. unseal, err = key.Unseal(sealed, opts) if err != nil { t.Errorf("failed to unseal: %v", err) } if !bytes.Equal(secret, unseal) { t.Fatalf("unsealed (%v) not equal to secret (%v)", unseal, secret) } } func BenchmarkSeal(b *testing.B) { rwc := test.GetTPM(b) defer client.CheckedClose(b, rwc) pcrSel7 := tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{7}} sOptsPCR7 := client.SealOpts{Current: pcrSel7} uOptsPCR7 := client.UnsealOpts{CertifyCurrent: pcrSel7} benchmarks := []struct { name string sOpts client.SealOpts uOpts client.UnsealOpts getKey func(io.ReadWriter) (*client.Key, error) }{ {"SRK-ECC-SealPCR7-UnsealPCR7", sOptsPCR7, uOptsPCR7, client.StorageRootKeyECC}, {"SRK-ECC-SealEmpty-UnsealPCR7", client.SealOpts{}, uOptsPCR7, client.StorageRootKeyECC}, {"SRK-ECC-SealPCR7-UnsealEmpty", sOptsPCR7, client.UnsealOpts{}, client.StorageRootKeyECC}, {"SRK-ECC-SealEmpty-UnsealEmpty", client.SealOpts{}, client.UnsealOpts{}, client.StorageRootKeyECC}, {"SRK-RSA-SealPCR7-UnsealPCR7", sOptsPCR7, uOptsPCR7, client.StorageRootKeyRSA}, {"SRK-RSA-SealEmpty-UnsealPCR7", client.SealOpts{}, uOptsPCR7, client.StorageRootKeyRSA}, {"SRK-RSA-SealPCR7-UnsealEmpty", sOptsPCR7, client.UnsealOpts{}, client.StorageRootKeyRSA}, {"SRK-RSA-SealEmpty-UnsealEmpty", client.SealOpts{}, client.UnsealOpts{}, client.StorageRootKeyRSA}, } for _, bm := range benchmarks { key, err := bm.getKey(rwc) if err != nil { b.Fatal(err) } b.Run(bm.name, func(b *testing.B) { for i := 0; i < b.N; i++ { blob, err := key.Seal([]byte("test123"), bm.sOpts) if err != nil { b.Fatal(err) } if _, err = key.Unseal(blob, bm.uOpts); err != nil { b.Fatal(err) } } }) } } func TestSealOpts(t *testing.T) { rwc := test.GetTPM(t) defer client.CheckedClose(t, rwc) emptySet := map[uint32]struct{}{} srk, err := client.StorageRootKeyECC(rwc) if err != nil { t.Fatalf("failed to create SRK: %v", err) } opts := []struct { name string current tpm2.PCRSelection target *pb.PCRs expectedPcrs map[uint32]struct{} }{ {"CurrentEmpty-TargetNil", tpm2.PCRSelection{}, nil, emptySet}, {"CurrentEmpty7-TargetNil", tpm2.PCRSelection{}, nil, emptySet}, {"CurrentEmpty-TargetEmpty", tpm2.PCRSelection{}, &pb.PCRs{}, emptySet}, {"CurrentSHA1Empty-TargetSHA256Empty", tpm2.PCRSelection{Hash: tpm2.AlgSHA1}, &pb.PCRs{Hash: pb.HashAlgo_SHA256}, emptySet}, {"CurrentSHA256Empty-TargetSHA1Empty", tpm2.PCRSelection{Hash: tpm2.AlgSHA256}, &pb.PCRs{Hash: pb.HashAlgo_SHA1}, emptySet}, {"CurrentSHA2567-TargetSHA1Empty", tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{7}}, &pb.PCRs{Hash: pb.HashAlgo_SHA1}, map[uint32]struct{}{7: {}}}, {"Current7-TargetPCR0,4", tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{0, 7}}, &pb.PCRs{Hash: pb.HashAlgo_SHA256, Pcrs: map[uint32][]byte{4: {0x00}}}, map[uint32]struct{}{ 0: {}, 4: {}, 7: {}, }}, } sliceToSet := func(a []uint32) map[uint32]struct{} { ret := make(map[uint32]struct{}) for _, val := range a { ret[val] = struct{}{} } return ret } for _, testcase := range opts { t.Run(testcase.name, func(t *testing.T) { sOpts := client.SealOpts{Current: testcase.current, Target: testcase.target} sealed, err := srk.Seal([]byte("secretzz"), sOpts) if err != nil { t.Errorf("error calling Seal with SealOpts: %v", err) } outPcrsMap := sliceToSet(sealed.Pcrs) if !reflect.DeepEqual(outPcrsMap, testcase.expectedPcrs) { t.Errorf("received PCRs (%v) do not match expected PCRs (%v)", outPcrsMap, testcase.expectedPcrs) } }) } // Run empty SealOpts. _, err = srk.Seal([]byte("secretzz"), client.SealOpts{}) if err != nil { t.Errorf("error calling Seal with SealOpts: %v", err) } } func TestSealAndUnsealOptsFail(t *testing.T) { rwc := test.GetTPM(t) defer client.CheckedClose(t, rwc) srk, err := client.StorageRootKeyECC(rwc) if err != nil { t.Fatalf("failed to create SRK: %v", err) } pcrSel7 := tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{7}} pcrMap7 := map[uint32][]byte{7: {0x01, 0x02}} pbPcr7 := &pb.PCRs{Hash: pb.HashAlgo_SHA256, Pcrs: pcrMap7} opts := []struct { name string current tpm2.PCRSelection target *pb.PCRs }{ {"CurrentSHA256-TargetSHA1", pcrSel7, &pb.PCRs{Hash: pb.HashAlgo_SHA1, Pcrs: pcrMap7}}, {"Current-TargetPCROverlap", pcrSel7, pbPcr7}, {"Current-TargetPCROverlapMultiple", tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{0, 4, 7, 8}}, &pb.PCRs{Hash: pb.HashAlgo_SHA256, Pcrs: map[uint32][]byte{0: {}, 4: {0x00}, 9: {0x01, 0x02}}}}, } for _, testcase := range opts { t.Run("Seal"+testcase.name, func(t *testing.T) { sOpts := client.SealOpts{Current: testcase.current, Target: testcase.target} _, err := srk.Seal([]byte("secretzz"), sOpts) if err == nil { t.Errorf("expected failure calling SealOpts") } }) } sealed, err := srk.Seal([]byte("secretzz"), client.SealOpts{}) if err != nil { t.Fatalf("failed to seal: %v", err) } for _, testcase := range opts { t.Run("Unseal"+testcase.name, func(t *testing.T) { uOpts := client.UnsealOpts{CertifyCurrent: testcase.current, CertifyExpected: testcase.target} _, err := srk.Unseal(sealed, uOpts) if err == nil { t.Errorf("expected failure calling SealOpts") } }) } } go-tpm-tools-0.4.7/client/session.go000066400000000000000000000056461510276467000173760ustar00rootroot00000000000000package client import ( "io" "github.com/google/go-tpm/legacy/tpm2" "github.com/google/go-tpm/tpmutil" ) // Session is an interface for TPM sessions. type Session interface { io.Closer Auth() (tpm2.AuthCommand, error) } func startAuthSession(rw io.ReadWriter) (session tpmutil.Handle, err error) { // This session assumes the bus is trusted, so we: // - use nil for tpmKey, encrypted salt, and symmetric // - use and all-zeros caller nonce, and ignore the returned nonce // As we are creating a plain TPM session, we: // - setup a policy session // - don't bind the session to any particular key session, _, err = tpm2.StartAuthSession( rw, /*tpmKey=*/ tpm2.HandleNull, /*bindKey=*/ tpm2.HandleNull, /*nonceCaller=*/ make([]byte, SessionHashAlg.Size()), /*encryptedSalt=*/ nil, /*sessionType=*/ tpm2.SessionPolicy, /*symmetric=*/ tpm2.AlgNull, /*authHash=*/ SessionHashAlgTpm) return } // PCRSession is a TPM session that is bound to a set of PCRs. type PCRSession struct { rw io.ReadWriter session tpmutil.Handle sel tpm2.PCRSelection } // NewPCRSession creates a new PCRSession. func NewPCRSession(rw io.ReadWriter, sel tpm2.PCRSelection) (Session, error) { if len(sel.PCRs) == 0 { return NullSession{}, nil } session, err := startAuthSession(rw) return PCRSession{rw, session, sel}, err } // Auth returns the AuthCommand for the session. func (p PCRSession) Auth() (auth tpm2.AuthCommand, err error) { if err = tpm2.PolicyPCR(p.rw, p.session, nil, p.sel); err != nil { return } return tpm2.AuthCommand{Session: p.session, Attributes: tpm2.AttrContinueSession}, nil } // Close closes the session. func (p PCRSession) Close() error { return tpm2.FlushContext(p.rw, p.session) } // EKSession is a TPM session that is bound to the EK. type EKSession struct { rw io.ReadWriter session tpmutil.Handle } // NewEKSession creates a new EKSession. func NewEKSession(rw io.ReadWriter) (Session, error) { session, err := startAuthSession(rw) return EKSession{rw, session}, err } // Auth returns the AuthCommand for the session. func (e EKSession) Auth() (auth tpm2.AuthCommand, err error) { nullAuth := tpm2.AuthCommand{Session: tpm2.HandlePasswordSession, Attributes: tpm2.AttrContinueSession} if _, _, err = tpm2.PolicySecret(e.rw, tpm2.HandleEndorsement, nullAuth, e.session, nil, nil, nil, 0); err != nil { return } return tpm2.AuthCommand{Session: e.session, Attributes: tpm2.AttrContinueSession}, nil } // Close closes the session. func (e EKSession) Close() error { return tpm2.FlushContext(e.rw, e.session) } // NullSession is a TPM session that is not bound to anything. type NullSession struct{} // Auth returns the AuthCommand for the session. func (n NullSession) Auth() (auth tpm2.AuthCommand, err error) { return tpm2.AuthCommand{Session: tpm2.HandlePasswordSession, Attributes: tpm2.AttrContinueSession}, nil } // Close closes the session. func (n NullSession) Close() error { return nil } go-tpm-tools-0.4.7/client/signer.go000066400000000000000000000111051510276467000171650ustar00rootroot00000000000000package client import ( "crypto" "crypto/rsa" "encoding/asn1" "fmt" "io" "math/big" "sync" "github.com/google/go-tpm-tools/internal" "github.com/google/go-tpm/legacy/tpm2" ) // Global mutex to protect against concurrent TPM access. var signerMutex sync.Mutex type tpmSigner struct { Key *Key Hash crypto.Hash } // Public returns the tpmSigners public key. func (signer *tpmSigner) Public() crypto.PublicKey { return signer.Key.PublicKey() } // Sign uses the TPM key to sign the digest. // The digest must be hashed from the same hash algorithm as the keys scheme. // The opts hash function must also match the keys scheme (or be nil). // Concurrent use of Sign is thread safe, but it is not safe to access the TPM // from other sources while Sign is executing. // For RSAPSS signatures, you cannot specify custom salt lengths. The salt // length will be (keyBits/8) - digestSize - 2, unless that is less than the // digestSize in which case, saltLen will be digestSize. The only normal case // where saltLen is not digestSize is when using 1024 keyBits with SHA512. func (signer *tpmSigner) Sign(_ io.Reader, digest []byte, opts crypto.SignerOpts) (signature []byte, err error) { if pssOpts, ok := opts.(*rsa.PSSOptions); ok { if signer.Key.pubArea.RSAParameters == nil { return nil, fmt.Errorf("invalid options: PSSOptions can only be used with RSA keys") } if signer.Key.pubArea.RSAParameters.Sign.Alg != tpm2.AlgRSAPSS { return nil, fmt.Errorf("invalid options: PSSOptions cannot be used with signing alg: %v", signer.Key.pubArea.RSAParameters.Sign.Alg) } if pssOpts.SaltLength != rsa.PSSSaltLengthAuto { return nil, fmt.Errorf("salt length must be rsa.PSSSaltLengthAuto") } } if opts != nil && opts.HashFunc() != signer.Hash { return nil, fmt.Errorf("hash algorithm: got %v, want %v", opts.HashFunc(), signer.Hash) } if len(digest) != signer.Hash.Size() { return nil, fmt.Errorf("digest length: got %d, want %d", len(digest), signer.Hash.Size()) } signerMutex.Lock() defer signerMutex.Unlock() auth, err := signer.Key.session.Auth() if err != nil { return nil, err } sig, err := tpm2.SignWithSession(signer.Key.rw, auth.Session, signer.Key.handle, "", digest, nil, nil) if err != nil { return nil, err } return getSignature(sig) } // GetSigner returns a crypto.Signer wrapping the loaded TPM Key. // Concurrent use of one or more Signers is thread safe, but it is not safe to // access the TPM from other sources while using a Signer. // The returned Signer lasts the lifetime of the Key, and will no longer work // once the Key has been closed. func (k *Key) GetSigner() (crypto.Signer, error) { if k.hasAttribute(tpm2.FlagRestricted) { return nil, fmt.Errorf("restricted keys are not supported") } hashAlg, err := internal.GetSigningHashAlg(k.pubArea) if err != nil { return nil, err } // For crypto.Signer, Go does the hashing. Make sure the hash is supported. hash, err := hashAlg.Hash() if err != nil { return nil, err } return &tpmSigner{k, hash}, nil } // SignData signs a data buffer with a TPM loaded key. Unlike GetSigner, this // method works with restricted and unrestricted keys. If this method is called // on a restriced key, the TPM itself will hash the provided data, failing the // signing operation if the data begins with TPM_GENERATED_VALUE. func (k *Key) SignData(data []byte) ([]byte, error) { hashAlg, err := internal.GetSigningHashAlg(k.pubArea) if err != nil { return nil, err } var digest []byte var ticket *tpm2.Ticket if k.hasAttribute(tpm2.FlagRestricted) { // Restricted keys can only sign data hashed by the TPM. We use the // owner hierarchy for the Ticket, but any non-Null hierarchy would do. digest, ticket, err = tpm2.Hash(k.rw, hashAlg, data, tpm2.HandleOwner) if err != nil { return nil, err } } else { // Unrestricted keys can sign any digest, no need for TPM hashing. hash, err := hashAlg.Hash() if err != nil { return nil, err } hasher := hash.New() hasher.Write(data) digest = hasher.Sum(nil) } auth, err := k.session.Auth() if err != nil { return nil, err } sig, err := tpm2.SignWithSession(k.rw, auth.Session, k.handle, "", digest, ticket, nil) if err != nil { return nil, err } return getSignature(sig) } func getSignature(sig *tpm2.Signature) ([]byte, error) { switch sig.Alg { case tpm2.AlgRSASSA: return sig.RSA.Signature, nil case tpm2.AlgRSAPSS: return sig.RSA.Signature, nil case tpm2.AlgECDSA: sigStruct := struct{ R, S *big.Int }{sig.ECC.R, sig.ECC.S} return asn1.Marshal(sigStruct) default: return nil, fmt.Errorf("unsupported signing algorithm: %v", sig.Alg) } } go-tpm-tools-0.4.7/client/signer_test.go000066400000000000000000000224751510276467000202400ustar00rootroot00000000000000package client_test import ( "crypto" "crypto/ecdsa" "crypto/rsa" "crypto/sha1" "crypto/sha256" "encoding/asn1" "math/big" "testing" "github.com/google/go-tpm-tools/client" "github.com/google/go-tpm-tools/internal/test" "github.com/google/go-tpm/legacy/tpm2" ) func templateSSA(hash tpm2.Algorithm) tpm2.Public { template := client.AKTemplateRSA() // Can't sign arbitrary data if restricted. template.Attributes &= ^tpm2.FlagRestricted template.RSAParameters.Sign.Hash = hash return template } func templatePSS(hash tpm2.Algorithm) tpm2.Public { template := templateSSA(hash) template.RSAParameters.Sign.Alg = tpm2.AlgRSAPSS return template } func templateECC(hash tpm2.Algorithm) tpm2.Public { template := client.AKTemplateECC() template.Attributes &= ^tpm2.FlagRestricted template.ECCParameters.Sign.Hash = hash return template } // Templates that require some sort of (default) authorization func templateAuthSSA() tpm2.Public { template := templateSSA(tpm2.AlgSHA256) template.AuthPolicy = client.DefaultEKTemplateRSA().AuthPolicy template.Attributes |= tpm2.FlagAdminWithPolicy template.Attributes &= ^tpm2.FlagUserWithAuth return template } func templateAuthECC() tpm2.Public { template := templateECC(tpm2.AlgSHA256) template.AuthPolicy = client.DefaultEKTemplateECC().AuthPolicy template.Attributes |= tpm2.FlagAdminWithPolicy template.Attributes &= ^tpm2.FlagUserWithAuth return template } func verifyRSA(pubKey crypto.PublicKey, hash crypto.Hash, digest, sig []byte) bool { return rsa.VerifyPKCS1v15(pubKey.(*rsa.PublicKey), hash, digest, sig) == nil } func verifyECC(pubKey crypto.PublicKey, _ crypto.Hash, digest, sig []byte) bool { var sigStruct struct{ R, S *big.Int } asn1.Unmarshal(sig, &sigStruct) return ecdsa.Verify(pubKey.(*ecdsa.PublicKey), digest, sigStruct.R, sigStruct.S) } func TestSign(t *testing.T) { rwc := test.GetTPM(t) defer client.CheckedClose(t, rwc) keys := []struct { name string hash crypto.Hash template tpm2.Public verify func(crypto.PublicKey, crypto.Hash, []byte, []byte) bool }{ {"RSA-SHA1", crypto.SHA1, templateSSA(tpm2.AlgSHA1), verifyRSA}, {"RSA-SHA256", crypto.SHA256, templateSSA(tpm2.AlgSHA256), verifyRSA}, {"RSA-SHA384", crypto.SHA384, templateSSA(tpm2.AlgSHA384), verifyRSA}, {"RSA-SHA512", crypto.SHA512, templateSSA(tpm2.AlgSHA512), verifyRSA}, {"ECC-SHA1", crypto.SHA1, templateECC(tpm2.AlgSHA1), verifyECC}, {"ECC-SHA256", crypto.SHA256, templateECC(tpm2.AlgSHA256), verifyECC}, {"ECC-SHA384", crypto.SHA384, templateECC(tpm2.AlgSHA384), verifyECC}, {"ECC-SHA512", crypto.SHA512, templateECC(tpm2.AlgSHA512), verifyECC}, {"Auth-RSA", crypto.SHA256, templateAuthSSA(), verifyRSA}, {"Auth-ECC", crypto.SHA256, templateAuthECC(), verifyECC}, } message := []byte("authenticated message") // Data beginning with TPM_GENERATED_VALUE (looks like a TPM-test message) generatedMsg := append([]byte("\xffTCG"), message...) for _, k := range keys { hash := k.hash.New() hash.Write(message) digest := hash.Sum(nil) alg, err := tpm2.HashToAlgorithm(k.hash) if err != nil { t.Fatal(err) } t.Run(k.name, func(t *testing.T) { test.SkipOnUnsupportedAlg(t, rwc, alg) key, err := client.NewKey(rwc, tpm2.HandleEndorsement, k.template) if err != nil { t.Fatal(err) } defer key.Close() signer, err := key.GetSigner() if err != nil { t.Fatal(err) } sig, err := signer.Sign(nil, digest, k.hash) if err != nil { t.Fatal(err) } if !k.verify(signer.Public(), k.hash, digest, sig) { t.Error(err) } }) t.Run(k.name+"-SignData", func(t *testing.T) { test.SkipOnUnsupportedAlg(t, rwc, alg) key, err := client.NewKey(rwc, tpm2.HandleEndorsement, k.template) if err != nil { t.Fatal(err) } defer key.Close() sig, err := key.SignData(message) if err != nil { t.Fatal(err) } if !k.verify(key.PublicKey(), k.hash, digest, sig) { t.Error(err) } // Unrestricted keys can sign data beginning with TPM_GENERATED_VALUE if _, err = key.SignData(generatedMsg); err != nil { t.Error(err) } }) t.Run(k.name+"-SignDataRestricted", func(t *testing.T) { test.SkipOnUnsupportedAlg(t, rwc, alg) restrictedTemplate := k.template restrictedTemplate.Attributes |= tpm2.FlagRestricted key, err := client.NewKey(rwc, tpm2.HandleEndorsement, restrictedTemplate) if err != nil { t.Fatal(err) } defer key.Close() sig, err := key.SignData(message) if err != nil { t.Fatal(err) } if !k.verify(key.PublicKey(), k.hash, digest, sig) { t.Error(err) } // Restricted keys cannot sign data beginning with TPM_GENERATED_VALUE if _, err = key.SignData(generatedMsg); err == nil { t.Error("Signing TPM_GENERATED_VALUE data should fail") } }) } } func TestSignIncorrectHash(t *testing.T) { rwc := test.GetTPM(t) defer client.CheckedClose(t, rwc) key, err := client.NewKey(rwc, tpm2.HandleEndorsement, templateSSA(tpm2.AlgSHA256)) if err != nil { t.Fatal(err) } defer key.Close() signer, err := key.GetSigner() if err != nil { t.Fatal(err) } digestSHA1 := sha1.Sum([]byte("authenticated message")) digestSHA256 := sha256.Sum256([]byte("authenticated message")) if _, err := signer.Sign(nil, digestSHA1[:], crypto.SHA1); err == nil { t.Error("expected failure for digest and hash not matching keys sigScheme.") } if _, err := signer.Sign(nil, digestSHA1[:], crypto.SHA256); err == nil { t.Error("expected failure for correct hash, but incorrect digest.") } if _, err := signer.Sign(nil, digestSHA256[:], crypto.SHA1); err == nil { t.Error("expected failure for correct digest, but incorrect hash.") } } func TestSignPSS(t *testing.T) { rwc := test.GetTPM(t) defer client.CheckedClose(t, rwc) keys := []struct { name string opts crypto.SignerOpts template tpm2.Public keyBits uint16 saltLen int }{ // saltLen should be (keyBits/8) - digestSize - 2, unless that is less than // digestSize in which case, saltLen will be digestSize. // The only normal case where saltLen is not digestSize is when using // 1024 keyBits with SHA512. {"RSA-SHA1", crypto.SHA1, templatePSS(tpm2.AlgSHA1), 1024, 20}, {"RSA-SHA256", crypto.SHA256, templatePSS(tpm2.AlgSHA256), 1024, 32}, {"RSA-SHA384", crypto.SHA384, templatePSS(tpm2.AlgSHA384), 1024, 48}, {"RSA-SHA512", crypto.SHA512, templatePSS(tpm2.AlgSHA512), 1024, 62}, {"RSA-SHA512", crypto.SHA512, templatePSS(tpm2.AlgSHA512), 2048, 64}, {"RSA-SHA1", &rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthAuto, Hash: crypto.SHA1}, templatePSS(tpm2.AlgSHA1), 1024, 20}, {"RSA-SHA256", &rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthAuto, Hash: crypto.SHA256}, templatePSS(tpm2.AlgSHA256), 1024, 32}, {"RSA-SHA384", &rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthAuto, Hash: crypto.SHA384}, templatePSS(tpm2.AlgSHA384), 1024, 48}, {"RSA-SHA512", &rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthAuto, Hash: crypto.SHA512}, templatePSS(tpm2.AlgSHA512), 1024, 62}, {"RSA-SHA512", &rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthAuto, Hash: crypto.SHA512}, templatePSS(tpm2.AlgSHA512), 2048, 64}, } for _, k := range keys { t.Run(k.name, func(t *testing.T) { alg, err := tpm2.HashToAlgorithm(k.opts.HashFunc()) if err != nil { t.Fatal(err) } test.SkipOnUnsupportedAlg(t, rwc, alg) k.template.RSAParameters.KeyBits = k.keyBits key, err := client.NewKey(rwc, tpm2.HandleEndorsement, k.template) if err != nil { t.Fatal(err) } defer key.Close() hash := k.opts.HashFunc().New() hash.Write([]byte("authenticated message")) digest := hash.Sum(nil) signer, err := key.GetSigner() if err != nil { t.Fatal(err) } sig, err := signer.Sign(nil, digest[:], k.opts) if err != nil { t.Fatal(err) } // Different implementations may specify different salt length. Some have "keyBytes - digestSize - 2", some have // just "digestSize". Therefore here we just verify with default salt length. err = rsa.VerifyPSS(signer.Public().(*rsa.PublicKey), k.opts.HashFunc(), digest[:], sig, nil) if err != nil { t.Error(err) } }) } } // Make sure signing fails when using PSS params with a non-PSS key func TestFailSignPSS(t *testing.T) { rwc := test.GetTPM(t) defer client.CheckedClose(t, rwc) keys := []struct { name string template tpm2.Public }{ {"SSA", templateSSA(tpm2.AlgSHA256)}, {"ECC", templateECC(tpm2.AlgSHA256)}, } pssOpts := rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthAuto, Hash: crypto.SHA256} for _, k := range keys { t.Run(k.name, func(t *testing.T) { key, err := client.NewKey(rwc, tpm2.HandleEndorsement, k.template) if err != nil { t.Fatal(err) } defer key.Close() signer, err := key.GetSigner() if err != nil { t.Fatal(err) } // Fake SHA-256 digest digest := make([]byte, 32) if _, err = signer.Sign(nil, digest, &pssOpts); err == nil { t.Error("expected failure when using PSS options") } }) } } // Signing keys without a signature scheme are incompatible with GetSigner func TestFailGetSignerNullScheme(t *testing.T) { template := templateSSA(tpm2.AlgSHA256) template.RSAParameters.Sign = nil rwc := test.GetTPM(t) defer client.CheckedClose(t, rwc) key, err := client.NewKey(rwc, tpm2.HandleEndorsement, template) if err != nil { t.Fatal(err) } defer key.Close() if _, err = key.GetSigner(); err == nil { t.Error("expected failure when calling GetSigner") } } go-tpm-tools-0.4.7/client/template.go000066400000000000000000000102611510276467000175130ustar00rootroot00000000000000package client import ( "crypto/sha256" "github.com/google/go-tpm/legacy/tpm2" "github.com/google/go-tpm/tpmutil" ) // Calculations from Credential_Profile_EK_V2.0, section 2.1.5.3 - authPolicy func defaultEKAuthPolicy() []byte { buf, err := tpmutil.Pack(tpm2.CmdPolicySecret, tpm2.HandleEndorsement) if err != nil { panic(err) } digest1 := sha256.Sum256(append(make([]byte, 32), buf...)) // We would normally append the policy buffer to digest1, but the // policy buffer is empty for the default Auth Policy. digest2 := sha256.Sum256(digest1[:]) return digest2[:] } func defaultEKAttributes() tpm2.KeyProp { // The EK is a storage key that must use session-based authorization. return (tpm2.FlagStorageDefault | tpm2.FlagAdminWithPolicy) & ^tpm2.FlagUserWithAuth } func defaultSRKAttributes() tpm2.KeyProp { // FlagNoDA doesn't do anything (as the AuthPolicy is nil). However, this is // what Windows does, and we don't want to conflict. return tpm2.FlagStorageDefault | tpm2.FlagNoDA } func defaultSymScheme() *tpm2.SymScheme { return &tpm2.SymScheme{ Alg: tpm2.AlgAES, KeyBits: 128, Mode: tpm2.AlgCFB, } } func defaultRSAParams() *tpm2.RSAParams { return &tpm2.RSAParams{ Symmetric: defaultSymScheme(), KeyBits: 2048, ModulusRaw: make([]byte, 256), // public.unique must be all zeros } } func defaultECCParams() *tpm2.ECCParams { return &tpm2.ECCParams{ Symmetric: defaultSymScheme(), CurveID: tpm2.CurveNISTP256, Point: tpm2.ECPoint{ XRaw: make([]byte, 32), YRaw: make([]byte, 32), }, } } // DefaultEKTemplateRSA returns the default Endorsement Key (EK) template as // specified in Credential_Profile_EK_V2.0, section 2.1.5.1 - authPolicy. // https://trustedcomputinggroup.org/wp-content/uploads/Credential_Profile_EK_V2.0_R14_published.pdf func DefaultEKTemplateRSA() tpm2.Public { return tpm2.Public{ Type: tpm2.AlgRSA, NameAlg: tpm2.AlgSHA256, Attributes: defaultEKAttributes(), AuthPolicy: defaultEKAuthPolicy(), RSAParameters: defaultRSAParams(), } } // DefaultEKTemplateECC returns the default Endorsement Key (EK) template as // specified in Credential_Profile_EK_V2.0, section 2.1.5.2 - authPolicy. // https://trustedcomputinggroup.org/wp-content/uploads/Credential_Profile_EK_V2.0_R14_published.pdf func DefaultEKTemplateECC() tpm2.Public { return tpm2.Public{ Type: tpm2.AlgECC, NameAlg: tpm2.AlgSHA256, Attributes: defaultEKAttributes(), AuthPolicy: defaultEKAuthPolicy(), ECCParameters: defaultECCParams(), } } // AKTemplateRSA returns a potential Attestation Key (AK) template. // This is very similar to DefaultEKTemplateRSA, except that this will be a // signing key instead of an encrypting key. func AKTemplateRSA() tpm2.Public { return tpm2.Public{ Type: tpm2.AlgRSA, NameAlg: tpm2.AlgSHA256, Attributes: tpm2.FlagSignerDefault, RSAParameters: &tpm2.RSAParams{ Sign: &tpm2.SigScheme{ Alg: tpm2.AlgRSASSA, Hash: tpm2.AlgSHA256, }, KeyBits: 2048, }, } } // AKTemplateECC returns a potential Attestation Key (AK) template. // This is very similar to DefaultEKTemplateECC, except that this will be a // signing key instead of an encrypting key. func AKTemplateECC() tpm2.Public { params := defaultECCParams() params.Symmetric = nil params.Sign = &tpm2.SigScheme{ Alg: tpm2.AlgECDSA, Hash: tpm2.AlgSHA256, } return tpm2.Public{ Type: tpm2.AlgECC, NameAlg: tpm2.AlgSHA256, Attributes: tpm2.FlagSignerDefault, ECCParameters: params, } } // SRKTemplateRSA returns a standard Storage Root Key (SRK) template. // This is based upon the advice in the TCG's TPM v2.0 Provisioning Guidance. func SRKTemplateRSA() tpm2.Public { return tpm2.Public{ Type: tpm2.AlgRSA, NameAlg: tpm2.AlgSHA256, Attributes: defaultSRKAttributes(), RSAParameters: defaultRSAParams(), } } // SRKTemplateECC returns a standard Storage Root Key (SRK) template. // This is based upon the advice in the TCG's TPM v2.0 Provisioning Guidance. func SRKTemplateECC() tpm2.Public { return tpm2.Public{ Type: tpm2.AlgECC, NameAlg: tpm2.AlgSHA256, Attributes: defaultSRKAttributes(), ECCParameters: defaultECCParams(), } } go-tpm-tools-0.4.7/cmd/000077500000000000000000000000001510276467000146365ustar00rootroot00000000000000go-tpm-tools-0.4.7/cmd/attest.go000066400000000000000000000130011510276467000164640ustar00rootroot00000000000000package cmd import ( "context" "fmt" "io" "log" "strconv" "cloud.google.com/go/compute/metadata" "github.com/google/go-tpm-tools/client" "github.com/google/go-tpm-tools/proto/attest" "github.com/google/go-tpm/legacy/tpm2" "github.com/spf13/cobra" "google.golang.org/protobuf/proto" ) var ( key string teeTechnology string ) // Add constants for other devices when required const ( // SevSnp is a constant denotes device name for teeTechnology SevSnp = "sev-snp" // Tdx is a constant denotes device name for teeTechnology Tdx = "tdx" ) var attestationKeys = map[string]map[tpm2.Algorithm]func(rw io.ReadWriter) (*client.Key, error){ "AK": { tpm2.AlgRSA: client.AttestationKeyRSA, tpm2.AlgECC: client.AttestationKeyECC, }, "gceAK": { tpm2.AlgRSA: client.GceAttestationKeyRSA, tpm2.AlgECC: client.GceAttestationKeyECC, }, } // If hardware technology needs a variable length teenonce then please modify the flags description var attestCmd = &cobra.Command{ Use: "attest", Short: "Create a remote attestation report", Long: `Gather information for remote attestation. The Attestation report contains a quote on all available PCR banks, a way to validate the quote, and a TCG Event Log (Linux only). Use --key to specify the type of attestation key. It can be gceAK for GCE attestation key or AK for a custom attestation key. By default it uses AK. --algo flag overrides the public key algorithm for attestation key. If not provided then by default rsa is used. --tee-nonce attaches a 64 bytes extra data to the attestation report of TDX and SEV-SNP hardware and guarantees a fresh quote. `, Args: cobra.NoArgs, RunE: func(*cobra.Command, []string) error { rwc, err := openTpm() if err != nil { return err } defer rwc.Close() if !(format == "binarypb" || format == "textproto") { return fmt.Errorf("format should be either binarypb or textproto") } var attestationKey *client.Key algoToCreateAK, ok := attestationKeys[key] if !ok { return fmt.Errorf("key should be either AK or gceAK") } createFunc := algoToCreateAK[keyAlgo] attestationKey, err = createFunc(rwc) if err != nil { return fmt.Errorf("failed to create attestation key: %v", err) } defer attestationKey.Close() attestOpts := client.AttestOpts{} attestOpts.Nonce = nonce // Add logic to open other hardware devices when required. switch teeTechnology { case SevSnp: attestOpts.TEEDevice, err = client.CreateSevSnpQuoteProvider() if err != nil { return fmt.Errorf("failed to open %s device: %v", SevSnp, err) } attestOpts.TEENonce = teeNonce case Tdx: attestOpts.TEEDevice, err = client.CreateTdxQuoteProvider() if err != nil { return fmt.Errorf("failed to create %s quote provider: %v", Tdx, err) } attestOpts.TEENonce = teeNonce case "": if len(teeNonce) != 0 { return fmt.Errorf("use of --tee-nonce requires specifying TEE hardware type with --tee-technology") } default: // Change the return statement when more devices are added return fmt.Errorf("tee-technology should be either empty or should have values %s or %s", SevSnp, Tdx) } attestOpts.TCGEventLog, err = client.GetEventLog(rwc) if err != nil { return fmt.Errorf("failed to retrieve TCG Event Log: %w", err) } attestation, err := attestationKey.Attest(attestOpts) if err != nil { return fmt.Errorf("failed to collect attestation report : %v", err) } if key == "gceAK" { instanceInfo, err := getInstanceInfoFromMetadata() if err != nil { log.Printf("Could not get GCE instance info, continuing without it: %v", err) } attestation.InstanceInfo = instanceInfo } var out []byte if format == "binarypb" { out, err = proto.Marshal(attestation) if err != nil { return fmt.Errorf("failed to marshal attestation proto: %v", attestation) } } else { out = []byte(marshalOptions.Format(attestation)) } if _, err := dataOutput().Write(out); err != nil { return fmt.Errorf("failed to write attestation report: %v", err) } return nil }, } func getInstanceInfoFromMetadata() (*attest.GCEInstanceInfo, error) { ctx := context.Background() var err error instanceInfo := &attest.GCEInstanceInfo{} instanceInfo.ProjectId, err = metadata.ProjectIDWithContext(ctx) if err != nil { return nil, err } projectNumber, err := metadata.NumericProjectIDWithContext(ctx) if err != nil { return nil, err } instanceInfo.ProjectNumber, err = strconv.ParseUint(projectNumber, 10, 64) if err != nil { return nil, err } instanceInfo.Zone, err = metadata.ZoneWithContext(ctx) if err != nil { return nil, err } instanceID, err := metadata.InstanceIDWithContext(ctx) if err != nil { return nil, err } instanceInfo.InstanceId, err = strconv.ParseUint(instanceID, 10, 64) if err != nil { return nil, err } instanceInfo.InstanceName, err = metadata.InstanceNameWithContext(ctx) if err != nil { return nil, err } return instanceInfo, err } func addKeyFlag(cmd *cobra.Command) { cmd.PersistentFlags().StringVar(&key, "key", "AK", "indicates type of attestation key to use ") } func addTeeTechnology(cmd *cobra.Command) { cmd.PersistentFlags().StringVar(&teeTechnology, "tee-technology", "", "indicates the type of TEE hardware. Should be either empty or one of sev-snp or tdx") } func init() { RootCmd.AddCommand(attestCmd) addKeyFlag(attestCmd) addNonceFlag(attestCmd) addTeeNonceflag(attestCmd) addPublicKeyAlgoFlag(attestCmd) addOutputFlag(attestCmd) addFormatFlag(attestCmd) addTeeTechnology(attestCmd) attestCmd.AddCommand(attestSVSMCmd) } go-tpm-tools-0.4.7/cmd/attest_svsm.go000066400000000000000000000177611510276467000175550ustar00rootroot00000000000000package cmd import ( "errors" "fmt" "time" "github.com/google/gce-tcb-verifier/extract" "github.com/google/go-configfs-tsm/configfs/configfsi" "github.com/google/go-configfs-tsm/configfs/linuxtsm" "github.com/google/go-configfs-tsm/report" sabi "github.com/google/go-sev-guest/abi" sevpb "github.com/google/go-sev-guest/proto/sevsnp" "github.com/google/go-tpm-tools/client" apb "github.com/google/go-tpm-tools/proto/attest" "github.com/spf13/cobra" "google.golang.org/protobuf/proto" ) var ( errSVSMOnlySupportsAK = errors.New("SVSM currently only support --key=AK") errSvsmOnlySupportedWithSevSnp = errors.New("--svsm is only supported with --tee-technology=sev-snp") ) var attestSVSMCmd = &cobra.Command{ Use: "svsm", Short: `Produce a SevSnpSvsmAttestation that wraps the PCR attestation message.`, RunE: func(*cobra.Command, []string) error { if teeTechnology != SevSnp { return errSvsmOnlySupportedWithSevSnp } rwc, err := openTpm() if err != nil { return err } defer rwc.Close() var attestationKey *client.Key if key != "AK" { return errSVSMOnlySupportsAK } algoToCreateAK, ok := attestationKeys[key] if !ok { return fmt.Errorf("%v is an invalid value for --key, only AK is supported", key) } createFunc := algoToCreateAK[keyAlgo] attestationKey, err = createFunc(rwc) if err != nil { return fmt.Errorf("failed to create attestation key: %v", err) } defer attestationKey.Close() attestOpts := client.AttestOpts{} attestOpts.Nonce = nonce // Omit requesting TEE attestation for the Attestation message when attesting an SVSM based vTPM. // We instead separately attach a TEE attestation inside the SevSnpSvsmAttestation message attestOpts.SkipTeeAttestation = true attestOpts.TCGEventLog, err = client.GetEventLog(rwc) if err != nil { return fmt.Errorf("failed to retrieve TCG Event Log: %w", err) } attestation, err := attestationKey.Attest(attestOpts) if err != nil { return fmt.Errorf("failed to collect attestation report : %v", err) } if teeTechnology != SevSnp { return errSvsmOnlySupportedWithSevSnp } configfsClient, err := linuxtsm.MakeClient() if err != nil { return fmt.Errorf("failed to create linuxtsm configfs client: %w", err) } svsmAttestation, err := makeSEVSNPSVSMAttestation(attestation, &sevSNPSVSMAttestationOpts{ TEENonce: teeNonce, CongfigfsClient: configfsClient, VTPMServiceManifestVersion: "0", ExtractOptions: extract.DefaultOptions(), }) if err != nil { return fmt.Errorf("failed to create SEV SNP SVSM attestation: %w", err) } if err := writeProtoToOutput(svsmAttestation); err != nil { return fmt.Errorf("failed to write SEV SNP SVSM attestation report: %w", err) } return nil }, } // sevSNPSVSMAttestationOpts customizes the behavior of makeSEVSNPSVSMAttestation. type sevSNPSVSMAttestationOpts struct { // 64 byte nonce to be mixed into the REPORT_DATA field of the SNP attestation report. TEENonce []byte // Configfs client to use for retrieving the attestation report, certificates, and SVSM service manifest. CongfigfsClient configfsi.Client // The SVSM service manifest and its version is defined by the SVSM spec at // https://www.amd.com/en/developer/sev.html // Failing to specify a value here will result in requesting the default manifest version of "0" // See https://github.com/torvalds/linux/blob/v6.16/Documentation/ABI/testing/configfs-tsm-report VTPMServiceManifestVersion string // Options for configuring how to extract a firmware endorsement. // Leave as nil to skip getting firmware endorsement. ExtractOptions *extract.Options } // makeSEVSNPSVSMAttestation fills out the fields of a SevSnpSvsmAttestation message needed to verify an SVSM e-vTPM. // This includes the SNP attestation report and the vtpm service manifest. func makeSEVSNPSVSMAttestation(attestation *apb.Attestation, opts *sevSNPSVSMAttestationOpts) (*apb.SevSnpSvsmAttestation, error) { svsm := &apb.SevSnpSvsmAttestation{ Attestation: attestation, } var snpNonce [sabi.ReportDataSize]byte if len(opts.TEENonce) != sabi.ReportDataSize { return nil, fmt.Errorf("the teeNonce size is %d. SEV-SNP device requires 64", len(opts.TEENonce)) } copy(snpNonce[:], opts.TEENonce) // There is a host ratelimit of 2 requests per 2 seconds on guest message requests // and SVSM will decide to crash if it runs into this ratelimit. // Until we fix this in Coconut SVSM and increase the host ratelimit, ensure a 2 // second delay prior to issuing an attestation report request to SVSM. time.Sleep(2 * time.Second) tsmBlobs, err := getSVSMBlobs(opts.CongfigfsClient, snpNonce, opts.VTPMServiceManifestVersion) if err != nil { return nil, fmt.Errorf("failed to get configfs-tsm blobs for SVSM attestation report: %w", err) } report, err := sabi.ReportToProto(tsmBlobs.OutBlob) if err != nil { return nil, fmt.Errorf("failed to convert attestation report to proto: %w", err) } certs, err := getCertificates(opts.CongfigfsClient, snpNonce) if err != nil { return nil, fmt.Errorf("failed to retrieve certificates from configfs-tsm: %w", err) } svsm.SevSnpAttestation = &sevpb.Attestation{ Report: report, CertificateChain: certs, } svsm.VtpmServiceManifest = tsmBlobs.ManifestBlob if opts.VTPMServiceManifestVersion == "" { svsm.VtpmServiceManifestVersion = defaultConfigfsTsmReportServiceManifestVersion } svsm.VtpmServiceManifestVersion = opts.VTPMServiceManifestVersion if opts.ExtractOptions != nil { svsm.LaunchEndorsement, err = getEndorsement(svsm.SevSnpAttestation, opts.ExtractOptions) if err != nil { return nil, fmt.Errorf("failed to get endorsement for svsm firmware: %w", err) } } return svsm, nil } func getEndorsement(attestation *sevpb.Attestation, extractOpts *extract.Options) ([]byte, error) { if extractOpts == nil { return nil, nil } out, err := proto.Marshal(attestation) if err != nil { return nil, fmt.Errorf("failed to marshal sev snp attestation: %w", err) } extractOpts.Quote = out return extract.Endorsement(extractOpts) } // Constants for input to various blobs of configfs-tsm-report defined by linux kernel. // See https://github.com/torvalds/linux/blob/v6.16/Documentation/ABI/testing/configfs-tsm-report const ( svsmServiceProvider = "svsm" // GUID for SVSM vTPM attestation defined by SVSM spec. // See https://www.amd.com/en/developer/sev.html for SVSM spec svsmVTPMServiceGUID = "c476f1eb-0123-45a5-9641-b4e7dde5bfe3" leastPrivilegedVMPL = 3 defaultConfigfsTsmReportServiceManifestVersion = "0" ) var ( errFailedToRetrieveCertificates = errors.New("failed to retrieve certificates") ) // SVSM currently doesn't support certificates in its attestation report, so here we collect // the certificate chain by requesting a report without SVSM to get the cached certificates. func getCertificates(configfs configfsi.Client, reportData [sabi.ReportDataSize]byte) (*sevpb.CertificateChain, error) { resp, err := report.Get(configfs, &report.Request{ InBlob: reportData[:], GetAuxBlob: true, Privilege: &report.Privilege{ Level: uint(leastPrivilegedVMPL), }, }) if err != nil { return nil, errFailedToRetrieveCertificates } extended, err := sabi.ExtendedPlatformCertTable(resp.AuxBlob) if err != nil { return nil, fmt.Errorf("invalid certificate table: %w", err) } table := new(sabi.CertTable) if err := table.Unmarshal(extended); err != nil { return nil, fmt.Errorf("failed to unmarshal certificates: %w", err) } return table.Proto(), nil } func getSVSMBlobs(configfs configfsi.Client, reportData [sabi.ReportDataSize]byte, vtpmServiceManifestVersion string) (*report.Response, error) { resp, err := report.Get(configfs, &report.Request{ InBlob: reportData[:], ServiceProvider: svsmServiceProvider, ServiceGuid: svsmVTPMServiceGUID, ServiceManifestVersion: vtpmServiceManifestVersion, }) if err != nil { return nil, fmt.Errorf("could not get SVSM attestation report: %w", err) } return resp, nil } go-tpm-tools-0.4.7/cmd/attest_test.go000066400000000000000000000271471510276467000175430ustar00rootroot00000000000000package cmd import ( "io" "os" "strconv" "strings" "testing" "time" sgtest "github.com/google/go-sev-guest/testing" sgtestclient "github.com/google/go-sev-guest/testing/client" tgtest "github.com/google/go-tdx-guest/testing" tgtestclient "github.com/google/go-tdx-guest/testing/client" "github.com/google/go-tpm-tools/client" "github.com/google/go-tpm-tools/internal/test" "github.com/google/go-tpm-tools/verifier/util" "github.com/google/go-tpm/legacy/tpm2" "github.com/google/go-tpm/tpmutil" ) var getIndex = map[string]uint32{ "rsa": client.GceAKTemplateNVIndexRSA, "ecc": client.GceAKTemplateNVIndexECC, } func GCEAKTemplateECC() tpm2.Public { return tpm2.Public{ Type: tpm2.AlgECC, NameAlg: tpm2.AlgSHA256, Attributes: tpm2.FlagSignerDefault, ECCParameters: &tpm2.ECCParams{ Sign: &tpm2.SigScheme{ Alg: tpm2.AlgECDSA, Hash: tpm2.AlgSHA256, }, CurveID: 3, }, } } func GCEAKTemplateRSA() tpm2.Public { return tpm2.Public{ Type: tpm2.AlgRSA, NameAlg: tpm2.AlgSHA256, Attributes: tpm2.FlagSignerDefault, RSAParameters: &tpm2.RSAParams{ Sign: &tpm2.SigScheme{ Alg: tpm2.AlgRSASSA, Hash: tpm2.AlgSHA256, }, KeyBits: 2048, }, } } // Need to call tpm2.NVUndefinespace on the handle with authHandle tpm2.HandlePlatform. // e.g defer tpm2.NVUndefineSpace(rwc, "", tpm2.HandlePlatform, tpmutil.Handle(client.GceAKTemplateNVIndexRSA)) func setGCEAKTemplate(tb testing.TB, rwc io.ReadWriteCloser, algo string, data []byte) error { // Since this mutates the TPM, any tests using real TPMs must skip. test.SkipForRealTPM(tb) var err error idx := tpmutil.Handle(getIndex[algo]) if err := tpm2.NVDefineSpace(rwc, tpm2.HandlePlatform, idx, "", "", nil, tpm2.AttrPPWrite|tpm2.AttrPPRead|tpm2.AttrWriteDefine|tpm2.AttrOwnerRead|tpm2.AttrAuthRead|tpm2.AttrPlatformCreate|tpm2.AttrNoDA, uint16(len(data))); err != nil { tb.Fatalf("NVDefineSpace failed: %v", err) } err = tpm2.NVWrite(rwc, tpm2.HandlePlatform, idx, "", data, 0) if err != nil { tb.Fatalf("failed to write NVIndex: %v", err) } return nil } func makeOutputFile(tb testing.TB, output string) string { tb.Helper() file, err := os.CreateTemp("", output) if err != nil { tb.Fatal(err) } defer file.Close() return file.Name() } func TestNonce(t *testing.T) { rwc := test.GetTPM(t) defer client.CheckedClose(t, rwc) ExternalTPM = rwc // Without nonce. RootCmd.SetArgs([]string{"attest", "--key", "AK"}) if err := RootCmd.Execute(); err == nil { t.Error("expected not-nil error") } // With odd length nonce. RootCmd.SetArgs([]string{"attest", "--nonce", "12345", "--key", "AK"}) if err := RootCmd.Execute(); err == nil { t.Error("expected not-nil error") } } func TestAttestPass(t *testing.T) { rwc := test.GetTPM(t) defer client.CheckedClose(t, rwc) ExternalTPM = rwc tests := []struct { name string key string algo string nonce string }{ {"defaultKey", "", "rsa", "1234"}, {"AKWithRSA", "AK", "rsa", "2222"}, {"AKWithECC", "AK", "ecc", "2222"}, } for _, op := range tests { t.Run(op.name, func(t *testing.T) { secretFile1 := makeOutputFile(t, "attest") defer os.RemoveAll(secretFile1) attestArgs := []string{"attest", "--output", secretFile1} if op.key != "" { attestArgs = append(attestArgs, "--key", op.key) } if op.algo != "" { attestArgs = append(attestArgs, "--algo", op.algo) } if op.nonce != "" { attestArgs = append(attestArgs, "--nonce", op.nonce) } RootCmd.SetArgs(attestArgs) if err := RootCmd.Execute(); err != nil { t.Error(err) } }) } } func TestFormatFlagPass(t *testing.T) { rwc := test.GetTPM(t) defer client.CheckedClose(t, rwc) ExternalTPM = rwc inputFile := makeOutputFile(t, "attestXYZQ") outputFile := makeOutputFile(t, "attestout") defer os.RemoveAll(inputFile) defer os.RemoveAll(outputFile) tests := []struct { name string nonce string report string verifiedReport string format string }{ {"Format:binary", "abcd", inputFile, outputFile, "binarypb"}, {"Format:textproto", "abcd", inputFile, outputFile, "textproto"}, } for _, op := range tests { t.Run(op.name, func(t *testing.T) { attestArgs := []string{"attest", "--nonce", op.nonce, "--output", op.report, "--format", op.format} RootCmd.SetArgs(attestArgs) if err := RootCmd.Execute(); err != nil { t.Error(err) } debugArgs := []string{"verify", "debug", "--nonce", op.nonce, "--input", op.report, "--output", op.verifiedReport, "--format", op.format} RootCmd.SetArgs(debugArgs) if err := RootCmd.Execute(); err != nil { t.Error(err) } }) } } func TestFormatFlagFail(t *testing.T) { rwc := test.GetTPM(t) defer client.CheckedClose(t, rwc) ExternalTPM = rwc inputFile := makeOutputFile(t, "attest") outputFile := makeOutputFile(t, "attestout") defer os.RemoveAll(inputFile) defer os.RemoveAll(outputFile) tests := []struct { name string nonce string report string verifiedReport string formatAttest string formatDebug string }{ {"Format:binary", "abcd", inputFile, outputFile, "binarypb", "textproto"}, {"Format:textproto", "abcd", inputFile, outputFile, "textproto", "binarypb"}, {"Format:textproto", "abcd", inputFile, outputFile, "textproto", "xyz"}, } for _, op := range tests { t.Run(op.name, func(t *testing.T) { attestArgs := []string{"attest", "--nonce", op.nonce, "--output", op.report, "--format", op.formatAttest} RootCmd.SetArgs(attestArgs) if err := RootCmd.Execute(); err != nil { t.Error(err) } debugArgs := []string{"verify", "debug", "--nonce", op.nonce, "--input", op.report, "--output", op.verifiedReport, "--format", op.formatDebug} RootCmd.SetArgs(debugArgs) if err := RootCmd.Execute(); err == nil { t.Error(err) } }) } } func TestMetadataPass(t *testing.T) { var dummyInstance = util.Instance{ProjectID: "test-project", ProjectNumber: "1922337278274", Zone: "us-central-1a", InstanceID: "12345678", InstanceName: "default"} mock, err := util.NewMetadataServer(dummyInstance) if err != nil { t.Error(err) } defer mock.Stop() instanceInfo, err := getInstanceInfoFromMetadata() if err != nil { t.Error(err) } if instanceInfo.ProjectId != dummyInstance.ProjectID { t.Errorf("metadata.ProjectID() = %v, want %v", instanceInfo.ProjectId, dummyInstance.ProjectID) } projectNumber, err := strconv.ParseUint(dummyInstance.ProjectNumber, 10, 64) if err != nil { t.Error(err) } if instanceInfo.ProjectNumber != projectNumber { t.Errorf("metadata.NumericProjectID() = %v, want %v", instanceInfo.ProjectNumber, projectNumber) } if instanceInfo.InstanceName != dummyInstance.InstanceName { t.Errorf("metadata.InstanceName() = %v, want %v", instanceInfo.InstanceName, dummyInstance.InstanceName) } instanceID, err := strconv.ParseUint(dummyInstance.InstanceID, 10, 64) if err != nil { t.Error(err) } if instanceInfo.InstanceId != instanceID { t.Errorf("metadata.InstanceID() = %v, want %v", instanceInfo.InstanceId, instanceID) } if instanceInfo.Zone != dummyInstance.Zone { t.Errorf("metadata.Zone() = %v, want %v", instanceInfo.Zone, dummyInstance.Zone) } } func TestAttestWithGCEAK(t *testing.T) { rwc := test.GetTPM(t) defer client.CheckedClose(t, rwc) ExternalTPM = rwc secretFile1 := makeOutputFile(t, "attest") defer os.RemoveAll(secretFile1) var template = map[string]tpm2.Public{ "rsa": GCEAKTemplateRSA(), "ecc": GCEAKTemplateECC(), } tests := []struct { name string nonce string keyAlgo string }{ {"gceAK:RSA", "1234", "rsa"}, {"gceAK:ECC", "1234", "ecc"}, } for _, op := range tests { t.Run(op.name, func(t *testing.T) { data, err := template[op.keyAlgo].Encode() if err != nil { t.Fatalf("failed to encode GCEAKTemplateRSA: %v", err) } err = setGCEAKTemplate(t, rwc, op.keyAlgo, data) if err != nil { t.Error(err) } defer tpm2.NVUndefineSpace(rwc, "", tpm2.HandlePlatform, tpmutil.Handle(getIndex[op.keyAlgo])) var dummyInstance = util.Instance{ProjectID: "test-project", ProjectNumber: "1922337278274", Zone: "us-central-1a", InstanceID: "12345678", InstanceName: "default"} mock, err := util.NewMetadataServer(dummyInstance) if err != nil { t.Error(err) } defer mock.Stop() RootCmd.SetArgs([]string{"attest", "--nonce", op.nonce, "--key", "gceAK", "--algo", op.keyAlgo, "--output", secretFile1, "--format", "binarypb"}) if err := RootCmd.Execute(); err != nil { t.Error(err) } }) } } func TestTeeTechnologyFail(t *testing.T) { rwc := test.GetTPM(t) defer client.CheckedClose(t, rwc) ExternalTPM = rwc // value of tee-technology flag should be sev-snp RootCmd.SetArgs([]string{"attest", "--nonce", "1234", "--key", "AK", "--tee-nonce", "12345678", "--tee-technology", "sev"}) if err := RootCmd.Execute(); err == nil { t.Error("expected not-nil error") } } func TestSevAttestTeeNonceFail(t *testing.T) { rwc := test.GetTPM(t) defer client.CheckedClose(t, rwc) ExternalTPM = rwc // non-nil TEENonce when TEEDevice is nil RootCmd.SetArgs([]string{"attest", "--nonce", "1234", "--key", "AK", "--tee-nonce", "12345678", "--tee-technology", ""}) if err := RootCmd.Execute(); err == nil { t.Error("expected not-nil error") } // TEENonce with length less than 64 bytes. sevTestQp, _, _, _ := sgtestclient.GetSevQuoteProvider([]sgtest.TestCase{ { Input: [64]byte{1, 2, 3, 4}, }, }, &sgtest.DeviceOptions{Now: time.Now()}, t) ak, err := client.AttestationKeyRSA(rwc) if err != nil { t.Error(err) } defer ak.Close() attestopts := client.AttestOpts{ Nonce: []byte{1, 2, 3, 4}, TEENonce: []byte{1, 2, 3, 4}, TEEDevice: &client.SevSnpQuoteProvider{QuoteProvider: sevTestQp}, } _, err = ak.Attest(attestopts) if err == nil { t.Error("expected non-nil error") } } func TestTdxAttestTeeNonceFail(t *testing.T) { rwc := test.GetTPM(t) defer client.CheckedClose(t, rwc) ExternalTPM = rwc // non-nil TEENonce when TEEDevice is nil RootCmd.SetArgs([]string{"attest", "--nonce", "1234", "--key", "AK", "--tee-nonce", "12345678", "--tee-technology", ""}) if err := RootCmd.Execute(); err == nil { t.Error("expected not-nil error") } // TEENonce with length less than 64 bytes. mockTdxQuoteProvider := tgtestclient.GetMockTdxQuoteProvider([]tgtest.TestCase{ { Input: [64]byte{1, 2, 3, 4}, }, }, t) ak, err := client.AttestationKeyRSA(rwc) if err != nil { t.Error(err) } defer ak.Close() attestopts := client.AttestOpts{ Nonce: []byte{1, 2, 3, 4}, TEENonce: []byte{1, 2, 3, 4}, TEEDevice: &client.TdxQuoteProvider{QuoteProvider: mockTdxQuoteProvider}, } _, err = ak.Attest(attestopts) if err == nil { t.Error("expected non-nil error") } } func TestHardwareAttestationPass(t *testing.T) { rwc := test.GetTPM(t) defer client.CheckedClose(t, rwc) ExternalTPM = rwc inputFile := makeOutputFile(t, "attest") outputFile := makeOutputFile(t, "attestout") defer os.RemoveAll(inputFile) defer os.RemoveAll(outputFile) teenonce := "12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678" tests := []struct { name string nonce string teetech string wanterr string }{ {"TdxPass", "1234", "tdx", "failed to create tdx quote provider"}, {"SevSnpPass", "1234", "sev-snp", "failed to open sev-snp device"}, } for _, op := range tests { t.Run(op.name, func(t *testing.T) { attestArgs := []string{"attest", "--nonce", op.nonce, "--output", inputFile, "--format", "textproto", "--tee-nonce", teenonce, "--tee-technology", op.teetech} RootCmd.SetArgs(attestArgs) if err := RootCmd.Execute(); err != nil { if !strings.Contains(err.Error(), op.wanterr) { t.Error(err) } } }) } } go-tpm-tools-0.4.7/cmd/fake_cloudlogging_server.go000066400000000000000000000113641510276467000222230ustar00rootroot00000000000000package cmd import ( "context" "fmt" "log" "net" "reflect" "regexp" "strconv" "strings" "sync" "time" logpb "cloud.google.com/go/logging/apiv2/loggingpb" tspb "github.com/golang/protobuf/ptypes/timestamp" "github.com/google/go-tpm-tools/verifier/util" "google.golang.org/grpc" ) // The only IDs that WriteLogEntries will accept. const ( TestProjectID = "test-project" ) // A fakeServer is an in-process gRPC server, listening on a system-chosen port on // the local loopback interface. Servers are for testing only and are not // intended to be used in production code. type fakeServer struct { Addr string Port int l net.Listener Gsrv *grpc.Server } // Start causes the server to start accepting incoming connections. // Call Start after registering handlers. func (s *fakeServer) Start() { go func() { if err := s.Gsrv.Serve(s.l); err != nil { log.Printf("fake_cloudlogging_server.fakeServer.Start: %v", err) } }() } // Close shuts down the server. func (s *fakeServer) Close() { s.Gsrv.Stop() s.l.Close() } // newFakeServer creates a new Server. The Server will be listening for gRPC connections // at the address named by the Addr field, without TLS. func newFakeServer(opts ...grpc.ServerOption) (*fakeServer, error) { return newFakeServerWithPort(0, opts...) } // newFakeServerWithPort creates a new Server at a specific port. The Server will be listening // for gRPC connections at the address named by the Addr field, without TLS. func newFakeServerWithPort(port int, opts ...grpc.ServerOption) (*fakeServer, error) { l, err := net.Listen("tcp", fmt.Sprintf("localhost:%d", port)) if err != nil { return nil, err } s := &fakeServer{ Addr: l.Addr().String(), Port: parsePort(l.Addr().String()), l: l, Gsrv: grpc.NewServer(opts...), } return s, nil } var portParser = regexp.MustCompile(`:[0-9]+`) func parsePort(addr string) int { res := portParser.FindAllString(addr, -1) if len(res) == 0 { panic(fmt.Errorf("parsePort: found no numbers in %s", addr)) } stringPort := res[0][1:] // strip the : p, err := strconv.ParseInt(stringPort, 10, 32) if err != nil { panic(err) } return int(p) } type loggingHandler struct { logpb.LoggingServiceV2Server mu sync.Mutex logs map[string][]*logpb.LogEntry // indexed by log name } // WriteLogEntries writes log entries to Cloud Logging. All log entries in // Cloud Logging are written by this method. func (h *loggingHandler) WriteLogEntries(_ context.Context, req *logpb.WriteLogEntriesRequest) (*logpb.WriteLogEntriesResponse, error) { if !strings.HasPrefix(req.LogName, "projects/"+TestProjectID+"/") { return nil, fmt.Errorf("bad LogName: %q", req.LogName) } h.mu.Lock() defer h.mu.Unlock() for _, e := range req.Entries { // Assign timestamp if missing. if e.Timestamp == nil { e.Timestamp = &tspb.Timestamp{Seconds: time.Now().Unix(), Nanos: 0} } // Fill from common fields in request. if e.LogName == "" { e.LogName = req.LogName } if e.Resource == nil { e.Resource = req.Resource } for k, v := range req.Labels { if _, ok := e.Labels[k]; !ok { e.Labels[k] = v } } // Store by log name. h.logs[e.LogName] = append(h.logs[e.LogName], e) } var logEntryPayload []map[string]interface{} logEntryPayload = append(logEntryPayload, map[string]interface{}{"aud": "test", "iat": float64(1709752525), "exp": float64(1919752525)}) logEntryPayload = append(logEntryPayload, map[string]interface{}{"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJ0ZXN0IiwiaWF0IjoxNzA5NzUyNTI1LCJleHAiOjE5MTk3NTI1MjV9.EBLA2zX3c-Fu0l--J9Gey6LIXMO1TFRCoe3bzuPGc1k"}) logEntryPayload = append(logEntryPayload, map[string]interface{}{"Name": "projects/test-project/locations/us-central-1/challenges/" + util.FakeChallengeUUID, "Nonce": util.FakeTpmNonce, "ConnID": ""}) attestationMapFields := []string{"TeeAttestation", "ak_pub", "quotes", "event_log", "ak_cert"} for _, entry := range h.logs["projects/"+TestProjectID+"/logs/"+toolName] { payload := entry.GetJsonPayload().AsMap() foundMatch := false for _, m := range logEntryPayload { if reflect.DeepEqual(m, payload) { foundMatch = true } } if !foundMatch { for _, field := range attestationMapFields { if _, keyFound := payload[field]; !keyFound { return nil, fmt.Errorf("wrong log: %q", entry.GetJsonPayload().String()) } } } } return &logpb.WriteLogEntriesResponse{}, nil } // newMockCloudLoggingServer creates a new in-memory fake server implementing the logging service. // It returns the address of the server. func newMockCloudLoggingServer() (string, error) { srv, err := newFakeServer() if err != nil { return "", err } logpb.RegisterLoggingServiceV2Server(srv.Gsrv, &loggingHandler{ logs: make(map[string][]*logpb.LogEntry), }) srv.Start() return srv.Addr, nil } go-tpm-tools-0.4.7/cmd/flags.go000066400000000000000000000204131510276467000162610ustar00rootroot00000000000000package cmd import ( "errors" "fmt" "io" "os" "strconv" "strings" "github.com/google/go-tpm-tools/client" "github.com/google/go-tpm/legacy/tpm2" "github.com/spf13/cobra" "google.golang.org/protobuf/proto" ) var ( output string input string nvIndex uint32 nonce []byte teeNonce []byte keyAlgo = tpm2.AlgRSA pcrs []int format string asAddress string audience string eventLog string cloudLog bool customNonce []string ) type pcrsFlag struct { value *[]int } func (f *pcrsFlag) Set(val string) error { for _, d := range strings.Split(val, ",") { pcr, err := strconv.Atoi(d) if err != nil { return err } if pcr < 0 || pcr >= client.NumPCRs { return errors.New("pcr out of range") } *f.value = append(*f.value, pcr) } return nil } func (f *pcrsFlag) Type() string { return "pcrs" } func (f *pcrsFlag) String() string { if len(*f.value) == 0 { return "" } var b strings.Builder fmt.Fprintf(&b, "%d", (*f.value)[0]) for _, pcr := range (*f.value)[1:] { fmt.Fprintf(&b, ",%d", pcr) } return b.String() } var algos = map[tpm2.Algorithm]string{ tpm2.AlgUnknown: "", tpm2.AlgRSA: "rsa", tpm2.AlgECC: "ecc", tpm2.AlgSHA1: "sha1", tpm2.AlgSHA256: "sha256", tpm2.AlgSHA384: "sha384", tpm2.AlgSHA512: "sha512", } type algoFlag struct { value *tpm2.Algorithm allowed []tpm2.Algorithm } func (f *algoFlag) Set(val string) error { present := false for _, algo := range f.allowed { if algos[algo] == val { *f.value = algo present = true } } if !present { return errors.New("unknown algorithm") } return nil } func (f *algoFlag) Type() string { return "algo" } func (f *algoFlag) String() string { return algos[*f.value] } // Allowed gives a string list of the permitted algorithm values for this flag. func (f *algoFlag) Allowed() string { out := make([]string, len(f.allowed)) for i, a := range f.allowed { out[i] = algos[a] } return strings.Join(out, ", ") } // Disable the "help" subcommand (and just use the -h/--help flags). // This should be called on all commands with subcommands. // See https://github.com/spf13/cobra/issues/587 for why this is needed. func hideHelp(cmd *cobra.Command) { cmd.SetHelpCommand(&cobra.Command{Hidden: true}) } // Lets this command specify an output file, for use with dataOutput(). func addOutputFlag(cmd *cobra.Command) { cmd.PersistentFlags().StringVar(&output, "output", "", "output file (defaults to stdout)") } // Lets this command specify an input file, for use with dataInput(). func addInputFlag(cmd *cobra.Command) { cmd.PersistentFlags().StringVar(&input, "input", "", "input file (defaults to stdin)") } // Lets this command specify an Attestation Server Address. func addAsAddressFlag(cmd *cobra.Command) { cmd.PersistentFlags().StringVar(&asAddress, "verifier-endpoint", "https://confidentialcomputing.googleapis.com", "the attestation verifier endpoint used to retrieve an attestation claims token") } // Lets this command enable Cloud logging. func addCloudLoggingFlag(cmd *cobra.Command) { cmd.Flags().BoolVar(&cloudLog, "cloud-log", false, "logs the attestation and token to Cloud Logging for auditing purposes. Requires the audience flag.") } // Lets this command specify custom audience field of the attestation token. func addAudienceFlag(cmd *cobra.Command) { cmd.PersistentFlags().StringVar(&audience, "audience", "", "the audience field in the claims token. Cannot be sts.googleapis.com.") } // Lets this command specify custom nonce field of the attestation token. func addCustomNonceFlag(cmd *cobra.Command) { cmd.PersistentFlags().StringArrayVar(&customNonce, "custom-nonce", nil, "the custom nonce field in the claims token. use this flag multiple times to add multiple custom nonces.") } // Lets this command specify event log path. func addEventLogFlag(cmd *cobra.Command) { cmd.PersistentFlags().StringVar(&eventLog, "event-log", "/sys/kernel/security/tpm0/binary_bios_measurements", "specifies the event log file path.") } // Lets this command specify an NVDATA index, for use with nvIndex. func addIndexFlag(cmd *cobra.Command) { cmd.PersistentFlags().Uint32Var(&nvIndex, "index", 0, "NVDATA index, cannot be 0") } // Lets this command specify some number of PCR arguments, check if in range. func addPCRsFlag(cmd *cobra.Command) { cmd.PersistentFlags().Var(&pcrsFlag{&pcrs}, "pcrs", "comma separated list of PCR numbers") } // Lets this command specify the public key algorithm. func addPublicKeyAlgoFlag(cmd *cobra.Command) { f := algoFlag{&keyAlgo, []tpm2.Algorithm{tpm2.AlgRSA, tpm2.AlgECC}} cmd.PersistentFlags().Var(&f, "algo", "public key algorithm: "+f.Allowed()) } func addHashAlgoFlag(cmd *cobra.Command, hashAlgo *tpm2.Algorithm) { f := algoFlag{hashAlgo, []tpm2.Algorithm{tpm2.AlgSHA1, tpm2.AlgSHA256, tpm2.AlgSHA384, tpm2.AlgSHA512}} cmd.PersistentFlags().Var(&f, "hash-algo", "hash algorithm: "+f.Allowed()) } func addNonceFlag(cmd *cobra.Command) { cmd.PersistentFlags().BytesHexVar(&nonce, "nonce", []byte{}, "hex encoded nonce for vTPM attestation, cannot be empty") } // Lets this command specify the type of output file (binary or txt) func addFormatFlag(cmd *cobra.Command) { cmd.PersistentFlags().StringVar(&format, "format", "binarypb", "type of output file where attestation report stored ") } func addTeeNonceflag(cmd *cobra.Command) { cmd.PersistentFlags().BytesHexVar(&teeNonce, "tee-nonce", []byte{}, "hex encoded teenonce for hardware attestation, can be empty") } // alwaysError implements io.ReadWriter by always returning an error type alwaysError struct { error } func (ae alwaysError) Write([]byte) (int, error) { return 0, ae.error } func (ae alwaysError) Read(_ []byte) (n int, err error) { return 0, ae.error } // Handle to output data file. If there is an issue opening the file, the Writer // returned will return the error upon any call to Write() func dataOutput() io.Writer { if output == "" { return os.Stdout } file, err := os.Create(output) if err != nil { return alwaysError{err} } return file } func openForWrite(path string) io.Writer { if path == "" { return os.Stdout } file, err := os.Create(path) if err != nil { return alwaysError{err} } return file } func writeProtoToOutput(message proto.Message) error { var out []byte var err error switch format { case "binarypb": out, err = proto.Marshal(message) if err != nil { return fmt.Errorf("failed to marshal proto: %v", message) } case "textproto": out = []byte(marshalOptions.Format(message)) default: return fmt.Errorf("format should be either binarypb or textproto") } if _, err := dataOutput().Write(out); err != nil { return fmt.Errorf("failed to write attestation report: %v", err) } return nil } // Handle to input data file. If there is an issue opening the file, the Reader // returned will return the error upon any call to Read() func dataInput() io.Reader { if input == "" { return os.Stdin } file, err := os.Open(input) if err != nil { return alwaysError{err} } return file } var errMustSpecifyPath = errors.New("must specify path to read file") func readBytes(path string) ([]byte, error) { if path == "" { return nil, errMustSpecifyPath } file, err := os.Open(path) if err != nil { return nil, err } bytes, err := io.ReadAll(file) if err != nil { return nil, fmt.Errorf("failed to read proto: %v", err) } return bytes, nil } // Reads binarypb file from path func readProtoFromPath(path string, message proto.Message) error { requestBytes, err := readBytes(path) if err != nil { return fmt.Errorf("failed to read proto: %v", err) } err = proto.Unmarshal(requestBytes, message) if err != nil { return fmt.Errorf("failed to unmarshal proto: %v", err) } return nil } // Load SRK based on tpm2.Algorithm set in the global flag vars. func getSRK(rwc io.ReadWriter) (*client.Key, error) { switch keyAlgo { case tpm2.AlgRSA: return client.StorageRootKeyRSA(rwc) case tpm2.AlgECC: return client.StorageRootKeyECC(rwc) default: panic("unexpected keyAlgo") } } // Load EK based on tpm2.Algorithm set in the global flag vars. func getEK(rwc io.ReadWriter) (*client.Key, error) { switch keyAlgo { case tpm2.AlgRSA: return client.EndorsementKeyRSA(rwc) case tpm2.AlgECC: return client.EndorsementKeyECC(rwc) default: panic("unexpected keyAlgo") } } go-tpm-tools-0.4.7/cmd/flush.go000066400000000000000000000057421510276467000163160ustar00rootroot00000000000000package cmd import ( "fmt" "github.com/google/go-tpm-tools/client" "github.com/google/go-tpm/legacy/tpm2" "github.com/spf13/cobra" ) var handleNames = map[string][]tpm2.HandleType{ "all": {tpm2.HandleTypeLoadedSession, tpm2.HandleTypeSavedSession, tpm2.HandleTypeTransient}, "loaded": {tpm2.HandleTypeLoadedSession}, "saved": {tpm2.HandleTypeSavedSession}, "transient": {tpm2.HandleTypeTransient}, "persistent": {tpm2.HandleTypePersistent}, } var flushCmd = &cobra.Command{ Use: "flush ", Short: "Close active handles on the TPM", Long: `Close some or all currently active handles on the TPM Most TPM operations require an active handle, representing some object within the TPM. However, most TPMs also limit the number of simultaneous active handles (usually a max of 3). This command allows for "leaked" handles (handles that have not been properly closed) to be flushed, freeing up memory for new handles to be used with future TPM operations. The TPM can also take an active handle and "persist" it to NVRAM. This frees up memory for more transient handles. It can also allow for caching the creation of slow keys (such as the RSA-based EK or SRK). These handles can be evicted from NVRAM using the "persistent" argument, but are not flushed with "all", as this can result in data loss (if the persisted key cannot be regenerated). Which handles are flushed depends on the argument passed: loaded - only flush the loaded session handles saved - only flush the saved session handles transient - only flush the transient handles all - flush all loaded, saved, and transient handles persistent - only evict the persistent handles`, ValidArgs: func() []string { // The keys from the handleNames map are our valid arguments keys := make([]string, len(handleNames)) for k := range handleNames { keys = append(keys, k) } return keys }(), Args: cobra.MatchAll(cobra.ExactArgs(1), cobra.OnlyValidArgs), RunE: func(_ *cobra.Command, args []string) error { rwc, err := openTpm() if err != nil { return err } defer rwc.Close() totalHandles := 0 for _, handleType := range handleNames[args[0]] { handles, err := client.Handles(rwc, handleType) if err != nil { return fmt.Errorf("getting handles: %w", err) } for _, handle := range handles { if handleType == tpm2.HandleTypePersistent { if err = tpm2.EvictControl(rwc, "", tpm2.HandleOwner, handle, handle); err != nil { return fmt.Errorf("evicting handle 0x%x: %w", handle, err) } fmt.Fprintf(debugOutput(), "Handle 0x%x evicted\n", handle) } else { if err = tpm2.FlushContext(rwc, handle); err != nil { return fmt.Errorf("flushing handle 0x%x: %w", handle, err) } fmt.Fprintf(debugOutput(), "Handle 0x%x flushed\n", handle) } totalHandles++ } } fmt.Fprintf(messageOutput(), "%d handles flushed\n", totalHandles) return nil }, } func init() { RootCmd.AddCommand(flushCmd) } go-tpm-tools-0.4.7/cmd/flush_test.go000066400000000000000000000020641510276467000173470ustar00rootroot00000000000000package cmd import ( "testing" "github.com/google/go-tpm-tools/client" "github.com/google/go-tpm-tools/internal/test" "github.com/google/go-tpm/legacy/tpm2" ) func TestFlushNothing(t *testing.T) { rwc := test.GetTPM(t) defer client.CheckedClose(t, rwc) ExternalTPM = rwc RootCmd.SetArgs([]string{"flush", "all", "--quiet"}) if err := RootCmd.Execute(); err != nil { t.Error(err) } } func TestFlush(t *testing.T) { rwc := test.GetTPM(t) defer client.CheckedClose(t, rwc) ExternalTPM = rwc RootCmd.SetArgs([]string{"flush", "transient", "--quiet"}) // Loads then flushes 1, 2, 3 transient handles. for numHandles := 1; numHandles <= 3; numHandles++ { for i := 0; i < numHandles; i++ { test.LoadRandomExternalKey(t, rwc) } if err := RootCmd.Execute(); err != nil { t.Error(err) } // Ensure there are no active handles after that. h, err := client.Handles(rwc, tpm2.HandleTypeTransient) if err != nil { t.Fatal(err) } if len(h) != 0 { t.Errorf("TPM should be empty of transient handles; got: %d; want: 0", len(h)) } } } go-tpm-tools-0.4.7/cmd/go.mod000066400000000000000000000060111510276467000157420ustar00rootroot00000000000000module github.com/google/go-tpm-tools/cmd go 1.23.0 toolchain go1.24.4 require ( cloud.google.com/go/compute/metadata v0.8.0 cloud.google.com/go/logging v1.13.0 github.com/golang-jwt/jwt/v4 v4.5.1 github.com/golang/protobuf v1.5.4 github.com/google/gce-tcb-verifier v0.3.1 github.com/google/gce-tcb-verifier/gcetcbendorsement v0.0.0-20250301004354-d18ce1139be2 github.com/google/go-configfs-tsm v0.3.3 github.com/google/go-sev-guest v0.14.0 github.com/google/go-tdx-guest v0.3.2-0.20241009005452-097ee70d0843 github.com/google/go-tpm v0.9.6 github.com/google/go-tpm-tools v0.4.4 github.com/google/go-tpm-tools/verifier v0.4.4 github.com/spf13/cobra v1.8.1 golang.org/x/oauth2 v0.30.0 google.golang.org/api v0.247.0 google.golang.org/grpc v1.74.2 google.golang.org/protobuf v1.36.7 ) require ( cloud.google.com/go v0.120.0 // indirect cloud.google.com/go/auth v0.16.4 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect cloud.google.com/go/confidentialcomputing v1.9.3-0.20250902151313-51583bd5c9b8 // indirect cloud.google.com/go/longrunning v0.6.7 // indirect github.com/cyphar/filepath-securejoin v0.2.5 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect github.com/go-logr/logr v1.4.3 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/google/certificate-transparency-go v1.1.2 // indirect github.com/google/go-attestation v0.5.1 // indirect github.com/google/go-eventlog v0.0.2-0.20241003021507-01bb555f7cba // indirect github.com/google/go-tspi v0.3.0 // indirect github.com/google/logger v1.1.1 // indirect github.com/google/s2a-go v0.1.9 // indirect github.com/google/uuid v1.6.0 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.6 // indirect github.com/googleapis/gax-go/v2 v2.15.0 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/spf13/pflag v1.0.5 // indirect go.opentelemetry.io/auto/sdk v1.1.0 // indirect go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0 // indirect go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 // indirect go.opentelemetry.io/otel v1.36.0 // indirect go.opentelemetry.io/otel/metric v1.36.0 // indirect go.opentelemetry.io/otel/trace v1.36.0 // indirect go.uber.org/multierr v1.11.0 // indirect golang.org/x/crypto v0.41.0 // indirect golang.org/x/exp v0.0.0-20240409090435-93d18d7e34b8 // indirect golang.org/x/net v0.43.0 // indirect golang.org/x/sync v0.16.0 // indirect golang.org/x/sys v0.35.0 // indirect golang.org/x/term v0.34.0 // indirect golang.org/x/text v0.28.0 // indirect golang.org/x/time v0.12.0 // indirect google.golang.org/genproto v0.0.0-20250603155806-513f23925822 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20250818200422-3122310a409c // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20250818200422-3122310a409c // indirect ) replace ( github.com/google/go-tpm-tools v0.4.4 => ../ github.com/google/go-tpm-tools/verifier v0.4.4 => ../verifier ) go-tpm-tools-0.4.7/cmd/go.sum000066400000000000000000004034711510276467000160020ustar00rootroot00000000000000bazil.org/fuse v0.0.0-20180421153158-65cc252bf669/go.mod h1:Xbm+BRKSBEpa4q4hTSxohYNQpsxXPbPry4JJWOB3LB8= bitbucket.org/creachadair/shell v0.0.6/go.mod h1:8Qqi/cYk7vPnsOePHroKXDJYmb5x7ENhtiFtfZq8K+M= cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= cloud.google.com/go v0.39.0/go.mod h1:rVLT6fkc8chs9sfPtFc1SBH6em7n+ZoXaG+87tDISts= cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU= cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= cloud.google.com/go v0.44.3/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc= cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0= cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To= cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4= cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M= cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc= cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk= cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs= cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc= cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY= cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI= cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk= cloud.google.com/go v0.75.0/go.mod h1:VGuuCn7PG0dwsd5XPVm2Mm3wlh3EL55/79EKB6hlPTY= cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg= cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8= cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= cloud.google.com/go v0.83.0/go.mod h1:Z7MJUsANfY0pYPdw0lbnivPx4/vhy/e2FEkSkF7vAVY= cloud.google.com/go v0.84.0/go.mod h1:RazrYuxIK6Kb7YrzzhPoLmCVzl7Sup4NrbKPg8KHSUM= cloud.google.com/go v0.87.0/go.mod h1:TpDYlFy7vuLzZMMZ+B6iRiELaY7z/gJPaqbMx6mlWcY= cloud.google.com/go v0.90.0/go.mod h1:kRX0mNRHe0e2rC6oNakvwQqzyDmg57xJ+SZU1eT2aDQ= cloud.google.com/go v0.92.2/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI= cloud.google.com/go v0.92.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI= cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI= cloud.google.com/go v0.120.0 h1:wc6bgG9DHyKqF5/vQvX1CiZrtHnxJjBlKUyF9nP6meA= cloud.google.com/go v0.120.0/go.mod h1:/beW32s8/pGRuj4IILWQNd4uuebeT4dkOhKmkfit64Q= cloud.google.com/go/auth v0.16.4 h1:fXOAIQmkApVvcIn7Pc2+5J8QTMVbUGLscnSVNl11su8= cloud.google.com/go/auth v0.16.4/go.mod h1:j10ncYwjX/g3cdX7GpEzsdM+d+ZNsXAbb6qXA7p1Y5M= cloud.google.com/go/auth/oauth2adapt v0.2.8 h1:keo8NaayQZ6wimpNSmW5OPc283g65QNIiLpZnkHRbnc= cloud.google.com/go/auth/oauth2adapt v0.2.8/go.mod h1:XQ9y31RkqZCcwJWNSx2Xvric3RrU88hAYYbjDWYDL+c= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= cloud.google.com/go/compute/metadata v0.8.0 h1:HxMRIbao8w17ZX6wBnjhcDkW6lTFpgcaobyVfZWqRLA= cloud.google.com/go/compute/metadata v0.8.0/go.mod h1:sYOGTp851OV9bOFJ9CH7elVvyzopvWQFNNghtDQ/Biw= cloud.google.com/go/confidentialcomputing v1.9.3-0.20250902151313-51583bd5c9b8 h1:5sgtvzlC80YG1mSB535USESeIQBbpKXMMFzwcIIDX2M= cloud.google.com/go/confidentialcomputing v1.9.3-0.20250902151313-51583bd5c9b8/go.mod h1:u2iGBWSZ9hlgQAwwpwoz2U9V4UBYRysd/vAW7Tg7WPI= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk= cloud.google.com/go/iam v1.5.2 h1:qgFRAGEmd8z6dJ/qyEchAuL9jpswyODjA2lS+w234g8= cloud.google.com/go/iam v1.5.2/go.mod h1:SE1vg0N81zQqLzQEwxL2WI6yhetBdbNQuTvIKCSkUHE= cloud.google.com/go/logging v1.13.0 h1:7j0HgAp0B94o1YRDqiqm26w4q1rDMH7XNRU34lJXHYc= cloud.google.com/go/logging v1.13.0/go.mod h1:36CoKh6KA/M0PbhPKMq6/qety2DCAErbhXT62TuXALA= cloud.google.com/go/longrunning v0.6.7 h1:IGtfDWHhQCgCjwQjV9iiLnUta9LBCo8R9QmAFsS/PrE= cloud.google.com/go/longrunning v0.6.7/go.mod h1:EAFV3IZAKmM56TyiE6VAP3VoTzhZzySwI/YI1s/nRsY= cloud.google.com/go/monitoring v0.1.0/go.mod h1:Hpm3XfzJv+UTiXzCG5Ffp0wijzHTC7Cv4eR7o3x/fEE= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= cloud.google.com/go/spanner v1.17.0/go.mod h1:+17t2ixFwRG4lWRwE+5kipDR9Ef07Jkmc8z0IbMDKUs= cloud.google.com/go/spanner v1.18.0/go.mod h1:LvAjUXPeJRGNuGpikMULjhLj/t9cRvdc+fxRoLiugXA= cloud.google.com/go/spanner v1.25.0/go.mod h1:kQUft3x355hzzaeFbObjsvkzZDgpDkesp3v75WBnI8w= cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= cloud.google.com/go/trace v0.1.0/go.mod h1:wxEwsoeRVPbeSkt7ZC9nWCgmoKQRAoySN7XHW2AmI7g= code.gitea.io/sdk/gitea v0.11.3/go.mod h1:z3uwDV/b9Ls47NGukYM9XhnHtqPh/J+t40lsUrR6JDY= contrib.go.opencensus.io/exporter/aws v0.0.0-20181029163544-2befc13012d0/go.mod h1:uu1P0UCM/6RbsMrgPa98ll8ZcHM858i/AD06a9aLRCA= contrib.go.opencensus.io/exporter/ocagent v0.5.0/go.mod h1:ImxhfLRpxoYiSq891pBrLVhN+qmP8BTVvdH2YLs7Gl0= contrib.go.opencensus.io/exporter/stackdriver v0.12.1/go.mod h1:iwB6wGarfphGGe/e5CWqyUk/cLzKnWsOKPVW3no6OTw= contrib.go.opencensus.io/exporter/stackdriver v0.13.5/go.mod h1:aXENhDJ1Y4lIg4EUaVTwzvYETVNZk10Pu26tevFKLUc= contrib.go.opencensus.io/exporter/stackdriver v0.13.8/go.mod h1:huNtlWx75MwO7qMs0KrMxPZXzNNWebav1Sq/pm02JdQ= contrib.go.opencensus.io/integrations/ocsql v0.1.4/go.mod h1:8DsSdjz3F+APR+0z0WkU1aRorQCFfRxvqjUUPMbF3fE= contrib.go.opencensus.io/resource v0.1.1/go.mod h1:F361eGI91LCmW1I/Saf+rX0+OFcigGlFvXwEGEnkRLA= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= github.com/Azure/azure-amqp-common-go/v2 v2.1.0/go.mod h1:R8rea+gJRuJR6QxTir/XuEd+YuKoUiazDC/N96FiDEU= github.com/Azure/azure-pipeline-go v0.2.1/go.mod h1:UGSo8XybXnIGZ3epmeBw7Jdz+HiUVpqIlpz/HKHylF4= github.com/Azure/azure-sdk-for-go v29.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go v30.1.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-service-bus-go v0.9.1/go.mod h1:yzBx6/BUGfjfeqbRZny9AQIbIe3AcV9WZbAdpkoXOa0= github.com/Azure/azure-storage-blob-go v0.8.0/go.mod h1:lPI3aLPpuLTeUwh1sViKXFxwl2B6teiRqI0deQUvsw0= github.com/Azure/go-autorest v12.0.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/GoogleCloudPlatform/cloudsql-proxy v0.0.0-20191009163259-e802c2cb94ae/go.mod h1:mjwGPas4yKduTyubHvD1Atl9r1rUq8DfVy+gkVvZ+oo= github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0= github.com/Masterminds/goutils v1.1.0/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= github.com/Masterminds/semver v1.4.2/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= github.com/Masterminds/semver/v3 v3.0.3/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= github.com/Masterminds/semver/v3 v3.1.0/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= github.com/Masterminds/sprig v2.15.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o= github.com/Masterminds/sprig v2.22.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo= github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI= github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/4+TcAqDqk/vUH7g= github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c= github.com/alcortesm/tgz v0.0.0-20161220082320-9c5fe88206d7/go.mod h1:6zEj6s6u/ghQa61ZWa/C2Aw3RkjiTBOix7dkqa1VLIs= github.com/alecthomas/kingpin v2.2.6+incompatible/go.mod h1:59OFYbFVLKQKq+mqrL6Rw5bR0c3ACQaawgXx0QYndlE= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/aokoli/goutils v1.0.1/go.mod h1:SijmP0QR8LtwsmDs8Yii5Z/S4trXFGFC2oO5g9DP+DQ= github.com/apache/beam v2.28.0+incompatible/go.mod h1:/8NX3Qi8vGstDLLaeaU7+lzVEu/ACaQhYjeefzQ0y1o= github.com/apache/beam v2.32.0+incompatible/go.mod h1:/8NX3Qi8vGstDLLaeaU7+lzVEu/ACaQhYjeefzQ0y1o= github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= github.com/apache/thrift v0.13.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= github.com/apex/log v1.1.4/go.mod h1:AlpoD9aScyQfJDVHmLMEcx4oU6LqzkWp4Mg9GdAcEvQ= github.com/apex/logs v0.0.4/go.mod h1:XzxuLZ5myVHDy9SAmYpamKKRNApGj54PfYLcFrXqDwo= github.com/aphistic/golf v0.0.0-20180712155816-02c07f170c5a/go.mod h1:3NqKYiepwy8kCu4PNA+aP7WUV72eXWJeP9/r3/K9aLE= github.com/aphistic/sweet v0.2.0/go.mod h1:fWDlIh/isSE9n6EPsRmC0det+whmX6dJid3stzu0Xys= github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a/go.mod h1:DAHtR1m6lCRdSC2Tm3DSWRPvIPr6xNKyeHdqDQSQT+A= github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQwij/eHl5CU= github.com/aws/aws-sdk-go v1.15.27/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0= github.com/aws/aws-sdk-go v1.19.18/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.19.45/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.20.6/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.23.20/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.25.11/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.37.0/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g= github.com/aybabtme/rgbterm v0.0.0-20170906152045-cc83f3b3ce59/go.mod h1:q/89r3U2H7sSsE2t6Kca0lfwTK8JdoNGS/yzM/4iH5I= github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84= github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb/go.mod h1:PkYb9DJNAwrSvRx5DYA+gUcOIgTGVMNkfSCbZM8cWpI= github.com/caarlos0/ctrlc v1.0.0/go.mod h1:CdXpj4rmq0q/1Eb44M9zi2nKB0QraNKuRGYGrrHhcQw= github.com/campoy/unique v0.0.0-20180121183637-88950e537e7e/go.mod h1:9IOqJGCPMSc6E5ydlp5NIonxObaeu/Iub/X03EKPVYo= github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= github.com/cavaliercoder/go-cpio v0.0.0-20180626203310-925f9528c45e/go.mod h1:oDpT4efm8tSYHXV5tHSdRvBet/b/QzxZ+XyyPehvm3A= github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.3.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/certifi/gocertifi v0.0.0-20191021191039-0944d244cd40/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA= github.com/certifi/gocertifi v0.0.0-20200922220541-2c3bb06c6054/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA= github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= github.com/clbanning/x2j v0.0.0-20191024224557-825249438eec/go.mod h1:jMjuTZXRI4dUb/I5gc9Hdhagfvm9+RyrPryS/auMzxE= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h6jFvWxBdQXxjopDMZyH2UVceIRfR84bdzbkoKrsWNo= github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoCr5oaCLELYA= github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f/go.mod h1:i/u985jwjWRlyHXQbwatDASoW0RMlZ/3i9yJHE2xLkI= github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd/go.mod h1:sE/e/2PUdi/liOCUjSTXgM1o87ZssimdTWN964YiIeI= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk= github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd/v22 v22.1.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk= github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/cyphar/filepath-securejoin v0.2.5 h1:6iR5tXJ/e6tJZzzdMc1km3Sa7RRIVBKAK32O2s7AYfo= github.com/cyphar/filepath-securejoin v0.2.5/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= github.com/davecgh/go-spew v0.0.0-20161028175848-04cdfd42973b/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/devigned/tab v0.1.1/go.mod h1:XG9mPq0dFghrYvoBF3xdRrJzSTX1b7IQrvaL9mzjeJY= github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8= github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs= github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU= github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I= github.com/edsrzf/mmap-go v1.0.0/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M= github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o= github.com/envoyproxy/go-control-plane v0.6.9/go.mod h1:SBwIajubJHhxtWwsL9s8ss4safvEdbitLhGGK48rN6g= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po= github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/envoyproxy/protoc-gen-validate v0.3.0-java/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/etcd-io/gofail v0.0.0-20190801230047-ad7f989257ca/go.mod h1:49H/RkXP8pKaZy4h0d+NW16rSLhyVBt4o6VLJbmOqDE= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/fortytw2/leaktest v1.2.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g= github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g= github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4= github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fullstorydev/grpcurl v1.8.0/go.mod h1:Mn2jWbdMrQGJQ8UD62uNyMumT2acsZUCkZIqFxsQf1o= github.com/fullstorydev/grpcurl v1.8.1/go.mod h1:3BWhvHZwNO7iLXaQlojdg5NA6SxUDePli4ecpK1N7gw= github.com/fullstorydev/grpcurl v1.8.2/go.mod h1:YvWNT3xRp2KIRuvCphFodG0fKkMXwaxA9CJgKCcyzUQ= github.com/getsentry/raven-go v0.2.0/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49PX4NzFV5kcQ= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI= github.com/gin-gonic/gin v1.5.0/go.mod h1:Nd6IXA8m5kNZdNEHMBd93KT+mdY3+bewLgRvmCsR2Do= github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-ini/ini v1.25.4/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.10.0/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o= github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI= github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-playground/locales v0.12.1/go.mod h1:IUMDtCfWo/w/mtMfIE/IG2K+Ey3ygWanZIBtBW0W2TM= github.com/go-playground/universal-translator v0.16.0/go.mod h1:1AnU7NaIRDWWzGEKwgtJRd2xk99HeFyHw3yid4rvQIY= github.com/go-redis/redis v6.15.9+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA= github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/gogo/googleapis v1.1.0/go.mod h1:gf4bu3Q80BeJ6H1S1vYPm8/ELATdvryBaNFGgqEef3s= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= github.com/gogo/protobuf v1.3.0/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang-jwt/jwt/v4 v4.5.1 h1:JdqV9zKUdtaa9gdPlywC3aeoEsR681PlKC+4F5gQgeo= github.com/golang-jwt/jwt/v4 v4.5.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8= github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk= github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= github.com/google/certificate-transparency-go v1.0.21/go.mod h1:QeJfpSbVSfYc7RgB3gJFj9cbuQMMchQxrWXz8Ruopmg= github.com/google/certificate-transparency-go v1.1.2-0.20210422104406-9f33727a7a18/go.mod h1:6CKh9dscIRoqc2kC6YUFICHZMT9NrClyPrRVFrdw1QQ= github.com/google/certificate-transparency-go v1.1.2-0.20210512142713-bed466244fa6/go.mod h1:aF2dp7Dh81mY8Y/zpzyXps4fQW5zQbDu2CxfpJB6NkI= github.com/google/certificate-transparency-go v1.1.2 h1:4hE0GEId6NAW28dFpC+LrRGwQX5dtmXQGDbg8+/MZOM= github.com/google/certificate-transparency-go v1.1.2/go.mod h1:3OL+HKDqHPUfdKrHVQxO6T8nDLO0HF7LRTlkIWXaWvQ= github.com/google/gce-tcb-verifier v0.3.1 h1:4L9YgkOtqC2U7cj4FofCUufHFCCpdD4Y0yPKI8UhOhI= github.com/google/gce-tcb-verifier v0.3.1/go.mod h1:GZCDLQxmEOCqUTL2BMB/zjo+hgXdUrR0Wgwz1OrwRYg= github.com/google/gce-tcb-verifier/gcetcbendorsement v0.0.0-20250301004354-d18ce1139be2 h1:YIKgTgpvaZzKUqRvuR2UOHKTFGkcjVJNqsiPJ34xYAE= github.com/google/gce-tcb-verifier/gcetcbendorsement v0.0.0-20250301004354-d18ce1139be2/go.mod h1:3timRtslAwP7Y/trlNQQ/pECZNZ39wV69igL41ngASs= github.com/google/go-attestation v0.5.1 h1:jqtOrLk5MNdliTKjPbIPrAaRKJaKW+0LIU2n/brJYms= github.com/google/go-attestation v0.5.1/go.mod h1:KqGatdUhg5kPFkokyzSBDxwSCFyRgIgtRkMp6c3lOBQ= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= github.com/google/go-configfs-tsm v0.3.3 h1:8mrlZLYrFFxyc8PFpT1piBUFDEYBVsBjAkFCwqQ2f9Y= github.com/google/go-configfs-tsm v0.3.3/go.mod h1:in2lmJDGaYEiPOJY4vlq4lGXjkR/GcxN1k7o5oR2qn0= github.com/google/go-eventlog v0.0.2-0.20241003021507-01bb555f7cba h1:05m5+kgZjxYUZrx3bZfkKHl6wkch+Khao6N21rFHInk= github.com/google/go-eventlog v0.0.2-0.20241003021507-01bb555f7cba/go.mod h1:7huE5P8w2NTObSwSJjboHmB7ioBNblkijdzoVa2skfQ= github.com/google/go-github/v28 v28.1.1/go.mod h1:bsqJWQX05omyWVmc00nEUql9mhQyv38lDZ8kPZcQVoM= github.com/google/go-licenses v0.0.0-20210329231322-ce1d9163b77d/go.mod h1:+TYOmkVoJOpwnS0wfdsJCV9CoD5nJYsHoFk/0CrTK4M= github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/go-replayers/grpcreplay v0.1.0/go.mod h1:8Ig2Idjpr6gifRd6pNVggX6TC1Zw6Jx74AKp7QNH2QE= github.com/google/go-replayers/httpreplay v0.1.0/go.mod h1:YKZViNhiGgqdBlUbI2MwGpq4pXxNmhJLPHQ7cv2b5no= github.com/google/go-sev-guest v0.14.0 h1:dCb4F3YrHTtrDX3cYIPTifEDz7XagZmXQioxRBW4wOo= github.com/google/go-sev-guest v0.14.0/go.mod h1:SK9vW+uyfuzYdVN0m8BShL3OQCtXZe/JPF7ZkpD3760= github.com/google/go-tdx-guest v0.3.2-0.20241009005452-097ee70d0843 h1:+MoPobRN9HrDhGyn6HnF5NYo4uMBKaiFqAtf/D/OB4A= github.com/google/go-tdx-guest v0.3.2-0.20241009005452-097ee70d0843/go.mod h1:g/n8sKITIT9xRivBUbizo34DTsUm2nN2uU3A662h09g= github.com/google/go-tpm v0.9.6 h1:Ku42PT4LmjDu1H5C5ISWLlpI1mj+Zq7sPGKoRw2XROA= github.com/google/go-tpm v0.9.6/go.mod h1:h9jEsEECg7gtLis0upRBQU+GhYVH6jMjrFxI8u6bVUY= github.com/google/go-tspi v0.3.0 h1:ADtq8RKfP+jrTyIWIZDIYcKOMecRqNJFOew2IT0Inus= github.com/google/go-tspi v0.3.0/go.mod h1:xfMGI3G0PhxCdNVcYr1C4C+EizojDg/TXuX5by8CiHI= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/licenseclassifier v0.0.0-20210325184830-bb04aff29e72/go.mod h1:qsqn2hxC+vURpyBRygGUuinTO42MFRLcsmQ/P8v94+M= github.com/google/logger v1.1.1 h1:+6Z2geNxc9G+4D4oDO9njjjn2d0wN5d7uOo0vOIW1NQ= github.com/google/logger v1.1.1/go.mod h1:BkeJZ+1FhQ+/d087r4dzojEg1u2ZX+ZqG1jTUrLM+zQ= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/martian v2.1.1-0.20190517191504-25dcb96d9e51+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/rpmpack v0.0.0-20191226140753-aa36bfddb3a0/go.mod h1:RaTPr0KUf2K7fnZYLNDrr8rxAamWs3iNywJLtQ2AzBg= github.com/google/s2a-go v0.1.9 h1:LGD7gtMgezd8a/Xak7mEWL0PjoTQFvpRudN895yqKW0= github.com/google/s2a-go v0.1.9/go.mod h1:YA0Ei2ZQL3acow2O62kdp9UlnvMmU7kA6Eutn0dXayM= github.com/google/subcommands v1.0.1/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk= github.com/google/trillian v1.3.14-0.20210409160123-c5ea3abd4a41/go.mod h1:1dPv0CUjNQVFEDuAUFhZql16pw/VlPgaX8qj+g5pVzQ= github.com/google/trillian v1.3.14-0.20210511103300-67b5f349eefa/go.mod h1:s4jO3Ai4NSvxucdvqUHON0bCqJyoya32eNw6XJwsmNc= github.com/google/trillian v1.4.0/go.mod h1:1Bja2nEgMDlEJWWRXBUemSPG9qYw84ZYX2gHRVHlR+g= github.com/google/uuid v0.0.0-20161128191214-064e2069ce9c/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/wire v0.3.0/go.mod h1:i1DMg/Lu8Sz5yYl25iOdmc5CT5qusaa+zmRWs16741s= github.com/googleapis/enterprise-certificate-proxy v0.3.6 h1:GW/XbdyBFQ8Qe+YAmFU9uHLo7OnF5tL52HFAgMmyrf4= github.com/googleapis/enterprise-certificate-proxy v0.3.6/go.mod h1:MkHOF77EYAE7qfSuSS9PU6g4Nt4e11cnsDUowfwewLA= github.com/googleapis/gax-go v2.0.2+incompatible/go.mod h1:SFVmujtThgffbyetf+mdk2eWhX2bMyUtNHzFKcPA9HY= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/googleapis/gax-go/v2 v2.15.0 h1:SyjDc1mGgZU5LncH8gimWo9lW1DtIfPibOG81vgd/bo= github.com/googleapis/gax-go/v2 v2.15.0/go.mod h1:zVVkkxAQHa1RQpg9z2AUCMnKhi0Qld9rcmyfL1OZhoc= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/gordonklaus/ineffassign v0.0.0-20200309095847-7953dde2c7bf/go.mod h1:cuNKsD1zp2v6XfE/orVX2QE1LC+i254ceGcVeDT3pTU= github.com/goreleaser/goreleaser v0.134.0/go.mod h1:ZT6Y2rSYa6NxQzIsdfWWNWAlYGXGbreo66NmE+3X3WQ= github.com/goreleaser/nfpm v1.2.1/go.mod h1:TtWrABZozuLOttX2uDlYyECfQX7x5XYkVxhjYcR6G9w= github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= github.com/grpc-ecosystem/go-grpc-middleware v1.2.2/go.mod h1:EaizFBKfUKtMIF5iaDEhniwNedqGo9FuLFzppDr3uwI= github.com/grpc-ecosystem/go-grpc-middleware v1.3.0/go.mod h1:z0ButlSOZa5vEBq9m2m2hlwIgKw+rp3sdCBRoJY+30Y= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= github.com/grpc-ecosystem/grpc-gateway v1.8.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.9.2/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.14.6/go.mod h1:zdiPV4Yse/1gnckTHtghG4GkDEdKCRJduHpTxT3/jcw= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= github.com/hashicorp/consul/api v1.3.0/go.mod h1:MmDNSzIMUjNpY/mQ398R4bk2FnqQLoPndWW5VkKPlCE= github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= github.com/hashicorp/consul/sdk v0.3.0/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= github.com/hashicorp/go-retryablehttp v0.6.4/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU= github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU= github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4= github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ= github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I= github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/huandu/xstrings v1.0.0/go.mod h1:4qWG/gcEcfX4z/mBDHJ++3ReCw9ibxbsNJbcucJdbSo= github.com/huandu/xstrings v1.2.0/go.mod h1:DvyZB1rfVYsBIigL8HwpZgxHwXozlTgGqn63UyNX5k4= github.com/hudl/fargo v1.3.0/go.mod h1:y3CKSmjA+wD2gak7sUSXTAoopbhU08POFhmITJgmKTg= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/imdario/mergo v0.3.4/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.9/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d/go.mod h1:qj24IKcXYK6Iy9ceXlo3Tc+vtHo9lIhSX5JddghvEPo= github.com/jarcoal/httpmock v1.0.5/go.mod h1:ATjnClrvW/3tijVmpL/va5Z3aAyGvqU3gCT8nX0Txik= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= github.com/jhump/protoreflect v1.6.1/go.mod h1:RZQ/lnuN+zqeRVpQigTwO6o0AJUkxbnSnpuG7toUTG4= github.com/jhump/protoreflect v1.8.2/go.mod h1:7GcYQDdMU/O/BBrl/cX6PNHpXh6cenjd8pneu5yW7Tg= github.com/jhump/protoreflect v1.9.0/go.mod h1:7GcYQDdMU/O/BBrl/cX6PNHpXh6cenjd8pneu5yW7Tg= github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg= github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8= github.com/jpillora/backoff v0.0.0-20180909062703-3050d21c67d7/go.mod h1:2iMrUgbbvHEiQClaW2NsSzMyGHqN+rDFqY705q49KG0= github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= github.com/juju/ratelimit v1.0.1/go.mod h1:qapgC/Gy+xNh9UxzV13HGGl/6UXNN+ct+vwSgWNm/qk= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= github.com/kevinburke/ssh_config v0.0.0-20190725054713-01f96b0aa0cd/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= github.com/leodido/go-urn v1.1.0/go.mod h1:+cyI34gQWZcE1eQU7NVgKkkzdXDQHr1dBMtdAPozLkw= github.com/letsencrypt/pkcs11key/v4 v4.0.0/go.mod h1:EFUvBDay26dErnNb70Nd0/VW3tJiIbETBPTl9ATXQag= github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM= github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4= github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ= github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= github.com/mattn/go-ieproxy v0.0.0-20190610004146-91bb50d98149/go.mod h1:31jz6HNzdxOmlERGGEc4v/dMssOfmp2p5bT/okiKFFc= github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.5/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.9/go.mod h1:YNRxwqDuOph6SZLI9vUUz6OYw3QyUt7WiY2yME+cCiQ= github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= github.com/mattn/go-runewidth v0.0.7/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= github.com/mattn/go-shellwords v1.0.10/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y= github.com/mattn/go-zglob v0.0.1/go.mod h1:9fxibJccNxU2cnpIKLRRFA7zX7qhkJIQWBb449FYHOo= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE= github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= github.com/miekg/pkcs11 v1.0.2/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= github.com/miekg/pkcs11 v1.0.3/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg= github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY= github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/mitchellh/reflectwalk v1.0.1/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826/go.mod h1:TaXosZuwdSHYgviHp1DAtfrULt5eUgsSMsZf+YrPgl8= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mwitkow/go-proto-validators v0.0.0-20180403085117-0950a7990007/go.mod h1:m2XC9Qq0AlmmVksL6FktJCdTYyLk7V3fKyp0sl1yWQo= github.com/mwitkow/go-proto-validators v0.2.0/go.mod h1:ZfA1hW+UH/2ZHOWvQ3HnQaU0DtnpXu850MZiy+YUgcc= github.com/nats-io/jwt v0.3.0/go.mod h1:fRYCDE99xlTsqUzISS1Bi75UBJ6ljOJQOAAu5VglpSg= github.com/nats-io/jwt v0.3.2/go.mod h1:/euKqTS1ZD+zzjYrY7pseZrTtWQSjujC7xjPc8wL6eU= github.com/nats-io/nats-server/v2 v2.1.2/go.mod h1:Afk+wRZqkMQs/p45uXdrVLuab3gwv3Z8C4HTBu8GD/k= github.com/nats-io/nats.go v1.9.1/go.mod h1:ZjDU1L/7fJ09jvUSRVBR2e7+RnLiiIQyqyzEE/Zbp4w= github.com/nats-io/nkeys v0.1.0/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= github.com/nats-io/nkeys v0.1.3/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c= github.com/nishanths/predeclared v0.0.0-20200524104333-86fad755b4d3/go.mod h1:nt3d53pc1VYcphSCIaYAJtnPYnr3Zyn8fMq2wvPGPso= github.com/oklog/oklog v0.3.2/go.mod h1:FCV+B7mhrz4o+ueLpx+KqkyXRGMWOYEvfiXtdGtbWGs= github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo= github.com/olekukonko/tablewriter v0.0.4/go.mod h1:zq6QwlOf5SlnkVbMSr5EoBv3636FWnp+qbPhuoO21uA= github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.10.3/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk= github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492/go.mod h1:Ngi6UdF0k5OKD5t5wlmGhe/EDKPoUM3BXZSSfIuJbis= github.com/opentracing/basictracer-go v1.0.0/go.mod h1:QfBfYuafItcjQuMwinw9GhYKwFXS9KnPs5lxoYwgW74= github.com/opentracing/opentracing-go v1.0.2/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/openzipkin-contrib/zipkin-go-opentracing v0.4.5/go.mod h1:/wsWhb9smxSfWAKL3wpBW7V8scJMt8N8gnaMCS9E/cA= github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw= github.com/openzipkin/zipkin-go v0.2.1/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= github.com/openzipkin/zipkin-go v0.2.2/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= github.com/otiai10/copy v1.2.0/go.mod h1:rrF5dJ5F0t/EWSYODDu4j9/vEeYHMkc8jt0zJChqQWw= github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE= github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs= github.com/otiai10/mint v1.3.0/go.mod h1:F5AjcsTsWUqX+Na9fpHb52P8pcRX2CI6A3ctIT91xUo= github.com/otiai10/mint v1.3.1/go.mod h1:/yxELlJQ0ufhjUwhshSj+wFjZ78CnZ48/1wtmBH1OTc= github.com/pact-foundation/pact-go v1.0.4/go.mod h1:uExwJY4kCzNPcHRj+hCR/HBbOOIwwtUjcrb0b5/5kLM= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= github.com/pelletier/go-buffruneio v0.2.0/go.mod h1:JkE26KsDizTr40EUHkXVtNPvgGtbSNq5BcowyYOWdKo= github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9iaPbIdPPGyKcA8hKdoy6hAWba7Yac= github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc= github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6JUPA= github.com/pmezard/go-difflib v0.0.0-20151028094244-d8ed2627bdf0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs= github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.3.0/go.mod h1:hJaj2vgQTGQmVCsAACORcieXFeDPbaTKGT+JTgUa3og= github.com/prometheus/client_golang v1.5.1/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU= github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= github.com/prometheus/client_golang v1.10.0/go.mod h1:WJM3cc3yu7XKBKa/I8WeZm+V3eltZnBwfENSU7mdogU= github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.1.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt26CguLLsqA= github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4= github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= github.com/prometheus/common v0.18.0/go.mod h1:U+gB1OBLb1lF3O42bTCL+FK18tX9Oar16Clt/msog/s= github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= github.com/pseudomuto/protoc-gen-doc v1.4.1/go.mod h1:exDTOVwqpp30eV/EDPFLZy3Pwr2sn6hBC1WIYH/UbIg= github.com/pseudomuto/protoc-gen-doc v1.5.0/go.mod h1:exDTOVwqpp30eV/EDPFLZy3Pwr2sn6hBC1WIYH/UbIg= github.com/pseudomuto/protokit v0.2.0/go.mod h1:2PdH30hxVHsup8KpBTOXTBeMVhJZVio3Q8ViKSAXT0Q= github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= github.com/rogpeppe/fastuuid v1.1.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU= github.com/rs/cors v1.8.0/go.mod h1:EBwu+T5AvHOcXwvZIkQFjUN6s8Czyqw12GL/Y0tUyRM= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E= github.com/sassoftware/go-rpmutils v0.0.0-20190420191620-a8f1baeba37b/go.mod h1:am+Fp8Bt506lA3Rk3QCmSqmYmLMnPDhdDUcosQCAx+I= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= github.com/smartystreets/assertions v1.0.0/go.mod h1:kHHU4qYBaI3q23Pp3VPrmWhuIUrLW/7eUrw0BU5VaoM= github.com/smartystreets/go-aws-auth v0.0.0-20180515143844-0c1422d1fdb9/go.mod h1:SnhjPscd9TpLiy1LpzGSKh3bXCfxxXuqd9xmQJy3slM= github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= github.com/smartystreets/gunit v1.0.0/go.mod h1:qwPWnhz6pn0NnRBP++URONOVyNkPyr4SauJk4cUOwJs= github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= github.com/soheilhy/cmux v0.1.5-0.20210205191134-5ec6847320e5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0= github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0= github.com/sony/gobreaker v0.4.1/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY= github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU= github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE= github.com/spf13/cobra v1.1.1/go.mod h1:WnodtKOvamDL/PwE2M4iKs8aMDBZ5Q5klgD3qfVJQMI= github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo= github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM= github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y= github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s= github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE= github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg= github.com/src-d/gcfg v1.4.0/go.mod h1:p/UMsR43ujA89BJY9duynAwIpvqEujIH/jFlfL7jWoI= github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= github.com/streadway/amqp v0.0.0-20190827072141-edfb9018d271/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= github.com/streadway/handy v0.0.0-20190108123426-d5acb3125c2a/go.mod h1:qNTQ5P5JnDBl6z3cMAg/SywNDC5ABu5ApDIw6lUbRmI= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= github.com/stretchr/testify v0.0.0-20170130113145-4d4bfba8f1d1/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/tj/assert v0.0.0-20171129193455-018094318fb0/go.mod h1:mZ9/Rh9oLWpLLDRpvE+3b7gP/C2YyLFYxNmcLnPTMe0= github.com/tj/go-elastic v0.0.0-20171221160941-36157cbbebc2/go.mod h1:WjeM0Oo1eNAjXGDx2yma7uG2XoyRZTq1uv3M/o7imD0= github.com/tj/go-kinesis v0.0.0-20171128231115-08b17f58cb1b/go.mod h1:/yhzCV0xPfx6jb1bBgRFjl5lytqVqZXEaeqWP8lTEao= github.com/tj/go-spin v1.1.0/go.mod h1:Mg1mzmePZm4dva8Qz60H2lHwmJ2loum4VIrLgVnKwh4= github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tmc/grpc-websocket-proxy v0.0.0-20200427203606-3cfed13b9966/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tomasen/realip v0.0.0-20180522021738-f0c99a92ddce/go.mod h1:o8v6yHRoik09Xen7gje4m9ERNah1d1PPsVq1VEx9vE4= github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw= github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY= github.com/ulikunitz/xz v0.5.6/go.mod h1:2bypXElzHzzJZwzH67Y6wb67pO62Rzfn7BSiF4ABRW8= github.com/ulikunitz/xz v0.5.7/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/urfave/cli v1.22.4/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/xanzy/go-gitlab v0.31.0/go.mod h1:sPLojNBn68fMUWSxIJtdVVIP8uSBYqesTfDUseX11Ug= github.com/xanzy/ssh-agent v0.2.1/go.mod h1:mLlQY/MoOhWBj+gOGMQkOeiEvkx+8pJSI+0Bx9h2kr4= github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8/go.mod h1:HUYIGzjTL3rfEspMxjDjgmT5uz5wzYJKVo23qUhYTos= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ= go.etcd.io/bbolt v1.3.6/go.mod h1:qXsaaIqmgQH0T+OPdb99Bf+PKfBBQVAdyD6TY9G8XM4= go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg= go.etcd.io/etcd/api/v3 v3.5.0-alpha.0/go.mod h1:mPcW6aZJukV6Aa81LSKpBjQXTWlXB5r74ymPoSWa3Sw= go.etcd.io/etcd/api/v3 v3.5.0/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs= go.etcd.io/etcd/client/pkg/v3 v3.5.0/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g= go.etcd.io/etcd/client/v2 v2.305.0-alpha.0/go.mod h1:kdV+xzCJ3luEBSIeQyB/OEKkWKd8Zkux4sbDeANrosU= go.etcd.io/etcd/client/v2 v2.305.0/go.mod h1:h9puh54ZTgAKtEbut2oe9P4L/oqKCVB6xsXlzd7alYQ= go.etcd.io/etcd/client/v3 v3.5.0-alpha.0/go.mod h1:wKt7jgDgf/OfKiYmCq5WFGxOFAkVMLxiiXgLDFhECr8= go.etcd.io/etcd/client/v3 v3.5.0/go.mod h1:AIKXXVX/DQXtfTEqBryiLTUXwON+GuvO6Z7lLS/oTh0= go.etcd.io/etcd/etcdctl/v3 v3.5.0-alpha.0/go.mod h1:YPwSaBciV5G6Gpt435AasAG3ROetZsKNUzibRa/++oo= go.etcd.io/etcd/etcdctl/v3 v3.5.0/go.mod h1:vGTfKdsh87RI7kA2JHFBEGxjQEYx+pi299wqEOdi34M= go.etcd.io/etcd/etcdutl/v3 v3.5.0/go.mod h1:o98rKMCibbFAG8QS9KmvlYDGDShmmIbmRE8vSofzYNg= go.etcd.io/etcd/pkg/v3 v3.5.0-alpha.0/go.mod h1:tV31atvwzcybuqejDoY3oaNRTtlD2l/Ot78Pc9w7DMY= go.etcd.io/etcd/pkg/v3 v3.5.0/go.mod h1:UzJGatBQ1lXChBkQF0AuAtkRQMYnHubxAEYIrC3MSsE= go.etcd.io/etcd/raft/v3 v3.5.0-alpha.0/go.mod h1:FAwse6Zlm5v4tEWZaTjmNhe17Int4Oxbu7+2r0DiD3w= go.etcd.io/etcd/raft/v3 v3.5.0/go.mod h1:UFOHSIvO/nKwd4lhkwabrTD3cqW5yVyYYf/KlD00Szc= go.etcd.io/etcd/server/v3 v3.5.0-alpha.0/go.mod h1:tsKetYpt980ZTpzl/gb+UOJj9RkIyCb1u4wjzMg90BQ= go.etcd.io/etcd/server/v3 v3.5.0/go.mod h1:3Ah5ruV+M+7RZr0+Y/5mNLwC+eQlni+mQmOVdCRJoS4= go.etcd.io/etcd/tests/v3 v3.5.0-alpha.0/go.mod h1:HnrHxjyCuZ8YDt8PYVyQQ5d1ZQfzJVEtQWllr5Vp/30= go.etcd.io/etcd/tests/v3 v3.5.0/go.mod h1:f+mtZ1bE1YPvgKdOJV2BKy4JQW0nAFnQehgOE7+WyJE= go.etcd.io/etcd/v3 v3.5.0-alpha.0/go.mod h1:JZ79d3LV6NUfPjUxXrpiFAYcjhT+06qqw+i28snx8To= go.etcd.io/etcd/v3 v3.5.0/go.mod h1:FldM0/VzcxYWLvWx1sdA7ghKw7C3L2DvUTzGrcEtsC4= go.opencensus.io v0.15.0/go.mod h1:UffZAU+4sDEINUGP/B7UfBBkq4fqLu9zXAX7ke6CHW0= go.opencensus.io v0.20.1/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= go.opencensus.io v0.20.2/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.22.6/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= go.opentelemetry.io/contrib v0.20.0/go.mod h1:G/EtFaa6qaN7+LxqfIAT3GiZa7Wv5DTBUzl5H4LY0Kc= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.20.0/go.mod h1:oVGt1LRbBOBq1A5BQLlUg9UaU/54aiHw8cgjV3aWZ/E= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0 h1:q4XOmH/0opmeuJtPsbFNivyl7bCt7yRBbeEm2sC/XtQ= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0/go.mod h1:snMWehoOh2wsEwnvvwtDyFCxVeDAODenXHtn5vzrKjo= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 h1:F7Jx+6hwnZ41NSFTO5q4LYDtJRXBf2PD0rNBkeB/lus= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0/go.mod h1:UHB22Z8QsdRDrnAtX4PntOl36ajSxcdUMt1sF7Y6E7Q= go.opentelemetry.io/otel v0.20.0/go.mod h1:Y3ugLH2oa81t5QO+Lty+zXf8zC9L26ax4Nzoxm/dooo= go.opentelemetry.io/otel v1.36.0 h1:UumtzIklRBY6cI/lllNZlALOF5nNIzJVb16APdvgTXg= go.opentelemetry.io/otel v1.36.0/go.mod h1:/TcFMXYjyRNh8khOAO9ybYkqaDBb/70aVwkNML4pP8E= go.opentelemetry.io/otel/exporters/otlp v0.20.0/go.mod h1:YIieizyaN77rtLJra0buKiNBOm9XQfkPEKBeuhoMwAM= go.opentelemetry.io/otel/metric v0.20.0/go.mod h1:598I5tYlH1vzBjn+BTuhzTCSb/9debfNp6R3s7Pr1eU= go.opentelemetry.io/otel/metric v1.36.0 h1:MoWPKVhQvJ+eeXWHFBOPoBOi20jh6Iq2CcCREuTYufE= go.opentelemetry.io/otel/metric v1.36.0/go.mod h1:zC7Ks+yeyJt4xig9DEw9kuUFe5C3zLbVjV2PzT6qzbs= go.opentelemetry.io/otel/oteltest v0.20.0/go.mod h1:L7bgKf9ZB7qCwT9Up7i9/pn0PWIa9FqQ2IQ8LoxiGnw= go.opentelemetry.io/otel/sdk v0.20.0/go.mod h1:g/IcepuwNsoiX5Byy2nNV0ySUF1em498m7hBWC279Yc= go.opentelemetry.io/otel/sdk v1.36.0 h1:b6SYIuLRs88ztox4EyrvRti80uXIFy+Sqzoh9kFULbs= go.opentelemetry.io/otel/sdk v1.36.0/go.mod h1:+lC+mTgD+MUWfjJubi2vvXWcVxyr9rmlshZni72pXeY= go.opentelemetry.io/otel/sdk/export/metric v0.20.0/go.mod h1:h7RBNMsDJ5pmI1zExLi+bJK+Dr8NQCh0qGhm1KDnNlE= go.opentelemetry.io/otel/sdk/metric v0.20.0/go.mod h1:knxiS8Xd4E/N+ZqKmUPf3gTTZ4/0TjTXukfxjzSTpHE= go.opentelemetry.io/otel/sdk/metric v1.36.0 h1:r0ntwwGosWGaa0CrSt8cuNuTcccMXERFwHX4dThiPis= go.opentelemetry.io/otel/sdk/metric v1.36.0/go.mod h1:qTNOhFDfKRwX0yXOqJYegL5WRaW376QbB7P4Pb0qva4= go.opentelemetry.io/otel/trace v0.20.0/go.mod h1:6GjCW8zgDjwGHGa6GkyeB8+/5vjT16gUEi0Nf1iBdgw= go.opentelemetry.io/otel/trace v1.36.0 h1:ahxWNuqZjpdiFAyrIoQ4GIiAIhxAunQR6MUoKrsNd4w= go.opentelemetry.io/otel/trace v1.36.0/go.mod h1:gQ+OnDZzrybY4k4seLzPAWNwVBBVlF2szhehOBB/tGA= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4= go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU= go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM= go.uber.org/zap v1.16.0/go.mod h1:MA8QOfq0BHJwdXa996Y4dYkAqRKB8/1K1QMMZVaNZjQ= go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo= gocloud.dev v0.19.0/go.mod h1:SmKwiR8YwIMMJvQBKLsC3fHNyMwXLw3PMDO+VVteJMI= golang.org/x/crypto v0.0.0-20180501155221-613d6eafa307/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190426145343-a29dc8fdc734/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191002192127-34f69633bfdc/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191117063200-497ca9f6d64f/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.41.0 h1:WKYxWedPGCTVVl5+WHSSrOBT0O8lx32+zxmHxijgXp4= golang.org/x/crypto v0.41.0/go.mod h1:pO5AFd7FA68rFak7rOAGVuygIISepHftHnr8dr6+sUc= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek= golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= golang.org/x/exp v0.0.0-20200331195152-e8c3332aa8e5/go.mod h1:4M0jN8W1tt0AVLNr8HDosyJCDCDuyL9N9+3m7wDWgKw= golang.org/x/exp v0.0.0-20240409090435-93d18d7e34b8 h1:ESSUROHIBHg7USnszlcdmjBEwdMj9VUvU+OPk4yl2mc= golang.org/x/exp v0.0.0-20240409090435-93d18d7e34b8/go.mod h1:/lliqkxwWAhPjf5oSOIJup2XcqJaw8RGS6k3TGEc7GI= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs= golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY= golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181108082009-03003ca0c849/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190125091013-d26f9f9a57f3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190619014844-b5b0513f8c1b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191002035440-2ec189313ef0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191119073136-fc4aabc6c914/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200421231249-e086a090c8fd/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.43.0 h1:lat02VYK2j4aLzMzecihNvTlJNQUq316m2Mr9rnM6YE= golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181106182150-f42d05182288/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190402181905-9f3314589c9a/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210126194326-f9ce19ea3013/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210413134643-5e61552d6c78/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210427180440-81ed05c6b58c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI= golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190412183630-56d357773e84/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw= golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190221075227-b4e8571b14e0/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190620070143-6f217b454f45/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191119060738-e882bf8e40c2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191220142924-d4481acd189f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200923182605-d9f96fdee20d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201009025420-dfb3f7c4e634/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210309074719-68d13333faf2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210412220455-f1c623a9e750/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210426230700-d19ff857e887/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210503080704-8803ae5d1324/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI= golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.34.0 h1:O/2T7POpk0ZZ7MAzMeWFSg6S5IpWd/RXDlM9hgM3DR4= golang.org/x/term v0.34.0/go.mod h1:5jC53AEywhIVebHgPVeg0mj8OD3VO9OzclacVrqpaAw= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.28.0 h1:rhazDwis8INMIwQ4tpjLDzUhx6RlXqZNPEM0huQojng= golang.org/x/text v0.28.0/go.mod h1:U8nCwOR8jO/marOQ0QbDiOngZVEBB7MAiitBuMjXiNU= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE= golang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg= golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190422233926-fe54fb35175b/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190729092621-ff9f1409240a/go.mod h1:jcCCGcm9btYwXyDqrUWc6MKQKKGJCWEQ3AfLSRIbEuI= golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191010075000-0337d82405ff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191112195655-aa38f8e97acc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191118222007-07fc4c7f2b98/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200103221440-774c71fcf114/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= golang.org/x/tools v0.0.0-20200426102838-f3a5411a4c3b/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200522201501-cb1345f3a375/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200717024301-6ddee64345a6/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE= golang.org/x/tools v0.0.0-20201014170642-d1624618ad65/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU= golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk= google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= google.golang.org/api v0.5.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= google.golang.org/api v0.6.0/go.mod h1:btoxGiFvQNVUZQ8W08zLtrVS08CNpINPEfxXxgJL1Q4= google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= google.golang.org/api v0.10.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM= google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc= google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg= google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE= google.golang.org/api v0.37.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8= google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8= google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= google.golang.org/api v0.46.0/go.mod h1:ceL4oozhkAiTID8XMmJBsIxID/9wMXJVVFXPg4ylg3I= google.golang.org/api v0.47.0/go.mod h1:Wbvgpq1HddcWVtzsVLyfLp8lDg6AA241LmgIL59tHXo= google.golang.org/api v0.48.0/go.mod h1:71Pr1vy+TAZRPkPs/xlCf5SsU8WjuAWv1Pfjbtukyy4= google.golang.org/api v0.50.0/go.mod h1:4bNT5pAuq5ji4SRZm+5QIkjny9JAyVD/3gaSihNefaw= google.golang.org/api v0.51.0/go.mod h1:t4HdrdoNgyN5cbEfm7Lum0lcLDLiise1F8qDKX00sOU= google.golang.org/api v0.54.0/go.mod h1:7C4bFFOvVDGXjfDTAsgGwDgAxRDeQ4X8NvUedIt6z3k= google.golang.org/api v0.247.0 h1:tSd/e0QrUlLsrwMKmkbQhYVa109qIintOls2Wh6bngc= google.golang.org/api v0.247.0/go.mod h1:r1qZOPmxXffXg6xS5uhx16Fa/UFY8QU/K4bfKrnvovM= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.3.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= google.golang.org/appengine v1.6.2/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/genproto v0.0.0-20170818010345-ee236bd376b0/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20181107211654-5fc9ac540362/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190508193815-b515fa19cec8/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190530194941-fb225487d101/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s= google.golang.org/genproto v0.0.0-20190620144150-6af8c5fc6601/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s= google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA= google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA= google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210126160654-44e461bb6506/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210331142528-b7513248f0ba/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= google.golang.org/genproto v0.0.0-20210427215850-f767ed18ee4d/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= google.golang.org/genproto v0.0.0-20210429181445-86c259c2b4ab/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= google.golang.org/genproto v0.0.0-20210513213006-bf773b8c8384/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= google.golang.org/genproto v0.0.0-20210604141403-392c879c8b08/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= google.golang.org/genproto v0.0.0-20210608205507-b6d2f5bf0d7d/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= google.golang.org/genproto v0.0.0-20210624195500-8bfb893ecb84/go.mod h1:SzzZ/N+nwJDaO1kznhnlzqS8ocJICar6hYhVyhi++24= google.golang.org/genproto v0.0.0-20210713002101-d411969a0d9a/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k= google.golang.org/genproto v0.0.0-20210716133855-ce7ef5c701ea/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k= google.golang.org/genproto v0.0.0-20210728212813-7823e685a01f/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= google.golang.org/genproto v0.0.0-20210805201207-89edb61ffb67/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= google.golang.org/genproto v0.0.0-20210813162853-db860fec028c/go.mod h1:cFeNkxwySK631ADgubI+/XFU/xp8FD5KIVV4rj8UC5w= google.golang.org/genproto v0.0.0-20210821163610-241b8fcbd6c8/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= google.golang.org/genproto v0.0.0-20250603155806-513f23925822 h1:rHWScKit0gvAPuOnu87KpaYtjK5zBMLcULh7gxkCXu4= google.golang.org/genproto v0.0.0-20250603155806-513f23925822/go.mod h1:HubltRL7rMh0LfnQPkMH4NPDFEWp0jw3vixw7jEM53s= google.golang.org/genproto/googleapis/api v0.0.0-20250818200422-3122310a409c h1:AtEkQdl5b6zsybXcbz00j1LwNodDuH6hVifIaNqk7NQ= google.golang.org/genproto/googleapis/api v0.0.0-20250818200422-3122310a409c/go.mod h1:ea2MjsO70ssTfCjiwHgI0ZFqcw45Ksuk2ckf9G468GA= google.golang.org/genproto/googleapis/rpc v0.0.0-20250818200422-3122310a409c h1:qXWI/sQtv5UKboZ/zUk7h+mrf/lXORyI+n9DKDAusdg= google.golang.org/genproto/googleapis/rpc v0.0.0-20250818200422-3122310a409c/go.mod h1:gw1tLEfykwDz2ET4a12jcXt4couGAm7IwsVaTy0Sflo= google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.0/go.mod h1:chYK+tFQF0nDUGJgXMSgLCQk3phJEuONr2DCgLDdAQM= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= google.golang.org/grpc v1.22.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60= google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.32.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8= google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= google.golang.org/grpc v1.37.1/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= google.golang.org/grpc v1.74.2 h1:WoosgB65DlWVC9FqI82dGsZhWFNBSLjQ84bjROOpMu4= google.golang.org/grpc v1.74.2/go.mod h1:CtQ+BGjaAIXHs/5YS3i473GqwBBa1zGQNevxdeBEXrM= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.25.1-0.20200805231151-a709e31e5d12/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.36.7 h1:IgrO7UwFQGJdRNXH/sQux4R1Dj1WAKcLElzeeRaXV2A= google.golang.org/protobuf v1.36.7/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= gopkg.in/cheggaaa/pb.v1 v1.0.28/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= gopkg.in/gcfg.v1 v1.2.3/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o= gopkg.in/go-playground/assert.v1 v1.2.1/go.mod h1:9RXL0bg/zibRAgZUYszZSwO/z8Y/a8bDuhia5mkpMnE= gopkg.in/go-playground/validator.v9 v9.29.1/go.mod h1:+c9/zcJMFNgbLvly1L1V+PpxWdVbfP1avr/N00E2vyQ= gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k= gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= gopkg.in/src-d/go-billy.v4 v4.3.2/go.mod h1:nDjArDMp+XMs1aFAESLRjfGSgfvoYN0hDfzEk0GjC98= gopkg.in/src-d/go-git-fixtures.v3 v3.5.0/go.mod h1:dLBcvytrw/TYZsNTWCnkNF2DSIlzWYqTe3rJR56Ac7g= gopkg.in/src-d/go-git.v4 v4.13.1/go.mod h1:nx5NYcxdKxq5fpltdHnPa2Exj4Sx0EclMWZQbYDu2z8= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= pack.ag/amqp v0.11.2/go.mod h1:4/cbmt4EJXSKlG6LCfWHoqmN0uFdy5i/+YFz+fTfhV4= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= sourcegraph.com/sourcegraph/appdash v0.0.0-20190731080439-ebfcffb1b5c0/go.mod h1:hI742Nqp5OhwiqlzhgfbWU4mW4yO10fP+LoT9WOswdU= go-tpm-tools-0.4.7/cmd/gotpm/000077500000000000000000000000001510276467000157645ustar00rootroot00000000000000go-tpm-tools-0.4.7/cmd/gotpm/main.go000066400000000000000000000016631510276467000172450ustar00rootroot00000000000000// Package main is a binary wrapper package around cmd. package main import ( "fmt" "os" "runtime/debug" "github.com/google/go-tpm-tools/cmd" ) // GoReleaser will populates those fields // https://goreleaser.com/cookbooks/using-main.version/ var ( version = "dev" commit = "none" date = "unknown" ) var ( tdxGuestVersion = "unknown" sevGuestVersion = "unknown" sevGuest = "github.com/google/go-sev-guest" tdxGuest = "github.com/google/go-tdx-guest" ) func main() { if info, ok := debug.ReadBuildInfo(); ok { for _, dep := range info.Deps { switch dep.Path { case sevGuest: sevGuestVersion = dep.Version case tdxGuest: tdxGuestVersion = dep.Version } } } cmd.RootCmd.Version = fmt.Sprintf("%s, commit %s, built at %s\n- go-sev-guest version %s\n- go-tdx-guest version %s", version, commit, date, tdxGuestVersion, sevGuestVersion) if cmd.RootCmd.Execute() != nil { os.Exit(1) } } go-tpm-tools-0.4.7/cmd/open.go000066400000000000000000000022751510276467000161340ustar00rootroot00000000000000package cmd import ( "fmt" "io" "github.com/google/go-tpm-tools/client" ) // ExternalTPM can be set to run tests against an TPM initialized by an // external package (like the simulator). Setting this value will make all // gotpm commands run against it, and will prevent the cmd package from // closing the TPM. Setting this value and closing the TPM must be managed // by the external package. // ExternalTPM can have a TPM simulator or a real TPM. var ExternalTPM io.ReadWriter // extTPMWrapper is designed to wrap the ExternalTPM to provide some overriding // functions. type extTPMWrapper struct { io.ReadWriter } // Close is no-op for extTPMWrapper to prevent it closing the underlying simulator. func (et extTPMWrapper) Close() error { return nil } // EventLog is a workaround so the caller can call the underlying EventLogGetter function // of the underlying TPM. func (et extTPMWrapper) EventLog() ([]byte, error) { return client.GetEventLog(et.ReadWriter) } func openTpm() (io.ReadWriteCloser, error) { if ExternalTPM != nil { return extTPMWrapper{ExternalTPM}, nil } rwc, err := openImpl() if err != nil { return nil, fmt.Errorf("connecting to TPM: %w", err) } return rwc, nil } go-tpm-tools-0.4.7/cmd/open_other.go000066400000000000000000000016611510276467000173330ustar00rootroot00000000000000//go:build !windows // +build !windows package cmd import ( "io" "os" "github.com/google/go-tpm/legacy/tpm2" ) var tpmPath string // tpmWrapper wraps a TPM io.ReadWriteCloser that implements client.EventLogGetter. type tpmWrapper struct { io.ReadWriteCloser } // EventLog fetches the event log specified by the event-log flag. func (et tpmWrapper) EventLog() ([]byte, error) { return os.ReadFile(eventLog) } func init() { RootCmd.PersistentFlags().StringVar(&tpmPath, "tpm-path", "", "path to TPM device (defaults to /dev/tpmrm0 then /dev/tpm0)") } // On Linux, we have to pass in the TPM path though a flag func openImpl() (tpmWrapper, error) { tw := tpmWrapper{} var err error if tpmPath == "" { tw.ReadWriteCloser, err = tpm2.OpenTPM("/dev/tpmrm0") if os.IsNotExist(err) { tw.ReadWriteCloser, err = tpm2.OpenTPM("/dev/tpm0") } return tw, err } tw.ReadWriteCloser, err = tpm2.OpenTPM(tpmPath) return tw, err } go-tpm-tools-0.4.7/cmd/open_windows.go000066400000000000000000000003371510276467000177030ustar00rootroot00000000000000package cmd import ( "io" "github.com/google/go-tpm/legacy/tpm2" ) // There is no need for flags on Windows, as there is no concept of a TPM path. func openImpl() (io.ReadWriteCloser, error) { return tpm2.OpenTPM() } go-tpm-tools-0.4.7/cmd/pubkey.go000066400000000000000000000072711510276467000164730ustar00rootroot00000000000000package cmd import ( "crypto" "crypto/x509" "encoding/pem" "fmt" "io" "github.com/google/go-tpm-tools/client" "github.com/google/go-tpm/legacy/tpm2" directtpm2 "github.com/google/go-tpm/tpm2" "github.com/google/go-tpm/tpmutil" "github.com/spf13/cobra" ) var keyFormat string func addKeyFormatFlag(cmd *cobra.Command) { cmd.PersistentFlags().StringVar(&keyFormat, "key-format", "pem", "type of format for the outputted key, defaults to pem, but can also specify tpmt-public") } var hierarchyNames = map[string]tpmutil.Handle{ "endorsement": tpm2.HandleEndorsement, "owner": tpm2.HandleOwner, "platform": tpm2.HandlePlatform, "null": tpm2.HandleNull, } var pubkeyCmd = &cobra.Command{ Use: "pubkey ", Short: "Retrieve a public key from the TPM", Long: `Get the PEM-formatted public component of a TPM's primary key A TPM can create a primary asymmetric key in one of 4 hierarchies: endorsement - used for remote attestation, privacy sensitive owner - used for local signing/encryption, reset on TPM2_Clear platform - rarely used null - all keys are ephemeral, reset on every boot Furthermore, this key is based on a template containing parameters like algorithms and key sizes. By default, this command uses a standard template defined in the TPM2 spec. If --index is provided, the template is read from NVDATA instead (and --algo is ignored).`, ValidArgs: func() []string { // The keys from the hierarchyNames map are our valid arguments keys := make([]string, len(hierarchyNames)) for k := range hierarchyNames { keys = append(keys, k) } return keys }(), Args: cobra.MatchAll(cobra.ExactArgs(1), cobra.OnlyValidArgs), RunE: func(_ *cobra.Command, args []string) error { rwc, err := openTpm() if err != nil { return err } defer rwc.Close() key, err := getKey(rwc, hierarchyNames[args[0]], keyAlgo) if err != nil { return err } defer key.Close() if keyFormat == "pem" { return writeKey(key.PublicKey()) } if keyFormat == "tpmt-public" { encoded, err := key.PublicArea().Encode() if err != nil { return fmt.Errorf("failed to encode public area: %v", err) } _, err = dataOutput().Write(encoded) if err != nil { return fmt.Errorf("failed to write key: %v", err) } return nil } return fmt.Errorf("key format must be either pem or tpmt-public") }, } func init() { RootCmd.AddCommand(pubkeyCmd) addIndexFlag(pubkeyCmd) addOutputFlag(pubkeyCmd) addPublicKeyAlgoFlag(pubkeyCmd) addKeyFormatFlag(pubkeyCmd) } func getKey(rw io.ReadWriter, hierarchy tpmutil.Handle, _ tpm2.Algorithm) (*client.Key, error) { fmt.Fprintf(debugOutput(), "Using hierarchy 0x%x\n", hierarchy) if nvIndex != 0 { fmt.Fprintf(debugOutput(), "Reading from NVDATA index %d\n", nvIndex) return client.KeyFromNvIndex(rw, hierarchy, nvIndex) } switch hierarchy { case tpm2.HandleEndorsement: return getEK(rw) case tpm2.HandleOwner: return getSRK(rw) default: return nil, fmt.Errorf("there is no default key for the given hierarchy: 0x%x", hierarchy) } } func writeKey(pubKey crypto.PublicKey) error { fmt.Fprintf(debugOutput(), "Got key: %+v\n", pubKey) asn1Bytes, err := x509.MarshalPKIXPublicKey(pubKey) if err != nil { return err } return pem.Encode(dataOutput(), &pem.Block{ Type: "PUBLIC KEY", Bytes: asn1Bytes, }) } func readTPMTPublic(rw io.Reader) (*directtpm2.TPMTPublic, error) { data, err := io.ReadAll(rw) if err != nil { return nil, fmt.Errorf("failed to read public key: %v", err) } tPublic, err := directtpm2.Unmarshal[directtpm2.TPMTPublic](data) if err != nil { return nil, fmt.Errorf("failed to unmarshal public area: %v", err) } return tPublic, nil } go-tpm-tools-0.4.7/cmd/read.go000066400000000000000000000050111510276467000160750ustar00rootroot00000000000000package cmd import ( "errors" "fmt" "github.com/google/go-tpm-tools/client" "github.com/google/go-tpm-tools/internal" "github.com/google/go-tpm/legacy/tpm2" "github.com/google/go-tpm/tpmutil" "github.com/spf13/cobra" ) var readCmd = &cobra.Command{ Use: "read ", Short: "Read from the TPM", Long: `Read from the TPM`, Args: cobra.NoArgs, } var pcrHashAlgo = tpm2.AlgUnknown var pcrCmd = &cobra.Command{ Use: "pcr", Short: "Read PCRs from the TPM", Long: `Read PCRs from the TPM Based on --hash-algo and --pcrs flags, read the contents of the TPM's PCRs. If --hash-algo is not provided, all banks of PCRs will be read. If --pcrs is not provided, all PCRs are read for that hash algorithm.`, Args: cobra.NoArgs, RunE: func(*cobra.Command, []string) error { rwc, err := openTpm() if err != nil { return err } defer rwc.Close() if pcrHashAlgo != tpm2.AlgUnknown { sel := tpm2.PCRSelection{Hash: pcrHashAlgo, PCRs: pcrs} if len(sel.PCRs) == 0 { sel = client.FullPcrSel(sel.Hash) } fmt.Fprintf(debugOutput(), "Reading %v PCRs (%v)\n", sel.Hash, sel.PCRs) pcrs, err := client.ReadPCRs(rwc, sel) if err != nil { return err } return internal.FormatPCRs(dataOutput(), pcrs) } if len(pcrs) != 0 { return errors.New("--hash-algo must be used with --pcrs") } fmt.Fprintln(debugOutput(), "Reading all PCRs") banks, err := client.ReadAllPCRs(rwc) if err != nil { return err } for _, bank := range banks { if err = internal.FormatPCRs(dataOutput(), bank); err != nil { return err } } return nil }, } var nvReadCmd = &cobra.Command{ Use: "nvdata", Short: "Read TPM NVData", Long: `Read NVData at a particular NVIndex Based on the --index flag, this reads all of the NVData present at that NVIndex. The read is authenticated with the owner hierarchy and an empty password.`, Args: cobra.NoArgs, RunE: func(*cobra.Command, []string) error { rwc, err := openTpm() if err != nil { return err } defer rwc.Close() data, err := tpm2.NVReadEx(rwc, tpmutil.Handle(nvIndex), tpm2.HandleOwner, "", 0) if err != nil { return err } if _, err := dataOutput().Write(data); err != nil { return fmt.Errorf("cannot output NVData: %w", err) } return nil }, } func init() { RootCmd.AddCommand(readCmd) readCmd.AddCommand(pcrCmd) readCmd.AddCommand(nvReadCmd) addOutputFlag(pcrCmd) addPCRsFlag(pcrCmd) addHashAlgoFlag(pcrCmd, &pcrHashAlgo) addIndexFlag(nvReadCmd) nvReadCmd.MarkPersistentFlagRequired("index") addOutputFlag(nvReadCmd) } go-tpm-tools-0.4.7/cmd/register.go000066400000000000000000000073461510276467000170230ustar00rootroot00000000000000package cmd import ( "fmt" "github.com/google/go-tpm-tools/client" tpb "github.com/google/go-tpm-tools/proto/tpm" "github.com/google/go-tpm-tools/server" "github.com/google/go-tpm/tpm2" "github.com/google/go-tpm/tpm2/transport" "github.com/spf13/cobra" ) // This file implements TPM registration which for now is only used for SVSM e-vTPMs. // It uses https://trustedcomputinggroup.org/wp-content/uploads/EK-Based-Key-Attestation-with-TPM-Firmware-Version-V1-RC1_9July2025.pdf#page=8 // which we call as import certify. // ActivateCredential is not implemented yet. var registerCmd = &cobra.Command{ Use: "register", Short: "Register an SVSM TPM AK", Long: "Given an EK, we'll register a corresponding AK and prove that it's on the same TPM as the EK.", Args: cobra.NoArgs, } var ( secretOut string secretIn string ) func addSecretInputFlag(cmd *cobra.Command) { cmd.PersistentFlags().StringVar(&secretIn, "secret-input", "", "specifies path to read the secret that was generated from create-challenge") } func addSecretOutputFlag(cmd *cobra.Command) { cmd.PersistentFlags().StringVar(&secretOut, "secret-output", "", "specifies path to write the secret to") } var createChallengeCmd = &cobra.Command{ Use: "create-challenge", Short: "Create a challenge for the client to register the EK", Long: `Given an EK public key in TPM2 wire format, create a challenge for the client to register the EK. and save the ChallengeSecret but don't share it with the client.`, Args: cobra.NoArgs, RunE: func(_ *cobra.Command, _ []string) error { ekpub, err := readTPMTPublic(dataInput()) if err != nil { return err } challenge, secret, err := server.CreateRestrictedHMACBlob(ekpub) if err != nil { return fmt.Errorf("could not create challenge: %s", err) } writeProtoToOutput(challenge) _, err = openForWrite(secretOut).Write(secret) if err != nil { return fmt.Errorf("could not write secret: %s", err) } return nil }, } var solveChallengeCmd = &cobra.Command{ Use: "solve-challenge", Short: "Solve a challenge from the TPM EK", Args: cobra.NoArgs, RunE: func(_ *cobra.Command, _ []string) error { challenge := &tpb.ImportBlob{} err := readProtoFromPath(input, challenge) if err != nil { return fmt.Errorf("could not read challenge: %s", err) } rwc, err := openImpl() if err != nil { return fmt.Errorf("could not open TPM: %s", err) } defer rwc.Close() tpm := transport.FromReadWriter(rwc) solved, err := client.CreateCertifiedAKBlob(tpm, challenge, tpm2.TPMAlgID(keyAlgo)) if err != nil { return fmt.Errorf("could not solve challenge: %s", err) } writeProtoToOutput(solved) return nil }, } var verifyChallengeCmd = &cobra.Command{ Use: "verify-challenge", Short: "Verify a challenge for the SVSM TPM's EK and its binding to the SNP attestation report", Args: cobra.NoArgs, RunE: func(_ *cobra.Command, _ []string) error { blob := &tpb.CertifiedBlob{} err := readProtoFromPath(input, blob) if err != nil { return err } if secretIn == "" { return fmt.Errorf("secret-input must be specified") } secret, err := readBytes(secretIn) if err != nil { return fmt.Errorf("could not read secret: %s", err) } err = server.VerifyCertifiedAKBlob(blob, secret) if err != nil { return fmt.Errorf("could not verify attestation: %s", err) } return nil }, } func init() { RootCmd.AddCommand(registerCmd) challengeCommands := []*cobra.Command{ createChallengeCmd, solveChallengeCmd, verifyChallengeCmd, } for _, cmd := range challengeCommands { registerCmd.AddCommand(cmd) addOutputFlag(cmd) addFormatFlag(cmd) addInputFlag(cmd) } addSecretOutputFlag(createChallengeCmd) addSecretInputFlag(verifyChallengeCmd) addPublicKeyAlgoFlag(solveChallengeCmd) } go-tpm-tools-0.4.7/cmd/root.go000066400000000000000000000023541510276467000161540ustar00rootroot00000000000000// Package cmd contains a CLI to interact with TPM. package cmd import ( "fmt" "io" "os" "github.com/spf13/cobra" "google.golang.org/protobuf/encoding/prototext" ) // RootCmd is the entrypoint for gotpm. var RootCmd = &cobra.Command{ Use: "gotpm", Long: `Command line tool for the go-tpm TSS This tool allows performing TPM2 operations from the command line. See the per-command documentation for more information.`, PersistentPreRunE: func(cmd *cobra.Command, _ []string) error { if quiet && verbose { return fmt.Errorf("cannot specify both --quiet and --verbose") } cmd.SilenceUsage = true return nil }, } var ( quiet bool verbose bool ) func init() { RootCmd.PersistentFlags().BoolVar(&quiet, "quiet", false, "print nothing if command is successful") RootCmd.PersistentFlags().BoolVar(&verbose, "verbose", false, "print additional info to stdout") hideHelp(RootCmd) } func messageOutput() io.Writer { if quiet { return io.Discard } return os.Stdout } func debugOutput() io.Writer { if verbose { return os.Stdout } return io.Discard } // Default Text Marshalling options var marshalOptions = prototext.MarshalOptions{ Multiline: true, EmitASCII: true, } var unmarshalOptions = prototext.UnmarshalOptions{} go-tpm-tools-0.4.7/cmd/seal.go000066400000000000000000000076221510276467000161200ustar00rootroot00000000000000package cmd import ( "fmt" "io" "github.com/spf13/cobra" "github.com/google/go-tpm-tools/client" pb "github.com/google/go-tpm-tools/proto/tpm" "github.com/google/go-tpm/legacy/tpm2" ) var sealHashAlgo = tpm2.AlgSHA256 var sealCmd = &cobra.Command{ Use: "seal", Short: "Seal some data to the TPM", Long: `Encrypt the input data using the TPM TPMs support a "sealing" operation that allows some secret data to be encrypted by a particular TPM. This data can only be decrypted by the same TPM that did the encryption. Optionally (using the --pcrs flag), this decryption can be furthur restricted to only work if certain Platform Control Registers (PCRs) are in the correct state. This allows a key (i.e. a disk encryption key) to be bound to specific machine state (like Secure Boot).`, Args: cobra.NoArgs, RunE: func(*cobra.Command, []string) error { rwc, err := openTpm() if err != nil { return err } defer rwc.Close() fmt.Fprintln(debugOutput(), "Loading SRK") srk, err := getSRK(rwc) if err != nil { return err } defer srk.Close() fmt.Fprintln(debugOutput(), "Reading sealed data") secret, err := io.ReadAll(dataInput()) if err != nil { return err } fmt.Fprintf(debugOutput(), "Sealing to PCRs: %v\n", pcrs) opts := client.SealOpts{Current: tpm2.PCRSelection{ Hash: sealHashAlgo, PCRs: pcrs}} sealed, err := srk.Seal(secret, opts) if err != nil { return fmt.Errorf("sealing data: %w", err) } fmt.Fprintln(debugOutput(), "Writing sealed data") var output []byte if output, err = marshalOptions.Marshal(sealed); err != nil { return err } if _, err = dataOutput().Write(output); err != nil { return err } fmt.Fprintf(debugOutput(), "Sealed data to PCRs: %v\n", pcrs) return nil }, } var unsealCmd = &cobra.Command{ Use: "unseal", Short: "Unseal some data previously sealed to the TPM", Long: `Decrypt the input data using the TPM The opposite of "gotpm seal". This takes in some sealed input and decrypts it using the TPM. This operation will fail if used on a different TPM, or if the Platform Control Registers (PCRs) are in the incorrect state. All the necessary data to decrypt the sealed input is present in the input blob. We do not need to specify the PCRs used for unsealing. We do support an optional "certification" process. A list of PCRs may be provided with --pcrs, and the unwrapping will fail if the PCR values when sealing differ from the current PCR values. This allows for verification of the machine state when sealing took place. `, Args: cobra.NoArgs, RunE: func(*cobra.Command, []string) error { rwc, err := openTpm() if err != nil { return err } defer rwc.Close() fmt.Fprintln(debugOutput(), "Reading sealed data") data, err := io.ReadAll(dataInput()) if err != nil { return err } var sealed pb.SealedBytes if err := unmarshalOptions.Unmarshal(data, &sealed); err != nil { return err } fmt.Fprintln(debugOutput(), "Loading SRK") keyAlgo = tpm2.Algorithm(sealed.GetSrk()) srk, err := getSRK(rwc) if err != nil { return err } defer srk.Close() fmt.Fprintln(debugOutput(), "Unsealing data") opts := client.UnsealOpts{CertifyCurrent: tpm2.PCRSelection{ Hash: client.CertifyHashAlgTpm, PCRs: pcrs}} secret, err := srk.Unseal(&sealed, opts) if err != nil { return fmt.Errorf("unsealing data: %w", err) } fmt.Fprintln(debugOutput(), "Writing secret data") if _, err := dataOutput().Write(secret); err != nil { return fmt.Errorf("writing secret data: %w", err) } fmt.Fprintln(debugOutput(), "Unsealed data using TPM") return nil }, } func init() { RootCmd.AddCommand(sealCmd) RootCmd.AddCommand(unsealCmd) addInputFlag(sealCmd) addInputFlag(unsealCmd) addOutputFlag(sealCmd) addOutputFlag(unsealCmd) // PCRs and hash algorithm only used for sealing addPCRsFlag(sealCmd) addHashAlgoFlag(sealCmd, &sealHashAlgo) addPCRsFlag(unsealCmd) addPublicKeyAlgoFlag(sealCmd) } go-tpm-tools-0.4.7/cmd/seal_test.go000066400000000000000000000077151510276467000171620ustar00rootroot00000000000000package cmd import ( "bytes" "crypto/sha256" "os" "strconv" "testing" "github.com/google/go-tpm-tools/client" "github.com/google/go-tpm-tools/internal/test" "github.com/google/go-tpm/legacy/tpm2" "github.com/google/go-tpm/tpmutil" ) func makeTempFile(tb testing.TB, content []byte) string { tb.Helper() file, err := os.CreateTemp("", "gotpm_test_*.txt") if err != nil { tb.Fatal(err) } defer file.Close() if content != nil { if _, err := file.Write(content); err != nil { tb.Fatal(err) } } return file.Name() } func TestSealPlain(t *testing.T) { rwc := test.GetTPM(t) defer client.CheckedClose(t, rwc) ExternalTPM = rwc operations := []struct { name string algo string sealPCRs string certifyPCRs string }{ {"RSASeal", "rsa", "", ""}, {"ECCSeal", "ecc", "", ""}, {"RSASealWithPCR", "rsa", "7", ""}, {"ECCSealWithPCR", "ecc", "7", ""}, {"RSACertifyWithPCR", "rsa", "", "7"}, {"ECCCertifyWithPCR", "ecc", "", "7"}, {"RSASealAndCertifyWithPCR", "rsa", "7,8", "1"}, {"ECCSealAndCertifyWithPCR", "ecc", "7", "7,23"}, } for _, op := range operations { t.Run(op.name, func(t *testing.T) { secretIn := []byte("Hello") secretFile1 := makeTempFile(t, secretIn) defer os.Remove(secretFile1) sealedFile := makeTempFile(t, nil) defer os.Remove(sealedFile) secretFile2 := makeTempFile(t, nil) defer os.Remove(secretFile2) sealArgs := []string{"seal", "--quiet", "--input", secretFile1, "--output", sealedFile} if op.sealPCRs != "" { sealArgs = append(sealArgs, "--pcrs", op.sealPCRs) } if op.algo != "" { sealArgs = append(sealArgs, "--algo", op.algo) } RootCmd.SetArgs(sealArgs) if err := RootCmd.Execute(); err != nil { t.Error(err) } pcrs = []int{} // "flush" pcrs value in last Execute() cmd unsealArgs := []string{"unseal", "--quiet", "--input", sealedFile, "--output", secretFile2} if op.certifyPCRs != "" { unsealArgs = append(unsealArgs, "--pcrs", op.certifyPCRs) } RootCmd.SetArgs(unsealArgs) if err := RootCmd.Execute(); err != nil { t.Error(err) } secretOut, err := os.ReadFile(secretFile2) if err != nil { t.Fatal(err) } if !bytes.Equal(secretIn, secretOut) { t.Errorf("Expected %s, got %s", secretIn, secretOut) } }) } } func TestUnsealFail(t *testing.T) { rwc := test.GetTPM(t) defer client.CheckedClose(t, rwc) ExternalTPM = rwc extension := bytes.Repeat([]byte{0xAA}, sha256.Size) sealPCR := test.DebugPCR certPCR := test.ApplicationPCR operations := []struct { name string sealPCRs string certifyPCRs string pcrToExtend []int }{ // TODO(joerichey): Add test that TPM2_Reset make unsealing fail {"ExtendPCRAndUnseal", strconv.Itoa(sealPCR), "", []int{sealPCR}}, {"ExtendPCRAndCertify", strconv.Itoa(sealPCR), strconv.Itoa(certPCR), []int{certPCR}}, {"ExtendPCRAndCertify2", "", strconv.Itoa(certPCR), []int{certPCR}}, } for _, op := range operations { t.Run(op.name, func(t *testing.T) { secretIn := []byte("Hello") secretFile := makeTempFile(t, secretIn) defer os.Remove(secretFile) sealedFile := makeTempFile(t, nil) defer os.Remove(sealedFile) sealArgs := []string{"seal", "--quiet", "--input", secretFile, "--output", sealedFile} if op.sealPCRs != "" { sealArgs = append(sealArgs, "--pcrs", op.sealPCRs) } RootCmd.SetArgs(sealArgs) if err := RootCmd.Execute(); err != nil { t.Error(err) } pcrs = []int{} // "flush" pcrs value in last Execute() cmd for _, pcr := range op.pcrToExtend { pcrHandle := tpmutil.Handle(pcr) if err := tpm2.PCRExtend(rwc, pcrHandle, tpm2.AlgSHA256, extension, ""); err != nil { t.Fatal(err) } } unsealArgs := []string{"unseal", "--quiet", "--input", sealedFile, "--output", secretFile} if op.certifyPCRs != "" { unsealArgs = append(unsealArgs, "--pcrs", op.certifyPCRs) } RootCmd.SetArgs(unsealArgs) if RootCmd.Execute() == nil { t.Error("Unsealing should have failed") } }) } } go-tpm-tools-0.4.7/cmd/svsm_test.go000066400000000000000000000257571510276467000172340ustar00rootroot00000000000000package cmd import ( "crypto/sha512" "fmt" "os" "strconv" "strings" "testing" epb "github.com/google/gce-tcb-verifier/proto/endorsement" "github.com/google/go-configfs-tsm/configfs/configfsi" "github.com/google/go-configfs-tsm/configfs/faketsm" sabi "github.com/google/go-sev-guest/abi" sevpb "github.com/google/go-sev-guest/proto/sevsnp" sgtest "github.com/google/go-sev-guest/testing" "github.com/google/go-sev-guest/validate" "github.com/google/go-tpm-tools/client" "github.com/google/go-tpm-tools/internal/test" "google.golang.org/protobuf/encoding/prototext" "google.golang.org/protobuf/proto" ) func TestMakeSVSNPSVSMAttestation(t *testing.T) { rwc := test.GetTPM(t) defer client.CheckedClose(t, rwc) ak, err := client.AttestationKeyECC(rwc) if err != nil { t.Fatalf("failed to create ak: %v", err) } defer ak.Close() akPubBytes, err := ak.PublicArea().Encode() if err != nil { t.Fatalf("failed to encode ak pub: %v", err) } var nonce = [16]byte{0} attestation, err := ak.Attest(client.AttestOpts{ SkipTeeAttestation: true, Nonce: nonce[:], }) if err != nil { t.Fatalf("failed to create attestation: %v", err) } ek, err := client.EndorsementKeyRSA(rwc) if err != nil { t.Fatalf("failed to get EK: %v", err) } defer ek.Close() ekBytes, err := ek.PublicArea().Encode() if err != nil { t.Fatalf("failed to encode EK pub: %v", err) } var snpNonce [sabi.ReportDataSize]byte h := sha512.New() h.Write(snpNonce[:]) h.Write(ekBytes) measurement := [48]byte{0} configfs := makeFakeConfigfs(h.Sum(nil), ekBytes, 0, measurement[:]) svsmAttestation, err := makeSEVSNPSVSMAttestation(attestation, &sevSNPSVSMAttestationOpts{ TEENonce: snpNonce[:], CongfigfsClient: configfs, VTPMServiceManifestVersion: "0", }) if err != nil { t.Fatalf("failed to make SVSM attestation: %v", err) } endorsement, err := makeEndorsement(measurement[:]) if err != nil { t.Fatalf("failed to make endorsement: %v", err) } svsmAttestation.LaunchEndorsement = endorsement err = verifySEVSNPSVSMAttestation(verifySEVSNPSVSMOpts{ TEENonce: snpNonce[:], AKPub: akPubBytes, EKPub: ekBytes, SevValidateOpts: &validate.Options{GuestPolicy: sabi.SnpPolicy{ SMT: true, Debug: true, }}, }, svsmAttestation) if err != nil { t.Fatalf("failed to verify svsm attestation: %v", err) } } func makeEndorsement(measurement []byte) ([]byte, error) { golden := &epb.VMGoldenMeasurement{ SevSnp: &epb.VMSevSnp{ SvsmMeasurement: measurement, }, } data, err := proto.Marshal(golden) if err != nil { return nil, fmt.Errorf("failed to marshal golden measurement: %w", err) } launchEndorsement := &epb.VMLaunchEndorsement{SerializedUefiGolden: data} return proto.Marshal(launchEndorsement) } func TestSVSMAttestationsErrors(t *testing.T) { rwc := test.GetTPM(t) defer client.CheckedClose(t, rwc) ak, err := client.AttestationKeyECC(rwc) if err != nil { t.Fatalf("failed to create ak: %v", err) } defer ak.Close() akPubBytes, err := ak.PublicArea().Encode() if err != nil { t.Fatalf("failed to encode ak pub: %v", err) } var nonce = [16]byte{0} attestation, err := ak.Attest(client.AttestOpts{ SkipTeeAttestation: true, Nonce: nonce[:], }) if err != nil { t.Fatalf("failed to create attestation: %v", err) } ek, err := client.EndorsementKeyRSA(rwc) if err != nil { t.Fatalf("failed to get EK: %v", err) } defer ek.Close() ekBytes, err := ek.PublicArea().Encode() if err != nil { t.Fatalf("failed to encode EK pub: %v", err) } var snpNonce [sabi.ReportDataSize]byte h := sha512.New() h.Write(snpNonce[:]) h.Write(ekBytes) goodReportData := h.Sum(nil) goodVmpl := 0 goodMeasurement := [48]byte{0} copy(goodMeasurement[:], "good") testcases := []struct { name string getConfigfs func(t *testing.T) configfsi.Client wantErrString string }{ { name: "Bad report data", getConfigfs: func(_ *testing.T) configfsi.Client { var snpNonce [sabi.ReportDataSize]byte return makeFakeConfigfs(snpNonce[:], ekBytes, goodVmpl, goodMeasurement[:]) }, wantErrString: "report field REPORT_DATA", }, { name: "Bad VMPL", getConfigfs: func(_ *testing.T) configfsi.Client { return makeFakeConfigfs(goodReportData, ekBytes, 2, goodMeasurement[:]) }, wantErrString: "report VMPL", }, { name: "Bad measurement", getConfigfs: func(_ *testing.T) configfsi.Client { badMeasurement := make([]byte, 48) copy(badMeasurement[:], "bad") return makeFakeConfigfs(goodReportData, ekBytes, goodVmpl, badMeasurement[:]) }, wantErrString: "report field MEASUREMENT", }, } for _, tc := range testcases { t.Run(tc.name, func(t *testing.T) { svsmAttestation, err := makeSEVSNPSVSMAttestation(attestation, &sevSNPSVSMAttestationOpts{ TEENonce: snpNonce[:], CongfigfsClient: tc.getConfigfs(t), VTPMServiceManifestVersion: "0", }) if err != nil { t.Fatalf("failed to make SVSM attestation: %v", err) } endorsement, err := makeEndorsement(goodMeasurement[:]) if err != nil { t.Fatalf("failed to make endorsement: %v", err) } svsmAttestation.LaunchEndorsement = endorsement err = verifySEVSNPSVSMAttestation(verifySEVSNPSVSMOpts{ TEENonce: snpNonce[:], AKPub: akPubBytes, EKPub: ekBytes, SevValidateOpts: &validate.Options{GuestPolicy: sabi.SnpPolicy{ SMT: true, Debug: true, }}, }, svsmAttestation) if err == nil || !strings.Contains(err.Error(), tc.wantErrString) { t.Errorf("got err: %v, want err containing: %q", err, tc.wantErrString) } }) } } var emptyReportV4 = ` version: 4 policy: 0xb0000 signature_algo: 1 report_data: '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01' family_id: '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' image_id: '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' measurement: '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' host_data: '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' id_key_digest: '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' author_key_digest: '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' report_id: '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' report_id_ma: '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' cpuid1eax_fms: 0 chip_id: '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' signature: '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' ` func makeSnpAttestationReport(reportData []byte, vmpl int, measurement []byte) ([]byte, error) { reportProto := &sevpb.Report{} prototext.Unmarshal([]byte(emptyReportV4), reportProto) reportProto.ReportData = reportData reportProto.Vmpl = uint32(vmpl) reportProto.Measurement = measurement return sabi.ReportToAbiBytes(reportProto) } func makeFakeConfigfs(reportData []byte, ekPub []byte, vmpl int, measurement []byte) configfsi.Client { report := faketsm.Report611(0) report.ReadAttr = readFS(reportData, ekPub, vmpl, measurement) configfs := &faketsm.Client{Subsystems: map[string]configfsi.Client{ "report": report, }} return configfs } func makeFakeCerts() ([]byte, error) { b := &sgtest.AmdSignerBuilder{ Extras: map[string][]byte{sabi.ExtraPlatformInfoGUID: []byte("test")}, } s, err := b.TestOnlyCertChain() if err != nil { return nil, fmt.Errorf("failed to make test cert chain: %v", err) } certBytes, err := s.CertTableBytes() if err != nil { return nil, fmt.Errorf("failed to serialize test cert chain: %v", err) } return certBytes, nil } func readFS(reportData []byte, ekPub []byte, vmpl int, measurement []byte) func(*faketsm.ReportEntry, string) ([]byte, error) { return func(_ *faketsm.ReportEntry, attr string) ([]byte, error) { switch attr { case "provider": return []byte("fake\n"), nil case "auxblob": return makeFakeCerts() case "outblob": return makeSnpAttestationReport(reportData, vmpl, measurement) case "privlevel_floor": return []byte(strconv.Itoa(vmpl)), nil case "manifestblob": return ekPub, nil } return nil, os.ErrNotExist } } go-tpm-tools-0.4.7/cmd/token.go000066400000000000000000000152761510276467000163200ustar00rootroot00000000000000package cmd import ( "context" "encoding/json" "errors" "fmt" "log" "net/http" "time" "cloud.google.com/go/compute/metadata" "cloud.google.com/go/logging" "github.com/golang-jwt/jwt/v4" "github.com/google/go-tpm-tools/client" "github.com/google/go-tpm-tools/verifier" "github.com/google/go-tpm-tools/verifier/models" "github.com/google/go-tpm-tools/verifier/util" "github.com/google/go-tpm/legacy/tpm2" "github.com/spf13/cobra" "google.golang.org/api/option" "google.golang.org/grpc" "google.golang.org/grpc/credentials/insecure" ) var mockCloudLoggingServerAddress string const toolName = "gotpm" // If hardware technology needs a variable length teenonce then please modify the flags description var tokenCmd = &cobra.Command{ Use: "token", Short: "Attest and fetch an OIDC token from Google Attestation Verification Service.", Long: `Gather attestation report and send it to Google Attestation Verification Service for an OIDC token. The OIDC token includes claims regarding the GCE VM, which is verified by Attestation Verification Service. Note that Confidential Computing API needs to be enabled for your account to access Google Attestation Verification Service https://console.cloud.google.com/apis/api/confidentialcomputing.googleapis.com. --algo flag overrides the public key algorithm for the GCE TPM attestation key. If not provided then by default rsa is used. `, Args: cobra.NoArgs, RunE: func(*cobra.Command, []string) error { rwc, err := openTpm() if err != nil { return err } defer rwc.Close() // Metadata Server (MDS). A GCP specific client. mdsClient := metadata.NewClient(nil) ctx := context.Background() fmt.Fprintf(debugOutput(), "Attestation Address is set to %s\n", asAddress) region, err := util.GetRegion(mdsClient) if err != nil { return fmt.Errorf("failed to fetch Region from MDS, the tool is probably not running in a GCE VM: %v", err) } projectID, err := mdsClient.ProjectIDWithContext(ctx) if err != nil { return fmt.Errorf("failed to retrieve ProjectID from MDS: %v", err) } verifierClient, err := util.NewRESTClient(ctx, asAddress, projectID, region) if err != nil { return fmt.Errorf("failed to create REST verifier client: %v", err) } // Supports GCE VM. Hard code the AK type. Set GCE AK (EK signing) cert var gceAK *client.Key var usedKeyAlgo string if keyAlgo == tpm2.AlgRSA { usedKeyAlgo = "RSA" gceAK, err = client.GceAttestationKeyRSA(rwc) } if keyAlgo == tpm2.AlgECC { usedKeyAlgo = "ECC" gceAK, err = client.GceAttestationKeyECC(rwc) } if err != nil { return err } if gceAK.Cert() == nil { return errors.New("failed to find GCE AK Certificate on this VM: try creating a new VM or verifying the VM has an EK cert using get-shielded-identity gcloud command. The used key algorithm is: " + usedKeyAlgo) } gceAK.Close() var cloudLogClient *logging.Client var cloudLogger *logging.Logger if cloudLog { if audience == "" { return errors.New("cloud logging requires the --audience flag") } if mockCloudLoggingServerAddress != "" { conn, err := grpc.NewClient(mockCloudLoggingServerAddress, grpc.WithTransportCredentials(insecure.NewCredentials())) if err != nil { log.Fatalf("dialing %q: %v", mockCloudLoggingServerAddress, err) } cloudLogClient, err = logging.NewClient(ctx, TestProjectID, option.WithGRPCConn(conn)) if err != nil { return fmt.Errorf("failed to create cloud logging client for mock cloud logging server: %w", err) } } else { cloudLogClient, err = logging.NewClient(ctx, projectID) if err != nil { return fmt.Errorf("failed to create cloud logging client: %w", err) } } cloudLogger = cloudLogClient.Logger(toolName) fmt.Fprintf(debugOutput(), "cloudLogger created for project: %s\n", projectID) } key = "gceAK" fmt.Fprint(debugOutput(), "Fetching attestation verifier OIDC token\n") challenge, err := verifierClient.CreateChallenge(ctx) if err != nil { return err } principalTokens, err := util.PrincipalFetcher(challenge.Name, mdsClient) if err != nil { return fmt.Errorf("failed to get principal tokens: %w", err) } ak, err := attestationKeys[key][keyAlgo](rwc) if err != nil { return fmt.Errorf("failed to get an AK: %w", err) } attestation, err := ak.Attest(client.AttestOpts{Nonce: challenge.Nonce, CertChainFetcher: http.DefaultClient}) if err != nil { return fmt.Errorf("failed to attest: %v", err) } ak.Close() req := verifier.VerifyAttestationRequest{ Challenge: challenge, GcpCredentials: principalTokens, Attestation: attestation, TokenOptions: &models.TokenOptions{Audience: audience, Nonces: customNonce, TokenType: "OIDC"}, } resp, err := verifierClient.VerifyAttestation(ctx, req) if err != nil { return err } if len(resp.PartialErrs) > 0 { fmt.Fprintf(debugOutput(), "partial errors from VerifyAttestation: %v", resp.PartialErrs) } token := resp.ClaimsToken // Get token expiration. claims := &jwt.RegisteredClaims{} _, _, err = jwt.NewParser().ParseUnverified(string(token), claims) if err != nil { return fmt.Errorf("failed to parse token: %w", err) } now := time.Now() if !now.Before(claims.ExpiresAt.Time) { return errors.New("token is expired") } // Print out the claims in the jwt payload mapClaims := jwt.MapClaims{} _, _, err = jwt.NewParser().ParseUnverified(string(token), mapClaims) if err != nil { return fmt.Errorf("failed to parse token: %w", err) } claimsString, err := json.MarshalIndent(mapClaims, "", " ") if err != nil { return fmt.Errorf("failed to format claims: %w", err) } if output == "" { fmt.Fprintf(messageOutput(), "%s\n", string(token)) } else { out := []byte(token) if _, err := dataOutput().Write(out); err != nil { return fmt.Errorf("failed to write the token: %v", err) } } if cloudLog { cloudLogger.Log(logging.Entry{Payload: challenge}) cloudLogger.Log(logging.Entry{Payload: attestation}) cloudLogger.Log(logging.Entry{Payload: map[string]string{"token": string(token)}}) cloudLogger.Log(logging.Entry{Payload: mapClaims}) cloudLogClient.Close() if err != nil { return fmt.Errorf("failed to close cloud logging client: %w", err) } } fmt.Fprintf(debugOutput(), "%s\nNote: these Claims are for debugging purpose and not verified\n", string(claimsString)) return nil }, } func init() { RootCmd.AddCommand(tokenCmd) addOutputFlag(tokenCmd) addPublicKeyAlgoFlag(tokenCmd) addAsAddressFlag(tokenCmd) addCloudLoggingFlag(tokenCmd) addAudienceFlag(tokenCmd) addEventLogFlag(tokenCmd) addCustomNonceFlag(tokenCmd) // TODO: Add TEE hardware OIDC token generation // addTeeNonceflag(tokenCmd) // addTeeTechnology(tokenCmd) } go-tpm-tools-0.4.7/cmd/token_test.go000066400000000000000000000206071510276467000173510ustar00rootroot00000000000000package cmd import ( "crypto" "crypto/rand" "crypto/rsa" "crypto/x509" "io" "math/big" "os" "path/filepath" "strings" "testing" "time" "github.com/google/go-tpm-tools/client" "github.com/google/go-tpm-tools/internal/test" "github.com/google/go-tpm-tools/verifier/util" "github.com/google/go-tpm/legacy/tpm2" "github.com/google/go-tpm/tpmutil" "golang.org/x/oauth2" "golang.org/x/oauth2/google" ) func TestTokenWithGCEAK(t *testing.T) { rwc := test.GetTPM(t) defer client.CheckedClose(t, rwc) ExternalTPM = rwc secretFile1 := makeOutputFile(t, "token") defer os.RemoveAll(secretFile1) var template = map[string]tpm2.Public{ "rsa": GCEAKTemplateRSA(), "ecc": GCEAKTemplateECC(), } tests := []struct { name string algo string fail bool }{ {"gceAK:RSA", "rsa", true}, {"gceAK:RSA", "rsa", false}, {"gceAK:ECC", "ecc", false}, } for _, op := range tests { t.Run(op.name, func(t *testing.T) { gceAkTemplate, err := template[op.algo].Encode() if err != nil { t.Fatalf("failed to encode GCEAKTemplateRSA: %v", err) } err = setGCEAKCertTemplate(t, rwc, op.algo, gceAkTemplate) if err != nil { t.Error(err) } defer tpm2.NVUndefineSpace(rwc, "", tpm2.HandlePlatform, tpmutil.Handle(getIndex[op.algo])) defer tpm2.NVUndefineSpace(rwc, "", tpm2.HandlePlatform, tpmutil.Handle(getCertIndex[op.algo])) var dummyMetaInstance = util.Instance{ProjectID: "test-project", ProjectNumber: "1922337278274", Zone: "us-central-1a", InstanceID: "12345678", InstanceName: "default"} mockMdsServer, err := util.NewMetadataServer(dummyMetaInstance) if err != nil { t.Error(err) } defer mockMdsServer.Stop() mockOauth2Server, err := util.NewMockOauth2Server() if err != nil { t.Error(err) } defer mockOauth2Server.Stop() // Endpoint is Google's OAuth 2.0 default endpoint. Change to mock server. google.Endpoint = oauth2.Endpoint{ AuthURL: mockOauth2Server.Server.URL + "/o/oauth2/auth", TokenURL: mockOauth2Server.Server.URL + "/token", AuthStyle: oauth2.AuthStyleInParams, } mockAttestationServer, err := util.NewMockAttestationServer() if err != nil { t.Error(err) } defer mockAttestationServer.Stop() mockCloudLoggingServerAddress, err = newMockCloudLoggingServer() if err != nil { t.Error(err) } if op.fail { RootCmd.SetArgs([]string{"token", "--algo", op.algo, "--output", secretFile1, "--verifier-endpoint", mockAttestationServer.Server.URL, "--cloud-log", "--audience", util.FakeCustomAudience, "--custom-nonce", "fail test"}) if err := RootCmd.Execute(); err != nil && !strings.Contains(err.Error(), "googleapi: Error 400") { t.Error(err) } } else { RootCmd.SetArgs([]string{"token", "--algo", op.algo, "--output", secretFile1, "--verifier-endpoint", mockAttestationServer.Server.URL, "--cloud-log", "--audience", util.FakeCustomAudience, "--custom-nonce", util.FakeCustomNonce[0], "--custom-nonce", util.FakeCustomNonce[1]}) if err := RootCmd.Execute(); err != nil { t.Error(err) } } // reset custom-nonce customNonce = nil }) } } func TestCopiedCustomEventLogFile(t *testing.T) { if os.Getenv("RUN_TestCopiedCustomEventLogFile") != "true" { t.Skip("Skipping test: run this test manually with `go test -c -v ./cmd/...` and `sudo RUN_TestCopiedCustomEventLogFile=true ./cmd.test -test.run TestCopiedCustomEventLogFile`") } ExternalTPM = nil var dummyMetaInstance = util.Instance{ProjectID: "test-project", ProjectNumber: "1922337278274", Zone: "us-central-1a", InstanceID: "12345678", InstanceName: "default"} mockMdsServer, err := util.NewMetadataServer(dummyMetaInstance) if err != nil { t.Error(err) } defer mockMdsServer.Stop() mockOauth2Server, err := util.NewMockOauth2Server() if err != nil { t.Error(err) } defer mockOauth2Server.Stop() // Endpoint is Google's OAuth 2.0 default endpoint. Change to mock server. google.Endpoint = oauth2.Endpoint{ AuthURL: mockOauth2Server.Server.URL + "/o/oauth2/auth", TokenURL: mockOauth2Server.Server.URL + "/token", AuthStyle: oauth2.AuthStyleInParams, } mockAttestationServer, err := util.NewMockAttestationServer() if err != nil { t.Error(err) } defer mockAttestationServer.Stop() tmpDir := t.TempDir() srcPath := "/sys/kernel/security/tpm0/binary_bios_measurements" destPath := filepath.Join(tmpDir, "copied_binary_bios_measurements") // Read the contents of the source file data, err := os.ReadFile(srcPath) if err != nil { t.Fatal("Failed to read source file:", err) } // Write the contents to the destination file err = os.WriteFile(destPath, data, 0644) if err != nil { t.Fatal("Failed to write destination file:", err) } RootCmd.SetArgs([]string{"token", "--verifier-endpoint", mockAttestationServer.Server.URL, "--event-log", destPath}) if err := RootCmd.Execute(); err != nil { t.Error(err) } } // Need to call tpm2.NVUndefinespace twice on the handle with authHandle tpm2.HandlePlatform. // e.g defer tpm2.NVUndefineSpace(rwc, "", tpm2.HandlePlatform, tpmutil.Handle(client.GceAKTemplateNVIndexRSA)) // defer tpm2.NVUndefineSpace(rwc, "", tpm2.HandlePlatform, tpmutil.Handle(client.GceAKCertNVIndexRSA)) func setGCEAKCertTemplate(tb testing.TB, rwc io.ReadWriteCloser, algo string, akTemplate []byte) error { var err error // Write AK template to NV memory if err := tpm2.NVDefineSpace(rwc, tpm2.HandlePlatform, tpmutil.Handle(getIndex[algo]), "", "", nil, tpm2.AttrPPWrite|tpm2.AttrPPRead|tpm2.AttrWriteDefine|tpm2.AttrOwnerRead|tpm2.AttrAuthRead|tpm2.AttrPlatformCreate|tpm2.AttrNoDA, uint16(len(akTemplate))); err != nil { tb.Fatalf("NVDefineSpace failed: %v", err) } err = tpm2.NVWrite(rwc, tpm2.HandlePlatform, tpmutil.Handle(getIndex[algo]), "", akTemplate, 0) if err != nil { tb.Fatalf("failed to write NVIndex: %v", err) } // create self-signed AK cert getAttestationKeyFunc := getAttestationKey[algo] attestKey, err := getAttestationKeyFunc(rwc) if err != nil { tb.Fatalf("Unable to create key: %v", err) } defer attestKey.Close() // create self-signed Root CA ca, caKey := getTestCert(tb, nil, nil, nil) // sign the attestation key certificate akCert, _ := getTestCert(tb, attestKey.PublicKey(), ca, caKey) if err = attestKey.SetCert(akCert); err != nil { tb.Errorf("SetCert() returned error: %v", err) } // write test AK cert. // size need to be less than 1024 (MAX_NV_BUFFER_SIZE). If not, split before write. certASN1 := akCert.Raw // write to gceAK slot in NV memory if err := tpm2.NVDefineSpace(rwc, tpm2.HandlePlatform, tpmutil.Handle(getCertIndex[algo]), "", "", nil, tpm2.AttrPPWrite|tpm2.AttrPPRead|tpm2.AttrWriteDefine|tpm2.AttrOwnerRead|tpm2.AttrAuthRead|tpm2.AttrPlatformCreate|tpm2.AttrNoDA, uint16(len(certASN1))); err != nil { tb.Fatalf("NVDefineSpace failed: %v", err) } err = tpm2.NVWrite(rwc, tpm2.HandlePlatform, tpmutil.Handle(getCertIndex[algo]), "", certASN1, 0) if err != nil { tb.Fatalf("failed to write NVIndex: %v", err) } return nil } var getCertIndex = map[string]uint32{ "rsa": client.GceAKCertNVIndexRSA, "ecc": client.GceAKCertNVIndexECC, } var getAttestationKey = map[string]func(rw io.ReadWriter) (*client.Key, error){ "rsa": client.GceAttestationKeyRSA, "ecc": client.GceAttestationKeyECC, } // Returns an x509 Certificate for the provided pubkey, signed with the provided parent certificate and key. // If the provided fields are nil, will create a self-signed certificate. func getTestCert(tb testing.TB, pubKey crypto.PublicKey, parentCert *x509.Certificate, parentKey *rsa.PrivateKey) (*x509.Certificate, *rsa.PrivateKey) { certKey, _ := rsa.GenerateKey(rand.Reader, 2048) template := &x509.Certificate{ SerialNumber: big.NewInt(1), NotBefore: time.Now(), NotAfter: time.Now().AddDate(10, 0, 0), KeyUsage: x509.KeyUsageCertSign | x509.KeyUsageCRLSign, ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, BasicConstraintsValid: true, IsCA: true, MaxPathLenZero: true, } if pubKey == nil && parentCert == nil && parentKey == nil { pubKey = certKey.Public() parentCert = template parentKey = certKey } certBytes, err := x509.CreateCertificate(rand.Reader, template, parentCert, pubKey, parentKey) if err != nil { tb.Fatalf("Unable to create test certificate: %v", err) } cert, err := x509.ParseCertificate(certBytes) if err != nil { tb.Fatalf("Unable to parse test certificate: %v", err) } return cert, certKey } go-tpm-tools-0.4.7/cmd/verify.go000066400000000000000000000124361510276467000164770ustar00rootroot00000000000000package cmd import ( "crypto" "fmt" "io" "github.com/google/go-sev-guest/proto/sevsnp" sv "github.com/google/go-sev-guest/verify" "github.com/google/go-tdx-guest/proto/tdx" tv "github.com/google/go-tdx-guest/verify" pb "github.com/google/go-tpm-tools/proto/attest" "github.com/google/go-tpm-tools/server" "github.com/google/go-tpm/legacy/tpm2" "github.com/spf13/cobra" "google.golang.org/protobuf/proto" ) var verifyCmd = &cobra.Command{ Use: "verify", Short: "Verify a remote attestation report.", Args: cobra.NoArgs, } var debugCmd = &cobra.Command{ Use: "debug", Short: "Debug the contents of an attestation report without verifying its root-of-trust (e.g., attestation key certificate). For debugging purposes only", RunE: func(*cobra.Command, []string) error { attestationBytes, err := io.ReadAll(dataInput()) if err != nil { return err } attestation := &pb.Attestation{} if format == "binarypb" { err = proto.Unmarshal(attestationBytes, attestation) } else if format == "textproto" { err = unmarshalOptions.Unmarshal(attestationBytes, attestation) } else { return fmt.Errorf("format should be either binarypb or textproto") } if err != nil { return fmt.Errorf("fail to unmarshal attestation report: %v", err) } pub, err := tpm2.DecodePublic(attestation.GetAkPub()) if err != nil { return err } cryptoPub, err := pub.Key() if err != nil { return err } // TODO(#524): create separate, discrete subcommands that verifies SNP and TDX attestation. ms, err := server.VerifyAttestation(attestation, server.VerifyOpts{Nonce: nonce, TrustedAKs: []crypto.PublicKey{cryptoPub}}) if err != nil { return fmt.Errorf("verifying TPM attestation: %w", err) } err = verifyGceTechnology(attestation) if err != nil { return fmt.Errorf("verifying TEE attestation: %w", err) } teeMS, err := parseTEEAttestation(attestation, ms.GetPlatform().Technology) if err != nil { return fmt.Errorf("failed to parse machineState from TEE attestation: %w", err) } ms.TeeAttestation = teeMS.TeeAttestation out, err := marshalOptions.Marshal(ms) if err != nil { return nil } if _, err := dataOutput().Write(out); err != nil { return fmt.Errorf("failed to write verified attestation report: %v", err) } return nil }, } // parseTEEAttestation parses a machineState from TeeAttestation. // For now it simply populates the machineState TeeAttestation field with the verified TDX/SNP data. // In long term, it should parse a full machineState from TeeAttestation. func parseTEEAttestation(attestation *pb.Attestation, tech pb.GCEConfidentialTechnology) (*pb.MachineState, error) { switch tech { case pb.GCEConfidentialTechnology_AMD_SEV_SNP: tee, ok := attestation.TeeAttestation.(*pb.Attestation_SevSnpAttestation) if !ok { return nil, fmt.Errorf("TEE attestation is %T, expected a SevSnpAttestation", attestation.GetTeeAttestation()) } return &pb.MachineState{ TeeAttestation: &pb.MachineState_SevSnpAttestation{ SevSnpAttestation: proto.Clone(tee.SevSnpAttestation).(*sevsnp.Attestation), }}, nil case pb.GCEConfidentialTechnology_INTEL_TDX: tee, ok := attestation.TeeAttestation.(*pb.Attestation_TdxAttestation) if !ok { return nil, fmt.Errorf("TEE attestation is %T, expected a TdxAttestation", attestation.GetTeeAttestation()) } return &pb.MachineState{ TeeAttestation: &pb.MachineState_TdxAttestation{ TdxAttestation: proto.Clone(tee.TdxAttestation).(*tdx.QuoteV4), }}, nil default: return &pb.MachineState{}, nil } } func verifyGceTechnology(attestation *pb.Attestation) error { if attestation.GetTeeAttestation() == nil { return nil } switch attestation.GetTeeAttestation().(type) { case *pb.Attestation_TdxAttestation: var tdxOpts *verifyTdxOpts if len(teeNonce) != 0 { tdxOpts = &verifyTdxOpts{ Validation: tdxDefaultValidateOpts(teeNonce), Verification: tv.DefaultOptions(), } } else { tdxOpts = &verifyTdxOpts{ Validation: tdxDefaultValidateOpts(nonce), Verification: tv.DefaultOptions(), } } tee, ok := attestation.TeeAttestation.(*pb.Attestation_TdxAttestation) if !ok { return fmt.Errorf("TEE attestation is %T, expected a TdxAttestation", attestation.GetTeeAttestation()) } return verifyTdxAttestation(tee.TdxAttestation, tdxOpts) case *pb.Attestation_SevSnpAttestation: var snpOpts *verifySnpOpts if len(teeNonce) != 0 { snpOpts = &verifySnpOpts{ Validation: sevSnpDefaultValidateOpts(teeNonce), Verification: &sv.Options{}, } } else { snpOpts = &verifySnpOpts{ Validation: sevSnpDefaultValidateOpts(nonce), Verification: &sv.Options{}, } } tee, ok := attestation.TeeAttestation.(*pb.Attestation_SevSnpAttestation) if !ok { return fmt.Errorf("TEE attestation is %T, expected a SevSnpAttestation", attestation.GetTeeAttestation()) } return verifySevSnpAttestation(tee.SevSnpAttestation, snpOpts) default: return fmt.Errorf("unknown attestation type: %T", attestation.GetTeeAttestation()) } } func init() { RootCmd.AddCommand(verifyCmd) verifyCmd.AddCommand(debugCmd) addNonceFlag(debugCmd) addOutputFlag(debugCmd) addInputFlag(debugCmd) addFormatFlag(debugCmd) addTeeNonceflag(debugCmd) addCertifiedAKBlobFlag(debugCmd) debugCmd.AddCommand(verifySVSMCmd) addEKPubFlag(verifySVSMCmd) addTeeTechnology(verifySVSMCmd) } go-tpm-tools-0.4.7/cmd/verify_sev.go000066400000000000000000000027471510276467000173600ustar00rootroot00000000000000package cmd import ( sabi "github.com/google/go-sev-guest/abi" spb "github.com/google/go-sev-guest/proto/sevsnp" "github.com/google/go-sev-guest/validate" sv "github.com/google/go-sev-guest/verify" ) // The policy on GCE is to allow SMT, and eventually MigrateMA, but no debug bit. var defaultSevSnpGuestPolicy = sabi.SnpPolicy{ SMT: true, MigrateMA: true, } // verifySnpOpts allows for customizing the functionality of VerifyAttestation's SEV-SNP verification. type verifySnpOpts struct { Validation *validate.Options Verification *sv.Options } // sevSnpDefaultValidateOpts returns a default validation policy for SEV-SNP attestation reports on GCE. func sevSnpDefaultValidateOpts(tpmNonce []byte) *validate.Options { policy := &validate.Options{GuestPolicy: defaultSevSnpGuestPolicy} policy.ReportData = make([]byte, sabi.ReportDataSize) copy(policy.ReportData, tpmNonce) return policy } // verifySevSnpAttestation checks that the SEV-SNP attestation report matches expectations for the // product. func verifySevSnpAttestation(attestation *spb.Attestation, opts *verifySnpOpts) error { // Check that the report is signed by a valid AMD key. Do not check revocations. This must be // done before validation to ensure the certificates are filled in by the verify library. if err := sv.SnpAttestation(attestation, opts.Verification); err != nil { return err } // Check that the fields of the report are acceptable. return validate.SnpAttestation(attestation, opts.Validation) } go-tpm-tools-0.4.7/cmd/verify_svsm.go000066400000000000000000000201021510276467000175340ustar00rootroot00000000000000package cmd import ( "bytes" "crypto" "crypto/sha512" "crypto/x509" "errors" "fmt" "time" apb "github.com/google/go-tpm-tools/proto/attest" "google.golang.org/protobuf/proto" "github.com/google/gce-tcb-verifier/gcetcbendorsement" epb "github.com/google/gce-tcb-verifier/proto/endorsement" tcbv "github.com/google/gce-tcb-verifier/verify" sabi "github.com/google/go-sev-guest/abi" "github.com/google/go-sev-guest/validate" "github.com/google/go-sev-guest/verify" "github.com/google/go-sev-guest/verify/trust" tpb "github.com/google/go-tpm-tools/proto/tpm" "github.com/google/go-tpm-tools/server" "github.com/google/go-tpm/legacy/tpm2" "github.com/spf13/cobra" ) var errSvsmNeedsTeeNonce = errors.New("tee-nonce should be specified when using verify debug svsm") var ( certifiedAKBlobPath string trustedEKPub string ) func addCertifiedAKBlobFlag(cmd *cobra.Command) { cmd.PersistentFlags().StringVar(&certifiedAKBlobPath, "certified-ak-blob", "", "Specify path to certified AK blob produced from TPM registration.") } func addEKPubFlag(cmd *cobra.Command) { cmd.PersistentFlags().StringVar(&trustedEKPub, "ek-pub", "", "Specify path to EK pub used in TPM registration.") } var verifySVSMCmd = &cobra.Command{ Use: "svsm", Short: `Debug the contents of an SevSnpSvsmAttestation. Currently only supported with sev-snp. For debugging purposes only.`, RunE: func(*cobra.Command, []string) error { if teeTechnology != SevSnp { return errSvsmOnlySupportedWithSevSnp } if len(teeNonce) == 0 { return errSvsmNeedsTeeNonce } svsmAttestation := &apb.SevSnpSvsmAttestation{} err := readProtoFromPath(input, svsmAttestation) if err != nil { return fmt.Errorf("failed to read svsm attestation: %w", err) } blob := &tpb.CertifiedBlob{} err = readProtoFromPath(certifiedAKBlobPath, blob) if err != nil { return fmt.Errorf("failed to read certified ak blob: %w", err) } ekpub, err := readBytes(trustedEKPub) if err != nil { return fmt.Errorf("failed to read ek-pub: %w", err) } rot, err := getRootOfTrust() if err != nil { return fmt.Errorf("failed to get root of trust: %w", err) } err = verifySEVSNPSVSMAttestation(verifySEVSNPSVSMOpts{ TEENonce: teeNonce, SevVerifyOpts: &verify.Options{}, SevValidateOpts: &validate.Options{ GuestPolicy: sabi.SnpPolicy{ SMT: true, }, }, EndorsementOpts: &tcbv.Options{ RootsOfTrust: rot, Now: time.Now(), }, AKPub: blob.PubArea, EKPub: ekpub, }, svsmAttestation) if err != nil { return fmt.Errorf("failed to verify snp svsm attestation: %w", err) } pub, err := tpm2.DecodePublic(svsmAttestation.GetAttestation().GetAkPub()) if err != nil { return err } cryptoPub, err := pub.Key() if err != nil { return err } ms, err := server.VerifyAttestation(svsmAttestation.GetAttestation(), server.VerifyOpts{Nonce: nonce, TrustedAKs: []crypto.PublicKey{cryptoPub}}) if err != nil { return fmt.Errorf("verifying TPM attestation: %w", err) } ms.TeeAttestation = &apb.MachineState_SevSnpAttestation{ SevSnpAttestation: svsmAttestation.SevSnpAttestation, } out, err := marshalOptions.Marshal(ms) if err != nil { return nil } if _, err := dataOutput().Write(out); err != nil { return fmt.Errorf("failed to write verified attestation report: %v", err) } return nil }, } func getRootOfTrust() (*x509.CertPool, error) { data, err := trust.DefaultHTTPSGetter().Get(gcetcbendorsement.DefaultRootURL) if err != nil { return nil, fmt.Errorf("failed to get root certificate: %w", err) } // Certificate may be PEM, but also may be DER. rot := x509.NewCertPool() if !rot.AppendCertsFromPEM(data) { rootCert, err := x509.ParseCertificate(data) if err != nil { return nil, fmt.Errorf("failed to parse root certificate as PEM or DER") } rot.AddCert(rootCert) } return rot, nil } // Options to configure verifySEVSNPSVSMAttestation. type verifySEVSNPSVSMOpts struct { // Nonce that was used to generate the SNP attestation report while using SVSM as service provider. TEENonce []byte // Options for verifying the SNP attestation report, leave as nil to skip report verification. SevVerifyOpts *verify.Options // The validation options for VMPL, measurement, and report data will be overwritten to undertake the expected values for SVSM. // Validation options should not be left as nil. SevValidateOpts *validate.Options // Options for verifying the VMLaunchEndorsement, leave as nil to skip verifying endorsement EndorsementOpts *tcbv.Options // An AKPub that is trusted. // For vtpm service manifest version 0, this should be sourced from a TPM // registration process such as seen in client/import_certify.go. AKPub []byte // EkPub that the AKPub is co-resident with. EKPub []byte } var ( errVtpmServiceManifestEkDoesntMatch = errors.New("service manifest does not match EK pub that was certified against") errUnsupportedVTPMServiceManifestVersion = errors.New("only vtpm service manifest version 0 is supported") errMismatchingAK = errors.New("certified AK does not match attested AK") ) // verifySEVSNPSVSMAttestation checks the SNP attestation report, values in it, // and bindings between the SVSM vTPM, SNP attestation report, and vTPM service // manifest. To verify the launch measurement in the attestation report, we // also verify the endorsement itself. func verifySEVSNPSVSMAttestation(svsmOpts verifySEVSNPSVSMOpts, svsmAttestation *apb.SevSnpSvsmAttestation) error { var err error if svsmOpts.SevVerifyOpts != nil { err = verify.SnpAttestation(svsmAttestation.GetSevSnpAttestation(), svsmOpts.SevVerifyOpts) if err != nil { return fmt.Errorf("SNP attestation verification failed: %w", err) } } svsmVMPL := 0 svsmOpts.SevValidateOpts.VMPL = &svsmVMPL svsmOpts.SevValidateOpts.Measurement, err = getExpectedMeasurement(svsmAttestation.GetLaunchEndorsement()) if err != nil { return fmt.Errorf("failed to get expected svsm measurement: %w", err) } svsmOpts.SevValidateOpts.ReportData, err = getExpectedReportData(svsmOpts, svsmAttestation) if err != nil { return fmt.Errorf("failed to get expected report data: %w", err) } err = validate.SnpAttestation(svsmAttestation.GetSevSnpAttestation(), svsmOpts.SevValidateOpts) if err != nil { return fmt.Errorf("SNP attestation validation failed: %w", err) } if svsmOpts.EndorsementOpts != nil { err = tcbv.Endorsement(svsmAttestation.LaunchEndorsement, svsmOpts.EndorsementOpts) if err != nil { return fmt.Errorf("failed to verify launch endorsement: %w", err) } } if !bytes.Equal(svsmOpts.AKPub, svsmAttestation.Attestation.GetAkPub()) { return errMismatchingAK } return nil } // getExpectedReportData the expected report data for the v0 vtpm service manifest version // defined in the SVSM specification at https://www.amd.com/en/developer/sev.html // This corresponds to attest_single_vtpm() defined in // https://github.com/coconut-svsm/svsm/blob/main/kernel/src/protocols/attest.rs#L336 func getExpectedReportData(svsmOpts verifySEVSNPSVSMOpts, svsmAttestation *apb.SevSnpSvsmAttestation) ([]byte, error) { if svsmAttestation.GetVtpmServiceManifestVersion() != "0" { return nil, errUnsupportedVTPMServiceManifestVersion } if !bytes.Equal(svsmOpts.EKPub, svsmAttestation.VtpmServiceManifest) { return nil, errVtpmServiceManifestEkDoesntMatch } h := sha512.New() if len(svsmOpts.TEENonce) != sabi.ReportDataSize { return nil, fmt.Errorf("the teeNonce size is %d. SEV-SNP device requires 64", len(svsmOpts.TEENonce)) } h.Write(svsmOpts.TEENonce[:]) h.Write(svsmAttestation.GetVtpmServiceManifest()) return h.Sum(nil), nil } func getExpectedMeasurement(endorsement []byte) ([]byte, error) { LaunchEndorsement := &epb.VMLaunchEndorsement{} err := proto.Unmarshal(endorsement, LaunchEndorsement) if err != nil { return nil, fmt.Errorf("failed to unmarshal endorsement: %w", err) } golden := &epb.VMGoldenMeasurement{} err = proto.Unmarshal(LaunchEndorsement.GetSerializedUefiGolden(), golden) if err != nil { return nil, fmt.Errorf("failed to unserialize golden uefi: %w", err) } return golden.GetSevSnp().GetSvsmMeasurement(), nil } go-tpm-tools-0.4.7/cmd/verify_tdx.go000066400000000000000000000026361510276467000173570ustar00rootroot00000000000000package cmd import ( tabi "github.com/google/go-tdx-guest/abi" "github.com/google/go-tdx-guest/validate" tv "github.com/google/go-tdx-guest/verify" ) // verifyTdxOpts allows for customizing the functionality of VerifyAttestation's TDX verification. type verifyTdxOpts struct { Validation *validate.Options Verification *tv.Options } // tdxDefaultValidateOpts returns a default validation policy for TDX attestation quote on GCE. func tdxDefaultValidateOpts(tdxNonce []byte) *validate.Options { policy := &validate.Options{HeaderOptions: validate.HeaderOptions{}, TdQuoteBodyOptions: validate.TdQuoteBodyOptions{}} policy.TdQuoteBodyOptions.ReportData = make([]byte, tabi.ReportDataSize) copy(policy.TdQuoteBodyOptions.ReportData, tdxNonce) return policy } // verifyTdxAttestation checks that the TDX attestation quote is valid. The TEE-specific attestation // quote is extracted from the Attestation protobuf. At a granular level, this quote is fetched via // go-tdx-guest's GetQuote client API. // Supported quote formats - QuoteV4. func verifyTdxAttestation(tdxAttestationQuote any, opts *verifyTdxOpts) error { // Check that the quote contains valid signature and certificates. Do not check revocations. if err := tv.TdxQuote(tdxAttestationQuote, opts.Verification); err != nil { return err } // Check that the fields of the quote are acceptable return validate.TdxQuote(tdxAttestationQuote, opts.Validation) } go-tpm-tools-0.4.7/cmd/verify_test.go000066400000000000000000000160211510276467000175300ustar00rootroot00000000000000package cmd import ( "encoding/hex" "fmt" "os" "strings" "testing" tgtest "github.com/google/go-tdx-guest/testing" tgtestclient "github.com/google/go-tdx-guest/testing/client" tgtestdata "github.com/google/go-tdx-guest/testing/testdata" "github.com/google/go-tpm-tools/client" "github.com/google/go-tpm-tools/internal/test" pb "github.com/google/go-tpm-tools/proto/attest" "github.com/google/go-tpm-tools/verifier/util" "github.com/google/go-tpm/legacy/tpm2" "github.com/google/go-tpm/tpmutil" "google.golang.org/protobuf/proto" ) func TestVerifyNoncePass(t *testing.T) { rwc := test.GetTPM(t) defer client.CheckedClose(t, rwc) ExternalTPM = rwc file1 := makeOutputFile(t, "attest") file2 := makeOutputFile(t, "verify") defer os.RemoveAll(file1) defer os.RemoveAll(file2) RootCmd.SetArgs([]string{"attest", "--nonce", "1234", "--key", "AK", "--tee-nonce", "", "--output", file1, "--tee-technology", ""}) if err := RootCmd.Execute(); err != nil { t.Error(err) } RootCmd.SetArgs([]string{"verify", "debug", "--nonce", "1234", "--input", file1, "--output", file2}) if err := RootCmd.Execute(); err != nil { t.Error(err) } } func TestVerifyNonceFail(t *testing.T) { rwc := test.GetTPM(t) defer client.CheckedClose(t, rwc) ExternalTPM = rwc file1 := makeOutputFile(t, "attest") file2 := makeOutputFile(t, "verify") defer os.RemoveAll(file1) defer os.RemoveAll(file2) RootCmd.SetArgs([]string{"attest", "--nonce", "1234", "--output", file1}) if err := RootCmd.Execute(); err != nil { t.Error(err) } RootCmd.SetArgs([]string{"verify", "debug", "--nonce", "4321", "--input", file1, "--output", file2}) if err := RootCmd.Execute(); err == nil { t.Error("expected non-nil error") } } func TestVerifyWithGCEAK(t *testing.T) { rwc := test.GetTPM(t) defer client.CheckedClose(t, rwc) ExternalTPM = rwc file1 := makeOutputFile(t, "attest") file2 := makeOutputFile(t, "verify") defer os.RemoveAll(file1) defer os.RemoveAll(file2) var template = map[string]tpm2.Public{ "rsa": GCEAKTemplateRSA(), "ecc": GCEAKTemplateECC(), } tests := []struct { name string nonce string keyAlgo string }{ {"gceAK:RSA", "1234", "rsa"}, {"gceAK:ECC", "1234", "ecc"}, } for _, op := range tests { t.Run(op.name, func(t *testing.T) { data, err := template[op.keyAlgo].Encode() if err != nil { t.Fatalf("failed to encode GCEAKTemplateRSA: %v", err) } err = setGCEAKTemplate(t, rwc, op.keyAlgo, data) if err != nil { t.Error(err) } defer tpm2.NVUndefineSpace(rwc, "", tpm2.HandlePlatform, tpmutil.Handle(getIndex[op.keyAlgo])) var dummyInstance = util.Instance{ProjectID: "test-project", ProjectNumber: "1922337278274", Zone: "us-central-1a", InstanceID: "12345678", InstanceName: "default"} mock, err := util.NewMetadataServer(dummyInstance) if err != nil { t.Error(err) } defer mock.Stop() RootCmd.SetArgs([]string{"attest", "--nonce", op.nonce, "--key", "gceAK", "--algo", op.keyAlgo, "--output", file1, "--format", "binarypb", "--tee-technology", ""}) if err := RootCmd.Execute(); err != nil { t.Error(err) } RootCmd.SetArgs([]string{"verify", "debug", "--nonce", op.nonce, "--input", file1, "--output", file2}) if err := RootCmd.Execute(); err != nil { t.Error(err) } }) } } func TestHwAttestationPass(t *testing.T) { rwc := test.GetTPM(t) defer client.CheckedClose(t, rwc) ExternalTPM = rwc inputFile := makeOutputFile(t, "attest") outputFile := makeOutputFile(t, "attestout") defer os.RemoveAll(inputFile) defer os.RemoveAll(outputFile) teenonce := "12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678" tests := []struct { name string nonce string teetech string wanterr string }{ {"TdxPass", "1234", "tdx", "failed to create tdx quote provider"}, {"SevSnpPass", "1234", "sev-snp", "failed to open sev-snp device"}, } for _, op := range tests { t.Run(op.name, func(t *testing.T) { attestArgs := []string{"attest", "--nonce", op.nonce, "--key", "AK", "--output", inputFile, "--format", "textproto", "--tee-nonce", teenonce, "--tee-technology", op.teetech} RootCmd.SetArgs(attestArgs) if err := RootCmd.Execute(); err != nil { if !strings.Contains(err.Error(), op.wanterr) { t.Error(err) } } else { RootCmd.SetArgs([]string{"verify", "debug", "--nonce", op.nonce, "--input", inputFile, "--output", outputFile, "--format", "textproto", "--tee-nonce", teenonce}) if err := RootCmd.Execute(); err != nil { t.Error(err) } msBytes, err := os.ReadFile(outputFile) if err != nil { t.Fatalf("failed to read file: %v", err) } ms := &pb.MachineState{} err = proto.Unmarshal(msBytes, ms) if err != nil { t.Fatalf("failed to unmarshal proto: %v", err) } if ms.TeeAttestation == nil { t.Error("found nil TEE attestation, expected a set TEEattestation") } } }) } } func TestTdxAttestation(t *testing.T) { dir := t.TempDir() file1, err := os.Create(dir + "/attestFile") if err != nil { t.Fatal(err) } file2 := makeOutputFile(t, "verifyFile") defer os.RemoveAll(file2) tpmNonce := "1234" teeNonce := hex.EncodeToString(test.TdxReportData) wrongTeeNonce := hex.EncodeToString([]byte("wrongTdxNonce")) attestation, err := createAttestationWithFakeTdx([]byte(tpmNonce), test.TdxReportData, t) if err != nil { t.Fatal(err) } out := []byte(marshalOptions.Format(attestation)) file1.Write(out) hexTpmNonce := hex.EncodeToString([]byte(tpmNonce)) tests := []struct { name string tdxNonce string wantErr string }{ {"Correct TEE Nonce", teeNonce, ""}, {"Incorrect TEE Nonce", wrongTeeNonce, "quote field REPORT_DATA"}, {"Incorrect Nonce Using TPM Nonce", wrongTeeNonce, "quote field REPORT_DATA"}, } for _, op := range tests { t.Run(op.name, func(t *testing.T) { RootCmd.SetArgs([]string{"verify", "debug", "--nonce", hexTpmNonce, "--input", file1.Name(), "--output", file2, "--tee-nonce", op.tdxNonce, "--format", "textproto"}) if err := RootCmd.Execute(); (err == nil && op.wantErr != "") || (err != nil && !strings.Contains(err.Error(), op.wantErr)) { t.Errorf("Expected error: %v, got: %v", op.wantErr, err) } }) } } func createAttestationWithFakeTdx(tpmNonce []byte, teeNonce []byte, tb *testing.T) (*pb.Attestation, error) { tdxEventLog := test.CreateTpm2EventLog(3) // Enum 3- TDX rwc := test.GetSimulatorWithLog(tb, tdxEventLog) defer client.CheckedClose(tb, rwc) ak, err := client.AttestationKeyRSA(rwc) if err != nil { return nil, fmt.Errorf("failed to generate AK: %v", err) } defer ak.Close() var teeNonce64 [64]byte copy(teeNonce64[:], teeNonce) tdxTestDevice := tgtestclient.GetTdxGuest([]tgtest.TestCase{ { Input: teeNonce64, Quote: tgtestdata.RawQuote, }, }, tb) defer tdxTestDevice.Close() attestation, err := ak.Attest(client.AttestOpts{ Nonce: tpmNonce, TEEDevice: &client.TdxDevice{Device: tdxTestDevice}, TEENonce: teeNonce64[:], }) if err != nil { return nil, fmt.Errorf("failed to attest: %v", err) } return attestation, nil } go-tpm-tools-0.4.7/go.mod000066400000000000000000000015121510276467000152000ustar00rootroot00000000000000module github.com/google/go-tpm-tools go 1.22 toolchain go1.24.8 require ( github.com/google/go-attestation v0.5.1 github.com/google/go-cmp v0.6.0 github.com/google/go-configfs-tsm v0.3.3-0.20240919001351-b4b5b84fdcbc github.com/google/go-sev-guest v0.14.0 github.com/google/go-tdx-guest v0.3.2-0.20241009005452-097ee70d0843 github.com/google/go-tpm v0.9.6 github.com/google/logger v1.1.1 google.golang.org/protobuf v1.35.1 ) require ( github.com/google/certificate-transparency-go v1.1.2 // indirect github.com/google/go-eventlog v0.0.2-0.20241003021507-01bb555f7cba github.com/google/go-tspi v0.3.0 // indirect github.com/google/uuid v1.6.0 // indirect github.com/stretchr/testify v1.9.0 // indirect go.uber.org/multierr v1.11.0 // indirect golang.org/x/crypto v0.31.0 // indirect golang.org/x/sys v0.28.0 // indirect ) go-tpm-tools-0.4.7/go.sum000066400000000000000000003632121510276467000152350ustar00rootroot00000000000000bazil.org/fuse v0.0.0-20180421153158-65cc252bf669/go.mod h1:Xbm+BRKSBEpa4q4hTSxohYNQpsxXPbPry4JJWOB3LB8= bitbucket.org/creachadair/shell v0.0.6/go.mod h1:8Qqi/cYk7vPnsOePHroKXDJYmb5x7ENhtiFtfZq8K+M= cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= cloud.google.com/go v0.39.0/go.mod h1:rVLT6fkc8chs9sfPtFc1SBH6em7n+ZoXaG+87tDISts= cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU= cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= cloud.google.com/go v0.44.3/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc= cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0= cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To= cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4= cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M= cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc= cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk= cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs= cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc= cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY= cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI= cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk= cloud.google.com/go v0.75.0/go.mod h1:VGuuCn7PG0dwsd5XPVm2Mm3wlh3EL55/79EKB6hlPTY= cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg= cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8= cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= cloud.google.com/go v0.83.0/go.mod h1:Z7MJUsANfY0pYPdw0lbnivPx4/vhy/e2FEkSkF7vAVY= cloud.google.com/go v0.84.0/go.mod h1:RazrYuxIK6Kb7YrzzhPoLmCVzl7Sup4NrbKPg8KHSUM= cloud.google.com/go v0.87.0/go.mod h1:TpDYlFy7vuLzZMMZ+B6iRiELaY7z/gJPaqbMx6mlWcY= cloud.google.com/go v0.90.0/go.mod h1:kRX0mNRHe0e2rC6oNakvwQqzyDmg57xJ+SZU1eT2aDQ= cloud.google.com/go v0.92.2/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI= cloud.google.com/go v0.92.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI= cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk= cloud.google.com/go/monitoring v0.1.0/go.mod h1:Hpm3XfzJv+UTiXzCG5Ffp0wijzHTC7Cv4eR7o3x/fEE= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= cloud.google.com/go/spanner v1.17.0/go.mod h1:+17t2ixFwRG4lWRwE+5kipDR9Ef07Jkmc8z0IbMDKUs= cloud.google.com/go/spanner v1.18.0/go.mod h1:LvAjUXPeJRGNuGpikMULjhLj/t9cRvdc+fxRoLiugXA= cloud.google.com/go/spanner v1.25.0/go.mod h1:kQUft3x355hzzaeFbObjsvkzZDgpDkesp3v75WBnI8w= cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= cloud.google.com/go/trace v0.1.0/go.mod h1:wxEwsoeRVPbeSkt7ZC9nWCgmoKQRAoySN7XHW2AmI7g= code.gitea.io/sdk/gitea v0.11.3/go.mod h1:z3uwDV/b9Ls47NGukYM9XhnHtqPh/J+t40lsUrR6JDY= contrib.go.opencensus.io/exporter/aws v0.0.0-20181029163544-2befc13012d0/go.mod h1:uu1P0UCM/6RbsMrgPa98ll8ZcHM858i/AD06a9aLRCA= contrib.go.opencensus.io/exporter/ocagent v0.5.0/go.mod h1:ImxhfLRpxoYiSq891pBrLVhN+qmP8BTVvdH2YLs7Gl0= contrib.go.opencensus.io/exporter/stackdriver v0.12.1/go.mod h1:iwB6wGarfphGGe/e5CWqyUk/cLzKnWsOKPVW3no6OTw= contrib.go.opencensus.io/exporter/stackdriver v0.13.5/go.mod h1:aXENhDJ1Y4lIg4EUaVTwzvYETVNZk10Pu26tevFKLUc= contrib.go.opencensus.io/exporter/stackdriver v0.13.8/go.mod h1:huNtlWx75MwO7qMs0KrMxPZXzNNWebav1Sq/pm02JdQ= contrib.go.opencensus.io/integrations/ocsql v0.1.4/go.mod h1:8DsSdjz3F+APR+0z0WkU1aRorQCFfRxvqjUUPMbF3fE= contrib.go.opencensus.io/resource v0.1.1/go.mod h1:F361eGI91LCmW1I/Saf+rX0+OFcigGlFvXwEGEnkRLA= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= github.com/Azure/azure-amqp-common-go/v2 v2.1.0/go.mod h1:R8rea+gJRuJR6QxTir/XuEd+YuKoUiazDC/N96FiDEU= github.com/Azure/azure-pipeline-go v0.2.1/go.mod h1:UGSo8XybXnIGZ3epmeBw7Jdz+HiUVpqIlpz/HKHylF4= github.com/Azure/azure-sdk-for-go v29.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go v30.1.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-service-bus-go v0.9.1/go.mod h1:yzBx6/BUGfjfeqbRZny9AQIbIe3AcV9WZbAdpkoXOa0= github.com/Azure/azure-storage-blob-go v0.8.0/go.mod h1:lPI3aLPpuLTeUwh1sViKXFxwl2B6teiRqI0deQUvsw0= github.com/Azure/go-autorest v12.0.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/GoogleCloudPlatform/cloudsql-proxy v0.0.0-20191009163259-e802c2cb94ae/go.mod h1:mjwGPas4yKduTyubHvD1Atl9r1rUq8DfVy+gkVvZ+oo= github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0= github.com/Masterminds/goutils v1.1.0/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= github.com/Masterminds/semver v1.4.2/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= github.com/Masterminds/semver/v3 v3.0.3/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= github.com/Masterminds/semver/v3 v3.1.0/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= github.com/Masterminds/sprig v2.15.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o= github.com/Masterminds/sprig v2.22.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo= github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI= github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/4+TcAqDqk/vUH7g= github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c= github.com/alcortesm/tgz v0.0.0-20161220082320-9c5fe88206d7/go.mod h1:6zEj6s6u/ghQa61ZWa/C2Aw3RkjiTBOix7dkqa1VLIs= github.com/alecthomas/kingpin v2.2.6+incompatible/go.mod h1:59OFYbFVLKQKq+mqrL6Rw5bR0c3ACQaawgXx0QYndlE= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/aokoli/goutils v1.0.1/go.mod h1:SijmP0QR8LtwsmDs8Yii5Z/S4trXFGFC2oO5g9DP+DQ= github.com/apache/beam v2.28.0+incompatible/go.mod h1:/8NX3Qi8vGstDLLaeaU7+lzVEu/ACaQhYjeefzQ0y1o= github.com/apache/beam v2.32.0+incompatible/go.mod h1:/8NX3Qi8vGstDLLaeaU7+lzVEu/ACaQhYjeefzQ0y1o= github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= github.com/apache/thrift v0.13.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= github.com/apex/log v1.1.4/go.mod h1:AlpoD9aScyQfJDVHmLMEcx4oU6LqzkWp4Mg9GdAcEvQ= github.com/apex/logs v0.0.4/go.mod h1:XzxuLZ5myVHDy9SAmYpamKKRNApGj54PfYLcFrXqDwo= github.com/aphistic/golf v0.0.0-20180712155816-02c07f170c5a/go.mod h1:3NqKYiepwy8kCu4PNA+aP7WUV72eXWJeP9/r3/K9aLE= github.com/aphistic/sweet v0.2.0/go.mod h1:fWDlIh/isSE9n6EPsRmC0det+whmX6dJid3stzu0Xys= github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a/go.mod h1:DAHtR1m6lCRdSC2Tm3DSWRPvIPr6xNKyeHdqDQSQT+A= github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQwij/eHl5CU= github.com/aws/aws-sdk-go v1.15.27/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0= github.com/aws/aws-sdk-go v1.19.18/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.19.45/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.20.6/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.23.20/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.25.11/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.37.0/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g= github.com/aybabtme/rgbterm v0.0.0-20170906152045-cc83f3b3ce59/go.mod h1:q/89r3U2H7sSsE2t6Kca0lfwTK8JdoNGS/yzM/4iH5I= github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84= github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb/go.mod h1:PkYb9DJNAwrSvRx5DYA+gUcOIgTGVMNkfSCbZM8cWpI= github.com/caarlos0/ctrlc v1.0.0/go.mod h1:CdXpj4rmq0q/1Eb44M9zi2nKB0QraNKuRGYGrrHhcQw= github.com/campoy/unique v0.0.0-20180121183637-88950e537e7e/go.mod h1:9IOqJGCPMSc6E5ydlp5NIonxObaeu/Iub/X03EKPVYo= github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= github.com/cavaliercoder/go-cpio v0.0.0-20180626203310-925f9528c45e/go.mod h1:oDpT4efm8tSYHXV5tHSdRvBet/b/QzxZ+XyyPehvm3A= github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.3.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/certifi/gocertifi v0.0.0-20191021191039-0944d244cd40/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA= github.com/certifi/gocertifi v0.0.0-20200922220541-2c3bb06c6054/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA= github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= github.com/clbanning/x2j v0.0.0-20191024224557-825249438eec/go.mod h1:jMjuTZXRI4dUb/I5gc9Hdhagfvm9+RyrPryS/auMzxE= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h6jFvWxBdQXxjopDMZyH2UVceIRfR84bdzbkoKrsWNo= github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoCr5oaCLELYA= github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f/go.mod h1:i/u985jwjWRlyHXQbwatDASoW0RMlZ/3i9yJHE2xLkI= github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd/go.mod h1:sE/e/2PUdi/liOCUjSTXgM1o87ZssimdTWN964YiIeI= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk= github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd/v22 v22.1.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk= github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v0.0.0-20161028175848-04cdfd42973b/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/devigned/tab v0.1.1/go.mod h1:XG9mPq0dFghrYvoBF3xdRrJzSTX1b7IQrvaL9mzjeJY= github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8= github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs= github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU= github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I= github.com/edsrzf/mmap-go v1.0.0/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M= github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o= github.com/envoyproxy/go-control-plane v0.6.9/go.mod h1:SBwIajubJHhxtWwsL9s8ss4safvEdbitLhGGK48rN6g= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po= github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/envoyproxy/protoc-gen-validate v0.3.0-java/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/etcd-io/gofail v0.0.0-20190801230047-ad7f989257ca/go.mod h1:49H/RkXP8pKaZy4h0d+NW16rSLhyVBt4o6VLJbmOqDE= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/fortytw2/leaktest v1.2.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g= github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g= github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4= github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fullstorydev/grpcurl v1.8.0/go.mod h1:Mn2jWbdMrQGJQ8UD62uNyMumT2acsZUCkZIqFxsQf1o= github.com/fullstorydev/grpcurl v1.8.1/go.mod h1:3BWhvHZwNO7iLXaQlojdg5NA6SxUDePli4ecpK1N7gw= github.com/fullstorydev/grpcurl v1.8.2/go.mod h1:YvWNT3xRp2KIRuvCphFodG0fKkMXwaxA9CJgKCcyzUQ= github.com/getsentry/raven-go v0.2.0/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49PX4NzFV5kcQ= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI= github.com/gin-gonic/gin v1.5.0/go.mod h1:Nd6IXA8m5kNZdNEHMBd93KT+mdY3+bewLgRvmCsR2Do= github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-ini/ini v1.25.4/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.10.0/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o= github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= github.com/go-playground/locales v0.12.1/go.mod h1:IUMDtCfWo/w/mtMfIE/IG2K+Ey3ygWanZIBtBW0W2TM= github.com/go-playground/universal-translator v0.16.0/go.mod h1:1AnU7NaIRDWWzGEKwgtJRd2xk99HeFyHw3yid4rvQIY= github.com/go-redis/redis v6.15.9+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA= github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/gogo/googleapis v1.1.0/go.mod h1:gf4bu3Q80BeJ6H1S1vYPm8/ELATdvryBaNFGgqEef3s= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= github.com/gogo/protobuf v1.3.0/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8= github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk= github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= github.com/google/certificate-transparency-go v1.0.21/go.mod h1:QeJfpSbVSfYc7RgB3gJFj9cbuQMMchQxrWXz8Ruopmg= github.com/google/certificate-transparency-go v1.1.2-0.20210422104406-9f33727a7a18/go.mod h1:6CKh9dscIRoqc2kC6YUFICHZMT9NrClyPrRVFrdw1QQ= github.com/google/certificate-transparency-go v1.1.2-0.20210512142713-bed466244fa6/go.mod h1:aF2dp7Dh81mY8Y/zpzyXps4fQW5zQbDu2CxfpJB6NkI= github.com/google/certificate-transparency-go v1.1.2 h1:4hE0GEId6NAW28dFpC+LrRGwQX5dtmXQGDbg8+/MZOM= github.com/google/certificate-transparency-go v1.1.2/go.mod h1:3OL+HKDqHPUfdKrHVQxO6T8nDLO0HF7LRTlkIWXaWvQ= github.com/google/go-attestation v0.5.1 h1:jqtOrLk5MNdliTKjPbIPrAaRKJaKW+0LIU2n/brJYms= github.com/google/go-attestation v0.5.1/go.mod h1:KqGatdUhg5kPFkokyzSBDxwSCFyRgIgtRkMp6c3lOBQ= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-configfs-tsm v0.3.3-0.20240919001351-b4b5b84fdcbc h1:SG12DWUUM5igxm+//YX5Yq4vhdoRnOG9HkCodkOn+YU= github.com/google/go-configfs-tsm v0.3.3-0.20240919001351-b4b5b84fdcbc/go.mod h1:EL1GTDFMb5PZQWDviGfZV9n87WeGTR/JUg13RfwkgRo= github.com/google/go-eventlog v0.0.2-0.20241003021507-01bb555f7cba h1:05m5+kgZjxYUZrx3bZfkKHl6wkch+Khao6N21rFHInk= github.com/google/go-eventlog v0.0.2-0.20241003021507-01bb555f7cba/go.mod h1:7huE5P8w2NTObSwSJjboHmB7ioBNblkijdzoVa2skfQ= github.com/google/go-github/v28 v28.1.1/go.mod h1:bsqJWQX05omyWVmc00nEUql9mhQyv38lDZ8kPZcQVoM= github.com/google/go-licenses v0.0.0-20210329231322-ce1d9163b77d/go.mod h1:+TYOmkVoJOpwnS0wfdsJCV9CoD5nJYsHoFk/0CrTK4M= github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/go-replayers/grpcreplay v0.1.0/go.mod h1:8Ig2Idjpr6gifRd6pNVggX6TC1Zw6Jx74AKp7QNH2QE= github.com/google/go-replayers/httpreplay v0.1.0/go.mod h1:YKZViNhiGgqdBlUbI2MwGpq4pXxNmhJLPHQ7cv2b5no= github.com/google/go-sev-guest v0.14.0 h1:dCb4F3YrHTtrDX3cYIPTifEDz7XagZmXQioxRBW4wOo= github.com/google/go-sev-guest v0.14.0/go.mod h1:SK9vW+uyfuzYdVN0m8BShL3OQCtXZe/JPF7ZkpD3760= github.com/google/go-tdx-guest v0.3.2-0.20241009005452-097ee70d0843 h1:+MoPobRN9HrDhGyn6HnF5NYo4uMBKaiFqAtf/D/OB4A= github.com/google/go-tdx-guest v0.3.2-0.20241009005452-097ee70d0843/go.mod h1:g/n8sKITIT9xRivBUbizo34DTsUm2nN2uU3A662h09g= github.com/google/go-tpm v0.9.6 h1:Ku42PT4LmjDu1H5C5ISWLlpI1mj+Zq7sPGKoRw2XROA= github.com/google/go-tpm v0.9.6/go.mod h1:h9jEsEECg7gtLis0upRBQU+GhYVH6jMjrFxI8u6bVUY= github.com/google/go-tspi v0.3.0 h1:ADtq8RKfP+jrTyIWIZDIYcKOMecRqNJFOew2IT0Inus= github.com/google/go-tspi v0.3.0/go.mod h1:xfMGI3G0PhxCdNVcYr1C4C+EizojDg/TXuX5by8CiHI= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/licenseclassifier v0.0.0-20210325184830-bb04aff29e72/go.mod h1:qsqn2hxC+vURpyBRygGUuinTO42MFRLcsmQ/P8v94+M= github.com/google/logger v1.1.1 h1:+6Z2geNxc9G+4D4oDO9njjjn2d0wN5d7uOo0vOIW1NQ= github.com/google/logger v1.1.1/go.mod h1:BkeJZ+1FhQ+/d087r4dzojEg1u2ZX+ZqG1jTUrLM+zQ= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/martian v2.1.1-0.20190517191504-25dcb96d9e51+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/rpmpack v0.0.0-20191226140753-aa36bfddb3a0/go.mod h1:RaTPr0KUf2K7fnZYLNDrr8rxAamWs3iNywJLtQ2AzBg= github.com/google/subcommands v1.0.1/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk= github.com/google/trillian v1.3.14-0.20210409160123-c5ea3abd4a41/go.mod h1:1dPv0CUjNQVFEDuAUFhZql16pw/VlPgaX8qj+g5pVzQ= github.com/google/trillian v1.3.14-0.20210511103300-67b5f349eefa/go.mod h1:s4jO3Ai4NSvxucdvqUHON0bCqJyoya32eNw6XJwsmNc= github.com/google/trillian v1.4.0/go.mod h1:1Bja2nEgMDlEJWWRXBUemSPG9qYw84ZYX2gHRVHlR+g= github.com/google/uuid v0.0.0-20161128191214-064e2069ce9c/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/wire v0.3.0/go.mod h1:i1DMg/Lu8Sz5yYl25iOdmc5CT5qusaa+zmRWs16741s= github.com/googleapis/gax-go v2.0.2+incompatible/go.mod h1:SFVmujtThgffbyetf+mdk2eWhX2bMyUtNHzFKcPA9HY= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/gordonklaus/ineffassign v0.0.0-20200309095847-7953dde2c7bf/go.mod h1:cuNKsD1zp2v6XfE/orVX2QE1LC+i254ceGcVeDT3pTU= github.com/goreleaser/goreleaser v0.134.0/go.mod h1:ZT6Y2rSYa6NxQzIsdfWWNWAlYGXGbreo66NmE+3X3WQ= github.com/goreleaser/nfpm v1.2.1/go.mod h1:TtWrABZozuLOttX2uDlYyECfQX7x5XYkVxhjYcR6G9w= github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= github.com/grpc-ecosystem/go-grpc-middleware v1.2.2/go.mod h1:EaizFBKfUKtMIF5iaDEhniwNedqGo9FuLFzppDr3uwI= github.com/grpc-ecosystem/go-grpc-middleware v1.3.0/go.mod h1:z0ButlSOZa5vEBq9m2m2hlwIgKw+rp3sdCBRoJY+30Y= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= github.com/grpc-ecosystem/grpc-gateway v1.8.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.9.2/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.14.6/go.mod h1:zdiPV4Yse/1gnckTHtghG4GkDEdKCRJduHpTxT3/jcw= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= github.com/hashicorp/consul/api v1.3.0/go.mod h1:MmDNSzIMUjNpY/mQ398R4bk2FnqQLoPndWW5VkKPlCE= github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= github.com/hashicorp/consul/sdk v0.3.0/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= github.com/hashicorp/go-retryablehttp v0.6.4/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU= github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU= github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4= github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ= github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I= github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/huandu/xstrings v1.0.0/go.mod h1:4qWG/gcEcfX4z/mBDHJ++3ReCw9ibxbsNJbcucJdbSo= github.com/huandu/xstrings v1.2.0/go.mod h1:DvyZB1rfVYsBIigL8HwpZgxHwXozlTgGqn63UyNX5k4= github.com/hudl/fargo v1.3.0/go.mod h1:y3CKSmjA+wD2gak7sUSXTAoopbhU08POFhmITJgmKTg= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/imdario/mergo v0.3.4/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.9/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d/go.mod h1:qj24IKcXYK6Iy9ceXlo3Tc+vtHo9lIhSX5JddghvEPo= github.com/jarcoal/httpmock v1.0.5/go.mod h1:ATjnClrvW/3tijVmpL/va5Z3aAyGvqU3gCT8nX0Txik= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= github.com/jhump/protoreflect v1.6.1/go.mod h1:RZQ/lnuN+zqeRVpQigTwO6o0AJUkxbnSnpuG7toUTG4= github.com/jhump/protoreflect v1.8.2/go.mod h1:7GcYQDdMU/O/BBrl/cX6PNHpXh6cenjd8pneu5yW7Tg= github.com/jhump/protoreflect v1.9.0/go.mod h1:7GcYQDdMU/O/BBrl/cX6PNHpXh6cenjd8pneu5yW7Tg= github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg= github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8= github.com/jpillora/backoff v0.0.0-20180909062703-3050d21c67d7/go.mod h1:2iMrUgbbvHEiQClaW2NsSzMyGHqN+rDFqY705q49KG0= github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= github.com/juju/ratelimit v1.0.1/go.mod h1:qapgC/Gy+xNh9UxzV13HGGl/6UXNN+ct+vwSgWNm/qk= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= github.com/kevinburke/ssh_config v0.0.0-20190725054713-01f96b0aa0cd/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= github.com/leodido/go-urn v1.1.0/go.mod h1:+cyI34gQWZcE1eQU7NVgKkkzdXDQHr1dBMtdAPozLkw= github.com/letsencrypt/pkcs11key/v4 v4.0.0/go.mod h1:EFUvBDay26dErnNb70Nd0/VW3tJiIbETBPTl9ATXQag= github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM= github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4= github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ= github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= github.com/mattn/go-ieproxy v0.0.0-20190610004146-91bb50d98149/go.mod h1:31jz6HNzdxOmlERGGEc4v/dMssOfmp2p5bT/okiKFFc= github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.5/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.9/go.mod h1:YNRxwqDuOph6SZLI9vUUz6OYw3QyUt7WiY2yME+cCiQ= github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= github.com/mattn/go-runewidth v0.0.7/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= github.com/mattn/go-shellwords v1.0.10/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y= github.com/mattn/go-zglob v0.0.1/go.mod h1:9fxibJccNxU2cnpIKLRRFA7zX7qhkJIQWBb449FYHOo= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE= github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= github.com/miekg/pkcs11 v1.0.2/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= github.com/miekg/pkcs11 v1.0.3/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg= github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY= github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/mitchellh/reflectwalk v1.0.1/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826/go.mod h1:TaXosZuwdSHYgviHp1DAtfrULt5eUgsSMsZf+YrPgl8= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mwitkow/go-proto-validators v0.0.0-20180403085117-0950a7990007/go.mod h1:m2XC9Qq0AlmmVksL6FktJCdTYyLk7V3fKyp0sl1yWQo= github.com/mwitkow/go-proto-validators v0.2.0/go.mod h1:ZfA1hW+UH/2ZHOWvQ3HnQaU0DtnpXu850MZiy+YUgcc= github.com/nats-io/jwt v0.3.0/go.mod h1:fRYCDE99xlTsqUzISS1Bi75UBJ6ljOJQOAAu5VglpSg= github.com/nats-io/jwt v0.3.2/go.mod h1:/euKqTS1ZD+zzjYrY7pseZrTtWQSjujC7xjPc8wL6eU= github.com/nats-io/nats-server/v2 v2.1.2/go.mod h1:Afk+wRZqkMQs/p45uXdrVLuab3gwv3Z8C4HTBu8GD/k= github.com/nats-io/nats.go v1.9.1/go.mod h1:ZjDU1L/7fJ09jvUSRVBR2e7+RnLiiIQyqyzEE/Zbp4w= github.com/nats-io/nkeys v0.1.0/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= github.com/nats-io/nkeys v0.1.3/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c= github.com/nishanths/predeclared v0.0.0-20200524104333-86fad755b4d3/go.mod h1:nt3d53pc1VYcphSCIaYAJtnPYnr3Zyn8fMq2wvPGPso= github.com/oklog/oklog v0.3.2/go.mod h1:FCV+B7mhrz4o+ueLpx+KqkyXRGMWOYEvfiXtdGtbWGs= github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo= github.com/olekukonko/tablewriter v0.0.4/go.mod h1:zq6QwlOf5SlnkVbMSr5EoBv3636FWnp+qbPhuoO21uA= github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.10.3/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk= github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492/go.mod h1:Ngi6UdF0k5OKD5t5wlmGhe/EDKPoUM3BXZSSfIuJbis= github.com/opentracing/basictracer-go v1.0.0/go.mod h1:QfBfYuafItcjQuMwinw9GhYKwFXS9KnPs5lxoYwgW74= github.com/opentracing/opentracing-go v1.0.2/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/openzipkin-contrib/zipkin-go-opentracing v0.4.5/go.mod h1:/wsWhb9smxSfWAKL3wpBW7V8scJMt8N8gnaMCS9E/cA= github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw= github.com/openzipkin/zipkin-go v0.2.1/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= github.com/openzipkin/zipkin-go v0.2.2/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= github.com/otiai10/copy v1.2.0/go.mod h1:rrF5dJ5F0t/EWSYODDu4j9/vEeYHMkc8jt0zJChqQWw= github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE= github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs= github.com/otiai10/mint v1.3.0/go.mod h1:F5AjcsTsWUqX+Na9fpHb52P8pcRX2CI6A3ctIT91xUo= github.com/otiai10/mint v1.3.1/go.mod h1:/yxELlJQ0ufhjUwhshSj+wFjZ78CnZ48/1wtmBH1OTc= github.com/pact-foundation/pact-go v1.0.4/go.mod h1:uExwJY4kCzNPcHRj+hCR/HBbOOIwwtUjcrb0b5/5kLM= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= github.com/pelletier/go-buffruneio v0.2.0/go.mod h1:JkE26KsDizTr40EUHkXVtNPvgGtbSNq5BcowyYOWdKo= github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9iaPbIdPPGyKcA8hKdoy6hAWba7Yac= github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc= github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6JUPA= github.com/pmezard/go-difflib v0.0.0-20151028094244-d8ed2627bdf0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs= github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.3.0/go.mod h1:hJaj2vgQTGQmVCsAACORcieXFeDPbaTKGT+JTgUa3og= github.com/prometheus/client_golang v1.5.1/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU= github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= github.com/prometheus/client_golang v1.10.0/go.mod h1:WJM3cc3yu7XKBKa/I8WeZm+V3eltZnBwfENSU7mdogU= github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.1.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt26CguLLsqA= github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4= github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= github.com/prometheus/common v0.18.0/go.mod h1:U+gB1OBLb1lF3O42bTCL+FK18tX9Oar16Clt/msog/s= github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= github.com/pseudomuto/protoc-gen-doc v1.4.1/go.mod h1:exDTOVwqpp30eV/EDPFLZy3Pwr2sn6hBC1WIYH/UbIg= github.com/pseudomuto/protoc-gen-doc v1.5.0/go.mod h1:exDTOVwqpp30eV/EDPFLZy3Pwr2sn6hBC1WIYH/UbIg= github.com/pseudomuto/protokit v0.2.0/go.mod h1:2PdH30hxVHsup8KpBTOXTBeMVhJZVio3Q8ViKSAXT0Q= github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= github.com/rogpeppe/fastuuid v1.1.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU= github.com/rs/cors v1.8.0/go.mod h1:EBwu+T5AvHOcXwvZIkQFjUN6s8Czyqw12GL/Y0tUyRM= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E= github.com/sassoftware/go-rpmutils v0.0.0-20190420191620-a8f1baeba37b/go.mod h1:am+Fp8Bt506lA3Rk3QCmSqmYmLMnPDhdDUcosQCAx+I= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= github.com/smartystreets/assertions v1.0.0/go.mod h1:kHHU4qYBaI3q23Pp3VPrmWhuIUrLW/7eUrw0BU5VaoM= github.com/smartystreets/go-aws-auth v0.0.0-20180515143844-0c1422d1fdb9/go.mod h1:SnhjPscd9TpLiy1LpzGSKh3bXCfxxXuqd9xmQJy3slM= github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= github.com/smartystreets/gunit v1.0.0/go.mod h1:qwPWnhz6pn0NnRBP++URONOVyNkPyr4SauJk4cUOwJs= github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= github.com/soheilhy/cmux v0.1.5-0.20210205191134-5ec6847320e5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0= github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0= github.com/sony/gobreaker v0.4.1/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY= github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU= github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE= github.com/spf13/cobra v1.1.1/go.mod h1:WnodtKOvamDL/PwE2M4iKs8aMDBZ5Q5klgD3qfVJQMI= github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo= github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s= github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE= github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg= github.com/src-d/gcfg v1.4.0/go.mod h1:p/UMsR43ujA89BJY9duynAwIpvqEujIH/jFlfL7jWoI= github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= github.com/streadway/amqp v0.0.0-20190827072141-edfb9018d271/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= github.com/streadway/handy v0.0.0-20190108123426-d5acb3125c2a/go.mod h1:qNTQ5P5JnDBl6z3cMAg/SywNDC5ABu5ApDIw6lUbRmI= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= github.com/stretchr/testify v0.0.0-20170130113145-4d4bfba8f1d1/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/tj/assert v0.0.0-20171129193455-018094318fb0/go.mod h1:mZ9/Rh9oLWpLLDRpvE+3b7gP/C2YyLFYxNmcLnPTMe0= github.com/tj/go-elastic v0.0.0-20171221160941-36157cbbebc2/go.mod h1:WjeM0Oo1eNAjXGDx2yma7uG2XoyRZTq1uv3M/o7imD0= github.com/tj/go-kinesis v0.0.0-20171128231115-08b17f58cb1b/go.mod h1:/yhzCV0xPfx6jb1bBgRFjl5lytqVqZXEaeqWP8lTEao= github.com/tj/go-spin v1.1.0/go.mod h1:Mg1mzmePZm4dva8Qz60H2lHwmJ2loum4VIrLgVnKwh4= github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tmc/grpc-websocket-proxy v0.0.0-20200427203606-3cfed13b9966/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tomasen/realip v0.0.0-20180522021738-f0c99a92ddce/go.mod h1:o8v6yHRoik09Xen7gje4m9ERNah1d1PPsVq1VEx9vE4= github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw= github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY= github.com/ulikunitz/xz v0.5.6/go.mod h1:2bypXElzHzzJZwzH67Y6wb67pO62Rzfn7BSiF4ABRW8= github.com/ulikunitz/xz v0.5.7/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/urfave/cli v1.22.4/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/xanzy/go-gitlab v0.31.0/go.mod h1:sPLojNBn68fMUWSxIJtdVVIP8uSBYqesTfDUseX11Ug= github.com/xanzy/ssh-agent v0.2.1/go.mod h1:mLlQY/MoOhWBj+gOGMQkOeiEvkx+8pJSI+0Bx9h2kr4= github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8/go.mod h1:HUYIGzjTL3rfEspMxjDjgmT5uz5wzYJKVo23qUhYTos= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ= go.etcd.io/bbolt v1.3.6/go.mod h1:qXsaaIqmgQH0T+OPdb99Bf+PKfBBQVAdyD6TY9G8XM4= go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg= go.etcd.io/etcd/api/v3 v3.5.0-alpha.0/go.mod h1:mPcW6aZJukV6Aa81LSKpBjQXTWlXB5r74ymPoSWa3Sw= go.etcd.io/etcd/api/v3 v3.5.0/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs= go.etcd.io/etcd/client/pkg/v3 v3.5.0/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g= go.etcd.io/etcd/client/v2 v2.305.0-alpha.0/go.mod h1:kdV+xzCJ3luEBSIeQyB/OEKkWKd8Zkux4sbDeANrosU= go.etcd.io/etcd/client/v2 v2.305.0/go.mod h1:h9puh54ZTgAKtEbut2oe9P4L/oqKCVB6xsXlzd7alYQ= go.etcd.io/etcd/client/v3 v3.5.0-alpha.0/go.mod h1:wKt7jgDgf/OfKiYmCq5WFGxOFAkVMLxiiXgLDFhECr8= go.etcd.io/etcd/client/v3 v3.5.0/go.mod h1:AIKXXVX/DQXtfTEqBryiLTUXwON+GuvO6Z7lLS/oTh0= go.etcd.io/etcd/etcdctl/v3 v3.5.0-alpha.0/go.mod h1:YPwSaBciV5G6Gpt435AasAG3ROetZsKNUzibRa/++oo= go.etcd.io/etcd/etcdctl/v3 v3.5.0/go.mod h1:vGTfKdsh87RI7kA2JHFBEGxjQEYx+pi299wqEOdi34M= go.etcd.io/etcd/etcdutl/v3 v3.5.0/go.mod h1:o98rKMCibbFAG8QS9KmvlYDGDShmmIbmRE8vSofzYNg= go.etcd.io/etcd/pkg/v3 v3.5.0-alpha.0/go.mod h1:tV31atvwzcybuqejDoY3oaNRTtlD2l/Ot78Pc9w7DMY= go.etcd.io/etcd/pkg/v3 v3.5.0/go.mod h1:UzJGatBQ1lXChBkQF0AuAtkRQMYnHubxAEYIrC3MSsE= go.etcd.io/etcd/raft/v3 v3.5.0-alpha.0/go.mod h1:FAwse6Zlm5v4tEWZaTjmNhe17Int4Oxbu7+2r0DiD3w= go.etcd.io/etcd/raft/v3 v3.5.0/go.mod h1:UFOHSIvO/nKwd4lhkwabrTD3cqW5yVyYYf/KlD00Szc= go.etcd.io/etcd/server/v3 v3.5.0-alpha.0/go.mod h1:tsKetYpt980ZTpzl/gb+UOJj9RkIyCb1u4wjzMg90BQ= go.etcd.io/etcd/server/v3 v3.5.0/go.mod h1:3Ah5ruV+M+7RZr0+Y/5mNLwC+eQlni+mQmOVdCRJoS4= go.etcd.io/etcd/tests/v3 v3.5.0-alpha.0/go.mod h1:HnrHxjyCuZ8YDt8PYVyQQ5d1ZQfzJVEtQWllr5Vp/30= go.etcd.io/etcd/tests/v3 v3.5.0/go.mod h1:f+mtZ1bE1YPvgKdOJV2BKy4JQW0nAFnQehgOE7+WyJE= go.etcd.io/etcd/v3 v3.5.0-alpha.0/go.mod h1:JZ79d3LV6NUfPjUxXrpiFAYcjhT+06qqw+i28snx8To= go.etcd.io/etcd/v3 v3.5.0/go.mod h1:FldM0/VzcxYWLvWx1sdA7ghKw7C3L2DvUTzGrcEtsC4= go.opencensus.io v0.15.0/go.mod h1:UffZAU+4sDEINUGP/B7UfBBkq4fqLu9zXAX7ke6CHW0= go.opencensus.io v0.20.1/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= go.opencensus.io v0.20.2/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.22.6/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.opentelemetry.io/contrib v0.20.0/go.mod h1:G/EtFaa6qaN7+LxqfIAT3GiZa7Wv5DTBUzl5H4LY0Kc= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.20.0/go.mod h1:oVGt1LRbBOBq1A5BQLlUg9UaU/54aiHw8cgjV3aWZ/E= go.opentelemetry.io/otel v0.20.0/go.mod h1:Y3ugLH2oa81t5QO+Lty+zXf8zC9L26ax4Nzoxm/dooo= go.opentelemetry.io/otel/exporters/otlp v0.20.0/go.mod h1:YIieizyaN77rtLJra0buKiNBOm9XQfkPEKBeuhoMwAM= go.opentelemetry.io/otel/metric v0.20.0/go.mod h1:598I5tYlH1vzBjn+BTuhzTCSb/9debfNp6R3s7Pr1eU= go.opentelemetry.io/otel/oteltest v0.20.0/go.mod h1:L7bgKf9ZB7qCwT9Up7i9/pn0PWIa9FqQ2IQ8LoxiGnw= go.opentelemetry.io/otel/sdk v0.20.0/go.mod h1:g/IcepuwNsoiX5Byy2nNV0ySUF1em498m7hBWC279Yc= go.opentelemetry.io/otel/sdk/export/metric v0.20.0/go.mod h1:h7RBNMsDJ5pmI1zExLi+bJK+Dr8NQCh0qGhm1KDnNlE= go.opentelemetry.io/otel/sdk/metric v0.20.0/go.mod h1:knxiS8Xd4E/N+ZqKmUPf3gTTZ4/0TjTXukfxjzSTpHE= go.opentelemetry.io/otel/trace v0.20.0/go.mod h1:6GjCW8zgDjwGHGa6GkyeB8+/5vjT16gUEi0Nf1iBdgw= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4= go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU= go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM= go.uber.org/zap v1.16.0/go.mod h1:MA8QOfq0BHJwdXa996Y4dYkAqRKB8/1K1QMMZVaNZjQ= go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo= gocloud.dev v0.19.0/go.mod h1:SmKwiR8YwIMMJvQBKLsC3fHNyMwXLw3PMDO+VVteJMI= golang.org/x/crypto v0.0.0-20180501155221-613d6eafa307/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190426145343-a29dc8fdc734/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191002192127-34f69633bfdc/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191117063200-497ca9f6d64f/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U= golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek= golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= golang.org/x/exp v0.0.0-20200331195152-e8c3332aa8e5/go.mod h1:4M0jN8W1tt0AVLNr8HDosyJCDCDuyL9N9+3m7wDWgKw= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs= golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY= golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181108082009-03003ca0c849/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190125091013-d26f9f9a57f3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190619014844-b5b0513f8c1b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191002035440-2ec189313ef0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191119073136-fc4aabc6c914/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200421231249-e086a090c8fd/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181106182150-f42d05182288/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190402181905-9f3314589c9a/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210126194326-f9ce19ea3013/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210413134643-5e61552d6c78/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210427180440-81ed05c6b58c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190412183630-56d357773e84/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190221075227-b4e8571b14e0/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190620070143-6f217b454f45/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191119060738-e882bf8e40c2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191220142924-d4481acd189f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200923182605-d9f96fdee20d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201009025420-dfb3f7c4e634/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210309074719-68d13333faf2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210412220455-f1c623a9e750/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210426230700-d19ff857e887/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210503080704-8803ae5d1324/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190422233926-fe54fb35175b/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190729092621-ff9f1409240a/go.mod h1:jcCCGcm9btYwXyDqrUWc6MKQKKGJCWEQ3AfLSRIbEuI= golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191010075000-0337d82405ff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191112195655-aa38f8e97acc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191118222007-07fc4c7f2b98/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200103221440-774c71fcf114/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= golang.org/x/tools v0.0.0-20200426102838-f3a5411a4c3b/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200522201501-cb1345f3a375/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200717024301-6ddee64345a6/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE= golang.org/x/tools v0.0.0-20201014170642-d1624618ad65/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU= golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk= google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= google.golang.org/api v0.5.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= google.golang.org/api v0.6.0/go.mod h1:btoxGiFvQNVUZQ8W08zLtrVS08CNpINPEfxXxgJL1Q4= google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= google.golang.org/api v0.10.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM= google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc= google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg= google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE= google.golang.org/api v0.37.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8= google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8= google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= google.golang.org/api v0.46.0/go.mod h1:ceL4oozhkAiTID8XMmJBsIxID/9wMXJVVFXPg4ylg3I= google.golang.org/api v0.47.0/go.mod h1:Wbvgpq1HddcWVtzsVLyfLp8lDg6AA241LmgIL59tHXo= google.golang.org/api v0.48.0/go.mod h1:71Pr1vy+TAZRPkPs/xlCf5SsU8WjuAWv1Pfjbtukyy4= google.golang.org/api v0.50.0/go.mod h1:4bNT5pAuq5ji4SRZm+5QIkjny9JAyVD/3gaSihNefaw= google.golang.org/api v0.51.0/go.mod h1:t4HdrdoNgyN5cbEfm7Lum0lcLDLiise1F8qDKX00sOU= google.golang.org/api v0.54.0/go.mod h1:7C4bFFOvVDGXjfDTAsgGwDgAxRDeQ4X8NvUedIt6z3k= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.3.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= google.golang.org/appengine v1.6.2/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/genproto v0.0.0-20170818010345-ee236bd376b0/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20181107211654-5fc9ac540362/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190508193815-b515fa19cec8/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190530194941-fb225487d101/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s= google.golang.org/genproto v0.0.0-20190620144150-6af8c5fc6601/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s= google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA= google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA= google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210126160654-44e461bb6506/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210331142528-b7513248f0ba/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= google.golang.org/genproto v0.0.0-20210427215850-f767ed18ee4d/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= google.golang.org/genproto v0.0.0-20210429181445-86c259c2b4ab/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= google.golang.org/genproto v0.0.0-20210513213006-bf773b8c8384/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= google.golang.org/genproto v0.0.0-20210604141403-392c879c8b08/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= google.golang.org/genproto v0.0.0-20210608205507-b6d2f5bf0d7d/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= google.golang.org/genproto v0.0.0-20210624195500-8bfb893ecb84/go.mod h1:SzzZ/N+nwJDaO1kznhnlzqS8ocJICar6hYhVyhi++24= google.golang.org/genproto v0.0.0-20210713002101-d411969a0d9a/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k= google.golang.org/genproto v0.0.0-20210716133855-ce7ef5c701ea/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k= google.golang.org/genproto v0.0.0-20210728212813-7823e685a01f/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= google.golang.org/genproto v0.0.0-20210805201207-89edb61ffb67/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= google.golang.org/genproto v0.0.0-20210813162853-db860fec028c/go.mod h1:cFeNkxwySK631ADgubI+/XFU/xp8FD5KIVV4rj8UC5w= google.golang.org/genproto v0.0.0-20210821163610-241b8fcbd6c8/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.0/go.mod h1:chYK+tFQF0nDUGJgXMSgLCQk3phJEuONr2DCgLDdAQM= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= google.golang.org/grpc v1.22.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60= google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.32.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8= google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= google.golang.org/grpc v1.37.1/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.25.1-0.20200805231151-a709e31e5d12/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA= google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= gopkg.in/cheggaaa/pb.v1 v1.0.28/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= gopkg.in/gcfg.v1 v1.2.3/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o= gopkg.in/go-playground/assert.v1 v1.2.1/go.mod h1:9RXL0bg/zibRAgZUYszZSwO/z8Y/a8bDuhia5mkpMnE= gopkg.in/go-playground/validator.v9 v9.29.1/go.mod h1:+c9/zcJMFNgbLvly1L1V+PpxWdVbfP1avr/N00E2vyQ= gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k= gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= gopkg.in/src-d/go-billy.v4 v4.3.2/go.mod h1:nDjArDMp+XMs1aFAESLRjfGSgfvoYN0hDfzEk0GjC98= gopkg.in/src-d/go-git-fixtures.v3 v3.5.0/go.mod h1:dLBcvytrw/TYZsNTWCnkNF2DSIlzWYqTe3rJR56Ac7g= gopkg.in/src-d/go-git.v4 v4.13.1/go.mod h1:nx5NYcxdKxq5fpltdHnPa2Exj4Sx0EclMWZQbYDu2z8= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= pack.ag/amqp v0.11.2/go.mod h1:4/cbmt4EJXSKlG6LCfWHoqmN0uFdy5i/+YFz+fTfhV4= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= sourcegraph.com/sourcegraph/appdash v0.0.0-20190731080439-ebfcffb1b5c0/go.mod h1:hI742Nqp5OhwiqlzhgfbWU4mW4yO10fP+LoT9WOswdU= go-tpm-tools-0.4.7/go.work000066400000000000000000000002741510276467000154070ustar00rootroot00000000000000go 1.24.0 toolchain go1.24.4 use ( . ./cmd ./launcher ./verifier ) replace github.com/google/go-tpm-tools v0.4.4 => ./ replace github.com/google/go-tpm-tools/verifier v0.4.4 => ./ go-tpm-tools-0.4.7/go.work.sum000066400000000000000000006343201510276467000162170ustar00rootroot00000000000000bazil.org/fuse v0.0.0-20160811212531-371fbbdaa898/go.mod h1:Xbm+BRKSBEpa4q4hTSxohYNQpsxXPbPry4JJWOB3LB8= bazil.org/fuse v0.0.0-20200407214033-5883e5a4b512/go.mod h1:FbcW6z/2VytnFDhZfumh8Ss8zxHE6qpMP5sHTRe0EaM= cel.dev/expr v0.15.0/go.mod h1:TRSuuV7DlVCE/uwv5QbAiW/v8l5O8C4eEPHeu7gf7Sg= cel.dev/expr v0.16.0/go.mod h1:TRSuuV7DlVCE/uwv5QbAiW/v8l5O8C4eEPHeu7gf7Sg= cel.dev/expr v0.20.0/go.mod h1:MrpN08Q+lEBs+bGYdLxxHkZoUSsCp0nSKTs0nTymJgw= cel.dev/expr v0.24.0/go.mod h1:hLPLo1W4QUmuYdA72RBX06QTs6MXw941piREPl3Yfiw= cloud.google.com/go v0.107.0/go.mod h1:wpc2eNrD7hXUTy8EKS10jkxpZBjASrORK7goS+3YX2I= cloud.google.com/go v0.110.0 h1:Zc8gqp3+a9/Eyph2KDmcGaPtbKRIoqq4YTlL4NMD0Ys= cloud.google.com/go v0.110.2/go.mod h1:k04UEeEtb6ZBRTv3dZz4CeJC3jKGxyhl0sAiVVquxiw= cloud.google.com/go v0.110.8 h1:tyNdfIxjzaWctIiLYOTalaLKZ17SI44SKFW26QbOhME= cloud.google.com/go v0.110.8/go.mod h1:Iz8AkXJf1qmxC3Oxoep8R1T36w8B92yU29PcBhHO5fk= cloud.google.com/go v0.110.10/go.mod h1:v1OoFqYxiBkUrruItNM3eT4lLByNjxmJSV/xDKJNnic= cloud.google.com/go v0.112.0 h1:tpFCD7hpHFlQ8yPwT3x+QeXqc2T6+n6T+hmABHfDUSM= cloud.google.com/go v0.112.0/go.mod h1:3jEEVwZ/MHU4djK5t5RHuKOA/GbLddgTdVubX1qnPD4= cloud.google.com/go v0.112.2/go.mod h1:iEqjp//KquGIJV/m+Pk3xecgKNhV+ry+vVTsy4TbDms= cloud.google.com/go v0.113.0/go.mod h1:glEqlogERKYeePz6ZdkcLJ28Q2I6aERgDDErBg9GzO8= cloud.google.com/go v0.115.1/go.mod h1:DuujITeaufu3gL68/lOFIirVNJwQeyf5UXyi+Wbgknc= cloud.google.com/go v0.117.0/go.mod h1:ZbwhVTb1DBGt2Iwb3tNO6SEK4q+cplHZmLWH+DelYYc= cloud.google.com/go v0.118.3/go.mod h1:Lhs3YLnBlwJ4KA6nuObNMZ/fCbOQBPuWKPoE0Wa/9Vc= cloud.google.com/go v0.120.1/go.mod h1:56Vs7sf/i2jYM6ZL9NYlC82r04PThNcPS5YgFmb0rp8= cloud.google.com/go v0.121.1 h1:S3kTQSydxmu1JfLRLpKtxRPA7rSrYPRPEUmL/PavVUw= cloud.google.com/go v0.121.1/go.mod h1:nRFlrHq39MNVWu+zESP2PosMWA0ryJw8KUBZ2iZpxbw= cloud.google.com/go/accessapproval v1.6.0/go.mod h1:R0EiYnwV5fsRFiKZkPHr6mwyk2wxUJ30nL4j2pcFY2E= cloud.google.com/go/accessapproval v1.7.2/go.mod h1:/gShiq9/kK/h8T/eEn1BTzalDvk0mZxJlhfw0p+Xuc0= cloud.google.com/go/accessapproval v1.7.5/go.mod h1:g88i1ok5dvQ9XJsxpUInWWvUBrIZhyPDPbk4T01OoJ0= cloud.google.com/go/accessapproval v1.7.7/go.mod h1:10ZDPYiTm8tgxuMPid8s2DL93BfCt6xBh/Vg0Xd8pU0= cloud.google.com/go/accessapproval v1.7.9/go.mod h1:teNI+P/xzZ3dppGXEYFvSmuOvmTjLE9toPq21WHssYc= cloud.google.com/go/accessapproval v1.8.1/go.mod h1:3HAtm2ertsWdwgjSGObyas6fj3ZC/3zwV2WVZXO53sU= cloud.google.com/go/accessapproval v1.8.6/go.mod h1:FfmTs7Emex5UvfnnpMkhuNkRCP85URnBFt5ClLxhZaQ= cloud.google.com/go/accesscontextmanager v1.7.0/go.mod h1:CEGLewx8dwa33aDAZQujl7Dx+uYhS0eay198wB/VumQ= cloud.google.com/go/accesscontextmanager v1.8.2/go.mod h1:E6/SCRM30elQJ2PKtFMs2YhfJpZSNcJyejhuzoId4Zk= cloud.google.com/go/accesscontextmanager v1.8.5/go.mod h1:TInEhcZ7V9jptGNqN3EzZ5XMhT6ijWxTGjzyETwmL0Q= cloud.google.com/go/accesscontextmanager v1.8.7/go.mod h1:jSvChL1NBQ+uLY9zUBdPy9VIlozPoHptdBnRYeWuQoM= cloud.google.com/go/accesscontextmanager v1.8.9/go.mod h1:IXvQesVgOC7aXgK9OpYFn5eWnzz8fazegIiJ5WnCOVw= cloud.google.com/go/accesscontextmanager v1.9.1/go.mod h1:wUVSoz8HmG7m9miQTh6smbyYuNOJrvZukK5g6WxSOp0= cloud.google.com/go/accesscontextmanager v1.9.6/go.mod h1:884XHwy1AQpCX5Cj2VqYse77gfLaq9f8emE2bYriilk= cloud.google.com/go/aiplatform v1.37.0/go.mod h1:IU2Cv29Lv9oCn/9LkFiiuKfwrRTq+QQMbW+hPCxJGZw= cloud.google.com/go/aiplatform v1.51.1/go.mod h1:kY3nIMAVQOK2XDqDPHaOuD9e+FdMA6OOpfBjsvaFSOo= cloud.google.com/go/aiplatform v1.60.0/go.mod h1:eTlGuHOahHprZw3Hio5VKmtThIOak5/qy6pzdsqcQnM= cloud.google.com/go/aiplatform v1.67.0/go.mod h1:s/sJ6btBEr6bKnrNWdK9ZgHCvwbZNdP90b3DDtxxw+Y= cloud.google.com/go/aiplatform v1.68.0/go.mod h1:105MFA3svHjC3Oazl7yjXAmIR89LKhRAeNdnDKJczME= cloud.google.com/go/aiplatform v1.89.0/go.mod h1:TzZtegPkinfXTtXVvZZpxx7noINFMVDrLkE7cEWhYEk= cloud.google.com/go/analytics v0.19.0/go.mod h1:k8liqf5/HCnOUkbawNtrWWc+UAzyDlW89doe8TtoDsE= cloud.google.com/go/analytics v0.21.4/go.mod h1:zZgNCxLCy8b2rKKVfC1YkC2vTrpfZmeRCySM3aUbskA= cloud.google.com/go/analytics v0.23.0/go.mod h1:YPd7Bvik3WS95KBok2gPXDqQPHy08TsCQG6CdUCb+u0= cloud.google.com/go/analytics v0.23.2/go.mod h1:vtE3olAXZ6edJYk1UOndEs6EfaEc9T2B28Y4G5/a7Fo= cloud.google.com/go/analytics v0.23.4/go.mod h1:1iTnQMOr6zRdkecW+gkxJpwV0Q/djEIII3YlXmyf7UY= cloud.google.com/go/analytics v0.25.1/go.mod h1:hrAWcN/7tqyYwF/f60Nph1yz5UE3/PxOPzzFsJgtU+Y= cloud.google.com/go/analytics v0.28.1/go.mod h1:iPaIVr5iXPB3JzkKPW1JddswksACRFl3NSHgVHsuYC4= cloud.google.com/go/apigateway v1.5.0/go.mod h1:GpnZR3Q4rR7LVu5951qfXPJCHquZt02jf7xQx7kpqN8= cloud.google.com/go/apigateway v1.6.2/go.mod h1:CwMC90nnZElorCW63P2pAYm25AtQrHfuOkbRSHj0bT8= cloud.google.com/go/apigateway v1.6.5/go.mod h1:6wCwvYRckRQogyDDltpANi3zsCDl6kWi0b4Je+w2UiI= cloud.google.com/go/apigateway v1.6.7/go.mod h1:7wAMb/33Rzln+PrGK16GbGOfA1zAO5Pq6wp19jtIt7c= cloud.google.com/go/apigateway v1.6.9/go.mod h1:YE9XDTFwq859O6TpZNtatBMDWnMRZOiTVF+Ru3oCBeY= cloud.google.com/go/apigateway v1.7.1/go.mod h1:5JBcLrl7GHSGRzuDaISd5u0RKV05DNFiq4dRdfrhCP0= cloud.google.com/go/apigateway v1.7.6/go.mod h1:SiBx36VPjShaOCk8Emf63M2t2c1yF+I7mYZaId7OHiA= cloud.google.com/go/apigeeconnect v1.5.0/go.mod h1:KFaCqvBRU6idyhSNyn3vlHXc8VMDJdRmwDF6JyFRqZ8= cloud.google.com/go/apigeeconnect v1.6.2/go.mod h1:s6O0CgXT9RgAxlq3DLXvG8riw8PYYbU/v25jqP3Dy18= cloud.google.com/go/apigeeconnect v1.6.5/go.mod h1:MEKm3AiT7s11PqTfKE3KZluZA9O91FNysvd3E6SJ6Ow= cloud.google.com/go/apigeeconnect v1.6.7/go.mod h1:hZxCKvAvDdKX8+eT0g5eEAbRSS9Gkzi+MPWbgAMAy5U= cloud.google.com/go/apigeeconnect v1.6.9/go.mod h1:tl53uGgVG1A00qK1dF6wGIji0CQIMrLdNccJ6+R221U= cloud.google.com/go/apigeeconnect v1.7.1/go.mod h1:olkn1lOhIA/aorreenFzfEcEXmFN2pyAwkaUFbug9ZY= cloud.google.com/go/apigeeconnect v1.7.6/go.mod h1:zqDhHY99YSn2li6OeEjFpAlhXYnXKl6DFb/fGu0ye2w= cloud.google.com/go/apigeeregistry v0.6.0/go.mod h1:BFNzW7yQVLZ3yj0TKcwzb8n25CFBri51GVGOEUcgQsc= cloud.google.com/go/apigeeregistry v0.7.2/go.mod h1:9CA2B2+TGsPKtfi3F7/1ncCCsL62NXBRfM6iPoGSM+8= cloud.google.com/go/apigeeregistry v0.8.3/go.mod h1:aInOWnqF4yMQx8kTjDqHNXjZGh/mxeNlAf52YqtASUs= cloud.google.com/go/apigeeregistry v0.8.5/go.mod h1:ZMg60hq2K35tlqZ1VVywb9yjFzk9AJ7zqxrysOxLi3o= cloud.google.com/go/apigeeregistry v0.8.7/go.mod h1:Jge1HQaIkNU8JYSDY7l5SveeSKvGPvtLjzNjLU2+0N8= cloud.google.com/go/apigeeregistry v0.9.1/go.mod h1:XCwK9CS65ehi26z7E8/Vl4PEX5c/JJxpfxlB1QEyrZw= cloud.google.com/go/apigeeregistry v0.9.6/go.mod h1:AFEepJBKPtGDfgabG2HWaLH453VVWWFFs3P4W00jbPs= cloud.google.com/go/apikeys v0.6.0/go.mod h1:kbpXu5upyiAlGkKrJgQl8A0rKNNJ7dQ377pdroRSSi8= cloud.google.com/go/appengine v1.7.1/go.mod h1:IHLToyb/3fKutRysUlFO0BPt5j7RiQ45nrzEJmKTo6E= cloud.google.com/go/appengine v1.8.2/go.mod h1:WMeJV9oZ51pvclqFN2PqHoGnys7rK0rz6s3Mp6yMvDo= cloud.google.com/go/appengine v1.8.5/go.mod h1:uHBgNoGLTS5di7BvU25NFDuKa82v0qQLjyMJLuPQrVo= cloud.google.com/go/appengine v1.8.7/go.mod h1:1Fwg2+QTgkmN6Y+ALGwV8INLbdkI7+vIvhcKPZCML0g= cloud.google.com/go/appengine v1.8.9/go.mod h1:sw8T321TAto/u6tMinv3AV63olGH/hw7RhG4ZgNhqFs= cloud.google.com/go/appengine v1.9.1/go.mod h1:jtguveqRWFfjrk3k/7SlJz1FpDBZhu5CWSRu+HBgClk= cloud.google.com/go/appengine v1.9.6/go.mod h1:jPp9T7Opvzl97qytaRGPwoH7pFI3GAcLDaui1K8PNjY= cloud.google.com/go/area120 v0.7.1/go.mod h1:j84i4E1RboTWjKtZVWXPqvK5VHQFJRF2c1Nm69pWm9k= cloud.google.com/go/area120 v0.8.2/go.mod h1:a5qfo+x77SRLXnCynFWPUZhnZGeSgvQ+Y0v1kSItkh4= cloud.google.com/go/area120 v0.8.5/go.mod h1:BcoFCbDLZjsfe4EkCnEq1LKvHSK0Ew/zk5UFu6GMyA0= cloud.google.com/go/area120 v0.8.7/go.mod h1:L/xTq4NLP9mmxiGdcsVz7y1JLc9DI8pfaXRXbnjkR6w= cloud.google.com/go/area120 v0.8.9/go.mod h1:epLvbmajRp919r1LGdvS1zgcHJt/1MTQJJ9+r0/NBQc= cloud.google.com/go/area120 v0.9.1/go.mod h1:foV1BSrnjVL/KydBnAlUQFSy85kWrMwGSmRfIraC+JU= cloud.google.com/go/area120 v0.9.6/go.mod h1:qKSokqe0iTmwBDA3tbLWonMEnh0pMAH4YxiceiHUed4= cloud.google.com/go/artifactregistry v1.13.0/go.mod h1:uy/LNfoOIivepGhooAUpL1i30Hgee3Cu0l4VTWHUC08= cloud.google.com/go/artifactregistry v1.14.3/go.mod h1:A2/E9GXnsyXl7GUvQ/2CjHA+mVRoWAXC0brg2os+kNI= cloud.google.com/go/artifactregistry v1.14.7/go.mod h1:0AUKhzWQzfmeTvT4SjfI4zjot72EMfrkvL9g9aRjnnM= cloud.google.com/go/artifactregistry v1.14.9/go.mod h1:n2OsUqbYoUI2KxpzQZumm6TtBgtRf++QulEohdnlsvI= cloud.google.com/go/artifactregistry v1.14.11/go.mod h1:ahyKXer42EOIddYzk2zYfvZnByGPdAYhXqBbRBsGizE= cloud.google.com/go/artifactregistry v1.15.1/go.mod h1:ExJb4VN+IMTQWO5iY+mjcY19Rz9jUxCVGZ1YuyAgPBw= cloud.google.com/go/artifactregistry v1.17.1/go.mod h1:06gLv5QwQPWtaudI2fWO37gfwwRUHwxm3gA8Fe568Hc= cloud.google.com/go/asset v1.13.0/go.mod h1:WQAMyYek/b7NBpYq/K4KJWcRqzoalEsxz/t/dTk4THw= cloud.google.com/go/asset v1.15.1/go.mod h1:yX/amTvFWRpp5rcFq6XbCxzKT8RJUam1UoboE179jU4= cloud.google.com/go/asset v1.17.2/go.mod h1:SVbzde67ehddSoKf5uebOD1sYw8Ab/jD/9EIeWg99q4= cloud.google.com/go/asset v1.19.1/go.mod h1:kGOS8DiCXv6wU/JWmHWCgaErtSZ6uN5noCy0YwVaGfs= cloud.google.com/go/asset v1.19.3/go.mod h1:1j8NNcHsbSE/KeHMZrizPIS6c8nm0WjEAPoFXzXNCj4= cloud.google.com/go/asset v1.20.2/go.mod h1:IM1Kpzzo3wq7R/GEiktitzZyXx2zVpWqs9/5EGYs0GY= cloud.google.com/go/asset v1.21.1/go.mod h1:7AzY1GCC+s1O73yzLM1IpHFLHz3ws2OigmCpOQHwebk= cloud.google.com/go/assuredworkloads v1.10.0/go.mod h1:kwdUQuXcedVdsIaKgKTp9t0UJkE5+PAVNhdQm4ZVq2E= cloud.google.com/go/assuredworkloads v1.11.2/go.mod h1:O1dfr+oZJMlE6mw0Bp0P1KZSlj5SghMBvTpZqIcUAW4= cloud.google.com/go/assuredworkloads v1.11.5/go.mod h1:FKJ3g3ZvkL2D7qtqIGnDufFkHxwIpNM9vtmhvt+6wqk= cloud.google.com/go/assuredworkloads v1.11.7/go.mod h1:CqXcRH9N0KCDtHhFisv7kk+cl//lyV+pYXGi1h8rCEU= cloud.google.com/go/assuredworkloads v1.11.9/go.mod h1:uZ6+WHiT4iGn1iM1wk5njKnKJWiM3v/aYhDoCoHxs1w= cloud.google.com/go/assuredworkloads v1.12.1/go.mod h1:nBnkK2GZNSdtjU3ER75oC5fikub5/+QchbolKgnMI/I= cloud.google.com/go/assuredworkloads v1.12.6/go.mod h1:QyZHd7nH08fmZ+G4ElihV1zoZ7H0FQCpgS0YWtwjCKo= cloud.google.com/go/auth v0.3.0/go.mod h1:lBv6NKTWp8E3LPzmO1TbiiRKc4drLOfHsgmlH9ogv5w= cloud.google.com/go/auth v0.4.1/go.mod h1:QVBuVEKpCn4Zp58hzRGvL0tjRGU0YqdRTdCHM1IHnro= cloud.google.com/go/auth v0.5.1/go.mod h1:vbZT8GjzDf3AVqCcQmqeeM32U9HBFc32vVVAbwDsa6s= cloud.google.com/go/auth v0.6.1/go.mod h1:eFHG7zDzbXHKmjJddFG/rBlcGp6t25SwRUiEQSlO4x4= cloud.google.com/go/auth v0.9.3/go.mod h1:7z6VY+7h3KUdRov5F1i8NDP5ZzWKYmEPO842BgCsmTk= cloud.google.com/go/auth v0.9.4/go.mod h1:SHia8n6//Ya940F1rLimhJCjjx7KE17t0ctFEci3HkA= cloud.google.com/go/auth v0.13.0/go.mod h1:COOjD9gwfKNKz+IIduatIhYJQIc0mG3H102r/EMxX6Q= cloud.google.com/go/auth v0.15.0/go.mod h1:WJDGqZ1o9E9wKIL+IwStfyn/+s59zl4Bi+1KQNVXLZ8= cloud.google.com/go/auth v0.16.0/go.mod h1:1howDHJ5IETh/LwYs3ZxvlkXF48aSqqJUM+5o02dNOI= cloud.google.com/go/auth v0.16.1/go.mod h1:1howDHJ5IETh/LwYs3ZxvlkXF48aSqqJUM+5o02dNOI= cloud.google.com/go/auth/oauth2adapt v0.2.2/go.mod h1:wcYjgpZI9+Yu7LyYBg4pqSiaRkfEK3GQcpb7C/uyF1Q= cloud.google.com/go/auth/oauth2adapt v0.2.6/go.mod h1:AlmsELtlEBnaNTL7jCj8VQFLy6mbZv0s4Q7NGBeQ5E8= cloud.google.com/go/automl v1.12.0/go.mod h1:tWDcHDp86aMIuHmyvjuKeeHEGq76lD7ZqfGLN6B0NuU= cloud.google.com/go/automl v1.13.2/go.mod h1:gNY/fUmDEN40sP8amAX3MaXkxcqPIn7F1UIIPZpy4Mg= cloud.google.com/go/automl v1.13.5/go.mod h1:MDw3vLem3yh+SvmSgeYUmUKqyls6NzSumDm9OJ3xJ1Y= cloud.google.com/go/automl v1.13.7/go.mod h1:E+s0VOsYXUdXpq0y4gNZpi0A/s6y9+lAarmV5Eqlg40= cloud.google.com/go/automl v1.13.9/go.mod h1:KECCWW2AFsRuEVxUJEIXxcm3yPLf1rxS+qsBamyacMc= cloud.google.com/go/automl v1.14.1/go.mod h1:BocG5mhT32cjmf5CXxVsdSM04VXzJW7chVT7CpSL2kk= cloud.google.com/go/automl v1.14.7/go.mod h1:8a4XbIH5pdvrReOU72oB+H3pOw2JBxo9XTk39oljObE= cloud.google.com/go/baremetalsolution v0.5.0/go.mod h1:dXGxEkmR9BMwxhzBhV0AioD0ULBmuLZI8CdwalUxuss= cloud.google.com/go/baremetalsolution v1.2.1/go.mod h1:3qKpKIw12RPXStwQXcbhfxVj1dqQGEvcmA+SX/mUR88= cloud.google.com/go/baremetalsolution v1.2.4/go.mod h1:BHCmxgpevw9IEryE99HbYEfxXkAEA3hkMJbYYsHtIuY= cloud.google.com/go/baremetalsolution v1.2.6/go.mod h1:KkS2BtYXC7YGbr42067nzFr+ABFMs6cxEcA1F+cedIw= cloud.google.com/go/baremetalsolution v1.2.8/go.mod h1:Ai8ENs7ADMYWQ45DtfygUc6WblhShfi3kNPvuGv8/ok= cloud.google.com/go/baremetalsolution v1.3.1/go.mod h1:D1djGGmBl4M6VlyjOMc1SEzDYlO4EeEG1TCUv5mCPi0= cloud.google.com/go/baremetalsolution v1.3.6/go.mod h1:7/CS0LzpLccRGO0HL3q2Rofxas2JwjREKut414sE9iM= cloud.google.com/go/batch v0.7.0/go.mod h1:vLZN95s6teRUqRQ4s3RLDsH8PvboqBK+rn1oevL159g= cloud.google.com/go/batch v1.5.1/go.mod h1:RpBuIYLkQu8+CWDk3dFD/t/jOCGuUpkpX+Y0n1Xccs8= cloud.google.com/go/batch v1.8.0/go.mod h1:k8V7f6VE2Suc0zUM4WtoibNrA6D3dqBpB+++e3vSGYc= cloud.google.com/go/batch v1.8.5/go.mod h1:YSWU2RTIeoHWVwieZJDTLEfWWUsuk10uhAr5K1dTMiw= cloud.google.com/go/batch v1.9.0/go.mod h1:VhRaG/bX2EmeaPSHvtptP5OAhgYuTrvtTAulKM68oiI= cloud.google.com/go/batch v1.11.1/go.mod h1:4GbJXfdxU8GH6uuo8G47y5tEFOgTLCL9pMKCUcn7VxE= cloud.google.com/go/batch v1.12.2/go.mod h1:tbnuTN/Iw59/n1yjAYKV2aZUjvMM2VJqAgvUgft6UEU= cloud.google.com/go/beyondcorp v0.5.0/go.mod h1:uFqj9X+dSfrheVp7ssLTaRHd2EHqSL4QZmH4e8WXGGU= cloud.google.com/go/beyondcorp v1.0.1/go.mod h1:zl/rWWAFVeV+kx+X2Javly7o1EIQThU4WlkynffL/lk= cloud.google.com/go/beyondcorp v1.0.4/go.mod h1:Gx8/Rk2MxrvWfn4WIhHIG1NV7IBfg14pTKv1+EArVcc= cloud.google.com/go/beyondcorp v1.0.6/go.mod h1:wRkenqrVRtnGFfnyvIg0zBFUdN2jIfeojFF9JJDwVIA= cloud.google.com/go/beyondcorp v1.0.8/go.mod h1:2WaEvUnw+1ZIUNu227h71X/Q8ypcWWowii9TQ4xlfo0= cloud.google.com/go/beyondcorp v1.1.1/go.mod h1:L09o0gLkgXMxCZs4qojrgpI2/dhWtasMc71zPPiHMn4= cloud.google.com/go/beyondcorp v1.1.6/go.mod h1:V1PigSWPGh5L/vRRmyutfnjAbkxLI2aWqJDdxKbwvsQ= cloud.google.com/go/bigquery v1.50.0/go.mod h1:YrleYEh2pSEbgTBZYMJ5SuSr0ML3ypjRB1zgf7pvQLU= cloud.google.com/go/bigquery v1.56.0/go.mod h1:KDcsploXTEY7XT3fDQzMUZlpQLHzE4itubHrnmhUrZA= cloud.google.com/go/bigquery v1.59.1/go.mod h1:VP1UJYgevyTwsV7desjzNzDND5p6hZB+Z8gZJN1GQUc= cloud.google.com/go/bigquery v1.61.0/go.mod h1:PjZUje0IocbuTOdq4DBOJLNYB0WF3pAKBHzAYyxCwFo= cloud.google.com/go/bigquery v1.63.1/go.mod h1:ufaITfroCk17WTqBhMpi8CRjsfHjMX07pDrQaRKKX2o= cloud.google.com/go/bigquery v1.69.0/go.mod h1:TdGLquA3h/mGg+McX+GsqG9afAzTAcldMjqhdjHTLew= cloud.google.com/go/bigtable v1.33.0/go.mod h1:HtpnH4g25VT1pejHRtInlFPnN5sjTxbQlsYBjh9t5l0= cloud.google.com/go/bigtable v1.37.0/go.mod h1:HXqddP6hduwzrtiTCqZPpj9ij4hGZb4Zy1WF/dT+yaU= cloud.google.com/go/billing v1.13.0/go.mod h1:7kB2W9Xf98hP9Sr12KfECgfGclsH3CQR0R08tnRlRbc= cloud.google.com/go/billing v1.17.2/go.mod h1:u/AdV/3wr3xoRBk5xvUzYMS1IawOAPwQMuHgHMdljDg= cloud.google.com/go/billing v1.18.2/go.mod h1:PPIwVsOOQ7xzbADCwNe8nvK776QpfrOAUkvKjCUcpSE= cloud.google.com/go/billing v1.18.5/go.mod h1:lHw7fxS6p7hLWEPzdIolMtOd0ahLwlokW06BzbleKP8= cloud.google.com/go/billing v1.18.7/go.mod h1:RreCBJPmaN/lzCz/2Xl1hA+OzWGqrzDsax4Qjjp0CbA= cloud.google.com/go/billing v1.19.1/go.mod h1:c5l7ORJjOLH/aASJqUqNsEmwrhfjWZYHX+z0fIhuVpo= cloud.google.com/go/billing v1.20.4/go.mod h1:hBm7iUmGKGCnBm6Wp439YgEdt+OnefEq/Ib9SlJYxIU= cloud.google.com/go/binaryauthorization v1.5.0/go.mod h1:OSe4OU1nN/VswXKRBmciKpo9LulY41gch5c68htf3/Q= cloud.google.com/go/binaryauthorization v1.7.1/go.mod h1:GTAyfRWYgcbsP3NJogpV3yeunbUIjx2T9xVeYovtURE= cloud.google.com/go/binaryauthorization v1.8.1/go.mod h1:1HVRyBerREA/nhI7yLang4Zn7vfNVA3okoAR9qYQJAQ= cloud.google.com/go/binaryauthorization v1.8.3/go.mod h1:Cul4SsGlbzEsWPOz2sH8m+g2Xergb6ikspUyQ7iOThE= cloud.google.com/go/binaryauthorization v1.8.5/go.mod h1:2npTMgNJPsmUg0jfmDDORuqBkTPEW6ZSTHXzfxTvN1M= cloud.google.com/go/binaryauthorization v1.9.1/go.mod h1:jqBzP68bfzjoiMFT6Q1EdZtKJG39zW9ywwzHuv7V8ms= cloud.google.com/go/binaryauthorization v1.9.5/go.mod h1:CV5GkS2eiY461Bzv+OH3r5/AsuB6zny+MruRju3ccB8= cloud.google.com/go/certificatemanager v1.6.0/go.mod h1:3Hh64rCKjRAX8dXgRAyOcY5vQ/fE1sh8o+Mdd6KPgY8= cloud.google.com/go/certificatemanager v1.7.2/go.mod h1:15SYTDQMd00kdoW0+XY5d9e+JbOPjp24AvF48D8BbcQ= cloud.google.com/go/certificatemanager v1.7.5/go.mod h1:uX+v7kWqy0Y3NG/ZhNvffh0kuqkKZIXdvlZRO7z0VtM= cloud.google.com/go/certificatemanager v1.8.1/go.mod h1:hDQzr50Vx2gDB+dOfmDSsQzJy/UPrYRdzBdJ5gAVFIc= cloud.google.com/go/certificatemanager v1.8.3/go.mod h1:QS0jxTu5wgEbzaYgGs/GBYKvVgAgc9jnYaaTFH8jRtE= cloud.google.com/go/certificatemanager v1.9.1/go.mod h1:a6bXZULtd6iQTRuSVs1fopcHLMJ/T3zSpIB7aJaq/js= cloud.google.com/go/certificatemanager v1.9.5/go.mod h1:kn7gxT/80oVGhjL8rurMUYD36AOimgtzSBPadtAeffs= cloud.google.com/go/channel v1.12.0/go.mod h1:VkxCGKASi4Cq7TbXxlaBezonAYpp1GCnKMY6tnMQnLU= cloud.google.com/go/channel v1.17.1/go.mod h1:xqfzcOZAcP4b/hUDH0GkGg1Sd5to6di1HOJn/pi5uBQ= cloud.google.com/go/channel v1.17.5/go.mod h1:FlpaOSINDAXgEext0KMaBq/vwpLMkkPAw9b2mApQeHc= cloud.google.com/go/channel v1.17.7/go.mod h1:b+FkgBrhMKM3GOqKUvqHFY/vwgp+rwsAuaMd54wCdN4= cloud.google.com/go/channel v1.17.9/go.mod h1:h9emIJm+06sK1FxqC3etsWdG87tg92T24wimlJs6lhY= cloud.google.com/go/channel v1.19.0/go.mod h1:8BEvuN5hWL4tT0rmJR4N8xsZHdfGof+KwemjQH6oXsw= cloud.google.com/go/channel v1.19.5/go.mod h1:vevu+LK8Oy1Yuf7lcpDbkQQQm5I7oiY5fFTn3uwfQLY= cloud.google.com/go/cloudbuild v1.9.0/go.mod h1:qK1d7s4QlO0VwfYn5YuClDGg2hfmLZEb4wQGAbIgL1s= cloud.google.com/go/cloudbuild v1.14.1/go.mod h1:K7wGc/3zfvmYWOWwYTgF/d/UVJhS4pu+HAy7PL7mCsU= cloud.google.com/go/cloudbuild v1.15.1/go.mod h1:gIofXZSu+XD2Uy+qkOrGKEx45zd7s28u/k8f99qKals= cloud.google.com/go/cloudbuild v1.16.1/go.mod h1:c2KUANTtCBD8AsRavpPout6Vx8W+fsn5zTsWxCpWgq4= cloud.google.com/go/cloudbuild v1.16.3/go.mod h1:KJYZAwTUaDKDdEHwLj/EmnpmwLkMuq+fGnBEHA1LlE4= cloud.google.com/go/cloudbuild v1.18.0/go.mod h1:KCHWGIoS/5fj+By9YmgIQnUiDq8P6YURWOjX3hoc6As= cloud.google.com/go/cloudbuild v1.22.2/go.mod h1:rPyXfINSgMqMZvuTk1DbZcbKYtvbYF/i9IXQ7eeEMIM= cloud.google.com/go/clouddms v1.5.0/go.mod h1:QSxQnhikCLUw13iAbffF2CZxAER3xDGNHjsTAkQJcQA= cloud.google.com/go/clouddms v1.7.1/go.mod h1:o4SR8U95+P7gZ/TX+YbJxehOCsM+fe6/brlrFquiszk= cloud.google.com/go/clouddms v1.7.4/go.mod h1:RdrVqoFG9RWI5AvZ81SxJ/xvxPdtcRhFotwdE79DieY= cloud.google.com/go/clouddms v1.7.6/go.mod h1:8HWZ2tznZ0mNAtTpfnRNT0QOThqn9MBUqTj0Lx8npIs= cloud.google.com/go/clouddms v1.7.8/go.mod h1:KQpBMxH99ZTPK4LgXkYUntzRQ5hcNkjpGRbNSRzW9Nk= cloud.google.com/go/clouddms v1.8.1/go.mod h1:bmW2eDFH1LjuwkHcKKeeppcmuBGS0r6Qz6TXanehKP0= cloud.google.com/go/clouddms v1.8.7/go.mod h1:DhWLd3nzHP8GoHkA6hOhso0R9Iou+IGggNqlVaq/KZ4= cloud.google.com/go/cloudtasks v1.10.0/go.mod h1:NDSoTLkZ3+vExFEWu2UJV1arUyzVDAiZtdWcsUyNwBs= cloud.google.com/go/cloudtasks v1.12.2/go.mod h1:A7nYkjNlW2gUoROg1kvJrQGhJP/38UaWwsnuBDOBVUk= cloud.google.com/go/cloudtasks v1.12.6/go.mod h1:b7c7fe4+TJsFZfDyzO51F7cjq7HLUlRi/KZQLQjDsaY= cloud.google.com/go/cloudtasks v1.12.8/go.mod h1:aX8qWCtmVf4H4SDYUbeZth9C0n9dBj4dwiTYi4Or/P4= cloud.google.com/go/cloudtasks v1.12.10/go.mod h1:OHJzRAdE+7H00cdsINhb21ugVLDgk3Uh4r0holCB5XQ= cloud.google.com/go/cloudtasks v1.13.1/go.mod h1:dyRD7tEEkLMbHLagb7UugkDa77UVJp9d/6O9lm3ModI= cloud.google.com/go/cloudtasks v1.13.6/go.mod h1:/IDaQqGKMixD+ayM43CfsvWF2k36GeomEuy9gL4gLmU= cloud.google.com/go/compute v1.14.0/go.mod h1:YfLtxrj9sU4Yxv+sXzZkyPjEyPBZfXHUvjxega5vAdo= cloud.google.com/go/compute v1.15.1/go.mod h1:bjjoF/NtFUrkD/urWfdHaKuOPDR5nWIs63rR+SXhcpA= cloud.google.com/go/compute v1.18.0/go.mod h1:1X7yHxec2Ga+Ss6jPyjxRxpu2uu7PLgsOVXvgU0yacs= cloud.google.com/go/compute v1.19.1/go.mod h1:6ylj3a05WF8leseCdIf77NK0g1ey+nj5IKd5/kvShxE= cloud.google.com/go/compute v1.20.1/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM= cloud.google.com/go/compute v1.23.0/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM= cloud.google.com/go/compute v1.23.3/go.mod h1:VCgBUoMnIVIR0CscqQiPJLAG25E3ZRZMzcFZeQ+h8CI= cloud.google.com/go/compute v1.23.4/go.mod h1:/EJMj55asU6kAFnuZET8zqgwgJ9FvXWXOkkfQZa4ioI= cloud.google.com/go/compute v1.25.1/go.mod h1:oopOIR53ly6viBYxaDhBfJwzUAxf1zE//uf3IB011ls= cloud.google.com/go/compute v1.26.0 h1:uHf0NN2nvxl1Gh4QO83yRCOdMK4zivtMS5gv0dEX0hg= cloud.google.com/go/compute v1.26.0/go.mod h1:T9RIRap4pVHCGUkVFRJ9hygT3KCXjip41X1GgWtBBII= cloud.google.com/go/compute v1.27.2 h1:5cE5hdrwJV/92ravlwIFRGnyH9CpLGhh4N0ZDVTU+BA= cloud.google.com/go/compute v1.27.2/go.mod h1:YQuHkNEwP3bIz4LBYQqf4DIMfFtTDtnEgnwG0mJQQ9I= cloud.google.com/go/compute v1.28.1 h1:XwPcZjgMCnU2tkwY10VleUjSAfpTj9RDn+kGrbYsi8o= cloud.google.com/go/compute v1.28.1/go.mod h1:b72iXMY4FucVry3NR3Li4kVyyTvbMDE7x5WsqvxjsYk= cloud.google.com/go/compute v1.38.0 h1:MilCLYQW2m7Dku8hRIIKo4r0oKastlD74sSu16riYKs= cloud.google.com/go/compute v1.38.0/go.mod h1:oAFNIuXOmXbK/ssXm3z4nZB8ckPdjltJ7xhHCdbWFZM= cloud.google.com/go/compute/metadata v0.2.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA= cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= cloud.google.com/go/compute/metadata v0.5.0/go.mod h1:aHnloV2TPI38yx4s9+wAZhHykWvVCfu7hQbF+9CWoiY= cloud.google.com/go/compute/metadata v0.5.1/go.mod h1:C66sj2AluDcIqakBq/M8lw8/ybHgOZqin2obFxa/E5k= cloud.google.com/go/compute/metadata v0.6.0/go.mod h1:FjyFAW1MW0C203CEOMDTu3Dk1FlqW3Rga40jzHL4hfg= cloud.google.com/go/compute/metadata v0.7.0/go.mod h1:j5MvL9PprKL39t166CoB1uVHfQMs4tFQZZcKwksXUjo= cloud.google.com/go/contactcenterinsights v1.6.0/go.mod h1:IIDlT6CLcDoyv79kDv8iWxMSTZhLxSCofVV5W6YFM/w= cloud.google.com/go/contactcenterinsights v1.11.1/go.mod h1:FeNP3Kg8iteKM80lMwSk3zZZKVxr+PGnAId6soKuXwE= cloud.google.com/go/contactcenterinsights v1.13.0/go.mod h1:ieq5d5EtHsu8vhe2y3amtZ+BE+AQwX5qAy7cpo0POsI= cloud.google.com/go/contactcenterinsights v1.13.2/go.mod h1:AfkSB8t7mt2sIY6WpfO61nD9J9fcidIchtxm9FqJVXk= cloud.google.com/go/contactcenterinsights v1.13.4/go.mod h1:6OWSyQxeaQRxhkyMhtE+RFOOlsMcKOTukv8nnjxbNCQ= cloud.google.com/go/contactcenterinsights v1.15.0/go.mod h1:6bJGBQrJsnATv2s6Dh/c6HCRanq2kCZ0kIIjRV1G0mI= cloud.google.com/go/contactcenterinsights v1.17.3/go.mod h1:7Uu2CpxS3f6XxhRdlEzYAkrChpR5P5QfcdGAFEdHOG8= cloud.google.com/go/container v1.15.0/go.mod h1:ft+9S0WGjAyjDggg5S06DXj+fHJICWg8L7isCQe9pQA= cloud.google.com/go/container v1.26.1/go.mod h1:5smONjPRUxeEpDG7bMKWfDL4sauswqEtnBK1/KKpR04= cloud.google.com/go/container v1.31.0/go.mod h1:7yABn5s3Iv3lmw7oMmyGbeV6tQj86njcTijkkGuvdZA= cloud.google.com/go/container v1.35.1/go.mod h1:udm8fgLm3TtpnjFN4QLLjZezAIIp/VnMo316yIRVRQU= cloud.google.com/go/container v1.37.2/go.mod h1:2ly7zpBmWtYjjuoB3fHyq8Gqrxaj2NIwzwVRpUcKYXk= cloud.google.com/go/container v1.40.0/go.mod h1:wNI1mOUivm+ZkpHMbouutgbD4sQxyphMwK31X5cThY4= cloud.google.com/go/container v1.43.0/go.mod h1:ETU9WZ1KM9ikEKLzrhRVao7KHtalDQu6aPqM34zDr/U= cloud.google.com/go/containeranalysis v0.9.0/go.mod h1:orbOANbwk5Ejoom+s+DUCTTJ7IBdBQJDcSylAx/on9s= cloud.google.com/go/containeranalysis v0.11.1/go.mod h1:rYlUOM7nem1OJMKwE1SadufX0JP3wnXj844EtZAwWLY= cloud.google.com/go/containeranalysis v0.11.4/go.mod h1:cVZT7rXYBS9NG1rhQbWL9pWbXCKHWJPYraE8/FTSYPE= cloud.google.com/go/containeranalysis v0.11.6/go.mod h1:YRf7nxcTcN63/Kz9f86efzvrV33g/UV8JDdudRbYEUI= cloud.google.com/go/containeranalysis v0.11.8/go.mod h1:2ru4oxs6dCcaG3ZsmKAy4yMmG68ukOuS/IRCMEHYpLo= cloud.google.com/go/containeranalysis v0.13.1/go.mod h1:bmd9H880BNR4Hc8JspEg8ge9WccSQfO+/N+CYvU3sEA= cloud.google.com/go/containeranalysis v0.14.1/go.mod h1:28e+tlZgauWGHmEbnI5UfIsjMmrkoR1tFN0K2i71jBI= cloud.google.com/go/datacatalog v1.13.0/go.mod h1:E4Rj9a5ZtAxcQJlEBTLgMTphfP11/lNaAshpoBgemX8= cloud.google.com/go/datacatalog v1.18.1/go.mod h1:TzAWaz+ON1tkNr4MOcak8EBHX7wIRX/gZKM+yTVsv+A= cloud.google.com/go/datacatalog v1.19.3/go.mod h1:ra8V3UAsciBpJKQ+z9Whkxzxv7jmQg1hfODr3N3YPJ4= cloud.google.com/go/datacatalog v1.20.1/go.mod h1:Jzc2CoHudhuZhpv78UBAjMEg3w7I9jHA11SbRshWUjk= cloud.google.com/go/datacatalog v1.20.3/go.mod h1:AKC6vAy5urnMg5eJK3oUjy8oa5zMbiY33h125l8lmlo= cloud.google.com/go/datacatalog v1.22.1/go.mod h1:MscnJl9B2lpYlFoxRjicw19kFTwEke8ReKL5Y/6TWg8= cloud.google.com/go/datacatalog v1.26.0/go.mod h1:bLN2HLBAwB3kLTFT5ZKLHVPj/weNz6bR0c7nYp0LE14= cloud.google.com/go/dataflow v0.8.0/go.mod h1:Rcf5YgTKPtQyYz8bLYhFoIV/vP39eL7fWNcSOyFfLJE= cloud.google.com/go/dataflow v0.9.2/go.mod h1:vBfdBZ/ejlTaYIGB3zB4T08UshH70vbtZeMD+urnUSo= cloud.google.com/go/dataflow v0.9.5/go.mod h1:udl6oi8pfUHnL0z6UN9Lf9chGqzDMVqcYTcZ1aPnCZQ= cloud.google.com/go/dataflow v0.9.7/go.mod h1:3BjkOxANrm1G3+/EBnEsTEEgJu1f79mFqoOOZfz3v+E= cloud.google.com/go/dataflow v0.9.9/go.mod h1:Wk/92E1BvhV7qs/dWb+3dN26uGgyp/H1Jr5ZJxeD3dw= cloud.google.com/go/dataflow v0.10.1/go.mod h1:zP4/tNjONFRcS4NcI9R94YDQEkPalimdbPkijVNJt/g= cloud.google.com/go/dataflow v0.11.0/go.mod h1:gNHC9fUjlV9miu0hd4oQaXibIuVYTQvZhMdPievKsPk= cloud.google.com/go/dataform v0.7.0/go.mod h1:7NulqnVozfHvWUBpMDfKMUESr+85aJsC/2O0o3jWPDE= cloud.google.com/go/dataform v0.8.2/go.mod h1:X9RIqDs6NbGPLR80tnYoPNiO1w0wenKTb8PxxlhTMKM= cloud.google.com/go/dataform v0.9.2/go.mod h1:S8cQUwPNWXo7m/g3DhWHsLBoufRNn9EgFrMgne2j7cI= cloud.google.com/go/dataform v0.9.4/go.mod h1:jjo4XY+56UrNE0wsEQsfAw4caUs4DLJVSyFBDelRDtQ= cloud.google.com/go/dataform v0.9.6/go.mod h1:JKDPMfcYMu9oUMubIvvAGWTBX0sw4o/JIjCcczzbHmk= cloud.google.com/go/dataform v0.10.1/go.mod h1:c5y0hIOBCfszmBcLJyxnELF30gC1qC/NeHdmkzA7TNQ= cloud.google.com/go/dataform v0.12.0/go.mod h1:PuDIEY0lSVuPrZqcFji1fmr5RRvz3DGz4YP/cONc8g4= cloud.google.com/go/datafusion v1.6.0/go.mod h1:WBsMF8F1RhSXvVM8rCV3AeyWVxcC2xY6vith3iw3S+8= cloud.google.com/go/datafusion v1.7.2/go.mod h1:62K2NEC6DRlpNmI43WHMWf9Vg/YvN6QVi8EVwifElI0= cloud.google.com/go/datafusion v1.7.5/go.mod h1:bYH53Oa5UiqahfbNK9YuYKteeD4RbQSNMx7JF7peGHc= cloud.google.com/go/datafusion v1.7.7/go.mod h1:qGTtQcUs8l51lFA9ywuxmZJhS4ozxsBSus6ItqCUWMU= cloud.google.com/go/datafusion v1.7.9/go.mod h1:ciYV8FL0JmrwgoJ7CH64oUHiI0oOf2VLE45LWKT51Ls= cloud.google.com/go/datafusion v1.8.1/go.mod h1:I5+nRt6Lob4g1eCbcxP4ayRNx8hyOZ8kA3PB/vGd9Lo= cloud.google.com/go/datafusion v1.8.6/go.mod h1:fCyKJF2zUKC+O3hc2F9ja5EUCAbT4zcH692z8HiFZFw= cloud.google.com/go/datalabeling v0.7.0/go.mod h1:WPQb1y08RJbmpM3ww0CSUAGweL0SxByuW2E+FU+wXcM= cloud.google.com/go/datalabeling v0.8.2/go.mod h1:cyDvGHuJWu9U/cLDA7d8sb9a0tWLEletStu2sTmg3BE= cloud.google.com/go/datalabeling v0.8.5/go.mod h1:IABB2lxQnkdUbMnQaOl2prCOfms20mcPxDBm36lps+s= cloud.google.com/go/datalabeling v0.8.7/go.mod h1:/PPncW5gxrU15UzJEGQoOT3IobeudHGvoExrtZ8ZBwo= cloud.google.com/go/datalabeling v0.8.9/go.mod h1:61QutR66VZFgN8boHhl4/FTfxenNzihykv18BgxwSrg= cloud.google.com/go/datalabeling v0.9.1/go.mod h1:umplHuZX+x5DItNPV5BFBXau5TDsljLNzEj5AB5uRUM= cloud.google.com/go/datalabeling v0.9.6/go.mod h1:n7o4x0vtPensZOoFwFa4UfZgkSZm8Qs0Pg/T3kQjXSM= cloud.google.com/go/dataplex v1.6.0/go.mod h1:bMsomC/aEJOSpHXdFKFGQ1b0TDPIeL28nJObeO1ppRs= cloud.google.com/go/dataplex v1.10.1/go.mod h1:1MzmBv8FvjYfc7vDdxhnLFNskikkB+3vl475/XdCDhs= cloud.google.com/go/dataplex v1.14.2/go.mod h1:0oGOSFlEKef1cQeAHXy4GZPB/Ife0fz/PxBf+ZymA2U= cloud.google.com/go/dataplex v1.15.1/go.mod h1:+cUJLSCSIWfH53dIXOS5gLErCSz3MP0mZiswVVI8YTA= cloud.google.com/go/dataplex v1.18.0/go.mod h1:THLDVG07lcY1NgqVvjTV1mvec+rFHwpDwvSd+196MMc= cloud.google.com/go/dataplex v1.19.1/go.mod h1:WzoQ+vcxrAyM0cjJWmluEDVsg7W88IXXCfuy01BslKE= cloud.google.com/go/dataplex v1.25.3/go.mod h1:wOJXnOg6bem0tyslu4hZBTncfqcPNDpYGKzed3+bd+E= cloud.google.com/go/dataproc v1.12.0/go.mod h1:zrF3aX0uV3ikkMz6z4uBbIKyhRITnxvr4i3IjKsKrw4= cloud.google.com/go/dataproc/v2 v2.2.1/go.mod h1:QdAJLaBjh+l4PVlVZcmrmhGccosY/omC1qwfQ61Zv/o= cloud.google.com/go/dataproc/v2 v2.4.0/go.mod h1:3B1Ht2aRB8VZIteGxQS/iNSJGzt9+CA0WGnDVMEm7Z4= cloud.google.com/go/dataproc/v2 v2.4.2/go.mod h1:smGSj1LZP3wtnsM9eyRuDYftNAroAl6gvKp/Wk64XDE= cloud.google.com/go/dataproc/v2 v2.5.1/go.mod h1:5s2CuQyTPX7e19ZRMLicfPFNgXrvsVct3xz94UvWFeQ= cloud.google.com/go/dataproc/v2 v2.9.0/go.mod h1:i4365hSwNP6Bx0SAUnzCC6VloeNxChDjJWH6BfVPcbs= cloud.google.com/go/dataproc/v2 v2.11.2/go.mod h1:xwukBjtfiO4vMEa1VdqyFLqJmcv7t3lo+PbLDcTEw+g= cloud.google.com/go/dataqna v0.7.0/go.mod h1:Lx9OcIIeqCrw1a6KdO3/5KMP1wAmTc0slZWwP12Qq3c= cloud.google.com/go/dataqna v0.8.2/go.mod h1:KNEqgx8TTmUipnQsScOoDpq/VlXVptUqVMZnt30WAPs= cloud.google.com/go/dataqna v0.8.5/go.mod h1:vgihg1mz6n7pb5q2YJF7KlXve6tCglInd6XO0JGOlWM= cloud.google.com/go/dataqna v0.8.7/go.mod h1:hvxGaSvINAVH5EJJsONIwT1y+B7OQogjHPjizOFoWOo= cloud.google.com/go/dataqna v0.8.9/go.mod h1:wrw1SL/zLRlVgf0d8P0ZBJ2hhGaLbwoNRsW6m1mn64g= cloud.google.com/go/dataqna v0.9.1/go.mod h1:86DNLE33yEfNDp5F2nrITsmTYubMbsF7zQRzC3CcZrY= cloud.google.com/go/dataqna v0.9.7/go.mod h1:4ac3r7zm7Wqm8NAc8sDIDM0v7Dz7d1e/1Ka1yMFanUM= cloud.google.com/go/datastore v1.11.0/go.mod h1:TvGxBIHCS50u8jzG+AW/ppf87v1of8nwzFNgEZU1D3c= cloud.google.com/go/datastore v1.15.0/go.mod h1:GAeStMBIt9bPS7jMJA85kgkpsMkvseWWXiaHya9Jes8= cloud.google.com/go/datastore v1.16.0/go.mod h1:WIGbYyZE4GUJC+RLuVgpl6myNMKZGzlfbtN3Tch4R+8= cloud.google.com/go/datastore v1.17.1/go.mod h1:mtzZ2HcVtz90OVrEXXGDc2pO4NM1kiBQy8YV4qGe0ZM= cloud.google.com/go/datastore v1.19.0/go.mod h1:KGzkszuj87VT8tJe67GuB+qLolfsOt6bZq/KFuWaahc= cloud.google.com/go/datastore v1.20.0/go.mod h1:uFo3e+aEpRfHgtp5pp0+6M0o147KoPaYNaPAKpfh8Ew= cloud.google.com/go/datastream v1.7.0/go.mod h1:uxVRMm2elUSPuh65IbZpzJNMbuzkcvu5CjMqVIUHrww= cloud.google.com/go/datastream v1.10.1/go.mod h1:7ngSYwnw95YFyTd5tOGBxHlOZiL+OtpjheqU7t2/s/c= cloud.google.com/go/datastream v1.10.4/go.mod h1:7kRxPdxZxhPg3MFeCSulmAJnil8NJGGvSNdn4p1sRZo= cloud.google.com/go/datastream v1.10.6/go.mod h1:lPeXWNbQ1rfRPjBFBLUdi+5r7XrniabdIiEaCaAU55o= cloud.google.com/go/datastream v1.10.8/go.mod h1:6nkPjnk5Qr602Wq+YQ+/RWUOX5h4voMTz5abgEOYPCM= cloud.google.com/go/datastream v1.11.1/go.mod h1:a4j5tnptIxdZ132XboR6uQM/ZHcuv/hLqA6hH3NJWgk= cloud.google.com/go/datastream v1.14.1/go.mod h1:JqMKXq/e0OMkEgfYe0nP+lDye5G2IhIlmencWxmesMo= cloud.google.com/go/deploy v1.8.0/go.mod h1:z3myEJnA/2wnB4sgjqdMfgxCA0EqC3RBTNcVPs93mtQ= cloud.google.com/go/deploy v1.13.1/go.mod h1:8jeadyLkH9qu9xgO3hVWw8jVr29N1mnW42gRJT8GY6g= cloud.google.com/go/deploy v1.17.1/go.mod h1:SXQyfsXrk0fBmgBHRzBjQbZhMfKZ3hMQBw5ym7MN/50= cloud.google.com/go/deploy v1.18.0/go.mod h1:7Nv2yKPQG5Lv3sscLUuY58DlrEMqPlq6nedtpb1Prcg= cloud.google.com/go/deploy v1.19.2/go.mod h1:i6zfU9FZkqFgWIvO2/gsodGU9qF4tF9mBgoMdfnf6as= cloud.google.com/go/deploy v1.23.0/go.mod h1:O7qoXcg44Ebfv9YIoFEgYjPmrlPsXD4boYSVEiTqdHY= cloud.google.com/go/deploy v1.27.2/go.mod h1:4NHWE7ENry2A4O1i/4iAPfXHnJCZ01xckAKpZQwhg1M= cloud.google.com/go/dialogflow v1.32.0/go.mod h1:jG9TRJl8CKrDhMEcvfcfFkkpp8ZhgPz3sBGmAUYJ2qE= cloud.google.com/go/dialogflow v1.44.1/go.mod h1:n/h+/N2ouKOO+rbe/ZnI186xImpqvCVj2DdsWS/0EAk= cloud.google.com/go/dialogflow v1.49.0/go.mod h1:dhVrXKETtdPlpPhE7+2/k4Z8FRNUp6kMV3EW3oz/fe0= cloud.google.com/go/dialogflow v1.53.0/go.mod h1:LqAvxq7bXiiGC3/DWIz9XXCxth2z2qpSnBAAmlNOj6U= cloud.google.com/go/dialogflow v1.54.2/go.mod h1:avkFNYog+U127jKpGzW1FOllBwZy3OfCz1K1eE9RGh8= cloud.google.com/go/dialogflow v1.58.0/go.mod h1:sWcyFLdUrg+TWBJVq/OtwDyjcyDOfirTF0Gx12uKy7o= cloud.google.com/go/dialogflow v1.68.2/go.mod h1:E0Ocrhf5/nANZzBju8RX8rONf0PuIvz2fVj3XkbAhiY= cloud.google.com/go/dlp v1.9.0/go.mod h1:qdgmqgTyReTz5/YNSSuueR8pl7hO0o9bQ39ZhtgkWp4= cloud.google.com/go/dlp v1.10.2/go.mod h1:ZbdKIhcnyhILgccwVDzkwqybthh7+MplGC3kZVZsIOQ= cloud.google.com/go/dlp v1.11.2/go.mod h1:9Czi+8Y/FegpWzgSfkRlyz+jwW6Te9Rv26P3UfU/h/w= cloud.google.com/go/dlp v1.12.2/go.mod h1:AkJim14g+g5JqE4tTr9IJYQp2HHKhBYw/r/G6KQLQi0= cloud.google.com/go/dlp v1.14.2/go.mod h1:+uwRt+6wZ3PL0wsmZ1cUAj0Mt9kyeV3WcIKPW03wJVU= cloud.google.com/go/dlp v1.19.0/go.mod h1:cr8dKBq8un5LALiyGkz4ozcwzt3FyTlOwA4/fFzJ64c= cloud.google.com/go/dlp v1.23.0/go.mod h1:vVT4RlyPMEMcVHexdPT6iMVac3seq3l6b8UPdYpgFrg= cloud.google.com/go/documentai v1.18.0/go.mod h1:F6CK6iUH8J81FehpskRmhLq/3VlwQvb7TvwOceQ2tbs= cloud.google.com/go/documentai v1.23.2/go.mod h1:Q/wcRT+qnuXOpjAkvOV4A+IeQl04q2/ReT7SSbytLSo= cloud.google.com/go/documentai v1.25.0/go.mod h1:ftLnzw5VcXkLItp6pw1mFic91tMRyfv6hHEY5br4KzY= cloud.google.com/go/documentai v1.28.0/go.mod h1:ZTt9RkTRmqOn5GQgU4JxHJxbobemOoo6FSy0byEQHqY= cloud.google.com/go/documentai v1.30.3/go.mod h1:aMxiOouLr36hyahLhI3OwAcsy7plOTiXR/RmK+MHbSg= cloud.google.com/go/documentai v1.34.0/go.mod h1:onJlbHi4ZjQTsANSZJvW7fi2M8LZJrrupXkWDcy4gLY= cloud.google.com/go/documentai v1.37.0/go.mod h1:qAf3ewuIUJgvSHQmmUWvM3Ogsr5A16U2WPHmiJldvLA= cloud.google.com/go/domains v0.8.0/go.mod h1:M9i3MMDzGFXsydri9/vW+EWz9sWb4I6WyHqdlAk0idE= cloud.google.com/go/domains v0.9.2/go.mod h1:3YvXGYzZG1Temjbk7EyGCuGGiXHJwVNmwIf+E/cUp5I= cloud.google.com/go/domains v0.9.5/go.mod h1:dBzlxgepazdFhvG7u23XMhmMKBjrkoUNaw0A8AQB55Y= cloud.google.com/go/domains v0.9.7/go.mod h1:u/yVf3BgfPJW3QDZl51qTJcDXo9PLqnEIxfGmGgbHEc= cloud.google.com/go/domains v0.9.9/go.mod h1:/ewEPIaNmTrElY7u9BZPcLPnoP1NJJXGvISDDapwVNU= cloud.google.com/go/domains v0.10.1/go.mod h1:RjDl3K8iq/ZZHMVqfZzRuBUr5t85gqA6LEXQBeBL5F4= cloud.google.com/go/domains v0.10.6/go.mod h1:3xzG+hASKsVBA8dOPc4cIaoV3OdBHl1qgUpAvXK7pGY= cloud.google.com/go/edgecontainer v1.0.0/go.mod h1:cttArqZpBB2q58W/upSG++ooo6EsblxDIolxa3jSjbY= cloud.google.com/go/edgecontainer v1.1.2/go.mod h1:wQRjIzqxEs9e9wrtle4hQPSR1Y51kqN75dgF7UllZZ4= cloud.google.com/go/edgecontainer v1.1.5/go.mod h1:rgcjrba3DEDEQAidT4yuzaKWTbkTI5zAMu3yy6ZWS0M= cloud.google.com/go/edgecontainer v1.2.1/go.mod h1:OE2D0lbkmGDVYLCvpj8Y0M4a4K076QB7E2JupqOR/qU= cloud.google.com/go/edgecontainer v1.2.3/go.mod h1:gMKe2JfE0OT0WuCJArzIndAmMWDPCIYGSWYIpJ6M7oM= cloud.google.com/go/edgecontainer v1.3.1/go.mod h1:qyz5+Nk/UAs6kXp6wiux9I2U4A2R624K15QhHYovKKM= cloud.google.com/go/edgecontainer v1.4.3/go.mod h1:q9Ojw2ox0uhAvFisnfPRAXFTB1nfRIOIXVWzdXMZLcE= cloud.google.com/go/errorreporting v0.3.0/go.mod h1:xsP2yaAp+OAW4OIm60An2bbLpqIhKXdWR/tawvl7QzU= cloud.google.com/go/errorreporting v0.3.1/go.mod h1:6xVQXU1UuntfAf+bVkFk6nld41+CPyF2NSPCyXE3Ztk= cloud.google.com/go/errorreporting v0.3.2/go.mod h1:s5kjs5r3l6A8UUyIsgvAhGq6tkqyBCUss0FRpsoVTww= cloud.google.com/go/essentialcontacts v1.5.0/go.mod h1:ay29Z4zODTuwliK7SnX8E86aUF2CTzdNtvv42niCX0M= cloud.google.com/go/essentialcontacts v1.6.3/go.mod h1:yiPCD7f2TkP82oJEFXFTou8Jl8L6LBRPeBEkTaO0Ggo= cloud.google.com/go/essentialcontacts v1.6.6/go.mod h1:XbqHJGaiH0v2UvtuucfOzFXN+rpL/aU5BCZLn4DYl1Q= cloud.google.com/go/essentialcontacts v1.6.8/go.mod h1:EHONVDSum2xxG2p+myyVda/FwwvGbY58ZYC4XqI/lDQ= cloud.google.com/go/essentialcontacts v1.6.10/go.mod h1:wQlXvEb/0hB0C0d4H6/90P8CiZcYewkvJ3VoUVFPi4E= cloud.google.com/go/essentialcontacts v1.7.1/go.mod h1:F/MMWNLRW7b42WwWklOsnx4zrMOWDYWqWykBf1jXKPY= cloud.google.com/go/essentialcontacts v1.7.6/go.mod h1:/Ycn2egr4+XfmAfxpLYsJeJlVf9MVnq9V7OMQr9R4lA= cloud.google.com/go/eventarc v1.11.0/go.mod h1:PyUjsUKPWoRBCHeOxZd/lbOOjahV41icXyUY5kSTvVY= cloud.google.com/go/eventarc v1.13.1/go.mod h1:EqBxmGHFrruIara4FUQ3RHlgfCn7yo1HYsu2Hpt/C3Y= cloud.google.com/go/eventarc v1.13.4/go.mod h1:zV5sFVoAa9orc/52Q+OuYUG9xL2IIZTbbuTHC6JSY8s= cloud.google.com/go/eventarc v1.13.6/go.mod h1:QReOaYnDNdjwAQQWNC7nfr63WnaKFUw7MSdQ9PXJYj0= cloud.google.com/go/eventarc v1.13.8/go.mod h1:Xq3SsMoOAn7RmacXgJO7kq818iRLFF0bVhH780qlmTs= cloud.google.com/go/eventarc v1.14.1/go.mod h1:NG0YicE+z9MDcmh2u4tlzLDVLRjq5UHZlibyQlPhcxY= cloud.google.com/go/eventarc v1.15.5/go.mod h1:vDCqGqyY7SRiickhEGt1Zhuj81Ya4F/NtwwL3OZNskg= cloud.google.com/go/filestore v1.6.0/go.mod h1:di5unNuss/qfZTw2U9nhFqo8/ZDSc466dre85Kydllg= cloud.google.com/go/filestore v1.7.2/go.mod h1:TYOlyJs25f/omgj+vY7/tIG/E7BX369triSPzE4LdgE= cloud.google.com/go/filestore v1.8.1/go.mod h1:MbN9KcaM47DRTIuLfQhJEsjaocVebNtNQhSLhKCF5GM= cloud.google.com/go/filestore v1.8.3/go.mod h1:QTpkYpKBF6jlPRmJwhLqXfJQjVrQisplyb4e2CwfJWc= cloud.google.com/go/filestore v1.8.5/go.mod h1:o8KvHyl5V30kIdrPX6hE+RknscXCUFXWSxYsEWeFfRU= cloud.google.com/go/filestore v1.9.1/go.mod h1:g/FNHBABpxjL1M9nNo0nW6vLYIMVlyOKhBKtYGgcKUI= cloud.google.com/go/filestore v1.10.2/go.mod h1:w0Pr8uQeSRQfCPRsL0sYKW6NKyooRgixCkV9yyLykR4= cloud.google.com/go/firestore v1.9.0/go.mod h1:HMkjKHNTtRyZNiMzu7YAsLr9K3X2udY2AMwDaMEQiiE= cloud.google.com/go/firestore v1.13.0/go.mod h1:QojqqOh8IntInDUSTAh0c8ZsPYAr68Ma8c5DWOy8xb8= cloud.google.com/go/firestore v1.14.0/go.mod h1:96MVaHLsEhbvkBEdZgfN+AS/GIkco1LRpH9Xp9YZfzQ= cloud.google.com/go/firestore v1.15.0/go.mod h1:GWOxFXcv8GZUtYpWHw/w6IuYNux/BtmeVTMmjrm4yhk= cloud.google.com/go/firestore v1.17.0/go.mod h1:69uPx1papBsY8ZETooc71fOhoKkD70Q1DwMrtKuOT/Y= cloud.google.com/go/firestore v1.18.0/go.mod h1:5ye0v48PhseZBdcl0qbl3uttu7FIEwEYVaWm0UIEOEU= cloud.google.com/go/functions v1.13.0/go.mod h1:EU4O007sQm6Ef/PwRsI8N2umygGqPBS/IZQKBQBcJ3c= cloud.google.com/go/functions v1.15.2/go.mod h1:CHAjtcR6OU4XF2HuiVeriEdELNcnvRZSk1Q8RMqy4lE= cloud.google.com/go/functions v1.16.0/go.mod h1:nbNpfAG7SG7Duw/o1iZ6ohvL7mc6MapWQVpqtM29n8k= cloud.google.com/go/functions v1.16.2/go.mod h1:+gMvV5E3nMb9EPqX6XwRb646jTyVz8q4yk3DD6xxHpg= cloud.google.com/go/functions v1.16.4/go.mod h1:uDp5MbH0kCtXe3uBluq3Zi7bEDuHqcn60mAHxUsNezI= cloud.google.com/go/functions v1.19.1/go.mod h1:18RszySpwRg6aH5UTTVsRfdCwDooSf/5mvSnU7NAk4A= cloud.google.com/go/functions v1.19.6/go.mod h1:0G0RnIlbM4MJEycfbPZlCzSf2lPOjL7toLDwl+r0ZBw= cloud.google.com/go/gaming v1.9.0/go.mod h1:Fc7kEmCObylSWLO334NcO+O9QMDyz+TKC4v1D7X+Bc0= cloud.google.com/go/gkebackup v0.4.0/go.mod h1:byAyBGUwYGEEww7xsbnUTBHIYcOPy/PgUWUtOeRm9Vg= cloud.google.com/go/gkebackup v1.3.2/go.mod h1:OMZbXzEJloyXMC7gqdSB+EOEQ1AKcpGYvO3s1ec5ixk= cloud.google.com/go/gkebackup v1.3.5/go.mod h1:KJ77KkNN7Wm1LdMopOelV6OodM01pMuK2/5Zt1t4Tvc= cloud.google.com/go/gkebackup v1.4.1/go.mod h1:tVwSKC1/UxEA011ijRG8vlXaZThzTSy6vReO9fTOlX8= cloud.google.com/go/gkebackup v1.5.2/go.mod h1:ZuWJKacdXtjiO8ry9RrdT57gvcsU7c7/FTqqwjdNUjk= cloud.google.com/go/gkebackup v1.6.1/go.mod h1:CEnHQCsNBn+cyxcxci0qbAPYe8CkivNEitG/VAZ08ms= cloud.google.com/go/gkebackup v1.8.0/go.mod h1:FjsjNldDilC9MWKEHExnK3kKJyTDaSdO1vF0QeWSOPU= cloud.google.com/go/gkeconnect v0.7.0/go.mod h1:SNfmVqPkaEi3bF/B3CNZOAYPYdg7sU+obZ+QTky2Myw= cloud.google.com/go/gkeconnect v0.8.2/go.mod h1:6nAVhwchBJYgQCXD2pHBFQNiJNyAd/wyxljpaa6ZPrY= cloud.google.com/go/gkeconnect v0.8.5/go.mod h1:LC/rS7+CuJ5fgIbXv8tCD/mdfnlAadTaUufgOkmijuk= cloud.google.com/go/gkeconnect v0.8.7/go.mod h1:iUH1jgQpTyNFMK5LgXEq2o0beIJ2p7KKUUFerkf/eGc= cloud.google.com/go/gkeconnect v0.8.9/go.mod h1:gl758q5FLXewQZIsxQ7vHyYmLcGBuubvQO6J3yFDh08= cloud.google.com/go/gkeconnect v0.11.1/go.mod h1:Vu3UoOI2c0amGyv4dT/EmltzscPH41pzS4AXPqQLej0= cloud.google.com/go/gkeconnect v0.12.4/go.mod h1:bvpU9EbBpZnXGo3nqJ1pzbHWIfA9fYqgBMJ1VjxaZdk= cloud.google.com/go/gkehub v0.12.0/go.mod h1:djiIwwzTTBrF5NaXCGv3mf7klpEMcST17VBTVVDcuaw= cloud.google.com/go/gkehub v0.14.2/go.mod h1:iyjYH23XzAxSdhrbmfoQdePnlMj2EWcvnR+tHdBQsCY= cloud.google.com/go/gkehub v0.14.5/go.mod h1:6bzqxM+a+vEH/h8W8ec4OJl4r36laxTs3A/fMNHJ0wA= cloud.google.com/go/gkehub v0.14.7/go.mod h1:NLORJVTQeCdxyAjDgUwUp0A6BLEaNLq84mCiulsM4OE= cloud.google.com/go/gkehub v0.14.9/go.mod h1:W2rDU2n2xgMpf3/BqpT6ffUX/I8yez87rrW/iGRz6Kk= cloud.google.com/go/gkehub v0.15.1/go.mod h1:cyUwa9iFQYd/pI7IQYl6A+OF6M8uIbhmJr090v9Z4UU= cloud.google.com/go/gkehub v0.15.6/go.mod h1:sRT0cOPAgI1jUJrS3gzwdYCJ1NEzVVwmnMKEwrS2QaM= cloud.google.com/go/gkemulticloud v0.5.0/go.mod h1:W0JDkiyi3Tqh0TJr//y19wyb1yf8llHVto2Htf2Ja3Y= cloud.google.com/go/gkemulticloud v1.0.1/go.mod h1:AcrGoin6VLKT/fwZEYuqvVominLriQBCKmbjtnbMjG8= cloud.google.com/go/gkemulticloud v1.1.1/go.mod h1:C+a4vcHlWeEIf45IB5FFR5XGjTeYhF83+AYIpTy4i2Q= cloud.google.com/go/gkemulticloud v1.1.3/go.mod h1:4WzfPnsOfdCIj6weekE5FIGCaeQKZ1HzGNUVZ1PpIxw= cloud.google.com/go/gkemulticloud v1.2.2/go.mod h1:VMsMYDKpUVYNrhese31TVJMVXPLEtFT/AnIarqlcwVo= cloud.google.com/go/gkemulticloud v1.4.0/go.mod h1:rg8YOQdRKEtMimsiNCzZUP74bOwImhLRv9wQ0FwBUP4= cloud.google.com/go/gkemulticloud v1.5.3/go.mod h1:KPFf+/RcfvmuScqwS9/2MF5exZAmXSuoSLPuaQ98Xlk= cloud.google.com/go/grafeas v0.3.6/go.mod h1:to6ECAPgRO2xeqD8ISXHc70nObJuaKZThreQOjeOH3o= cloud.google.com/go/grafeas v0.3.10/go.mod h1:Mz/AoXmxNhj74VW0fz5Idc3kMN2VZMi4UT5+UPx5Pq0= cloud.google.com/go/grafeas v0.3.15/go.mod h1:irwcwIQOBlLBotGdMwme8PipnloOPqILfIvMwlmu8Pk= cloud.google.com/go/gsuiteaddons v1.5.0/go.mod h1:TFCClYLd64Eaa12sFVmUyG62tk4mdIsI7pAnSXRkcFo= cloud.google.com/go/gsuiteaddons v1.6.2/go.mod h1:K65m9XSgs8hTF3X9nNTPi8IQueljSdYo9F+Mi+s4MyU= cloud.google.com/go/gsuiteaddons v1.6.5/go.mod h1:Lo4P2IvO8uZ9W+RaC6s1JVxo42vgy+TX5a6hfBZ0ubs= cloud.google.com/go/gsuiteaddons v1.6.7/go.mod h1:u+sGBvr07OKNnOnQiB/Co1q4U2cjo50ERQwvnlcpNis= cloud.google.com/go/gsuiteaddons v1.6.9/go.mod h1:qITZZoLzQhMQ6Re+izKEvz4C+M1AP13S+XuEpS26824= cloud.google.com/go/gsuiteaddons v1.7.1/go.mod h1:SxM63xEPFf0p/plgh4dP82mBSKtp2RWskz5DpVo9jh8= cloud.google.com/go/gsuiteaddons v1.7.7/go.mod h1:zTGmmKG/GEBCONsvMOY2ckDiEsq3FN+lzWGUiXccF9o= cloud.google.com/go/iam v0.3.0 h1:exkAomrVUuzx9kWFI1wm3KI0uoDeUFPB4kKGzx6x+Gc= cloud.google.com/go/iam v0.8.0/go.mod h1:lga0/y3iH6CX7sYqypWJ33hf7kkfXJag67naqGESjkE= cloud.google.com/go/iam v0.13.0/go.mod h1:ljOg+rcNfzZ5d6f1nAUJ8ZIxOaZUVoS14bKCtaLZ/D0= cloud.google.com/go/iam v1.1.3/go.mod h1:3khUlaBXfPKKe7huYgEpDn6FtgRyMEqbkvBxrQyY5SE= cloud.google.com/go/iam v1.1.5/go.mod h1:rB6P/Ic3mykPbFio+vo7403drjlgvoWfYpJhMXEbzv8= cloud.google.com/go/iam v1.1.6/go.mod h1:O0zxdPeGBoFdWW3HWmBxJsk0pfvNM/p/qa82rWOGTwI= cloud.google.com/go/iam v1.1.7/go.mod h1:J4PMPg8TtyurAUvSmPj8FF3EDgY1SPRZxcUGrn7WXGA= cloud.google.com/go/iam v1.1.8/go.mod h1:GvE6lyMmfxXauzNq8NbgJbeVQNspG+tcdL/W8QO1+zE= cloud.google.com/go/iam v1.2.0/go.mod h1:zITGuWgsLZxd8OwAlX+eMFgZDXzBm7icj1PVTYG766Q= cloud.google.com/go/iam v1.2.2/go.mod h1:0Ys8ccaZHdI1dEUilwzqng/6ps2YB6vRsjIe00/+6JY= cloud.google.com/go/iap v1.7.1/go.mod h1:WapEwPc7ZxGt2jFGB/C/bm+hP0Y6NXzOYGjpPnmMS74= cloud.google.com/go/iap v1.9.1/go.mod h1:SIAkY7cGMLohLSdBR25BuIxO+I4fXJiL06IBL7cy/5Q= cloud.google.com/go/iap v1.9.4/go.mod h1:vO4mSq0xNf/Pu6E5paORLASBwEmphXEjgCFg7aeNu1w= cloud.google.com/go/iap v1.9.6/go.mod h1:YiK+tbhDszhaVifvzt2zTEF2ch9duHtp6xzxj9a0sQk= cloud.google.com/go/iap v1.9.8/go.mod h1:jQzSbtpYRbBoMdOINr/OqUxBY9rhyqLx04utTCmJ6oo= cloud.google.com/go/iap v1.10.1/go.mod h1:UKetCEzOZ4Zj7l9TSN/wzRNwbgIYzm4VM4bStaQ/tFc= cloud.google.com/go/iap v1.11.2/go.mod h1:Bh99DMUpP5CitL9lK0BC8MYgjjYO4b3FbyhgW1VHJvg= cloud.google.com/go/ids v1.3.0/go.mod h1:JBdTYwANikFKaDP6LtW5JAi4gubs57SVNQjemdt6xV4= cloud.google.com/go/ids v1.4.2/go.mod h1:3vw8DX6YddRu9BncxuzMyWn0g8+ooUjI2gslJ7FH3vk= cloud.google.com/go/ids v1.4.5/go.mod h1:p0ZnyzjMWxww6d2DvMGnFwCsSxDJM666Iir1bK1UuBo= cloud.google.com/go/ids v1.4.7/go.mod h1:yUkDC71u73lJoTaoONy0dsA0T7foekvg6ZRg9IJL0AA= cloud.google.com/go/ids v1.4.9/go.mod h1:1pL+mhlvtUNphwBSK91yO8NoTVQYwOpqim1anIVBwbM= cloud.google.com/go/ids v1.5.1/go.mod h1:d/9jTtY506mTxw/nHH3UN4TFo80jhAX+tESwzj42yFo= cloud.google.com/go/ids v1.5.6/go.mod h1:y3SGLmEf9KiwKsH7OHvYYVNIJAtXybqsD2z8gppsziQ= cloud.google.com/go/iot v1.6.0/go.mod h1:IqdAsmE2cTYYNO1Fvjfzo9po179rAtJeVGUvkLN3rLE= cloud.google.com/go/iot v1.7.2/go.mod h1:q+0P5zr1wRFpw7/MOgDXrG/HVA+l+cSwdObffkrpnSg= cloud.google.com/go/iot v1.7.5/go.mod h1:nq3/sqTz3HGaWJi1xNiX7F41ThOzpud67vwk0YsSsqs= cloud.google.com/go/iot v1.7.7/go.mod h1:tr0bCOSPXtsg64TwwZ/1x+ReTWKlQRVXbM+DnrE54yM= cloud.google.com/go/iot v1.7.9/go.mod h1:1fi6x4CexbygNgRPn+tcxCjOZFTl+4G6Adbo6sLPR7c= cloud.google.com/go/iot v1.8.1/go.mod h1:FNceQ9/EGvbE2az7RGoGPY0aqrsyJO3/LqAL0h83fZw= cloud.google.com/go/iot v1.8.6/go.mod h1:MThnkiihNkMysWNeNje2Hp0GSOpEq2Wkb/DkBCVYa0U= cloud.google.com/go/kms v1.10.1/go.mod h1:rIWk/TryCkR59GMC3YtHtXeLzd634lBbKenvyySAyYI= cloud.google.com/go/kms v1.15.3/go.mod h1:AJdXqHxS2GlPyduM99s9iGqi2nwbviBbhV/hdmt4iOQ= cloud.google.com/go/kms v1.15.7/go.mod h1:ub54lbsa6tDkUwnu4W7Yt1aAIFLnspgh0kPGToDukeI= cloud.google.com/go/kms v1.15.9/go.mod h1:5v/R/RRuBUVO+eJioGcqENr3syh8ZqNn1y1Wc9DjM+4= cloud.google.com/go/kms v1.18.2/go.mod h1:YFz1LYrnGsXARuRePL729oINmN5J/5e7nYijgvfiIeY= cloud.google.com/go/kms v1.20.0/go.mod h1:/dMbFF1tLLFnQV44AoI2GlotbjowyUfgVwezxW291fM= cloud.google.com/go/kms v1.22.0/go.mod h1:U7mf8Sva5jpOb4bxYZdtw/9zsbIjrklYwPcvMk34AL8= cloud.google.com/go/language v1.9.0/go.mod h1:Ns15WooPM5Ad/5no/0n81yUetis74g3zrbeJBE+ptUY= cloud.google.com/go/language v1.11.1/go.mod h1:Xyid9MG9WOX3utvDbpX7j3tXDmmDooMyMDqgUVpH17U= cloud.google.com/go/language v1.12.3/go.mod h1:evFX9wECX6mksEva8RbRnr/4wi/vKGYnAJrTRXU8+f8= cloud.google.com/go/language v1.12.5/go.mod h1:w/6a7+Rhg6Bc2Uzw6thRdKKNjnOzfKTJuxzD0JZZ0nM= cloud.google.com/go/language v1.12.7/go.mod h1:4s/11zABvI/gv+li/+ICe+cErIaN9hYmilf9wrc5Py0= cloud.google.com/go/language v1.14.1/go.mod h1:WaAL5ZdLLBjiorXl/8vqgb6/Fyt2qijl96c1ZP/vdc8= cloud.google.com/go/language v1.14.5/go.mod h1:nl2cyAVjcBct1Hk73tzxuKebk0t2eULFCaruhetdZIA= cloud.google.com/go/lifesciences v0.8.0/go.mod h1:lFxiEOMqII6XggGbOnKiyZ7IBwoIqA84ClvoezaA/bo= cloud.google.com/go/lifesciences v0.9.2/go.mod h1:QHEOO4tDzcSAzeJg7s2qwnLM2ji8IRpQl4p6m5Z9yTA= cloud.google.com/go/lifesciences v0.9.5/go.mod h1:OdBm0n7C0Osh5yZB7j9BXyrMnTRGBJIZonUMxo5CzPw= cloud.google.com/go/lifesciences v0.9.7/go.mod h1:FQ713PhjAOHqUVnuwsCe1KPi9oAdaTfh58h1xPiW13g= cloud.google.com/go/lifesciences v0.9.9/go.mod h1:4c8eLVKz7/FPw6lvoHx2/JQX1rVM8+LlYmBp8h5H3MQ= cloud.google.com/go/lifesciences v0.10.1/go.mod h1:5D6va5/Gq3gtJPKSsE6vXayAigfOXK2eWLTdFUOTCDs= cloud.google.com/go/lifesciences v0.10.6/go.mod h1:1nnZwaZcBThDujs9wXzECnd1S5d+UiDkPuJWAmhRi7Q= cloud.google.com/go/logging v1.4.2 h1:Mu2Q75VBDQlW1HlBMjTX4X84UFR73G1TiLlRYc/b7tA= cloud.google.com/go/logging v1.4.2/go.mod h1:jco9QZSx8HiVVqLJReq7z7bVdj0P1Jb9PDFs63T+axo= cloud.google.com/go/logging v1.8.1 h1:26skQWPeYhvIasWKm48+Eq7oUqdcdbwsCVwz5Ys0FvU= cloud.google.com/go/logging v1.8.1/go.mod h1:TJjR+SimHwuC8MZ9cjByQulAMgni+RkXeI3wwctHJEI= cloud.google.com/go/longrunning v0.5.0/go.mod h1:0JNuqRShmscVAhIACGtskSAWtqtOoPkwP0YF1oVEchc= cloud.google.com/go/longrunning v0.5.2 h1:u+oFqfEwwU7F9dIELigxbe0XVnBAo9wqMuQLA50CZ5k= cloud.google.com/go/longrunning v0.5.2/go.mod h1:nqo6DQbNV2pXhGDbDMoN2bWz68MjZUzqv2YttZiveCs= cloud.google.com/go/longrunning v0.5.5 h1:GOE6pZFdSrTb4KAiKnXsJBtlE6mEyaW44oKyMILWnOg= cloud.google.com/go/longrunning v0.5.5/go.mod h1:WV2LAxD8/rg5Z1cNW6FJ/ZpX4E4VnDnoTk0yawPBB7s= cloud.google.com/go/longrunning v0.5.6/go.mod h1:vUaDrWYOMKRuhiv6JBnn49YxCPz2Ayn9GqyjaBT8/mA= cloud.google.com/go/longrunning v0.5.7/go.mod h1:8GClkudohy1Fxm3owmBGid8W0pSgodEMwEAztp38Xng= cloud.google.com/go/longrunning v0.6.0/go.mod h1:uHzSZqW89h7/pasCWNYdUpwGz3PcVWhrWupreVPYLts= cloud.google.com/go/longrunning v0.6.2/go.mod h1:k/vIs83RN4bE3YCswdXC5PFfWVILjm3hpEUlSko4PiI= cloud.google.com/go/longrunning v0.6.6/go.mod h1:hyeGJUrPHcx0u2Uu1UFSoYZLn4lkMrccJig0t4FI7yw= cloud.google.com/go/managedidentities v1.6.2/go.mod h1:5c2VG66eCa0WIq6IylRk3TBW83l161zkFvCj28X7jn8= cloud.google.com/go/managedidentities v1.6.5/go.mod h1:fkFI2PwwyRQbjLxlm5bQ8SjtObFMW3ChBGNqaMcgZjI= cloud.google.com/go/managedidentities v1.6.7/go.mod h1:UzslJgHnc6luoyx2JV19cTCi2Fni/7UtlcLeSYRzTV8= cloud.google.com/go/managedidentities v1.6.9/go.mod h1:R7+78iH2j/SCTInutWINxGxEY0PH5rpbWt6uRq0Tn+Y= cloud.google.com/go/managedidentities v1.7.1/go.mod h1:iK4qqIBOOfePt5cJR/Uo3+uol6oAVIbbG7MGy917cYM= cloud.google.com/go/managedidentities v1.7.6/go.mod h1:pYCWPaI1AvR8Q027Vtp+SFSM/VOVgbjBF4rxp1/z5p4= cloud.google.com/go/maps v1.4.1/go.mod h1:BxSa0BnW1g2U2gNdbq5zikLlHUuHW0GFWh7sgML2kIY= cloud.google.com/go/maps v1.6.4/go.mod h1:rhjqRy8NWmDJ53saCfsXQ0LKwBHfi6OSh5wkq6BaMhI= cloud.google.com/go/maps v1.7.3/go.mod h1:Jfe+h0i3YdG8Cc0wuNI+Q+WglTt7YnQ3PbKCqpBdTwc= cloud.google.com/go/maps v1.11.3/go.mod h1:4iKNrUzFISQ4RoiWCqIFEAAVtgKb2oQ09AVx8GheOUg= cloud.google.com/go/maps v1.14.0/go.mod h1:UepOes9un0UP7i8JBiaqgh8jqUaZAHVRXCYjrVlhSC8= cloud.google.com/go/maps v1.21.0/go.mod h1:cqzZ7+DWUKKbPTgqE+KuNQtiCRyg/o7WZF9zDQk+HQs= cloud.google.com/go/mediatranslation v0.8.2/go.mod h1:c9pUaDRLkgHRx3irYE5ZC8tfXGrMYwNZdmDqKMSfFp8= cloud.google.com/go/mediatranslation v0.8.5/go.mod h1:y7kTHYIPCIfgyLbKncgqouXJtLsU+26hZhHEEy80fSs= cloud.google.com/go/mediatranslation v0.8.7/go.mod h1:6eJbPj1QJwiCP8R4K413qMx6ZHZJUi9QFpApqY88xWU= cloud.google.com/go/mediatranslation v0.8.9/go.mod h1:3MjXTUsEzrMC9My6e9o7TOmgIUGlyrkVAxjzcmxBUdU= cloud.google.com/go/mediatranslation v0.9.1/go.mod h1:vQH1amULNhSGryBjbjLb37g54rxrOwVxywS8WvUCsIU= cloud.google.com/go/mediatranslation v0.9.6/go.mod h1:WS3QmObhRtr2Xu5laJBQSsjnWFPPthsyetlOyT9fJvE= cloud.google.com/go/memcache v1.10.2/go.mod h1:f9ZzJHLBrmd4BkguIAa/l/Vle6uTHzHokdnzSWOdQ6A= cloud.google.com/go/memcache v1.10.5/go.mod h1:/FcblbNd0FdMsx4natdj+2GWzTq+cjZvMa1I+9QsuMA= cloud.google.com/go/memcache v1.10.7/go.mod h1:SrU6+QBhvXJV0TA59+B3oCHtLkPx37eqdKmRUlmSE1k= cloud.google.com/go/memcache v1.10.9/go.mod h1:06evGxt9E1Mf/tYsXJNdXuRj5qzspVd0Tt18kXYDD5c= cloud.google.com/go/memcache v1.11.1/go.mod h1:3zF+dEqmEmElHuO4NtHiShekQY5okQtssjPBv7jpmZ8= cloud.google.com/go/memcache v1.11.6/go.mod h1:ZM6xr1mw3F8TWO+In7eq9rKlJc3jlX2MDt4+4H+/+cc= cloud.google.com/go/metastore v1.13.1/go.mod h1:IbF62JLxuZmhItCppcIfzBBfUFq0DIB9HPDoLgWrVOU= cloud.google.com/go/metastore v1.13.4/go.mod h1:FMv9bvPInEfX9Ac1cVcRXp8EBBQnBcqH6gz3KvJ9BAE= cloud.google.com/go/metastore v1.13.6/go.mod h1:OBCVMCP7X9vA4KKD+5J4Q3d+tiyKxalQZnksQMq5MKY= cloud.google.com/go/metastore v1.13.8/go.mod h1:2uLJBAXn5EDYJx9r7mZtxZifCKpakZUCvNfzI7ejUiE= cloud.google.com/go/metastore v1.14.1/go.mod h1:WDvsAcbQLl9M4xL+eIpbKogH7aEaPWMhO9aRBcFOnJE= cloud.google.com/go/metastore v1.14.7/go.mod h1:0dka99KQofeUgdfu+K/Jk1KeT9veWZlxuZdJpZPtuYU= cloud.google.com/go/monitoring v1.16.1/go.mod h1:6HsxddR+3y9j+o/cMJH6q/KJ/CBTvM/38L/1m7bTRJ4= cloud.google.com/go/monitoring v1.18.0/go.mod h1:c92vVBCeq/OB4Ioyo+NbN2U7tlg5ZH41PZcdvfc+Lcg= cloud.google.com/go/monitoring v1.19.0/go.mod h1:25IeMR5cQ5BoZ8j1eogHE5VPJLlReQ7zFp5OiLgiGZw= cloud.google.com/go/monitoring v1.20.1/go.mod h1:FYSe/brgfuaXiEzOQFhTjsEsJv+WePyK71X7Y8qo6uQ= cloud.google.com/go/monitoring v1.21.1/go.mod h1:Rj++LKrlht9uBi8+Eb530dIrzG/cU/lB8mt+lbeFK1c= cloud.google.com/go/monitoring v1.24.0/go.mod h1:Bd1PRK5bmQBQNnuGwHBfUamAV1ys9049oEPHnn4pcsc= cloud.google.com/go/monitoring v1.24.2/go.mod h1:x7yzPWcgDRnPEv3sI+jJGBkwl5qINf+6qY4eq0I9B4U= cloud.google.com/go/networkconnectivity v1.14.1/go.mod h1:LyGPXR742uQcDxZ/wv4EI0Vu5N6NKJ77ZYVnDe69Zug= cloud.google.com/go/networkconnectivity v1.14.4/go.mod h1:PU12q++/IMnDJAB+3r+tJtuCXCfwfN+C6Niyj6ji1Po= cloud.google.com/go/networkconnectivity v1.14.6/go.mod h1:/azB7+oCSmyBs74Z26EogZ2N3UcXxdCHkCPcz8G32bU= cloud.google.com/go/networkconnectivity v1.14.8/go.mod h1:QQ/XTMk7U5fzv1cVNUCQJEjpkVEE+nYOK7mg3hVTuiI= cloud.google.com/go/networkconnectivity v1.15.1/go.mod h1:tYAcT4Ahvq+BiePXL/slYipf/8FF0oNJw3MqFhBnSPI= cloud.google.com/go/networkconnectivity v1.17.1/go.mod h1:DTZCq8POTkHgAlOAAEDQF3cMEr/B9k1ZbpklqvHEBtg= cloud.google.com/go/networkmanagement v1.9.1/go.mod h1:CCSYgrQQvW73EJawO2QamemYcOb57LvrDdDU51F0mcI= cloud.google.com/go/networkmanagement v1.9.4/go.mod h1:daWJAl0KTFytFL7ar33I6R/oNBH8eEOX/rBNHrC/8TA= cloud.google.com/go/networkmanagement v1.13.2/go.mod h1:24VrV/5HFIOXMEtVQEUoB4m/w8UWvUPAYjfnYZcBc4c= cloud.google.com/go/networkmanagement v1.13.4/go.mod h1:dGTeJfDPQv0yGDt6gncj4XAPwxktjpCn5ZxQajStW8g= cloud.google.com/go/networkmanagement v1.14.1/go.mod h1:3Ds8FZ3ZHjTVEedsBoZi9ef9haTE14iS6swTSqM39SI= cloud.google.com/go/networkmanagement v1.19.1/go.mod h1:icgk265dNnilxQzpr6rO9WuAuuCmUOqq9H6WBeM2Af4= cloud.google.com/go/networksecurity v0.9.2/go.mod h1:jG0SeAttWzPMUILEHDUvFYdQTl8L/E/KC8iZDj85lEI= cloud.google.com/go/networksecurity v0.9.5/go.mod h1:KNkjH/RsylSGyyZ8wXpue8xpCEK+bTtvof8SBfIhMG8= cloud.google.com/go/networksecurity v0.9.7/go.mod h1:aB6UiPnh/l32+TRvgTeOxVRVAHAFFqvK+ll3idU5BoY= cloud.google.com/go/networksecurity v0.9.9/go.mod h1:aLS+6sLeZkMhLx9ntTMJG4qWHdvDPctqMOb6ggz9m5s= cloud.google.com/go/networksecurity v0.10.1/go.mod h1:tatO1hYJ9nNChLHOFdsjex5FeqZBlPQgKdKOex7REpU= cloud.google.com/go/networksecurity v0.10.6/go.mod h1:FTZvabFPvK2kR/MRIH3l/OoQ/i53eSix2KA1vhBMJec= cloud.google.com/go/notebooks v1.10.1/go.mod h1:5PdJc2SgAybE76kFQCWrTfJolCOUQXF97e+gteUUA6A= cloud.google.com/go/notebooks v1.11.3/go.mod h1:0wQyI2dQC3AZyQqWnRsp+yA+kY4gC7ZIVP4Qg3AQcgo= cloud.google.com/go/notebooks v1.11.5/go.mod h1:pz6P8l2TvhWqAW3sysIsS0g2IUJKOzEklsjWJfi8sd4= cloud.google.com/go/notebooks v1.11.7/go.mod h1:lTjloYceMboZanBFC/JSZYet/K+JuO0mLAXVVhb/6bQ= cloud.google.com/go/notebooks v1.12.1/go.mod h1:RJCyRkLjj8UnvLEKaDl9S6//xUCa+r+d/AsxZnYBl50= cloud.google.com/go/notebooks v1.12.6/go.mod h1:3Z4TMEqAKP3pu6DI/U+aEXrNJw9hGZIVbp+l3zw8EuA= cloud.google.com/go/optimization v1.5.1/go.mod h1:NC0gnUD5MWVAF7XLdoYVPmYYVth93Q6BUzqAq3ZwtV8= cloud.google.com/go/optimization v1.6.3/go.mod h1:8ve3svp3W6NFcAEFr4SfJxrldzhUl4VMUJmhrqVKtYA= cloud.google.com/go/optimization v1.6.5/go.mod h1:eiJjNge1NqqLYyY75AtIGeQWKO0cvzD1ct/moCFaP2Q= cloud.google.com/go/optimization v1.6.7/go.mod h1:FREForRqqjTsJbElYyWSgb54WXUzTMTRyjVT+Tl80v8= cloud.google.com/go/optimization v1.7.1/go.mod h1:s2AjwwQEv6uExFmgS4Bf1gidI07w7jCzvvs8exqR1yk= cloud.google.com/go/optimization v1.7.6/go.mod h1:4MeQslrSJGv+FY4rg0hnZBR/tBX2awJ1gXYp6jZpsYY= cloud.google.com/go/orchestration v1.8.2/go.mod h1:T1cP+6WyTmh6LSZzeUhvGf0uZVmJyTx7t8z7Vg87+A0= cloud.google.com/go/orchestration v1.8.5/go.mod h1:C1J7HesE96Ba8/hZ71ISTV2UAat0bwN+pi85ky38Yq8= cloud.google.com/go/orchestration v1.9.2/go.mod h1:8bGNigqCQb/O1kK7PeStSNlyi58rQvZqDiuXT9KAcbg= cloud.google.com/go/orchestration v1.9.4/go.mod h1:jk5hczI8Tciq+WCkN32GpjWJs67GSmAA0XHFUlELJLw= cloud.google.com/go/orchestration v1.11.0/go.mod h1:s3L89jinQaUHclqgWYw8JhBbzGSidVt5rVBxGrXeheI= cloud.google.com/go/orchestration v1.11.9/go.mod h1:KKXK67ROQaPt7AxUS1V/iK0Gs8yabn3bzJ1cLHw4XBg= cloud.google.com/go/orgpolicy v1.11.2/go.mod h1:biRDpNwfyytYnmCRWZWxrKF22Nkz9eNVj9zyaBdpm1o= cloud.google.com/go/orgpolicy v1.12.1/go.mod h1:aibX78RDl5pcK3jA8ysDQCFkVxLj3aOQqrbBaUL2V5I= cloud.google.com/go/orgpolicy v1.12.3/go.mod h1:6BOgIgFjWfJzTsVcib/4QNHOAeOjCdaBj69aJVs//MA= cloud.google.com/go/orgpolicy v1.12.5/go.mod h1:f778/jOHKp6cP6NbbQgjy4SDfQf6BoVGiSWdxky3ONQ= cloud.google.com/go/orgpolicy v1.14.0/go.mod h1:S6Pveh1JOxpSbs6+2ToJG7h3HwqC6Uf1YQ6JYG7wdM8= cloud.google.com/go/orgpolicy v1.15.0/go.mod h1:NTQLwgS8N5cJtdfK55tAnMGtvPSsy95JJhESwYHaJVs= cloud.google.com/go/osconfig v1.12.2/go.mod h1:eh9GPaMZpI6mEJEuhEjUJmaxvQ3gav+fFEJon1Y8Iw0= cloud.google.com/go/osconfig v1.12.5/go.mod h1:D9QFdxzfjgw3h/+ZaAb5NypM8bhOMqBzgmbhzWViiW8= cloud.google.com/go/osconfig v1.12.7/go.mod h1:ID7Lbqr0fiihKMwAOoPomWRqsZYKWxfiuafNZ9j1Y1M= cloud.google.com/go/osconfig v1.13.0/go.mod h1:tlACnQi1rtSLnHRYzfw9SH9zXs0M7S1jqiW2EOCn2Y0= cloud.google.com/go/osconfig v1.14.1/go.mod h1:Rk62nyQscgy8x4bICaTn0iWiip5EpwEfG2UCBa2TP/s= cloud.google.com/go/osconfig v1.14.6/go.mod h1:LS39HDBH0IJDFgOUkhSZUHFQzmcWaCpYXLrc3A4CVzI= cloud.google.com/go/oslogin v1.11.1/go.mod h1:OhD2icArCVNUxKqtK0mcSmKL7lgr0LVlQz+v9s1ujTg= cloud.google.com/go/oslogin v1.13.1/go.mod h1:vS8Sr/jR7QvPWpCjNqy6LYZr5Zs1e8ZGW/KPn9gmhws= cloud.google.com/go/oslogin v1.13.3/go.mod h1:WW7Rs1OJQ1iSUckZDilvNBSNPE8on740zF+4ZDR4o8U= cloud.google.com/go/oslogin v1.13.5/go.mod h1:V+QzBAbZBZJq9CmTyzKrh3rpMiWIr1OBn6RL4mMVWXI= cloud.google.com/go/oslogin v1.14.1/go.mod h1:mM/isJYnohyD3EfM12Fhy8uye46gxA1WjHRCwbkmlVw= cloud.google.com/go/oslogin v1.14.6/go.mod h1:xEvcRZTkMXHfNSKdZ8adxD6wvRzeyAq3cQX3F3kbMRw= cloud.google.com/go/phishingprotection v0.8.2/go.mod h1:LhJ91uyVHEYKSKcMGhOa14zMMWfbEdxG032oT6ECbC8= cloud.google.com/go/phishingprotection v0.8.5/go.mod h1:g1smd68F7mF1hgQPuYn3z8HDbNre8L6Z0b7XMYFmX7I= cloud.google.com/go/phishingprotection v0.8.7/go.mod h1:FtYaOyGc/HQQU7wY4sfwYZBFDKAL+YtVBjUj8E3A3/I= cloud.google.com/go/phishingprotection v0.8.9/go.mod h1:xNojFKIdq+hNGNpOZOEGVGA4Mdhm2yByMli2Ni/RV0w= cloud.google.com/go/phishingprotection v0.9.1/go.mod h1:LRiflQnCpYKCMhsmhNB3hDbW+AzQIojXYr6q5+5eRQk= cloud.google.com/go/phishingprotection v0.9.6/go.mod h1:VmuGg03DCI0wRp/FLSvNyjFj+J8V7+uITgHjCD/x4RQ= cloud.google.com/go/policytroubleshooter v1.9.1/go.mod h1:MYI8i0bCrL8cW+VHN1PoiBTyNZTstCg2WUw2eVC4c4U= cloud.google.com/go/policytroubleshooter v1.10.3/go.mod h1:+ZqG3agHT7WPb4EBIRqUv4OyIwRTZvsVDHZ8GlZaoxk= cloud.google.com/go/policytroubleshooter v1.10.5/go.mod h1:bpOf94YxjWUqsVKokzPBibMSAx937Jp2UNGVoMAtGYI= cloud.google.com/go/policytroubleshooter v1.10.7/go.mod h1:/JxxZOSCT8nASvH/SP4Bj81EnDFwZhFThG7mgVWIoPY= cloud.google.com/go/policytroubleshooter v1.11.1/go.mod h1:9nJIpgQ2vloJbB8y1JkPL5vxtaSdJnJYPCUvt6PpfRs= cloud.google.com/go/policytroubleshooter v1.11.6/go.mod h1:jdjYGIveoYolk38Dm2JjS5mPkn8IjVqPsDHccTMu3mY= cloud.google.com/go/privatecatalog v0.9.2/go.mod h1:RMA4ATa8IXfzvjrhhK8J6H4wwcztab+oZph3c6WmtFc= cloud.google.com/go/privatecatalog v0.9.5/go.mod h1:fVWeBOVe7uj2n3kWRGlUQqR/pOd450J9yZoOECcQqJk= cloud.google.com/go/privatecatalog v0.9.7/go.mod h1:NWLa8MCL6NkRSt8jhL8Goy2A/oHkvkeAxiA0gv0rIXI= cloud.google.com/go/privatecatalog v0.9.9/go.mod h1:attFfOEf8ECrCuCdT3WYY8wyMKRZt4iB1bEWYFzPn50= cloud.google.com/go/privatecatalog v0.10.1/go.mod h1:mFmn5bjE9J8MEjQuu1fOc4AxOP2MoEwDLMJk04xqQCQ= cloud.google.com/go/privatecatalog v0.10.7/go.mod h1:Fo/PF/B6m4A9vUYt0nEF1xd0U6Kk19/Je3eZGrQ6l60= cloud.google.com/go/pubsub v1.33.0/go.mod h1:f+w71I33OMyxf9VpMVcZbnG5KSUkCOUHYpFd5U1GdRc= cloud.google.com/go/pubsub v1.36.1/go.mod h1:iYjCa9EzWOoBiTdd4ps7QoMtMln5NwaZQpK1hbRfBDE= cloud.google.com/go/pubsub v1.37.0/go.mod h1:YQOQr1uiUM092EXwKs56OPT650nwnawc+8/IjoUeGzQ= cloud.google.com/go/pubsub v1.40.0/go.mod h1:BVJI4sI2FyXp36KFKvFwcfDRDfR8MiLT8mMhmIhdAeA= cloud.google.com/go/pubsub v1.44.0/go.mod h1:BD4a/kmE8OePyHoa1qAHEw1rMzXX+Pc8Se54T/8mc3I= cloud.google.com/go/pubsub v1.49.0/go.mod h1:K1FswTWP+C1tI/nfi3HQecoVeFvL4HUOB1tdaNXKhUY= cloud.google.com/go/pubsublite v1.8.1/go.mod h1:fOLdU4f5xldK4RGJrBMm+J7zMWNj/k4PxwEZXy39QS0= cloud.google.com/go/pubsublite v1.8.2/go.mod h1:4r8GSa9NznExjuLPEJlF1VjOPOpgf3IT6k8x/YgaOPI= cloud.google.com/go/recaptchaenterprise/v2 v2.8.1/go.mod h1:JZYZJOeZjgSSTGP4uz7NlQ4/d1w5hGmksVgM0lbEij0= cloud.google.com/go/recaptchaenterprise/v2 v2.9.2/go.mod h1:trwwGkfhCmp05Ll5MSJPXY7yvnO0p4v3orGANAFHAuU= cloud.google.com/go/recaptchaenterprise/v2 v2.13.0/go.mod h1:jNYyn2ScR4DTg+VNhjhv/vJQdaU8qz+NpmpIzEE7HFQ= cloud.google.com/go/recaptchaenterprise/v2 v2.14.0/go.mod h1:pwC/eCyXq37YV3NSaiJsfOmuoTDkzURnVKAWGSkjDUY= cloud.google.com/go/recaptchaenterprise/v2 v2.17.2/go.mod h1:iigNZOnUpf++xlm8RdMZJTX/PihYVMrHidRLjHuekec= cloud.google.com/go/recaptchaenterprise/v2 v2.20.4/go.mod h1:3H8nb8j8N7Ss2eJ+zr+/H7gyorfzcxiDEtVBDvDjwDQ= cloud.google.com/go/recommendationengine v0.8.2/go.mod h1:QIybYHPK58qir9CV2ix/re/M//Ty10OxjnnhWdaKS1Y= cloud.google.com/go/recommendationengine v0.8.5/go.mod h1:A38rIXHGFvoPvmy6pZLozr0g59NRNREz4cx7F58HAsQ= cloud.google.com/go/recommendationengine v0.8.7/go.mod h1:YsUIbweUcpm46OzpVEsV5/z+kjuV6GzMxl7OAKIGgKE= cloud.google.com/go/recommendationengine v0.8.9/go.mod h1:QgE5f6s20QhCXf4UR9KMI/Q6Spykd2zEYXX2oBz6Cbs= cloud.google.com/go/recommendationengine v0.9.1/go.mod h1:FfWa3OnsnDab4unvTZM2VJmvoeGn1tnntF3n+vmfyzU= cloud.google.com/go/recommendationengine v0.9.6/go.mod h1:nZnjKJu1vvoxbmuRvLB5NwGuh6cDMMQdOLXTnkukUOE= cloud.google.com/go/recommender v1.11.1/go.mod h1:sGwFFAyI57v2Hc5LbIj+lTwXipGu9NW015rkaEM5B18= cloud.google.com/go/recommender v1.12.1/go.mod h1:gf95SInWNND5aPas3yjwl0I572dtudMhMIG4ni8nr+0= cloud.google.com/go/recommender v1.12.3/go.mod h1:OgN0MjV7/6FZUUPgF2QPQtYErtZdZc4u+5onvurcGEI= cloud.google.com/go/recommender v1.12.5/go.mod h1:ggh5JNuG5ajpRqqcEkgni/DjpS7x12ktO+Edu8bmCJM= cloud.google.com/go/recommender v1.13.1/go.mod h1:l+n8rNMC6jZacckzLvVG/2LzKawlwAJYNO8Vl2pBlxc= cloud.google.com/go/recommender v1.13.5/go.mod h1:v7x/fzk38oC62TsN5Qkdpn0eoMBh610UgArJtDIgH/E= cloud.google.com/go/redis v1.13.2/go.mod h1:0Hg7pCMXS9uz02q+LoEVl5dNHUkIQv+C/3L76fandSA= cloud.google.com/go/redis v1.14.2/go.mod h1:g0Lu7RRRz46ENdFKQ2EcQZBAJ2PtJHJLuiiRuEXwyQw= cloud.google.com/go/redis v1.14.4/go.mod h1:EnHDflqTNQmCBPCN4FQPZdM28vLdweAgxe6avAZpqug= cloud.google.com/go/redis v1.16.2/go.mod h1:bn/4nXSZkoH4QTXRjqWR2AZ0WA1b13ct354nul2SSiU= cloud.google.com/go/redis v1.17.1/go.mod h1:YJHeYfSoW/agIMeCvM5rszxu75mVh5DOhbu3AEZEIQM= cloud.google.com/go/redis v1.18.2/go.mod h1:q6mPRhLiR2uLf584Lcl4tsiRn0xiFlu6fnJLwCORMtY= cloud.google.com/go/resourcemanager v1.9.2/go.mod h1:OujkBg1UZg5lX2yIyMo5Vz9O5hf7XQOSV7WxqxxMtQE= cloud.google.com/go/resourcemanager v1.9.5/go.mod h1:hep6KjelHA+ToEjOfO3garMKi/CLYwTqeAw7YiEI9x8= cloud.google.com/go/resourcemanager v1.9.7/go.mod h1:cQH6lJwESufxEu6KepsoNAsjrUtYYNXRwxm4QFE5g8A= cloud.google.com/go/resourcemanager v1.9.9/go.mod h1:vCBRKurJv+XVvRZ0XFhI/eBrBM7uBOPFjMEwSDMIflY= cloud.google.com/go/resourcemanager v1.10.1/go.mod h1:A/ANV/Sv7y7fcjd4LSH7PJGTZcWRkO/69yN5UhYUmvE= cloud.google.com/go/resourcemanager v1.10.6/go.mod h1:VqMoDQ03W4yZmxzLPrB+RuAoVkHDS5tFUUQUhOtnRTg= cloud.google.com/go/resourcesettings v1.6.2/go.mod h1:mJIEDd9MobzunWMeniaMp6tzg4I2GvD3TTmPkc8vBXk= cloud.google.com/go/resourcesettings v1.6.5/go.mod h1:WBOIWZraXZOGAgoR4ukNj0o0HiSMO62H9RpFi9WjP9I= cloud.google.com/go/resourcesettings v1.6.7/go.mod h1:zwRL5ZoNszs1W6+eJYMk6ILzgfnTj13qfU4Wvfupuqk= cloud.google.com/go/resourcesettings v1.7.2/go.mod h1:mNdB5Wl9/oVr9Da3OrEstSyXCT949ignvO6ZrmYdmGU= cloud.google.com/go/resourcesettings v1.8.1/go.mod h1:6V87tIXUpvJMskim6YUa+TRDTm7v6OH8FxLOIRYosl4= cloud.google.com/go/resourcesettings v1.8.3/go.mod h1:BzgfXFHIWOOmHe6ZV9+r3OWfpHJgnqXy8jqwx4zTMLw= cloud.google.com/go/retail v1.14.2/go.mod h1:W7rrNRChAEChX336QF7bnMxbsjugcOCPU44i5kbLiL8= cloud.google.com/go/retail v1.16.0/go.mod h1:LW7tllVveZo4ReWt68VnldZFWJRzsh9np+01J9dYWzE= cloud.google.com/go/retail v1.16.2/go.mod h1:T7UcBh4/eoxRBpP3vwZCoa+PYA9/qWRTmOCsV8DRdZ0= cloud.google.com/go/retail v1.17.2/go.mod h1:Ad6D8tkDZatI1X7szhhYWiatZmH6nSUfZ3WeCECyA0E= cloud.google.com/go/retail v1.19.0/go.mod h1:QMhO+nkvN6Mns1lu6VXmteY0I3mhwPj9bOskn6PK5aY= cloud.google.com/go/retail v1.21.0/go.mod h1:LuG+QvBdLfKfO+7nnF3eA3l1j4TQw3Sg+UqlUorquRc= cloud.google.com/go/run v1.3.1/go.mod h1:cymddtZOzdwLIAsmS6s+Asl4JoXIDm/K1cpZTxV4Q5s= cloud.google.com/go/run v1.3.4/go.mod h1:FGieuZvQ3tj1e9GnzXqrMABSuir38AJg5xhiYq+SF3o= cloud.google.com/go/run v1.3.7/go.mod h1:iEUflDx4Js+wK0NzF5o7hE9Dj7QqJKnRj0/b6rhVq20= cloud.google.com/go/run v1.3.9/go.mod h1:Ep/xsiUt5ZOwNptGl1FBlHb+asAgqB+9RDJKBa/c1mI= cloud.google.com/go/run v1.6.0/go.mod h1:DXkPPa8bZ0jfRGLT+EKIlPbHvosBYBMdxTgo9EBbXZE= cloud.google.com/go/run v1.10.0/go.mod h1:z7/ZidaHOCjdn5dV0eojRbD+p8RczMk3A7Qi2L+koHg= cloud.google.com/go/scheduler v1.10.2/go.mod h1:O3jX6HRH5eKCA3FutMw375XHZJudNIKVonSCHv7ropY= cloud.google.com/go/scheduler v1.10.6/go.mod h1:pe2pNCtJ+R01E06XCDOJs1XvAMbv28ZsQEbqknxGOuE= cloud.google.com/go/scheduler v1.10.8/go.mod h1:0YXHjROF1f5qTMvGTm4o7GH1PGAcmu/H/7J7cHOiHl0= cloud.google.com/go/scheduler v1.10.10/go.mod h1:nOLkchaee8EY0g73hpv613pfnrZwn/dU2URYjJbRLR0= cloud.google.com/go/scheduler v1.11.1/go.mod h1:ptS76q0oOS8hCHOH4Fb/y8YunPEN8emaDdtw0D7W1VE= cloud.google.com/go/scheduler v1.11.7/go.mod h1:gqYs8ndLx2M5D0oMJh48aGS630YYvC432tHCnVWN13s= cloud.google.com/go/secretmanager v1.11.2/go.mod h1:MQm4t3deoSub7+WNwiC4/tRYgDBHJgJPvswqQVB1Vss= cloud.google.com/go/secretmanager v1.11.5/go.mod h1:eAGv+DaCHkeVyQi0BeXgAHOU0RdrMeZIASKc+S7VqH4= cloud.google.com/go/secretmanager v1.13.0/go.mod h1:yWdfNmM2sLIiyv6RM6VqWKeBV7CdS0SO3ybxJJRhBEs= cloud.google.com/go/secretmanager v1.13.3/go.mod h1:e45+CxK0w6GaL4hS+KabgQskl4RdSS30b+HRf0TH0kk= cloud.google.com/go/secretmanager v1.14.1/go.mod h1:L+gO+u2JA9CCyXpSR8gDH0o8EV7i/f0jdBOrUXcIV0U= cloud.google.com/go/secretmanager v1.14.7/go.mod h1:uRuB4F6NTFbg0vLQ6HsT7PSsfbY7FqHbtJP1J94qxGc= cloud.google.com/go/security v1.15.2/go.mod h1:2GVE/v1oixIRHDaClVbHuPcZwAqFM28mXuAKCfMgYIg= cloud.google.com/go/security v1.15.5/go.mod h1:KS6X2eG3ynWjqcIX976fuToN5juVkF6Ra6c7MPnldtc= cloud.google.com/go/security v1.16.1/go.mod h1:UoF8QXvvJlV9ORs4YW/izW5GmDQtFUoq2P6TJgPlif8= cloud.google.com/go/security v1.17.2/go.mod h1:6eqX/AgDw56KwguEBfFNiNQ+Vzi+V6+GopklexYuJ0U= cloud.google.com/go/security v1.18.1/go.mod h1:5P1q9rqwt0HuVeL9p61pTqQ6Lgio1c64jL2ZMWZV21Y= cloud.google.com/go/security v1.18.5/go.mod h1:D1wuUkDwGqTKD0Nv7d4Fn2Dc53POJSmO4tlg1K1iS7s= cloud.google.com/go/securitycenter v1.23.1/go.mod h1:w2HV3Mv/yKhbXKwOCu2i8bCuLtNP1IMHuiYQn4HJq5s= cloud.google.com/go/securitycenter v1.24.4/go.mod h1:PSccin+o1EMYKcFQzz9HMMnZ2r9+7jbc+LvPjXhpwcU= cloud.google.com/go/securitycenter v1.30.0/go.mod h1:/tmosjS/dfTnzJxOzZhTXdX3MXWsCmPWfcYOgkJmaJk= cloud.google.com/go/securitycenter v1.32.0/go.mod h1:s1dN6hM6HZyzUyJrqBoGvhxR/GecT5u48sidMIgDxTo= cloud.google.com/go/securitycenter v1.35.1/go.mod h1:UDeknPuHWi15TaxrJCIv3aN1VDTz9nqWVUmW2vGayTo= cloud.google.com/go/securitycenter v1.36.2/go.mod h1:80ocoXS4SNWxmpqeEPhttYrmlQzCPVGaPzL3wVcoJvE= cloud.google.com/go/servicecontrol v1.11.1/go.mod h1:aSnNNlwEFBY+PWGQ2DoM0JJ/QUXqV5/ZD9DOLB7SnUk= cloud.google.com/go/servicedirectory v1.11.1/go.mod h1:tJywXimEWzNzw9FvtNjsQxxJ3/41jseeILgwU/QLrGI= cloud.google.com/go/servicedirectory v1.11.4/go.mod h1:Bz2T9t+/Ehg6x+Y7Ycq5xiShYLD96NfEsWNHyitj1qM= cloud.google.com/go/servicedirectory v1.11.6/go.mod h1:peVGYNc1xArhcqSuhPP+NXp8kdl22XhB5E8IiNBNfZY= cloud.google.com/go/servicedirectory v1.11.9/go.mod h1:qiDNuIS2qxuuroSmPNuXWxoFMvsEudKXP62Wos24BsU= cloud.google.com/go/servicedirectory v1.12.1/go.mod h1:d2H6joDMjnTQ4cUUCZn6k9NgZFbXjLVJbHETjoJR9k0= cloud.google.com/go/servicedirectory v1.12.6/go.mod h1:OojC1KhOMDYC45oyTn3Mup08FY/S0Kj7I58dxUMMTpg= cloud.google.com/go/servicemanagement v1.8.0/go.mod h1:MSS2TDlIEQD/fzsSGfCdJItQveu9NXnUniTrq/L8LK4= cloud.google.com/go/serviceusage v1.6.0/go.mod h1:R5wwQcbOWsyuOfbP9tGdAnCAc6B9DRwPG1xtWMDeuPA= cloud.google.com/go/shell v1.7.2/go.mod h1:KqRPKwBV0UyLickMn0+BY1qIyE98kKyI216sH/TuHmc= cloud.google.com/go/shell v1.7.5/go.mod h1:hL2++7F47/IfpfTO53KYf1EC+F56k3ThfNEXd4zcuiE= cloud.google.com/go/shell v1.7.7/go.mod h1:7OYaMm3TFMSZBh8+QYw6Qef+fdklp7CjjpxYAoJpZbQ= cloud.google.com/go/shell v1.7.9/go.mod h1:h3wVC6qaQ1nIlSWMasl1e/uwmepVbZpjSk/Bn7ZafSc= cloud.google.com/go/shell v1.8.1/go.mod h1:jaU7OHeldDhTwgs3+clM0KYEDYnBAPevUI6wNLf7ycE= cloud.google.com/go/shell v1.8.6/go.mod h1:GNbTWf1QA/eEtYa+kWSr+ef/XTCDkUzRpV3JPw0LqSk= cloud.google.com/go/spanner v1.50.0/go.mod h1:eGj9mQGK8+hkgSVbHNQ06pQ4oS+cyc4tXXd6Dif1KoM= cloud.google.com/go/spanner v1.56.0/go.mod h1:DndqtUKQAt3VLuV2Le+9Y3WTnq5cNKrnLb/Piqcj+h0= cloud.google.com/go/spanner v1.61.0/go.mod h1:+hdNE+zL7EWNfOWRetw01jxz8H5qsE/ayZvF/pfrAl8= cloud.google.com/go/spanner v1.64.0/go.mod h1:TOFx3pb2UwPsDGlE1gTehW+y6YlU4IFk+VdDHSGQS/M= cloud.google.com/go/spanner v1.70.0/go.mod h1:X5T0XftydYp0K1adeJQDJtdWpbrOeJ7wHecM4tK6FiE= cloud.google.com/go/spanner v1.82.0/go.mod h1:BzybQHFQ/NqGxvE/M+/iU29xgutJf7Q85/4U9RWMto0= cloud.google.com/go/speech v1.19.1/go.mod h1:WcuaWz/3hOlzPFOVo9DUsblMIHwxP589y6ZMtaG+iAA= cloud.google.com/go/speech v1.21.1/go.mod h1:E5GHZXYQlkqWQwY5xRSLHw2ci5NMQNG52FfMU1aZrIA= cloud.google.com/go/speech v1.23.1/go.mod h1:UNgzNxhNBuo/OxpF1rMhA/U2rdai7ILL6PBXFs70wq0= cloud.google.com/go/speech v1.23.3/go.mod h1:u7tK/jxhzRZwZ5Nujhau7iLI3+VfJKYhpoZTjU7hRsE= cloud.google.com/go/speech v1.25.1/go.mod h1:WgQghvghkZ1htG6BhYn98mP7Tg0mti8dBFDLMVXH/vM= cloud.google.com/go/speech v1.27.1/go.mod h1:efCfklHFL4Flxcdt9gpEMEJh9MupaBzw3QiSOVeJ6ck= cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo= cloud.google.com/go/storage v1.30.1/go.mod h1:NfxhC0UJE1aXSx7CIIbCf7y9HKT7BiccwkR7+P7gN8E= cloud.google.com/go/storage v1.35.1/go.mod h1:M6M/3V/D3KpzMTJyPOR/HU6n2Si5QdaXYEsng2xgOs8= cloud.google.com/go/storage v1.39.1/go.mod h1:xK6xZmxZmo+fyP7+DEF6FhNc24/JAe95OLyOHCXFH1o= cloud.google.com/go/storage v1.40.0/go.mod h1:Rrj7/hKlG87BLqDJYtwR0fbPld8uJPbQ2ucUMY7Ir0g= cloud.google.com/go/storage v1.41.0/go.mod h1:J1WCa/Z2FcgdEDuPUY8DxT5I+d9mFKsCepp5vR6Sq80= cloud.google.com/go/storage v1.42.0/go.mod h1:HjMXRFq65pGKFn6hxj6x3HCyR41uSB72Z0SO/Vn6JFQ= cloud.google.com/go/storage v1.43.0/go.mod h1:ajvxEa7WmZS1PxvKRq4bq0tFT3vMd502JwstCcYv0Q0= cloud.google.com/go/storage v1.50.0/go.mod h1:l7XeiD//vx5lfqE3RavfmU9yvk5Pp0Zhcv482poyafY= cloud.google.com/go/storage v1.53.0/go.mod h1:7/eO2a/srr9ImZW9k5uufcNahT2+fPb8w5it1i5boaA= cloud.google.com/go/storagetransfer v1.10.1/go.mod h1:rS7Sy0BtPviWYTTJVWCSV4QrbBitgPeuK4/FKa4IdLs= cloud.google.com/go/storagetransfer v1.10.4/go.mod h1:vef30rZKu5HSEf/x1tK3WfWrL0XVoUQN/EPDRGPzjZs= cloud.google.com/go/storagetransfer v1.10.6/go.mod h1:3sAgY1bx1TpIzfSzdvNGHrGYldeCTyGI/Rzk6Lc6A7w= cloud.google.com/go/storagetransfer v1.10.8/go.mod h1:fEGWYffkV9OYOKms8nxyJWIZA7iEWPl2Mybk6bpQnEk= cloud.google.com/go/storagetransfer v1.11.1/go.mod h1:xnJo9pWysRIha8MgZxhrBEwLYbEdvdmEedhNsP5NINM= cloud.google.com/go/storagetransfer v1.13.0/go.mod h1:+aov7guRxXBYgR3WCqedkyibbTICdQOiXOdpPcJCKl8= cloud.google.com/go/talent v1.6.3/go.mod h1:xoDO97Qd4AK43rGjJvyBHMskiEf3KulgYzcH6YWOVoo= cloud.google.com/go/talent v1.6.6/go.mod h1:y/WQDKrhVz12WagoarpAIyKKMeKGKHWPoReZ0g8tseQ= cloud.google.com/go/talent v1.6.8/go.mod h1:kqPAJvhxmhoUTuqxjjk2KqA8zUEeTDmH+qKztVubGlQ= cloud.google.com/go/talent v1.6.10/go.mod h1:q2/qIb2Eb2svmeBfkCGIia/NGmkcScdyYSyNNOgFRLI= cloud.google.com/go/talent v1.7.1/go.mod h1:X8UKtTgcP+h51MtDO/b+y3X1GxTTc7gPJ2y0aX3X1hM= cloud.google.com/go/talent v1.8.3/go.mod h1:oD3/BilJpJX8/ad8ZUAxlXHCslTg2YBbafFH3ciZSLQ= cloud.google.com/go/texttospeech v1.7.2/go.mod h1:VYPT6aTOEl3herQjFHYErTlSZJ4vB00Q2ZTmuVgluD4= cloud.google.com/go/texttospeech v1.7.5/go.mod h1:tzpCuNWPwrNJnEa4Pu5taALuZL4QRRLcb+K9pbhXT6M= cloud.google.com/go/texttospeech v1.7.7/go.mod h1:XO4Wr2VzWHjzQpMe3gS58Oj68nmtXMyuuH+4t0wy9eA= cloud.google.com/go/texttospeech v1.7.9/go.mod h1:nuo7l7CVWUMvaTgswbn/hhn2Tv73/WbenqGyc236xpo= cloud.google.com/go/texttospeech v1.8.1/go.mod h1:WoTykB+4mfSDDYPuk7smrdXNRGoJJS6dXRR6l4XqD9g= cloud.google.com/go/texttospeech v1.13.0/go.mod h1:g/tW/m0VJnulGncDrAoad6WdELMTes8eb77Idz+4HCo= cloud.google.com/go/tpu v1.6.2/go.mod h1:NXh3NDwt71TsPZdtGWgAG5ThDfGd32X1mJ2cMaRlVgU= cloud.google.com/go/tpu v1.6.5/go.mod h1:P9DFOEBIBhuEcZhXi+wPoVy/cji+0ICFi4TtTkMHSSs= cloud.google.com/go/tpu v1.6.7/go.mod h1:o8qxg7/Jgt7TCgZc3jNkd4kTsDwuYD3c4JTMqXZ36hU= cloud.google.com/go/tpu v1.6.9/go.mod h1:6C7Ed7Le5Y1vWGR+8lQWsh/gmqK6l53lgji0YXBU40o= cloud.google.com/go/tpu v1.7.1/go.mod h1:kgvyq1Z1yuBJSk5ihUaYxX58YMioCYg1UPuIHSxBX3M= cloud.google.com/go/tpu v1.8.3/go.mod h1:Do6Gq+/Jx6Xs3LcY2WhHyGwKDKVw++9jIJp+X+0rxRE= cloud.google.com/go/trace v1.10.2/go.mod h1:NPXemMi6MToRFcSxRl2uDnu/qAlAQ3oULUphcHGh1vA= cloud.google.com/go/trace v1.10.5/go.mod h1:9hjCV1nGBCtXbAE4YK7OqJ8pmPYSxPA0I67JwRd5s3M= cloud.google.com/go/trace v1.10.7/go.mod h1:qk3eiKmZX0ar2dzIJN/3QhY2PIFh1eqcIdaN5uEjQPM= cloud.google.com/go/trace v1.10.9/go.mod h1:vtWRnvEh+d8h2xljwxVwsdxxpoWZkxcNYnJF3FuJUV8= cloud.google.com/go/trace v1.11.1/go.mod h1:IQKNQuBzH72EGaXEodKlNJrWykGZxet2zgjtS60OtjA= cloud.google.com/go/trace v1.11.6/go.mod h1:GA855OeDEBiBMzcckLPE2kDunIpC72N+Pq8WFieFjnI= cloud.google.com/go/translate v1.9.1/go.mod h1:TWIgDZknq2+JD4iRcojgeDtqGEp154HN/uL6hMvylS8= cloud.google.com/go/translate v1.10.1/go.mod h1:adGZcQNom/3ogU65N9UXHOnnSvjPwA/jKQUMnsYXOyk= cloud.google.com/go/translate v1.10.3/go.mod h1:GW0vC1qvPtd3pgtypCv4k4U8B7EdgK9/QEF2aJEUovs= cloud.google.com/go/translate v1.10.5/go.mod h1:n9fFca4U/EKr2GzJKrnQXemlYhfo1mT1nSt7Rt4l/VA= cloud.google.com/go/translate v1.12.1/go.mod h1:5f4RvC7/hh76qSl6LYuqOJaKbIzEpR1Sj+CMA6gSgIk= cloud.google.com/go/translate v1.12.5/go.mod h1:o/v+QG/bdtBV1d1edmtau0PwTfActvxPk/gtqdSDBi4= cloud.google.com/go/video v1.20.1/go.mod h1:3gJS+iDprnj8SY6pe0SwLeC5BUW80NjhwX7INWEuWGU= cloud.google.com/go/video v1.20.4/go.mod h1:LyUVjyW+Bwj7dh3UJnUGZfyqjEto9DnrvTe1f/+QrW0= cloud.google.com/go/video v1.20.6/go.mod h1:d5AOlIfWXpDg15wvztHmjFvKTTImWJU7EnMVWkoiEAk= cloud.google.com/go/video v1.21.2/go.mod h1:UNXGQj3Hdyb70uaF9JeeM8Y8BAmAzLEMSWmyBKY2iVM= cloud.google.com/go/video v1.23.1/go.mod h1:ncFS3D2plMLhXkWkob/bH4bxQkubrpAlln5x7RWluXA= cloud.google.com/go/video v1.24.0/go.mod h1:h6Bw4yUbGNEa9dH4qMtUMnj6cEf+OyOv/f2tb70G6Fk= cloud.google.com/go/videointelligence v1.11.2/go.mod h1:ocfIGYtIVmIcWk1DsSGOoDiXca4vaZQII1C85qtoplc= cloud.google.com/go/videointelligence v1.11.5/go.mod h1:/PkeQjpRponmOerPeJxNPuxvi12HlW7Em0lJO14FC3I= cloud.google.com/go/videointelligence v1.11.7/go.mod h1:iMCXbfjurmBVgKuyLedTzv90kcnppOJ6ttb0+rLDID0= cloud.google.com/go/videointelligence v1.11.9/go.mod h1:Mv0dgb6U12BfBRPj39nM/7gcAFS1+VVGpTiyMJ/ShPo= cloud.google.com/go/videointelligence v1.12.1/go.mod h1:C9bQom4KOeBl7IFPj+NiOS6WKEm1P6OOkF/ahFfE1Eg= cloud.google.com/go/videointelligence v1.12.6/go.mod h1:/l34WMndN5/bt04lHodxiYchLVuWPQjCU6SaiTswrIw= cloud.google.com/go/vision/v2 v2.7.3/go.mod h1:V0IcLCY7W+hpMKXK1JYE0LV5llEqVmj+UJChjvA1WsM= cloud.google.com/go/vision/v2 v2.8.0/go.mod h1:ocqDiA2j97pvgogdyhoxiQp2ZkDCyr0HWpicywGGRhU= cloud.google.com/go/vision/v2 v2.8.2/go.mod h1:BHZA1LC7dcHjSr9U9OVhxMtLKd5l2jKPzLRALEJvuaw= cloud.google.com/go/vision/v2 v2.8.4/go.mod h1:qlmeVbmCfPNuD1Kwa7/evqCJYoJ7WhiZ2XeVSYwiOaA= cloud.google.com/go/vision/v2 v2.9.1/go.mod h1:keORalKMowhEZB5hEWi1XSVnGALMjLlRwZbDiCPFuQY= cloud.google.com/go/vision/v2 v2.9.5/go.mod h1:1SiNZPpypqZDbOzU052ZYRiyKjwOcyqgGgqQCI/nlx8= cloud.google.com/go/vmmigration v1.7.2/go.mod h1:iA2hVj22sm2LLYXGPT1pB63mXHhrH1m/ruux9TwWLd8= cloud.google.com/go/vmmigration v1.7.5/go.mod h1:pkvO6huVnVWzkFioxSghZxIGcsstDvYiVCxQ9ZH3eYI= cloud.google.com/go/vmmigration v1.7.7/go.mod h1:qYIK5caZY3IDMXQK+A09dy81QU8qBW0/JDTc39OaKRw= cloud.google.com/go/vmmigration v1.7.9/go.mod h1:x5LQyAESUXsI7/QAQY6BV8xEjIrlkGI+S+oau/Sb0Gs= cloud.google.com/go/vmmigration v1.8.1/go.mod h1:MB7vpxl6Oz2w+CecyITUTDFkhWSMQmRTgREwkBZFyZk= cloud.google.com/go/vmmigration v1.8.6/go.mod h1:uZ6/KXmekwK3JmC8PzBM/cKQmq404TTfWtThF6bbf0U= cloud.google.com/go/vmwareengine v1.0.1/go.mod h1:aT3Xsm5sNx0QShk1Jc1B8OddrxAScYLwzVoaiXfdzzk= cloud.google.com/go/vmwareengine v1.1.1/go.mod h1:nMpdsIVkUrSaX8UvmnBhzVzG7PPvNYc5BszcvIVudYs= cloud.google.com/go/vmwareengine v1.1.3/go.mod h1:UoyF6LTdrIJRvDN8uUB8d0yimP5A5Ehkr1SRzL1APZw= cloud.google.com/go/vmwareengine v1.1.5/go.mod h1:Js6QbSeC1OgpyygalCrMj90wa93O3kFgcs/u1YzCKsU= cloud.google.com/go/vmwareengine v1.3.1/go.mod h1:mSYu3wnGKJqvvhIhs7VA47/A/kLoMiJz3gfQAh7cfaI= cloud.google.com/go/vmwareengine v1.3.5/go.mod h1:QuVu2/b/eo8zcIkxBYY5QSwiyEcAy6dInI7N+keI+Jg= cloud.google.com/go/vpcaccess v1.7.2/go.mod h1:mmg/MnRHv+3e8FJUjeSibVFvQF1cCy2MsFaFqxeY1HU= cloud.google.com/go/vpcaccess v1.7.5/go.mod h1:slc5ZRvvjP78c2dnL7m4l4R9GwL3wDLcpIWz6P/ziig= cloud.google.com/go/vpcaccess v1.7.7/go.mod h1:EzfSlgkoAnFWEMznZW0dVNvdjFjEW97vFlKk4VNBhwY= cloud.google.com/go/vpcaccess v1.7.9/go.mod h1:Y0BlcnG9yTkoM6IL6auBeKvVEXL4LmNIxzscekrn/uk= cloud.google.com/go/vpcaccess v1.8.1/go.mod h1:cWlLCpLOuMH8oaNmobaymgmLesasLd9w1isrKpiGwIc= cloud.google.com/go/vpcaccess v1.8.6/go.mod h1:61yymNplV1hAbo8+kBOFO7Vs+4ZHYI244rSFgmsHC6E= cloud.google.com/go/webrisk v1.9.2/go.mod h1:pY9kfDgAqxUpDBOrG4w8deLfhvJmejKB0qd/5uQIPBc= cloud.google.com/go/webrisk v1.9.5/go.mod h1:aako0Fzep1Q714cPEM5E+mtYX8/jsfegAuS8aivxy3U= cloud.google.com/go/webrisk v1.9.7/go.mod h1:7FkQtqcKLeNwXCdhthdXHIQNcFWPF/OubrlyRcLHNuQ= cloud.google.com/go/webrisk v1.9.9/go.mod h1:Wre67XdNQbt0LCBrvwVNBS5ORb8ssixq/u04CCZoO+k= cloud.google.com/go/webrisk v1.10.1/go.mod h1:VzmUIag5P6V71nVAuzc7Hu0VkIDKjDa543K7HOulH/k= cloud.google.com/go/webrisk v1.11.1/go.mod h1:+9SaepGg2lcp1p0pXuHyz3R2Yi2fHKKb4c1Q9y0qbtA= cloud.google.com/go/websecurityscanner v1.6.2/go.mod h1:7YgjuU5tun7Eg2kpKgGnDuEOXWIrh8x8lWrJT4zfmas= cloud.google.com/go/websecurityscanner v1.6.5/go.mod h1:QR+DWaxAz2pWooylsBF854/Ijvuoa3FCyS1zBa1rAVQ= cloud.google.com/go/websecurityscanner v1.6.7/go.mod h1:EpiW84G5KXxsjtFKK7fSMQNt8JcuLA8tQp7j0cyV458= cloud.google.com/go/websecurityscanner v1.6.9/go.mod h1:xrMxPiHB5iFxvc2tqbfUr6inPox6q6y7Wg0LTyZOKTw= cloud.google.com/go/websecurityscanner v1.7.1/go.mod h1:vAZ6hyqECDhgF+gyVRGzfXMrURQN5NH75Y9yW/7sSHU= cloud.google.com/go/websecurityscanner v1.7.6/go.mod h1:ucaaTO5JESFn5f2pjdX01wGbQ8D6h79KHrmO2uGZeiY= cloud.google.com/go/workflows v1.12.1/go.mod h1:5A95OhD/edtOhQd/O741NSfIMezNTbCwLM1P1tBRGHM= cloud.google.com/go/workflows v1.12.4/go.mod h1:yQ7HUqOkdJK4duVtMeBCAOPiN1ZF1E9pAMX51vpwB/w= cloud.google.com/go/workflows v1.12.6/go.mod h1:oDbEHKa4otYg4abwdw2Z094jB0TLLiFGAPA78EDAKag= cloud.google.com/go/workflows v1.12.8/go.mod h1:b7akG38W6lHmyPc+WYJxIYl1rEv79bBMYVwEZmp3aJQ= cloud.google.com/go/workflows v1.13.1/go.mod h1:xNdYtD6Sjoug+khNCAtBMK/rdh8qkjyL6aBas2XlkNc= cloud.google.com/go/workflows v1.14.2/go.mod h1:5nqKjMD+MsJs41sJhdVrETgvD5cOK3hUcAs8ygqYvXQ= dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= dario.cat/mergo v1.0.1/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= github.com/AdaLogics/go-fuzz-headers v0.0.0-20210715213245-6c3934b029d8/go.mod h1:CzsSbkDixRphAF5hS6wbMKq0eI6ccJRb7/A0M6JBnwg= github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8= github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0/go.mod h1:OahwfttHWG6eJ0clwcfBAHoDI6X/LV/15hx/wlMZSrU= github.com/Azure/azure-sdk-for-go v16.2.1+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go v56.3.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= github.com/Azure/go-ansiterm v0.0.0-20210608223527-2377c96fe795/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/Azure/go-autorest v10.8.1+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/Azure/go-autorest/autorest v0.11.1/go.mod h1:JFgpikqFJ/MleTTxwepExTKnFUKKszPS8UavbQYUMuw= github.com/Azure/go-autorest/autorest v0.11.18/go.mod h1:dSiJPy22c3u0OtOKDNttNgqpNFY/GeWa7GH/Pz56QRA= github.com/Azure/go-autorest/autorest v0.11.24/go.mod h1:G6kyRlFnTuSbEYkQGawPfsCswgme4iYf6rfSKUDzbCc= github.com/Azure/go-autorest/autorest/adal v0.9.0/go.mod h1:/c022QCutn2P7uY+/oQWWNcK9YU+MH96NgK+jErpbcg= github.com/Azure/go-autorest/autorest/adal v0.9.5/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A= github.com/Azure/go-autorest/autorest/adal v0.9.13/go.mod h1:W/MM4U6nLxnIskrw4UwWzlHfGjwUS50aOsc/I3yuU8M= github.com/Azure/go-autorest/autorest/adal v0.9.18/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ= github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74= github.com/Azure/go-autorest/autorest/mocks v0.4.0/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= github.com/Azure/go-autorest/autorest/to v0.4.0/go.mod h1:fE8iZBn7LQR7zH/9XU2NcPR4o9jEImooCeWJcYV/zLE= github.com/Azure/go-autorest/logger v0.2.0/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/GoogleCloudPlatform/grpc-gcp-go/grpcgcp v1.5.0/go.mod h1:dppbR7CwXD4pgtV9t3wD1812RaLDcBjtblcDF5f1vI0= github.com/GoogleCloudPlatform/grpc-gcp-go/grpcgcp v1.5.2/go.mod h1:dppbR7CwXD4pgtV9t3wD1812RaLDcBjtblcDF5f1vI0= github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.24.1/go.mod h1:itPGVDKf9cC/ov4MdvJ2QZ0khw4bfoo9jzwTJlaxy2k= github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp v1.27.0/go.mod h1:yAZHSGnqScoU556rBOVkwLze6WP5N+U11RHuWaGVxwY= github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.50.0/go.mod h1:ZV4VOm0/eHR06JLrXWe09068dHpr3TRpY9Uo7T+anuA= github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric v0.51.0/go.mod h1:BnBReJLvVYx2CS/UHOgVz2BXKXD9wsQPxZug20nZhd0= github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/cloudmock v0.51.0/go.mod h1:SZiPHWGOOk3bl8tkevxkoiwPgsIl6CwrWcbwjfHZpdM= github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.50.0/go.mod h1:otE2jQekW/PqXk1Awf5lmfokJx4uwuqcj1ab5SpGeW0= github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping v0.51.0/go.mod h1:otE2jQekW/PqXk1Awf5lmfokJx4uwuqcj1ab5SpGeW0= github.com/Microsoft/cosesign1go v1.2.0/go.mod h1:1La/HcGw19rRLhPW0S6u55K6LKfti+GQSgGCtrfhVe8= github.com/Microsoft/didx509go v0.0.3/go.mod h1:wWt+iQsLzn3011+VfESzznLIp/Owhuj7rLF7yLglYbk= github.com/Microsoft/go-winio v0.4.11/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA= github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA= github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw= github.com/Microsoft/go-winio v0.4.16-0.20201130162521-d1ffc52c7331/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0= github.com/Microsoft/go-winio v0.4.16/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0= github.com/Microsoft/go-winio v0.4.17-0.20210211115548-6eac466e5fa3/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84= github.com/Microsoft/go-winio v0.5.1/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84= github.com/Microsoft/hcsshim v0.8.6/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg= github.com/Microsoft/hcsshim v0.8.7-0.20190325164909-8abdbb8205e4/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg= github.com/Microsoft/hcsshim v0.8.7/go.mod h1:OHd7sQqRFrYd3RmSgbgji+ctCwkbq2wbEYNSzOYtcBQ= github.com/Microsoft/hcsshim v0.8.9/go.mod h1:5692vkUqntj1idxauYlpoINNKeqCiG6Sg38RRsjT5y8= github.com/Microsoft/hcsshim v0.8.14/go.mod h1:NtVKoYxQuTLx6gEq0L96c9Ju4JbRJ4nY2ow3VK6a9Lg= github.com/Microsoft/hcsshim v0.8.15/go.mod h1:x38A4YbHbdxJtc0sF6oIz+RG0npwSCAvn69iY6URG00= github.com/Microsoft/hcsshim v0.8.20/go.mod h1:+w2gRZ5ReXQhFOrvSQeNfhrYB/dg3oDwTOcER2fw4I4= github.com/Microsoft/hcsshim v0.8.23/go.mod h1:4zegtUJth7lAvFyc6cH2gGQ5B3OFQim01nnU2M8jKDg= github.com/Microsoft/hcsshim v0.9.2/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfyFRBqxEbCc= github.com/Microsoft/hcsshim v0.9.3/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfyFRBqxEbCc= github.com/Microsoft/hcsshim v0.9.4/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfyFRBqxEbCc= github.com/Microsoft/hcsshim v0.11.7/go.mod h1:MV8xMfmECjl5HdO7U/3/hFVnkmSBjAjmA09d4bExKcU= github.com/Microsoft/hcsshim v0.12.3/go.mod h1:Iyl1WVpZzr+UkzjekHZbV8o5Z9ZkxNGx6CtY2Qg/JVQ= github.com/Microsoft/hcsshim/test v0.0.0-20201218223536-d3e5debf77da/go.mod h1:5hlzMzRKMLyo42nCZ9oml8AdTlq/0cvIaBv6tK1RehU= github.com/Microsoft/hcsshim/test v0.0.0-20210227013316-43a75bb4edd3/go.mod h1:mw7qgWloBUl75W/gVH3cQszUg1+gUITj7D6NY7ywVnY= github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c= github.com/OneOfOne/xxhash v1.2.8/go.mod h1:eZbhyaAYD41SGSSsnmcpxVoRiQ/MPUTjUdIIOT9Um7Q= github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ= github.com/agnivade/levenshtein v1.0.1/go.mod h1:CURSv5d9Uaml+FovSIICkLbAUZ9S4RqaHDIsdSBg7lM= github.com/agnivade/levenshtein v1.1.1/go.mod h1:veldBMzWxcCG2ZvUTKD2kJNRdCk5hVbJomOvKkmgYbo= github.com/akavel/rsrc v0.10.2/go.mod h1:uLoCtb9J+EyAqh+26kdrTgmzRBFPGOolLWKpdxkKq+c= github.com/alecthomas/kingpin/v2 v2.4.0/go.mod h1:0gyi0zQnjuFk8xrkNKamJoyUo382HRL7ATRpFZCw6tE= github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137/go.mod h1:OMCwj8VM1Kc9e19TLln2VL61YJF0x1XFtfdL4JdbSyE= github.com/alexflint/go-filemutex v0.0.0-20171022225611-72bdc8eae2ae/go.mod h1:CgnQgUtFrFz9mxFNtED3jI5tLDjKlOM+oUF/sTk6ps0= github.com/alexflint/go-filemutex v1.1.0/go.mod h1:7P4iRhttt/nUvUOrYIhcpMzv2G6CY9UnI16Z+UJqRyk= github.com/alexflint/go-filemutex v1.3.0/go.mod h1:U0+VA/i30mGBlLCrFPGtTe9y6wGQfNAWPBTekHQ+c8A= github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8= github.com/antlr/antlr4/runtime/Go/antlr v1.4.10/go.mod h1:F7bn7fEU90QkQ3tnmaTx3LTKLEDqnwWODIYppRQ5hnY= github.com/antlr4-go/antlr/v4 v4.13.0/go.mod h1:pfChB/xh/Unjila75QW7+VU4TSnWnnk9UTnmpPaOR2g= github.com/apache/arrow/go/v15 v15.0.2/go.mod h1:DGXsR3ajT524njufqf95822i+KTh+yea1jass9YXgjA= github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0/go.mod h1:t2tdKJDJF9BV14lnkjHmOQgcvEKgtqs5a1N3LNdJhGE= github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= github.com/aws/aws-sdk-go v1.15.11/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0= github.com/aws/aws-sdk-go v1.43.16/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo= github.com/beorn7/perks v0.0.0-20160804104726-4c0e84591b9a/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/bitly/go-simplejson v0.5.0/go.mod h1:cXHtHw4XUPsvGaxgjIAn8PhEWG9NfngEKAMDJEczWVA= github.com/blang/semver v3.1.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869/go.mod h1:Ekp36dRnpXw/yCqJaO+ZrUyxD+3VXMFFr56k5XYrpB4= github.com/bshuster-repo/logrus-logstash-hook v0.4.1/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk= github.com/bshuster-repo/logrus-logstash-hook v1.0.0/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk= github.com/buger/jsonparser v0.0.0-20180808090653-f4dd9f5a6b44/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0= github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd/go.mod h1:2oa8nejYd4cQ/b0hMIopN0lCRxU0bueqREvZLWFrtK8= github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b/go.mod h1:obH5gd0BsqsP2LwDJ9aOkm/6J86V6lyAXCoQWGw3K50= github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3kj0zr8ZAKg1AQ6crr+5VwKN5eIywRkfhyM/+dE= github.com/bytecodealliance/wasmtime-go v0.36.0/go.mod h1:q320gUxqyI8yB+ZqRuaJOEnGkAnHh6WtJjMaT2CW4wI= github.com/bytecodealliance/wasmtime-go/v3 v3.0.2/go.mod h1:RnUjnIXxEJcL6BgCvNyzCCRzZcxCgsZCi+RNlvYor5Q= github.com/cenkalti/backoff v2.2.1+incompatible h1:tNowT99t7UNflLxfYYSlKYsBpXdEet03Pg2g16Swow4= github.com/cenkalti/backoff/v4 v4.1.2/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw= github.com/cenkalti/backoff/v4 v4.2.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91VeyqjLS6ao50K5bOcLKN6Q42XnYaRYw= github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/checkpoint-restore/checkpointctl v1.3.0/go.mod h1:dqZH4wDvbjnsqFGK2LdUDk21yFQ1dCAtzgRMlG44KDM= github.com/checkpoint-restore/go-criu/v4 v4.1.0/go.mod h1:xUQBLp4RLc5zJtWY++yjOoMoB5lihDt7fai+75m+rGw= github.com/checkpoint-restore/go-criu/v5 v5.3.0/go.mod h1:E/eQpaFtUKGOOSEBZgmKAcn+zUUwWxqcaKZlF54wK8E= github.com/checkpoint-restore/go-criu/v7 v7.2.0/go.mod h1:u0LCWLg0w4yqqu14aXhiB4YD3a1qd8EcCEg7vda5dwo= github.com/chromedp/cdproto v0.0.0-20230802225258-3cf4e6d46a89/go.mod h1:GKljq0VrfU4D5yc+2qA6OVr8pmO/MBbPEWqWQ/oqGEs= github.com/chromedp/chromedp v0.9.2/go.mod h1:LkSXJKONWTCHAfQasKFUZI+mxqS4tZqhmtGzzhLsnLs= github.com/chromedp/sysutil v1.0.0/go.mod h1:kgWmDdq8fTzXYcKIBqIYvRRTnYb9aNS9moAV0xufSww= github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ= github.com/chzyer/readline v1.5.1/go.mod h1:Eh+b79XXUwfKfcPLepksvw2tcLE/Ct21YObkaSkeBlk= github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8= github.com/cilium/ebpf v0.0.0-20200110133405-4032b1d8aae3/go.mod h1:MA5e5Lr8slmEg9bt0VpxxWqJlO4iwu3FBdHUzV7wQVg= github.com/cilium/ebpf v0.0.0-20200702112145-1c8d4c9ef775/go.mod h1:7cR51M8ViRLIdUjrmSXlK9pkrsDlLHbO8jiB8X8JnOc= github.com/cilium/ebpf v0.2.0/go.mod h1:To2CFviqOWL/M0gIMsvSMlqe7em/l1ALkX1PyjrX2Qs= github.com/cilium/ebpf v0.9.1/go.mod h1:+OhNOIXx/Fnu1IE8bJz2dzOA+VSfyTfdNUVdlQnxUFY= github.com/cilium/ebpf v0.11.0/go.mod h1:WE7CZAnqOL2RouJ4f1uyNhqr2P4CCvXFIqdRDUgWsVs= github.com/cncf/udpa/go v0.0.0-20220112060539-c52dc94e7fbe/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI= github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20231128003011-0fa0005c9caa/go.mod h1:x/1Gn8zydmfq8dk6e9PdstVsDgu9RuyIIJqAaF//0IM= github.com/cncf/xds/go v0.0.0-20240318125728-8a4994d93e50/go.mod h1:5e1+Vvlzido69INQaVO6d87Qn543Xr6nooe9Kz7oBFM= github.com/cncf/xds/go v0.0.0-20240723142845-024c85f92f20/go.mod h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8= github.com/cncf/xds/go v0.0.0-20240822171458-6449f94b4d59/go.mod h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8= github.com/cncf/xds/go v0.0.0-20250121191232-2f005788dc42/go.mod h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8= github.com/cncf/xds/go v0.0.0-20250501225837-2ac532fd4443/go.mod h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8= github.com/cockroachdb/datadriven v1.0.2/go.mod h1:a9RdTaap04u637JoCzcUoIcDmvwSUtcUFtT/C3kJlTU= github.com/containerd/aufs v0.0.0-20200908144142-dab0cbea06f4/go.mod h1:nukgQABAEopAHvB6j7cnP5zJ+/3aVcE7hCYqvIwAHyE= github.com/containerd/aufs v0.0.0-20201003224125-76a6863f2989/go.mod h1:AkGGQs9NM2vtYHaUen+NljV0/baGCAPELGm2q9ZXpWU= github.com/containerd/aufs v1.0.0/go.mod h1:kL5kd6KM5TzQjR79jljyi4olc1Vrx6XBlcyj3gNv2PU= github.com/containerd/btrfs v0.0.0-20201111183144-404b9149801e/go.mod h1:jg2QkJcsabfHugurUvvPhS3E08Oxiuh5W/g1ybB4e0E= github.com/containerd/btrfs/v2 v2.0.0/go.mod h1:swkD/7j9HApWpzl8OHfrHNxppPd9l44DFZdF94BUj9k= github.com/containerd/cgroups v0.0.0-20190717030353-c4b9ac5c7601/go.mod h1:X9rLEHIqSf/wfK8NsPqxJmeZgW4pcfzdXITDrUSJ6uI= github.com/containerd/cgroups v0.0.0-20190919134610-bf292b21730f/go.mod h1:OApqhQ4XNSNC13gXIwDjhOQxjWa/NxkwZXJ1EvqT0ko= github.com/containerd/cgroups v0.0.0-20200531161412-0dbf7f05ba59/go.mod h1:pA0z1pT8KYB3TCXK/ocprsh7MAkoW8bZVzPdih9snmM= github.com/containerd/cgroups v0.0.0-20200710171044-318312a37340/go.mod h1:s5q4SojHctfxANBDvMeIaIovkq29IP48TKAxnhYRxvo= github.com/containerd/cgroups v0.0.0-20200824123100-0b889c03f102/go.mod h1:s5q4SojHctfxANBDvMeIaIovkq29IP48TKAxnhYRxvo= github.com/containerd/cgroups v0.0.0-20210114181951-8a68de567b68/go.mod h1:ZJeTFisyysqgcCdecO57Dj79RfL0LNeGiFUqLYQRYLE= github.com/containerd/cgroups v1.0.3/go.mod h1:/ofk34relqNjSGyqPrmEULrO4Sc8LJhvJmWbUCUKqj8= github.com/containerd/cgroups v1.1.0/go.mod h1:6ppBcbh/NOOUU+dMKrykgaBnK9lCIBxHqJDGwsa1mIw= github.com/containerd/cgroups/v3 v3.0.2/go.mod h1:JUgITrzdFqp42uI2ryGA+ge0ap/nxzYgkGmIcetmErE= github.com/containerd/console v0.0.0-20180822173158-c12b1e7919c1/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw= github.com/containerd/console v0.0.0-20181022165439-0650fd9eeb50/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw= github.com/containerd/console v0.0.0-20191206165004-02ecf6a7291e/go.mod h1:8Pf4gM6VEbTNRIT26AyyU7hxdQU3MvAvxVI0sc00XBE= github.com/containerd/console v1.0.1/go.mod h1:XUsP6YE/mKtz6bxc+I8UiKKTP04qjQL4qcS3XoQ5xkw= github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U= github.com/containerd/console v1.0.4/go.mod h1:YynlIjWYF8myEu6sdkwKIvGQq+cOckRm6So2avqoYAk= github.com/containerd/containerd v1.2.10/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= github.com/containerd/containerd v1.3.0-beta.2.0.20190828155532-0293cbd26c69/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= github.com/containerd/containerd v1.3.0/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= github.com/containerd/containerd v1.3.1-0.20191213020239-082f7e3aed57/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= github.com/containerd/containerd v1.3.2/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= github.com/containerd/containerd v1.4.0-beta.2.0.20200729163537-40b22ef07410/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= github.com/containerd/containerd v1.4.1/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= github.com/containerd/containerd v1.4.3/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= github.com/containerd/containerd v1.4.9/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= github.com/containerd/containerd v1.5.0-beta.1/go.mod h1:5HfvG1V2FsKesEGQ17k5/T7V960Tmcumvqn8Mc+pCYQ= github.com/containerd/containerd v1.5.0-beta.3/go.mod h1:/wr9AVtEM7x9c+n0+stptlo/uBBoBORwEx6ardVcmKU= github.com/containerd/containerd v1.5.8/go.mod h1:YdFSv5bTFLpG2HIYmfqDpSYYTDX+mc5qtSuYx1YUb/s= github.com/containerd/containerd v1.6.1/go.mod h1:1nJz5xCZPusx6jJU8Frfct988y0NpumIq9ODB0kLtoE= github.com/containerd/containerd v1.6.6/go.mod h1:ZoP1geJldzCVY3Tonoz7b1IXk8rIX0Nltt5QE4OMNk0= github.com/containerd/containerd v1.6.8/go.mod h1:By6p5KqPK0/7/CgO/A6t/Gz+CUYUu2zf1hUaaymVXB0= github.com/containerd/containerd v1.6.23/go.mod h1:UrQOiyzrLi3n4aezYJbQH6Il+YzTvnHFbEuO3yfDrM4= github.com/containerd/containerd/api v1.7.19/go.mod h1:fwGavl3LNwAV5ilJ0sbrABL44AQxmNjDRcwheXDb6Ig= github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= github.com/containerd/continuity v0.0.0-20190815185530-f2a389ac0a02/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= github.com/containerd/continuity v0.0.0-20191127005431-f65d91d395eb/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= github.com/containerd/continuity v0.0.0-20200710164510-efbc4488d8fe/go.mod h1:cECdGN1O8G9bgKTlLhuPJimka6Xb/Gg7vYzCTNVxhvo= github.com/containerd/continuity v0.0.0-20201208142359-180525291bb7/go.mod h1:kR3BEg7bDFaEddKm54WSmrol1fKWDU1nKYkgrcgZT7Y= github.com/containerd/continuity v0.0.0-20210208174643-50096c924a4e/go.mod h1:EXlVlkqNba9rJe3j7w3Xa924itAMLgZH4UD/Q4PExuQ= github.com/containerd/continuity v0.2.2/go.mod h1:pWygW9u7LtS1o4N/Tn0FoCFDIXZ7rxcMX7HX1Dmibvk= github.com/containerd/continuity v0.4.2/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ= github.com/containerd/errdefs v0.1.0/go.mod h1:YgWiiHtLmSeBrvpw+UfPijzbLaB77mEG1WwJTDETIV0= github.com/containerd/errdefs v0.3.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M= github.com/containerd/fifo v0.0.0-20180307165137-3d5202aec260/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI= github.com/containerd/fifo v0.0.0-20190226154929-a9fb20d87448/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI= github.com/containerd/fifo v0.0.0-20200410184934-f15a3290365b/go.mod h1:jPQ2IAeZRCYxpS/Cm1495vGFww6ecHmMk1YJH2Q5ln0= github.com/containerd/fifo v0.0.0-20201026212402-0724c46b320c/go.mod h1:jPQ2IAeZRCYxpS/Cm1495vGFww6ecHmMk1YJH2Q5ln0= github.com/containerd/go-cni v1.0.1/go.mod h1:+vUpYxKvAF72G9i1WoDOiPGRtQpqsNW/ZHtSlv++smU= github.com/containerd/go-cni v1.1.0/go.mod h1:Rflh2EJ/++BA2/vY5ao3K6WJRR/bZKsX123aPk+kUtA= github.com/containerd/go-cni v1.1.3/go.mod h1:Rflh2EJ/++BA2/vY5ao3K6WJRR/bZKsX123aPk+kUtA= github.com/containerd/go-cni v1.1.6/go.mod h1:BWtoWl5ghVymxu6MBjg79W9NZrCRyHIdUtk4cauMe34= github.com/containerd/go-cni v1.1.9/go.mod h1:XYrZJ1d5W6E2VOvjffL3IZq0Dz6bsVlERHbekNK90PM= github.com/containerd/go-cni v1.1.11/go.mod h1:/Y/sL8yqYQn1ZG1om1OncJB1W4zN3YmjfP/ShCzG/OY= github.com/containerd/go-runc v0.0.0-20180907222934-5a6d9f37cfa3/go.mod h1:IV7qH3hrUgRmyYrtgEeGWJfWbgcHL9CSRruz2Vqcph0= github.com/containerd/go-runc v0.0.0-20190911050354-e029b79d8cda/go.mod h1:IV7qH3hrUgRmyYrtgEeGWJfWbgcHL9CSRruz2Vqcph0= github.com/containerd/go-runc v0.0.0-20200220073739-7016d3ce2328/go.mod h1:PpyHrqVs8FTi9vpyHwPwiNEGaACDxT/N/pLcvMSRA9g= github.com/containerd/go-runc v1.0.0/go.mod h1:cNU0ZbCgCQVZK4lgG3P+9tn9/PaJNmoDXPpoJhDR+Ok= github.com/containerd/go-runc v1.1.0/go.mod h1:xJv2hFF7GvHtTJd9JqTS2UVxMkULUYw4JN5XAUZqH5U= github.com/containerd/imgcrypt v1.0.1/go.mod h1:mdd8cEPW7TPgNG4FpuP3sGBiQ7Yi/zak9TYCG3juvb0= github.com/containerd/imgcrypt v1.0.4-0.20210301171431-0ae5c75f59ba/go.mod h1:6TNsg0ctmizkrOgXRNQjAPFWpMYRWuiB6dSF4Pfa5SA= github.com/containerd/imgcrypt v1.1.3/go.mod h1:/TPA1GIDXMzbj01yd8pIbQiLdQxed5ue1wb8bP7PQu4= github.com/containerd/imgcrypt v1.1.4/go.mod h1:LorQnPtzL/T0IyCeftcsMEO7AqxUDbdO8j/tSUpgxvo= github.com/containerd/imgcrypt v1.1.7/go.mod h1:FD8gqIcX5aTotCtOmjeCsi3A1dHmTZpnMISGKSczt4k= github.com/containerd/imgcrypt v1.1.8/go.mod h1:x6QvFIkMyO2qGIY2zXc88ivEzcbgvLdWjoZyGqDap5U= github.com/containerd/imgcrypt/v2 v2.0.0-rc.1/go.mod h1:3/Ab3iliBt/aBVNYOwecT1YagCqAiHidOmVsrjtHF1A= github.com/containerd/nri v0.0.0-20201007170849-eb1350a75164/go.mod h1:+2wGSDGFYfE5+So4M5syatU0N0f0LbWpuqyMi4/BE8c= github.com/containerd/nri v0.6.1/go.mod h1:7+sX3wNx+LR7RzhjnJiUkFDhn18P5Bg/0VnJ/uXpRJM= github.com/containerd/nri v0.8.0/go.mod h1:uSkgBrCdEtAiEz4vnrq8gmAC4EnVAM5Klt0OuK5rZYQ= github.com/containerd/otelttrpc v0.0.0-20240305015340-ea5083fda723/go.mod h1:ZKzztepTSz/LKtbUSzfBNVwgqBEPABVZV9PQF/l53+Q= github.com/containerd/platforms v0.2.1/go.mod h1:XHCb+2/hzowdiut9rkudds9bE5yJ7npe7dG/wG+uFPw= github.com/containerd/plugin v1.0.0/go.mod h1:hQfJe5nmWfImiqT1q8Si3jLv3ynMUIBB47bQ+KexvO8= github.com/containerd/protobuild v0.3.0/go.mod h1:5mNMFKKAwCIAkFBPiOdtRx2KiQlyEJeMXnL5R1DsWu8= github.com/containerd/stargz-snapshotter/estargz v0.14.3/go.mod h1:KY//uOCIkSuNAHhJogcZtrNHdKrA99/FCCRjE3HD36o= github.com/containerd/ttrpc v0.0.0-20190828154514-0e0f228740de/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o= github.com/containerd/ttrpc v0.0.0-20190828172938-92c8520ef9f8/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o= github.com/containerd/ttrpc v0.0.0-20191028202541-4f1b8fe65a5c/go.mod h1:LPm1u0xBw8r8NOKoOdNMeVHSawSsltak+Ihv+etqsE8= github.com/containerd/ttrpc v1.0.1/go.mod h1:UAxOpgT9ziI0gJrmKvgcZivgxOp8iFPSk8httJEt98Y= github.com/containerd/ttrpc v1.0.2/go.mod h1:UAxOpgT9ziI0gJrmKvgcZivgxOp8iFPSk8httJEt98Y= github.com/containerd/ttrpc v1.1.2/go.mod h1:XX4ZTnoOId4HklF4edwc4DcqskFZuvXB1Evzy5KFQpQ= github.com/containerd/ttrpc v1.2.5/go.mod h1:YCXHsb32f+Sq5/72xHubdiJRQY9inL4a4ZQrAbN1q9o= github.com/containerd/ttrpc v1.2.6-0.20240827082320-b5cd6e4b3287/go.mod h1:YCXHsb32f+Sq5/72xHubdiJRQY9inL4a4ZQrAbN1q9o= github.com/containerd/typeurl v0.0.0-20180627222232-a93fcdb778cd/go.mod h1:Cm3kwCdlkCfMSHURc+r6fwoGH6/F1hH3S4sg0rLFWPc= github.com/containerd/typeurl v0.0.0-20190911142611-5eb25027c9fd/go.mod h1:GeKYzf2pQcqv7tJ0AoCuuhtnqhva5LNU3U+OyKxxJpk= github.com/containerd/typeurl v1.0.1/go.mod h1:TB1hUtrpaiO88KEK56ijojHS1+NeF0izUACaJW2mdXg= github.com/containerd/typeurl v1.0.2 h1:Chlt8zIieDbzQFzXzAeBEF92KhExuE4p9p92/QmY7aY= github.com/containerd/typeurl v1.0.2/go.mod h1:9trJWW2sRlGub4wZJRTW83VtbOLS6hwcDZXTn6oPz9s= github.com/containerd/typeurl/v2 v2.1.1/go.mod h1:IDp2JFvbwZ31H8dQbEIY7sDl2L3o3HZj1hsSQlywkQ0= github.com/containerd/typeurl/v2 v2.2.0/go.mod h1:8XOOxnyatxSWuG8OfsZXVnAF4iZfedjS/8UHSPJnX4g= github.com/containerd/zfs v0.0.0-20200918131355-0a33824f23a2/go.mod h1:8IgZOBdv8fAgXddBT4dBXJPtxyRsejFIpXoklgxgEjw= github.com/containerd/zfs v0.0.0-20210301145711-11e8f1707f62/go.mod h1:A9zfAbMlQwE+/is6hi0Xw8ktpL+6glmqZYtevJgaB8Y= github.com/containerd/zfs v1.1.0/go.mod h1:oZF9wBnrnQjpWLaPKEinrx3TQ9a+W/RJO7Zb41d8YLE= github.com/containerd/zfs/v2 v2.0.0-rc.0/go.mod h1:g36g/XCEGDRxUXIFdM3oWAEvmTvhfz/eKWElqg4Secw= github.com/containernetworking/cni v0.7.1/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY= github.com/containernetworking/cni v0.8.0/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY= github.com/containernetworking/cni v1.0.1/go.mod h1:AKuhXbN5EzmD4yTNtfSsX3tPcmtrBI6QcRV0NiNt15Y= github.com/containernetworking/cni v1.1.1/go.mod h1:sDpYKmGVENF3s6uvMvGgldDWeG8dMxakj/u+i9ht9vw= github.com/containernetworking/cni v1.1.2/go.mod h1:sDpYKmGVENF3s6uvMvGgldDWeG8dMxakj/u+i9ht9vw= github.com/containernetworking/cni v1.2.2/go.mod h1:DuLgF+aPd3DzcTQTtp/Nvl1Kim23oFKdm2okJzBQA5M= github.com/containernetworking/cni v1.2.3/go.mod h1:DuLgF+aPd3DzcTQTtp/Nvl1Kim23oFKdm2okJzBQA5M= github.com/containernetworking/plugins v0.8.6/go.mod h1:qnw5mN19D8fIwkqW7oHHYDHVlzhJpcY6TQxn/fUyDDM= github.com/containernetworking/plugins v1.0.1/go.mod h1:QHCfGpaTwYTbbH+nZXKVTxNBDZcxSOplJT5ico8/FLE= github.com/containernetworking/plugins v1.1.1/go.mod h1:Sr5TH/eBsGLXK/h71HeLfX19sZPp3ry5uHSkI4LPxV8= github.com/containernetworking/plugins v1.2.0/go.mod h1:/VjX4uHecW5vVimFa1wkG4s+r/s9qIfPdqlLF4TW8c4= github.com/containernetworking/plugins v1.5.1/go.mod h1:MIQfgMayGuHYs0XdNudf31cLLAC+i242hNm6KuDGqCM= github.com/containers/ocicrypt v1.0.1/go.mod h1:MeJDzk1RJHv89LjsH0Sp5KTY3ZYkjXO/C+bKAeWFIrc= github.com/containers/ocicrypt v1.1.0/go.mod h1:b8AOe0YR67uU8OqfVNcznfFpAzu3rdgUV4GP9qXPfu4= github.com/containers/ocicrypt v1.1.2/go.mod h1:Dm55fwWm1YZAjYRaJ94z2mfZikIyIN4B0oB3dj3jFxY= github.com/containers/ocicrypt v1.1.3/go.mod h1:xpdkbVAuaH3WzbEabUd5yDsl9SwJA5pABH85425Es2g= github.com/containers/ocicrypt v1.1.6/go.mod h1:WgjxPWdTJMqYMjf3M6cuIFFA1/MpyyhIM99YInA+Rvc= github.com/containers/ocicrypt v1.1.10/go.mod h1:YfzSSr06PTHQwSTUKqDSjish9BeW1E4HUmreluQcMd8= github.com/containers/ocicrypt v1.2.0/go.mod h1:ZNviigQajtdlxIZGibvblVuIFBKIuUI2M0QM12SD31U= github.com/coreos/go-iptables v0.4.5/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU= github.com/coreos/go-iptables v0.6.0/go.mod h1:Qe8Bv2Xik5FyTXwgIbLAnv2sWSBmvWdFETJConOQ//Q= github.com/coreos/go-iptables v0.7.0/go.mod h1:Qe8Bv2Xik5FyTXwgIbLAnv2sWSBmvWdFETJConOQ//Q= github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= github.com/coreos/go-oidc v2.2.1+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= github.com/coreos/go-semver v0.3.1/go.mod h1:irMmmIw/7yzSRPWryHsK7EYSg09caPQL03VsM8rvUec= github.com/coreos/go-systemd v0.0.0-20161114122254-48702e0da86b/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e h1:Wf6HqHfScWJN9/ZjdUKyjop4mf3Qdd+1TvvltAvM3m8= github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf h1:iW4rZ826su+pqaw19uhpSCzhj44qo35pNgKFGqzDKkU= github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd/v22 v22.0.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk= github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/cpuguy83/go-md2man/v2 v2.0.5/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= github.com/cyphar/filepath-securejoin v0.2.2/go.mod h1:FpkQEhXnPnOthhzymB7CGsFk2G9VLXONKD9G7QGMM+4= github.com/cyphar/filepath-securejoin v0.2.3/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= github.com/cyphar/filepath-securejoin v0.2.5/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= github.com/d2g/dhcp4 v0.0.0-20170904100407-a1d1b6c41b1c/go.mod h1:Ct2BUK8SB0YC1SMSibvLzxjeJLnrYEVLULFNiHY9YfQ= github.com/d2g/dhcp4client v1.0.0/go.mod h1:j0hNfjhrt2SxUOw55nL0ATM/z4Yt3t2Kd1mW34z5W5s= github.com/d2g/dhcp4server v0.0.0-20181031114812-7d4a0a7f59a5/go.mod h1:Eo87+Kg/IX2hfWJfwxMzLyuSZyxSoAug2nGa1G2QAi8= github.com/d2g/hardwareaddr v0.0.0-20190221164911-e7d9fbe030e4/go.mod h1:bMl4RjIciD2oAxI7DmWRx6gbeqrkoLqv3MV0vzNad+I= github.com/danieljoos/wincred v1.1.0/go.mod h1:XYlo+eRTsVA9aHGp7NGjFkPla4m+DCL7hqDjlFjiygg= github.com/danieljoos/wincred v1.1.2/go.mod h1:GijpziifJoIBfYh+S7BbkdUTU4LfM+QnGqR5Vl2tAx0= github.com/decred/dcrd/crypto/blake256 v1.0.0/go.mod h1:sQl2p6Y26YV+ZOcSTP6thNdn47hh8kt6rqSlvmrXFAc= github.com/decred/dcrd/crypto/blake256 v1.0.1/go.mod h1:2OfgNZ5wDpcsFmHmCK5gZTPcCXqlm2ArzUIkw9czNJo= github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210816181553-5444fa50b93d/go.mod h1:tmAIfUFEirG/Y8jhZ9M+h36obRZAk/1fcSpXwAVlfqE= github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0/go.mod h1:v57UDF4pDQJcEfFUCRop3lJL149eHGSe9Jvczhzjo/0= github.com/denverdino/aliyungo v0.0.0-20190125010748-a747050bb1ba/go.mod h1:dV8lFg6daOBZbT6/BDGIz6Y3WFGn8juu6G+CQ6LHtl0= github.com/dgraph-io/badger/v3 v3.2103.2/go.mod h1:RHo4/GmYcKKh5Lxu63wLEMHJ70Pac2JqZRYGhlyAo2M= github.com/dgraph-io/badger/v3 v3.2103.5/go.mod h1:4MPiseMeDQ3FNCYwRbbcBOGJLf5jsE0PPFzRiKjtcdw= github.com/dgraph-io/ristretto v0.1.0/go.mod h1:fux0lOrBhrVCJd3lcTHsIJhq1T2rokOu6v9Vcb3Q9ug= github.com/dgraph-io/ristretto v0.1.1/go.mod h1:S1GPSBCYCIhmVNfcth17y2zZtQT6wzkzgwUve0VDWWA= github.com/dgrijalva/jwt-go v0.0.0-20170104182250-a601269ab70c/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw= github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw= github.com/dgryski/trifles v0.0.0-20200323201526-dd97f9abfb48/go.mod h1:if7Fbed8SFyPtHLHbg49SI7NAdJiC5WIA09pe59rfAA= github.com/distribution/distribution/v3 v3.0.0-20220526142353-ffbd94cbe269/go.mod h1:28YO/VJk9/64+sTGNuYaBjWxrXTPrj0C0XmgTIOjxX4= github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E= github.com/docker/cli v20.10.17+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/cli v23.0.3+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/cli v24.0.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v0.0.0-20190905152932-14b96e55d84c/go.mod h1:0+TTO4EOBfRPhZXAeF1Vu+W3hHZ8eLp8PgKVZlcvtFY= github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/docker v20.10.17+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v23.0.3+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v27.1.1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.6.4/go.mod h1:ofX3UI0Gz1TteYBjtgs07O36Pyasyp66D2uKT7H8W1c= github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0= github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec= github.com/docker/go-events v0.0.0-20170721190031-9461782956ad/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA= github.com/docker/go-metrics v0.0.0-20180209012529-399ea8c73916/go.mod h1:/u0gXw0Gay3ceNrsHubL3BtdOL2fHf93USgMTe0W5dI= github.com/docker/go-metrics v0.0.1/go.mod h1:cG1hvH2utMXtqgqqYE9plW6lDxS3/5ayHzueweSI3Vw= github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= github.com/docker/libtrust v0.0.0-20150114040149-fa567046d9b1/go.mod h1:cyGadeNEkKy96OOhEzfZl+yxihPEzKnqJwvfuSUqbZE= github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM= github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto= github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful/v3 v3.10.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE= github.com/envoyproxy/go-control-plane v0.11.1/go.mod h1:uhMcXKCQMEJHiAb0w+YGefQLaTEw+YhGluxZkrTmD0g= github.com/envoyproxy/go-control-plane v0.12.0/go.mod h1:ZBTaoJ23lqITozF0M6G4/IragXCQKCnYbmlmtHvwRG0= github.com/envoyproxy/go-control-plane v0.13.0/go.mod h1:GRaKG3dwvFoTg4nj7aXdZnvMg4d7nvT/wl9WgVXn3Q8= github.com/envoyproxy/go-control-plane v0.13.4/go.mod h1:kDfuBlDVsSj2MjrLEtRWtHlsWIFcGyB2RMO44Dc5GZA= github.com/envoyproxy/go-control-plane/envoy v1.32.4/go.mod h1:Gzjc5k8JcJswLjAx1Zm+wSYE20UrLtt7JZMWiWQXQEw= github.com/envoyproxy/go-control-plane/ratelimit v0.1.0/go.mod h1:Wk+tMFAFbCXaJPzVVHnPgRKdUdwW/KdbRt94AzgRee4= github.com/envoyproxy/protoc-gen-validate v1.0.2/go.mod h1:GpiZQP3dDbg4JouG/NNS7QWXpgx6x8QiMKdmN72jogE= github.com/envoyproxy/protoc-gen-validate v1.0.4/go.mod h1:qys6tmnRsYrQqIhm2bvKZH4Blx/1gTIZ2UKVY1M+Yew= github.com/envoyproxy/protoc-gen-validate v1.1.0/go.mod h1:sXRDRVmzEbkM7CVcM06s9shE/m23dg3wzjl0UWqJ2q4= github.com/envoyproxy/protoc-gen-validate v1.2.1/go.mod h1:d/C80l/jxXLdfEIhX1W2TmLfsJ31lvEjwamM4DxlWXU= github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch v4.11.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/felixge/httpsnoop v1.0.2/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/foxcpp/go-mockdns v0.0.0-20210729171921-fb145fc6f897/go.mod h1:lgRN6+KxQBawyIghpnl5CezHFGS9VLzvtVlwxvzXTQ4= github.com/foxcpp/go-mockdns v1.1.0/go.mod h1:IhLeSFGed3mJIAXPH2aiRQB+kqz7oqu8ld2qVbOu7Wk= github.com/frankban/quicktest v1.14.5/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= github.com/fsnotify/fsnotify v1.5.1/go.mod h1:T3375wBYaZdLLcVNkcVbzGHY7f1l/uK5T5Ai1i3InKU= github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmVXmkdnm1bU= github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa/go.mod h1:KnogPXtdwXqoenmZCw6S+25EAm2MkxbG0deNDu4cbSA= github.com/fxamacker/cbor/v2 v2.4.0/go.mod h1:TA1xS00nchWmaBnEIxPSE5oHLuJBAVvqrtAnWBwBCVo= github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= github.com/garyburd/redigo v0.0.0-20150301180006-535138d7bcd7/go.mod h1:NR3MbYisc3/PwhQ00EMzDiPmrwpPxAn5GI05/YaO1SY= github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/go-ini/ini v1.66.6/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8= github.com/go-ini/ini v1.67.0/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8= github.com/go-jose/go-jose/v3 v3.0.3/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ= github.com/go-jose/go-jose/v4 v4.0.2/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY= github.com/go-jose/go-jose/v4 v4.0.4/go.mod h1:NKb5HO1EZccyMpiZNbdUw/14tiXNyUJh188dfnMCAfc= github.com/go-jose/go-jose/v4 v4.0.5/go.mod h1:s3P1lRrkT8igV8D9OjyL4WRyHvjB6a4JSllnOrmmBOA= github.com/go-kit/log v0.2.0/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0= github.com/go-kit/log v0.2.1/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0= github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs= github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= github.com/go-logr/logr v0.4.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.1/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.0/go.mod h1:YkVgnZu1ZjjL7xTxrfm/LLZBfkhTqSR1ydtm6jTKKwI= github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg= github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg= github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc= github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8= github.com/go-openapi/jsonreference v0.19.5/go.mod h1:RdybgQwPxbL4UEjuAruzK1x3nE69AqPYEJeo/TWfEeg= github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= github.com/go-openapi/spec v0.19.3/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8Lj9mJglo= github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= github.com/go-openapi/swag v0.22.4/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= github.com/gobwas/httphead v0.1.0/go.mod h1:O/RXo79gxV8G+RqlR/otEwx4Q36zl9rqC5u12GKvMCM= github.com/gobwas/pool v0.2.1/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw= github.com/gobwas/ws v1.2.1/go.mod h1:hRKAFb8wOxFROYNsT1bqfWnhX+b5MFeJM9r2ZSwg/KY= github.com/goccy/go-json v0.9.7/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= github.com/godbus/dbus v0.0.0-20151105175453-c7fdd8b5cd55/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw= github.com/godbus/dbus v0.0.0-20180201030542-885f9cc04c9c/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw= github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e h1:BWhy2j3IXJhjCbC68FptL43tDKIq8FladmaTs3Xs7Z8= github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e/go.mod h1:bBOAhwG1umN6/6ZUMtDFBMQR8jRg9O75tm9K00oMsK4= github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM= github.com/gogo/googleapis v1.2.0/go.mod h1:Njal3psf3qN6dwBtQfUmBZh2ybovJ0tlu3o/AC7HYjU= github.com/gogo/googleapis v1.4.0/go.mod h1:5YRNX2z1oM5gXdAkurHa942MDgEJyk02w4OecKY87+c= github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4= github.com/golang/glog v1.1.2/go.mod h1:zR+okUeTbrL6EL3xHUDxZuEtGv04p5shwip1+mL/rLQ= github.com/golang/glog v1.2.0 h1:uCdmnmatrKCgMBlM4rMuJZWOkPDqdbZPnrMXDY4gI68= github.com/golang/glog v1.2.0/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w= github.com/golang/glog v1.2.2/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w= github.com/golang/glog v1.2.5/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w= github.com/golang/mock v1.7.0-rc.1/go.mod h1:s42URUywIqd+OcERslBJvOjepvNymP31m3q8d/GkuRs= github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/gomodule/redigo v1.8.2/go.mod h1:P9dn9mFrCBvWhGE1wpxx6fgq7BAeLBk+UUUzlpkBYO0= github.com/google/btree v1.1.3/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= github.com/google/cel-go v0.20.1/go.mod h1:kWcIzTsPX0zmQ+H3TirHstLLf9ep5QTsZBN9u4dOYLg= github.com/google/flatbuffers v1.12.1/go.mod h1:1AeVuKshWv4vARoZatz6mlQ0JxURH0Kv5+zNeJKJCa8= github.com/google/flatbuffers v23.5.26+incompatible/go.mod h1:1AeVuKshWv4vARoZatz6mlQ0JxURH0Kv5+zNeJKJCa8= github.com/google/gnostic v0.5.7-v3refs/go.mod h1:73MKFl6jIHelAJNaBGFzt3SPtZULs9dYrGFt8OiIsHQ= github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE= github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-configfs-tsm v0.2.2/go.mod h1:EL1GTDFMb5PZQWDviGfZV9n87WeGTR/JUg13RfwkgRo= github.com/google/go-configfs-tsm v0.3.2/go.mod h1:EL1GTDFMb5PZQWDviGfZV9n87WeGTR/JUg13RfwkgRo= github.com/google/go-containerregistry v0.14.0/go.mod h1:aiJ2fp/SXvkWgmYHioXnbMdlgB8eXiiYOY55gfN91Wk= github.com/google/go-containerregistry v0.20.1/go.mod h1:YCMFNQeeXeLF+dnhhWkqDItx/JSkH01j1Kis4PsjzFI= github.com/google/go-eventlog v0.0.1/go.mod h1:7huE5P8w2NTObSwSJjboHmB7ioBNblkijdzoVa2skfQ= github.com/google/go-pkcs11 v0.2.1-0.20230907215043-c6f79328ddf9/go.mod h1:6eQoGcuNJpa7jnd5pMGdkSaQpNDYvPlXWMcjXXThLlY= github.com/google/go-pkcs11 v0.3.0/go.mod h1:6eQoGcuNJpa7jnd5pMGdkSaQpNDYvPlXWMcjXXThLlY= github.com/google/go-sev-guest v0.8.0/go.mod h1:hc1R4R6f8+NcJwITs0L90fYWTsBpd1Ix+Gur15sqHDs= github.com/google/go-tpm-tools v0.4.2/go.mod h1:fGUDZu4tw3V4hUVuFHmiYgRd0c58/IXivn9v3Ea/ck4= github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/martian/v3 v3.3.2/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= github.com/google/martian/v3 v3.3.3/go.mod h1:iEPrYcgCF7jA9OtScMFQyAlZZ4YXTKEtJ1E6RWzmBA0= github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw= github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo= github.com/google/s2a-go v0.1.4/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A= github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.4.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/cloud-bigtable-clients-test v0.0.2/go.mod h1:mk3CrkrouRgtnhID6UZQDK3DrFFa7cYCAJcEmNsHYrY= github.com/googleapis/cloud-bigtable-clients-test v0.0.3/go.mod h1:TWtDzrrAI70C3dNLDY+nZN3gxHtFdZIbpL9rCTFyxE0= github.com/googleapis/enterprise-certificate-proxy v0.2.4/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k= github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0= github.com/googleapis/enterprise-certificate-proxy v0.3.3/go.mod h1:YKe7cfqYXjKGpGvmSg28/fFvhNzinZQm8DGnaburhGA= github.com/googleapis/enterprise-certificate-proxy v0.3.5/go.mod h1:MkHOF77EYAE7qfSuSS9PU6g4Nt4e11cnsDUowfwewLA= github.com/googleapis/gax-go v2.0.2+incompatible h1:silFMLAnr330+NRuag/VjIGF7TLp/LBrV2CJKFLWEww= github.com/googleapis/gax-go/v2 v2.12.0/go.mod h1:y+aIqrI5eb1YGMVJfuV3185Ts/D7qKpsEkdD5+I6QGU= github.com/googleapis/gax-go/v2 v2.12.2/go.mod h1:61M8vcyyXR2kqKFxKrfA22jaA8JGF7Dc8App1U3H6jc= github.com/googleapis/gax-go/v2 v2.12.3/go.mod h1:AKloxT6GtNbaLm8QTNSidHUVsHYcBHwWRvkNFJUQcS4= github.com/googleapis/gax-go/v2 v2.12.4/go.mod h1:KYEYLorsnIGDi/rPC8b5TdlB9kbKoFubselGIoBMCwI= github.com/googleapis/gax-go/v2 v2.12.5/go.mod h1:BUDKcWo+RaKq5SC9vVYL0wLADa3VcfswbOMMRmB9H3E= github.com/googleapis/gax-go/v2 v2.14.0/go.mod h1:lhBCnjdLrWRaPvLWhmc8IS24m9mr07qSYnHncrgo+zk= github.com/googleapis/gax-go/v2 v2.14.1/go.mod h1:Hb/NubMaVM88SrNkvl8X/o8XWwDJEPqouaLeN2IUxoA= github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg= github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2cUuW7uA/OeU= github.com/googleapis/gnostic v0.5.5/go.mod h1:7+EbHbldMins07ALC74bsA81Ovc97DwqyJO1AENw9kA= github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g= github.com/googleapis/google-cloud-go-testing v0.0.0-20210719221736-1c9a4c676720/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g= github.com/gorilla/handlers v0.0.0-20150720190736-60c7bfde3e33/go.mod h1:Qkdc/uu4tH4g6mTK6auzZ766c4CA0Ng8+o/OAirnOIQ= github.com/gorilla/handlers v1.5.1/go.mod h1:t8XrUpc4KVXb7HGyJ4/cEnwQiaxrX/hz1Zv/4g96P1Q= github.com/gorilla/mux v1.7.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ= github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus v1.0.1/go.mod h1:lXGCsh6c22WGtjr+qGHj1otzZpV/1kwTMAqkwZsnWRU= github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.1.0/go.mod h1:XKMd7iuf/RGPSMJ/U4HP0zS2Z9Fh8Ps9a+6X26m/tmI= github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0/go.mod h1:hgWBS7lorOAVIJEQMi4ZsPv9hVvWI6+ch50m39Pf2Ks= github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0/go.mod h1:YN5jB8ie0yfIUg6VvR9Kz84aCaG7AsGZnLjhHbUqwPg= github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0/go.mod h1:P+Lt/0by1T8bfcF3z737NnSbmxQAppXMRziHUxPOC8k= github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0/go.mod h1:ggCgvZ2r7uOoQjOyu2Y1NhHmEPPzzuhWgcza5M1Ji1I= github.com/hashicorp/errwrap v0.0.0-20141028054710-7554cd9344ce/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/go-multierror v0.0.0-20161216184304-ed905158d874/go.mod h1:JMRHfdO9jKNzS/+BTlxCjKNQHg/jZAft8U7LloJvN7I= github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= github.com/iancoleman/strcase v0.3.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho= github.com/ianlancetaylor/demangle v0.0.0-20240312041847-bd984b5ce465/go.mod h1:gx7rwoVhcfuVKG5uya9Hs3Sxj7EIvldVofAWIUtGouw= github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.10/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/intel/goresctrl v0.2.0/go.mod h1:+CZdzouYFn5EsxgqAQTEzMfwKwuc0fVdMrT9FCCAVRQ= github.com/intel/goresctrl v0.3.0/go.mod h1:fdz3mD85cmP9sHD8JUlrNWAxvwM86CrbmVXltEKd7zk= github.com/intel/goresctrl v0.8.0/go.mod h1:T3ZZnuHSNouwELB5wvOoUJaB7l/4Rm23rJy/wuWJlr0= github.com/j-keck/arping v0.0.0-20160618110441-2cf9dc699c56/go.mod h1:ymszkNOg6tORTn+6F6j+Jc8TOr5osrynvN6ivFWZ2GA= github.com/j-keck/arping v1.0.2/go.mod h1:aJbELhR92bSk7tp79AWM/ftfc90EfEi2bQJrbBFOsPw= github.com/jmespath/go-jmespath v0.0.0-20160803190731-bd40a432e4c7/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/josephspurrier/goversioninfo v1.4.0/go.mod h1:JWzv5rKQr+MmW+LvM412ToT/IkYDZjaclF2pKDss8IY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/klauspost/compress v1.11.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.12.3/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= github.com/klauspost/compress v1.16.0/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= github.com/klauspost/compress v1.16.7/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw= github.com/klauspost/cpuid/v2 v2.0.4/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= github.com/klauspost/cpuid/v2 v2.2.5/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws= github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg= github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA= github.com/lestrrat-go/backoff/v2 v2.0.8/go.mod h1:rHP/q/r9aT27n24JQLa7JhSQZCKBBOiM/uP402WwN8Y= github.com/lestrrat-go/blackmagic v1.0.0/go.mod h1:TNgH//0vYSs8VXDCfkZLgIrVTTXQELZffUV0tz3MtdQ= github.com/lestrrat-go/blackmagic v1.0.2/go.mod h1:UrEqBzIR2U6CnzVyUtfM6oZNMt/7O7Vohk2J0OGSAtU= github.com/lestrrat-go/httpcc v1.0.1/go.mod h1:qiltp3Mt56+55GPVCbTdM9MlqhvzyuL6W/NMDA8vA5E= github.com/lestrrat-go/iter v1.0.1/go.mod h1:zIdgO1mRKhn8l9vrZJZz9TUMMFbQbLeTsbqPDrJ/OJc= github.com/lestrrat-go/iter v1.0.2/go.mod h1:Momfcq3AnRlRjI5b5O8/G5/BvpzrhoFTZcn06fEOPt4= github.com/lestrrat-go/jwx v1.2.25/go.mod h1:zoNuZymNl5lgdcu6P7K6ie2QRll5HVfF4xwxBBK1NxY= github.com/lestrrat-go/jwx v1.2.29/go.mod h1:hU8k2l6WF0ncx20uQdOmik/Gjg6E3/wIRtXSNFeZuB8= github.com/lestrrat-go/option v1.0.0/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I= github.com/lestrrat-go/option v1.0.1/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I= github.com/linuxkit/virtsock v0.0.0-20201010232012-f8cee7dfc7a3/go.mod h1:3r6x7q95whyfWQpmGZTu3gk3v2YkMi05HEzl7Tf7YEo= github.com/lyft/protoc-gen-star/v2 v2.0.3/go.mod h1:amey7yeodaJhXSbf/TlLvWiqQfLOSpEk//mLlc+axEk= github.com/lyft/protoc-gen-star/v2 v2.0.4-0.20230330145011-496ad1ac90a4/go.mod h1:amey7yeodaJhXSbf/TlLvWiqQfLOSpEk//mLlc+axEk= github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0= github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs= github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/marstr/guid v1.1.0/go.mod h1:74gB1z2wpxxInTG6yaqA7KrtM0NZ+RbrcqDvYHefzho= github.com/mattn/go-shellwords v1.0.3/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o= github.com/mattn/go-shellwords v1.0.12/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y= github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= github.com/mdlayher/socket v0.4.1/go.mod h1:cAqeGjoufqdxWkD7DkpyS+wcefOtmu5OQ8KuoJGIReA= github.com/mdlayher/vsock v1.2.1/go.mod h1:NRfCibel++DgeMD8z/hP+PPTjlNJsdPOmxcnENvE+SE= github.com/miekg/dns v1.1.25/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso= github.com/miekg/dns v1.1.43/go.mod h1:+evo5L0630/F6ca/Z9+GAqzhjGyn8/c+TBaOyfEl0V4= github.com/miekg/dns v1.1.57/go.mod h1:uqRjCRUuEAA6qsOiJvDd+CFo/vW+y5WR6SNmHE55hZk= github.com/miekg/pkcs11 v1.1.1/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= github.com/minio/sha256-simd v1.0.0/go.mod h1:OuYzVNI5vcoYIAmbIvHPl3N3jUzVedXbKy5RFepssQM= github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible/go.mod h1:8AuVvqP/mXw1px98n46wfvcGfQ4ci2FwoAjKYxuo3Z4= github.com/mistifyio/go-zfs/v3 v3.0.1/go.mod h1:CzVgeB0RvF2EGzQnytKVvVSDwmKJXxkOTUGbNrTja/k= github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/osext v0.0.0-20151018003038-5e2d6d41470f/go.mod h1:OkQIRizQZAeMln+1tSwduZz7+Af5oFlKirV/MSYes2A= github.com/mndrix/tap-go v0.0.0-20171203230836-629fa407e90b/go.mod h1:pzzDgJWZ34fGzaAZGFW22KVZDfyrYW+QABMrWnJBnSs= github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo= github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c= github.com/moby/spdystream v0.4.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI= github.com/moby/sys/mountinfo v0.4.0/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2JI+6q0qou+A= github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI= github.com/moby/sys/sequential v0.5.0/go.mod h1:tH2cOOs5V9MlPiXcQzRC+eEyab644PWKGRYaaV5ZZlo= github.com/moby/sys/signal v0.6.0/go.mod h1:GQ6ObYZfqacOwTtlXvcmh9A26dVRul/hbOZn88Kg8Tg= github.com/moby/sys/signal v0.7.0/go.mod h1:GQ6ObYZfqacOwTtlXvcmh9A26dVRul/hbOZn88Kg8Tg= github.com/moby/sys/symlink v0.1.0/go.mod h1:GGDODQmbFOjFsXvfLVn3+ZRxkch54RkSiGqsZeMYowQ= github.com/moby/sys/symlink v0.2.0/go.mod h1:7uZVF2dqJjG/NsClqul95CqKOBRQyYSNnJ6BMgR/gFs= github.com/moby/sys/symlink v0.3.0/go.mod h1:3eNdhduHmYPcgsJtZXW1W4XUJdZGBIkttZ8xKqPUJq0= github.com/moby/term v0.0.0-20200312100748-672ec06f55cd/go.mod h1:DdlQx2hp0Ss5/fLikoLlEeIYiATotOjgB//nb973jeo= github.com/moby/term v0.0.0-20210610120745-9d4ed1856297/go.mod h1:vgPCkQMyxTZ7IDy8SXRufE172gr8+K/JE/7hHFxHW3A= github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y= github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc= github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= github.com/mrunalp/fileutils v0.5.1/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= github.com/ncw/swift v1.0.47/go.mod h1:23YIA4yWVnGwv2dQlN4bB7egfYX6YLn0Yo/S6zZO/ZM= github.com/networkplumbing/go-nft v0.2.0/go.mod h1:HnnM+tYvlGAsMU7yoYwXEVLLiDW9gdMmb5HoGcwpuQs= github.com/networkplumbing/go-nft v0.4.0/go.mod h1:HnnM+tYvlGAsMU7yoYwXEVLLiDW9gdMmb5HoGcwpuQs= github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= github.com/onsi/ginkgo v0.0.0-20151202141238-7f8ab55aaf3b/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= github.com/onsi/ginkgo v1.13.0/go.mod h1:+REjRxOmWfHCjfv9TTWB1jD1Frx4XydAD3zm1lskyM0= github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= github.com/onsi/ginkgo/v2 v2.1.3/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c= github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To= github.com/onsi/ginkgo/v2 v2.19.1/go.mod h1:O3DtEWQkPa/F7fBMgmZQKKsluAy8pd3rEQdrjkPb9zA= github.com/onsi/gomega v0.0.0-20151007035656-2152b45fa28a/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.15.0/go.mod h1:cIuvLEne0aoVhAgh/O6ac0Op8WWw9H6eYCriF+tEHG0= github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY= github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= github.com/onsi/gomega v1.34.0/go.mod h1:MIKI8c+f+QLWk+hxbePD4i0LMJSExPaZOVfkoex4cAo= github.com/open-policy-agent/opa v0.42.2/go.mod h1:MrmoTi/BsKWT58kXlVayBb+rYVeaMwuBm3nYAN3923s= github.com/open-policy-agent/opa v0.68.0/go.mod h1:5E5SvaPwTpwt2WM177I9Z3eT7qUpmOGjk1ZdHs+TZ4w= github.com/opencontainers/go-digest v0.0.0-20170106003457-a6d0ee40d420/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= github.com/opencontainers/go-digest v1.0.0-rc1.0.20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= github.com/opencontainers/image-spec v1.0.0/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= github.com/opencontainers/image-spec v1.0.2-0.20211117181255-693428a734f5/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= github.com/opencontainers/image-spec v1.0.2/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= github.com/opencontainers/image-spec v1.1.0-rc2.0.20221005185240-3a7f492d3f1b/go.mod h1:3OVijpioIKYWTqjiG0zfF6wvoJ4fAXGbjdZuI2NgsRQ= github.com/opencontainers/runc v0.0.0-20190115041553-12f6a991201f/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= github.com/opencontainers/runc v0.1.1/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= github.com/opencontainers/runc v1.0.0-rc8.0.20190926000215-3e425f80a8c9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= github.com/opencontainers/runc v1.0.0-rc9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= github.com/opencontainers/runc v1.0.0-rc93/go.mod h1:3NOsor4w32B2tC0Zbl8Knk4Wg84SM2ImC1fxBuqJ/H0= github.com/opencontainers/runc v1.1.0/go.mod h1:Tj1hFw6eFWp/o33uxGf5yF2BX5yz2Z6iptFpuvbbKqc= github.com/opencontainers/runc v1.1.2/go.mod h1:Tj1hFw6eFWp/o33uxGf5yF2BX5yz2Z6iptFpuvbbKqc= github.com/opencontainers/runc v1.1.5/go.mod h1:1J5XiS+vdZ3wCyZybsuxXZWGrgSr8fFJHLXuG2PsnNg= github.com/opencontainers/runc v1.1.14/go.mod h1:E4C2z+7BxR7GHXp0hAY53mek+x49X1LjPNeMTfRGvOA= github.com/opencontainers/runtime-spec v0.1.2-0.20190507144316-5b71a03e2700/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/runtime-spec v1.0.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/runtime-spec v1.0.2-0.20190207185410-29686dbc5559/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/runtime-spec v1.0.2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/runtime-spec v1.0.3-0.20200929063507-e6143ca7d51d/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/runtime-spec v1.0.3-0.20220825212826-86290f6a00fb/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/runtime-spec v1.1.0-rc.2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/runtime-spec v1.1.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/runtime-tools v0.0.0-20181011054405-1d69bd0f9c39/go.mod h1:r3f7wjNzSs2extwzU3Y+6pKfobzPh+kKFJ3ofN+3nfs= github.com/opencontainers/runtime-tools v0.9.0/go.mod h1:r3f7wjNzSs2extwzU3Y+6pKfobzPh+kKFJ3ofN+3nfs= github.com/opencontainers/runtime-tools v0.9.1-0.20221107090550-2e043c6bd626/go.mod h1:BRHJJd0E+cx42OybVYSgUvZmU0B8P9gZuRXlZUP7TKI= github.com/opencontainers/selinux v1.6.0/go.mod h1:VVGKuOLlE7v4PJyT6h7mNWvq1rzqiriPsEqVhc+svHE= github.com/opencontainers/selinux v1.8.0/go.mod h1:RScLhm78qiWa2gbVCcGkC7tCGdgk3ogry1nUQF8Evvo= github.com/opencontainers/selinux v1.9.1/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI= github.com/opencontainers/selinux v1.11.0/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec= github.com/pborman/uuid v1.2.1/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= github.com/pelletier/go-toml v1.8.1/go.mod h1:T2/BmBdy8dvIRq1a/8aqjN41wvWlN4lrapLU/GW4pbc= github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= github.com/pelletier/go-toml/v2 v2.2.3/go.mod h1:MfCQTFTvCcUyyvvwm1+G6H/jORL20Xlb6rzQu9GuUkc= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= github.com/peterh/liner v0.0.0-20170211195444-bf27d3ba8e1d/go.mod h1:xIteQHvHuaLYG9IFj6mSxM0fCKrs34IrEQUhOYuGPHc= github.com/peterh/liner v1.2.2/go.mod h1:xFwJyiKIXJZUKItq5dGHZSTBRAuG/CpeNpWLyiNRNwI= github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5/go.mod h1:iIss55rKnNBTvrwdmkUpLnDpZoAHvWaiq5+iMmen4AE= github.com/pierrec/lz4/v4 v4.1.18/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4= github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= github.com/pkg/errors v0.8.1-0.20171018195549-f15c970de5b7/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qRg= github.com/pkg/sftp v1.13.6/go.mod h1:tz1ryNURKu77RL+GuCzmoJYxQczL3wLNNpPWagdg4Qk= github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10/go.mod h1:t/avpk3KcrXxUnYOhZhMXJlSEyie6gQbtLq5NM3loB8= github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA= github.com/pquerna/cachecontrol v0.1.0/go.mod h1:NrUG3Z7Rdu85UNR3vm7SOsl1nFIeSiQnrHV5K9mBcUI= github.com/prashantv/gostub v1.1.0/go.mod h1:A5zLQHz7ieHGG7is6LLXLz7I8+3LZzsrV0P1IAHhP5U= github.com/prometheus/client_golang v0.0.0-20180209125602-c332b6f63c06/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g= github.com/prometheus/client_golang v1.11.1/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY= github.com/prometheus/client_golang v1.12.2/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY= github.com/prometheus/client_golang v1.14.0/go.mod h1:8vpkKitgIVNcqrRBWh1C4TIUQgYNtG/XQE4E/Zae36Y= github.com/prometheus/client_golang v1.16.0/go.mod h1:Zsulrv/L9oM40tJ7T815tM89lFEugiJ9HzIqaAx4LKc= github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJLZUq1hoULYBAYBw1Ho= github.com/prometheus/client_golang v1.20.2/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= github.com/prometheus/client_golang v1.20.5/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= github.com/prometheus/client_model v0.0.0-20171117100541-99fa1f4be8e5/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w= github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI= github.com/prometheus/client_model v0.6.0/go.mod h1:NTQHnmxFpouOD0DpvP4XujX3CdOAGQPoaGhyTchlyt8= github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= github.com/prometheus/common v0.0.0-20180110214958-89604d197083/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc= github.com/prometheus/common v0.30.0/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= github.com/prometheus/common v0.37.0/go.mod h1:phzohg0JFMnBEFGxTDbfu3QyL5GI8gTQJFhYO5B3mfA= github.com/prometheus/common v0.42.0/go.mod h1:xBwqVerjNdUDjgODMpudtOMwlOwf2SaTr1yjz4b7Zbc= github.com/prometheus/common v0.55.0/go.mod h1:2SECS4xJG1kd8XF9IcM1gMX6510RAEL65zxzNImwdc8= github.com/prometheus/procfs v0.0.0-20180125133057-cb4147076ac7/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190522114515-bc1a522cf7b1/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ= github.com/prometheus/procfs v0.0.5/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ= github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/procfs v0.10.1/go.mod h1:nwNm2aOCAYw8uTR/9bWRREkZFxAUcWzPHWJq+XBB/FM= github.com/rcrowley/go-metrics v0.0.0-20200313005456-10cdbea86bc0/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o= github.com/russross/blackfriday v1.6.0/go.mod h1:ti0ldHuxg49ri4ksnFxlkCfN+hvslNlmVHqNRXXJNAY= github.com/safchain/ethtool v0.0.0-20190326074333-42ed695e3de8/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4= github.com/safchain/ethtool v0.0.0-20210803160452-9aa261dae9b1/go.mod h1:Z0q5wiBQGYcxhMZ6gUqHn6pYNLypFAvaL3UvgZLR0U4= github.com/safchain/ethtool v0.4.0/go.mod h1:XLLnZmy4OCRTkksP/UiMjij96YmIsBfmBQcs7H6tA48= github.com/sagikazarmark/locafero v0.4.0/go.mod h1:Pe1W6UlPYUk/+wc/6KFhbORCfqzgYEpgQ3O5fPuL3H4= github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ= github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= github.com/sclevine/agouti v3.0.0+incompatible/go.mod h1:b4WX9W9L1sfQKXeJf1mUTLZKJ48R1S7H23Ji7oFO5Bw= github.com/seccomp/libseccomp-golang v0.9.1/go.mod h1:GbW5+tmTXfcxTToHLXlScSlAvWlF4P2Ca7zGrPiEpWo= github.com/seccomp/libseccomp-golang v0.9.2-0.20210429002308-3879420cc921/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg= github.com/seccomp/libseccomp-golang v0.9.2-0.20220502022130-f33da4d89646/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg= github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I= github.com/sirupsen/logrus v1.0.4-0.20170822132746-89742aefa4b2/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc= github.com/sirupsen/logrus v1.0.6/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc= github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q= github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0= github.com/spaolacci/murmur3 v1.1.0/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= github.com/spf13/afero v1.10.0/go.mod h1:UBogFpq8E9Hx+xc5CNTTEpTnuHVmXDwZcZcE1eb/UhQ= github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY= github.com/spf13/cast v1.6.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= github.com/spf13/cobra v0.0.2-0.20171109065643-2da4a54c5cee/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= github.com/spf13/cobra v1.4.0/go.mod h1:Wo4iy3BUC+X2Fybo0PDqwJIv3dNRiZLHQymsfxlB84g= github.com/spf13/cobra v1.5.0/go.mod h1:dWXEIy2H428czQCjInthrTRUg7yKbok+2Qi/yBIJoUM= github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.1-0.20171106142849-4c012f6dcd95/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/viper v1.18.2/go.mod h1:EKmWIqdnk5lOcmR72yw6hS+8OPYcwD0jteitLMVB+yk= github.com/spiffe/go-spiffe/v2 v2.5.0/go.mod h1:P+NxobPc6wXhVtINNtFjNWGBTreew1GBUCwT2wPmb7g= github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980/go.mod h1:AO3tvPzVZ/ayst6UlUKUv6rcPQInYe3IknH3jYhAKu8= github.com/stefanberger/go-pkcs11uri v0.0.0-20230803200340-78284954bff6/go.mod h1:39R/xuhNgVhi+K0/zst4TLrJrVmbm6LVgl4A0+ZFS5M= github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= github.com/stretchr/objx v0.0.0-20180129172003-8a3f7159479f/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= github.com/stretchr/testify v0.0.0-20180303142811-b89eecf5ca5d/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU= github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/tchap/go-patricia v2.2.6+incompatible/go.mod h1:bmLyhP68RS6kStMGxByiQ23RP/odRBOTVjwp2cDyi6I= github.com/tchap/go-patricia/v2 v2.3.1/go.mod h1:VZRHKAb53DLaG+nA9EaYYiaEx6YztwDlLElMsnSHD4k= github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75/go.mod h1:KO6IkyS8Y3j8OdNO85qEYBsRPuteD+YciPomcXdrMnk= github.com/tv42/httpunix v0.0.0-20191220191345-2ba4b9c3382c/go.mod h1:hzIxponao9Kjc7aWznkXaL4U4TWaDSs8zcsY4Ka08nM= github.com/urfave/cli v0.0.0-20171014202726-7bc6a0acffa5/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= github.com/urfave/cli v1.19.1/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/urfave/cli v1.22.12/go.mod h1:sSBEIC79qR6OvcmsD4U3KABeOTxDqQtdDnaFuUN30b8= github.com/urfave/cli v1.22.15/go.mod h1:wSan1hmo5zeyLGBjRJbzRTNk8gwoYa2B9n4q9dmRIc0= github.com/urfave/cli/v2 v2.27.5/go.mod h1:3Sevf16NykTbInEnD0yKkjDAeZDS0A6bzhBH5hrMvTQ= github.com/vbatts/tar-split v0.11.2/go.mod h1:vV3ZuO2yWSVsz+pfFzDG/upWH1JhjOiEaWq6kXyQ3VI= github.com/vbatts/tar-split v0.11.3/go.mod h1:9QlHN18E+fEH7RdG+QAJJcuya3rqT7eXSTY7wGrAokY= github.com/vektah/gqlparser/v2 v2.4.5/go.mod h1:flJWIR04IMQPGz+BXLrORkrARBxv/rtyIAFvd/MceW0= github.com/veraison/go-cose v1.0.0-rc.1/go.mod h1:7ziE85vSq4ScFTg6wyoMXjucIGOf4JkFEZi/an96Ct4= github.com/veraison/go-cose v1.1.0/go.mod h1:7ziE85vSq4ScFTg6wyoMXjucIGOf4JkFEZi/an96Ct4= github.com/veraison/go-cose v1.2.0/go.mod h1:7ziE85vSq4ScFTg6wyoMXjucIGOf4JkFEZi/an96Ct4= github.com/vishvananda/netlink v0.0.0-20181108222139-023a6dafdcdf/go.mod h1:+SR5DhBJrl6ZM7CoCKvpw5BKroDKQ+PJqOg65H/2ktk= github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE= github.com/vishvananda/netlink v1.1.1-0.20210330154013-f5de75959ad5/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho= github.com/vishvananda/netlink v1.2.1-beta.2/go.mod h1:twkDnbuQxJYemMlGd4JFIcuhgX83tXhKS2B/PRMpOho= github.com/vishvananda/netlink v1.3.0/go.mod h1:i6NetklAujEcC6fK0JPjT8qSwWyO0HLn4UKG+hGqeJs= github.com/vishvananda/netns v0.0.0-20180720170159-13995c7128cc/go.mod h1:ZjcWmFBXmLKZu9Nxj3WKYEafiSqer2rnvPr0en9UNpI= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0= github.com/vishvananda/netns v0.0.0-20210104183010-2eb08e3e575f/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0= github.com/vishvananda/netns v0.0.4/go.mod h1:SpkAiCQRtJ6TvvxPnOSyH3BMl6unz3xZlaprSwhNNJM= github.com/willf/bitset v1.1.11-0.20200630133818-d5bec3311243/go.mod h1:RjeCKbqT1RxIR/KWY6phxZiaY1IyutSBfGjNPySAYV4= github.com/willf/bitset v1.1.11/go.mod h1:83CECat5yLh5zVOf4P1ErAgKA5UDvKtgyUABdr3+MjI= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ= github.com/xeipuuv/gojsonschema v0.0.0-20180618132009-1d523034197f/go.mod h1:5yf86TLmAcydyeJq5YvxkGPE2fm/u4myDekKRoLuqhs= github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y= github.com/xhit/go-str2duration v1.2.0/go.mod h1:3cPSlfZlUHVlneIVfePFWcJZsuwf+P1v2SRTV4cUmp4= github.com/xhit/go-str2duration/v2 v2.1.0/go.mod h1:ohY8p+0f07DiV6Em5LKB0s2YpLtXVyJfNt1+BlmyAsU= github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1/go.mod h1:Ohn+xnUBiLI6FVj/9LpzZWtj1/D6lUovWYBkxHVV3aM= github.com/yashtewari/glob-intersection v0.1.0/go.mod h1:LK7pIC3piUjovexikBbJ26Yml7g8xa5bsjfx2v1fwok= github.com/yashtewari/glob-intersection v0.2.0/go.mod h1:LK7pIC3piUjovexikBbJ26Yml7g8xa5bsjfx2v1fwok= github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43/go.mod h1:aX5oPXxHm3bOH+xeAttToC8pqch2ScQN/JoXYupl6xs= github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50/go.mod h1:NUSPSUX/bi6SeDMUh6brw0nXpxHnc96TguQh0+r/ssA= github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f/go.mod h1:GlGEuHIJweS1mbCqG+7vt2nvWLzLLnRHbXz5JKd/Qbg= github.com/zeebo/errs v1.4.0/go.mod h1:sgbWHsvVuTPHcqJJGQ1WhI5KbWlHYz+2+2C/LSEtCw4= github.com/zeebo/xxh3 v1.0.2/go.mod h1:5NWz9Sef7zIDm2JHfFlcQvNekmcEl9ekUZQQKCYaDcA= go.einride.tech/aip v0.67.1/go.mod h1:ZGX4/zKw8dcgzdLsrvpOOGxfxI2QSk12SlP7d6c0/XI= go.einride.tech/aip v0.68.0/go.mod h1:7y9FF8VtPWqpxuAxl0KQWqaULxW4zFIesD6zF5RIHHg= go.einride.tech/aip v0.68.1/go.mod h1:XaFtaj4HuA3Zwk9xoBtTWgNubZ0ZZXv9BZJCkuKuWbg= go.etcd.io/bbolt v1.3.7/go.mod h1:N9Mkw9X8x5fupy0IKsmuqVtoGDyxsaDlbk4Rd05IAQw= go.etcd.io/bbolt v1.3.9/go.mod h1:zaO32+Ti0PK1ivdPtgMESzuzL2VPoIG1PCQNvOdo/dE= go.etcd.io/bbolt v1.3.10/go.mod h1:bK3UQLPJZly7IlNmV7uVHJDxfe5aK9Ll93e/74Y9oEQ= go.etcd.io/bbolt v1.3.11/go.mod h1:dksAq7YMXoljX0xu6VF5DMZGbhYYoLUalEiSySYAS4I= go.etcd.io/etcd v0.5.0-alpha.5.0.20200910180754-dd1b699fc489/go.mod h1:yVHk9ub3CSBatqGNg7GRmsnfLWtoW60w4eDYfh7vHDg= go.etcd.io/etcd/api/v3 v3.5.14/go.mod h1:BmtWcRlQvwa1h3G2jvKYwIQy4PkHlDej5t7uLMUdJUU= go.etcd.io/etcd/client/pkg/v3 v3.5.14/go.mod h1:8uMgAokyG1czCtIdsq+AGyYQMvpIKnSvPjFMunkgeZI= go.etcd.io/etcd/client/v2 v2.305.13/go.mod h1:iQnL7fepbiomdXMb3om1rHq96htNNGv2sJkEcZGDRRg= go.etcd.io/etcd/client/v3 v3.5.14/go.mod h1:k3XfdV/VIHy/97rqWjoUzrj9tk7GgJGH9J8L4dNXmAk= go.etcd.io/etcd/pkg/v3 v3.5.13/go.mod h1:N+4PLrp7agI/Viy+dUYpX7iRtSPvKq+w8Y14d1vX+m0= go.etcd.io/etcd/raft/v3 v3.5.13/go.mod h1:uUFibGLn2Ksm2URMxN1fICGhk8Wu96EfDQyuLhAcAmw= go.etcd.io/etcd/server/v3 v3.5.13/go.mod h1:K/8nbsGupHqmr5MkgaZpLlH1QdX1pcNQLAkODy44XcQ= go.etcd.io/gofail v0.1.0/go.mod h1:VZBCXYGZhHAinaBiiqYvuDynvahNsAyLFwB3kEHKz1M= go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk= go.mozilla.org/pkcs7 v0.9.0/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk= go.opentelemetry.io/contrib v0.20.0 h1:ubFQUn0VCZ0gPwIoJfBJVpeBlyRMxu8Mm/huKWYd9p0= go.opentelemetry.io/contrib/detectors/gcp v1.29.0/go.mod h1:GW2aWZNwR2ZxDLdv8OyC2G8zkRoQBuURgV7RPQgcPoU= go.opentelemetry.io/contrib/detectors/gcp v1.35.0/go.mod h1:qGWP8/+ILwMRIUf9uIVLloR1uo5ZYAslM4O6OqUi1DA= go.opentelemetry.io/contrib/detectors/gcp v1.36.0/go.mod h1:IbBN8uAIIx734PTonTPxAxnjc2pQTxWNkwfstZ+6H2k= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.28.0/go.mod h1:vEhqr0m4eTc+DWxfsXoXue2GBgV2uUwVznkGIHW/e5w= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.45.0/go.mod h1:vsh3ySueQCiKPxFLvjWC4Z135gIa34TQ/NSqkDTZYUM= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0/go.mod h1:Mjt1i1INqiaoZOMGR1RIUJN+i3ChKoFRqzrRQhlkbs0= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0/go.mod h1:B9yO6b04uB80CzjedvewuqDhxJxi11s7/GtiGa8bAjI= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0/go.mod h1:rg+RlpR5dKwaS95IyyZqj5Wd4E13lk/msnTS0Xl9lJM= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.20.0/go.mod h1:2AboqHi0CiIZU0qwhtUfCYD1GeUzvvIXWNkhDt7ZMG4= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.32.0/go.mod h1:5eCOqeGphOyz6TsY3ZDNjE33SM/TFAK3RGuCL2naTgY= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0/go.mod h1:62CPTSry9QZtOaSsE3tOzhx6LzDhHnXJ6xHeMNNiM6Q= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0/go.mod h1:SK2UL73Zy1quvRPonmOmRDiWk1KBV3LyIeeIxcEApWw= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0/go.mod h1:p8pYQP+m5XfbZm9fxtSKAbM6oIllS7s2AfxrChvc7iw= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0/go.mod h1:jjdQuTGVsXV4vSs+CJ2qYDeDPf9yIJV23qlIzBm73Vg= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0/go.mod h1:L7UH0GbB0p47T4Rri3uHjbpCFYrVrwc1I25QhNPiGK8= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0/go.mod h1:69uWxva0WgAA/4bu2Yy70SLDBwZXuQ6PbBpbsa5iZrQ= go.opentelemetry.io/otel v1.3.0/go.mod h1:PWIKzi6JCp7sM0k9yZ43VX+T345uNbAkDKwHVjb2PTs= go.opentelemetry.io/otel v1.7.0/go.mod h1:5BdUoMIz5WEs0vt0CUEMtSSaTSHBBVwrhnz7+nrD5xk= go.opentelemetry.io/otel v1.19.0/go.mod h1:i0QyjOq3UPoTzff0PJB2N66fb4S0+rSbSB15/oyH9fY= go.opentelemetry.io/otel v1.21.0/go.mod h1:QZzNPQPm1zLX4gZK4cMi+71eaorMSGT3A4znnUvNNEo= go.opentelemetry.io/otel v1.22.0/go.mod h1:eoV4iAi3Ea8LkAEI9+GFT44O6T/D0GWAVFyZVCC6pMI= go.opentelemetry.io/otel v1.24.0/go.mod h1:W7b9Ozg4nkF5tWI5zsXkaKKDjdVjpD4oAt9Qi/MArHo= go.opentelemetry.io/otel v1.28.0/go.mod h1:q68ijF8Fc8CnMHKyzqL6akLO46ePnjkgfIMIjUIX9z4= go.opentelemetry.io/otel v1.29.0/go.mod h1:N/WtXPs1CNCUEx+Agz5uouwCba+i+bJGFicT8SR4NP8= go.opentelemetry.io/otel v1.35.0/go.mod h1:UEqy8Zp11hpkUrL73gSlELM0DupHoiq72dR+Zqel/+Y= go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.3.0/go.mod h1:VpP4/RMn8bv8gNo9uK7/IMY4mtWLELsS+JIP0inH0h4= go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.7.0/go.mod h1:M1hVZHNxcbkAlcvrOMlpQ4YOO3Awf+4N2dxkZL3xm04= go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.10.0/go.mod h1:78XhIg8Ht9vR4tbLNUhXsiOnE2HOuSeKAiAcoVQEpOY= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.3.0/go.mod h1:hO1KLR7jcKaDDKDkvI9dP/FIhpmna5lkqPUQdEjFAM8= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.7.0/go.mod h1:ceUgdyfNv4h4gLxHR0WNfDiiVmZFodZhZSbOLhpxqXE= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.19.0/go.mod h1:IPtUMKL4O3tH5y+iXVyAXqpAwMuzC1IrxVS81rummfE= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0/go.mod h1:s75jGIWA9OfCMzF0xr+ZgfrB5FEbbV7UuYo32ahUiFI= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.31.0/go.mod h1:B5Ki776z/MBnVha1Nzwp5arlzBbE3+1jk+pGmaP5HME= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.3.0/go.mod h1:keUU7UfnwWTWpJ+FWnyqmogPa82nuU5VUANFq49hlMY= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.7.0/go.mod h1:E+/KKhwOSw8yoPxSSuUHG6vKppkvhN+S1Jc7Nib3k3o= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.19.0/go.mod h1:0+KuTDyKL4gjKCF75pHOX4wuzYDUZYfAQdSu43o+Z2I= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0/go.mod h1:MOiCmryaYtc+V0Ei+Tx9o5S1ZjA7kzLucuVuyzBZloQ= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.31.0/go.mod h1:TMu73/k1CP8nBUpDLc71Wj/Kf7ZS9FK5b53VapRsP9o= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.3.0/go.mod h1:QNX1aly8ehqqX1LEa6YniTU7VY9I6R3X/oPxhGdTceE= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.19.0/go.mod h1:oVdCUtjq9MK9BlS7TtucsQwUcXcymNiEDjgDD2jMtZU= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.31.0/go.mod h1:2HpZxxQurfGxJlJDblybejHB6RX6pmExPNe517hREw4= go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.35.0/go.mod h1:U2R3XyVPzn0WX7wOIypPuptulsMcPDPs/oiSVOMVnHY= go.opentelemetry.io/otel/metric v0.30.0/go.mod h1:/ShZ7+TS4dHzDFmfi1kSXMhMVubNoP0oIaBp70J6UXU= go.opentelemetry.io/otel/metric v1.19.0/go.mod h1:L5rUsV9kM1IxCj1MmSdS+JQAcVm319EUrDVLrt7jqt8= go.opentelemetry.io/otel/metric v1.21.0/go.mod h1:o1p3CA8nNHW8j5yuQLdc1eeqEaPfzug24uvsyIEJRWM= go.opentelemetry.io/otel/metric v1.22.0/go.mod h1:evJGjVpZv0mQ5QBRJoBF64yMuOf4xCWdXjK8pzFvliY= go.opentelemetry.io/otel/metric v1.24.0/go.mod h1:VYhLe1rFfxuTXLgj4CBiyz+9WYBA8pNGJgDcSFRKBco= go.opentelemetry.io/otel/metric v1.28.0/go.mod h1:Fb1eVBFZmLVTMb6PPohq3TO9IIhUisDsbJoL/+uQW4s= go.opentelemetry.io/otel/metric v1.29.0/go.mod h1:auu/QWieFVWx+DmQOUMgj0F8LHWdgalxXqvp7BII/W8= go.opentelemetry.io/otel/metric v1.35.0/go.mod h1:nKVFgxBZ2fReX6IlyW28MgZojkoAkJGaE8CpgeAU3oE= go.opentelemetry.io/otel/sdk v1.3.0/go.mod h1:rIo4suHNhQwBIPg9axF8V9CA72Wz2mKF1teNrup8yzs= go.opentelemetry.io/otel/sdk v1.7.0/go.mod h1:uTEOTwaqIVuTGiJN7ii13Ibp75wJmYUDe374q6cZwUU= go.opentelemetry.io/otel/sdk v1.19.0/go.mod h1:NedEbbS4w3C6zElbLdPJKOpJQOrGUJ+GfzpjUvI0v1A= go.opentelemetry.io/otel/sdk v1.21.0/go.mod h1:Nna6Yv7PWTdgJHVRD9hIYywQBRx7pbox6nwBnZIxl/E= go.opentelemetry.io/otel/sdk v1.29.0/go.mod h1:pM8Dx5WKnvxLCb+8lG1PRNIDxu9g9b9g59Qr7hfAAok= go.opentelemetry.io/otel/sdk v1.35.0/go.mod h1:+ga1bZliga3DxJ3CQGg3updiaAJoNECOgJREo9KHGQg= go.opentelemetry.io/otel/sdk/metric v1.29.0/go.mod h1:6zZLdCl2fkauYoZIOn/soQIDSWFmNSRcICarHfuhNJQ= go.opentelemetry.io/otel/sdk/metric v1.35.0/go.mod h1:is6XYCUMpcKi+ZsOvfluY5YstFnhW0BidkR+gL+qN+w= go.opentelemetry.io/otel/trace v1.3.0/go.mod h1:c/VDhno8888bvQYmbYLqe41/Ldmr/KKunbvWM4/fEjk= go.opentelemetry.io/otel/trace v1.7.0/go.mod h1:fzLSB9nqR2eXzxPXb2JW9IKE+ScyXA48yyE4TNvoHqU= go.opentelemetry.io/otel/trace v1.19.0/go.mod h1:mfaSyvGyEJEI0nyV2I4qhNQnbBOUUmYZpYojqMnX2vo= go.opentelemetry.io/otel/trace v1.21.0/go.mod h1:LGbsEB0f9LGjN+OZaQQ26sohbOmiMR+BaslueVtS/qQ= go.opentelemetry.io/otel/trace v1.22.0/go.mod h1:RbbHXVqKES9QhzZq/fE5UnOSILqRt40a21sPw2He1xo= go.opentelemetry.io/otel/trace v1.24.0/go.mod h1:HPc3Xr/cOApsBI154IU0OI0HJexz+aw5uPdbs3UCjNU= go.opentelemetry.io/otel/trace v1.28.0/go.mod h1:jPyXzNPg6da9+38HEwElrQiHlVMTnVfM3/yv2OlIHaI= go.opentelemetry.io/otel/trace v1.29.0/go.mod h1:eHl3w0sp3paPkYstJOmAimxhiFXPg+MMTlEh3nsQgWQ= go.opentelemetry.io/otel/trace v1.35.0/go.mod h1:WUk7DtFp1Aw2MkvqGdwiXYDZZNvA/1J8o6xRXLrIkyc= go.opentelemetry.io/proto/otlp v0.11.0/go.mod h1:QpEjXPrNQzrFDZgoTo49dgHR9RYRSrg3NAKnUGl9YpQ= go.opentelemetry.io/proto/otlp v0.16.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U= go.opentelemetry.io/proto/otlp v1.0.0/go.mod h1:Sy6pihPLfYHkr3NkUbEhGHFhINUSI/v80hjKIs5JXpM= go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8= go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/automaxprocs v1.5.1/go.mod h1:BF4eumQw0P9GtnuxxovUd06vwm1o18oMzFtK66vU6XU= go.uber.org/automaxprocs v1.5.3/go.mod h1:eRbA25aqJrxAbsLO0xy5jVwPt7FQnRgjW+efnwa1WM0= go.uber.org/goleak v1.1.12/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= go.uber.org/goleak v1.2.1/go.mod h1:qlT2yGI9QafXHhZZLxlSuNsMw3FFLxBr+tBRlmO1xH4= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= go.uber.org/mock v0.4.0/go.mod h1:a6FSlNadKUHUa9IP5Vyt1zh4fC7uAwxMutEAscFbkZc= go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so= golang.org/x/crypto v0.0.0-20171113213409-9f005a07e0d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181009213950-7c1a557ab941/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220427172511-eb4f295cb31f/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0= golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw= golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k= golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M= golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54= golang.org/x/crypto v0.27.0/go.mod h1:1Xngt8kV6Dvbssa53Ziq6Eqn0HqbZi5Z6R0ZpwQzt70= golang.org/x/crypto v0.28.0 h1:GBDwsMXVQi34v5CCYUm2jkJvu4cbtru2U4TN2PSyQnw= golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U= golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc= golang.org/x/crypto v0.35.0/go.mod h1:dy7dXNW32cAb/6/PRuTNsix8T+vJAqvuIy5Bli/x0YQ= golang.org/x/crypto v0.37.0/go.mod h1:vg+k43peMZ0pUMhYmVAWysMK35e6ioLh3wB8ZCAfbVc= golang.org/x/crypto v0.38.0/go.mod h1:MvrbAqul58NNYPKnOra203SB9vpuZW0e+RRZV+Ggqjw= golang.org/x/crypto v0.40.0/go.mod h1:Qr1vMER5WyS2dfPHAlsOj01wgLbsyWtFn/aY+5+ZdxY= golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= golang.org/x/exp v0.0.0-20230515195305-f3d0a9c9a5cc/go.mod h1:V1LtkGg67GoY2N1AnLN78QLrzxkLyJw7RJb1gzOOz9w= golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo= golang.org/x/exp v0.0.0-20231214170342-aacd6d4b4611/go.mod h1:iRJReGqOEeBhDZGkGbynYwcHlctCvnjTYIamk7uXpHI= golang.org/x/exp v0.0.0-20240409090435-93d18d7e34b8/go.mod h1:/lliqkxwWAhPjf5oSOIJup2XcqJaw8RGS6k3TGEc7GI= golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.9.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.11.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.13.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/mod v0.19.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/mod v0.20.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= golang.org/x/mod v0.26.0/go.mod h1:/j6NAhSk8iQ723BGAUyoAcn7SlD7s15Dp9Nd/SfeaFQ= golang.org/x/net v0.0.0-20181011144130-49bb7cea24b1/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk= golang.org/x/net v0.0.0-20210520170846-37e1c6afe023/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211123203042-d83791d6bcd9/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211216030914-fe4d6282115f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ= golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI= golang.org/x/net v0.16.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg= golang.org/x/net v0.29.0/go.mod h1:gLkgy8jTGERgjzMic6DS9+SP0ajcu6Xu3Orq/SpETg0= golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k= golang.org/x/net v0.37.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8= golang.org/x/net v0.39.0/go.mod h1:X7NRbYVEA+ewNkCNyJ513WmMdQ3BineSwVtN2zD/d+E= golang.org/x/net v0.40.0/go.mod h1:y0hY0exeL2Pku80/zKK7tpntoX23cqL3Oa6njdgRtds= golang.org/x/net v0.41.0/go.mod h1:B/K4NNqkfmg07DQYrbwvSluqCJOOXwUjeb/5lOisjbA= golang.org/x/net v0.42.0/go.mod h1:FF1RA5d3u7nAYA4z2TkclSCKh68eSXtiFwcWQpPXdt8= golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE= golang.org/x/oauth2 v0.10.0/go.mod h1:kTpgurOux7LqtuxjuyZa4Gj2gdezIt/jQtGnNFfypQI= golang.org/x/oauth2 v0.11.0/go.mod h1:LdF7O/8bLR/qWK9DrpXmbHLTouvRHK0SgJl0GmDBchk= golang.org/x/oauth2 v0.15.0/go.mod h1:q48ptWNTY5XWf+JNten23lcvHpLJ0ZSxF5ttTHKVCAM= golang.org/x/oauth2 v0.16.0/go.mod h1:hqZ+0LWXsiVoZpeld6jVt06P3adbS2Uu911W1SsJv2o= golang.org/x/oauth2 v0.17.0/go.mod h1:OzPDGQiuQMguemayvdylqddI7qcD9lnSDb+1FiwQ5HA= golang.org/x/oauth2 v0.18.0/go.mod h1:Wf7knwG0MPoWIMMBgFlEaSUDaKskp0dCfrlJRJXbBi8= golang.org/x/oauth2 v0.19.0/go.mod h1:vYi7skDa1x015PmRRYZ7+s1cWyPgrPiSYRe4rnsexc8= golang.org/x/oauth2 v0.22.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/oauth2 v0.24.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/oauth2 v0.28.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8= golang.org/x/oauth2 v0.29.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8= golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sync v0.13.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= golang.org/x/sync v0.14.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= golang.org/x/sys v0.0.0-20190514135907-3a4b5fb9f71f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190522044717-8097e1b27ff5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190602015325-4c4f7f33c9ed/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190812073006-9eafafc0a87e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191022100944-742c48ecaeb7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191115151921-52ab43148777/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191210023423-ac6580df4449/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200120151820-655fe14d7479/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200124204421-9fbb57f87de9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200217220822-9197077df867/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200622214017-ed371f2e16b4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200728102440-3e129f6d46b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200817155316-9781c653f443/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200831180312-196b9ba8737a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200909081042-eff7692f9009/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200916030750-2334cc1a136f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200922070232-aee5d888a860/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201112073958-5cba982894dd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201202213521-69691e467435/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210903071746-97244b99971b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220906165534-d0df966e6959/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.23.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo= golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= golang.org/x/sys v0.32.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= golang.org/x/sys v0.34.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE= golang.org/x/telemetry v0.0.0-20240521205824-bda55230c457/go.mod h1:pRgIJT+bRLFKnoM1ldnzKoxTIn14Yxz928LQRYYgIN0= golang.org/x/telemetry v0.0.0-20250710130107-8d8967aff50b/go.mod h1:4ZwOYna0/zsOKwuR5X/m0QFOJpSZvAxFfkQT+Erd9D4= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= golang.org/x/term v0.22.0/go.mod h1:F3qCibpT5AMpCRfhfT53vVJwhLtIVHhB9XDjfFvnMI4= golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M= golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM= golang.org/x/term v0.34.0/go.mod h1:5jC53AEywhIVebHgPVeg0mj8OD3VO9OzclacVrqpaAw= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= golang.org/x/text v0.18.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM= golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4= golang.org/x/text v0.24.0/go.mod h1:L8rBsPeo2pSS+xqN0d5u2ikmjtmoJbDBT1b7nHvFCdU= golang.org/x/text v0.25.0/go.mod h1:WEdwpYrmk1qmdHvhkSTNPm3app7v4rsT8F2UD6+VHIA= golang.org/x/text v0.26.0/go.mod h1:QK15LZJUUQVJxhz7wXgxSy/CJaTFjd0G+YLonydOVQA= golang.org/x/text v0.27.0/go.mod h1:1D28KMCvyooCX9hBiosv5Tz/+YLxj0j7XhWjpSUF7CU= golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20220210224613-90d013bbcef8/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/time v0.6.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/time v0.8.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/time v0.11.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg= golang.org/x/tools v0.0.0-20190614205625-5aca471b1d59/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190624222133-a101b041ded4/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.9/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/tools v0.7.0/go.mod h1:4pg6aUX35JBAogB10C9AtvVL+qowtN4pT3CGSQex14s= golang.org/x/tools v0.10.0/go.mod h1:UJwyiVBsOA2uwvK/e5OY3GTpDUJriEd+/YlqAwLPmyM= golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= golang.org/x/tools v0.14.0/go.mod h1:uYBEerGOWcJyEORxN+Ek8+TT266gXkNlHdJBwexUsBg= golang.org/x/tools v0.21.0/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c= golang.org/x/tools v0.23.0/go.mod h1:pnu6ufv6vQkll6szChhK3C3L/ruaIv5eBeztNG8wtsI= golang.org/x/tools v0.24.0/go.mod h1:YhNqVBIfWHdzvTLs0d8LCuMhkKUgSUKldakyV7W/WDQ= golang.org/x/tools v0.34.0/go.mod h1:pAP9OwEaY1CAW3HOmg3hLZC5Z0CCmzjAF2UQMSqNARg= golang.org/x/tools v0.35.0/go.mod h1:NKdj5HkL/73byiZSJjqJgKn3ep7KjFkBOkR/Hps3VPw= golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028/go.mod h1:NDW/Ps6MPRej6fsCIbMTohpP40sJ/P/vI1MoTEGwX90= golang.org/x/xerrors v0.0.0-20240903120638-7835f813f4da/go.mod h1:NDW/Ps6MPRej6fsCIbMTohpP40sJ/P/vI1MoTEGwX90= google.golang.org/api v0.0.0-20160322025152-9bf6e6e569ff/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0= google.golang.org/api v0.128.0/go.mod h1:Y611qgqaE92On/7g65MQgxYul3c0rEB894kniWLY750= google.golang.org/api v0.152.0/go.mod h1:3qNJX5eOmhiWYc67jRA/3GsDw97UFb5ivv7Y2PrriAY= google.golang.org/api v0.162.0/go.mod h1:6SulDkfoBIg4NFmCuZ39XeeAgSHCPecfSUuDyYlAHs0= google.golang.org/api v0.169.0/go.mod h1:gpNOiMA2tZ4mf5R9Iwf4rK/Dcz0fbdIgWYWVoxmsyLg= google.golang.org/api v0.177.0/go.mod h1:srbhue4MLjkjbkux5p3dw/ocYOSZTaIEvf7bCOnFQDw= google.golang.org/api v0.178.0/go.mod h1:84/k2v8DFpDRebpGcooklv/lais3MEfqpaBLA12gl2U= google.golang.org/api v0.180.0/go.mod h1:51AiyoEg1MJPSZ9zvklA8VnRILPXxn1iVen9v25XHAE= google.golang.org/api v0.183.0/go.mod h1:q43adC5/pHoSZTx5h2mSmdF7NcyfW9JuDyIOJAgS9ZQ= google.golang.org/api v0.187.0/go.mod h1:KIHlTc4x7N7gKKuVsdmfBXN13yEEWXWFURWY6SBp2gk= google.golang.org/api v0.188.0/go.mod h1:VR0d+2SIiWOYG3r/jdm7adPW9hI2aRv9ETOSCQ9Beag= google.golang.org/api v0.196.0/go.mod h1:g9IL21uGkYgvQ5BZg6BAtoGJQIm8r6EgaAbpNey5wBE= google.golang.org/api v0.197.0/go.mod h1:AuOuo20GoQ331nq7DquGHlU6d+2wN2fZ8O0ta60nRNw= google.golang.org/api v0.214.0/go.mod h1:bYPpLG8AyeMWwDU6NXoB00xC0DFkikVvd5MfwoxjLqE= google.golang.org/api v0.229.0/go.mod h1:wyDfmq5g1wYJWn29O22FDWN48P7Xcz0xz+LBpptYvB0= google.golang.org/api v0.230.0/go.mod h1:aqvtoMk7YkiXx+6U12arQFExiRV9D/ekvMCwCd/TksQ= google.golang.org/api v0.232.0/go.mod h1:p9QCfBWZk1IJETUdbTKloR5ToFdKbYh2fkjsUL6vNoY= google.golang.org/api v0.239.0/go.mod h1:cOVEm2TpdAGHL2z+UwyS+kmlGr3bVWQQ6sYEqkKje50= google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds= google.golang.org/cloud v0.0.0-20151119220103-975617b05ea8/go.mod h1:0H1ncTHf11KCFhTc/+EFRbzSCOZx+VUbRMk55Yv5MYk= google.golang.org/genproto v0.0.0-20190522204451-c2c4e71fbf69/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s= google.golang.org/genproto v0.0.0-20200117163144-32f20d992d24/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201110150050-8816d57aaa9a/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4= google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU= google.golang.org/genproto v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:xZnkP7mREFX5MORlOPEzLMr+90PPZQ2QWzrVTWfAq64= google.golang.org/genproto v0.0.0-20230711160842-782d3b101e98/go.mod h1:S7mY02OqCJTD0E1OiQy1F72PWFB4bZJ87cAtLPYgDR0= google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d/go.mod h1:yZTlhN0tQnXo3h00fuXNCxJdLdIdnVFVBaRJ5LWBbw4= google.golang.org/genproto v0.0.0-20231012201019-e917dd12ba7a/go.mod h1:EMfReVxb80Dq1hhioy0sOsY9jCE46YDgHlJ7fWVUWRE= google.golang.org/genproto v0.0.0-20231106174013-bbf56f31fb17/go.mod h1:J7XzRzVy1+IPwWHZUzoD0IccYZIrXILAQpc+Qy9CMhY= google.golang.org/genproto v0.0.0-20231211222908-989df2bf70f3/go.mod h1:5RBcpGRxr25RbDzY5w+dmaqpSEvl8Gwl1x2CICf60ic= google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80/go.mod h1:cc8bqMqtv9gMOr0zHg2Vzff5ULhhL2IXP4sbcn32Dro= google.golang.org/genproto v0.0.0-20240125205218-1f4bbc51befe/go.mod h1:cc8bqMqtv9gMOr0zHg2Vzff5ULhhL2IXP4sbcn32Dro= google.golang.org/genproto v0.0.0-20240205150955-31a09d347014/go.mod h1:xEgQu1e4stdSSsxPDK8Azkrk/ECl5HvdPf6nbZrTS5M= google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de/go.mod h1:VUhTRKeHn9wwcdrk73nvdC9gF178Tzhmt/qyaFcPLSo= google.golang.org/genproto v0.0.0-20240401170217-c3f982113cda/go.mod h1:g2LLCvCeCSir/JJSWosk19BR4NVxGqHUC6rxIRsd7Aw= google.golang.org/genproto v0.0.0-20240528184218-531527333157/go.mod h1:ubQlAQnzejB8uZzszhrTCU2Fyp6Vi7ZE5nn0c3W8+qQ= google.golang.org/genproto v0.0.0-20240624140628-dc46fd24d27d/go.mod h1:s7iA721uChleev562UJO2OYB0PPT9CMFjV+Ce7VJH5M= google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:hL97c3SYopEHblzpxRL4lSs523++l8DYxGM1FQiYmb4= google.golang.org/genproto v0.0.0-20241118233622-e639e219e697/go.mod h1:JJrvXBWRZaFMxBufik1a4RpFw4HhgVtBBWQeQgUj2cc= google.golang.org/genproto v0.0.0-20250303144028-a0af3efb3deb/go.mod h1:sAo5UzpjUwgFBCzupwhcLcxHVDK7vG5IqI30YnwX2eE= google.golang.org/genproto/googleapis/api v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig= google.golang.org/genproto/googleapis/api v0.0.0-20230711160842-782d3b101e98/go.mod h1:rsr7RhLuwsDKL7RmgDDCUc6yaGr1iqceVb5Wv6f6YvQ= google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d/go.mod h1:KjSP20unUpOx5kyQUFa7k4OJg0qeJ7DEZflGDu2p6Bk= google.golang.org/genproto/googleapis/api v0.0.0-20231012201019-e917dd12ba7a/go.mod h1:SUBoKXbI1Efip18FClrQVGjWcyd0QZd8KkvdP34t7ww= google.golang.org/genproto/googleapis/api v0.0.0-20231106174013-bbf56f31fb17/go.mod h1:0xJLfVdJqpAPl8tDg1ujOCGzx6LFLttXT5NhllGOXY4= google.golang.org/genproto/googleapis/api v0.0.0-20231120223509-83a465c0220f/go.mod h1:Uy9bTZJqmfrw2rIBxgGLnamc78euZULUBrLZ9XTITKI= google.golang.org/genproto/googleapis/api v0.0.0-20240123012728-ef4313101c80/go.mod h1:4jWUdICTdgc3Ibxmr8nAJiiLHwQBY0UI0XZcEMaFKaA= google.golang.org/genproto/googleapis/api v0.0.0-20240205150955-31a09d347014/go.mod h1:rbHMSEDyoYX62nRVLOCc4Qt1HbsdytAYoVwgjiOhF3I= google.golang.org/genproto/googleapis/api v0.0.0-20240227224415-6ceb2ff114de/go.mod h1:5iCWqnniDlqZHrd3neWVTOwvh/v6s3232omMecelax8= google.golang.org/genproto/googleapis/api v0.0.0-20240311132316-a219d84964c2/go.mod h1:O1cOfN1Cy6QEYr7VxtjOyP5AdAuR0aJ/MYZaaof623Y= google.golang.org/genproto/googleapis/api v0.0.0-20240318140521-94a12d6c2237/go.mod h1:Z5Iiy3jtmioajWHDGFk7CeugTyHtPvMHA4UTmUkyalE= google.golang.org/genproto/googleapis/api v0.0.0-20240429193739-8cf5692501f6/go.mod h1:10yRODfgim2/T8csjQsMPgZOMvtytXKTDRzH6HRGzRw= google.golang.org/genproto/googleapis/api v0.0.0-20240506185236-b8a5c65736ae/go.mod h1:FfiGhwUm6CJviekPrc0oJ+7h29e+DmWU6UtjX0ZvI7Y= google.golang.org/genproto/googleapis/api v0.0.0-20240513163218-0867130af1f8/go.mod h1:vPrPUTsDCYxXWjP7clS81mZ6/803D8K4iM9Ma27VKas= google.golang.org/genproto/googleapis/api v0.0.0-20240528184218-531527333157/go.mod h1:99sLkeliLXfdj2J75X3Ho+rrVCaJze0uwN7zDDkjPVU= google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117/go.mod h1:OimBR/bc1wPO9iV4NC2bpyjy3VnAwZh5EBPQdtaE5oo= google.golang.org/genproto/googleapis/api v0.0.0-20240617180043-68d350f18fd4/go.mod h1:px9SlOOZBg1wM1zdnr8jEL4CNGUBZ+ZKYtNPApNQc4c= google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094/go.mod h1:fJ/e3If/Q67Mj99hin0hMhiNyCRmt6BQ2aWIJshUSJw= google.golang.org/genproto/googleapis/api v0.0.0-20240711142825-46eb208f015d/go.mod h1:mw8MG/Qz5wfgYr6VqVCiZcHe/GJEfI+oGGDCohaVgB0= google.golang.org/genproto/googleapis/api v0.0.0-20240814211410-ddb44dafa142/go.mod h1:d6be+8HhtEtucleCbxpPW9PA9XwISACu8nvpPqF0BVo= google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:qpvKtACPCQhAdu3PyQgV4l3LMXZEtft7y8QcarRsp9I= google.golang.org/genproto/googleapis/api v0.0.0-20241007155032-5fefd90f89a9/go.mod h1:wp2WsuBYj6j8wUdo3ToZsdxxixbvQNAHqVJrTgi5E5M= google.golang.org/genproto/googleapis/api v0.0.0-20241118233622-e639e219e697/go.mod h1:+D9ySVjN8nY8YCVjc5O7PZDIdZporIDY3KaGfJunh88= google.golang.org/genproto/googleapis/api v0.0.0-20250414145226-207652e42e2e/go.mod h1:085qFyf2+XaZlRdCgKNCIZ3afY2p4HHZdoIRpId8F4A= google.golang.org/genproto/googleapis/api v0.0.0-20250425173222-7b384671a197/go.mod h1:Cd8IzgPo5Akum2c9R6FsXNaZbH3Jpa2gpHlW89FqlyQ= google.golang.org/genproto/googleapis/api v0.0.0-20250528174236-200df99c418a/go.mod h1:a77HrdMjoeKbnd2jmgcWdaS++ZLZAEq3orIOAEIKiVw= google.golang.org/genproto/googleapis/api v0.0.0-20250603155806-513f23925822/go.mod h1:h3c4v36UTKzUiuaOKQ6gr3S+0hovBtUrXzTG/i3+XEc= google.golang.org/genproto/googleapis/bytestream v0.0.0-20231030173426-d783a09b4405/go.mod h1:GRUCuLdzVqZte8+Dl/D4N25yLzcGqqWaYkeVOwulFqw= google.golang.org/genproto/googleapis/bytestream v0.0.0-20240311132316-a219d84964c2/go.mod h1:vh/N7795ftP0AkN1w8XKqN4w1OdUKXW5Eummda+ofv8= google.golang.org/genproto/googleapis/bytestream v0.0.0-20240429193739-8cf5692501f6/go.mod h1:ULqtoQMxDLNRfW+pJbKA68wtIy1OiYjdIsJs3PMpzh8= google.golang.org/genproto/googleapis/bytestream v0.0.0-20240722135656-d784300faade/go.mod h1:5/MT647Cn/GGhwTpXC7QqcaR5Cnee4v4MKCU1/nwnIQ= google.golang.org/genproto/googleapis/bytestream v0.0.0-20241015192408-796eee8c2d53/go.mod h1:T8O3fECQbif8cez15vxAcjbwXxvL2xbnvbQ7ZfiMAMs= google.golang.org/genproto/googleapis/bytestream v0.0.0-20241021214115-324edc3d5d38/go.mod h1:T8O3fECQbif8cez15vxAcjbwXxvL2xbnvbQ7ZfiMAMs= google.golang.org/genproto/googleapis/bytestream v0.0.0-20250804133106-a7a43d27e69b/go.mod h1:h6yxum/C2qRb4txaZRLDHK8RyS0H/o2oEDeKY4onY/Y= google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA= google.golang.org/genproto/googleapis/rpc v0.0.0-20230731190214-cbb8c96f2d6d/go.mod h1:TUfxEVdsvPg18p6AslUXFoLdpED4oBnGwyqk3dV1XzM= google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d/go.mod h1:+Bk1OCOj40wS2hwAMA+aCW9ypzm63QTBBHp6lQ3p+9M= google.golang.org/genproto/googleapis/rpc v0.0.0-20231012201019-e917dd12ba7a/go.mod h1:4cYg8o5yUbm77w8ZX00LhMVNl/YVBFJRYWDc0uYWMs0= google.golang.org/genproto/googleapis/rpc v0.0.0-20231106174013-bbf56f31fb17/go.mod h1:oQ5rr10WTTMvP4A36n8JpR1OrO1BEiV4f78CneXZxkA= google.golang.org/genproto/googleapis/rpc v0.0.0-20231120223509-83a465c0220f/go.mod h1:L9KNLi232K1/xB6f7AlSX692koaRnKaWSR0stBki0Yc= google.golang.org/genproto/googleapis/rpc v0.0.0-20231212172506-995d672761c0/go.mod h1:FUoWkonphQm3RhTS+kOEhF8h0iDpm4tdXolVCeZ9KKA= google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80/go.mod h1:PAREbraiVEVGVdTZsVWjSbbTtSyGbAgIIvni8a8CD5s= google.golang.org/genproto/googleapis/rpc v0.0.0-20240125205218-1f4bbc51befe/go.mod h1:PAREbraiVEVGVdTZsVWjSbbTtSyGbAgIIvni8a8CD5s= google.golang.org/genproto/googleapis/rpc v0.0.0-20240205150955-31a09d347014/go.mod h1:SaPjaZGWb0lPqs6Ittu0spdfrOArqji4ZdeP5IC/9N4= google.golang.org/genproto/googleapis/rpc v0.0.0-20240227224415-6ceb2ff114de/go.mod h1:H4O17MA/PE9BsGx3w+a+W2VOLLD1Qf7oJneAoU6WktY= google.golang.org/genproto/googleapis/rpc v0.0.0-20240311132316-a219d84964c2/go.mod h1:UCOku4NytXMJuLQE5VuqA5lX3PcHCBo8pxNyvkf4xBs= google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY= google.golang.org/genproto/googleapis/rpc v0.0.0-20240401170217-c3f982113cda/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY= google.golang.org/genproto/googleapis/rpc v0.0.0-20240415180920-8c6c420018be/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY= google.golang.org/genproto/googleapis/rpc v0.0.0-20240429193739-8cf5692501f6/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY= google.golang.org/genproto/googleapis/rpc v0.0.0-20240513163218-0867130af1f8/go.mod h1:I7Y+G38R2bu5j1aLzfFmQfTcU/WnFuqDwLZAbvKTKpM= google.golang.org/genproto/googleapis/rpc v0.0.0-20240604185151-ef581f913117/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0= google.golang.org/genproto/googleapis/rpc v0.0.0-20240624140628-dc46fd24d27d/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= google.golang.org/genproto/googleapis/rpc v0.0.0-20240708141625-4ad9e859172b/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= google.golang.org/genproto/googleapis/rpc v0.0.0-20240711142825-46eb208f015d/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= google.golang.org/genproto/googleapis/rpc v0.0.0-20240822170219-fc7c04adadcd/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= google.golang.org/genproto/googleapis/rpc v0.0.0-20240826202546-f6391c0de4c7/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= google.golang.org/genproto/googleapis/rpc v0.0.0-20240930140551-af27646dc61f/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= google.golang.org/genproto/googleapis/rpc v0.0.0-20241007155032-5fefd90f89a9/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI= google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576/go.mod h1:5uTbfoYQed2U9p3KIj2/Zzm02PYhndfdmML0qC3q3FU= google.golang.org/genproto/googleapis/rpc v0.0.0-20250227231956-55c901821b1e/go.mod h1:LuRYeWDFV6WOn90g357N17oMCaxpgCnbi/44qJvDn2I= google.golang.org/genproto/googleapis/rpc v0.0.0-20250414145226-207652e42e2e/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= google.golang.org/genproto/googleapis/rpc v0.0.0-20250425173222-7b384671a197/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= google.golang.org/genproto/googleapis/rpc v0.0.0-20250505200425-f936aa4a68b2/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= google.golang.org/genproto/googleapis/rpc v0.0.0-20250519155744-55703ea1f237/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= google.golang.org/genproto/googleapis/rpc v0.0.0-20250528174236-200df99c418a/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= google.golang.org/genproto/googleapis/rpc v0.0.0-20250603155806-513f23925822/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= google.golang.org/genproto/googleapis/rpc v0.0.0-20250804133106-a7a43d27e69b/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= google.golang.org/genproto/googleapis/rpc v0.0.0-20250811230008-5f3141c8851a/go.mod h1:gw1tLEfykwDz2ET4a12jcXt4couGAm7IwsVaTy0Sflo= google.golang.org/grpc v1.43.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ= google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= google.golang.org/grpc v1.47.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= google.golang.org/grpc v1.50.1/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= google.golang.org/grpc v1.56.1/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s= google.golang.org/grpc v1.57.0/go.mod h1:Sd+9RMTACXwmub0zcNY2c4arhtrbBYD1AUHI/dt16Mo= google.golang.org/grpc v1.57.1/go.mod h1:Sd+9RMTACXwmub0zcNY2c4arhtrbBYD1AUHI/dt16Mo= google.golang.org/grpc v1.58.3/go.mod h1:tgX3ZQDlNJGU96V6yHh1T/JeoBQ2TXdr43YbYSsCJk0= google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98= google.golang.org/grpc v1.61.0/go.mod h1:VUbo7IFqmF1QtCAstipjG0GIoq49KvMe9+h1jFLBNJs= google.golang.org/grpc v1.62.0/go.mod h1:IWTG0VlJLCh1SkC58F7np9ka9mx/WNkjl4PGJaiq+QE= google.golang.org/grpc v1.63.2/go.mod h1:WAX/8DgncnokcFUldAxq7GeB5DXHDbMF+lLvDomNkRA= google.golang.org/grpc v1.64.0/go.mod h1:oxjF8E3FBnjp+/gVFYdWacaLDx9na1aqy9oovLpxQYg= google.golang.org/grpc v1.65.0/go.mod h1:WgYC2ypjlB0EiQi6wdKixMqukr6lBc0Vo+oOgjrM5ZQ= google.golang.org/grpc v1.66.0/go.mod h1:s3/l6xSSCURdVfAnL+TqCNMyTDAGN6+lZeVxnZR128Y= google.golang.org/grpc v1.66.2/go.mod h1:s3/l6xSSCURdVfAnL+TqCNMyTDAGN6+lZeVxnZR128Y= google.golang.org/grpc v1.67.0/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA= google.golang.org/grpc v1.67.3/go.mod h1:YGaHCc6Oap+FzBJTZLBzkGSYt/cvGPFTPxkn7QfSU8s= google.golang.org/grpc v1.71.0/go.mod h1:H0GRtasmQOh9LkFoCPDu3ZrwUtD1YGE+b2vYBYd/8Ec= google.golang.org/grpc v1.71.1/go.mod h1:H0GRtasmQOh9LkFoCPDu3ZrwUtD1YGE+b2vYBYd/8Ec= google.golang.org/grpc v1.72.0/go.mod h1:wH5Aktxcg25y1I3w7H69nHfXdOG3UiadoBtjh3izSDM= google.golang.org/grpc v1.72.1/go.mod h1:wH5Aktxcg25y1I3w7H69nHfXdOG3UiadoBtjh3izSDM= google.golang.org/grpc v1.73.0/go.mod h1:50sbHOUqWoCQGI8V2HQLJM0B+LMlIUjNSZmow7EVBQc= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.5.1/go.mod h1:5KF+wpkbTSbGcR9zteSqZV6fqFOWBl4Yde8En8MryZA= google.golang.org/grpc/examples v0.0.0-20230224211313-3775f633ce20/go.mod h1:Nr5H8+MlGWr5+xX/STzdoEqJrO+YteqFbMyCsrb6mH0= google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.29.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.32.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= google.golang.org/protobuf v1.34.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw= google.golang.org/protobuf v1.35.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= google.golang.org/protobuf v1.36.3/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M= gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/natefinch/lumberjack.v2 v2.2.1/go.mod h1:YD8tP3GAjkrDg1eZH7EGmyESg/lsYskCTPBJVb9jqSc= gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/square/go-jose.v2 v2.3.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/square/go-jose.v2 v2.5.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/square/go-jose.v2 v2.6.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk= gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8= gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g= k8s.io/api v0.20.1/go.mod h1:KqwcCVogGxQY3nBlRpwt+wpAMF/KjaCc7RpywacvqUo= k8s.io/api v0.22.5/go.mod h1:mEhXyLaSD1qTOf40rRiKXkc+2iCem09rWLlFwhCEiAs= k8s.io/api v0.26.2/go.mod h1:1kjMQsFE+QHPfskEcVNgL3+Hp88B80uj0QtSOlj8itU= k8s.io/api v0.31.2/go.mod h1:bWmGvrGPssSK1ljmLzd3pwCQ9MgoTsRCuK35u6SygUk= k8s.io/apimachinery v0.20.1/go.mod h1:WlLqWAHZGg07AeltaI0MV5uk1Omp8xaN0JGLY6gkRpU= k8s.io/apimachinery v0.22.1/go.mod h1:O3oNtNadZdeOMxHFVxOreoznohCpy0z6mocxbZr7oJ0= k8s.io/apimachinery v0.22.5/go.mod h1:xziclGKwuuJ2RM5/rSFQSYAj0zdbci3DH8kj+WvyN0U= k8s.io/apimachinery v0.26.2/go.mod h1:ats7nN1LExKHvJ9TmwootT00Yz05MuYqPXEXaVeOy5I= k8s.io/apimachinery v0.27.4/go.mod h1:XNfZ6xklnMCOGGFNqXG7bUrQCoR04dh/E7FprV6pb+E= k8s.io/apimachinery v0.31.2/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= k8s.io/apiserver v0.20.1/go.mod h1:ro5QHeQkgMS7ZGpvf4tSMx6bBOgPfE+f52KwvXfScaU= k8s.io/apiserver v0.22.5/go.mod h1:s2WbtgZAkTKt679sYtSudEQrTGWUSQAPe6MupLnlmaQ= k8s.io/apiserver v0.26.2/go.mod h1:GHcozwXgXsPuOJ28EnQ/jXEM9QeG6HT22YxSNmpYNh8= k8s.io/apiserver v0.31.2/go.mod h1:o3nKZR7lPlJqkU5I3Ove+Zx3JuoFjQobGX1Gctw6XuE= k8s.io/client-go v0.20.1/go.mod h1:/zcHdt1TeWSd5HoUe6elJmHSQ6uLLgp4bIJHVEuy+/Y= k8s.io/client-go v0.22.5/go.mod h1:cs6yf/61q2T1SdQL5Rdcjg9J1ElXSwbjSrW2vFImM4Y= k8s.io/client-go v0.26.2/go.mod h1:u5EjOuSyBa09yqqyY7m3abZeovO/7D/WehVVlZ2qcqU= k8s.io/client-go v0.31.2/go.mod h1:NPa74jSVR/+eez2dFsEIHNa+3o09vtNaWwWwb1qSxSs= k8s.io/component-base v0.20.1/go.mod h1:guxkoJnNoh8LNrbtiQOlyp2Y2XFCZQmrcg2n/DeYNLk= k8s.io/component-base v0.22.5/go.mod h1:VK3I+TjuF9eaa+Ln67dKxhGar5ynVbwnGrUiNF4MqCI= k8s.io/component-base v0.26.2/go.mod h1:DxbuIe9M3IZPRxPIzhch2m1eT7uFrSBJUBuVCQEBivs= k8s.io/component-base v0.31.2/go.mod h1:9PeyyFN/drHjtJZMCTkSpQJS3U9OXORnHQqMLDz0sUQ= k8s.io/cri-api v0.17.3/go.mod h1:X1sbHmuXhwaHs9xxYffLqJogVsnI+f6cPRcgPel7ywM= k8s.io/cri-api v0.20.1/go.mod h1:2JRbKt+BFLTjtrILYVqQK5jqhI+XNdF6UiGMgczeBCI= k8s.io/cri-api v0.23.1/go.mod h1:REJE3PSU0h/LOV1APBrupxrEJqnoxZC8KWzkBUHwrK4= k8s.io/cri-api v0.25.3/go.mod h1:riC/P0yOGUf2K1735wW+CXs1aY2ctBgePtnnoFLd0dU= k8s.io/cri-api v0.27.1/go.mod h1:+Ts/AVYbIo04S86XbTD73UPp/DkTiYxtsFeOFEu32L0= k8s.io/cri-api v0.31.2/go.mod h1:Po3TMAYH/+KrZabi7QiwQI4a692oZcUOUThd/rqwxrI= k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/gengo/v2 v2.0.0-20240228010128-51d4e06bde70/go.mod h1:VH3AT8AaQOqiGjMF9p0/IM1Dj+82ZwjfxUP1IxaHE+8= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.4.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.9.0/go.mod h1:hy9LJ/NvuK+iVyP4Ehqva4HxZG/oXyIS3n3Jmire4Ec= k8s.io/klog/v2 v2.30.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/klog/v2 v2.90.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/kms v0.31.2/go.mod h1:OZKwl1fan3n3N5FFxnW5C4V3ygrah/3YXeJWS3O6+94= k8s.io/kube-openapi v0.0.0-20201113171705-d219536bb9fd/go.mod h1:WOJ3KddDSol4tAGcJo0Tvi+dK12EcqSLqcWsryKMpfM= k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw= k8s.io/kube-openapi v0.0.0-20211109043538-20434351676c/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw= k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= k8s.io/kubelet v0.31.2/go.mod h1:0E4++3cMWi2cJxOwuaQP3eMBa7PSOvAFgkTPlVc/2FA= k8s.io/kubernetes v1.13.0/go.mod h1:ocZa8+6APFNC2tX1DZASIbocyYT5jHzqFVsY5aoB7Jk= k8s.io/utils v0.0.0-20201110183641-67b214c5f920/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20210819203725-bdf08cb9a70a/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20210930125809-cb0fa318a74b/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= oras.land/oras-go v1.2.0/go.mod h1:pFNs7oHp2dYsYMSS82HaX5l4mpnGO7hbpPN6EWH2ltc= oras.land/oras-go/v2 v2.3.1/go.mod h1:5AQXVEu1X/FKp1F9DMOb5ZItZBOa0y5dha0yCm4NR9c= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.14/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.22/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.3/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw= sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= sigs.k8s.io/structured-merge-diff/v4 v4.1.2/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4= sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E= sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= tags.cncf.io/container-device-interface v0.7.2/go.mod h1:Xb1PvXv2BhfNb3tla4r9JL129ck1Lxv9KuU6eVOfKto= tags.cncf.io/container-device-interface v0.8.0/go.mod h1:Apb7N4VdILW0EVdEMRYXIDVRZfNJZ+kmEUss2kRRQ6Y= tags.cncf.io/container-device-interface/specs-go v0.7.0/go.mod h1:hMAwAbMZyBLdmYqWgYcKH0F/yctNpV3P35f+/088A80= tags.cncf.io/container-device-interface/specs-go v0.8.0/go.mod h1:BhJIkjjPh4qpys+qm4DAYtUyryaTDg9zris+AczXyws= go-tpm-tools-0.4.7/internal/000077500000000000000000000000001510276467000157075ustar00rootroot00000000000000go-tpm-tools-0.4.7/internal/cert.go000066400000000000000000000052051510276467000171750ustar00rootroot00000000000000package internal import ( "crypto/x509" "fmt" "io" "net/http" ) const ( maxIssuingCertificateURLs = 3 maxCertChainLength = 4 ) // GetCertificateChain constructs the certificate chain for the key's certificate. // If an error is encountered in the process, return what has been constructed so far. func GetCertificateChain(cert *x509.Certificate, client *http.Client) ([][]byte, error) { var certs [][]byte currentCert := cert for len(certs) <= maxCertChainLength { issuingCert, err := fetchIssuingCertificate(client, currentCert) if err != nil { return nil, err } if issuingCert == nil { return certs, nil } certs = append(certs, issuingCert.Raw) currentCert = issuingCert } return nil, fmt.Errorf("max certificate chain length (%v) exceeded", maxCertChainLength) } // Given a certificate, iterates through its IssuingCertificateURLs and returns // the certificate that signed it. If the certificate lacks an // IssuingCertificateURL, return nil. If fetching the certificates fails or the // cert chain is malformed, return an error. func fetchIssuingCertificate(client *http.Client, cert *x509.Certificate) (*x509.Certificate, error) { // Check if we should event attempt fetching. if cert == nil || len(cert.IssuingCertificateURL) == 0 { return nil, nil } // For each URL, fetch and parse the certificate, then verify whether it signed cert. // If successful, return the parsed certificate. If any step in this process fails, try the next url. // If all the URLs fail, return the last error we got. // TODO(Issue #169): Return a multi-error here var lastErr error for i, url := range cert.IssuingCertificateURL { // Limit the number of attempts. if i >= maxIssuingCertificateURLs { break } resp, err := client.Get(url) if err != nil { lastErr = fmt.Errorf("failed to retrieve certificate at %v: %w", url, err) continue } if resp.StatusCode != http.StatusOK { lastErr = fmt.Errorf("certificate retrieval from %s returned non-OK status: %v", url, resp.StatusCode) continue } certBytes, err := io.ReadAll(resp.Body) resp.Body.Close() if err != nil { lastErr = fmt.Errorf("failed to read response body from %s: %w", url, err) continue } parsedCert, err := x509.ParseCertificate(certBytes) if err != nil { lastErr = fmt.Errorf("failed to parse response from %s into a certificate: %w", url, err) continue } // Check if the parsed certificate signed the current one. if err = cert.CheckSignatureFrom(parsedCert); err != nil { lastErr = fmt.Errorf("parent certificate from %s did not sign child: %w", url, err) continue } return parsedCert, nil } return nil, lastErr } go-tpm-tools-0.4.7/internal/cert_test.go000066400000000000000000000044471510276467000202430ustar00rootroot00000000000000package internal import ( "net/http" "net/http/httptest" "testing" "github.com/google/go-tpm-tools/internal/test" ) var localClient = http.DefaultClient func TestFetchIssuingCertificateSucceeds(t *testing.T) { testCA, caKey := test.GetTestCert(t, nil, nil, nil) ts := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, _ *http.Request) { rw.WriteHeader(http.StatusOK) rw.Write(testCA.Raw) })) defer ts.Close() leafCert, _ := test.GetTestCert(t, []string{"invalid.URL", ts.URL}, testCA, caKey) cert, err := fetchIssuingCertificate(localClient, leafCert) if err != nil || cert == nil { t.Errorf("fetchIssuingCertificate() did not find valid intermediate cert: %v", err) } } func TestFetchIssuingCertificateReturnsErrorIfMalformedCertificateFound(t *testing.T) { ts := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, _ *http.Request) { rw.WriteHeader(http.StatusOK) rw.Write([]byte("these are some random bytes")) })) defer ts.Close() testCA, caKey := test.GetTestCert(t, nil, nil, nil) leafCert, _ := test.GetTestCert(t, []string{ts.URL}, testCA, caKey) _, err := fetchIssuingCertificate(localClient, leafCert) if err == nil { t.Fatal("expected fetchIssuingCertificate to fail with malformed cert") } } func TestGetCertificateChainSucceeds(t *testing.T) { // Create CA and corresponding server. testCA, caKey := test.GetTestCert(t, nil, nil, nil) caServer := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, _ *http.Request) { rw.WriteHeader(http.StatusOK) rw.Write(testCA.Raw) })) defer caServer.Close() // Create intermediate cert and corresponding server. intermediateCert, intermediateKey := test.GetTestCert(t, []string{caServer.URL}, testCA, caKey) intermediateServer := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, _ *http.Request) { rw.WriteHeader(http.StatusOK) rw.Write(intermediateCert.Raw) })) defer intermediateServer.Close() // Create leaf cert. leafCert, _ := test.GetTestCert(t, []string{intermediateServer.URL}, intermediateCert, intermediateKey) certChain, err := GetCertificateChain(leafCert, localClient) if err != nil { t.Fatal(err) } if len(certChain) != 2 { t.Fatalf("GetCertificateChain did not return the expected number of certificates: got %v, want 2", len(certChain)) } } go-tpm-tools-0.4.7/internal/pcrs.go000066400000000000000000000074671510276467000172230ustar00rootroot00000000000000// Package internal contains private helper functions needed in client and server package internal import ( "bytes" "crypto" "encoding/hex" "fmt" "io" pb "github.com/google/go-tpm-tools/proto/tpm" "github.com/google/go-tpm/legacy/tpm2" "github.com/google/go-tpm/tpmutil" ) const minPCRIndex = uint32(0) func maxPCRIndex(p *pb.PCRs) uint32 { high := minPCRIndex for idx := range p.GetPcrs() { if idx > high { high = idx } } return high } // FormatPCRs writes a multiline representation of the PCR values to w. func FormatPCRs(w io.Writer, p *pb.PCRs) error { if _, err := fmt.Fprintf(w, "%v:\n", p.Hash); err != nil { return err } for idx := minPCRIndex; idx <= maxPCRIndex(p); idx++ { if val, ok := p.GetPcrs()[idx]; ok { if _, err := fmt.Fprintf(w, " %2d: 0x%X\n", idx, val); err != nil { return err } } } return nil } // CheckSubset verifies if the pcrs PCRs are a valid "subset" of the provided // "superset" of PCRs. The PCR values must match (if present), and all PCRs must // be present in the superset. This function will return an error containing the // first missing or mismatched PCR number. func CheckSubset(subset, superset *pb.PCRs) error { if subset.GetHash() != superset.GetHash() { return fmt.Errorf("PCR hash algo not matching: %v, %v", subset.GetHash(), superset.GetHash()) } for pcrNum, pcrVal := range subset.GetPcrs() { if expectedVal, ok := superset.GetPcrs()[pcrNum]; ok { if !bytes.Equal(expectedVal, pcrVal) { return fmt.Errorf("PCR %d mismatch: expected %v, got %v", pcrNum, hex.EncodeToString(expectedVal), hex.EncodeToString(pcrVal)) } } else { return fmt.Errorf("PCR %d mismatch: value missing from the superset PCRs", pcrNum) } } return nil } // PCRSelection returns the corresponding tpm2.PCRSelection for the PCR data. func PCRSelection(p *pb.PCRs) tpm2.PCRSelection { sel := tpm2.PCRSelection{Hash: tpm2.Algorithm(p.GetHash())} for pcrNum := range p.GetPcrs() { sel.PCRs = append(sel.PCRs, int(pcrNum)) } return sel } // SamePCRSelection checks if the Pcrs has the same PCRSelection as the // provided given tpm2.PCRSelection (including the hash algorithm). func SamePCRSelection(p *pb.PCRs, sel tpm2.PCRSelection) bool { if tpm2.Algorithm(p.GetHash()) != sel.Hash { return false } if len(p.GetPcrs()) != len(sel.PCRs) { return false } for _, pcr := range sel.PCRs { if _, ok := p.Pcrs[uint32(pcr)]; !ok { return false } } return true } // PCRSessionAuth calculates the authorization value for the given PCRs. func PCRSessionAuth(p *pb.PCRs, hashAlg crypto.Hash) []byte { // Start with all zeros, we only use a single policy command on our session. oldDigest := make([]byte, hashAlg.Size()) ccPolicyPCR, _ := tpmutil.Pack(tpm2.CmdPolicyPCR) // Extend the policy digest, see TPM2_PolicyPCR in Part 3 of the spec. hash := hashAlg.New() hash.Write(oldDigest) hash.Write(ccPolicyPCR) hash.Write(encodePCRSelection(PCRSelection(p))) hash.Write(PCRDigest(p, hashAlg)) newDigest := hash.Sum(nil) return newDigest[:] } // PCRDigest computes the digest of the Pcrs. Note that the digest hash // algorithm may differ from the PCRs' hash (which denotes the PCR bank). func PCRDigest(p *pb.PCRs, hashAlg crypto.Hash) []byte { hash := hashAlg.New() for i := uint32(0); i < 24; i++ { if pcrValue, exists := p.GetPcrs()[i]; exists { hash.Write(pcrValue) } } return hash.Sum(nil) } // Encode a tpm2.PCRSelection as if it were a TPML_PCR_SELECTION func encodePCRSelection(sel tpm2.PCRSelection) []byte { // Encode count, pcrSelections.hash and pcrSelections.sizeofSelect fields buf, _ := tpmutil.Pack(uint32(1), sel.Hash, byte(3)) // Encode pcrSelect bitmask pcrBits := make([]byte, 3) for _, pcr := range sel.PCRs { byteNum := pcr / 8 bytePos := 1 << uint(pcr%8) pcrBits[byteNum] |= byte(bytePos) } return append(buf, pcrBits...) } go-tpm-tools-0.4.7/internal/pcrs_test.go000066400000000000000000000023441510276467000202470ustar00rootroot00000000000000package internal import ( "testing" pb "github.com/google/go-tpm-tools/proto/tpm" "github.com/google/go-tpm/legacy/tpm2" ) func TestHasSamePCRSelection(t *testing.T) { var subtests = []struct { pcrs *pb.PCRs pcrSel tpm2.PCRSelection expectedRes bool }{ {&pb.PCRs{}, tpm2.PCRSelection{}, true}, {&pb.PCRs{Hash: pb.HashAlgo(tpm2.AlgSHA256), Pcrs: map[uint32][]byte{1: {}}}, tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{1}}, true}, {&pb.PCRs{Hash: pb.HashAlgo(tpm2.AlgSHA256), Pcrs: map[uint32][]byte{}}, tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{}}, true}, {&pb.PCRs{Hash: pb.HashAlgo(tpm2.AlgSHA256), Pcrs: map[uint32][]byte{1: {}}}, tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{4}}, false}, {&pb.PCRs{Hash: pb.HashAlgo(tpm2.AlgSHA256), Pcrs: map[uint32][]byte{1: {}, 4: {}}}, tpm2.PCRSelection{Hash: tpm2.AlgSHA256, PCRs: []int{4}}, false}, {&pb.PCRs{Hash: pb.HashAlgo(tpm2.AlgSHA256), Pcrs: map[uint32][]byte{1: {}, 2: {}}}, tpm2.PCRSelection{Hash: tpm2.AlgSHA1, PCRs: []int{1, 2}}, false}, } for _, subtest := range subtests { if SamePCRSelection(subtest.pcrs, subtest.pcrSel) != subtest.expectedRes { t.Errorf("HasSamePCRSelection result is not expected") } } } go-tpm-tools-0.4.7/internal/public.go000066400000000000000000000025671510276467000175260ustar00rootroot00000000000000package internal import ( "crypto" "fmt" "github.com/google/go-tpm/legacy/tpm2" ) // GetSigningHashAlg returns the hash algorithm used for a signing key. Returns // an error if an algorithm isn't supported, or the key is not a signing key. func GetSigningHashAlg(pubArea tpm2.Public) (tpm2.Algorithm, error) { if pubArea.Attributes&tpm2.FlagSign == 0 { return tpm2.AlgNull, fmt.Errorf("non-signing key used with signing operation") } var sigScheme *tpm2.SigScheme switch pubArea.Type { case tpm2.AlgRSA: sigScheme = pubArea.RSAParameters.Sign case tpm2.AlgECC: sigScheme = pubArea.ECCParameters.Sign default: return tpm2.AlgNull, fmt.Errorf("unsupported key type: %v", pubArea.Type) } if sigScheme == nil { return tpm2.AlgNull, fmt.Errorf("unsupported null signing scheme") } switch sigScheme.Alg { case tpm2.AlgRSAPSS, tpm2.AlgRSASSA, tpm2.AlgECDSA: return sigScheme.Hash, nil default: return tpm2.AlgNull, fmt.Errorf("unsupported signing algorithm: %v", sigScheme.Alg) } } // PubKeysEqual returns whether the two public keys are equal. func PubKeysEqual(k1 crypto.PublicKey, k2 crypto.PublicKey) bool { // Common interface for all the standard public key types, see: // https://pkg.go.dev/crypto@go1.18beta1#PublicKey type publicKey interface { Equal(crypto.PublicKey) bool } if key, ok := k1.(publicKey); ok { return key.Equal(k2) } return false } go-tpm-tools-0.4.7/internal/quote.go000066400000000000000000000107621510276467000174010ustar00rootroot00000000000000package internal import ( "bytes" "crypto" "crypto/ecdsa" "crypto/rsa" "crypto/subtle" "fmt" pb "github.com/google/go-tpm-tools/proto/tpm" "github.com/google/go-tpm/legacy/tpm2" ) // SignatureHashAlgs are the hash algorithms we support for Quote signatures, in // their preferred order of use. var SignatureHashAlgs = []tpm2.Algorithm{tpm2.AlgSHA512, tpm2.AlgSHA384, tpm2.AlgSHA256} // VerifyQuote performs the following checks to validate a Quote: // - the provided signature is generated by the trusted AK public key // - the signature signs the provided quote data // - the quote data starts with TPM_GENERATED_VALUE // - the quote data is a valid TPMS_QUOTE_INFO // - the quote data was taken over the provided PCRs // - the provided PCR values match the quote data internal digest // - the provided extraData matches that in the quote data // - the signature hash algorithm must be in HashAlgs // // Note that the caller must have already established trust in the provided // public key before validating the Quote. // // VerifyQuote supports ECDSA and RSASSA signature verification. func VerifyQuote(q *pb.Quote, trustedPub crypto.PublicKey, extraData []byte) error { sig, err := tpm2.DecodeSignature(bytes.NewBuffer(q.GetRawSig())) if err != nil { return fmt.Errorf("signature decoding failed: %v", err) } hash, err := verifyHashAlg(sig) if err != nil { return err } switch pub := trustedPub.(type) { case *ecdsa.PublicKey: if err = verifyECDSAQuoteSignature(pub, hash, q.GetQuote(), sig); err != nil { return err } case *rsa.PublicKey: if err = verifyRSASSAQuoteSignature(pub, hash, q.GetQuote(), sig); err != nil { return err } default: return fmt.Errorf("only RSA and ECC public keys are currently supported, received type: %T", pub) } // Decode and check for magic TPMS_GENERATED_VALUE. attestationData, err := tpm2.DecodeAttestationData(q.GetQuote()) if err != nil { return fmt.Errorf("decoding attestation data failed: %v", err) } if attestationData.Type != tpm2.TagAttestQuote { return fmt.Errorf("expected quote tag, got: %v", attestationData.Type) } attestedQuoteInfo := attestationData.AttestedQuoteInfo if attestedQuoteInfo == nil { return fmt.Errorf("attestation data does not contain quote info") } if subtle.ConstantTimeCompare(attestationData.ExtraData, extraData) == 0 { return fmt.Errorf("quote extraData %v did not match expected extraData %v", attestationData.ExtraData, extraData) } return validatePCRDigest(attestedQuoteInfo, q.GetPcrs(), hash) } // Get the cryptographic hash used for the signature and make sure we support it func verifyHashAlg(sig *tpm2.Signature) (crypto.Hash, error) { var hashAlg tpm2.Algorithm if sig.ECC != nil { hashAlg = sig.ECC.HashAlg } else if sig.RSA != nil { hashAlg = sig.RSA.HashAlg } else { return 0, fmt.Errorf("signature is missing hash algorithm") } // Convert from TPM2 hash algorithm to a Golang hash algorithm hash, err := hashAlg.Hash() if err != nil { return 0, err } for _, alg := range SignatureHashAlgs { if hashAlg == alg { return hash, nil } } return 0, fmt.Errorf("unsupported signature hash algorithm: %v", hash) } func verifyECDSAQuoteSignature(ecdsaPub *ecdsa.PublicKey, hash crypto.Hash, quoted []byte, sig *tpm2.Signature) error { if sig.Alg != tpm2.AlgECDSA { return fmt.Errorf("signature scheme 0x%x is not supported, only ECDSA is supported", sig.Alg) } hashConstructor := hash.New() hashConstructor.Write(quoted) if !ecdsa.Verify(ecdsaPub, hashConstructor.Sum(nil), sig.ECC.R, sig.ECC.S) { return fmt.Errorf("ECC signature verification failed") } return nil } func verifyRSASSAQuoteSignature(rsaPub *rsa.PublicKey, hash crypto.Hash, quoted []byte, sig *tpm2.Signature) error { if sig.Alg != tpm2.AlgRSASSA { return fmt.Errorf("signature scheme 0x%x is not supported, only RSASSA (PKCS#1 v1.5) is supported", sig.Alg) } hashConstructor := hash.New() hashConstructor.Write(quoted) if err := rsa.VerifyPKCS1v15(rsaPub, hash, hashConstructor.Sum(nil), sig.RSA.Signature); err != nil { return fmt.Errorf("RSASSA signature verification failed: %v", err) } return nil } func validatePCRDigest(quoteInfo *tpm2.QuoteInfo, pcrs *pb.PCRs, hash crypto.Hash) error { if !SamePCRSelection(pcrs, quoteInfo.PCRSelection) { return fmt.Errorf("given PCRs and Quote do not have the same PCR selection") } pcrDigest := PCRDigest(pcrs, hash) if subtle.ConstantTimeCompare(quoteInfo.PCRDigest, pcrDigest) == 0 { return fmt.Errorf("given PCRs digest not matching") } return nil } go-tpm-tools-0.4.7/internal/test/000077500000000000000000000000001510276467000166665ustar00rootroot00000000000000go-tpm-tools-0.4.7/internal/test/attestations/000077500000000000000000000000001510276467000214105ustar00rootroot00000000000000go-tpm-tools-0.4.7/internal/test/attestations/gce-cos-85-no-nonce.pb000066400000000000000000000716341510276467000252320ustar00rootroot00000000000000 ˜ r Ë­oœi‚$CJ†›V»i–]UIYþ`®+1éÁtM-EU¿8 ¢t]|4ù"x³YB0ŒéˆH¤¶O9è8û{gØõn¶&Xä* #¤­î^tö½ãbö>ÿ”ë Š‰EÉ59á“bhÔõ÷‹z¡h¢؈a†Œï­hù¿YáqYp<Û¡ÄÍr—4Hž_ÐçšëïCe>]VòoÆuVE ŠÊÏRšÉñ¦ÇM3³YúTwWcà ³Ñ Šx>U4ºA^\IDi§ç»€?jB×3±\ ý92DØã]™±$‡MXæ=gñ qÿTCG€" ÞþKJÞ/‹zᛊˆ—àËw®Aw1ØÎ8i~ÄöÀ• éæPM  (ÿÿÿ ý£'Ôº]Yxþ:#ÛG–@PèrcžõÖ©œ<Ê9åm‹† ÃkP±KXÚ• J¥v(ŽY%×û>åÞÉèNAÀÊT¥½ y¸¤ÇyAC§âGÄ!%à$‹k­ˆ¾‰ä¨$ŠË«¾ý†Êsn½Û‹˜¡G§ %î~ áå?³þkª¢ÚM™¤Jö6T²žN$;•Z›×fDŸÌã:™¾Á½>2*õ˜›¼ˆ²¬çègß2=‰ÑáX£oà§e3[òÂr'sæ–ö)4ÿù}rQOòpUå¾›ò¤=]#°™Ycðâþ»oÐ †/¹ô<'ì%«RN˜ÚZ‘…´Z‰‰rt˜K½ %_¹\†¨L“°Â‘V‡a:òƒ¯)$\Û6ƒòBæi#?‚mõ :¿Ö™Œ òÞˆ ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ²¨;¿/ƒt)š[+ßéU­r6²¨;¿/ƒt)š[+ßéU­r6 æUƒÑ~¶˜õpH¦¿Þýï;b̘ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿãéáÙÞ¬Ù[(›»Ó¡qzW¯}!@™÷ µ¤è̵ò;É€ï'#6²¨;¿/ƒt)š[+ßéU­r6  ô<­†,9®ãùŸ¢p¹rS;®_ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿahÉΈ¨e‰ òÏ/ÓÆ»ú·› rw‹ £Ä‘Û%ë|ƒh˵ äXÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÀ2õ»o–°GBýKMýä–ó‘ qÿTCG€" ÞþKJÞ/‹zᛊˆ—àËw®Aw1ØÎ8i~ÄöÀ• éæP•  ( ÿÿÿ ‰7˪òŠøZ[ —ç% z ”à_Í¡¨.ãûk.† ~rÜÙ‡h¿Mà\¨úSÞè[zœ†;«¢3òQ=LU‰D]MÂÿSd†êü+c0ðfòùÚí(¯;¶Æ®Î.D÷ŽŠ7’†:<2'ÎáêÍ_©ªOð¥ÂëÓΕ¬ÑÏ‹Äoå{%“ôî̼T[+,ÍDZÿn G»¼6|2 °‘B'2º¬åyÓÒùŠª„N›F\ …hQK‹\ ÒtñìXˆäþ¨SŸS­–uòµbpH7K7»ç!8 £‚Yæ×ôÃf¢ w |_G6ÙÒ±ýÓ^+Gg½¬– [ê2òÃËןݒŽ‰?«Jz—^ä+‡ Y¶Ýµ’ $ $ ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ$ =EŒþUÌêD?b¾ìõuáJŸÏšr4¡?Žyi$ $ ž›e®jÔCªäÇ¿™ÿûÍ'‡Oú¹Ö’ñ)ënl$  àŒøv4"ÅíâͳE•¹+×Ðk‹½`µM.•±K c$ ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ$ ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ$ n´[kúü¹‘MHl唬ÒKÁ:j˜ga5XËeô.Z Ëk„¸³Âoí+ŸÌ)s]ZÀdGcøѲ „Ža7I ¶aÏÞqÎ&´,DAE½ár´$BŽ’  40ù|:ªâs¢uÁYZÉœwB_‰e ‘J4‚‰pß´ŸžùÎk$eì(eévÈ«Æä4 04 0404040ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ40„MqÓ£µÞ–“Uâ ´Ö·ÊÒ‡ðÛ¸ƒí cr¦Æ\jÐ.ˆ—®\2s¡40Q‰#°ùUРwÉj«¥"¹ÞÎÞařΦĉϾ¤®MPR–þMý¯¶^•¿#Ä4040ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ40FÎ% [=§‘|^·§.nˆøø0D[™7’ \Ö(Ûic†S«©Ç ñÇGù40‹vÿ”:äBË"P€ÍñåIír ÕèoQH€—j‹£C‘ ¢(Þ‰Âÿwÿ@404 00ŒNŠ&TË úÑ"}Š*ý?z”sßȪ•k0¾†nš¾õãHD¼Y%}¬&40ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ40Q‰#°ùUРwÉj«¥"¹ÞÎÞařΦĉϾ¤®MPR–þMý¯¶^•¿#Ä40:^³q‘³–·N ”É uéê ÷´pHÁœ@õè ÉV†ÄŽ¼¯·fÓ̉½­#40Q‰#°ùUРwÉj«¥"¹ÞÎÞařΦĉϾ¤®MPR–þMý¯¶^•¿#Ä40‰åëtî|.·:¨OÜú_¢y­\Ä(¶”WQ˜¯¶Ýøûø@¢Î­c4 0%»U—|D ë8ý¯oL/ÄÍ¢< ¼‰­©9ŸR §4/(º>•:±xbsù àèD|4 040ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ40ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ40ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ¢»)Spec ID Event03 0?p‹Û¯òfUµ@6GL  Ðüñ2¨ûõ¤á¥Œ×MÒ5}çP;[jýZy‰©Ž¾ m±‚.BÏ’4ö§ŠÅËIô›ÁÄ9?71a!‹¶ߊ÷¦ŒΦ‚ae‰¿ c0GCE Virtual Firmware v1+líÑca—»Á¯ª€ÌnÍ> jÉ$H¨ WU¦;Íe¹öÕrn’]Èi»F”(Å gã,8%ž¤€’4ÌϽ'…Ã+Þˆ(3»mö½˜šIôVcæ<á™üÐP, GCE NonHostInfo€ÔýÑñM@AIMëÉÄSCÒ'} ÌüK³(ˆ£E¼ŠêÚºU+b}™4Œvv«1Aõ°@¤ ,ÞÐÆôSÔÆõœ^ìa«Æ°1E@¢6|º2jRª+1\ÌÎh¨Î Æï*Çå®5aßä‹Ê“Òª à˜+Œ SecureBoot€‹tC!5Ë’T¨ÊÐÂŒÛø7 bÑÅUÛóRµÙà›Ot#®pmÚ×vt(¥ã”Ö z q‡,ÁW´›1ÊýWuÎusC¶¡*»k+é»&“¤aé̦¹ÏðTì°ômaßä‹Ê“Òª à˜+ŒIPK¡YÀ¥ä”§J‡µ«\+ðrI-ÒúÒˆ¤G—’[ªG»‰0‚0‚ `õþøía^JiØUR^0  *†H†÷  0‘1 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI Platform Key v100 200806194844Z 300804194844Z0‘1 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI Platform Key v100‚"0  *†H†÷ ‚0‚ ‚¥I y-Gõ÷w‰|ΛåëFƒ?º÷Hï`œ–ßü;&å=PjlªÂMÄ»3® 9&‘tÒõèÌàÓiAaz(o6<½Š;ó'HÒüdÿ«µ´§Uÿ™FÂ-?œù2<¢ÑÙ}a¯Ñ ¯Â{¶óU­}CÂbÍ­Ù(Á_æƒ6Hòìó­/̾h½OFÆ;\_j$ÏO)¸`Tdì¢Q™ç¤#$ˆÞÆ9¿öU œtÏ\óŽŽ”/¼i¼ úËÝŠŠª<tŒØÍ¥’ Q7uRÝ×øõ—T cÞ§qŒ ‘{?=l¦\8âø h2ìXI[ÎÒÕÊ €à£k0i0Uÿ0ÿ0)U" É4ø­¬ÄèíJ™~Ú•æl0½#„á™ÐìK$ÙvP0+U#$0"€ É4ø­¬ÄèíJ™~Ú•æl0½#„á™ÐìK$ÙvP0  *†H†÷  ‚;>f¢Å½¸;izÃF½ dLe–0îÛÜx­ &ï:kyb–nž <-ëïzÖêÇÒ\Ù›Ý6ÚtióœHi7À9÷)¥hoŽúHáÝÀÏ;jêz?üõ>DX²Ó· `ð­§°¤íHîmÌlµ2ƒÁ×í¾2—õxv‡ARá óø〆֒>EÁ¤®­žf j= 1š”xþu#¶ñÌAùOBž†ì›üŒ×ö`0±¦·­žá?RÅÓû-• <Á3:¸VÕ×¾ÀúV‡x¸aÚåm‘â13cÌÂê(m¿¢£å´ø8#y¨tkºµk”`’¾€p½R¾~P}þ>’B"mÍÿS ñ ‰Mmwm‰k’Ýe†“êUpêAõƒ³ðx®UQdP ¿a%B¥ƒ-vKhiKdê{iïЃ)Nž>T­D-˜\'°xÃfùD¬–jãW‚¯xaßä‹Ê“Òª à˜+ŒRKEK¡YÀ¥ä”§J‡µ«\+ðrR6ÒúÒˆ¤G—’[ªG»‰0‚"0‚  ¬Uyi'å­)P´£ñÔ3ª0  *†H†÷  0•1 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS1"0 UUEFI Key Exchange Key v100 200806194850Z 300804194850Z0•1 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS1"0 UUEFI Key Exchange Key v100‚"0  *†H†÷ ‚0‚ ‚ºd"x:Wf×=àÃ#Z¨‡DÁk\ü*Ñy•˜µ¨heÍâøÕ\+¾¢A³Åâmä’¡¯Û0DŸc„@W„réžÜ'®d¬×Ë+L,©ÿ>3ø&w$páb½eZ­§UçBr Õ˜ÄiØàÃlLÆ~ÿ¦‡$s3qS00„ÂÅZÂéSp¯ A ðÞ_PK³jôßtØT-¢K£k0i0Uÿ0ÿ0)U" KN²qXØÝJ[·`õgGÁ_ÚùMƒ ~YÉKZ'$0+U#$0"€ KN²qXØÝJ[·`õgGÁ_ÚùMƒ ~YÉKZ'$0  *†H†÷  ‚ŽwÕwY‹ùó×U¢þY9Š8Í+9=zm³_ü±‹ÌÂü˾:-§£|nÊŽ2ë®Bž)?ýœ½7vR÷çÄxb«ñ< \Ó¤!-µƒHR*l½ª®EÈ´“YèÙDžüx rðüÝæžÓïÖZC!³0ÅíÄý«œVlÚ!}Îów0Ø’ý”¹µ>˦н•6R 3öâüëZ…×£…ïíßÍ‘ŠÝ‘ù ¡‰bÜs)¡¯{ó²%¸ üå[Éš—W8¤ù`¡›¬à?<•Õ÷û¿Wö¸+ªÇÊšCM¡‰ì»±ÔÀßþ®ÀHåSËÓD¢6îRMmÌ2³õ¼€ÓfŠq² Ÿ_¸B7 M´Ã×Þw 9¾ÿOCH¡¶—£™„GŽ‡CìòdJ2ÛÑ'&æâ ‘OržžpÌ0“);PÞcÖè£úÑá4[è– Í›mZ$rŠø?é¿Ôœx”¸“˲×:=–E£¼ÚÐgeomdbx¡YÀ¥ä”§J‡µ«\+ðr˜|ÒúÒˆ¤G—’[ªG»‰0‚h0‚P  ªŸ²° ¨0  *†H†÷  01 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS10UUEFI DB Key v10 181208011941Z 281205011941Z01 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS10UUEFI DB Key v10‚"0  *†H†÷ ‚0‚ ‚­gÕ8?––”"N‡&‘HΟeé¼u%Péìžì›ßx„ô0Ù6ww×kÃs׋ý& SIþô)M™‡ÿm#w(/ùþÅØ —µîÔõ)ógM”b¸MM[ºíÆshV¦°‡`HâEø'uZ™œêÍt$ÞàÖTñ‹á½(5GìÅ—è7È*Úl;¨;g1*/9²èUüvy´X+˜L[Xü"Æì^*ìð.R»Ówu![¤hW&<isËYŽLŠˆ@Ð_†e³ Þ"ÕÚ]]Õã‚*Y5Ü”MšIJ¤ÀÚÄgW¤q¸=ƒ5hufÿuio¶¥2 C^ ‹£æ0ã0UÕÛšgd3Fˆ°ó2‹öä”Z8ð>0³U#«0¨€ÕÛšgd3Fˆ°ó2‹öä”Z8ð>¡„¤01 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS10UUEFI DB Key v1‚ ªŸ²° ¨0 U0ÿ0  *†H†÷  ‚'kÛ7)€)5FügˆG£5T*Ê*µ£Æþlªà¿°¡Ñ~"µñ¼S íÓ» :eü9è÷c-¤êE¿ŒªŒ~¤ýdNÄ\œS`‚wWv:F ²÷‚¦& ¼‘· ±{­-P³‘ÛŠ¢×ýÞGÈM.Äs­ŒWé‚„žá q]2æs–ñ£[…â}a†eTœ«D#ÚWûÈ`‚*!ˆ°Á=£žhl8=䲃áÌGP‹Ã^eÃkݸ.˜ä~¸¤ŠÚòÓ*‰Î(âÙýúÄn1¤g…P¨ŒÌŠx–ä~çêcy-~^«¬~â1ot¹óίÃâľQaó8¡YÀ¥ä”§J‡µ«\+ðr¹ÒúÒˆ¤G—’[ªG»‰0‚‰0‚q  ìæßûÕ[º0  *†H†÷  0‰1 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS1!0UUEFI Key Exchange Key v10 181208011940Z 281205011940Z0‰1 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS1!0UUEFI Key Exchange Key v10‚"0  *†H†÷ ‚0‚ ‚Âa½Qú|”68»ÊpeÕ$3YÇ‹äýî—¤\ílçêÍyH,‘¨câö¤¼é(‘¦]iÞ¬Œ :GlÈÁš@ãÄÔ_Œñyiºå'ýw_qǟߧ]dEéð6ozOÏEâèíÒ‰‰ûA•ß»Á³úÜï ±ñ;ïcgW$à‹_jAÖö/>Ébdy·s‚è˜×ý+îy~q"Ë­®ñok(Ábßæõ#ðOóšVÚ™]‡ÜYö÷9&’m§.-ÉЈQ]„´ÂSƒ N­œêF_@í$ÿàþ0õ¦pµ; ‚frp®•Þ3†ÿe"šôËZÜ{£ñ0î0UªZd­…‚Ì—ºõãt][Ë;A›0¾U#¶0³€ªZd­…‚Ì—ºõãt][Ë;A›¡¤Œ0‰1 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS1!0UUEFI Key Exchange Key v1‚ ìæßûÕ[º0 U0ÿ0  *†H†÷  ‚ZÇwš­4Ãí8ÿ9Ê+^2Áä%‹Â.àÀaƒÔù¤¶‘/.ïZóh¢Ã°ïÉLêìëÅL×0tŽ 7_‘2U,&¨¼‰Ø+žq¬$‹'P)6/R -ÌDñ5«QŽàÍŽÁ;·ò-ïŒHÅ‚hi˧g»°X$_]Å‘Ùêý.GÌ<ºúB²Øþ®šáUàóÛ²0éM ˜ âëªS^º 7è@ “Æsý;‡·¯Yâæ\W ìÛëÔ&*d<.¸r I¼‚¼±#Ò²¶°/!û²¥oÌ#ýÝ%Í(`’¡YÀ¥ä”§J‡µ«\+ðrçÒúÒˆ¤G—’[ªG»‰0‚Ó0‚»  Û—°Ñ¿Ôqñ0  *†H†÷  01 0 UUS10U California10U Mountain View10U Google LLC.10U Chromium OS10U UEFI DB Key v10  180427150637Z22180310150637Z01 0 UUS10U California10U Mountain View10U Google LLC.10U Chromium OS10U UEFI DB Key v10‚"0  *†H†÷ ‚0‚ ‚µ³(o+ \(çléÏ0P¶¤uûœHѾ„Û_Ô 5§m´j¡NeטQ|`ÄŠŸ7_,qõÒBEú› žhõ5”Êô{Hƀlíȹx–Ð +±ÇLy­g!`Ը撳ü±F›äå*‡=EOÑ­n4Y{’ÛJ‘c?°ð<©|3¾©‹7srGô)ÈRQ ßì!âöWdÄ=t¡dï SŽzŠ.‘ÄCc-µõzÝ3m@>wìÌyŸ*À×Nq‡p+‹ûS)U0ƒ;Ðbÿ`ërÀ {™ ›CïÚ2CGZVtžñ ÌT ˜±O:I£P0N0USº1ˆô+اª€ªÉ›ã4jo0U#0€Sº1ˆô+اª€ªÉ›ã4jo0 U0ÿ0  *†H†÷  ‚²8÷ Z:u¨·AÎ)›ÿ‡ò£´( ¥Âþñg^ÇÕQ—“ ‹ýF”fâzÓ²½Z—Zj¦õŸ¸„)–ˆSHЭO®ø¶íFP…ô-¹4;Ñ-—šÞ5IÎäHTÏ› GjáwoôZÐßCš›h^€!€ÉÇ+BŸ¬‚:ÄIýÝmÓ‰j²*ž~öë-½ä»»ø„'o!…cÜŒS@[a.’ÿë/ݦµpL»/f{b?µ rRC§ß —t7D5j£ß&9Ѳø? ¶lÛoí½t [QIÇG£¨œƒ`O©ÀBSTæÁeóNË´÷vY¡YÀ¥ä”§J‡µ«\+ðrýÒúÒˆ¤G—’[ªG»‰0‚é0‚Ñ  ¨qž9¬c0  *†H†÷  0‰1 0 UUS10U California10U Mountain View10U Google LLC.10U Chromium OS1!0U UEFI Key Exchange Key v10  180427150637Z22180310150637Z0‰1 0 UUS10U California10U Mountain View10U Google LLC.10U Chromium OS1!0U UEFI Key Exchange Key v10‚"0  *†H†÷ ‚0‚ ‚›!ÑÏ1YS¯##™3æ¹°¾ƒA–Iå©‘œ'“e–P¤Ú-D¿ÔÈ£ýÕïÛUäà÷÷—$nä1°œÐäåD9¾}°Ÿ@†5T£1¹U¾ˆÃÒe›Ä§öp²Ù„HÆ€ŽPOd°;ÈËñ¼/$ú󴼆òœÝ¸RåÔ:vpÄ7 Ò<=&rÞ¨éìSÒsnŠiº5é“Ä@~Y$Oð%¿îAVp\Ê¿Ä‘]a#Tæ~½¤jŽ?ÖêMs-D~3 GcD‘ScÄR{?ª·º´À\ÔF§^ú½¶¬tГ™tB™Sç d=±=±ÞsÁ°íñ»G£P0N0U¹Ni¯Ü“<ÃYŸ?ÕyÄŒ[í0U#0€¹Ni¯Ü“<ÃYŸ?ÕyÄŒ[í0 U0ÿ0  *†H†÷  ‚}Ï߸¤â1vbI²“èÑÒîlHrAB`©~Lï3WwšP:vq0åf>µG4š@hsIWúój¥c£/§¢ÒJ™ò„EØNt/ÍèØF(ÍÜÝöٌҨˆsA©<]}Ì%²ÞNQëú ëyE¹8bt®K²™l1âˆÃáÏ‘Vîøn™»IÞ,¼!P"4˜2Jô°ìɆkçZYⓨ<ÜÐÌêÉ«ˆ¶øÉÉÏpñ¸:ÎÅy_îŠ/Ž¸ü[—/õÿ!i€°âðg¼dÂc ëZ¤†‹¾í ²Ävúï@ï·}Ëš/Ñ`¤t¦iî5ÓÉ(ûêÌmõ¸iÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ð€£?[_Ö±ÊÝô¤­îz<É-Ò ks  K{-;ž"ÏûO‚91˜GR,O¡u;iP“ R¹ -éF¹G6KWØ! c;X™n*;§Î­T¯®s°…Ñå+ÀOëå| \¡3+6aßä‹Ê“Òª à˜+Œ BootOrder€"¤öîšöÛ 5(Þ¶Ktµ‚ü+ 1—¾0¡` „ä½J¡T¿µFÏ.lö _Œ6*“ #­ Rañ/4 ½ŽFv bÖ´Õv¤ñþ¡ÆKÆV±ÒŽ¬÷zæégÅÒ©‹út˜naßä‹Ê“Òª à˜+Œ>Boot0000 ,UiAppɽ¸|ëø4Oªê>ä¯e¡!ª,FvEƒnŠ¶ôf#1ÿ€5Áy{fÎ0ý^ŸQ Pͽ©É“‡ +ç¤Yã Ç»xˆûX(9‡þ ÑÓÁ¾'kÉév“æ\I ¢S3Ç®Âà™04“Œ‰;<+Êö~ˆÃB£Õ†ö÷úâÆ¡$zžØiˆ mKä—Ôû¶aßä‹Ê“Òª à˜+Œ`Boot0001&UEFI nvme_card-pd ÐA ÿN¬ŸYM…âR,Y²€ÍÛE1¦ìA¾'Sº&7Öå÷òV =gr´øNÔu•×*,L_ýõ»rÇPâo*®âÆV3º w Ú²1+NW¨M†Z!å²îgz!*Ú ˜˜€xÓ×@ö4kþ º©8Ê Cšq(Calling EFI Application from Boot OptioniÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðà€\Úø„r‰\Í sDFÖ–E7 ÷ù>¶»”gþã­jÞl5=â_.>ì1[Æ€M š SH’WºÌ(n×óe]ú‚õ›e= ÿ×›9U²wD @;Yícà'WòEE˲×:=–E£¼ÚÐgeo!dbÒúÒˆ¤G—’[ªG»‰0‚ 0‚õ FÑ»#Ù`ãb)2Bb0  *†H†÷  0‹1 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI DB Key v100 200806194855Z 300804194855Z0‹1 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI DB Key v100‚"0  *†H†÷ ‚0‚ ‚ÐÌ‘î䵸TéEg“"^5ðËÀîã€G†+ ˜ºq5Ge×Ió˜•Ñ9pòû…‘I?Ùû쬅D ‹Å=‚T3dÀÌ„Ú;É‘<öÇj–¼Ÿ®"âöä ºïîÝaØ™û÷FKÁ¿TÞ¤/¨Âï"ÜNÓKjÝi’lvrhÔÄç«a–uô x¢I¤oÐt>³Åâmä’¡¯Û0DŸc„@W„réžÜ'®d¬×Ë+L,©ÿ>3ø&w$páb½eZ­§UçBr Õ˜ÄiØàÃlLÆ~ÿ¦‡$s3qS00„ÂÅZÂéSp¯ A ðÞ_PK³jôßtØT-¢K£k0i0Uÿ0ÿ0)U" KN²qXØÝJ[·`õgGÁ_ÚùMƒ ~YÉKZ'$0+U#$0"€ KN²qXØÝJ[·`õgGÁ_ÚùMƒ ~YÉKZ'$0  *†H†÷  ‚ŽwÕwY‹ùó×U¢þY9Š8Í+9=zm³_ü±‹ÌÂü˾:-§£|nÊŽ2ë®Bž)?ýœ½7vR÷çÄxb«ñ< \Ó¤!-µƒHR*l½ª®EÈ´“YèÙDžüx rðüÝæžÓïÖZC!³0ÅíÄý«œVlÚ!}Îów0Ø’ý”¹µ>˦н•6R 3öâüëZ…×£…ïíßÍ‘ŠÝ‘ù ¡‰bÜs)¡¯{ó²%¸ üå[Éš—W8¤ù`¡›¬à?<•Õ÷û¿Wö¸+ªÇÊšCM¡‰ì»±ÔÀßþ®ÀHåSËÓD¢6îRMmÌ2³õ¼€€õ‰dRŸý÷ºßÊát~§ ~ ÞƒÞŽo8ùYjwËG9\°Ã\PžsmŒµ-nà C4T.&Tæa8x I¦*}ëì@äzPÞ¸îªÍ5Û`Ÿ³Ñ©®ºF.¢¤ð¦°G÷dEFI PART\Cžÿÿ?"Þÿ?é *æjM/™8Ô"̓q6€€Gæ;À ¯=ƃ„rGŽy=iØG}äÑgÓ|‚@OËÀp׫€Ð„Þÿ?STATE]*:þ2O§A·%¬Ì2…£ œ‰S6H•’ÿ»„S õ=PÿÏÿKERN-Aâ¸<~;ÝGŠ<ò¡<üìâÎŽï…#O®¡FÙ=ŠÂÐDÿÏ„ROOT-A]*:þ2O§A·%¬Ì2…£ N-áp1BĽÝâ?šiÐÿOKERN-Bâ¸<~;ÝGŠ<ò¡<üìç(þõéDœ¥ #%…3CØÐÿÏDROOT-B]*:þ2O§A·%¬Ì2…£ è$u®]Fªæ(PTâ@@@@KERN-Câ¸<~;ÝGŠ<ò¡<üìÀZc­²^D3¤¤à¬,_GA@A@ROOT-C¯=ƃ„rGŽy=iØG}äEzn§8þI ˜ˆÖö5‚ÐPÿÏOEM=u .Hž°Cƒ7±Q’Ë^¤zÊ¡VHd€w¢ ‹ Z9B@B@reserved=u .Hž°Cƒ7±Q’Ë^MŸšºKJ¡¬Gõ`‚9C@C@reservedHah!IdontNeedEFI›Àa䂤Dl°ö²‚Ð2·@?@RWFW(s*ÁøÒºK É>É;zž„"Å‘I0…çxZ‘ÍÐÿÏEFI-SYSTEM€¿îÁ]“Yþ ¨µûdQÑ÷>QDÆÓ Û¨ÖŸû$D–¬Š²••ÓÚSjÅìfÆ´½Þ$R„Ï# w‹×Ö8]Œ Ú^PN>UKgÙšq-•|´Ë´Ù²æl©n1ÝÁ†€¯°::ŠÚjÊ ð­¼ø € ÐA * Ðzž„"Å‘I0…çxZ‘Í0\EFI\BOOT\BOOTX64.EFIÿ€†H­?QñâRtÏ}ø7î ÷ºØ?‡”äd%0©¦$.ˆRÃzI}}N|fÕB ÐÈÆ›ΰôkâ+’RhNq@(‚F¦­º±6Œˆ<Ýäé‡bÌgˆÙM ËÓ÷Ê)ÒÖ¯à€Èü¤˜Ó\º!…e¦6]Úö æZÀ¡Ú·íÄD‚Sâ×VÙÌUãÿ_ƒÎõ;mÑRð@ ?ä%VSËe¬ð†&O[ÉíÊX-Æ…=1¦¸éË:¹™Œ„ƒà ÅJ^I+ó êl§;˲×:=–E£¼ÚÐgeodb0‚ 0‚õ FÑ»#Ù`ãb)2Bb0  *†H†÷  0‹1 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI DB Key v100 200806194855Z 300804194855Z0‹1 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI DB Key v100‚"0  *†H†÷ ‚0‚ ‚ÐÌ‘î䵸TéEg“"^5ðËÀîã€G†+ ˜ºq5Ge×Ió˜•Ñ9pòû…‘I?Ùû쬅D ‹Å=‚T3dÀÌ„Ú;É‘<öÇj–¼Ÿ®"âöä ºïîÝaØ™û÷FKÁ¿TÞ¤/¨Âï"ÜNÓKjÝi’lvrhÔÄç«a–uô x¢I¤oÐt>³Åâmä’¡¯Û0DŸc„@W„réžÜ'®d¬×Ë+L,©ÿ>3ø&w$páb½eZ­§UçBr Õ˜ÄiØàÃlLÆ~ÿ¦‡$s3qS00„ÂÅZÂéSp¯ A ðÞ_PK³jôßtØT-¢K£k0i0Uÿ0ÿ0)U" KN²qXØÝJ[·`õgGÁ_ÚùMƒ ~YÉKZ'$0+U#$0"€ KN²qXØÝJ[·`õgGÁ_ÚùMƒ ~YÉKZ'$0  *†H†÷  ‚ŽwÕwY‹ùó×U¢þY9Š8Í+9=zm³_ü±‹ÌÂü˾:-§£|nÊŽ2ë®Bž)?ýœ½7vR÷çÄxb«ñ< \Ó¤!-µƒHR*l½ª®EÈ´“YèÙDžüx rðüÝæžÓïÖZC!³0ÅíÄý«œVlÚ!}Îów0Ø’ý”¹µ>˦н•6R 3öâüëZ…×£…ïíßÍ‘ŠÝ‘ù ¡‰bÜs)¡¯{ó²%¸ üå[Éš—W8¤ù`¡›¬à?<•Õ÷û¿Wö¸+ªÇÊšCM¡‰ì»±ÔÀßþ®ÀHåSËÓD¢6îRMmÌ2³õ¼¯ ¯„ûQ°XvוfG[´#ó€-w å/ž=§ŒA‚T E®éà õûp²Î„“ÇSˆÓ¹ 6.p¾—)ßeµ7TýÝn—úñ–¼n ’ž ;²Ôqÿù{€»Ütˆe"bf•grub_cmd: defaultA=2 £Ò—¡zÎ-ÊÍ`BÑÌØà D ?§÷M 2µ"GzÒ—ÇH„*ΚãáÍËM[µ§Y¶L g ò×AÌ<ècítd&¡ñ©˜¾Ÿgÿ«ß¡òÛv–ˆX¨\5‡W[AcuŠÄÇŠgrub_cmd: defaultB=3 ¼Ý‰“Èçê2Yxm/Ì{f&í)› –aد2ý-mÇ¿`‰ðtë3.åÙsR¶Å\¦Íʪ Ãp–I´ZÈ:óf\LŽ‹*¦¤'ÜAªH ¯·ùU‚ㆥ®¶`.”[äö¶y²Î¢‘Ÿ"grub_cmd: gptpriority hd0 2 prioA ß³¹ AË牕Ü^$cpïfØAæ ÁǶÜz6мuÀ¾ö›Ü'}tÊ8Ðì(D²¯? ²Ì¥CÌ>YNu×`h²5ÐF$¯¼fœ¹ÿuòtc´ô¨ÖSê‘C‰Š‹wa¡r½ £"grub_cmd: gptpriority hd0 4 prioB çh>‹ μŽGÓÓt;&@ oØÞ¬Áƒ³­ö±95Qay’•wÒ`”§öŽ{‹Dä4 ºR^Å!œÀò…Š„£ âˆ[=¸K¡­»zl+ÈHk÷…j­^†^ó;ÜLxÚªägrub_cmd: [ 15 -lt 0 ] )k' áþdQJ¦=qgˆá„ Iýú¬]Ž$8*a}  ÀÎZµè3T’ýÚs]zxÔ9¿ñ ýù8Éø1g¼±ê\(³bŽ„Nþ «ç¥ý‚Ä«M)*È«ÒçhmoÀ& b‹grub_cmd: set default=2 OD¤§§R>cwê–Ó‹6»l"Ø Ó§“ôq¶¿è׃õæ)1L­GcÔ‰†¨ÍMòTu3K@ô› Tƒm4e3°ÈÇÌ&0‘ŠHl¤DAmÕ¢gã70¸˜ÆÝz%†£‚¬@‘Â"grub_cmd: set timeout=0 5ÌLfè|¾2Œ<ø[¼òKîïf ëƒmœßAAnqŸ§Æbààe´ÛöˆªÓáÆû>ã b_ŽLó~,Gû¾HÈw*Š/Nô“¹2%ŠàŽ;$ˆ¸. %]¥e¦¥'Üâh™D×grub_cmd: menuentry local image A { linux /syslinux/vmlinuz.A init=/usr/lib/systemd/systemd boot=local rootwait ro noresume noswap loglevel=7 noinitrd console=ttyS0 security=apparmor virtio_net.napi_tx=1 systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 i915.modeset=1 cros_efi root=PARTUUID=EF8ECEE2-2385-AE4F-A146-1ED93D8AC217 } .àq]+»èN’‰> ¢.e°Ÿ ü®zc²¹NTÅ”#ÇD3ÄzHMÏx\Þàw àídTÊ€ùõ+ÕŠ>91Qˆþ ÎèK+ ƒ~J&¬•ø&ûÖ­*}F¼®ƒl¾Ä[×grub_cmd: menuentry local image B { linux /syslinux/vmlinuz.B init=/usr/lib/systemd/systemd boot=local rootwait ro noresume noswap loglevel=7 noinitrd console=ttyS0 security=apparmor virtio_net.napi_tx=1 systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 i915.modeset=1 cros_efi root=PARTUUID=F5FE28E7-7FE9-9C44-A50B-2325853343D8 } iEa–ýí}ß•ö ½xÇTîˆ ½7òö 9GÅ^­ÿ•Z—( òXÐL™LñÇèªA ˆØˆˆ™ÆÛDð@[?0I_rÊ—?«=:Øô¼÷šÃäæ‹ùõkèL¤o'›-AÈDgrub_cmd: menuentry verified image A { linux /syslinux/vmlinuz.A init=/usr/lib/systemd/systemd boot=local rootwait ro noresume noswap loglevel=7 noinitrd console=ttyS0 security=apparmor virtio_net.napi_tx=1 systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi root=/dev/dm-0 dm="1 vroot none ro 1,0 4077568 verity payload=PARTUUID=EF8ECEE2-2385-AE4F-A146-1ED93D8AC217 hashtree=PARTUUID=EF8ECEE2-2385-AE4F-A146-1ED93D8AC217 hashstart=4077568 alg=sha256 root_hexdigest=795872ee03859c10dfcc4d67b4b96c85094b340c2d8784783abc2fa12a6ed671 salt=40eb77fb9093cbff56a6f9c2214c4f7554817d079513b7c77de4953d6b8ffc16" } ŒïiG‹qœÂ6,Bÿçý” À¸ñ˜Ø‰¶é-ÿø™ñHþqŽ YòpWésá=Ò iž¡ëCþ¤¹ÀbFä¾Ý\O‹ô=¼O+N˜Œk„ÇAø²±5^½ßb!·æeo¼­5Dgrub_cmd: menuentry verified image B { linux /syslinux/vmlinuz.B init=/usr/lib/systemd/systemd boot=local rootwait ro noresume noswap loglevel=7 noinitrd console=ttyS0 security=apparmor virtio_net.napi_tx=1 systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi root=/dev/dm-0 dm="1 vroot none ro 1,0 4077568 verity payload=PARTUUID=F5FE28E7-7FE9-9C44-A50B-2325853343D8 hashtree=PARTUUID=F5FE28E7-7FE9-9C44-A50B-2325853343D8 hashstart=4077568 alg=sha256 root_hexdigest=795872ee03859c10dfcc4d67b4b96c85094b340c2d8784783abc2fa12a6ed671 salt=40eb77fb9093cbff56a6f9c2214c4f7554817d079513b7c77de4953d6b8ffc16" } 9QÂTa¦Þ@üµaSÙÿ´˜± kâÔê¡„Ñ…8k4±>žÏHF»ÅŠÌ$Ù¹HßI'O Íyàbö¡^܈Ǽ‰µ€Þ¹WS¾ÇQÉÒËß>Ý£^ke‘Êq¿Ücl¦-™wÿ×grub_cmd: menuentry Alternate USB Boot { linux (hd0,3)/boot/vmlinuz init=/usr/lib/systemd/systemd boot=local rootwait ro noresume noswap loglevel=7 noinitrd console=ttyS0 security=apparmor virtio_net.napi_tx=1 systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 root=PARTUUID=EF8ECEE2-2385-AE4F-A146-1ED93D8AC217 i915.modeset=1 cros_efi } —’ÎbYüð /¦ìHáÚ  @–îa¢=äÛÆyY8éÓŒªa’s¯Ay¾R#z¼ "·Ñ`E4ÊÕN ßÇéçéA½d‘ÚBh êË.c¨~ÿ¹¨­á«ˆ¸·¢À;Âpc"Š%grub_cmd: setparams verified image A ¢ˆY+]q&‰õyV!\vF&/ÑpûE‡9õZ%IˆEŽ[^ ãšeâOYO€»ºŒY˦<ŠC㪃 þëÚ¨×N˜ )uö|Šž0¾òE­yìgrub_cmd: linux /syslinux/vmlinuz.A init=/usr/lib/systemd/systemd boot=local rootwait ro noresume noswap loglevel=7 noinitrd console=ttyS0 security=apparmor virtio_net.napi_tx=1 systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi root=/dev/dm-0 dm=1 vroot none ro 1,0 4077568 verity payload=PARTUUID=EF8ECEE2-2385-AE4F-A146-1ED93D8AC217 hashtree=PARTUUID=EF8ECEE2-2385-AE4F-A146-1ED93D8AC217 hashstart=4077568 alg=sha256 root_hexdigest=795872ee03859c10dfcc4d67b4b96c85094b340c2d8784783abc2fa12a6ed671 salt=40eb77fb9093cbff56a6f9c2214c4f7554817d079513b7c77de4953d6b8ffc16 7ôñ¶0nefYØËzîB"jöc˜ èsò£mf=ýÜäP/llý‚‡•u˳Åâmä’¡¯Û0DŸc„@W„réžÜ'®d¬×Ë+L,©ÿ>3ø&w$páb½eZ­§UçBr Õ˜ÄiØàÃlLÆ~ÿ¦‡$s3qS00„ÂÅZÂéSp¯ A ðÞ_PK³jôßtØT-¢K£k0i0Uÿ0ÿ0)U" KN²qXØÝJ[·`õgGÁ_ÚùMƒ ~YÉKZ'$0+U#$0"€ KN²qXØÝJ[·`õgGÁ_ÚùMƒ ~YÉKZ'$0  *†H†÷  ‚ŽwÕwY‹ùó×U¢þY9Š8Í+9=zm³_ü±‹ÌÂü˾:-§£|nÊŽ2ë®Bž)?ýœ½7vR÷çÄxb«ñ< \Ó¤!-µƒHR*l½ª®EÈ´“YèÙDžüx rðüÝæžÓïÖZC!³0ÅíÄý«œVlÚ!}Îów0Ø’ý”¹µ>˦н•6R 3öâüëZ…×£…ïíßÍ‘ŠÝ‘ù ¡‰bÜs)¡¯{ó²%¸ üå[Éš—W8¤ù`¡›¬à?<•Õ÷û¿Wö¸+ªÇÊšCM¡‰ì»±ÔÀßþ®ÀHåSËÓD¢6îRMmÌ2³õ¼¯ 9…/⡬~S3P]lâ öð… Œ~döVGø¤Ûo³OÕP$s½Gw³&›Jcd _؈MhZË$ ‰Äîïë«f<4“k1½Vu¼­‡•ÞÑ¡û¥ð†Hß ôzkernel_cmdline: /syslinux/vmlinuz.A init=/usr/lib/systemd/systemd boot=local rootwait ro noresume noswap loglevel=7 noinitrd console=ttyS0 security=apparmor virtio_net.napi_tx=1 systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi root=/dev/dm-0 "dm=1 vroot none ro 1,0 4077568 verity payload=PARTUUID=EF8ECEE2-2385-AE4F-A146-1ED93D8AC217 hashtree=PARTUUID=EF8ECEE2-2385-AE4F-A146-1ED93D8AC217 hashstart=4077568 alg=sha256 root_hexdigest=795872ee03859c10dfcc4d67b4b96c85094b340c2d8784783abc2fa12a6ed671 salt=40eb77fb9093cbff56a6f9c2214c4f7554817d079513b7c77de4953d6b8ffc16"€D:k{‚·¯VO.9<ÙÕ£ˆ·úJ˜ Ø=k{…­5Ž³¶®j‡:·ï#¢cRÅÜOªZîÚÏ^´ !K ïyu`4Hwt?Ü*S‚ºÆçbÖ$ÌóöT@|K­÷Øù)]ÓÚ½ïe²vwàExit Boot Services Invocation€GUEÝÉx׿Ð6úÌ~.˜HŸ µOuBËØr¨ꃛ+t|~½^¦a\@ô/D¦Ûë  .È]êç¥0­Œm ¨@ º¾l‰‰&ž• Œô@Æé—i^dÔUÄJe,Ѐö# t(Exit Boot Services Returned with Success2¼ 0‚80‚  \’¿=Ì^èÖpE]ðAw0  *†H†÷  0¹1 0 UUS10U California10U Mountain View10U  Google LLC10 U Cloud1X0VU Otpm_ek_v1_cloud_host-signer-0-2020-10-22T14:02:08-07:00 K:1, 2:HBNpA3TPAbM:0:180  210831231105Z20510824231605Z00‚"0  *†H†÷ ‚0‚ ‚Ë­oœi‚$CJ†›V»i–]UIYþ`®+1éÁtM-EU¿8 ¢t]|4ù"x³YB0ŒéˆH¤¶O9è8û{gØõn¶&Xä* #¤­î^tö½ãbö>ÿ”ë Š‰EÉ59á“bhÔõ÷‹z¡h¢؈a†Œï­hù¿YáqYp<Û¡ÄÍr—4Hž_ÐçšëïCe>]VòoÆuVE ŠÊÏRšÉñ¦ÇM3³YúTwWcà ³Ñ Šx>U4ºA^\IDi§ç»€?jB×3±\ ý92DØã]™±$‡MXæ=g£‚í0‚é0 Uÿ00U#0€ÍqºX² Q£(e¹–ž» “0V+J0H0F+0†:https://pki.goog/cloud_integrity/tpm_ek_intermediate_2.crt0KUD0B0@ > <†:https://pki.goog/cloud_integrity/tpm_ek_intermediate_2.crl0Uÿ€0U% 0g0"U 00g10 2.0Ž0QUÿG0E¤C0A10g id:474F4F4710 g vTPM10g id:201605110z +Öyl0j us-central1-aZG\i google.com:wuale-gcp-testing^Sãû¿ƒÅ cos-test  0 ¡ÿ¢£¤¥0  *†H†÷  ‚ZWÑFjåþýèc™:ÓH,p¡}¢cŸ} ¡b'¾çJTÿ§‹bÅëiFÕ¦ìõžEÐúW¡‹Ûègø7€QáOž6:Z9rfÄ+6i”€ÇÖ¼d,ãüÕRÙ½À‹>ƒ¦æh HÙÃíŸ0³¤F2 ëÔ¼ƒí…|VÚ(ÎJî Ã>¹ÿ”ë Š‰EÉ59á“bhÔõ÷‹z¡h¢؈a†Œï­hù¿YáqYp<Û¡ÄÍr—4Hž_ÐçšëïCe>]VòoÆuVE ŠÊÏRšÉñ¦ÇM3³YúTwWcà ³Ñ Šx>U4ºA^\IDi§ç»€?jB×3±\ ý92DØã]™±$‡MXæ=gó sÿTCG€" ÞþKJÞ/‹zᛊˆ—àËw®Aw1ØÎ8i~ÄöÀ•  éæk·  (ÿÿÿ ý£'Ôº]Yxþ:#ÛG–@PèrcžõÖ©œ<Ê9åm‹† lŒò]þ3DE3¢,;t 픘cú¶ÎÈ?()•Vñ°üEÚâl»‹H€cÊÃS9j¸fƒkÍ"?nk1~êç—¼&üm@ôe÷ãÏO¡âùYè^Y„»L2@ÕšÓŸC3™€>=؆û¨Û³q °—h_üa}1qvÒ û >äSu¯5ks‚X&í©h•üS¨C—~¼¤}㪂Öá"¸¢„Û‚Ÿdx…Í(Gê‰Á Š(~­A˜ËõC-E^Ä–ïö-%Ø8Oj ] +)CH¾ öy‚o‡|,á¯I¨TËM¤Y&F#gâ“Júy\% dIªÜ÷Û•ðŠ®ÿK½ºˆò æUƒÑ~¶˜õpH¦¿Þýï;b̘ ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ²¨;¿/ƒt)š[+ßéU­r6Bæi#?‚mõ :¿Ö™Œ òÞˆãéáÙÞ¬Ù[(›»Ó¡qzW¯}!²¨;¿/ƒt)š[+ßéU­r6ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿahÉΈ¨e‰ òÏ/ÓÆ»ú·›À2õ»o–°GBýKMýä–ó  ô<­†,9®ãùŸ¢p¹rS;®_ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ@™÷ µ¤è̵ò;É€ï'#6²¨;¿/ƒt)š[+ßéU­r6rw‹ £Ä‘Û%ë|ƒh˵ äXÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ “ sÿTCG€" ÞþKJÞ/‹zᛊˆ—àËw®Aw1ØÎ8i~ÄöÀ•  éæl  ( ÿÿÿ ‰7˪òŠøZ[ —ç% z ”à_Í¡¨.ãûk.† -Ù„ÎÐúë‡ì<Ôn%Œ‡±½‡;|D˜TU3;ç`ܤÕ> &Ü~²iûÈãžl6Ì'ïÜúÝÈk©>›ùÿõ[1ì¤ krã¦W>"ÿ)k/§QqKðMõèÂ/Q>¦M Š $ì;αi&q$j{ Ö¼æh?:w*¡KlÊÙùÃÚuÙ ¢PµÅ—Ô+MÊ]©M6Ñ5u‹Êrp©,ñ6hÒzZáTù÷wÃ5ê?,ç¢U|<u›9ëk©+/Ò^+óŠå+LÜ÷áH”}Ò(Dk'*ßiÓ'jMþèª%QP°A¹Ûgž×CتK›%l/¹ˆ;wÉÞ;E ’ $  $  àŒøv4"ÅíâͳE•¹+×Ðk‹½`µM.•±K c$ ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ$ $ n´[kúü¹‘MHl唬ÒKÁ:jÞG*Ëû]a VxKŒ}ĨIRLS²£‡¤Ög[ù[ ê;Tö}®h„˜ki»ÃN42óUî cxL)½%|=tp D,ôqlðPµ,xBfÕá'ô9ŸŠt'±7«M¹—jù¿s}Ã5Õòù”°µ®R4ùk`(ÖE£p8§ÔÕ&|þú¥~t/BFΔË'ö·)/j c›‚Ç ¶ó¯­U{(£É¢»!›ÿ âSŽ\Wï” :h"Q’  40„MqÓ£µÞ–“Uâ ´Ö·ÊÒ‡ðÛ¸ƒí cr¦Æ\jÐ.ˆ—®\2s¡40Q‰#°ùUРwÉj«¥"¹ÞÎÞařΦĉϾ¤®MPR–þMý¯¶^•¿#Ä404040‹vÿ”:äBË"P€ÍñåIír ÕèoQH€—j‹£C‘ ¢(Þ‰Âÿwÿ@40Q‰#°ùUРwÉj«¥"¹ÞÎÞařΦĉϾ¤®MPR–þMý¯¶^•¿#Ä40‰åëtî|.·:¨OÜú_¢y­\Ä(¶”WQ˜¯¶Ýøûø@¢Î­c4 00ŒNŠ&TË úÑ"}Š*ý?z”sßȪ•k0¾†nš¾õãHD¼Y%}¬&4040ù|:ªâs¢uÁYZÉœwB_‰e ‘J4‚‰pß´ŸžùÎk$eì(eévÈ«Æä40ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ4040:^³q‘³–·N ”É uéê ÷´pHÁœ@õè ÉV†ÄŽ¼¯·fÓ̉½­#40FÎ% [=§‘|^·§.nˆøø0D[™7’ \Ö(Ûic†S«©Ç ñÇGù40Q‰#°ùUРwÉj«¥"¹ÞÎÞařΦĉϾ¤®MPR–þMý¯¶^•¿#Ä4 040ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ4 0%»U—|D ë8ý¯oL/ÄÍ¢< ¼‰­©9ŸR §4/(º>•:±xbsù àèD|4 04 040ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ40ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ40ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ40ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿ¢»)Spec ID Event03 0?p‹Û¯òfUµ@6GL  Ðüñ2¨ûõ¤á¥Œ×MÒ5}çP;[jýZy‰©Ž¾ m±‚.BÏ’4ö§ŠÅËIô›ÁÄ9?71a!‹¶ߊ÷¦ŒΦ‚ae‰¿ c0GCE Virtual Firmware v1+líÑca—»Á¯ª€ÌnÍ> jÉ$H¨ WU¦;Íe¹öÕrn’]Èi»F”(Å gã,8%ž¤€’4ÌϽ'…Ã+Þˆ(3»mö½˜šIôVcæ<á™üÐP, GCE NonHostInfo€ÔýÑñM@AIMëÉÄSCÒ'} ÌüK³(ˆ£E¼ŠêÚºU+b}™4Œvv«1Aõ°@¤ ,ÞÐÆôSÔÆõœ^ìa«Æ°1E@¢6|º2jRª+1\ÌÎh¨Î Æï*Çå®5aßä‹Ê“Òª à˜+Œ SecureBoot€‹tC!5Ë’T¨ÊÐÂŒÛø7 bÑÅUÛóRµÙà›Ot#®pmÚ×vt(¥ã”Ö z q‡,ÁW´›1ÊýWuÎusC¶¡*»k+é»&“¤aé̦¹ÏðTì°ômaßä‹Ê“Òª à˜+ŒIPK¡YÀ¥ä”§J‡µ«\+ðrI-ÒúÒˆ¤G—’[ªG»‰0‚0‚ `õþøía^JiØUR^0  *†H†÷  0‘1 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI Platform Key v100 200806194844Z 300804194844Z0‘1 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI Platform Key v100‚"0  *†H†÷ ‚0‚ ‚¥I y-Gõ÷w‰|ΛåëFƒ?º÷Hï`œ–ßü;&å=PjlªÂMÄ»3® 9&‘tÒõèÌàÓiAaz(o6<½Š;ó'HÒüdÿ«µ´§Uÿ™FÂ-?œù2<¢ÑÙ}a¯Ñ ¯Â{¶óU­}CÂbÍ­Ù(Á_æƒ6Hòìó­/̾h½OFÆ;\_j$ÏO)¸`Tdì¢Q™ç¤#$ˆÞÆ9¿öU œtÏ\óŽŽ”/¼i¼ úËÝŠŠª<tŒØÍ¥’ Q7uRÝ×øõ—T cÞ§qŒ ‘{?=l¦\8âø h2ìXI[ÎÒÕÊ €à£k0i0Uÿ0ÿ0)U" É4ø­¬ÄèíJ™~Ú•æl0½#„á™ÐìK$ÙvP0+U#$0"€ É4ø­¬ÄèíJ™~Ú•æl0½#„á™ÐìK$ÙvP0  *†H†÷  ‚;>f¢Å½¸;izÃF½ dLe–0îÛÜx­ &ï:kyb–nž <-ëïzÖêÇÒ\Ù›Ý6ÚtióœHi7À9÷)¥hoŽúHáÝÀÏ;jêz?üõ>DX²Ó· `ð­§°¤íHîmÌlµ2ƒÁ×í¾2—õxv‡ARá óø〆֒>EÁ¤®­žf j= 1š”xþu#¶ñÌAùOBž†ì›üŒ×ö`0±¦·­žá?RÅÓû-• <Á3:¸VÕ×¾ÀúV‡x¸aÚåm‘â13cÌÂê(m¿¢£å´ø8#y¨tkºµk”`’¾€p½R¾~P}þ>’B"mÍÿS ñ ‰Mmwm‰k’Ýe†“êUpêAõƒ³ðx®UQdP ¿a%B¥ƒ-vKhiKdê{iïЃ)Nž>T­D-˜\'°xÃfùD¬–jãW‚¯xaßä‹Ê“Òª à˜+ŒRKEK¡YÀ¥ä”§J‡µ«\+ðrR6ÒúÒˆ¤G—’[ªG»‰0‚"0‚  ¬Uyi'å­)P´£ñÔ3ª0  *†H†÷  0•1 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS1"0 UUEFI Key Exchange Key v100 200806194850Z 300804194850Z0•1 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS1"0 UUEFI Key Exchange Key v100‚"0  *†H†÷ ‚0‚ ‚ºd"x:Wf×=àÃ#Z¨‡DÁk\ü*Ñy•˜µ¨heÍâøÕ\+¾¢A³Åâmä’¡¯Û0DŸc„@W„réžÜ'®d¬×Ë+L,©ÿ>3ø&w$páb½eZ­§UçBr Õ˜ÄiØàÃlLÆ~ÿ¦‡$s3qS00„ÂÅZÂéSp¯ A ðÞ_PK³jôßtØT-¢K£k0i0Uÿ0ÿ0)U" KN²qXØÝJ[·`õgGÁ_ÚùMƒ ~YÉKZ'$0+U#$0"€ KN²qXØÝJ[·`õgGÁ_ÚùMƒ ~YÉKZ'$0  *†H†÷  ‚ŽwÕwY‹ùó×U¢þY9Š8Í+9=zm³_ü±‹ÌÂü˾:-§£|nÊŽ2ë®Bž)?ýœ½7vR÷çÄxb«ñ< \Ó¤!-µƒHR*l½ª®EÈ´“YèÙDžüx rðüÝæžÓïÖZC!³0ÅíÄý«œVlÚ!}Îów0Ø’ý”¹µ>˦н•6R 3öâüëZ…×£…ïíßÍ‘ŠÝ‘ù ¡‰bÜs)¡¯{ó²%¸ üå[Éš—W8¤ù`¡›¬à?<•Õ÷û¿Wö¸+ªÇÊšCM¡‰ì»±ÔÀßþ®ÀHåSËÓD¢6îRMmÌ2³õ¼€ÓfŠq² Ÿ_¸B7 M´Ã×Þw 9¾ÿOCH¡¶—£™„GŽ‡CìòdJ2ÛÑ'&æâ ‘OržžpÌ0“);PÞcÖè£úÑá4[è– Í›mZ$rŠø?é¿Ôœx”¸“˲×:=–E£¼ÚÐgeomdbx¡YÀ¥ä”§J‡µ«\+ðr˜|ÒúÒˆ¤G—’[ªG»‰0‚h0‚P  ªŸ²° ¨0  *†H†÷  01 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS10UUEFI DB Key v10 181208011941Z 281205011941Z01 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS10UUEFI DB Key v10‚"0  *†H†÷ ‚0‚ ‚­gÕ8?––”"N‡&‘HΟeé¼u%Péìžì›ßx„ô0Ù6ww×kÃs׋ý& SIþô)M™‡ÿm#w(/ùþÅØ —µîÔõ)ógM”b¸MM[ºíÆshV¦°‡`HâEø'uZ™œêÍt$ÞàÖTñ‹á½(5GìÅ—è7È*Úl;¨;g1*/9²èUüvy´X+˜L[Xü"Æì^*ìð.R»Ówu![¤hW&<isËYŽLŠˆ@Ð_†e³ Þ"ÕÚ]]Õã‚*Y5Ü”MšIJ¤ÀÚÄgW¤q¸=ƒ5hufÿuio¶¥2 C^ ‹£æ0ã0UÕÛšgd3Fˆ°ó2‹öä”Z8ð>0³U#«0¨€ÕÛšgd3Fˆ°ó2‹öä”Z8ð>¡„¤01 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS10UUEFI DB Key v1‚ ªŸ²° ¨0 U0ÿ0  *†H†÷  ‚'kÛ7)€)5FügˆG£5T*Ê*µ£Æþlªà¿°¡Ñ~"µñ¼S íÓ» :eü9è÷c-¤êE¿ŒªŒ~¤ýdNÄ\œS`‚wWv:F ²÷‚¦& ¼‘· ±{­-P³‘ÛŠ¢×ýÞGÈM.Äs­ŒWé‚„žá q]2æs–ñ£[…â}a†eTœ«D#ÚWûÈ`‚*!ˆ°Á=£žhl8=䲃áÌGP‹Ã^eÃkݸ.˜ä~¸¤ŠÚòÓ*‰Î(âÙýúÄn1¤g…P¨ŒÌŠx–ä~çêcy-~^«¬~â1ot¹óίÃâľQaó8¡YÀ¥ä”§J‡µ«\+ðr¹ÒúÒˆ¤G—’[ªG»‰0‚‰0‚q  ìæßûÕ[º0  *†H†÷  0‰1 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS1!0UUEFI Key Exchange Key v10 181208011940Z 281205011940Z0‰1 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS1!0UUEFI Key Exchange Key v10‚"0  *†H†÷ ‚0‚ ‚Âa½Qú|”68»ÊpeÕ$3YÇ‹äýî—¤\ílçêÍyH,‘¨câö¤¼é(‘¦]iÞ¬Œ :GlÈÁš@ãÄÔ_Œñyiºå'ýw_qǟߧ]dEéð6ozOÏEâèíÒ‰‰ûA•ß»Á³úÜï ±ñ;ïcgW$à‹_jAÖö/>Ébdy·s‚è˜×ý+îy~q"Ë­®ñok(Ábßæõ#ðOóšVÚ™]‡ÜYö÷9&’m§.-ÉЈQ]„´ÂSƒ N­œêF_@í$ÿàþ0õ¦pµ; ‚frp®•Þ3†ÿe"šôËZÜ{£ñ0î0UªZd­…‚Ì—ºõãt][Ë;A›0¾U#¶0³€ªZd­…‚Ì—ºõãt][Ë;A›¡¤Œ0‰1 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS1!0UUEFI Key Exchange Key v1‚ ìæßûÕ[º0 U0ÿ0  *†H†÷  ‚ZÇwš­4Ãí8ÿ9Ê+^2Áä%‹Â.àÀaƒÔù¤¶‘/.ïZóh¢Ã°ïÉLêìëÅL×0tŽ 7_‘2U,&¨¼‰Ø+žq¬$‹'P)6/R -ÌDñ5«QŽàÍŽÁ;·ò-ïŒHÅ‚hi˧g»°X$_]Å‘Ùêý.GÌ<ºúB²Øþ®šáUàóÛ²0éM ˜ âëªS^º 7è@ “Æsý;‡·¯Yâæ\W ìÛëÔ&*d<.¸r I¼‚¼±#Ò²¶°/!û²¥oÌ#ýÝ%Í(`’¡YÀ¥ä”§J‡µ«\+ðrçÒúÒˆ¤G—’[ªG»‰0‚Ó0‚»  Û—°Ñ¿Ôqñ0  *†H†÷  01 0 UUS10U California10U Mountain View10U Google LLC.10U Chromium OS10U UEFI DB Key v10  180427150637Z22180310150637Z01 0 UUS10U California10U Mountain View10U Google LLC.10U Chromium OS10U UEFI DB Key v10‚"0  *†H†÷ ‚0‚ ‚µ³(o+ \(çléÏ0P¶¤uûœHѾ„Û_Ô 5§m´j¡NeטQ|`ÄŠŸ7_,qõÒBEú› žhõ5”Êô{Hƀlíȹx–Ð +±ÇLy­g!`Ը撳ü±F›äå*‡=EOÑ­n4Y{’ÛJ‘c?°ð<©|3¾©‹7srGô)ÈRQ ßì!âöWdÄ=t¡dï SŽzŠ.‘ÄCc-µõzÝ3m@>wìÌyŸ*À×Nq‡p+‹ûS)U0ƒ;Ðbÿ`ërÀ {™ ›CïÚ2CGZVtžñ ÌT ˜±O:I£P0N0USº1ˆô+اª€ªÉ›ã4jo0U#0€Sº1ˆô+اª€ªÉ›ã4jo0 U0ÿ0  *†H†÷  ‚²8÷ Z:u¨·AÎ)›ÿ‡ò£´( ¥Âþñg^ÇÕQ—“ ‹ýF”fâzÓ²½Z—Zj¦õŸ¸„)–ˆSHЭO®ø¶íFP…ô-¹4;Ñ-—šÞ5IÎäHTÏ› GjáwoôZÐßCš›h^€!€ÉÇ+BŸ¬‚:ÄIýÝmÓ‰j²*ž~öë-½ä»»ø„'o!…cÜŒS@[a.’ÿë/ݦµpL»/f{b?µ rRC§ß —t7D5j£ß&9Ѳø? ¶lÛoí½t [QIÇG£¨œƒ`O©ÀBSTæÁeóNË´÷vY¡YÀ¥ä”§J‡µ«\+ðrýÒúÒˆ¤G—’[ªG»‰0‚é0‚Ñ  ¨qž9¬c0  *†H†÷  0‰1 0 UUS10U California10U Mountain View10U Google LLC.10U Chromium OS1!0U UEFI Key Exchange Key v10  180427150637Z22180310150637Z0‰1 0 UUS10U California10U Mountain View10U Google LLC.10U Chromium OS1!0U UEFI Key Exchange Key v10‚"0  *†H†÷ ‚0‚ ‚›!ÑÏ1YS¯##™3æ¹°¾ƒA–Iå©‘œ'“e–P¤Ú-D¿ÔÈ£ýÕïÛUäà÷÷—$nä1°œÐäåD9¾}°Ÿ@†5T£1¹U¾ˆÃÒe›Ä§öp²Ù„HÆ€ŽPOd°;ÈËñ¼/$ú󴼆òœÝ¸RåÔ:vpÄ7 Ò<=&rÞ¨éìSÒsnŠiº5é“Ä@~Y$Oð%¿îAVp\Ê¿Ä‘]a#Tæ~½¤jŽ?ÖêMs-D~3 GcD‘ScÄR{?ª·º´À\ÔF§^ú½¶¬tГ™tB™Sç d=±=±ÞsÁ°íñ»G£P0N0U¹Ni¯Ü“<ÃYŸ?ÕyÄŒ[í0U#0€¹Ni¯Ü“<ÃYŸ?ÕyÄŒ[í0 U0ÿ0  *†H†÷  ‚}Ï߸¤â1vbI²“èÑÒîlHrAB`©~Lï3WwšP:vq0åf>µG4š@hsIWúój¥c£/§¢ÒJ™ò„EØNt/ÍèØF(ÍÜÝöٌҨˆsA©<]}Ì%²ÞNQëú ëyE¹8bt®K²™l1âˆÃáÏ‘Vîøn™»IÞ,¼!P"4˜2Jô°ìɆkçZYⓨ<ÜÐÌêÉ«ˆ¶øÉÉÏpñ¸:ÎÅy_îŠ/Ž¸ü[—/õÿ!i€°âðg¼dÂc ëZ¤†‹¾í ²Ävúï@ï·}Ëš/Ñ`¤t¦iî5ÓÉ(ûêÌmõ¸iÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ð€£?[_Ö±ÊÝô¤­îz<É-Ò ks  K{-;ž"ÏûO‚91˜GR,O¡u;iP“ R¹ -éF¹G6KWØ! c;X™n*;§Î­T¯®s°…Ñå+ÀOëå| \¡3+6aßä‹Ê“Òª à˜+Œ BootOrder€"¤öîšöÛ 5(Þ¶Ktµ‚ü+ 1—¾0¡` „ä½J¡T¿µFÏ.lö _Œ6*“ #­ Rañ/4 ½ŽFv bÖ´Õv¤ñþ¡ÆKÆV±ÒŽ¬÷zæégÅÒ©‹út˜naßä‹Ê“Òª à˜+Œ>Boot0000 ,UiAppɽ¸|ëø4Oªê>ä¯e¡!ª,FvEƒnŠ¶ôf#1ÿ€5Áy{fÎ0ý^ŸQ Pͽ©É“‡ +ç¤Yã Ç»xˆûX(9‡þ ÑÓÁ¾'kÉév“æ\I ¢S3Ç®Âà™04“Œ‰;<+Êö~ˆÃB£Õ†ö÷úâÆ¡$zžØiˆ mKä—Ôû¶aßä‹Ê“Òª à˜+Œ`Boot0001&UEFI nvme_card-pd ÐA ÿN¬ŸYM…âR,Y²€ÍÛE1¦ìA¾'Sº&7Öå÷òV =gr´øNÔu•×*,L_ýõ»rÇPâo*®âÆV3º w Ú²1+NW¨M†Z!å²îgz!*Ú ˜˜€xÓ×@ö4kþ º©8Ê Cšq(Calling EFI Application from Boot OptioniÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðà€\Úø„r‰\Í sDFÖ–E7 ÷ù>¶»”gþã­jÞl5=â_.>ì1[Æ€M š SH’WºÌ(n×óe]ú‚õ›e= ÿ×›9U²wD @;Yícà'WòEE˲×:=–E£¼ÚÐgeo!dbÒúÒˆ¤G—’[ªG»‰0‚ 0‚õ FÑ»#Ù`ãb)2Bb0  *†H†÷  0‹1 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI DB Key v100 200806194855Z 300804194855Z0‹1 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI DB Key v100‚"0  *†H†÷ ‚0‚ ‚ÐÌ‘î䵸TéEg“"^5ðËÀîã€G†+ ˜ºq5Ge×Ió˜•Ñ9pòû…‘I?Ùû쬅D ‹Å=‚T3dÀÌ„Ú;É‘<öÇj–¼Ÿ®"âöä ºïîÝaØ™û÷FKÁ¿TÞ¤/¨Âï"ÜNÓKjÝi’lvrhÔÄç«a–uô x¢I¤oÐt>³Åâmä’¡¯Û0DŸc„@W„réžÜ'®d¬×Ë+L,©ÿ>3ø&w$páb½eZ­§UçBr Õ˜ÄiØàÃlLÆ~ÿ¦‡$s3qS00„ÂÅZÂéSp¯ A ðÞ_PK³jôßtØT-¢K£k0i0Uÿ0ÿ0)U" KN²qXØÝJ[·`õgGÁ_ÚùMƒ ~YÉKZ'$0+U#$0"€ KN²qXØÝJ[·`õgGÁ_ÚùMƒ ~YÉKZ'$0  *†H†÷  ‚ŽwÕwY‹ùó×U¢þY9Š8Í+9=zm³_ü±‹ÌÂü˾:-§£|nÊŽ2ë®Bž)?ýœ½7vR÷çÄxb«ñ< \Ó¤!-µƒHR*l½ª®EÈ´“YèÙDžüx rðüÝæžÓïÖZC!³0ÅíÄý«œVlÚ!}Îów0Ø’ý”¹µ>˦н•6R 3öâüëZ…×£…ïíßÍ‘ŠÝ‘ù ¡‰bÜs)¡¯{ó²%¸ üå[Éš—W8¤ù`¡›¬à?<•Õ÷û¿Wö¸+ªÇÊšCM¡‰ì»±ÔÀßþ®ÀHåSËÓD¢6îRMmÌ2³õ¼€€õ‰dRŸý÷ºßÊát~§ ~ ÞƒÞŽo8ùYjwËG9\°Ã\PžsmŒµ-nà C4T.&Tæa8x I¦*}ëì@äzPÞ¸îªÍ5Û`Ÿ³Ñ©®ºF.¢¤ð¦°G÷dEFI PART\Cžÿÿ?"Þÿ?é *æjM/™8Ô"̓q6€€Gæ;À ¯=ƃ„rGŽy=iØG}äÑgÓ|‚@OËÀp׫€Ð„Þÿ?STATE]*:þ2O§A·%¬Ì2…£ œ‰S6H•’ÿ»„S õ=PÿÏÿKERN-Aâ¸<~;ÝGŠ<ò¡<üìâÎŽï…#O®¡FÙ=ŠÂÐDÿÏ„ROOT-A]*:þ2O§A·%¬Ì2…£ N-áp1BĽÝâ?šiÐÿOKERN-Bâ¸<~;ÝGŠ<ò¡<üìç(þõéDœ¥ #%…3CØÐÿÏDROOT-B]*:þ2O§A·%¬Ì2…£ è$u®]Fªæ(PTâ@@@@KERN-Câ¸<~;ÝGŠ<ò¡<üìÀZc­²^D3¤¤à¬,_GA@A@ROOT-C¯=ƃ„rGŽy=iØG}äEzn§8þI ˜ˆÖö5‚ÐPÿÏOEM=u .Hž°Cƒ7±Q’Ë^¤zÊ¡VHd€w¢ ‹ Z9B@B@reserved=u .Hž°Cƒ7±Q’Ë^MŸšºKJ¡¬Gõ`‚9C@C@reservedHah!IdontNeedEFI›Àa䂤Dl°ö²‚Ð2·@?@RWFW(s*ÁøÒºK É>É;zž„"Å‘I0…çxZ‘ÍÐÿÏEFI-SYSTEM€¿îÁ]“Yþ ¨µûdQÑ÷>QDÆÓ Û¨ÖŸû$D–¬Š²••ÓÚSjÅìfÆ´½Þ$R„Ï# w‹×Ö8]Œ Ú^PN>UKgÙšq-•|´Ë´Ù²æl©n1ÝÁ†€¯°::ŠÚjÊ ð­¼ø € ÐA * Ðzž„"Å‘I0…çxZ‘Í0\EFI\BOOT\BOOTX64.EFIÿ€†H­?QñâRtÏ}ø7î ÷ºØ?‡”äd%0©¦$.ˆRÃzI}}N|fÕB ÐÈÆ›ΰôkâ+’RhNq@(‚F¦­º±6Œˆ<Ýäé‡bÌgˆÙM ËÓ÷Ê)ÒÖ¯à€Èü¤˜Ó\º!…e¦6]Úö æZÀ¡Ú·íÄD‚Sâ×VÙÌUãÿ_ƒÎõ;mÑRð@ ?ä%VSËe¬ð†&O[ÉíÊX-Æ…=1¦¸éË:¹™Œ„ƒà ÅJ^I+ó êl§;˲×:=–E£¼ÚÐgeodb0‚ 0‚õ FÑ»#Ù`ãb)2Bb0  *†H†÷  0‹1 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI DB Key v100 200806194855Z 300804194855Z0‹1 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI DB Key v100‚"0  *†H†÷ ‚0‚ ‚ÐÌ‘î䵸TéEg“"^5ðËÀîã€G†+ ˜ºq5Ge×Ió˜•Ñ9pòû…‘I?Ùû쬅D ‹Å=‚T3dÀÌ„Ú;É‘<öÇj–¼Ÿ®"âöä ºïîÝaØ™û÷FKÁ¿TÞ¤/¨Âï"ÜNÓKjÝi’lvrhÔÄç«a–uô x¢I¤oÐt>³Åâmä’¡¯Û0DŸc„@W„réžÜ'®d¬×Ë+L,©ÿ>3ø&w$páb½eZ­§UçBr Õ˜ÄiØàÃlLÆ~ÿ¦‡$s3qS00„ÂÅZÂéSp¯ A ðÞ_PK³jôßtØT-¢K£k0i0Uÿ0ÿ0)U" KN²qXØÝJ[·`õgGÁ_ÚùMƒ ~YÉKZ'$0+U#$0"€ KN²qXØÝJ[·`õgGÁ_ÚùMƒ ~YÉKZ'$0  *†H†÷  ‚ŽwÕwY‹ùó×U¢þY9Š8Í+9=zm³_ü±‹ÌÂü˾:-§£|nÊŽ2ë®Bž)?ýœ½7vR÷çÄxb«ñ< \Ó¤!-µƒHR*l½ª®EÈ´“YèÙDžüx rðüÝæžÓïÖZC!³0ÅíÄý«œVlÚ!}Îów0Ø’ý”¹µ>˦н•6R 3öâüëZ…×£…ïíßÍ‘ŠÝ‘ù ¡‰bÜs)¡¯{ó²%¸ üå[Éš—W8¤ù`¡›¬à?<•Õ÷û¿Wö¸+ªÇÊšCM¡‰ì»±ÔÀßþ®ÀHåSËÓD¢6îRMmÌ2³õ¼¯ ¯„ûQ°XvוfG[´#ó€-w å/ž=§ŒA‚T E®éà õûp²Î„“ÇSˆÓ¹ 6.p¾—)ßeµ7TýÝn—úñ–¼n ’ž ;²Ôqÿù{€»Ütˆe"bf•grub_cmd: defaultA=2 £Ò—¡zÎ-ÊÍ`BÑÌØà D ?§÷M 2µ"GzÒ—ÇH„*ΚãáÍËM[µ§Y¶L g ò×AÌ<ècítd&¡ñ©˜¾Ÿgÿ«ß¡òÛv–ˆX¨\5‡W[AcuŠÄÇŠgrub_cmd: defaultB=3 ¼Ý‰“Èçê2Yxm/Ì{f&í)› –aد2ý-mÇ¿`‰ðtë3.åÙsR¶Å\¦Íʪ Ãp–I´ZÈ:óf\LŽ‹*¦¤'ÜAªH ¯·ùU‚ㆥ®¶`.”[äö¶y²Î¢‘Ÿ"grub_cmd: gptpriority hd0 2 prioA ß³¹ AË牕Ü^$cpïfØAæ ÁǶÜz6мuÀ¾ö›Ü'}tÊ8Ðì(D²¯? ²Ì¥CÌ>YNu×`h²5ÐF$¯¼fœ¹ÿuòtc´ô¨ÖSê‘C‰Š‹wa¡r½ £"grub_cmd: gptpriority hd0 4 prioB çh>‹ μŽGÓÓt;&@ oØÞ¬Áƒ³­ö±95Qay’•wÒ`”§öŽ{‹Dä4 ºR^Å!œÀò…Š„£ âˆ[=¸K¡­»zl+ÈHk÷…j­^†^ó;ÜLxÚªägrub_cmd: [ 15 -lt 0 ] )k' áþdQJ¦=qgˆá„ Iýú¬]Ž$8*a}  ÀÎZµè3T’ýÚs]zxÔ9¿ñ ýù8Éø1g¼±ê\(³bŽ„Nþ «ç¥ý‚Ä«M)*È«ÒçhmoÀ& b‹grub_cmd: set default=2 OD¤§§R>cwê–Ó‹6»l"Ø Ó§“ôq¶¿è׃õæ)1L­GcÔ‰†¨ÍMòTu3K@ô› Tƒm4e3°ÈÇÌ&0‘ŠHl¤DAmÕ¢gã70¸˜ÆÝz%†£‚¬@‘Â"grub_cmd: set timeout=0 5ÌLfè|¾2Œ<ø[¼òKîïf ëƒmœßAAnqŸ§Æbààe´ÛöˆªÓáÆû>ã b_ŽLó~,Gû¾HÈw*Š/Nô“¹2%ŠàŽ;$ˆ¸. %]¥e¦¥'Üâh™D×grub_cmd: menuentry local image A { linux /syslinux/vmlinuz.A init=/usr/lib/systemd/systemd boot=local rootwait ro noresume noswap loglevel=7 noinitrd console=ttyS0 security=apparmor virtio_net.napi_tx=1 systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 i915.modeset=1 cros_efi root=PARTUUID=EF8ECEE2-2385-AE4F-A146-1ED93D8AC217 } .àq]+»èN’‰> ¢.e°Ÿ ü®zc²¹NTÅ”#ÇD3ÄzHMÏx\Þàw àídTÊ€ùõ+ÕŠ>91Qˆþ ÎèK+ ƒ~J&¬•ø&ûÖ­*}F¼®ƒl¾Ä[×grub_cmd: menuentry local image B { linux /syslinux/vmlinuz.B init=/usr/lib/systemd/systemd boot=local rootwait ro noresume noswap loglevel=7 noinitrd console=ttyS0 security=apparmor virtio_net.napi_tx=1 systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 i915.modeset=1 cros_efi root=PARTUUID=F5FE28E7-7FE9-9C44-A50B-2325853343D8 } iEa–ýí}ß•ö ½xÇTîˆ ½7òö 9GÅ^­ÿ•Z—( òXÐL™LñÇèªA ˆØˆˆ™ÆÛDð@[?0I_rÊ—?«=:Øô¼÷šÃäæ‹ùõkèL¤o'›-AÈDgrub_cmd: menuentry verified image A { linux /syslinux/vmlinuz.A init=/usr/lib/systemd/systemd boot=local rootwait ro noresume noswap loglevel=7 noinitrd console=ttyS0 security=apparmor virtio_net.napi_tx=1 systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi root=/dev/dm-0 dm="1 vroot none ro 1,0 4077568 verity payload=PARTUUID=EF8ECEE2-2385-AE4F-A146-1ED93D8AC217 hashtree=PARTUUID=EF8ECEE2-2385-AE4F-A146-1ED93D8AC217 hashstart=4077568 alg=sha256 root_hexdigest=795872ee03859c10dfcc4d67b4b96c85094b340c2d8784783abc2fa12a6ed671 salt=40eb77fb9093cbff56a6f9c2214c4f7554817d079513b7c77de4953d6b8ffc16" } ŒïiG‹qœÂ6,Bÿçý” À¸ñ˜Ø‰¶é-ÿø™ñHþqŽ YòpWésá=Ò iž¡ëCþ¤¹ÀbFä¾Ý\O‹ô=¼O+N˜Œk„ÇAø²±5^½ßb!·æeo¼­5Dgrub_cmd: menuentry verified image B { linux /syslinux/vmlinuz.B init=/usr/lib/systemd/systemd boot=local rootwait ro noresume noswap loglevel=7 noinitrd console=ttyS0 security=apparmor virtio_net.napi_tx=1 systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi root=/dev/dm-0 dm="1 vroot none ro 1,0 4077568 verity payload=PARTUUID=F5FE28E7-7FE9-9C44-A50B-2325853343D8 hashtree=PARTUUID=F5FE28E7-7FE9-9C44-A50B-2325853343D8 hashstart=4077568 alg=sha256 root_hexdigest=795872ee03859c10dfcc4d67b4b96c85094b340c2d8784783abc2fa12a6ed671 salt=40eb77fb9093cbff56a6f9c2214c4f7554817d079513b7c77de4953d6b8ffc16" } 9QÂTa¦Þ@üµaSÙÿ´˜± kâÔê¡„Ñ…8k4±>žÏHF»ÅŠÌ$Ù¹HßI'O Íyàbö¡^܈Ǽ‰µ€Þ¹WS¾ÇQÉÒËß>Ý£^ke‘Êq¿Ücl¦-™wÿ×grub_cmd: menuentry Alternate USB Boot { linux (hd0,3)/boot/vmlinuz init=/usr/lib/systemd/systemd boot=local rootwait ro noresume noswap loglevel=7 noinitrd console=ttyS0 security=apparmor virtio_net.napi_tx=1 systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 root=PARTUUID=EF8ECEE2-2385-AE4F-A146-1ED93D8AC217 i915.modeset=1 cros_efi } —’ÎbYüð /¦ìHáÚ  @–îa¢=äÛÆyY8éÓŒªa’s¯Ay¾R#z¼ "·Ñ`E4ÊÕN ßÇéçéA½d‘ÚBh êË.c¨~ÿ¹¨­á«ˆ¸·¢À;Âpc"Š%grub_cmd: setparams verified image A ¢ˆY+]q&‰õyV!\vF&/ÑpûE‡9õZ%IˆEŽ[^ ãšeâOYO€»ºŒY˦<ŠC㪃 þëÚ¨×N˜ )uö|Šž0¾òE­yìgrub_cmd: linux /syslinux/vmlinuz.A init=/usr/lib/systemd/systemd boot=local rootwait ro noresume noswap loglevel=7 noinitrd console=ttyS0 security=apparmor virtio_net.napi_tx=1 systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi root=/dev/dm-0 dm=1 vroot none ro 1,0 4077568 verity payload=PARTUUID=EF8ECEE2-2385-AE4F-A146-1ED93D8AC217 hashtree=PARTUUID=EF8ECEE2-2385-AE4F-A146-1ED93D8AC217 hashstart=4077568 alg=sha256 root_hexdigest=795872ee03859c10dfcc4d67b4b96c85094b340c2d8784783abc2fa12a6ed671 salt=40eb77fb9093cbff56a6f9c2214c4f7554817d079513b7c77de4953d6b8ffc16 7ôñ¶0nefYØËzîB"jöc˜ èsò£mf=ýÜäP/llý‚‡•u˳Åâmä’¡¯Û0DŸc„@W„réžÜ'®d¬×Ë+L,©ÿ>3ø&w$páb½eZ­§UçBr Õ˜ÄiØàÃlLÆ~ÿ¦‡$s3qS00„ÂÅZÂéSp¯ A ðÞ_PK³jôßtØT-¢K£k0i0Uÿ0ÿ0)U" KN²qXØÝJ[·`õgGÁ_ÚùMƒ ~YÉKZ'$0+U#$0"€ KN²qXØÝJ[·`õgGÁ_ÚùMƒ ~YÉKZ'$0  *†H†÷  ‚ŽwÕwY‹ùó×U¢þY9Š8Í+9=zm³_ü±‹ÌÂü˾:-§£|nÊŽ2ë®Bž)?ýœ½7vR÷çÄxb«ñ< \Ó¤!-µƒHR*l½ª®EÈ´“YèÙDžüx rðüÝæžÓïÖZC!³0ÅíÄý«œVlÚ!}Îów0Ø’ý”¹µ>˦н•6R 3öâüëZ…×£…ïíßÍ‘ŠÝ‘ù ¡‰bÜs)¡¯{ó²%¸ üå[Éš—W8¤ù`¡›¬à?<•Õ÷û¿Wö¸+ªÇÊšCM¡‰ì»±ÔÀßþ®ÀHåSËÓD¢6îRMmÌ2³õ¼¯ 9…/⡬~S3P]lâ öð… Œ~döVGø¤Ûo³OÕP$s½Gw³&›Jcd _؈MhZË$ ‰Äîïë«f<4“k1½Vu¼­‡•ÞÑ¡û¥ð†Hß ôzkernel_cmdline: /syslinux/vmlinuz.A init=/usr/lib/systemd/systemd boot=local rootwait ro noresume noswap loglevel=7 noinitrd console=ttyS0 security=apparmor virtio_net.napi_tx=1 systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi root=/dev/dm-0 "dm=1 vroot none ro 1,0 4077568 verity payload=PARTUUID=EF8ECEE2-2385-AE4F-A146-1ED93D8AC217 hashtree=PARTUUID=EF8ECEE2-2385-AE4F-A146-1ED93D8AC217 hashstart=4077568 alg=sha256 root_hexdigest=795872ee03859c10dfcc4d67b4b96c85094b340c2d8784783abc2fa12a6ed671 salt=40eb77fb9093cbff56a6f9c2214c4f7554817d079513b7c77de4953d6b8ffc16"€D:k{‚·¯VO.9<ÙÕ£ˆ·úJ˜ Ø=k{…­5Ž³¶®j‡:·ï#¢cRÅÜOªZîÚÏ^´ !K ïyu`4Hwt?Ü*S‚ºÆçbÖ$ÌóöT@|K­÷Øù)]ÓÚ½ïe²vwàExit Boot Services Invocation€GUEÝÉx׿Ð6úÌ~.˜HŸ µOuBËØr¨ꃛ+t|~½^¦a\@ô/D¦Ûë  .È]êç¥0­Œm ¨@ º¾l‰‰&ž• Œô@Æé—i^dÔUÄJe,Ѐö# t(Exit Boot Services Returned with Success2¼ 0‚80‚  \’¿=Ì^èÖpE]ðAw0  *†H†÷  0¹1 0 UUS10U California10U Mountain View10U  Google LLC10 U Cloud1X0VU Otpm_ek_v1_cloud_host-signer-0-2020-10-22T14:02:08-07:00 K:1, 2:HBNpA3TPAbM:0:180  210831231105Z20510824231605Z00‚"0  *†H†÷ ‚0‚ ‚Ë­oœi‚$CJ†›V»i–]UIYþ`®+1éÁtM-EU¿8 ¢t]|4ù"x³YB0ŒéˆH¤¶O9è8û{gØõn¶&Xä* #¤­î^tö½ãbö>ÿ”ë Š‰EÉ59á“bhÔõ÷‹z¡h¢؈a†Œï­hù¿YáqYp<Û¡ÄÍr—4Hž_ÐçšëïCe>]VòoÆuVE ŠÊÏRšÉñ¦ÇM3³YúTwWcà ³Ñ Šx>U4ºA^\IDi§ç»€?jB×3±\ ý92DØã]™±$‡MXæ=g£‚í0‚é0 Uÿ00U#0€ÍqºX² Q£(e¹–ž» “0V+J0H0F+0†:https://pki.goog/cloud_integrity/tpm_ek_intermediate_2.crt0KUD0B0@ > <†:https://pki.goog/cloud_integrity/tpm_ek_intermediate_2.crl0Uÿ€0U% 0g0"U 00g10 2.0Ž0QUÿG0E¤C0A10g id:474F4F4710 g vTPM10g id:201605110z +Öyl0j us-central1-aZG\i google.com:wuale-gcp-testing^Sãû¿ƒÅ cos-test  0 ¡ÿ¢£¤¥0  *†H†÷  ‚ZWÑFjåþýèc™:ÓH,p¡}¢cŸ} ¡b'¾çJTÿ§‹bÅëiFÕ¦ìõžEÐúW¡‹Ûègø7€QáOž6:Z9rfÄ+6i”€ÇÖ¼d,ãüÕRÙ½À‹>ƒ¦æh HÙÃíŸ0³¤F2 ëÔ¼ƒí…|VÚ(ÎJî Ã>¹Á ÉÓU ˆþW í¸3{5É‹õ|¯šƒýÒÏ•¥"1I¬JÛÈ­&c#aë ·/r3Ñú‡¬øQP•®aú80ai‘e_ÕÒÀøµ/˜êÿ¨={N¢ÝJ+Eós³L ’aDÂg(T"ç‰ÑË Š€Ró‹Y%49\ýÌøªüÌ,ì]) 0`¹mYà¿M‚2ûÌÃý!›ôVTÅ›âæ“SÛ| aßä‹Ê“Òª à˜+ŒV KEK¡YÀ¥ä”§J‡µ«\+ðr>"‘ù‹ý8¼NŽ1{Ûë¾  0‚0‚ö  ¾½G’0  *†H†÷  010U Joe Richey (KEK)0  180923013219Z21180830013219Z010U Joe Richey (KEK)0‚"0  *†H†÷ ‚0‚ ‚«<¢‡\òÕb¥¢Ql}ö½ Ô²[¹]ù*Ôÿe{ãØl,ãÒ¯Tœµ¼[ù?hkçb#õi}ÁLt¾¨PeiMZRñCµ‹aÜóduÏññ©Ù`I¼Í„ñ Š¬Þ¼[Š : zð›@Ùë›yC_‘Bñgéµ”¢2ôÜ›:+|üD_“ïJ¥¥D§uÃFy´ÊŽ1ýv§9.;η›„«è3Ù%†IÿËHbwTÏ|Nx¨éûHÜÅx7À‚ïØŸÅaó¾ûÓbªwKáúnbyCOqì=D%Óø¤ÌÂýË<§Ìx¬âcÄÅdE ¡¨šK‹-ë—Þdn:‚Щ©£S0Q0Uûù˜ø–'k½O )D"üsü0U#0€ûù˜ø–'k½O )D"üsü0Uÿ0ÿ0  *†H†÷  ‚¤ÕaÙ¶T§~ W//Ï ø–‘ÃÓ4/LRy®äR88ì!Qfé8©ñ•6 ûp±±‘‡ÐÇ!jFbRéíˆYÇÿÁo¦Ñ®ÿ=ü½ý3yÀƒõùrAÐÃÌ—¨ºÕ¯bÁ×R?-bx‰¢ ûoѱZ¸ ½ºS¼Ü-ƒ|A> ¬{£»FûõÔf59%" 1ÇêÚ¶o«¶"O9ÎWö¡Ômm44|ÖéN ôP5ªFLÅlP¤O5Û¼îí± Ægí¢:ók=åGVY“J"뺵…Q ,´ƒ¢ýÈ¡²îd@‘WaÜKÕí’0²·z¯.ìQ8£8~Ï<ãBD¡¡YÀ¥ä”§J‡µ«\+ðrü½šúwY2M½`(ôçxK0‚è0‚Р a ш0  *†H†÷  0‘1 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110624204129Z 260624205129Z0€1 0 UUS10U Washington10URedmond10U Microsoft Corporation1*0(U!Microsoft Corporation KEK CA 20110‚"0  *†H†÷ ‚0‚ ‚Ä赊¿­W&°&ÃêçûWzD] ÚJåt*æ°ìmëì¹ãZc2|Oã §8“ŽÆõà„±š›,çõ·‘Ö áâÀ¨¬0ßHóPšd§QÈ…O †Îþ/áŸÿ‚ÀíéÍÎôSjb: C¹â%ýþùÔÄ«â#‰p·¤Mì®åœúÂ×ÁËÔèÄ/å™î$‹ìò‹êÃJûC ~µG’lÜæ‰ëõ3ë*qåùƒ<ÿ% /hvFÿºO¾Ü­q*XªûÒy=ä›e;Ì)*ŸürY¢ë®’ïö5€Æìä_ÌvÍïc’Á¯y@„y‡ãR¨è{i£‚O0‚K0 +‚70UbüCÍ >¤ËgÒ[ÙU¬{̶Š_0 +‚7  SubCA0 U†0Uÿ0ÿ0U#0€EfRCá~X¿ÖNž#U;:"j¨0\UU0S0Q O M†Khttp://crl.microsoft.com/pki/crl/products/MicCorThiParMarRoo_2010-10-05.crl0`+T0R0P+0†Dhttp://www.microsoft.com/pki/certs/MicCorThiParMarRoo_2010-10-05.crt0  *†H†÷  ‚Ô„ˆõ”Ê*<û*’ × ÑñèRf¨î¢µuzª-¤vZêy·¹7jQ{döádòg¾÷¨x½ºÎˆXd ÖWÈ£_ÖÛÆÐiÎHK2·ë]Ò0õÀõ¸ºx£+þ›Û4V„ì‚Ê®A%pœkéþ×–å甲* Kÿ(){÷×|¥Ñv¹Èyí’œÂþßo~l{ÔÁEÝ4Q–9å^VØ–ô¦B³ wýòqVÌŸ†#¤‡Ë¦ýX~Ôig‘~òå ‹Š<‡„ëãνCå­-„“Žj+Z|DúRªÈ-»àRßøš=Á`°á3µ£ˆÑe ç¬|¤Á‚‡N8±/ Ňoý.¼9¶çæÃàäÍ'„ï”Bï)‹FA;gØùCYeË ¼ý’Oôu;§©$üPA@yà-O j'vnRí–i{¯÷‡ÐE­Sû0ª76aÚJi4ØhíÖÏl” ÓÏl"y­±ð¼¢F`©ÄÂ!‚ñýòèy2`¿Ø¬¥"KÊÁØKë}?W5²æOu´°`"S®‘yÖ›A†Tp²Þ 5|°4rº—`;ðy뢲]¢¸‡Åéöµ—%o8Ÿã‘úŠy˜Ãi·£ —øÊ®×ÄóÀuk4 µ™`ó\°ÅWN6Ò2„¿ž€è]ñì¦c}$%›éÍÅǹ!ÂMÌ Û³æòîf„嵟RßURj?-ÇNßÓ»=ꔿݥS˲×:=–E£¼ÚÐgeo/db¡YÀ¥ä”§J‡µ«\+ðr< ‘ù‹ý8¼NŽ1{Ûë¾  0‚ 0‚ô  Ø¿†Ŧì0  *†H†÷  010U Joe Richey (DB)0  180923013231Z21180830013231Z010U Joe Richey (DB)0‚"0  *†H†÷ ‚0‚ ‚ G`Ù ™‹ŠêT&]3 c·g-7Òp–ô}–f³L¦_©hÀ¤Q:êb¶Åð?v|÷`«QšµßÕƒp8÷J§â¿½\ ¤Vf5:©úŽ NÎÿîÝašŒïèøSó`«^3k‰ŸUϼƒ{I艧˜åW˜¿P|Dr„»¨Js@×?IãÙFÜÅ…™ê}9‚µâ2Â~xË”ŽÉ5$ƒ-‡¥Y3s¤H¢Vþ¿ëvªü N'ìý.iܲ¾€ÞâmI=ý‡^Åe ]Y¸Ùõ¤O@ÝÁ·¨³FÊ’! I&^øë9S"¾† œMPÀ÷"[vµth /£S0Q0Uň”4#AÌý=Ø!ó#0ÒK_0U#0€Åˆ”4#AÌý=Ø!ó#0ÒK_0Uÿ0ÿ0  *†H†÷  ‚,Á´xC7ˆ„fnESý@¹º“¶/ÏQ¥>zü!ÌÚn=w’-…'¬™°¹—f’_7é57ç3þðÎ|ý òcƒéSIи): w¨Œƒ ¤WÔcÛî2ƒŠùQµù¼"¼þxHìØ"Ÿëãe’¥÷M¢@û -–@ÏLlˆþõœ?[)„îëŸðÖ‡÷°Žãkbr«+ú¥'¤uè§(órswIQ=óã±a×Ø6j攕ÜäŽå4nÁ“r~Aýõc¯?©ê¿ùÇ¢ó1<ŽSáÉ°—ãžõç%}"]ÁײՑMó,ÕèxæJw'ì6±¡YÀ¥ä”§J‡µ«\+ðr뽚úwY2M½`(ôçxK0‚×0‚¿  avV0  *†H†÷  0ˆ1 0 UUS10U Washington10URedmond10U Microsoft Corporation1200U)Microsoft Root Certificate Authority 20100 111019184142Z 261019185142Z0„1 0 UUS10U Washington10URedmond10U Microsoft Corporation1.0,U%Microsoft Windows Production PCA 20110‚"0  *†H†÷ ‚0‚ ‚Ý »¢ä. ãçÅ÷–i¼!½i33ï­ËT€îƒ»Å „Ù÷Ò‹ó8°«¤­-|byÿãJ?5 pãÄçkàœÀ6uéŠ1ÝpåÜ7µtF–([‡`#,¿ÜG¥g÷Q'žrë¦É¹;S5|åÓì'¹‡þ¹É# o¨F‘Án–http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0  *†H†÷  ‚ü|qQ¥yÂn²ï9>¼«\`ìß¨Ó éôö–…¶QˆfG¢°=*hw»‘Lb{¶ÁǺz‡4Kbz™éÊüÎJ7É-¤W|þ=ܸZúÖij…:ê³Ùnäi!7ÞÑöugÓ“W^)9Èî-áÍäEs[ÐÒÎz«‚FXÐ^³g¯l5ò¼å?$â5¢ uöV™Ôx,ÑëЈªñߺ~,c·›#!ÄùxlâX6+‘̤Ùò-ºù”@íEñΊ\k>«Óp* jà_GÑÕc 2ò¯×6*pZåBYqKWº~ƒð!<ôÁŹ“ˆE“†é± ™¾˜ËÅ•¤]bÖ c ½uw}=óE¹Ÿ—ŸËW€o3©Ïw¤bY~¡YÀ¥ä”§J‡µ«\+ðr@$½šúwY2M½`(ôçxK0‚0‚ø  aÓÄ0  *†H†÷  0‘1 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110627212245Z 260627213245Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1+0)U"Microsoft Corporation UEFI CA 20110‚"0  *†H†÷ ‚0‚ ‚¥lLÇE jK ¤À‡u CTdàí’} ²s¿ ÆJEa Å-–Óõ+ ûMI›A€<¹Týæ¼ÑĤŠAŠ\Yƒh2»ŒGÉîq¼!OšŠ|ÿD?2²&H®uµîÉLJ~ä‚šxwM °½öÓÓ¼ú+¥Q8]õûºÛxÛÿì –Õƒ¸é¶À{@{á('ÉúïV^æ~”~ÀðD²y9åÚ²b‹M¿8pâh$É3¤7ÕXi^Ó|íÁSçN°*‡caocYê²+y× agŠ[ý^­‡º†gOqX"""΋ïTqÎP5Xv•îj±¢Õ£‚v0‚r0 +‚70# +‚7øÁk·wSJó%7N¡&{ p€0U­¿C ½‚pœŒÕO1nÕ"˜ŠÔ0 +‚7  SubCA0 U†0Uÿ0ÿ0U#0€EfRCá~X¿ÖNž#U;:"j¨0\UU0S0Q O M†Khttp://crl.microsoft.com/pki/crl/products/MicCorThiParMarRoo_2010-10-05.crl0`+T0R0P+0†Dhttp://www.microsoft.com/pki/certs/MicCorThiParMarRoo_2010-10-05.crt0  *†H†÷  ‚5Bÿ0ÌÎ÷v ­hX5)F2v'|ïA'BJªm8HYUóéX4¦ ‚ª]­‚Ú€ƒA´ò¹ó]ñPù³U„B( ½²®QÅÀ¬—•!Ûüwž•s‘ˆÊ½½R¹P ßWž aí åm%Ù@@ÈΣJÂM¯šT½Ç¼¹+=I+2üj!iO›È~B4ü6‹ @À³š%u'ÍÉ£ö]Ñç6Tz¹PµÓÑ¿»tßÜ€Õíô/k/ÞfŒ°#åÇ„ØíêÁ3‚­VK-ñh•ÍÏðrð®»Ý†…˜,!L3+ðJðh‡µ’U2u¡j‚j<£%¤í­×®ËØ@Y „Ñ•Lb‘"tŒ=GD¦ä°›45±ú¶S¨,ì¤qȸºèDfäGTŽV³Ÿ˜²†Ðh>#µ/^P…Æ‚_A¡ô. à™Òluä¶iµ!†úÑöâMÑÚ­,wS%27ÇlRr•†°ñ5ajõ²;PV¦2-þ¢‰ùB†'U¡‚ÊZ›ø0˜T¦G–%/È&äA”\?å–ã…[<>?»GrUâ%"±Ù{ç*£÷Fà Ö‰ã5'bq¦ïÐ'  Y7`ø8”¸àxpøºL†‡”öà®Eîe¶£~iu’›õ¦¼YƒX&ÄÁLP’@¬©Aù6“C(L0QHÜ&_áJšûøƒ»³^%QQ:Ól ¸Œp¬ÁXøB…EŸ%ìsšìèÀÑžå*&ÄÁLP’@¬©Aù6“C(L0QHÜ&_áJšûøƒ»³^¤ ~“ZPtP¦ÖQî—˜zISJ--³åãÑ[?ª!&ÄÁLP’@¬©Aù6“C(L0QHÜ&_áJšûøƒ»³^O¥k¶qÉõ ˆ‡¾Õ¥Áœ.|̾ë>¸•ï¡œZì&ÄÁLP’@¬©Aù6“C(L0QHÜ&_áJšûøƒ»³^ƒ`‹fH' |•a.±a¤“Y´ä5\Ó¡úÐÀ eÝM&ÄÁLP’@¬©Aù6“C(L0QHÜ&_áJšûøƒ»³^›rÝÑ_ Z}ÜÐ !F9¹8Š÷A{&ê“š„Ã=&ÄÁLP’@¬©Aù6“C(L0QHÜ&_áJšûøƒ»³^'Ê’M|9rh)š¾]µ!wsD»ÜÄÆ›X䵡1Æ&ÄÁLP’@¬©Aù6“C(L0QHÜ&_áJšûøƒ»³^ß}tòãòƒi¿)3¾QÚÐîŒÊ˜~qÞiîLd*&ÄÁLP’@¬©Aù6“C(L0QHÜ&_áJšûøƒ»³^Hyè*±“sz!*LSýªÕ`¨ däæÔeÀ¸Æ%Lƒ&ÄÁLP’@¬©Aù6“C(L0QHÜ&_áJšûøƒ»³^I> ¾3VÇ6´Z q8¶…J¾ƒ¸Ò?(c˜“Þ€ž¶ƒ±­çBpÜ`ƒÝqjÌc£3  D´ÎJMÊšóÈ—ÜVî'Ã…ëˆ÷Ϲ +‚e[²˲×:=–E£¼ÚÐgeoŒdbx&ÄÁLP’@¬©Aù6“C(Œ0½šúwY2M½`(ôçxK€´Ùi1¿ ý‘¦ÑO¤Ræm²@Œ¨`MA’eŸ ½šúwY2M½`(ôçxKõ/ƒ£úœûÖ’r($ÛäE4Ò[…$k;•}¬nÎz½šúwY2M½`(ôçxKÅÙØ¡†âÈ- ¯ª*o.s‡ >d÷,Nïgyj„½½šúwY2M½`(ôçxK63„ÑM. xbd„ÄY­W£ïC–&`HÐXÅ¡›¿v½šúwY2M½`(ôçxK세Kle¥ ©¾q–R0! bÖÓ h2Û²Ò à'%'߶=IÒ•r¦ôL½šúwY2M½`(ôçxK^ê‰T‹ `²þíÚ< Çþ›Ík”覃¸R8½šúwY2M½`(ôçxKæƨXdo±ïÆyþ(±#gþ’æ¾+6™žÿ9О½šúwY2M½`(ôçxK ß_NQìx¹mÐ%ý¶†ãŸor’xRY›eœ&½šúwY2M½`(ôçxK »C’Ú¬z¸›0¤¬eu1¹{ú«ù ¯åù¶ë ct½šúwY2M½`(ôçxK “9v-ó6«=ФcßqZ9Ï°ô’F\`lk×½‰Œ½šúwY2M½`(ôçxK ¾Êo)ì o3}räˆK ³H˜:* ×?O½šúwY2M½`(ôçxK Éóû™–!HÃʃ62u>Ôü ¹[1æR*Í[ü½šúwY2M½`(ôçxKo¬êÏìýN0;tô€ €˜âЀ+“oŽÇtÎ!ó†hœ½šúwY2M½`(ôçxKN: [CƦ»Ó@O4=Ï9bgΔøµ.#©Ú’ ½šúwY2M½`(ôçxK34)ÿbퟗ>HÜîå-¾.ImTµÏÖÈdÒѽšúwY2M½`(ôçxK+™Ï&B.’þ6_¿Kà 'lžáKzoÿDû/ki™9½šúwY2M½`(ôçxK+¿,§¸ñÙ'îR¶û*]ÐI¸Z+›Rœ]fb°Uø½šúwY2M½`(ôçxK,sÙ3%ºmËå‰Ô¤Æ<[“UYï’ûðPíPÄâRñ}½šúwY2M½`(ôçxK.p‘g†¦÷sQ§«pµWÆ2.©#²¨Ó¹+Q¯}½šúwY2M½`(ôçxK0f(úTw0W(ºJF}çÐ8zTõiÓvŸÎ^uì‰Ò“½šúwY2M½`(ôçxK6íºõ­A¤¡wz¿/¯^g4g^Ù^i5‚ž ªÒ½šúwY2M½`(ôçxK8AÒ!6ƒ×\ æ!`9MlN g`¶ö¹b¼…[½šúwY2M½`(ôçxK?ΛŸß>ðTR°ù^ä·ðmt:syqUŽpjÎ>s½šúwY2M½`(ôçxKC—Úʃžc|µ ’ßC¼-/²¨õŸ&üzKÔÙu’½šúwY2M½`(ôçxKGÌa'⚆à:kï,ÔøÅZmkÛ6!hÃ,ã*Zß½šúwY2M½`(ôçxKQˆ1þs‚µÐ>Æ!"‹Š¶Ty½ ¿£ÅÁÐôœ0a5½šúwY2M½`(ôçxKZéIêˆUë“ä9ÛÆ[Ú.B…,/ßg‰úg6ãÃA+\½šúwY2M½`(ôçxKk€xäAŠ¦ë{³^`’ÏGžëŒäÍçÐrÌ´/f½šúwY2M½`(ôçxKlˆTGÕYâ“Q¸&Àl¸¿ï+”­585‡rÑ“ø.ÑʽšúwY2M½`(ôçxKo(ÿqÉÛÕ¯.{¿Ë«d|ÂeÝõ²“Ͷ&õ :x^½šúwY2M½`(ôçxKqòoÒ"I~T£Fb«$—üÈ wõhéãÙ¿Ëýcu½šúwY2M½`(ôçxKrk>¶Tj0óø=›–Îöpé¨ÑpŠqæ-Ä,#Á½šúwY2M½`(ôçxKrà½gÏ]V«Šß;ݼ‚¿2¨ØªŒ^/mò”(ÖؽšúwY2M½`(ôçxKx'¯™6,úðq}­ä±¿àCŠÑqÁZÝÂH·[øʤK²Å½šúwY2M½`(ôçxK¨¹e»„Ó‡k”)©TÌ•SϪØÈ£;ý3ÿð佚úwY2M½`(ôçxK‚Û;δöCΗÃч͛YAÍ=èXo+ÚV7W_g½šúwY2M½`(ôçxK‰Z—…öÊ~ÔOÁ¡G qóñ"8bÙÿÌ:âß’=¯½šúwY2M½`(ôçxKŠÖHYñ•µõ¯ª” jag¬ÖzˆnF“dr!ÅYE¹½šúwY2M½`(ôçxK‹ô4´žÌ÷¢ÍeËì;= <5¾P_ß{Õcõ!½šúwY2M½`(ôçxKŽ¢‰Ïç «seË(îQíÓ<òPmèˆû­Ö¿€H½šúwY2M½`(ôçxK™˜ÓcÄ‘¾½tº¹M’‘soܦC£fd¼1ZB½šúwY2M½`(ôçxKžJi1ah.Uýèþõ`ëˆìþܯfÀÊ÷²·4½šúwY2M½`(ôçxK¦µ6UÓ¢¯ G'Yykä¤ T•§ØiuLHH…t§½šúwY2M½`(ôçxK§ó/PN°þ­š~ùNѺ ì]æ÷ïoð¦+“¾ß]E½šúwY2M½`(ôçxK­h&á”m&Óêóh\ˆÙ}…Þ;MË=â®Ç`ÑùÂ$Q?¼eYW×5ú)õ@νšúwY2M½`(ôçxKØËë—5õg+6~O–ÍÇIia]JélrMBÎøóú½šúwY2M½`(ôçxKé,"ë;VBÖ\ÂÊòGÒYG8„D•oYâ°Ñú½šúwY2M½`(ôçxKýÝn=)ê„Çt=­JÛǵþÁ³‘ù2@†¬ÇÖÛؽšúwY2M½`(ôçxKþc¨Ox,ÉÓüòÌùüûÐ7`‡‡XÒb…íf›Ünm½šúwY2M½`(ôçxKþϲ2Ñ.™KmH],qgrŠ¥RY„­\¦u"š6½šúwY2M½`(ôçxKÊaJ~“”ŒÐþUÓ™ùÑ©nE AR'ÂÆ[½šúwY2M½`(ôçxKU¹› å=¼þHZ©Ç7Ï?¶ï=‘úµ™ª|«í§cµº½šúwY2M½`(ôçxKwÝ£ ˆÿ^; æb x  S^ˇæðˆŠ k/½šúwY2M½`(ôçxKÈ<±9"­™õ`tFuÝ7̔ܭZ˦G/î4qÙ9脽šúwY2M½`(ôçxK;‡S> ÃÐì¨#Ëð©AªØryÑÄ™€-Ñæ6¸©½šúwY2M½`(ôçxK“šîôõúQâ3@ÃòäHΈrRjý÷Rçó£ò¼Ÿ`I½šúwY2M½`(ôçxKdW[Ùxš.­Vö4R¯kø ùDxYuéðN-d×E½šúwY2M½`(ôçxKEÇÈ®u Ï»Hü7R}dÝdM®Ø‘<ÍŠ$ÉM…igߎiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸€^XÍ3Ëöö9çP‹¿]òÉO -åX§¦ ËÿOŠÕÕ¨Ö䨿¾TF·Dd1‘¨¿T¿¶` 4 ÐA PòÿÿiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸iÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸iÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸iÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸iÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸iÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸iÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸€£ÄìÍÝël€¸ÁdtÄQž*p ÜÆ·êò°Æ£|ráÕ ‹]¯V¬™"ò"]÷¡k•–äEFI PART\–õm˜¯2Ï"Ž2Ïi»ôùT»F•-aZ>Üy€€.ä(s*ÁøÒºK É>É;FPµDK¨=Ù&Ô ªÿEFI Systemˆ¡ü;M t?„‘$þ÷=ôD”Iæ‚=Z0NY$Linux RAID¯=ƃ„rGŽy=iØG}äÓUʺï§C®§3L7žkp`$Ž2ÏLinux filesystem€5››Ú¹ò„Ô1-…(š7w´ fÁtö¼Ò,ê:7»GÙf¥AðH‹›é«Ê32:Ã8ÖŽ8aßä‹Ê“Òª à˜+Œ BootOrder€”ˆq·ÃL—i^cQ±¬óŸŽ‚‘ oÿy¢,”e/°üSÃ} ªN¨9ëÙEVk€OŒlObÐaßä‹Ê“Òª à˜+Œ Boot0000tLinux Boot Manager*FPµDK¨=Ù&Ô ªF\EFI\SYSTEMD\SYSTEMD-BOOTX64.EFIÿ€9מTÈÎ Å[Ds=×Ç=!½š Øe¢Ñ=·RšªèQSe EW£?GPä ›QxÒe¿¨aßä‹Ê“Òª à˜+ŒxBoot0003^UEFI OS*FPµDK¨=Ù&Ô ª0\EFI\BOOT\BOOTX64.EFIÿBO€rA‚àÅ@åƒÿN#má6KÒ¯ ¥Blµ_6W3Û­7¾D̨Ïà'& ¸“ØbŒ èaßä‹Ê“Òª à˜+Œ¸Boot0002 ŒLinux Boot Managerçuâ™ u7K¢æÅ8^lËÿ*0G…lÀ¶ÛC¯LA3à)6F\EFI\SYSTEMD\SYSTEMD-BOOTX64.EFIÿ€Ä)å‘ÃÕT-6`7ÕÞá‹Áxå…5 Õ Àá€ØýÞÓçÕà[J¸è{/0æ™V2¡N9“2;°@¶Õy ÐA  ÿÿ*FPµDK¨=Ù&Ô ªF\EFI\SYSTEMD\SYSTEMD-BOOTX64.EFIÿ€Û`s´E×AýEá>^FØ‹A$ŽÉ {Pω€lïÿaš"f®7á÷çôÁBÚ”EÝ~Qnʈ”ÀpµÀŒt ÐA  ÿÿ*FPµDK¨=Ù&Ô ª*\vmlinuz-linux-ltsÿ Ó«ì*þŽh‹çœü:VÉ‘Ži 6-V‡”¤B‡ß ûýä©€\û¥ãF­‘ò=¯µ×¨•Øu5|³áƒ.|Ú)Ò‹Ê?LmÒ-+)f+í’^[¯²Xw¦¥”S£]Ý¼Õ $¸èá0J]àv}*½v±[KW ¡ÖAßÃ’aŽlKŒyÈÖk»_;wµì‘o"U’lNÎÕéÆKbðRÈiÁ#Ÿ!±Š@Á±-¢í†³zi'½`õäô! ááSøÚéEHö»0Ü2©Ï½Ú1ÃkƒXÉ£|šž §ÍF†?¡y£â˹(×–dÑÍ œ¿cA°T`Ñš@BÿÒq•S”Tòe ú·p°Am£k0i0Uÿ0ÿ0)U" H^ÐBjÖ¸æÎ’€ä­v‰Án)9ÐPõ òÑë‘ñÐ0+U#$0"€ H^ÐBjÖ¸æÎ’€ä­v‰Án)9ÐPõ òÑë‘ñÐ0  *†H†÷  ‚k ìè.óÁ¦Ã/Úf÷r ¯¶\å4dvxs¬¶š~™ä•D^oÙŽHÅž¥‡nM¯£P~Tè?Ä®Z ;£‚¶DãgWvd F¡ùë2§ä“?¿×óýuúЂ×çòë[Ô²ü‡H-«×¦õ]ôÕ#d‹.…9oÐ ²aôMêýZ …€àÖúfΓ“¤™\.‡Uh ”É™°^»wâ1Õ…jyY?hëH^ïO®Ÿ3ùü¦S%ű±[xÏÑ“‘$x€¼®ðL»àð´ÎøÃÑ_ÞvJ– ‹ŽÂ’É®ÐÚDÞÑ,*{dÑÕŸ{J-­ûëht¤N€8Vk|ÙÛ2Ý]ùFPÿº’N †MP™£–ŽO¥%G’ð÷V1™ÜæQ5D0€…ä¼ ‹›s$ŸSO’á)J[ë¢T?¯ul­m¤ôœNf¬•ßD™où³îÙççƒaßä‹Ê“Òª à˜+Œ]KEK¡YÀ¥ä”§J‡µ«\+ðr]AÒúÒˆ¤G—’[ªG»‰0‚-0‚ P±ˆ’àêGWÇcå‘»0  *†H†÷  0›1 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS1(0&UUEFI Key Exchange Key v202502030 250203182733Z 350201182733Z0›1 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS1(0&UUEFI Key Exchange Key v202502030‚"0  *†H†÷ ‚0‚ ‚ìƒl:`‰Ô}“¾,½E („zæœ6.OíÔ&Áá6µ´Žm=^8kFvjÄ{×0WÊÁÓBðë;˜Qí¿AÅ©}æЫX¨×Ì#Ûì„eÇ^6[‰Àø *bì¡4Ûa2TOŸ‘µHÜ~yæ_&&wêÒÞðÓ ™¸gcs=:3Ñ3jùü¤øvÈú„z¸a§å' ?ן(ß”;àF`ÀSÙÍ'™Áõb‡ZíÙûwýäBêR¯Éì927kOÖ ¿æ¤±ÕÃQ7Ùå '9ù§Jœ´'¡¡!žþÖþ€”… ?~ü?|"’˜ÓJ>BoøD|U‹M2Òœà󘛣k0i0Uÿ0ÿ0)U" ‚¹ý&+Ý NyT¬ZôÞ…q{^‡jZ‹—IWj!S²$0+U#$0"€ ‚¹ý&+Ý NyT¬ZôÞ…q{^‡jZ‹—IWj!S²$0  *†H†÷  ‚ Hÿ]ùÚÃÉ"[Ž5ò.€„(ú,‰¹(!©ÚÑÅý~k.¨~\‡´<ñg¶+¾¶7‚±éçÌÖŽ–: %Êšä{>*Z——Î «)ap9·t y Ëü/:âÌšdñóÇkËW59+wì1,ÓºU’ÑÁ®Yé PÈ’VC¥C¾>/y‡€ wÒèOo+ý!ð "u1¨Ò5°;ÓrÌçºR}2]ŠRâ” žV 3Ïi%ŸŸÔd¿„ì.½zf´YÎÎøÇöÂ.^>ÈjM Îäó6ÀM §fK=£G„é fÓ2þWîPºœW"k`=Ø“r‘à^ö"` §ë}€¦0Û:zxÜKV*)™žâ\†‹N ^›Á!CF”{zVkM•›Ç0/I™ÀM%2ãq|´¸%,› 9®6.<®×VS¬s`²$Ž¸1ór Q"föC&¸[åÛ€pë ¿.?‡–æ%¾m˲×:=–E£¼ÚÐgeoIdb¡YÀ¥ä”§J‡µ«\+ðrI-ÒúÒˆ¤G—’[ªG»‰0‚0‚ ?„©Œé 5‡µ³n±E0  *†H†÷  0‘1 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI DB Key v202502030 250203182738Z 350201182738Z0‘1 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI DB Key v202502030‚"0  *†H†÷ ‚0‚ ‚º¼Õ”­iDÔʘ„jrÖ™™¡7§¡ Îc‘·ÆÕ½uÙ8|eê½´AGòo ó v­6Kï7éZç^¬êýªQ`¥-%¾o}Åø“@› \e†>ðßoê&¶Ï³{º]Æ”¢uTz›ÙÁ·:ƒ gq±Ä>ëÇÝÇÃ6K.–ôz6%¹† °úiõ /'(ÓMîfH,OL‹Óà]–˜'C¼-üBÑÐxªj`ø†î Š‹`™ÉæQwF,ÛÛW8´¼û¬ÎæL p ‡²Ê>•Ï%6”ŒÚIž_QÜð‘Uª¯›Âom„eð}ñ€ON"­(çÞÁñ£k0i0Uÿ0ÿ0)U" nšùM^î›OQïèÜÓÿtÃòŠñ$Ñ[9q•ÈÜRÁ90+U#$0"€ nšùM^î›OQïèÜÓÿtÃòŠñ$Ñ[9q•ÈÜRÁ90  *†H†÷  ‚ kº`ÛrÎA>{kn!ÖÑá—ú¦Hèh÷µ9ßR/c~ŒþyO[šZÍOŒ¬v¦ýž¦=Ô“Ùv¬Q»qRcÌûV ;A¼^|ý›wvˆŒçe 8ƒ “»<»0ò«¸cü®ðy/ÆMUù!õ|û(»¢/Ñ‚…àËÐ`ùoùAŒÍhDdÃy.¡¬ñOx ÿ\⨠ à†˜kë qÍ­CWM{«x|3…ªWç Ï~PÂŒ“zŸ¿´èBbði‚yO¢â<ÊQû}D$cò¯÷«uº+dÚœ—Ž={†yUú89‚ ÿñ;½%ÝwÕÜ€ÓfŠq² Ÿ_¸B7 M´Ã×Þw 9¾ÿOCH¡¶—£™„GŽ‡CìòdJ2ÛÑ'&æâ ‘OržžpÌ0“);PÞcÖè£úÑá4[è– Í›mZ$rŠø?é¿Ôœx”¸“˲×:=–E£¼ÚÐgeomdbx¡YÀ¥ä”§J‡µ«\+ðr˜|ÒúÒˆ¤G—’[ªG»‰0‚h0‚P  ªŸ²° ¨0  *†H†÷  01 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS10UUEFI DB Key v10 181208011941Z 281205011941Z01 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS10UUEFI DB Key v10‚"0  *†H†÷ ‚0‚ ‚­gÕ8?––”"N‡&‘HΟeé¼u%Péìžì›ßx„ô0Ù6ww×kÃs׋ý& SIþô)M™‡ÿm#w(/ùþÅØ —µîÔõ)ógM”b¸MM[ºíÆshV¦°‡`HâEø'uZ™œêÍt$ÞàÖTñ‹á½(5GìÅ—è7È*Úl;¨;g1*/9²èUüvy´X+˜L[Xü"Æì^*ìð.R»Ówu![¤hW&<isËYŽLŠˆ@Ð_†e³ Þ"ÕÚ]]Õã‚*Y5Ü”MšIJ¤ÀÚÄgW¤q¸=ƒ5hufÿuio¶¥2 C^ ‹£æ0ã0UÕÛšgd3Fˆ°ó2‹öä”Z8ð>0³U#«0¨€ÕÛšgd3Fˆ°ó2‹öä”Z8ð>¡„¤01 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS10UUEFI DB Key v1‚ ªŸ²° ¨0 U0ÿ0  *†H†÷  ‚'kÛ7)€)5FügˆG£5T*Ê*µ£Æþlªà¿°¡Ñ~"µñ¼S íÓ» :eü9è÷c-¤êE¿ŒªŒ~¤ýdNÄ\œS`‚wWv:F ²÷‚¦& ¼‘· ±{­-P³‘ÛŠ¢×ýÞGÈM.Äs­ŒWé‚„žá q]2æs–ñ£[…â}a†eTœ«D#ÚWûÈ`‚*!ˆ°Á=£žhl8=䲃áÌGP‹Ã^eÃkݸ.˜ä~¸¤ŠÚòÓ*‰Î(âÙýúÄn1¤g…P¨ŒÌŠx–ä~çêcy-~^«¬~â1ot¹óίÃâľQaó8¡YÀ¥ä”§J‡µ«\+ðr¹ÒúÒˆ¤G—’[ªG»‰0‚‰0‚q  ìæßûÕ[º0  *†H†÷  0‰1 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS1!0UUEFI Key Exchange Key v10 181208011940Z 281205011940Z0‰1 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS1!0UUEFI Key Exchange Key v10‚"0  *†H†÷ ‚0‚ ‚Âa½Qú|”68»ÊpeÕ$3YÇ‹äýî—¤\ílçêÍyH,‘¨câö¤¼é(‘¦]iÞ¬Œ :GlÈÁš@ãÄÔ_Œñyiºå'ýw_qǟߧ]dEéð6ozOÏEâèíÒ‰‰ûA•ß»Á³úÜï ±ñ;ïcgW$à‹_jAÖö/>Ébdy·s‚è˜×ý+îy~q"Ë­®ñok(Ábßæõ#ðOóšVÚ™]‡ÜYö÷9&’m§.-ÉЈQ]„´ÂSƒ N­œêF_@í$ÿàþ0õ¦pµ; ‚frp®•Þ3†ÿe"šôËZÜ{£ñ0î0UªZd­…‚Ì—ºõãt][Ë;A›0¾U#¶0³€ªZd­…‚Ì—ºõãt][Ë;A›¡¤Œ0‰1 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS1!0UUEFI Key Exchange Key v1‚ ìæßûÕ[º0 U0ÿ0  *†H†÷  ‚ZÇwš­4Ãí8ÿ9Ê+^2Áä%‹Â.àÀaƒÔù¤¶‘/.ïZóh¢Ã°ïÉLêìëÅL×0tŽ 7_‘2U,&¨¼‰Ø+žq¬$‹'P)6/R -ÌDñ5«QŽàÍŽÁ;·ò-ïŒHÅ‚hi˧g»°X$_]Å‘Ùêý.GÌ<ºúB²Øþ®šáUàóÛ²0éM ˜ âëªS^º 7è@ “Æsý;‡·¯Yâæ\W ìÛëÔ&*d<.¸r I¼‚¼±#Ò²¶°/!û²¥oÌ#ýÝ%Í(`’¡YÀ¥ä”§J‡µ«\+ðrçÒúÒˆ¤G—’[ªG»‰0‚Ó0‚»  Û—°Ñ¿Ôqñ0  *†H†÷  01 0 UUS10U California10U Mountain View10U Google LLC.10U Chromium OS10U UEFI DB Key v10  180427150637Z22180310150637Z01 0 UUS10U California10U Mountain View10U Google LLC.10U Chromium OS10U UEFI DB Key v10‚"0  *†H†÷ ‚0‚ ‚µ³(o+ \(çléÏ0P¶¤uûœHѾ„Û_Ô 5§m´j¡NeטQ|`ÄŠŸ7_,qõÒBEú› žhõ5”Êô{Hƀlíȹx–Ð +±ÇLy­g!`Ը撳ü±F›äå*‡=EOÑ­n4Y{’ÛJ‘c?°ð<©|3¾©‹7srGô)ÈRQ ßì!âöWdÄ=t¡dï SŽzŠ.‘ÄCc-µõzÝ3m@>wìÌyŸ*À×Nq‡p+‹ûS)U0ƒ;Ðbÿ`ërÀ {™ ›CïÚ2CGZVtžñ ÌT ˜±O:I£P0N0USº1ˆô+اª€ªÉ›ã4jo0U#0€Sº1ˆô+اª€ªÉ›ã4jo0 U0ÿ0  *†H†÷  ‚²8÷ Z:u¨·AÎ)›ÿ‡ò£´( ¥Âþñg^ÇÕQ—“ ‹ýF”fâzÓ²½Z—Zj¦õŸ¸„)–ˆSHЭO®ø¶íFP…ô-¹4;Ñ-—šÞ5IÎäHTÏ› GjáwoôZÐßCš›h^€!€ÉÇ+BŸ¬‚:ÄIýÝmÓ‰j²*ž~öë-½ä»»ø„'o!…cÜŒS@[a.’ÿë/ݦµpL»/f{b?µ rRC§ß —t7D5j£ß&9Ѳø? ¶lÛoí½t [QIÇG£¨œƒ`O©ÀBSTæÁeóNË´÷vY¡YÀ¥ä”§J‡µ«\+ðrýÒúÒˆ¤G—’[ªG»‰0‚é0‚Ñ  ¨qž9¬c0  *†H†÷  0‰1 0 UUS10U California10U Mountain View10U Google LLC.10U Chromium OS1!0U UEFI Key Exchange Key v10  180427150637Z22180310150637Z0‰1 0 UUS10U California10U Mountain View10U Google LLC.10U Chromium OS1!0U UEFI Key Exchange Key v10‚"0  *†H†÷ ‚0‚ ‚›!ÑÏ1YS¯##™3æ¹°¾ƒA–Iå©‘œ'“e–P¤Ú-D¿ÔÈ£ýÕïÛUäà÷÷—$nä1°œÐäåD9¾}°Ÿ@†5T£1¹U¾ˆÃÒe›Ä§öp²Ù„HÆ€ŽPOd°;ÈËñ¼/$ú󴼆òœÝ¸RåÔ:vpÄ7 Ò<=&rÞ¨éìSÒsnŠiº5é“Ä@~Y$Oð%¿îAVp\Ê¿Ä‘]a#Tæ~½¤jŽ?ÖêMs-D~3 GcD‘ScÄR{?ª·º´À\ÔF§^ú½¶¬tГ™tB™Sç d=±=±ÞsÁ°íñ»G£P0N0U¹Ni¯Ü“<ÃYŸ?ÕyÄŒ[í0U#0€¹Ni¯Ü“<ÃYŸ?ÕyÄŒ[í0 U0ÿ0  *†H†÷  ‚}Ï߸¤â1vbI²“èÑÒîlHrAB`©~Lï3WwšP:vq0åf>µG4š@hsIWúój¥c£/§¢ÒJ™ò„EØNt/ÍèØF(ÍÜÝöٌҨˆsA©<]}Ì%²ÞNQëú ëyE¹8bt®K²™l1âˆÃáÏ‘Vîøn™»IÞ,¼!P"4˜2Jô°ìɆkçZYⓨ<ÜÐÌêÉ«ˆ¶øÉÉÏpñ¸:ÎÅy_îŠ/Ž¸ü[—/õÿ!i€°âðg¼dÂc ëZ¤†‹¾í ²Ävúï@ï·}Ëš/Ñ`¤t¦iî5ÓÉ(ûêÌmõ¸iÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ð gD[gLÃ2-D$ ãKP•£Ö uFâ¸þ"NÁQâç\’P£$£<Õá¿?'À·±Ÿz ¥YNý›2BRöãœÊ7ž¡P?ŸL”5!\°QÃÉ ­hdëÒ.¹™ÔÛ `M ACPI DATA ³3÷)ôÆД1ªÁ]ÚõÔ,ß$! €:«{¡ã}U78Ò×ðˆë˜ƒ;œ9/j£Wh·Ñ\ ò1¾#ÅzìRð÷…K_2­ ßk'm¬ázkM­3V«M?PoÖF º ACPI DATA XÙœ0Š)nË,˜Frs¡’ 5Wdàÿ_MåéÓ­Cvaˆ KK­ŠØ(™{_sHøA Žó$/ò#`àßf]¼²·jõ¸OE깄(ÅäjDL~"±zIEõÃ{W¦ZVäU ACPI DATA€Boot0000 ,UiAppɽ¸|ëø4Oªê>ä¯e¡!ª,FvEƒnŠ¶ôf#1ÿ€ÍÛE1¦ìA¾'Sº&7Öå÷òV =gr´øNÔu•×*,L_ýõ»rÇPâo*®âÆV3º w Ú²1+NW¨M†Z!å²îgz!*Ú ˜˜€xÓ×@ö4kþ º©8Ê Cšq(Calling EFI Application from Boot OptioniÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðà€1 Ó<µŽðü{@Ò0¾­«Å¶¢¯ ªïÒÎ £ 5Aš¡GxWp<°OÉ„±àºv±µ;û #øbB”ÓŠýfå´èAy9öëî¨ò­çX¦^ÌÆTº¬\ûŒ+œk”¾ÖsQ˲×:=–E£¼ÚÐgeo-dbÒúÒˆ¤G—’[ªG»‰0‚0‚ ?„©Œé 5‡µ³n±E0  *†H†÷  0‘1 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI DB Key v202502030 250203182738Z 350201182738Z0‘1 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI DB Key v202502030‚"0  *†H†÷ ‚0‚ ‚º¼Õ”­iDÔʘ„jrÖ™™¡7§¡ Îc‘·ÆÕ½uÙ8|eê½´AGòo ó v­6Kï7éZç^¬êýªQ`¥-%¾o}Åø“@› \e†>ðßoê&¶Ï³{º]Æ”¢uTz›ÙÁ·:ƒ gq±Ä>ëÇÝÇÃ6K.–ôz6%¹† °úiõ /'(ÓMîfH,OL‹Óà]–˜'C¼-üBÑÐxªj`ø†î Š‹`™ÉæQwF,ÛÛW8´¼û¬ÎæL p ‡²Ê>•Ï%6”ŒÚIž_QÜð‘Uª¯›Âom„eð}ñ€ON"­(çÞÁñ£k0i0Uÿ0ÿ0)U" nšùM^î›OQïèÜÓÿtÃòŠñ$Ñ[9q•ÈÜRÁ90+U#$0"€ nšùM^î›OQïèÜÓÿtÃòŠñ$Ñ[9q•ÈÜRÁ90  *†H†÷  ‚ kº`ÛrÎA>{kn!ÖÑá—ú¦Hèh÷µ9ßR/c~ŒþyO[šZÍOŒ¬v¦ýž¦=Ô“Ùv¬Q»qRcÌûV ;A¼^|ý›wvˆŒçe 8ƒ “»<»0ò«¸cü®ðy/ÆMUù!õ|û(»¢/Ñ‚…àËÐ`ùoùAŒÍhDdÃy.¡¬ñOx ÿ\⨠ à†˜kë qÍ­CWM{«x|3…ªWç Ï~PÂŒ“zŸ¿´èBbði‚yO¢â<ÊQû}D$cò¯÷«uº+dÚœ—Ž={†yUú89‚ ÿñ;½%ÝwÕÜ€µtó”ÑÓHΛû»’·“¸1 =ItOȨ «WÝNË,U#æe‰KíS@D$z&Œ»› ZÜGÀeg]•ï¼:ªÏ´ñ[4ýz&Rk>^½Ä¬¤ðËAð9ÙÂÕWÔõ¼´—†dEFI PART\²"€¾ÿÿ_"Þÿ_’Tq²(Húœ@Æ\™Ìcš€€·ŸÆU ¯=ƃ„rGŽy=iØG}äYF…|”D†™½WÀ<dÞÿ_STATE]*:þ2O§A·%¬Ì2…£ ”~…íÿ>O/üuò<)PÿÏôKERN-Aâ¸<~;ÝGŠ<ò¡<üì§K&UhNFŸÿguµîe°ÐDÐDROOT-A]*:þ2O§A·%¬Ì2…£ GžKœ9L£›®ÀYHŽ ÐÿOKERN-Bâ¸<~;ÝGŠ<ò¡<üì‡B!?F¦5âÿ®ÝoÊÐÿÏDROOT-B]*:þ2O§A·%¬Ì2…£ ËÏ‹VŸL*¬†l¨$À­e@@@@KERN-Câ¸<~;ÝGŠ<ò¡<üìÎvVŒ†H/´ñP0\º:A@A@ROOT-C¯=ƃ„rGŽy=iØG}ä$_bVÍJ°_àw¹ðò±àDÿdOEM=u .Hž°Cƒ7±Q’Ë^Ñ„´Ü¥1I9«^åÏSB@B@reserved=u .Hž°Cƒ7±Q’Ë^ýñì»Eñ°«/‘=DãC@C@reservedHah!IdontNeedEFIs Œà Kì˜/LÉÂÃ9 @?@RWFW(s*ÁøÒºK É>É;±úüm+xJõˆtºL †ªíÐÿÏEFI-SYSTEM€¢ydö’–Xo³yR†Bá;*{… EýÄ‹z§)ÜØ®?Šªžž*¶ÀËì&üíó‰T— À‚bf ¹–e–ž ö9ØL<Ü÷hæ£17›-W^ÝY81·d“êøÿÂ÷HY˜À$¾#x ÐA * бúüm+xJõˆtºL †ªí0\EFI\BOOT\BOOTX64.EFIÿ R_÷ LúK,v¢â?ÄI—“+Óò Š:®PÕÒX8É\J­Î{TŒš•.·’^6nÚS|Yð €î%q3JW¿#!–DGåBHú‡ˆx©}Ër h: ±¬cLvÀÀ¾w÷aMokList R_÷ LúK,v¢â?ÄI—“+Óò Š:®PÕÒX8É\J­Î{TŒš•.·’^6nÚS|Yð €î%q3JW¿#!–DGåBHú‡ˆx©}Ër h: ±¬cLvÀÀ¾w÷a MokListXà€‡]9¸‡/Šÿ:’üŸž@¬u&Ž ’.“šUeyŠ^ñ/à‹I¿•Ž‰ Ì§¥6i=A£M ñCâ”cüÓD.„³j~qð¨”eA–éÑ.pÐrxt` V&MºS.݇)Åë8DP«]`FàC«¶=ØÝ‹# SbatLevelsbat,1,2021030218 à€>þ¸zôŠµ®çü½5º·í†\ _b¢¡àH_ÒRÒæÆËŽÐu†•¿í &¿nÖ+ „)õ ‘á .d¦ce‡ºÅ¸T–¦~m<<õ$§«rkM"YM„é!‘¬Žá[x=P«]`FàC«¶=ØÝ‹#MokListTrusted ¿‹E0ØÒFÝt¬S¡4q»¡yAß÷ Kõ/4ETÅ;Þ.»ŒÒ·ãÑ` Ö1Ã…¥×Ìâðßoê&¶Ï³{º]Æ”¢uTz›ÙÁ·:ƒ gq±Ä>ëÇÝÇÃ6K.–ôz6%¹† °úiõ /'(ÓMîfH,OL‹Óà]–˜'C¼-üBÑÐxªj`ø†î Š‹`™ÉæQwF,ÛÛW8´¼û¬ÎæL p ‡²Ê>•Ï%6”ŒÚIž_QÜð‘Uª¯›Âom„eð}ñ€ON"­(çÞÁñ£k0i0Uÿ0ÿ0)U" nšùM^î›OQïèÜÓÿtÃòŠñ$Ñ[9q•ÈÜRÁ90+U#$0"€ nšùM^î›OQïèÜÓÿtÃòŠñ$Ñ[9q•ÈÜRÁ90  *†H†÷  ‚ kº`ÛrÎA>{kn!ÖÑá—ú¦Hèh÷µ9ßR/c~ŒþyO[šZÍOŒ¬v¦ýž¦=Ô“Ùv¬Q»qRcÌûV ;A¼^|ý›wvˆŒçe 8ƒ “»<»0ò«¸cü®ðy/ÆMUù!õ|û(»¢/Ñ‚…àËÐ`ùoùAŒÍhDdÃy.¡¬ñOx ÿ\⨠ à†˜kë qÍ­CWM{«x|3…ªWç Ï~PÂŒ“zŸ¿´èBbði‚yO¢â<ÊQû}D$cò¯÷«uº+dÚœ—Ž={†yUú89‚ ÿñ;½%ÝwÕÜ€¾ ³—Ÿ fæ.nv`\à6‚ J«üN+‘ãçkŠÿꈾV ¹™4“¾F&Ê ½%E6OkɨÛ–þ¨ëØ…}H¾­ÏŠÎeIíýeDq@Ðn?2œ+¡Y ±ƒ™\'¾^ <8\EFI\BOOT\grub-lakitu.efiÿ ÎÄ8Òܲ™âE)‡ØûP¨' ½Â‹­’G KÚT¨ K¢+„gh7µ)]„Î-úÈ¿W ¹m2)—Pç›GüiKë+‰Õ›ö£7v`’’ê…rè˜Ú…ˆ Óê¹k¥ò$[QD/efi/boot/grub.cfg ¯„ûQ°XvוfG[´#ó€-w å/ž=§ŒA‚T E®éà õûp²Î„“ÇSˆÓ¹ 6.p¾—)ßeµ7TýÝn—úñ–¼n ’ž ;²Ôqÿù{€»Ütˆe"bf•grub_cmd: defaultA=2 £Ò—¡zÎ-ÊÍ`BÑÌØà D ?§÷M 2µ"GzÒ—ÇH„*ΚãáÍËM[µ§Y¶L g ò×AÌ<ècítd&¡ñ©˜¾Ÿgÿ«ß¡òÛv–ˆX¨\5‡W[AcuŠÄÇŠgrub_cmd: defaultB=3 ¼Ý‰“Èçê2Yxm/Ì{f&í)› –aد2ý-mÇ¿`‰ðtë3.åÙsR¶Å\¦Íʪ Ãp–I´ZÈ:óf\LŽ‹*¦¤'ÜAªH ¯·ùU‚ㆥ®¶`.”[äö¶y²Î¢‘Ÿ"grub_cmd: gptpriority hd0 2 prioA ß³¹ AË牕Ü^$cpïfØAæ ÁǶÜz6мuÀ¾ö›Ü'}tÊ8Ðì(D²¯? ²Ì¥CÌ>YNu×`h²5ÐF$¯¼fœ¹ÿuòtc´ô¨ÖSê‘C‰Š‹wa¡r½ £"grub_cmd: gptpriority hd0 4 prioB ܘXü»É­¸â¡GZçÍÇk ì~ýÚ?üÂZ¯¢y#ÀÞ”dÛŒˆBŠ¯X’ð• ‚ïªGpøJ¶_—,vYQ–8ÐÝUl‡PênÞPö‹2æC(X=&µ¦DêÍ¿{3grub_cmd: [ 4 -lt 5 ] Œ¡K–T:^-¾Ut (Æ•cŠã M?øl,©¹í/ºbã›Yõ®‚ûÒ®ÁÂÃX@Jd¬ Fžm÷ç ݽ7$+ àn˜½Ÿ­Bð ¹v®0|Ǩ²Îoÿ¦A«µŽ·ea¸grub_cmd: set default=3 OD¤§§R>cwê–Ó‹6»l"Ø Ó§“ôq¶¿è׃õæ)1L­GcÔ‰†¨ÍMòTu3K@ô› Tƒm4e3°ÈÇÌ&0‘ŠHl¤DAmÕ¢gã70¸˜ÆÝz%†£‚¬@‘Â"grub_cmd: set timeout=0 }Ánš¶Ç-%Ñsrõ>uÖ ¦¿ @;MÅC%Hâ' "H° cóz¹%Ûˆ•¯Ö!Yb Å*·‘Ï©£}1bòbe 3 ¨bS3ÀÈc_Rß죞({gÇE§LÒ•ê¥ángrub_cmd: menuentry local image A { linux /syslinux/vmlinuz.A init=/usr/lib/systemd/systemd rootwait ro noresume loglevel=7 console=tty1 console=ttyS0,115200 security=apparmor virtio_net.napi_tx=1 nmi_watchdog=0 csm.disabled=1 loadpin.exclude=kernel-module,firmware modules-load=loadpin_trigger firmware_class.path=/var/lib/nvidia/firmware module.sig_enforce=1 i915.modeset=1 cros_efi systemd.mask=update-engine.service confidential-gke.hardened=false systemd.default_timeout_start_sec=900s cos.protected_stateful_partition=m 'ds=nocloud;s=/usr/share/oem/' root=PARTUUID=264B02A7-6855-464E-9FFF-6775B5EE65B0 } d²]Ý*bvOÄ 3Åìf™ g³Æä̲BåÞ"6FPBᢊ:ôLà4Ÿ8 ¿ ÆÀl 7Ô™w¢;c+Çå^9MXƒÅìÞM‹„-òIõÖý~6Ňùªè`ë{‡¢Ò`)yngrub_cmd: menuentry local image B { linux /syslinux/vmlinuz.B init=/usr/lib/systemd/systemd rootwait ro noresume loglevel=7 console=tty1 console=ttyS0,115200 security=apparmor virtio_net.napi_tx=1 nmi_watchdog=0 csm.disabled=1 loadpin.exclude=kernel-module,firmware modules-load=loadpin_trigger firmware_class.path=/var/lib/nvidia/firmware module.sig_enforce=1 i915.modeset=1 cros_efi systemd.mask=update-engine.service confidential-gke.hardened=false systemd.default_timeout_start_sec=900s cos.protected_stateful_partition=m 'ds=nocloud;s=/usr/share/oem/' root=PARTUUID=7F1D4287-3F21-9046-A635-E2FFAEDD6FCA } } Êׂ·¬ÏfLÎ\túCít o®võ`á/»Z˜¼×I øGŠÔ›c’ÉᙸïyÁÚ úUËF/@¥ùCé®ZnJqìq¯%û³³”…€ÿÒxÝX›Å9Í}ŒnÒÁbð5Ûgrub_cmd: menuentry verified image A { linux /syslinux/vmlinuz.A init=/usr/lib/systemd/systemd rootwait ro noresume loglevel=7 console=tty1 console=ttyS0,115200 security=apparmor virtio_net.napi_tx=1 nmi_watchdog=0 csm.disabled=1 loadpin.exclude=kernel-module,firmware modules-load=loadpin_trigger firmware_class.path=/var/lib/nvidia/firmware module.sig_enforce=1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi systemd.mask=update-engine.service confidential-gke.hardened=false systemd.default_timeout_start_sec=900s cos.protected_stateful_partition=m 'ds=nocloud;s=/usr/share/oem/' root=/dev/dm-0 dm-mod.create="vroot,,,ro,0 4077568 verity 0 PARTUUID=264B02A7-6855-464E-9FFF-6775B5EE65B0 PARTUUID=264B02A7-6855-464E-9FFF-6775B5EE65B0 4096 4096 509696 509696 sha256 6af0869bb4f7acdc9ec11fc0e363bce77f4972c6da00722ef47bd501da9ec626 41199e1b418d348c95f4747abbd1d949bfc8e250bd283da27111739c5db7d475;oemroot,,,ro,0 1024000 verity 0 PARTUUID=625f249d-cd56-b04a-9d5f-e077b9f0f2b1 PARTUUID=625f249d-cd56-b04a-9d5f-e077b9f0f2b1 4096 4096 128000 128000 sha256 be14f1ca27cdb3de0564d683fca5855de82f8be1409de341b265939627d27919 465d1ca7f7063aac35b5e3ce9d944ffcdb0b3cd58020b87d8ccf2f4b5ed0f932" } UïPÛºn„ÍÝZï#$IR(çK{ 4×7–øðUÚøî1¥ÉÝdF^“ÌùoÑPŒŸ´ÀûÞØ o×5aENŽÊ‚•'kVvÍKi4ÓÜ蜟1fo2swV³·ÖkTUê‡ã“J[Ûgrub_cmd: menuentry verified image B { linux /syslinux/vmlinuz.B init=/usr/lib/systemd/systemd rootwait ro noresume loglevel=7 console=tty1 console=ttyS0,115200 security=apparmor virtio_net.napi_tx=1 nmi_watchdog=0 csm.disabled=1 loadpin.exclude=kernel-module,firmware modules-load=loadpin_trigger firmware_class.path=/var/lib/nvidia/firmware module.sig_enforce=1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi systemd.mask=update-engine.service confidential-gke.hardened=false systemd.default_timeout_start_sec=900s cos.protected_stateful_partition=m 'ds=nocloud;s=/usr/share/oem/' root=/dev/dm-0 dm-mod.create="vroot,,,ro,0 4077568 verity 0 PARTUUID=7F1D4287-3F21-9046-A635-E2FFAEDD6FCA PARTUUID=7F1D4287-3F21-9046-A635-E2FFAEDD6FCA 4096 4096 509696 509696 sha256 6af0869bb4f7acdc9ec11fc0e363bce77f4972c6da00722ef47bd501da9ec626 41199e1b418d348c95f4747abbd1d949bfc8e250bd283da27111739c5db7d475;oemroot,,,ro,0 1024000 verity 0 PARTUUID=625f249d-cd56-b04a-9d5f-e077b9f0f2b1 PARTUUID=625f249d-cd56-b04a-9d5f-e077b9f0f2b1 4096 4096 128000 128000 sha256 be14f1ca27cdb3de0564d683fca5855de82f8be1409de341b265939627d27919 465d1ca7f7063aac35b5e3ce9d944ffcdb0b3cd58020b87d8ccf2f4b5ed0f932" } zGÀX³Nµ ^\Õùÿ勪 >í Þ6l0Ὂ¼…L GNá@p†´Œ¡“ù<š¼£ "—l ®NÒÊ}jkš)üÉÇrà•ï§EjÉ_ˆõ9:³Ž…ãO$* /-Žºngrub_cmd: menuentry Alternate USB Boot { linux (hd0,3)/boot/vmlinuz init=/usr/lib/systemd/systemd rootwait ro noresume loglevel=7 console=tty1 console=ttyS0,115200 security=apparmor virtio_net.napi_tx=1 nmi_watchdog=0 csm.disabled=1 loadpin.exclude=kernel-module,firmware modules-load=loadpin_trigger firmware_class.path=/var/lib/nvidia/firmware module.sig_enforce=1 root=PARTUUID=264B02A7-6855-464E-9FFF-6775B5EE65B0 i915.modeset=1 cros_efi systemd.mask=update-engine.service confidential-gke.hardened=false systemd.default_timeout_start_sec=900s cos.protected_stateful_partition=m 'ds=nocloud;s=/usr/share/oem/' } j7zIÜñipòhKû(…Ž’’ ®š£óê½ÓßÉ™*ìµp?k( –o*dAuaò‚@Êÿ §B…P] !»M˜"…Žô—ž3=ÉüÚõÏãŽN̺)³ƒ†úŽHú²± ð±D!%grub_cmd: setparams verified image B +ó—–ˆ®˜œó­¿l;Q¹T ¿ýÿmlt ~QÕØ$Ãn•¿I~hÿ™7ô>ö< ŽìbMã)òÜš)o);ÂÄ'Ý—üóÎ{ÂMÎ빆6­à&½ ·Ü´þrq®ê¬grub_cmd: linux /syslinux/vmlinuz.B init=/usr/lib/systemd/systemd rootwait ro noresume loglevel=7 console=tty1 console=ttyS0,115200 security=apparmor virtio_net.napi_tx=1 nmi_watchdog=0 csm.disabled=1 loadpin.exclude=kernel-module,firmware modules-load=loadpin_trigger firmware_class.path=/var/lib/nvidia/firmware module.sig_enforce=1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi systemd.mask=update-engine.service confidential-gke.hardened=false systemd.default_timeout_start_sec=900s cos.protected_stateful_partition=m ds=nocloud;s=/usr/share/oem/ root=/dev/dm-0 dm-mod.create=vroot,,,ro,0 4077568 verity 0 PARTUUID=7F1D4287-3F21-9046-A635-E2FFAEDD6FCA PARTUUID=7F1D4287-3F21-9046-A635-E2FFAEDD6FCA 4096 4096 509696 509696 sha256 6af0869bb4f7acdc9ec11fc0e363bce77f4972c6da00722ef47bd501da9ec626 41199e1b418d348c95f4747abbd1d949bfc8e250bd283da27111739c5db7d475;oemroot,,,ro,0 1024000 verity 0 PARTUUID=625f249d-cd56-b04a-9d5f-e077b9f0f2b1 PARTUUID=625f249d-cd56-b04a-9d5f-e077b9f0f2b1 4096 4096 128000 128000 sha256 be14f1ca27cdb3de0564d683fca5855de82f8be1409de341b265939627d27919 465d1ca7f7063aac35b5e3ce9d944ffcdb0b3cd58020b87d8ccf2f4b5ed0f932 ˆ+Ì°¸kÅwÀ_£Æ`5‰ lޛуÊû(?ÚãÐ :à_t›eU@xê.Á× V í Që¯Bæ€RÔêì7„€}—|Õ»ë—æY(æ·ö:ó½\ T ê>'8ž²|RqD}*Ì`ôͧ ¸²Ü-˜sæ غ®u›~YBýGOëÉ]•«}ÀEå+OѯLÊT/Ô;ŠX\1Û+¡D'ìò ®Í e´«O»Øwõ^…Ùb½ û;öN= Å£6 \ßmå=a]1ùb°â(T؆kÑLpaÒA³ñÓ ¡ïÛО¤|CVQùã£åÇ<.û,Zá…i_ç,° %¤¨|쥨¹ …±Ú€¯®kernel_cmdline: /syslinux/vmlinuz.B init=/usr/lib/systemd/systemd rootwait ro noresume loglevel=7 console=tty1 console=ttyS0,115200 security=apparmor virtio_net.napi_tx=1 nmi_watchdog=0 csm.disabled=1 loadpin.exclude=kernel-module,firmware modules-load=loadpin_trigger firmware_class.path=/var/lib/nvidia/firmware module.sig_enforce=1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi systemd.mask=update-engine.service confidential-gke.hardened=false systemd.default_timeout_start_sec=900s cos.protected_stateful_partition=m ds=nocloud;s=/usr/share/oem/ root=/dev/dm-0 "dm-mod.create=vroot,,,ro,0 4077568 verity 0 PARTUUID=7F1D4287-3F21-9046-A635-E2FFAEDD6FCA PARTUUID=7F1D4287-3F21-9046-A635-E2FFAEDD6FCA 4096 4096 509696 509696 sha256 6af0869bb4f7acdc9ec11fc0e363bce77f4972c6da00722ef47bd501da9ec626 41199e1b418d348c95f4747abbd1d949bfc8e250bd283da27111739c5db7d475;oemroot,,,ro,0 1024000 verity 0 PARTUUID=625f249d-cd56-b04a-9d5f-e077b9f0f2b1 PARTUUID=625f249d-cd56-b04a-9d5f-e077b9f0f2b1 4096 4096 128000 128000 sha256 be14f1ca27cdb3de0564d683fca5855de82f8be1409de341b265939627d27919 465d1ca7f7063aac35b5e3ce9d944ffcdb0b3cd58020b87d8ccf2f4b5ed0f932"€D:k{‚·¯VO.9<ÙÕ£ˆ·úJ˜ Ø=k{…­5Ž³¶®j‡:·ï#¢cRÅÜOªZîÚÏ^´ !K ïyu`4Hwt?Ü*S‚ºÆçbÖ$ÌóöT@|K­÷Øù)]ÓÚ½ïe²vwàExit Boot Services Invocation€GUEÝÉx׿Ð6úÌ~.˜HŸ µOuBËØr¨ꃛ+t|~½^¦a\@ô/D¦Ûë  .È]êç¥0­Œm ¨@ º¾l‰‰&ž• Œô@Æé—i^dÔUÄJe,Ѐö# t(Exit Boot Services Returned with Successgo-tpm-tools-0.4.7/internal/test/eventlogs/cos-101-amd-sev.bin000066400000000000000000000550121510276467000240060ustar00rootroot00000000000000)Spec ID Event03 0?p‹Û¯òfUµ@6GL  Ðüñ2¨ûõ¤á¥Œ×MÒ5}çP;[jýZy‰©Ž¾ m±‚.BÏ’4ö§ŠÅËIô›ÁÄ9?71a!‹¶ߊ÷¦ŒΦ‚ae‰¿ c0GCE Virtual Firmware v1+líÑca—»Á¯ª€ÌnÍ> jÉ$H¨ WU¦;Íe¹öÕrn’]Èi»F”(Å gã,8%ž¤€’4ÌϽ'…Ã+Þˆ(3»mö½˜šIôVcæ<á™üÐP, GCE NonHostInfo€ÔýÑñM@AIMëÉÄSCÒ'} ÌüK³(ˆ£E¼ŠêÚºU+b}™4Œvv«1Aõ°@¤ ,ÞÐÆôSÔÆõœ^ìa«Æ°1E@¢6|º2jRª+1\ÌÎh¨Î Æï*Çå®5aßä‹Ê“Òª à˜+Œ SecureBoot€‹tC!5Ë’T¨ÊÐÂŒÛø7 bÑÅUÛóRµÙà›Ot#®pmÚ×vt(¥ã”Ö z q‡,ÁW´›1ÊýWuÎusC¶¡*»k+é»&“¤aé̦¹ÏðTì°ômaßä‹Ê“Òª à˜+ŒIPK¡YÀ¥ä”§J‡µ«\+ðrI-ÒúÒˆ¤G—’[ªG»‰0‚0‚ `õþøía^JiØUR^0  *†H†÷  0‘1 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI Platform Key v100 200806194844Z 300804194844Z0‘1 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI Platform Key v100‚"0  *†H†÷ ‚0‚ ‚¥I y-Gõ÷w‰|ΛåëFƒ?º÷Hï`œ–ßü;&å=PjlªÂMÄ»3® 9&‘tÒõèÌàÓiAaz(o6<½Š;ó'HÒüdÿ«µ´§Uÿ™FÂ-?œù2<¢ÑÙ}a¯Ñ ¯Â{¶óU­}CÂbÍ­Ù(Á_æƒ6Hòìó­/̾h½OFÆ;\_j$ÏO)¸`Tdì¢Q™ç¤#$ˆÞÆ9¿öU œtÏ\óŽŽ”/¼i¼ úËÝŠŠª<tŒØÍ¥’ Q7uRÝ×øõ—T cÞ§qŒ ‘{?=l¦\8âø h2ìXI[ÎÒÕÊ €à£k0i0Uÿ0ÿ0)U" É4ø­¬ÄèíJ™~Ú•æl0½#„á™ÐìK$ÙvP0+U#$0"€ É4ø­¬ÄèíJ™~Ú•æl0½#„á™ÐìK$ÙvP0  *†H†÷  ‚;>f¢Å½¸;izÃF½ dLe–0îÛÜx­ &ï:kyb–nž <-ëïzÖêÇÒ\Ù›Ý6ÚtióœHi7À9÷)¥hoŽúHáÝÀÏ;jêz?üõ>DX²Ó· `ð­§°¤íHîmÌlµ2ƒÁ×í¾2—õxv‡ARá óø〆֒>EÁ¤®­žf j= 1š”xþu#¶ñÌAùOBž†ì›üŒ×ö`0±¦·­žá?RÅÓû-• <Á3:¸VÕ×¾ÀúV‡x¸aÚåm‘â13cÌÂê(m¿¢£å´ø8#y¨tkºµk”`’¾€p½R¾~P}þ>’B"mÍÿS ñ ‰Mmwm‰k’Ýe†“êUpêAõƒ³ðx®UQdP ¿a%B¥ƒ-vKhiKdê{iïЃ)Nž>T­D-˜\'°xÃfùD¬–jãW‚¯xaßä‹Ê“Òª à˜+ŒRKEK¡YÀ¥ä”§J‡µ«\+ðrR6ÒúÒˆ¤G—’[ªG»‰0‚"0‚  ¬Uyi'å­)P´£ñÔ3ª0  *†H†÷  0•1 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS1"0 UUEFI Key Exchange Key v100 200806194850Z 300804194850Z0•1 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS1"0 UUEFI Key Exchange Key v100‚"0  *†H†÷ ‚0‚ ‚ºd"x:Wf×=àÃ#Z¨‡DÁk\ü*Ñy•˜µ¨heÍâøÕ\+¾¢A³Åâmä’¡¯Û0DŸc„@W„réžÜ'®d¬×Ë+L,©ÿ>3ø&w$páb½eZ­§UçBr Õ˜ÄiØàÃlLÆ~ÿ¦‡$s3qS00„ÂÅZÂéSp¯ A ðÞ_PK³jôßtØT-¢K£k0i0Uÿ0ÿ0)U" KN²qXØÝJ[·`õgGÁ_ÚùMƒ ~YÉKZ'$0+U#$0"€ KN²qXØÝJ[·`õgGÁ_ÚùMƒ ~YÉKZ'$0  *†H†÷  ‚ŽwÕwY‹ùó×U¢þY9Š8Í+9=zm³_ü±‹ÌÂü˾:-§£|nÊŽ2ë®Bž)?ýœ½7vR÷çÄxb«ñ< \Ó¤!-µƒHR*l½ª®EÈ´“YèÙDžüx rðüÝæžÓïÖZC!³0ÅíÄý«œVlÚ!}Îów0Ø’ý”¹µ>˦н•6R 3öâüëZ…×£…ïíßÍ‘ŠÝ‘ù ¡‰bÜs)¡¯{ó²%¸ üå[Éš—W8¤ù`¡›¬à?<•Õ÷û¿Wö¸+ªÇÊšCM¡‰ì»±ÔÀßþ®ÀHåSËÓD¢6îRMmÌ2³õ¼€ÓfŠq² Ÿ_¸B7 M´Ã×Þw 9¾ÿOCH¡¶—£™„GŽ‡CìòdJ2ÛÑ'&æâ ‘OržžpÌ0“);PÞcÖè£úÑá4[è– Í›mZ$rŠø?é¿Ôœx”¸“˲×:=–E£¼ÚÐgeomdbx¡YÀ¥ä”§J‡µ«\+ðr˜|ÒúÒˆ¤G—’[ªG»‰0‚h0‚P  ªŸ²° ¨0  *†H†÷  01 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS10UUEFI DB Key v10 181208011941Z 281205011941Z01 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS10UUEFI DB Key v10‚"0  *†H†÷ ‚0‚ ‚­gÕ8?––”"N‡&‘HΟeé¼u%Péìžì›ßx„ô0Ù6ww×kÃs׋ý& SIþô)M™‡ÿm#w(/ùþÅØ —µîÔõ)ógM”b¸MM[ºíÆshV¦°‡`HâEø'uZ™œêÍt$ÞàÖTñ‹á½(5GìÅ—è7È*Úl;¨;g1*/9²èUüvy´X+˜L[Xü"Æì^*ìð.R»Ówu![¤hW&<isËYŽLŠˆ@Ð_†e³ Þ"ÕÚ]]Õã‚*Y5Ü”MšIJ¤ÀÚÄgW¤q¸=ƒ5hufÿuio¶¥2 C^ ‹£æ0ã0UÕÛšgd3Fˆ°ó2‹öä”Z8ð>0³U#«0¨€ÕÛšgd3Fˆ°ó2‹öä”Z8ð>¡„¤01 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS10UUEFI DB Key v1‚ ªŸ²° ¨0 U0ÿ0  *†H†÷  ‚'kÛ7)€)5FügˆG£5T*Ê*µ£Æþlªà¿°¡Ñ~"µñ¼S íÓ» :eü9è÷c-¤êE¿ŒªŒ~¤ýdNÄ\œS`‚wWv:F ²÷‚¦& ¼‘· ±{­-P³‘ÛŠ¢×ýÞGÈM.Äs­ŒWé‚„žá q]2æs–ñ£[…â}a†eTœ«D#ÚWûÈ`‚*!ˆ°Á=£žhl8=䲃áÌGP‹Ã^eÃkݸ.˜ä~¸¤ŠÚòÓ*‰Î(âÙýúÄn1¤g…P¨ŒÌŠx–ä~çêcy-~^«¬~â1ot¹óίÃâľQaó8¡YÀ¥ä”§J‡µ«\+ðr¹ÒúÒˆ¤G—’[ªG»‰0‚‰0‚q  ìæßûÕ[º0  *†H†÷  0‰1 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS1!0UUEFI Key Exchange Key v10 181208011940Z 281205011940Z0‰1 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS1!0UUEFI Key Exchange Key v10‚"0  *†H†÷ ‚0‚ ‚Âa½Qú|”68»ÊpeÕ$3YÇ‹äýî—¤\ílçêÍyH,‘¨câö¤¼é(‘¦]iÞ¬Œ :GlÈÁš@ãÄÔ_Œñyiºå'ýw_qǟߧ]dEéð6ozOÏEâèíÒ‰‰ûA•ß»Á³úÜï ±ñ;ïcgW$à‹_jAÖö/>Ébdy·s‚è˜×ý+îy~q"Ë­®ñok(Ábßæõ#ðOóšVÚ™]‡ÜYö÷9&’m§.-ÉЈQ]„´ÂSƒ N­œêF_@í$ÿàþ0õ¦pµ; ‚frp®•Þ3†ÿe"šôËZÜ{£ñ0î0UªZd­…‚Ì—ºõãt][Ë;A›0¾U#¶0³€ªZd­…‚Ì—ºõãt][Ë;A›¡¤Œ0‰1 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS1!0UUEFI Key Exchange Key v1‚ ìæßûÕ[º0 U0ÿ0  *†H†÷  ‚ZÇwš­4Ãí8ÿ9Ê+^2Áä%‹Â.àÀaƒÔù¤¶‘/.ïZóh¢Ã°ïÉLêìëÅL×0tŽ 7_‘2U,&¨¼‰Ø+žq¬$‹'P)6/R -ÌDñ5«QŽàÍŽÁ;·ò-ïŒHÅ‚hi˧g»°X$_]Å‘Ùêý.GÌ<ºúB²Øþ®šáUàóÛ²0éM ˜ âëªS^º 7è@ “Æsý;‡·¯Yâæ\W ìÛëÔ&*d<.¸r I¼‚¼±#Ò²¶°/!û²¥oÌ#ýÝ%Í(`’¡YÀ¥ä”§J‡µ«\+ðrçÒúÒˆ¤G—’[ªG»‰0‚Ó0‚»  Û—°Ñ¿Ôqñ0  *†H†÷  01 0 UUS10U California10U Mountain View10U Google LLC.10U Chromium OS10U UEFI DB Key v10  180427150637Z22180310150637Z01 0 UUS10U California10U Mountain View10U Google LLC.10U Chromium OS10U UEFI DB Key v10‚"0  *†H†÷ ‚0‚ ‚µ³(o+ \(çléÏ0P¶¤uûœHѾ„Û_Ô 5§m´j¡NeטQ|`ÄŠŸ7_,qõÒBEú› žhõ5”Êô{Hƀlíȹx–Ð +±ÇLy­g!`Ը撳ü±F›äå*‡=EOÑ­n4Y{’ÛJ‘c?°ð<©|3¾©‹7srGô)ÈRQ ßì!âöWdÄ=t¡dï SŽzŠ.‘ÄCc-µõzÝ3m@>wìÌyŸ*À×Nq‡p+‹ûS)U0ƒ;Ðbÿ`ërÀ {™ ›CïÚ2CGZVtžñ ÌT ˜±O:I£P0N0USº1ˆô+اª€ªÉ›ã4jo0U#0€Sº1ˆô+اª€ªÉ›ã4jo0 U0ÿ0  *†H†÷  ‚²8÷ Z:u¨·AÎ)›ÿ‡ò£´( ¥Âþñg^ÇÕQ—“ ‹ýF”fâzÓ²½Z—Zj¦õŸ¸„)–ˆSHЭO®ø¶íFP…ô-¹4;Ñ-—šÞ5IÎäHTÏ› GjáwoôZÐßCš›h^€!€ÉÇ+BŸ¬‚:ÄIýÝmÓ‰j²*ž~öë-½ä»»ø„'o!…cÜŒS@[a.’ÿë/ݦµpL»/f{b?µ rRC§ß —t7D5j£ß&9Ѳø? ¶lÛoí½t [QIÇG£¨œƒ`O©ÀBSTæÁeóNË´÷vY¡YÀ¥ä”§J‡µ«\+ðrýÒúÒˆ¤G—’[ªG»‰0‚é0‚Ñ  ¨qž9¬c0  *†H†÷  0‰1 0 UUS10U California10U Mountain View10U Google LLC.10U Chromium OS1!0U UEFI Key Exchange Key v10  180427150637Z22180310150637Z0‰1 0 UUS10U California10U Mountain View10U Google LLC.10U Chromium OS1!0U UEFI Key Exchange Key v10‚"0  *†H†÷ ‚0‚ ‚›!ÑÏ1YS¯##™3æ¹°¾ƒA–Iå©‘œ'“e–P¤Ú-D¿ÔÈ£ýÕïÛUäà÷÷—$nä1°œÐäåD9¾}°Ÿ@†5T£1¹U¾ˆÃÒe›Ä§öp²Ù„HÆ€ŽPOd°;ÈËñ¼/$ú󴼆òœÝ¸RåÔ:vpÄ7 Ò<=&rÞ¨éìSÒsnŠiº5é“Ä@~Y$Oð%¿îAVp\Ê¿Ä‘]a#Tæ~½¤jŽ?ÖêMs-D~3 GcD‘ScÄR{?ª·º´À\ÔF§^ú½¶¬tГ™tB™Sç d=±=±ÞsÁ°íñ»G£P0N0U¹Ni¯Ü“<ÃYŸ?ÕyÄŒ[í0U#0€¹Ni¯Ü“<ÃYŸ?ÕyÄŒ[í0 U0ÿ0  *†H†÷  ‚}Ï߸¤â1vbI²“èÑÒîlHrAB`©~Lï3WwšP:vq0åf>µG4š@hsIWúój¥c£/§¢ÒJ™ò„EØNt/ÍèØF(ÍÜÝöٌҨˆsA©<]}Ì%²ÞNQëú ëyE¹8bt®K²™l1âˆÃáÏ‘Vîøn™»IÞ,¼!P"4˜2Jô°ìɆkçZYⓨ<ÜÐÌêÉ«ˆ¶øÉÉÏpñ¸:ÎÅy_îŠ/Ž¸ü[—/õÿ!i€°âðg¼dÂc ëZ¤†‹¾í ²Ävúï@ï·}Ëš/Ñ`¤t¦iî5ÓÉ(ûêÌmõ¸iÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ð€£?[_Ö±ÊÝô¤­îz<É-Ò ks  K{-;ž"ÏûO‚91˜GR,O¡u;iP“ R¹ -éF¹G6KWØ! c;X™n*;§Î­T¯®s°…Ñå+ÀOëå| \¡3+6aßä‹Ê“Òª à˜+Œ BootOrder€"¤öîšöÛ 5(Þ¶Ktµ‚ü+ 1—¾0¡` „ä½J¡T¿µFÏ.lö _Œ6*“ #­ Rañ/4 ½ŽFv bÖ´Õv¤ñþ¡ÆKÆV±ÒŽ¬÷zæégÅÒ©‹út˜naßä‹Ê“Òª à˜+Œ>Boot0000 ,UiAppɽ¸|ëø4Oªê>ä¯e¡!ª,FvEƒnŠ¶ôf#1ÿ€5Áy{fÎ0ý^ŸQ Pͽ©É“‡ +ç¤Yã Ç»xˆûX(9‡þ ÑÓÁ¾'kÉév“æ\I ¢S3Ç®Âà™04“Œ‰;<+Êö~ˆÃB£Õ†ö÷úâÆ¡$zžØiˆ mKä—Ôû¶aßä‹Ê“Òª à˜+Œ`Boot0001&UEFI nvme_card-pd ÐA ÿN¬ŸYM…âR,Y²€ÍÛE1¦ìA¾'Sº&7Öå÷òV =gr´øNÔu•×*,L_ýõ»rÇPâo*®âÆV3º w Ú²1+NW¨M†Z!å²îgz!*Ú ˜˜€xÓ×@ö4kþ º©8Ê Cšq(Calling EFI Application from Boot OptioniÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðà€\Úø„r‰\Í sDFÖ–E7 ÷ù>¶»”gþã­jÞl5=â_.>ì1[Æ€M š SH’WºÌ(n×óe]ú‚õ›e= ÿ×›9U²wD @;Yícà'WòEE˲×:=–E£¼ÚÐgeo!dbÒúÒˆ¤G—’[ªG»‰0‚ 0‚õ FÑ»#Ù`ãb)2Bb0  *†H†÷  0‹1 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI DB Key v100 200806194855Z 300804194855Z0‹1 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI DB Key v100‚"0  *†H†÷ ‚0‚ ‚ÐÌ‘î䵸TéEg“"^5ðËÀîã€G†+ ˜ºq5Ge×Ió˜•Ñ9pòû…‘I?Ùû쬅D ‹Å=‚T3dÀÌ„Ú;É‘<öÇj–¼Ÿ®"âöä ºïîÝaØ™û÷FKÁ¿TÞ¤/¨Âï"ÜNÓKjÝi’lvrhÔÄç«a–uô x¢I¤oÐt>³Åâmä’¡¯Û0DŸc„@W„réžÜ'®d¬×Ë+L,©ÿ>3ø&w$páb½eZ­§UçBr Õ˜ÄiØàÃlLÆ~ÿ¦‡$s3qS00„ÂÅZÂéSp¯ A ðÞ_PK³jôßtØT-¢K£k0i0Uÿ0ÿ0)U" KN²qXØÝJ[·`õgGÁ_ÚùMƒ ~YÉKZ'$0+U#$0"€ KN²qXØÝJ[·`õgGÁ_ÚùMƒ ~YÉKZ'$0  *†H†÷  ‚ŽwÕwY‹ùó×U¢þY9Š8Í+9=zm³_ü±‹ÌÂü˾:-§£|nÊŽ2ë®Bž)?ýœ½7vR÷çÄxb«ñ< \Ó¤!-µƒHR*l½ª®EÈ´“YèÙDžüx rðüÝæžÓïÖZC!³0ÅíÄý«œVlÚ!}Îów0Ø’ý”¹µ>˦н•6R 3öâüëZ…×£…ïíßÍ‘ŠÝ‘ù ¡‰bÜs)¡¯{ó²%¸ üå[Éš—W8¤ù`¡›¬à?<•Õ÷û¿Wö¸+ªÇÊšCM¡‰ì»±ÔÀßþ®ÀHåSËÓD¢6îRMmÌ2³õ¼€¾ÇfóÖ-t¬h(û£ó÷‚g P ¼eÅ]WAa’ šþo°Ñ§ÇÛ:Šò\ÌË2K-ËGÌ ¦Ö™Wk*7MJRN2»¼ó˜öÖ¢çøIlŒ«_OÔ`ÑMN­]ÈLb­Ænªö0dEFI PART\–´aœ "{ Ðè»n*F†bgT˜ay§€€ÐáôÌ ¯=ƃ„rGŽy=iØG}äñð“tgK2£é¬5X¿âЄl STATE]*:þ2O§A·%¬Ì2…£ FX·€ÒFM´–óŽ‡Á‹PÿÏÿKERN-Aâ¸<~;ÝGŠ<ò¡<üìK!p³šBåƒr<Íxe4úÐDÿÏ„ROOT-A]*:þ2O§A·%¬Ì2…£ n,J!ÞKÊZ€¿XžýêÐÿOKERN-Bâ¸<~;ÝGŠ<ò¡<üì雷† iN$ˆ‹‹5G[>ÐÿÏDROOT-B]*:þ2O§A·%¬Ì2…£ ©ú“—¥n@šŠÊλâÏÉ@@@@KERN-Câ¸<~;ÝGŠ<ò¡<üì‹\j&ŘF;¹už8À[A@A@ROOT-C¯=ƃ„rGŽy=iØG}ä°“ßAfºìáþÎH}­PÿÏOEM=u .Hž°Cƒ7±Q’Ë^ø‰ðÓmEî¶=½m”€nB@B@reserved=u .Hž°Cƒ7±Q’Ë^é3ûº6D›X¯°qC@C@reservedHah!IdontNeedEFIáÅÿóA­Ç´]œpå@?@RWFW(s*ÁøÒºK É>É;c;<ÞF¦øâQ•’œÐÿÏEFI-SYSTEM€ÜA—Äí…~›cTÊØ´H™\0Rê Ǭ]DDJÿØÔ§ÅÓÞ Î §/Á‡w¤(Ð’÷Šãÿ r¿W”¨eëüß“¢Ú¨í(“.*p ØHœ8c‰³ówmu^ÇÉ_¹Ã–÷½RÇ ॼðò € ÐA * Ðc;<ÞF¦øâQ•’œ0\EFI\BOOT\BOOTX64.EFIÿ R_÷ LúK,v¢â?ÄI—“+Óò Š:®PÕÒX8É\J­Î{TŒš•.·’^6nÚS|Yð €î%q3JW¿#!–DGåBHú‡ˆx©}Ër h: ±¬cLvÀÀ¾w÷aMokList R_÷ LúK,v¢â?ÄI—“+Óò Š:®PÕÒX8É\J­Î{TŒš•.·’^6nÚS|Yð €î%q3JW¿#!–DGåBHú‡ˆx©}Ër h: ±¬cLvÀÀ¾w÷a MokListXà€‡]9¸‡/Šÿ:’üŸž@¬u&Ž ’.“šUeyŠ^ñ/à‹I¿•Ž‰ Ì§¥6i=A£M ñCâ”cüÓD.„³j~qð¨”eA–éÑ.pÐrxt` V&MºS.݇)Åë8DP«]`FàC«¶=ØÝ‹# SbatLevelsbat,1,2021030218 €® A;Q»&ªh`+¤þx}"ø. ÅÓ´}áš*Jï\· -x¡ ÀÜìÄn>–=GkvÎ [8ß9Ǿì;ýœL½@¼¾áÑú šdÅðcÒü=ï&䌻Øms Ž´ij)u”\ ¨¼÷ <8\EFI\BOOT\grub-lakitu.efiÿà€\Úø„r‰\Í sDFÖ–E7 ÷ù>¶»”gþã­jÞl5=â_.>ì1[Æ€M š SH’WºÌ(n×óe]ú‚õ›e= ÿ×›9U²wD @;Yícà'WòEE˲×:=–E£¼ÚÐgeo!dbÒúÒˆ¤G—’[ªG»‰0‚ 0‚õ FÑ»#Ù`ãb)2Bb0  *†H†÷  0‹1 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI DB Key v100 200806194855Z 300804194855Z0‹1 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI DB Key v100‚"0  *†H†÷ ‚0‚ ‚ÐÌ‘î䵸TéEg“"^5ðËÀîã€G†+ ˜ºq5Ge×Ió˜•Ñ9pòû…‘I?Ùû쬅D ‹Å=‚T3dÀÌ„Ú;É‘<öÇj–¼Ÿ®"âöä ºïîÝaØ™û÷FKÁ¿TÞ¤/¨Âï"ÜNÓKjÝi’lvrhÔÄç«a–uô x¢I¤oÐt>³Åâmä’¡¯Û0DŸc„@W„réžÜ'®d¬×Ë+L,©ÿ>3ø&w$páb½eZ­§UçBr Õ˜ÄiØàÃlLÆ~ÿ¦‡$s3qS00„ÂÅZÂéSp¯ A ðÞ_PK³jôßtØT-¢K£k0i0Uÿ0ÿ0)U" KN²qXØÝJ[·`õgGÁ_ÚùMƒ ~YÉKZ'$0+U#$0"€ KN²qXØÝJ[·`õgGÁ_ÚùMƒ ~YÉKZ'$0  *†H†÷  ‚ŽwÕwY‹ùó×U¢þY9Š8Í+9=zm³_ü±‹ÌÂü˾:-§£|nÊŽ2ë®Bž)?ýœ½7vR÷çÄxb«ñ< \Ó¤!-µƒHR*l½ª®EÈ´“YèÙDžüx rðüÝæžÓïÖZC!³0ÅíÄý«œVlÚ!}Îów0Ø’ý”¹µ>˦н•6R 3öâüëZ…×£…ïíßÍ‘ŠÝ‘ù ¡‰bÜs)¡¯{ó²%¸ üå[Éš—W8¤ù`¡›¬à?<•Õ÷û¿Wö¸+ªÇÊšCM¡‰ì»±ÔÀßþ®ÀHåSËÓD¢6îRMmÌ2³õ¼ M ›K—KŽÄhȪöS´š€ #Ñ Š}JžÚB;wC/b%>è™ÒjiægI@n—Wç áã0ã„ݲhá®9Ò \iŸØ…+¾ ¿BEz™èžØ@„ÚR9Á“üI~l</efi/boot/grub.cfg ¯„ûQ°XvוfG[´#ó€-w å/ž=§ŒA‚T E®éà õûp²Î„“ÇSˆÓ¹ 6.p¾—)ßeµ7TýÝn—úñ–¼n ’ž ;²Ôqÿù{€»Ütˆe"bf•grub_cmd: defaultA=2 £Ò—¡zÎ-ÊÍ`BÑÌØà D ?§÷M 2µ"GzÒ—ÇH„*ΚãáÍËM[µ§Y¶L g ò×AÌ<ècítd&¡ñ©˜¾Ÿgÿ«ß¡òÛv–ˆX¨\5‡W[AcuŠÄÇŠgrub_cmd: defaultB=3 ¼Ý‰“Èçê2Yxm/Ì{f&í)› –aد2ý-mÇ¿`‰ðtë3.åÙsR¶Å\¦Íʪ Ãp–I´ZÈ:óf\LŽ‹*¦¤'ÜAªH ¯·ùU‚ㆥ®¶`.”[äö¶y²Î¢‘Ÿ"grub_cmd: gptpriority hd0 2 prioA ß³¹ AË牕Ü^$cpïfØAæ ÁǶÜz6мuÀ¾ö›Ü'}tÊ8Ðì(D²¯? ²Ì¥CÌ>YNu×`h²5ÐF$¯¼fœ¹ÿuòtc´ô¨ÖSê‘C‰Š‹wa¡r½ £"grub_cmd: gptpriority hd0 4 prioB çh>‹ μŽGÓÓt;&@ oØÞ¬Áƒ³­ö±95Qay’•wÒ`”§öŽ{‹Dä4 ºR^Å!œÀò…Š„£ âˆ[=¸K¡­»zl+ÈHk÷…j­^†^ó;ÜLxÚªägrub_cmd: [ 15 -lt 0 ] )k' áþdQJ¦=qgˆá„ Iýú¬]Ž$8*a}  ÀÎZµè3T’ýÚs]zxÔ9¿ñ ýù8Éø1g¼±ê\(³bŽ„Nþ «ç¥ý‚Ä«M)*È«ÒçhmoÀ& b‹grub_cmd: set default=2 OD¤§§R>cwê–Ó‹6»l"Ø Ó§“ôq¶¿è׃õæ)1L­GcÔ‰†¨ÍMòTu3K@ô› Tƒm4e3°ÈÇÌ&0‘ŠHl¤DAmÕ¢gã70¸˜ÆÝz%†£‚¬@‘Â"grub_cmd: set timeout=0 Ù`œËë3õ‡ýè+{`lΞbf ¥!‡ Çu÷Mºýì6Rc¹Å¥q"ÓØo¡£DbÍMz‚$ ³%˜lmÒ¤ub‚–e ©6ÅîäIÚY°ŒvfÆ^¬á¯+q^kZΊ S¹|Žgrub_cmd: menuentry local image A { linux /syslinux/vmlinuz.A init=/usr/lib/systemd/systemd boot=local rootwait ro noresume loglevel=7 console=tty1 console=ttyS0 security=apparmor virtio_net.napi_tx=1 nmi_watchdog=0 csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 i915.modeset=1 cros_efi root=PARTUUID=1D70214B-9AB3-E542-8372-3CCD786534FA } jß±¾¿…G Ñ~ò<˜µ®ËËT `Ÿ,ctÜ/¡(FÄ{;YIÐ]Iäú¤}VdÊ*Òc €µ¿=žñ]Þoìiç:V;­ýðGg\‰jfmô^à­ƒÙˆÞUiÌ:»5Žgrub_cmd: menuentry local image B { linux /syslinux/vmlinuz.B init=/usr/lib/systemd/systemd boot=local rootwait ro noresume loglevel=7 console=tty1 console=ttyS0 security=apparmor virtio_net.napi_tx=1 nmi_watchdog=0 csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 i915.modeset=1 cros_efi root=PARTUUID=8689A5EF-69A0-244E-888B-8B35475B113E } ¾‚ºÝöž…,ŒUùòž0c$8e 3OŒ)ÔØBXGi{û”à$~ëËMb°í¢’¥‚š` ³ˆåê­+â'çq²Òª c~ë N0«úÌ’ãbX «Q˜´"Øò$`ú„¶¨ûgrub_cmd: menuentry verified image A { linux /syslinux/vmlinuz.A init=/usr/lib/systemd/systemd boot=local rootwait ro noresume loglevel=7 console=tty1 console=ttyS0 security=apparmor virtio_net.napi_tx=1 nmi_watchdog=0 csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi root=/dev/dm-0 dm="1 vroot none ro 1,0 4077568 verity payload=PARTUUID=1D70214B-9AB3-E542-8372-3CCD786534FA hashtree=PARTUUID=1D70214B-9AB3-E542-8372-3CCD786534FA hashstart=4077568 alg=sha256 root_hexdigest=48d436350a7e83bde985cd3f7e79fa443557743b42243803ce31104ca4719c5d salt=b323b014b6f463172fca758a1c5a6745a2c8e5872be0e175e2f4b40c8295b2ab" } §sÒ×ÓÓ£I)ü?¥Ž0‡OþÎ ½®—r6®$¾˜ÀK˜GPzvz9éô|îlè9, Àç R'¶p'a d£¹é8 /µs£l)Ŷܼãô€ ' væT8ƨŠ¿0ç›B÷D“’UѨG7ÙûÈOisñxƯꆖ[-{¢ jÉ$H¨ WU¦;Íe¹öÕrn’]Èi»F”(Å gã,8%ž¤€’4ÌϽ'…Ã+Þˆ(3»mö½˜šIôVcæ<á™üÐP, GCE NonHostInfo€ÔýÑñM@AIMëÉÄSCÒ'} ÌüK³(ˆ£E¼ŠêÚºU+b}™4Œvv«1Aõ°@¤ ,ÞÐÆôSÔÆõœ^ìa«Æ°1E@¢6|º2jRª+1\ÌÎh¨Î Æï*Çå®5aßä‹Ê“Òª à˜+Œ SecureBoot€‹tC!5Ë’T¨ÊÐÂŒÛø7 bÑÅUÛóRµÙà›Ot#®pmÚ×vt(¥ã”Ö z q‡,ÁW´›1ÊýWuÎusC¶¡*»k+é»&“¤aé̦¹ÏðTì°ômaßä‹Ê“Òª à˜+ŒIPK¡YÀ¥ä”§J‡µ«\+ðrI-ÒúÒˆ¤G—’[ªG»‰0‚0‚ `õþøía^JiØUR^0  *†H†÷  0‘1 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI Platform Key v100 200806194844Z 300804194844Z0‘1 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI Platform Key v100‚"0  *†H†÷ ‚0‚ ‚¥I y-Gõ÷w‰|ΛåëFƒ?º÷Hï`œ–ßü;&å=PjlªÂMÄ»3® 9&‘tÒõèÌàÓiAaz(o6<½Š;ó'HÒüdÿ«µ´§Uÿ™FÂ-?œù2<¢ÑÙ}a¯Ñ ¯Â{¶óU­}CÂbÍ­Ù(Á_æƒ6Hòìó­/̾h½OFÆ;\_j$ÏO)¸`Tdì¢Q™ç¤#$ˆÞÆ9¿öU œtÏ\óŽŽ”/¼i¼ úËÝŠŠª<tŒØÍ¥’ Q7uRÝ×øõ—T cÞ§qŒ ‘{?=l¦\8âø h2ìXI[ÎÒÕÊ €à£k0i0Uÿ0ÿ0)U" É4ø­¬ÄèíJ™~Ú•æl0½#„á™ÐìK$ÙvP0+U#$0"€ É4ø­¬ÄèíJ™~Ú•æl0½#„á™ÐìK$ÙvP0  *†H†÷  ‚;>f¢Å½¸;izÃF½ dLe–0îÛÜx­ &ï:kyb–nž <-ëïzÖêÇÒ\Ù›Ý6ÚtióœHi7À9÷)¥hoŽúHáÝÀÏ;jêz?üõ>DX²Ó· `ð­§°¤íHîmÌlµ2ƒÁ×í¾2—õxv‡ARá óø〆֒>EÁ¤®­žf j= 1š”xþu#¶ñÌAùOBž†ì›üŒ×ö`0±¦·­žá?RÅÓû-• <Á3:¸VÕ×¾ÀúV‡x¸aÚåm‘â13cÌÂê(m¿¢£å´ø8#y¨tkºµk”`’¾€p½R¾~P}þ>’B"mÍÿS ñ ‰Mmwm‰k’Ýe†“êUpêAõƒ³ðx®UQdP ¿a%B¥ƒ-vKhiKdê{iïЃ)Nž>T­D-˜\'°xÃfùD¬–jãW‚¯xaßä‹Ê“Òª à˜+ŒRKEK¡YÀ¥ä”§J‡µ«\+ðrR6ÒúÒˆ¤G—’[ªG»‰0‚"0‚  ¬Uyi'å­)P´£ñÔ3ª0  *†H†÷  0•1 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS1"0 UUEFI Key Exchange Key v100 200806194850Z 300804194850Z0•1 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS1"0 UUEFI Key Exchange Key v100‚"0  *†H†÷ ‚0‚ ‚ºd"x:Wf×=àÃ#Z¨‡DÁk\ü*Ñy•˜µ¨heÍâøÕ\+¾¢A³Åâmä’¡¯Û0DŸc„@W„réžÜ'®d¬×Ë+L,©ÿ>3ø&w$páb½eZ­§UçBr Õ˜ÄiØàÃlLÆ~ÿ¦‡$s3qS00„ÂÅZÂéSp¯ A ðÞ_PK³jôßtØT-¢K£k0i0Uÿ0ÿ0)U" KN²qXØÝJ[·`õgGÁ_ÚùMƒ ~YÉKZ'$0+U#$0"€ KN²qXØÝJ[·`õgGÁ_ÚùMƒ ~YÉKZ'$0  *†H†÷  ‚ŽwÕwY‹ùó×U¢þY9Š8Í+9=zm³_ü±‹ÌÂü˾:-§£|nÊŽ2ë®Bž)?ýœ½7vR÷çÄxb«ñ< \Ó¤!-µƒHR*l½ª®EÈ´“YèÙDžüx rðüÝæžÓïÖZC!³0ÅíÄý«œVlÚ!}Îów0Ø’ý”¹µ>˦н•6R 3öâüëZ…×£…ïíßÍ‘ŠÝ‘ù ¡‰bÜs)¡¯{ó²%¸ üå[Éš—W8¤ù`¡›¬à?<•Õ÷û¿Wö¸+ªÇÊšCM¡‰ì»±ÔÀßþ®ÀHåSËÓD¢6îRMmÌ2³õ¼€ÓfŠq² Ÿ_¸B7 M´Ã×Þw 9¾ÿOCH¡¶—£™„GŽ‡CìòdJ2ÛÑ'&æâ ‘OržžpÌ0“);PÞcÖè£úÑá4[è– Í›mZ$rŠø?é¿Ôœx”¸“˲×:=–E£¼ÚÐgeomdbx¡YÀ¥ä”§J‡µ«\+ðr˜|ÒúÒˆ¤G—’[ªG»‰0‚h0‚P  ªŸ²° ¨0  *†H†÷  01 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS10UUEFI DB Key v10 181208011941Z 281205011941Z01 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS10UUEFI DB Key v10‚"0  *†H†÷ ‚0‚ ‚­gÕ8?––”"N‡&‘HΟeé¼u%Péìžì›ßx„ô0Ù6ww×kÃs׋ý& SIþô)M™‡ÿm#w(/ùþÅØ —µîÔõ)ógM”b¸MM[ºíÆshV¦°‡`HâEø'uZ™œêÍt$ÞàÖTñ‹á½(5GìÅ—è7È*Úl;¨;g1*/9²èUüvy´X+˜L[Xü"Æì^*ìð.R»Ówu![¤hW&<isËYŽLŠˆ@Ð_†e³ Þ"ÕÚ]]Õã‚*Y5Ü”MšIJ¤ÀÚÄgW¤q¸=ƒ5hufÿuio¶¥2 C^ ‹£æ0ã0UÕÛšgd3Fˆ°ó2‹öä”Z8ð>0³U#«0¨€ÕÛšgd3Fˆ°ó2‹öä”Z8ð>¡„¤01 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS10UUEFI DB Key v1‚ ªŸ²° ¨0 U0ÿ0  *†H†÷  ‚'kÛ7)€)5FügˆG£5T*Ê*µ£Æþlªà¿°¡Ñ~"µñ¼S íÓ» :eü9è÷c-¤êE¿ŒªŒ~¤ýdNÄ\œS`‚wWv:F ²÷‚¦& ¼‘· ±{­-P³‘ÛŠ¢×ýÞGÈM.Äs­ŒWé‚„žá q]2æs–ñ£[…â}a†eTœ«D#ÚWûÈ`‚*!ˆ°Á=£žhl8=䲃áÌGP‹Ã^eÃkݸ.˜ä~¸¤ŠÚòÓ*‰Î(âÙýúÄn1¤g…P¨ŒÌŠx–ä~çêcy-~^«¬~â1ot¹óίÃâľQaó8¡YÀ¥ä”§J‡µ«\+ðr¹ÒúÒˆ¤G—’[ªG»‰0‚‰0‚q  ìæßûÕ[º0  *†H†÷  0‰1 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS1!0UUEFI Key Exchange Key v10 181208011940Z 281205011940Z0‰1 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS1!0UUEFI Key Exchange Key v10‚"0  *†H†÷ ‚0‚ ‚Âa½Qú|”68»ÊpeÕ$3YÇ‹äýî—¤\ílçêÍyH,‘¨câö¤¼é(‘¦]iÞ¬Œ :GlÈÁš@ãÄÔ_Œñyiºå'ýw_qǟߧ]dEéð6ozOÏEâèíÒ‰‰ûA•ß»Á³úÜï ±ñ;ïcgW$à‹_jAÖö/>Ébdy·s‚è˜×ý+îy~q"Ë­®ñok(Ábßæõ#ðOóšVÚ™]‡ÜYö÷9&’m§.-ÉЈQ]„´ÂSƒ N­œêF_@í$ÿàþ0õ¦pµ; ‚frp®•Þ3†ÿe"šôËZÜ{£ñ0î0UªZd­…‚Ì—ºõãt][Ë;A›0¾U#¶0³€ªZd­…‚Ì—ºõãt][Ë;A›¡¤Œ0‰1 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS1!0UUEFI Key Exchange Key v1‚ ìæßûÕ[º0 U0ÿ0  *†H†÷  ‚ZÇwš­4Ãí8ÿ9Ê+^2Áä%‹Â.àÀaƒÔù¤¶‘/.ïZóh¢Ã°ïÉLêìëÅL×0tŽ 7_‘2U,&¨¼‰Ø+žq¬$‹'P)6/R -ÌDñ5«QŽàÍŽÁ;·ò-ïŒHÅ‚hi˧g»°X$_]Å‘Ùêý.GÌ<ºúB²Øþ®šáUàóÛ²0éM ˜ âëªS^º 7è@ “Æsý;‡·¯Yâæ\W ìÛëÔ&*d<.¸r I¼‚¼±#Ò²¶°/!û²¥oÌ#ýÝ%Í(`’¡YÀ¥ä”§J‡µ«\+ðrçÒúÒˆ¤G—’[ªG»‰0‚Ó0‚»  Û—°Ñ¿Ôqñ0  *†H†÷  01 0 UUS10U California10U Mountain View10U Google LLC.10U Chromium OS10U UEFI DB Key v10  180427150637Z22180310150637Z01 0 UUS10U California10U Mountain View10U Google LLC.10U Chromium OS10U UEFI DB Key v10‚"0  *†H†÷ ‚0‚ ‚µ³(o+ \(çléÏ0P¶¤uûœHѾ„Û_Ô 5§m´j¡NeטQ|`ÄŠŸ7_,qõÒBEú› žhõ5”Êô{Hƀlíȹx–Ð +±ÇLy­g!`Ը撳ü±F›äå*‡=EOÑ­n4Y{’ÛJ‘c?°ð<©|3¾©‹7srGô)ÈRQ ßì!âöWdÄ=t¡dï SŽzŠ.‘ÄCc-µõzÝ3m@>wìÌyŸ*À×Nq‡p+‹ûS)U0ƒ;Ðbÿ`ërÀ {™ ›CïÚ2CGZVtžñ ÌT ˜±O:I£P0N0USº1ˆô+اª€ªÉ›ã4jo0U#0€Sº1ˆô+اª€ªÉ›ã4jo0 U0ÿ0  *†H†÷  ‚²8÷ Z:u¨·AÎ)›ÿ‡ò£´( ¥Âþñg^ÇÕQ—“ ‹ýF”fâzÓ²½Z—Zj¦õŸ¸„)–ˆSHЭO®ø¶íFP…ô-¹4;Ñ-—šÞ5IÎäHTÏ› GjáwoôZÐßCš›h^€!€ÉÇ+BŸ¬‚:ÄIýÝmÓ‰j²*ž~öë-½ä»»ø„'o!…cÜŒS@[a.’ÿë/ݦµpL»/f{b?µ rRC§ß —t7D5j£ß&9Ѳø? ¶lÛoí½t [QIÇG£¨œƒ`O©ÀBSTæÁeóNË´÷vY¡YÀ¥ä”§J‡µ«\+ðrýÒúÒˆ¤G—’[ªG»‰0‚é0‚Ñ  ¨qž9¬c0  *†H†÷  0‰1 0 UUS10U California10U Mountain View10U Google LLC.10U Chromium OS1!0U UEFI Key Exchange Key v10  180427150637Z22180310150637Z0‰1 0 UUS10U California10U Mountain View10U Google LLC.10U Chromium OS1!0U UEFI Key Exchange Key v10‚"0  *†H†÷ ‚0‚ ‚›!ÑÏ1YS¯##™3æ¹°¾ƒA–Iå©‘œ'“e–P¤Ú-D¿ÔÈ£ýÕïÛUäà÷÷—$nä1°œÐäåD9¾}°Ÿ@†5T£1¹U¾ˆÃÒe›Ä§öp²Ù„HÆ€ŽPOd°;ÈËñ¼/$ú󴼆òœÝ¸RåÔ:vpÄ7 Ò<=&rÞ¨éìSÒsnŠiº5é“Ä@~Y$Oð%¿îAVp\Ê¿Ä‘]a#Tæ~½¤jŽ?ÖêMs-D~3 GcD‘ScÄR{?ª·º´À\ÔF§^ú½¶¬tГ™tB™Sç d=±=±ÞsÁ°íñ»G£P0N0U¹Ni¯Ü“<ÃYŸ?ÕyÄŒ[í0U#0€¹Ni¯Ü“<ÃYŸ?ÕyÄŒ[í0 U0ÿ0  *†H†÷  ‚}Ï߸¤â1vbI²“èÑÒîlHrAB`©~Lï3WwšP:vq0åf>µG4š@hsIWúój¥c£/§¢ÒJ™ò„EØNt/ÍèØF(ÍÜÝöٌҨˆsA©<]}Ì%²ÞNQëú ëyE¹8bt®K²™l1âˆÃáÏ‘Vîøn™»IÞ,¼!P"4˜2Jô°ìɆkçZYⓨ<ÜÐÌêÉ«ˆ¶øÉÉÏpñ¸:ÎÅy_îŠ/Ž¸ü[—/õÿ!i€°âðg¼dÂc ëZ¤†‹¾í ²Ävúï@ï·}Ëš/Ñ`¤t¦iî5ÓÉ(ûêÌmõ¸iÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ð€£?[_Ö±ÊÝô¤­îz<É-Ò ks  K{-;ž"ÏûO‚91˜GR,O¡u;iP“ R¹ -éF¹G6KWØ! c;X™n*;§Î­T¯®s°…Ñå+ÀOëå| \¡3+6aßä‹Ê“Òª à˜+Œ BootOrder€"¤öîšöÛ 5(Þ¶Ktµ‚ü+ 1—¾0¡` „ä½J¡T¿µFÏ.lö _Œ6*“ #­ Rañ/4 ½ŽFv bÖ´Õv¤ñþ¡ÆKÆV±ÒŽ¬÷zæégÅÒ©‹út˜naßä‹Ê“Òª à˜+Œ>Boot0000 ,UiAppɽ¸|ëø4Oªê>ä¯e¡!ª,FvEƒnŠ¶ôf#1ÿ€5Áy{fÎ0ý^ŸQ Pͽ©É“‡ +ç¤Yã Ç»xˆûX(9‡þ ÑÓÁ¾'kÉév“æ\I ¢S3Ç®Âà™04“Œ‰;<+Êö~ˆÃB£Õ†ö÷úâÆ¡$zžØiˆ mKä—Ôû¶aßä‹Ê“Òª à˜+Œ`Boot0001&UEFI nvme_card-pd ÐA ÿN¬ŸYM…âR,Y²€ÍÛE1¦ìA¾'Sº&7Öå÷òV =gr´øNÔu•×*,L_ýõ»rÇPâo*®âÆV3º w Ú²1+NW¨M†Z!å²îgz!*Ú ˜˜€xÓ×@ö4kþ º©8Ê Cšq(Calling EFI Application from Boot OptioniÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðà€\Úø„r‰\Í sDFÖ–E7 ÷ù>¶»”gþã­jÞl5=â_.>ì1[Æ€M š SH’WºÌ(n×óe]ú‚õ›e= ÿ×›9U²wD @;Yícà'WòEE˲×:=–E£¼ÚÐgeo!dbÒúÒˆ¤G—’[ªG»‰0‚ 0‚õ FÑ»#Ù`ãb)2Bb0  *†H†÷  0‹1 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI DB Key v100 200806194855Z 300804194855Z0‹1 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI DB Key v100‚"0  *†H†÷ ‚0‚ ‚ÐÌ‘î䵸TéEg“"^5ðËÀîã€G†+ ˜ºq5Ge×Ió˜•Ñ9pòû…‘I?Ùû쬅D ‹Å=‚T3dÀÌ„Ú;É‘<öÇj–¼Ÿ®"âöä ºïîÝaØ™û÷FKÁ¿TÞ¤/¨Âï"ÜNÓKjÝi’lvrhÔÄç«a–uô x¢I¤oÐt>³Åâmä’¡¯Û0DŸc„@W„réžÜ'®d¬×Ë+L,©ÿ>3ø&w$páb½eZ­§UçBr Õ˜ÄiØàÃlLÆ~ÿ¦‡$s3qS00„ÂÅZÂéSp¯ A ðÞ_PK³jôßtØT-¢K£k0i0Uÿ0ÿ0)U" KN²qXØÝJ[·`õgGÁ_ÚùMƒ ~YÉKZ'$0+U#$0"€ KN²qXØÝJ[·`õgGÁ_ÚùMƒ ~YÉKZ'$0  *†H†÷  ‚ŽwÕwY‹ùó×U¢þY9Š8Í+9=zm³_ü±‹ÌÂü˾:-§£|nÊŽ2ë®Bž)?ýœ½7vR÷çÄxb«ñ< \Ó¤!-µƒHR*l½ª®EÈ´“YèÙDžüx rðüÝæžÓïÖZC!³0ÅíÄý«œVlÚ!}Îów0Ø’ý”¹µ>˦н•6R 3öâüëZ…×£…ïíßÍ‘ŠÝ‘ù ¡‰bÜs)¡¯{ó²%¸ üå[Éš—W8¤ù`¡›¬à?<•Õ÷û¿Wö¸+ªÇÊšCM¡‰ì»±ÔÀßþ®ÀHåSËÓD¢6îRMmÌ2³õ¼€Î|‡ò,ö=‡L™ýìy°-îíY ·åÐVlß©ÁØéÜ,ìiæ¦ïV>d“é¬%’` ³ÉôÅQ Rrµ}¬þý¾f¸Û¨Z\"f§ë¸›D?[_€­¸ÑäüáKšïdEFI PART\ˆ?œ "{ é *æjM/™8Ô"̓q6€€àñBä ¯=ƃ„rGŽy=iØG}äÑgÓ|‚@OËÀp׫€Ð„l STATE]*:þ2O§A·%¬Ì2…£ œ‰S6H•’ÿ»„S õ=PÿÏÿKERN-Aâ¸<~;ÝGŠ<ò¡<üìâÎŽï…#O®¡FÙ=ŠÂÐDÿÏ„ROOT-A]*:þ2O§A·%¬Ì2…£ N-áp1BĽÝâ?šiÐÿOKERN-Bâ¸<~;ÝGŠ<ò¡<üìç(þõéDœ¥ #%…3CØÐÿÏDROOT-B]*:þ2O§A·%¬Ì2…£ è$u®]Fªæ(PTâ@@@@KERN-Câ¸<~;ÝGŠ<ò¡<üìÀZc­²^D3¤¤à¬,_GA@A@ROOT-C¯=ƃ„rGŽy=iØG}äEzn§8þI ˜ˆÖö5‚ÐPÿÏOEM=u .Hž°Cƒ7±Q’Ë^¤zÊ¡VHd€w¢ ‹ Z9B@B@reserved=u .Hž°Cƒ7±Q’Ë^MŸšºKJ¡¬Gõ`‚9C@C@reservedHah!IdontNeedEFI›Àa䂤Dl°ö²‚Ð2·@?@RWFW(s*ÁøÒºK É>É;zž„"Å‘I0…çxZ‘ÍÐÿÏEFI-SYSTEM€¿îÁ]“Yþ ¨µûdQÑ÷>QDÆÓ Û¨ÖŸû$D–¬Š²••ÓÚSjÅìfÆ´½Þ$R„Ï# w‹×Ö8]Œ Ú^PN>UKgÙšq-•|´Ë´Ù²æl©n1ÝÁ†€¯°::ŠÚjÊ ð­¼ø € ÐA * Ðzž„"Å‘I0…çxZ‘Í0\EFI\BOOT\BOOTX64.EFIÿ€†H­?QñâRtÏ}ø7î ÷ºØ?‡”äd%0©¦$.ˆRÃzI}}N|fÕB ÐÈÆ›ΰôkâ+’RhNq@(‚F¦­º±6Œˆ<Ýäé‡bÌgˆÙM ËÓ÷Ê)ÒÖ¯à€Èü¤˜Ó\º!…e¦6]Úö æZÀ¡Ú·íÄD‚Sâ×VÙÌUãÿ_ƒÎõ;mÑRð@ ?ä%VSËe¬ð†&O[ÉíÊX-Æ…=1¦¸éË:¹™Œ„ƒà ÅJ^I+ó êl§;˲×:=–E£¼ÚÐgeodb0‚ 0‚õ FÑ»#Ù`ãb)2Bb0  *†H†÷  0‹1 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI DB Key v100 200806194855Z 300804194855Z0‹1 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI DB Key v100‚"0  *†H†÷ ‚0‚ ‚ÐÌ‘î䵸TéEg“"^5ðËÀîã€G†+ ˜ºq5Ge×Ió˜•Ñ9pòû…‘I?Ùû쬅D ‹Å=‚T3dÀÌ„Ú;É‘<öÇj–¼Ÿ®"âöä ºïîÝaØ™û÷FKÁ¿TÞ¤/¨Âï"ÜNÓKjÝi’lvrhÔÄç«a–uô x¢I¤oÐt>³Åâmä’¡¯Û0DŸc„@W„réžÜ'®d¬×Ë+L,©ÿ>3ø&w$páb½eZ­§UçBr Õ˜ÄiØàÃlLÆ~ÿ¦‡$s3qS00„ÂÅZÂéSp¯ A ðÞ_PK³jôßtØT-¢K£k0i0Uÿ0ÿ0)U" KN²qXØÝJ[·`õgGÁ_ÚùMƒ ~YÉKZ'$0+U#$0"€ KN²qXØÝJ[·`õgGÁ_ÚùMƒ ~YÉKZ'$0  *†H†÷  ‚ŽwÕwY‹ùó×U¢þY9Š8Í+9=zm³_ü±‹ÌÂü˾:-§£|nÊŽ2ë®Bž)?ýœ½7vR÷çÄxb«ñ< \Ó¤!-µƒHR*l½ª®EÈ´“YèÙDžüx rðüÝæžÓïÖZC!³0ÅíÄý«œVlÚ!}Îów0Ø’ý”¹µ>˦н•6R 3öâüëZ…×£…ïíßÍ‘ŠÝ‘ù ¡‰bÜs)¡¯{ó²%¸ üå[Éš—W8¤ù`¡›¬à?<•Õ÷û¿Wö¸+ªÇÊšCM¡‰ì»±ÔÀßþ®ÀHåSËÓD¢6îRMmÌ2³õ¼¯ áå5cÇúñËT5½úy† Nš) ·ÎN¢mÏAµUl¨¤ˆrÃÕ,gÓ|ÐX"o^› n&mSp#Å°„鿆gvî†ÁÖ«¼EEµV®ND–2е÷ä­Ü†¸ÞºeIÓÃQ(hd0,gpt12)/efi/boot/grub.cfg ¯„ûQ°XvוfG[´#ó€-w å/ž=§ŒA‚T E®éà õûp²Î„“ÇSˆÓ¹ 6.p¾—)ßeµ7TýÝn—úñ–¼n ’ž ;²Ôqÿù{€»Ütˆe"bf•grub_cmd: defaultA=2 £Ò—¡zÎ-ÊÍ`BÑÌØà D ?§÷M 2µ"GzÒ—ÇH„*ΚãáÍËM[µ§Y¶L g ò×AÌ<ècítd&¡ñ©˜¾Ÿgÿ«ß¡òÛv–ˆX¨\5‡W[AcuŠÄÇŠgrub_cmd: defaultB=3 ¼Ý‰“Èçê2Yxm/Ì{f&í)› –aد2ý-mÇ¿`‰ðtë3.åÙsR¶Å\¦Íʪ Ãp–I´ZÈ:óf\LŽ‹*¦¤'ÜAªH ¯·ùU‚ㆥ®¶`.”[äö¶y²Î¢‘Ÿ"grub_cmd: gptpriority hd0 2 prioA ß³¹ AË牕Ü^$cpïfØAæ ÁǶÜz6мuÀ¾ö›Ü'}tÊ8Ðì(D²¯? ²Ì¥CÌ>YNu×`h²5ÐF$¯¼fœ¹ÿuòtc´ô¨ÖSê‘C‰Š‹wa¡r½ £"grub_cmd: gptpriority hd0 4 prioB çh>‹ μŽGÓÓt;&@ oØÞ¬Áƒ³­ö±95Qay’•wÒ`”§öŽ{‹Dä4 ºR^Å!œÀò…Š„£ âˆ[=¸K¡­»zl+ÈHk÷…j­^†^ó;ÜLxÚªägrub_cmd: [ 15 -lt 0 ] )k' áþdQJ¦=qgˆá„ Iýú¬]Ž$8*a}  ÀÎZµè3T’ýÚs]zxÔ9¿ñ ýù8Éø1g¼±ê\(³bŽ„Nþ «ç¥ý‚Ä«M)*È«ÒçhmoÀ& b‹grub_cmd: set default=2 OD¤§§R>cwê–Ó‹6»l"Ø Ó§“ôq¶¿è׃õæ)1L­GcÔ‰†¨ÍMòTu3K@ô› Tƒm4e3°ÈÇÌ&0‘ŠHl¤DAmÕ¢gã70¸˜ÆÝz%†£‚¬@‘Â"grub_cmd: set timeout=0 5ÌLfè|¾2Œ<ø[¼òKîïf ëƒmœßAAnqŸ§Æbààe´ÛöˆªÓáÆû>ã b_ŽLó~,Gû¾HÈw*Š/Nô“¹2%ŠàŽ;$ˆ¸. %]¥e¦¥'Üâh™D×grub_cmd: menuentry local image A { linux /syslinux/vmlinuz.A init=/usr/lib/systemd/systemd boot=local rootwait ro noresume noswap loglevel=7 noinitrd console=ttyS0 security=apparmor virtio_net.napi_tx=1 systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 i915.modeset=1 cros_efi root=PARTUUID=EF8ECEE2-2385-AE4F-A146-1ED93D8AC217 } .àq]+»èN’‰> ¢.e°Ÿ ü®zc²¹NTÅ”#ÇD3ÄzHMÏx\Þàw àídTÊ€ùõ+ÕŠ>91Qˆþ ÎèK+ ƒ~J&¬•ø&ûÖ­*}F¼®ƒl¾Ä[×grub_cmd: menuentry local image B { linux /syslinux/vmlinuz.B init=/usr/lib/systemd/systemd boot=local rootwait ro noresume noswap loglevel=7 noinitrd console=ttyS0 security=apparmor virtio_net.napi_tx=1 systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 i915.modeset=1 cros_efi root=PARTUUID=F5FE28E7-7FE9-9C44-A50B-2325853343D8 } iEa–ýí}ß•ö ½xÇTîˆ ½7òö 9GÅ^­ÿ•Z—( òXÐL™LñÇèªA ˆØˆˆ™ÆÛDð@[?0I_rÊ—?«=:Øô¼÷šÃäæ‹ùõkèL¤o'›-AÈDgrub_cmd: menuentry verified image A { linux /syslinux/vmlinuz.A init=/usr/lib/systemd/systemd boot=local rootwait ro noresume noswap loglevel=7 noinitrd console=ttyS0 security=apparmor virtio_net.napi_tx=1 systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi root=/dev/dm-0 dm="1 vroot none ro 1,0 4077568 verity payload=PARTUUID=EF8ECEE2-2385-AE4F-A146-1ED93D8AC217 hashtree=PARTUUID=EF8ECEE2-2385-AE4F-A146-1ED93D8AC217 hashstart=4077568 alg=sha256 root_hexdigest=795872ee03859c10dfcc4d67b4b96c85094b340c2d8784783abc2fa12a6ed671 salt=40eb77fb9093cbff56a6f9c2214c4f7554817d079513b7c77de4953d6b8ffc16" } ŒïiG‹qœÂ6,Bÿçý” À¸ñ˜Ø‰¶é-ÿø™ñHþqŽ YòpWésá=Ò iž¡ëCþ¤¹ÀbFä¾Ý\O‹ô=¼O+N˜Œk„ÇAø²±5^½ßb!·æeo¼­5Dgrub_cmd: menuentry verified image B { linux /syslinux/vmlinuz.B init=/usr/lib/systemd/systemd boot=local rootwait ro noresume noswap loglevel=7 noinitrd console=ttyS0 security=apparmor virtio_net.napi_tx=1 systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi root=/dev/dm-0 dm="1 vroot none ro 1,0 4077568 verity payload=PARTUUID=F5FE28E7-7FE9-9C44-A50B-2325853343D8 hashtree=PARTUUID=F5FE28E7-7FE9-9C44-A50B-2325853343D8 hashstart=4077568 alg=sha256 root_hexdigest=795872ee03859c10dfcc4d67b4b96c85094b340c2d8784783abc2fa12a6ed671 salt=40eb77fb9093cbff56a6f9c2214c4f7554817d079513b7c77de4953d6b8ffc16" } 9QÂTa¦Þ@üµaSÙÿ´˜± kâÔê¡„Ñ…8k4±>žÏHF»ÅŠÌ$Ù¹HßI'O Íyàbö¡^܈Ǽ‰µ€Þ¹WS¾ÇQÉÒËß>Ý£^ke‘Êq¿Ücl¦-™wÿ×grub_cmd: menuentry Alternate USB Boot { linux (hd0,3)/boot/vmlinuz init=/usr/lib/systemd/systemd boot=local rootwait ro noresume noswap loglevel=7 noinitrd console=ttyS0 security=apparmor virtio_net.napi_tx=1 systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 root=PARTUUID=EF8ECEE2-2385-AE4F-A146-1ED93D8AC217 i915.modeset=1 cros_efi } —’ÎbYüð /¦ìHáÚ  @–îa¢=äÛÆyY8éÓŒªa’s¯Ay¾R#z¼ "·Ñ`E4ÊÕN ßÇéçéA½d‘ÚBh êË.c¨~ÿ¹¨­á«ˆ¸·¢À;Âpc"Š%grub_cmd: setparams verified image A ¢ˆY+]q&‰õyV!\vF&/ÑpûE‡9õZ%IˆEŽ[^ ãšeâOYO€»ºŒY˦<ŠC㪃 þëÚ¨×N˜ )uö|Šž0¾òE­yìgrub_cmd: linux /syslinux/vmlinuz.A init=/usr/lib/systemd/systemd boot=local rootwait ro noresume noswap loglevel=7 noinitrd console=ttyS0 security=apparmor virtio_net.napi_tx=1 systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi root=/dev/dm-0 dm=1 vroot none ro 1,0 4077568 verity payload=PARTUUID=EF8ECEE2-2385-AE4F-A146-1ED93D8AC217 hashtree=PARTUUID=EF8ECEE2-2385-AE4F-A146-1ED93D8AC217 hashstart=4077568 alg=sha256 root_hexdigest=795872ee03859c10dfcc4d67b4b96c85094b340c2d8784783abc2fa12a6ed671 salt=40eb77fb9093cbff56a6f9c2214c4f7554817d079513b7c77de4953d6b8ffc16 7ôñ¶0nefYØËzîB"jöc˜ èsò£mf=ýÜäP/llý‚‡•u˳Åâmä’¡¯Û0DŸc„@W„réžÜ'®d¬×Ë+L,©ÿ>3ø&w$páb½eZ­§UçBr Õ˜ÄiØàÃlLÆ~ÿ¦‡$s3qS00„ÂÅZÂéSp¯ A ðÞ_PK³jôßtØT-¢K£k0i0Uÿ0ÿ0)U" KN²qXØÝJ[·`õgGÁ_ÚùMƒ ~YÉKZ'$0+U#$0"€ KN²qXØÝJ[·`õgGÁ_ÚùMƒ ~YÉKZ'$0  *†H†÷  ‚ŽwÕwY‹ùó×U¢þY9Š8Í+9=zm³_ü±‹ÌÂü˾:-§£|nÊŽ2ë®Bž)?ýœ½7vR÷çÄxb«ñ< \Ó¤!-µƒHR*l½ª®EÈ´“YèÙDžüx rðüÝæžÓïÖZC!³0ÅíÄý«œVlÚ!}Îów0Ø’ý”¹µ>˦н•6R 3öâüëZ…×£…ïíßÍ‘ŠÝ‘ù ¡‰bÜs)¡¯{ó²%¸ üå[Éš—W8¤ù`¡›¬à?<•Õ÷û¿Wö¸+ªÇÊšCM¡‰ì»±ÔÀßþ®ÀHåSËÓD¢6îRMmÌ2³õ¼¯ 9…/⡬~S3P]lâ öð… Œ~döVGø¤Ûo³OÕP$s½Gw³&›Jcd _؈MhZË$ ‰Äîïë«f<4“k1½Vu¼­‡•ÞÑ¡û¥ð†Hß ôzkernel_cmdline: /syslinux/vmlinuz.A init=/usr/lib/systemd/systemd boot=local rootwait ro noresume noswap loglevel=7 noinitrd console=ttyS0 security=apparmor virtio_net.napi_tx=1 systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi root=/dev/dm-0 "dm=1 vroot none ro 1,0 4077568 verity payload=PARTUUID=EF8ECEE2-2385-AE4F-A146-1ED93D8AC217 hashtree=PARTUUID=EF8ECEE2-2385-AE4F-A146-1ED93D8AC217 hashstart=4077568 alg=sha256 root_hexdigest=795872ee03859c10dfcc4d67b4b96c85094b340c2d8784783abc2fa12a6ed671 salt=40eb77fb9093cbff56a6f9c2214c4f7554817d079513b7c77de4953d6b8ffc16"€D:k{‚·¯VO.9<ÙÕ£ˆ·úJ˜ Ø=k{…­5Ž³¶®j‡:·ï#¢cRÅÜOªZîÚÏ^´ !K ïyu`4Hwt?Ü*S‚ºÆçbÖ$ÌóöT@|K­÷Øù)]ÓÚ½ïe²vwàExit Boot Services Invocation€GUEÝÉx׿Ð6úÌ~.˜HŸ µOuBËØr¨ꃛ+t|~½^¦a\@ô/D¦Ûë  .È]êç¥0­Œm ¨@ º¾l‰‰&ž• Œô@Æé—i^dÔUÄJe,Ѐö# t(Exit Boot Services Returned with Successgo-tpm-tools-0.4.7/internal/test/eventlogs/cos-93-amd-sev.bin000066400000000000000000000571361510276467000237510ustar00rootroot00000000000000)Spec ID Event03 0?p‹Û¯òfUµ@6GL  Ðüñ2¨ûõ¤á¥Œ×MÒ5}çP;[jýZy‰©Ž¾ m±‚.BÏ’4ö§ŠÅËIô›ÁÄ9?71a!‹¶ߊ÷¦ŒΦ‚ae‰¿ c0GCE Virtual Firmware v1+líÑca—»Á¯ª€ÌnÍ> jÉ$H¨ WU¦;Íe¹öÕrn’]Èi»F”(Å gã,8%ž¤€’4ÌϽ'…Ã+Þˆ(3»mö½˜šIôVcæ<á™üÐP, GCE NonHostInfo€ÔýÑñM@AIMëÉÄSCÒ'} ÌüK³(ˆ£E¼ŠêÚºU+b}™4Œvv«1Aõ°@¤ ,ÞÐÆôSÔÆõœ^ìa«Æ°1E@¢6|º2jRª+1\ÌÎh¨Î Æï*Çå®5aßä‹Ê“Òª à˜+Œ SecureBoot€‹tC!5Ë’T¨ÊÐÂŒÛø7 bÑÅUÛóRµÙà›Ot#®pmÚ×vt(¥ã”Ö z q‡,ÁW´›1ÊýWuÎusC¶¡*»k+é»&“¤aé̦¹ÏðTì°ômaßä‹Ê“Òª à˜+ŒIPK¡YÀ¥ä”§J‡µ«\+ðrI-ÒúÒˆ¤G—’[ªG»‰0‚0‚ `õþøía^JiØUR^0  *†H†÷  0‘1 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI Platform Key v100 200806194844Z 300804194844Z0‘1 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI Platform Key v100‚"0  *†H†÷ ‚0‚ ‚¥I y-Gõ÷w‰|ΛåëFƒ?º÷Hï`œ–ßü;&å=PjlªÂMÄ»3® 9&‘tÒõèÌàÓiAaz(o6<½Š;ó'HÒüdÿ«µ´§Uÿ™FÂ-?œù2<¢ÑÙ}a¯Ñ ¯Â{¶óU­}CÂbÍ­Ù(Á_æƒ6Hòìó­/̾h½OFÆ;\_j$ÏO)¸`Tdì¢Q™ç¤#$ˆÞÆ9¿öU œtÏ\óŽŽ”/¼i¼ úËÝŠŠª<tŒØÍ¥’ Q7uRÝ×øõ—T cÞ§qŒ ‘{?=l¦\8âø h2ìXI[ÎÒÕÊ €à£k0i0Uÿ0ÿ0)U" É4ø­¬ÄèíJ™~Ú•æl0½#„á™ÐìK$ÙvP0+U#$0"€ É4ø­¬ÄèíJ™~Ú•æl0½#„á™ÐìK$ÙvP0  *†H†÷  ‚;>f¢Å½¸;izÃF½ dLe–0îÛÜx­ &ï:kyb–nž <-ëïzÖêÇÒ\Ù›Ý6ÚtióœHi7À9÷)¥hoŽúHáÝÀÏ;jêz?üõ>DX²Ó· `ð­§°¤íHîmÌlµ2ƒÁ×í¾2—õxv‡ARá óø〆֒>EÁ¤®­žf j= 1š”xþu#¶ñÌAùOBž†ì›üŒ×ö`0±¦·­žá?RÅÓû-• <Á3:¸VÕ×¾ÀúV‡x¸aÚåm‘â13cÌÂê(m¿¢£å´ø8#y¨tkºµk”`’¾€p½R¾~P}þ>’B"mÍÿS ñ ‰Mmwm‰k’Ýe†“êUpêAõƒ³ðx®UQdP ¿a%B¥ƒ-vKhiKdê{iïЃ)Nž>T­D-˜\'°xÃfùD¬–jãW‚¯xaßä‹Ê“Òª à˜+ŒRKEK¡YÀ¥ä”§J‡µ«\+ðrR6ÒúÒˆ¤G—’[ªG»‰0‚"0‚  ¬Uyi'å­)P´£ñÔ3ª0  *†H†÷  0•1 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS1"0 UUEFI Key Exchange Key v100 200806194850Z 300804194850Z0•1 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS1"0 UUEFI Key Exchange Key v100‚"0  *†H†÷ ‚0‚ ‚ºd"x:Wf×=àÃ#Z¨‡DÁk\ü*Ñy•˜µ¨heÍâøÕ\+¾¢A³Åâmä’¡¯Û0DŸc„@W„réžÜ'®d¬×Ë+L,©ÿ>3ø&w$páb½eZ­§UçBr Õ˜ÄiØàÃlLÆ~ÿ¦‡$s3qS00„ÂÅZÂéSp¯ A ðÞ_PK³jôßtØT-¢K£k0i0Uÿ0ÿ0)U" KN²qXØÝJ[·`õgGÁ_ÚùMƒ ~YÉKZ'$0+U#$0"€ KN²qXØÝJ[·`õgGÁ_ÚùMƒ ~YÉKZ'$0  *†H†÷  ‚ŽwÕwY‹ùó×U¢þY9Š8Í+9=zm³_ü±‹ÌÂü˾:-§£|nÊŽ2ë®Bž)?ýœ½7vR÷çÄxb«ñ< \Ó¤!-µƒHR*l½ª®EÈ´“YèÙDžüx rðüÝæžÓïÖZC!³0ÅíÄý«œVlÚ!}Îów0Ø’ý”¹µ>˦н•6R 3öâüëZ…×£…ïíßÍ‘ŠÝ‘ù ¡‰bÜs)¡¯{ó²%¸ üå[Éš—W8¤ù`¡›¬à?<•Õ÷û¿Wö¸+ªÇÊšCM¡‰ì»±ÔÀßþ®ÀHåSËÓD¢6îRMmÌ2³õ¼€ÓfŠq² Ÿ_¸B7 M´Ã×Þw 9¾ÿOCH¡¶—£™„GŽ‡CìòdJ2ÛÑ'&æâ ‘OržžpÌ0“);PÞcÖè£úÑá4[è– Í›mZ$rŠø?é¿Ôœx”¸“˲×:=–E£¼ÚÐgeomdbx¡YÀ¥ä”§J‡µ«\+ðr˜|ÒúÒˆ¤G—’[ªG»‰0‚h0‚P  ªŸ²° ¨0  *†H†÷  01 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS10UUEFI DB Key v10 181208011941Z 281205011941Z01 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS10UUEFI DB Key v10‚"0  *†H†÷ ‚0‚ ‚­gÕ8?––”"N‡&‘HΟeé¼u%Péìžì›ßx„ô0Ù6ww×kÃs׋ý& SIþô)M™‡ÿm#w(/ùþÅØ —µîÔõ)ógM”b¸MM[ºíÆshV¦°‡`HâEø'uZ™œêÍt$ÞàÖTñ‹á½(5GìÅ—è7È*Úl;¨;g1*/9²èUüvy´X+˜L[Xü"Æì^*ìð.R»Ówu![¤hW&<isËYŽLŠˆ@Ð_†e³ Þ"ÕÚ]]Õã‚*Y5Ü”MšIJ¤ÀÚÄgW¤q¸=ƒ5hufÿuio¶¥2 C^ ‹£æ0ã0UÕÛšgd3Fˆ°ó2‹öä”Z8ð>0³U#«0¨€ÕÛšgd3Fˆ°ó2‹öä”Z8ð>¡„¤01 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS10UUEFI DB Key v1‚ ªŸ²° ¨0 U0ÿ0  *†H†÷  ‚'kÛ7)€)5FügˆG£5T*Ê*µ£Æþlªà¿°¡Ñ~"µñ¼S íÓ» :eü9è÷c-¤êE¿ŒªŒ~¤ýdNÄ\œS`‚wWv:F ²÷‚¦& ¼‘· ±{­-P³‘ÛŠ¢×ýÞGÈM.Äs­ŒWé‚„žá q]2æs–ñ£[…â}a†eTœ«D#ÚWûÈ`‚*!ˆ°Á=£žhl8=䲃áÌGP‹Ã^eÃkݸ.˜ä~¸¤ŠÚòÓ*‰Î(âÙýúÄn1¤g…P¨ŒÌŠx–ä~çêcy-~^«¬~â1ot¹óίÃâľQaó8¡YÀ¥ä”§J‡µ«\+ðr¹ÒúÒˆ¤G—’[ªG»‰0‚‰0‚q  ìæßûÕ[º0  *†H†÷  0‰1 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS1!0UUEFI Key Exchange Key v10 181208011940Z 281205011940Z0‰1 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS1!0UUEFI Key Exchange Key v10‚"0  *†H†÷ ‚0‚ ‚Âa½Qú|”68»ÊpeÕ$3YÇ‹äýî—¤\ílçêÍyH,‘¨câö¤¼é(‘¦]iÞ¬Œ :GlÈÁš@ãÄÔ_Œñyiºå'ýw_qǟߧ]dEéð6ozOÏEâèíÒ‰‰ûA•ß»Á³úÜï ±ñ;ïcgW$à‹_jAÖö/>Ébdy·s‚è˜×ý+îy~q"Ë­®ñok(Ábßæõ#ðOóšVÚ™]‡ÜYö÷9&’m§.-ÉЈQ]„´ÂSƒ N­œêF_@í$ÿàþ0õ¦pµ; ‚frp®•Þ3†ÿe"šôËZÜ{£ñ0î0UªZd­…‚Ì—ºõãt][Ë;A›0¾U#¶0³€ªZd­…‚Ì—ºõãt][Ë;A›¡¤Œ0‰1 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS1!0UUEFI Key Exchange Key v1‚ ìæßûÕ[º0 U0ÿ0  *†H†÷  ‚ZÇwš­4Ãí8ÿ9Ê+^2Áä%‹Â.àÀaƒÔù¤¶‘/.ïZóh¢Ã°ïÉLêìëÅL×0tŽ 7_‘2U,&¨¼‰Ø+žq¬$‹'P)6/R -ÌDñ5«QŽàÍŽÁ;·ò-ïŒHÅ‚hi˧g»°X$_]Å‘Ùêý.GÌ<ºúB²Øþ®šáUàóÛ²0éM ˜ âëªS^º 7è@ “Æsý;‡·¯Yâæ\W ìÛëÔ&*d<.¸r I¼‚¼±#Ò²¶°/!û²¥oÌ#ýÝ%Í(`’¡YÀ¥ä”§J‡µ«\+ðrçÒúÒˆ¤G—’[ªG»‰0‚Ó0‚»  Û—°Ñ¿Ôqñ0  *†H†÷  01 0 UUS10U California10U Mountain View10U Google LLC.10U Chromium OS10U UEFI DB Key v10  180427150637Z22180310150637Z01 0 UUS10U California10U Mountain View10U Google LLC.10U Chromium OS10U UEFI DB Key v10‚"0  *†H†÷ ‚0‚ ‚µ³(o+ \(çléÏ0P¶¤uûœHѾ„Û_Ô 5§m´j¡NeטQ|`ÄŠŸ7_,qõÒBEú› žhõ5”Êô{Hƀlíȹx–Ð +±ÇLy­g!`Ը撳ü±F›äå*‡=EOÑ­n4Y{’ÛJ‘c?°ð<©|3¾©‹7srGô)ÈRQ ßì!âöWdÄ=t¡dï SŽzŠ.‘ÄCc-µõzÝ3m@>wìÌyŸ*À×Nq‡p+‹ûS)U0ƒ;Ðbÿ`ërÀ {™ ›CïÚ2CGZVtžñ ÌT ˜±O:I£P0N0USº1ˆô+اª€ªÉ›ã4jo0U#0€Sº1ˆô+اª€ªÉ›ã4jo0 U0ÿ0  *†H†÷  ‚²8÷ Z:u¨·AÎ)›ÿ‡ò£´( ¥Âþñg^ÇÕQ—“ ‹ýF”fâzÓ²½Z—Zj¦õŸ¸„)–ˆSHЭO®ø¶íFP…ô-¹4;Ñ-—šÞ5IÎäHTÏ› GjáwoôZÐßCš›h^€!€ÉÇ+BŸ¬‚:ÄIýÝmÓ‰j²*ž~öë-½ä»»ø„'o!…cÜŒS@[a.’ÿë/ݦµpL»/f{b?µ rRC§ß —t7D5j£ß&9Ѳø? ¶lÛoí½t [QIÇG£¨œƒ`O©ÀBSTæÁeóNË´÷vY¡YÀ¥ä”§J‡µ«\+ðrýÒúÒˆ¤G—’[ªG»‰0‚é0‚Ñ  ¨qž9¬c0  *†H†÷  0‰1 0 UUS10U California10U Mountain View10U Google LLC.10U Chromium OS1!0U UEFI Key Exchange Key v10  180427150637Z22180310150637Z0‰1 0 UUS10U California10U Mountain View10U Google LLC.10U Chromium OS1!0U UEFI Key Exchange Key v10‚"0  *†H†÷ ‚0‚ ‚›!ÑÏ1YS¯##™3æ¹°¾ƒA–Iå©‘œ'“e–P¤Ú-D¿ÔÈ£ýÕïÛUäà÷÷—$nä1°œÐäåD9¾}°Ÿ@†5T£1¹U¾ˆÃÒe›Ä§öp²Ù„HÆ€ŽPOd°;ÈËñ¼/$ú󴼆òœÝ¸RåÔ:vpÄ7 Ò<=&rÞ¨éìSÒsnŠiº5é“Ä@~Y$Oð%¿îAVp\Ê¿Ä‘]a#Tæ~½¤jŽ?ÖêMs-D~3 GcD‘ScÄR{?ª·º´À\ÔF§^ú½¶¬tГ™tB™Sç d=±=±ÞsÁ°íñ»G£P0N0U¹Ni¯Ü“<ÃYŸ?ÕyÄŒ[í0U#0€¹Ni¯Ü“<ÃYŸ?ÕyÄŒ[í0 U0ÿ0  *†H†÷  ‚}Ï߸¤â1vbI²“èÑÒîlHrAB`©~Lï3WwšP:vq0åf>µG4š@hsIWúój¥c£/§¢ÒJ™ò„EØNt/ÍèØF(ÍÜÝöٌҨˆsA©<]}Ì%²ÞNQëú ëyE¹8bt®K²™l1âˆÃáÏ‘Vîøn™»IÞ,¼!P"4˜2Jô°ìɆkçZYⓨ<ÜÐÌêÉ«ˆ¶øÉÉÏpñ¸:ÎÅy_îŠ/Ž¸ü[—/õÿ!i€°âðg¼dÂc ëZ¤†‹¾í ²Ävúï@ï·}Ëš/Ñ`¤t¦iî5ÓÉ(ûêÌmõ¸iÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ð€£?[_Ö±ÊÝô¤­îz<É-Ò ks  K{-;ž"ÏûO‚91˜GR,O¡u;iP“ R¹ -éF¹G6KWØ! c;X™n*;§Î­T¯®s°…Ñå+ÀOëå| \¡3+6aßä‹Ê“Òª à˜+Œ BootOrder€"¤öîšöÛ 5(Þ¶Ktµ‚ü+ 1—¾0¡` „ä½J¡T¿µFÏ.lö _Œ6*“ #­ Rañ/4 ½ŽFv bÖ´Õv¤ñþ¡ÆKÆV±ÒŽ¬÷zæégÅÒ©‹út˜naßä‹Ê“Òª à˜+Œ>Boot0000 ,UiAppɽ¸|ëø4Oªê>ä¯e¡!ª,FvEƒnŠ¶ôf#1ÿ€5Áy{fÎ0ý^ŸQ Pͽ©É“‡ +ç¤Yã Ç»xˆûX(9‡þ ÑÓÁ¾'kÉév“æ\I ¢S3Ç®Âà™04“Œ‰;<+Êö~ˆÃB£Õ†ö÷úâÆ¡$zžØiˆ mKä—Ôû¶aßä‹Ê“Òª à˜+Œ`Boot0001&UEFI nvme_card-pd ÐA ÿN¬ŸYM…âR,Y²€ÍÛE1¦ìA¾'Sº&7Öå÷òV =gr´øNÔu•×*,L_ýõ»rÇPâo*®âÆV3º w Ú²1+NW¨M†Z!å²îgz!*Ú ˜˜€xÓ×@ö4kþ º©8Ê Cšq(Calling EFI Application from Boot OptioniÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðà€\Úø„r‰\Í sDFÖ–E7 ÷ù>¶»”gþã­jÞl5=â_.>ì1[Æ€M š SH’WºÌ(n×óe]ú‚õ›e= ÿ×›9U²wD @;Yícà'WòEE˲×:=–E£¼ÚÐgeo!dbÒúÒˆ¤G—’[ªG»‰0‚ 0‚õ FÑ»#Ù`ãb)2Bb0  *†H†÷  0‹1 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI DB Key v100 200806194855Z 300804194855Z0‹1 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI DB Key v100‚"0  *†H†÷ ‚0‚ ‚ÐÌ‘î䵸TéEg“"^5ðËÀîã€G†+ ˜ºq5Ge×Ió˜•Ñ9pòû…‘I?Ùû쬅D ‹Å=‚T3dÀÌ„Ú;É‘<öÇj–¼Ÿ®"âöä ºïîÝaØ™û÷FKÁ¿TÞ¤/¨Âï"ÜNÓKjÝi’lvrhÔÄç«a–uô x¢I¤oÐt>³Åâmä’¡¯Û0DŸc„@W„réžÜ'®d¬×Ë+L,©ÿ>3ø&w$páb½eZ­§UçBr Õ˜ÄiØàÃlLÆ~ÿ¦‡$s3qS00„ÂÅZÂéSp¯ A ðÞ_PK³jôßtØT-¢K£k0i0Uÿ0ÿ0)U" KN²qXØÝJ[·`õgGÁ_ÚùMƒ ~YÉKZ'$0+U#$0"€ KN²qXØÝJ[·`õgGÁ_ÚùMƒ ~YÉKZ'$0  *†H†÷  ‚ŽwÕwY‹ùó×U¢þY9Š8Í+9=zm³_ü±‹ÌÂü˾:-§£|nÊŽ2ë®Bž)?ýœ½7vR÷çÄxb«ñ< \Ó¤!-µƒHR*l½ª®EÈ´“YèÙDžüx rðüÝæžÓïÖZC!³0ÅíÄý«œVlÚ!}Îów0Ø’ý”¹µ>˦н•6R 3öâüëZ…×£…ïíßÍ‘ŠÝ‘ù ¡‰bÜs)¡¯{ó²%¸ üå[Éš—W8¤ù`¡›¬à?<•Õ÷û¿Wö¸+ªÇÊšCM¡‰ì»±ÔÀßþ®ÀHåSËÓD¢6îRMmÌ2³õ¼€ži6«®žV•Êæøy`Mèðv÷œ ]©ÊR&ÚNjÍ­ŽöÍYÔú¤»Ž®\<± ¬>ûB۠ϦЛE`aLÔÃ|Æ70‚¯ÌIp q¯†!hWþ]ðkWŒQ¹dEFI PART\[^Q÷œ "{ ¹òú!]I®‹L$mD[Sö€€ë's ¯=ƃ„rGŽy=iØG}ä9Ò—¯9@a¾ý@ßâIKUЄl STATE]*:þ2O§A·%¬Ì2…£ ž“+ÞÞKœ‰©ŠÓ„ƒøPÿÏÿKERN-Aâ¸<~;ÝGŠ<ò¡<üìêíÍÆBH"¶³«LãêuÐDÿÏ„ROOT-A]*:þ2O§A·%¬Ì2…£ jTŒ• >@Á´ÓD:âaÐÿOKERN-Bâ¸<~;ÝGŠ<ò¡<üì âÄdKq”+‹n¦S$ÐÿÏDROOT-B]*:þ2O§A·%¬Ì2…£ ª4—r9@ ½Õ(~’@@@@KERN-Câ¸<~;ÝGŠ<ò¡<üì59Ø>‡B­¬lÍ~p4TâA@A@ROOT-C¯=ƃ„rGŽy=iØG}äOKDIŒðM$„áÀŠ(Y°PÿÏOEM=u .Hž°Cƒ7±Q’Ë^™'dßËIØ‘Alq˜øTB@B@reserved=u .Hž°Cƒ7±Q’Ë^ ²iH%€HÕö/Uö¡ƒC@C@reservedHah!IdontNeedEFIM7šDfŸF̯K2¾É<@?@RWFW(s*ÁøÒºK É>É;žVä¯-A¹®} /Â*L ÐÿÏEFI-SYSTEM€Ղ€?×ðžPÈ)gŸõ“á¼k 'ÌäŽU³¿¶ëb¤Ì+S¤—„d–¦&D•j²ÿ¥b> ÚAœ’ëU¶áOVeØDú;‹1w@÷¦ñsI”Ýôê3s@ Yývƒu0ï Э¼ø%€ ÐA * ОVä¯-A¹®} /Â*L 0\EFI\BOOT\BOOTX64.EFIÿ€ãÞj—B¨ó)ÔºUãøAZ# ãâ&ûŒŽ;?ÛVÇ ûý €ó@h®õ¡ˆœú•ðL.r yNbþR ; Ëý>°ÜŽAö¨Ã±1úïiD*b_Þi wÄmÍÜ´C¨ÓÁãêfœ)à ð ¯à€Èü¤˜Ó\º!…e¦6]Úö æZÀ¡Ú·íÄD‚Sâ×VÙÌUãÿ_ƒÎõ;mÑRð@ ?ä%VSËe¬ð†&O[ÉíÊX-Æ…=1¦¸éË:¹™Œ„ƒà ÅJ^I+ó êl§;˲×:=–E£¼ÚÐgeodb0‚ 0‚õ FÑ»#Ù`ãb)2Bb0  *†H†÷  0‹1 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI DB Key v100 200806194855Z 300804194855Z0‹1 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI DB Key v100‚"0  *†H†÷ ‚0‚ ‚ÐÌ‘î䵸TéEg“"^5ðËÀîã€G†+ ˜ºq5Ge×Ió˜•Ñ9pòû…‘I?Ùû쬅D ‹Å=‚T3dÀÌ„Ú;É‘<öÇj–¼Ÿ®"âöä ºïîÝaØ™û÷FKÁ¿TÞ¤/¨Âï"ÜNÓKjÝi’lvrhÔÄç«a–uô x¢I¤oÐt>³Åâmä’¡¯Û0DŸc„@W„réžÜ'®d¬×Ë+L,©ÿ>3ø&w$páb½eZ­§UçBr Õ˜ÄiØàÃlLÆ~ÿ¦‡$s3qS00„ÂÅZÂéSp¯ A ðÞ_PK³jôßtØT-¢K£k0i0Uÿ0ÿ0)U" KN²qXØÝJ[·`õgGÁ_ÚùMƒ ~YÉKZ'$0+U#$0"€ KN²qXØÝJ[·`õgGÁ_ÚùMƒ ~YÉKZ'$0  *†H†÷  ‚ŽwÕwY‹ùó×U¢þY9Š8Í+9=zm³_ü±‹ÌÂü˾:-§£|nÊŽ2ë®Bž)?ýœ½7vR÷çÄxb«ñ< \Ó¤!-µƒHR*l½ª®EÈ´“YèÙDžüx rðüÝæžÓïÖZC!³0ÅíÄý«œVlÚ!}Îów0Ø’ý”¹µ>˦н•6R 3öâüëZ…×£…ïíßÍ‘ŠÝ‘ù ¡‰bÜs)¡¯{ó²%¸ üå[Éš—W8¤ù`¡›¬à?<•Õ÷û¿Wö¸+ªÇÊšCM¡‰ì»±ÔÀßþ®ÀHåSËÓD¢6îRMmÌ2³õ¼¯ áªÖ«Ë~ b«†"¨3Â Ä fΫ–…?c÷÷S«\TôŠq“ƒ¸…sÂb&[(s|u b nÁÁÝÌå$ªâ„»rÞlÔ8I…`!…A.ë&0ë´µŽ®¹³ùû"÷/efi/boot/grub.cfg ¯„ûQ°XvוfG[´#ó€-w å/ž=§ŒA‚T E®éà õûp²Î„“ÇSˆÓ¹ 6.p¾—)ßeµ7TýÝn—úñ–¼n ’ž ;²Ôqÿù{€»Ütˆe"bf•grub_cmd: defaultA=2 £Ò—¡zÎ-ÊÍ`BÑÌØà D ?§÷M 2µ"GzÒ—ÇH„*ΚãáÍËM[µ§Y¶L g ò×AÌ<ècítd&¡ñ©˜¾Ÿgÿ«ß¡òÛv–ˆX¨\5‡W[AcuŠÄÇŠgrub_cmd: defaultB=3 ¼Ý‰“Èçê2Yxm/Ì{f&í)› –aد2ý-mÇ¿`‰ðtë3.åÙsR¶Å\¦Íʪ Ãp–I´ZÈ:óf\LŽ‹*¦¤'ÜAªH ¯·ùU‚ㆥ®¶`.”[äö¶y²Î¢‘Ÿ"grub_cmd: gptpriority hd0 2 prioA ß³¹ AË牕Ü^$cpïfØAæ ÁǶÜz6мuÀ¾ö›Ü'}tÊ8Ðì(D²¯? ²Ì¥CÌ>YNu×`h²5ÐF$¯¼fœ¹ÿuòtc´ô¨ÖSê‘C‰Š‹wa¡r½ £"grub_cmd: gptpriority hd0 4 prioB çh>‹ μŽGÓÓt;&@ oØÞ¬Áƒ³­ö±95Qay’•wÒ`”§öŽ{‹Dä4 ºR^Å!œÀò…Š„£ âˆ[=¸K¡­»zl+ÈHk÷…j­^†^ó;ÜLxÚªägrub_cmd: [ 15 -lt 0 ] )k' áþdQJ¦=qgˆá„ Iýú¬]Ž$8*a}  ÀÎZµè3T’ýÚs]zxÔ9¿ñ ýù8Éø1g¼±ê\(³bŽ„Nþ «ç¥ý‚Ä«M)*È«ÒçhmoÀ& b‹grub_cmd: set default=2 OD¤§§R>cwê–Ó‹6»l"Ø Ó§“ôq¶¿è׃õæ)1L­GcÔ‰†¨ÍMòTu3K@ô› Tƒm4e3°ÈÇÌ&0‘ŠHl¤DAmÕ¢gã70¸˜ÆÝz%†£‚¬@‘Â"grub_cmd: set timeout=0 Þ´¢:•Ð¡Bf.¢zËGo½\b À¢>!ôŒ°ÜK\%EÁ¡Š[ æé¡É¬‡œÑ)¼ Š3`^êÍ#®g›¸ù6z*oÏ_^tœCV2Š«¿í÷ôãC. ´¿‡C=ÊÊ#ìÞgrub_cmd: menuentry local image A { linux /syslinux/vmlinuz.A init=/usr/lib/systemd/systemd boot=local rootwait ro noresume loglevel=7 noinitrd console=ttyS0 security=apparmor virtio_net.napi_tx=1 systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 console=tty1 i915.modeset=1 cros_efi root=PARTUUID=05CDEDEA-42C6-2248-B6B3-AB4CE3EA7501 } Pw­~ü`Ï©ú{Ùà;€•t —‘r£Ò1ç<*†EÎÄ{@pYIOW€’…áŸ#x Ï+˜)ˆ[Õö<È¥( nštM¹Lrüú;"–Å#q_@[Îv+°âV„ÕÄôrHÞgrub_cmd: menuentry local image B { linux /syslinux/vmlinuz.B init=/usr/lib/systemd/systemd boot=local rootwait ro noresume loglevel=7 noinitrd console=ttyS0 security=apparmor virtio_net.napi_tx=1 systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 console=tty1 i915.modeset=1 cros_efi root=PARTUUID=64C4E20D-151F-714B-942B-8B6E02A65324 } Äk<±‰BAW8“1i–[å5Ö ƒ´@v8¦8%Ùíø,y·÷¶»9n Fé4NŠ. ®@1hŠ¹|†,ŸùÓD°½^|µ9M'¨*L9ºš©>4KaÒuÈÐií9¶“ÕKgrub_cmd: menuentry verified image A { linux /syslinux/vmlinuz.A init=/usr/lib/systemd/systemd boot=local rootwait ro noresume loglevel=7 noinitrd console=ttyS0 security=apparmor virtio_net.napi_tx=1 systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 console=tty1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi root=/dev/dm-0 dm="1 vroot none ro 1,0 4077568 verity payload=PARTUUID=05CDEDEA-42C6-2248-B6B3-AB4CE3EA7501 hashtree=PARTUUID=05CDEDEA-42C6-2248-B6B3-AB4CE3EA7501 hashstart=4077568 alg=sha256 root_hexdigest=8db95edb446a7311634fc8409e6eab39c66886c4db16aeeef166bbd8fe4ff357 salt=3ec6b6fef69119253b9a5f79a5bb06bc7b12f177063b2466a04f08976375af44" } -m¢†Š,1Üë`HnÅýËšî| ƒR]ýŸ]Ÿm..Ê-%ƒ¬K‰¥|+CÔ rñŒ ærƒŸ¨û-˜ˆ0?¶îj¡ªÙ×õƒÊŒB¥“’ î¢[P„ÎQ ÀIKgrub_cmd: menuentry verified image B { linux /syslinux/vmlinuz.B init=/usr/lib/systemd/systemd boot=local rootwait ro noresume loglevel=7 noinitrd console=ttyS0 security=apparmor virtio_net.napi_tx=1 systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 console=tty1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi root=/dev/dm-0 dm="1 vroot none ro 1,0 4077568 verity payload=PARTUUID=64C4E20D-151F-714B-942B-8B6E02A65324 hashtree=PARTUUID=64C4E20D-151F-714B-942B-8B6E02A65324 hashstart=4077568 alg=sha256 root_hexdigest=8db95edb446a7311634fc8409e6eab39c66886c4db16aeeef166bbd8fe4ff357 salt=3ec6b6fef69119253b9a5f79a5bb06bc7b12f177063b2466a04f08976375af44" } Þ÷ÐGÔ?oÉ À£ºq…ÿó j±ø Ôß-«]71kc:1¾ÆØ áç7÷øØRLü ½ü›xë,ùÇÛ­é M©aûŸW¤Ww<Í|¤¾‚•£x9+ëå9²:Z¬*õDѦÞgrub_cmd: menuentry Alternate USB Boot { linux (hd0,3)/boot/vmlinuz init=/usr/lib/systemd/systemd boot=local rootwait ro noresume loglevel=7 noinitrd console=ttyS0 security=apparmor virtio_net.napi_tx=1 systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 console=tty1 root=PARTUUID=05CDEDEA-42C6-2248-B6B3-AB4CE3EA7501 i915.modeset=1 cros_efi } —’ÎbYüð /¦ìHáÚ  @–îa¢=äÛÆyY8éÓŒªa’s¯Ay¾R#z¼ "·Ñ`E4ÊÕN ßÇéçéA½d‘ÚBh êË.c¨~ÿ¹¨­á«ˆ¸·¢À;Âpc"Š%grub_cmd: setparams verified image A –!ÏÙ·½ñm ã"®¦nY &{ãÓ ¥|x·‹±Øæ`ЈÑÀû½5¼„é°å^п ¨´×j¾|ƒ&<9¿‹§.1àÐW©·º6.ó$LH§¿.œŒh}ÕÒ¤Ãÿlîâeü7 grub_cmd: linux /syslinux/vmlinuz.A init=/usr/lib/systemd/systemd boot=local rootwait ro noresume loglevel=7 noinitrd console=ttyS0 security=apparmor virtio_net.napi_tx=1 systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 console=tty1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi root=/dev/dm-0 dm=1 vroot none ro 1,0 4077568 verity payload=PARTUUID=05CDEDEA-42C6-2248-B6B3-AB4CE3EA7501 hashtree=PARTUUID=05CDEDEA-42C6-2248-B6B3-AB4CE3EA7501 hashstart=4077568 alg=sha256 root_hexdigest=8db95edb446a7311634fc8409e6eab39c66886c4db16aeeef166bbd8fe4ff357 salt=3ec6b6fef69119253b9a5f79a5bb06bc7b12f177063b2466a04f08976375af44 >È`'#”> pTØæ%BÈ¿ sìø¾^[ç®&¿e´&w¹!>¨ý@°Ä^|¨ ³ç<$Øl ÆÐÁܵµô˜”Þš,Raò…¼ ðÖ !(ë&G¥Ê5O,›Ô/º/syslinux/vmlinuz.A€"„CoxäˆÍ®ÃÆ‘·¡òö! Ü ÊYL®à7¼ú~ff’Ø›q8ôy;z»Â à l d²«&6%´¡*š³|í¼Ò f‹êÁú¬L®d w |h+AGìdœQ$?k¿)௅౅¯à€Èü¤˜Ó\º!…e¦6]Úö æZÀ¡Ú·íÄD‚Sâ×VÙÌUãÿ_ƒÎõ;mÑRð@ ?ä%VSËe¬ð†&O[ÉíÊX-Æ…=1¦¸éË:¹™Œ„ƒà ÅJ^I+ó êl§;˲×:=–E£¼ÚÐgeodb0‚ 0‚õ FÑ»#Ù`ãb)2Bb0  *†H†÷  0‹1 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI DB Key v100 200806194855Z 300804194855Z0‹1 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI DB Key v100‚"0  *†H†÷ ‚0‚ ‚ÐÌ‘î䵸TéEg“"^5ðËÀîã€G†+ ˜ºq5Ge×Ió˜•Ñ9pòû…‘I?Ùû쬅D ‹Å=‚T3dÀÌ„Ú;É‘<öÇj–¼Ÿ®"âöä ºïîÝaØ™û÷FKÁ¿TÞ¤/¨Âï"ÜNÓKjÝi’lvrhÔÄç«a–uô x¢I¤oÐt>³Åâmä’¡¯Û0DŸc„@W„réžÜ'®d¬×Ë+L,©ÿ>3ø&w$páb½eZ­§UçBr Õ˜ÄiØàÃlLÆ~ÿ¦‡$s3qS00„ÂÅZÂéSp¯ A ðÞ_PK³jôßtØT-¢K£k0i0Uÿ0ÿ0)U" KN²qXØÝJ[·`õgGÁ_ÚùMƒ ~YÉKZ'$0+U#$0"€ KN²qXØÝJ[·`õgGÁ_ÚùMƒ ~YÉKZ'$0  *†H†÷  ‚ŽwÕwY‹ùó×U¢þY9Š8Í+9=zm³_ü±‹ÌÂü˾:-§£|nÊŽ2ë®Bž)?ýœ½7vR÷çÄxb«ñ< \Ó¤!-µƒHR*l½ª®EÈ´“YèÙDžüx rðüÝæžÓïÖZC!³0ÅíÄý«œVlÚ!}Îów0Ø’ý”¹µ>˦н•6R 3öâüëZ…×£…ïíßÍ‘ŠÝ‘ù ¡‰bÜs)¡¯{ó²%¸ üå[Éš—W8¤ù`¡›¬à?<•Õ÷û¿Wö¸+ªÇÊšCM¡‰ì»±ÔÀßþ®ÀHåSËÓD¢6îRMmÌ2³õ¼¯ 뫨4§›=“ÓPçBØìØJaßä‹Ê“Òª à˜+Œ&PK¡YÀ¥ä”§J‡µ«\+ðr& ÒúÒˆ¤G—’[ªG»‰0‚ö0‚Þ  ÕJègƒ]ê0  *†H†÷  010 U newpk0 180821215115Z 180920215115Z010 U newpk0‚"0  *†H†÷ ‚0‚ ‚̹Õ|ømkcêÉbô “Éþã|,EÎ…RRH|ûC&¿ ¥‰°òÝÇ6èi•ªŒoТ#o4ÂO±žkÆú¸”ÁœŽp‡‘BÎi!“}ÚuŸ¿1 PÁï€#û¾;Vã ×Gê0¯Ô]©c‰¢ü9á–¡‡Ã=&²Ó¢lìÈ—×ÎÚ겕<³ÎŠÏÚ:Qˆ?%°K>ÌÝùÚÛQÕ‘š¡½ˆâñ´ñ³’·ãgæ­ŒjÜ'?ÜÔNlÁ½ïÞV*ÚY` yÓ©|WýQa7}ä·n•ðR›CžÜH<ͼ9Ÿ£èG F¸6Ü’³•¨ÎJãF#XK£S0Q0U˜P„Bó/Û—‚'(—t1F^`ËÅ0U#0€˜P„Bó/Û—‚'(—t1F^`ËÅ0Uÿ0ÿ0  *†H†÷  ‚Š¡R?ªç½°$«‹­2°Iý{4Ë;€v`=ŽÜÊkiÂ[”踜Œ,×¼¬}‚YõÄ.¢l¥ì˜ð1#6øË0ƒg::+b!`,ºõ.ù(nÊfpX(†gi„l'X%œPép¸`nT…J¯mE¦[4ü&M<á»$.yàÑȬ|Ù8GCk3PWãsž¦‡ÝÃâJüs{K ‡Çƒ 6Zêi‡@„ ,”€/=®=ËpÄ5¹>q²£Æ­Ø$?}`«o îzšÏuŸèL«ÍQ‡hX3²Ù¼8%*˜KEûg3›%œ?¬¤CDÌÍÓÈ ná€ðPy¶ÌBé.èZtÙÂviÀâ>aßä‹Ê“Òª à˜+ŒKEK¡YÀ¥ä”§J‡µ«\+ðrüÒúÒˆ¤G—’[ªG»‰0‚è0‚Р a ш0  *†H†÷  0‘1 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110624204129Z 260624205129Z0€1 0 UUS10U Washington10URedmond10U Microsoft Corporation1*0(U!Microsoft Corporation KEK CA 20110‚"0  *†H†÷ ‚0‚ ‚Ä赊¿­W&°&ÃêçûWzD] ÚJåt*æ°ìmëì¹ãZc2|Oã §8“ŽÆõà„±š›,çõ·‘Ö áâÀ¨¬0ßHóPšd§QÈ…O †Îþ/áŸÿ‚ÀíéÍÎôSjb: C¹â%ýþùÔÄ«â#‰p·¤Mì®åœúÂ×ÁËÔèÄ/å™î$‹ìò‹êÃJûC ~µG’lÜæ‰ëõ3ë*qåùƒ<ÿ% /hvFÿºO¾Ü­q*XªûÒy=ä›e;Ì)*ŸürY¢ë®’ïö5€Æìä_ÌvÍïc’Á¯y@„y‡ãR¨è{i£‚O0‚K0 +‚70UbüCÍ >¤ËgÒ[ÙU¬{̶Š_0 +‚7  SubCA0 U†0Uÿ0ÿ0U#0€EfRCá~X¿ÖNž#U;:"j¨0\UU0S0Q O M†Khttp://crl.microsoft.com/pki/crl/products/MicCorThiParMarRoo_2010-10-05.crl0`+T0R0P+0†Dhttp://www.microsoft.com/pki/certs/MicCorThiParMarRoo_2010-10-05.crt0  *†H†÷  ‚Ô„ˆõ”Ê*<û*’ × ÑñèRf¨î¢µuzª-¤vZêy·¹7jQ{döádòg¾÷¨x½ºÎˆXd ÖWÈ£_ÖÛÆÐiÎHK2·ë]Ò0õÀõ¸ºx£+þ›Û4V„ì‚Ê®A%pœkéþ×–å甲* Kÿ(){÷×|¥Ñv¹Èyí’œÂþßo~l{ÔÁEÝ4Q–9å^VØ–ô¦B³ wýòqVÌŸ†#¤‡Ë¦ýX~Ôig‘~òå ‹Š<‡„ëãνCå­-„“Žj+Z|DúRªÈ-»àRßøš=Á`°á3µ£ˆÑe ç¬|¤Á‚‡N8±/ Ňoý.¼9¶çæÃàäÍ'„ï”Bï)‹FA;gØùCYeË ¼ý’Oôu;§©$üPA@yà-O j'vnRí–i{¯÷‡ÐE­Sû0ª76aÚJi4ØhíÖÏl” ÓÏl"y­±ð¼¢F`©ÄÂ!‚ñýòèy2`¿Ø¬¥"KÊÁØKë}?W5²æOu´°`"S®‘yÖ›A†Tp²Þ 5|°4rº—`;ðy뢲]¢¸‡Åéöµ—%o8Ÿã‘úŠy˜Ãi·£ —øÊ®×ÄóÀuk4 µ™`ó\°ÅWN6Ò2„¿ž€ ¢œ'û¢a€`³"ÇÉrk ˲×:=–E£¼ÚÐgeoG db¡YÀ¥ä”§J‡µ«\+ðr@$ÒúÒˆ¤G—’[ªG»‰0‚0‚ø  aÓÄ0  *†H†÷  0‘1 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110627212245Z 260627213245Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1+0)U"Microsoft Corporation UEFI CA 20110‚"0  *†H†÷ ‚0‚ ‚¥lLÇE jK ¤À‡u CTdàí’} ²s¿ ÆJEa Å-–Óõ+ ûMI›A€<¹Týæ¼ÑĤŠAŠ\Yƒh2»ŒGÉîq¼!OšŠ|ÿD?2²&H®uµîÉLJ~ä‚šxwM °½öÓÓ¼ú+¥Q8]õûºÛxÛÿì –Õƒ¸é¶À{@{á('ÉúïV^æ~”~ÀðD²y9åÚ²b‹M¿8pâh$É3¤7ÕXi^Ó|íÁSçN°*‡caocYê²+y× agŠ[ý^­‡º†gOqX"""΋ïTqÎP5Xv•îj±¢Õ£‚v0‚r0 +‚70# +‚7øÁk·wSJó%7N¡&{ p€0U­¿C ½‚pœŒÕO1nÕ"˜ŠÔ0 +‚7  SubCA0 U†0Uÿ0ÿ0U#0€EfRCá~X¿ÖNž#U;:"j¨0\UU0S0Q O M†Khttp://crl.microsoft.com/pki/crl/products/MicCorThiParMarRoo_2010-10-05.crl0`+T0R0P+0†Dhttp://www.microsoft.com/pki/certs/MicCorThiParMarRoo_2010-10-05.crt0  *†H†÷  ‚5Bÿ0ÌÎ÷v ­hX5)F2v'|ïA'BJªm8HYUóéX4¦ ‚ª]­‚Ú€ƒA´ò¹ó]ñPù³U„B( ½²®QÅÀ¬—•!Ûüwž•s‘ˆÊ½½R¹P ßWž aí åm%Ù@@ÈΣJÂM¯šT½Ç¼¹+=I+2üj!iO›È~B4ü6‹ @À³š%u'ÍÉ£ö]Ñç6Tz¹PµÓÑ¿»tßÜ€Õíô/k/ÞfŒ°#åÇ„ØíêÁ3‚­VK-ñh•ÍÏðrð®»Ý†…˜,!L3+ðJðh‡µ’U2u¡j‚j<£%¤í­×®ËØ@Y „Ñ•Lb‘"tŒ=GD¦ä°›45±ú¶S¨,ì¤qȸºèDfäGTŽV³Ÿ˜²†Ðh>#µ/^P…Æ‚_A¡ô. à™Òluä¶iµ!†úÑöâMÑÚ­,wS%27ÇlRr•†°ñ5ajõ²;PV¦2-þ¢‰ùB†'U¡‚ÊZ›ø0˜T¦G–%/È&äA”\?å–ã…[<>?»GrUâ%"±Ù{ç*£÷Fà Ö‰ã5'bq¦ïÐ'  Y7`ø8”¸àxpøºL†‡”öà®Eîe¶£~iu’›õ¦¼YƒX¡YÀ¥ä”§J‡µ«\+ðrëÒúÒˆ¤G—’[ªG»‰0‚×0‚¿  avV0  *†H†÷  0ˆ1 0 UUS10U Washington10URedmond10U Microsoft Corporation1200U)Microsoft Root Certificate Authority 20100 111019184142Z 261019185142Z0„1 0 UUS10U Washington10URedmond10U Microsoft Corporation1.0,U%Microsoft Windows Production PCA 20110‚"0  *†H†÷ ‚0‚ ‚Ý »¢ä. ãçÅ÷–i¼!½i33ï­ËT€îƒ»Å „Ù÷Ò‹ó8°«¤­-|byÿãJ?5 pãÄçkàœÀ6uéŠ1ÝpåÜ7µtF–([‡`#,¿ÜG¥g÷Q'žrë¦É¹;S5|åÓì'¹‡þ¹É# o¨F‘Án–http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0  *†H†÷  ‚ü|qQ¥yÂn²ï9>¼«\`ìß¨Ó éôö–…¶QˆfG¢°=*hw»‘Lb{¶ÁǺz‡4Kbz™éÊüÎJ7É-¤W|þ=ܸZúÖij…:ê³Ùnäi!7ÞÑöugÓ“W^)9Èî-áÍäEs[ÐÒÎz«‚FXÐ^³g¯l5ò¼å?$â5¢ uöV™Ôx,ÑëЈªñߺ~,c·›#!ÄùxlâX6+‘̤Ùò-ºù”@íEñΊ\k>«Óp* jà_GÑÕc 2ò¯×6*pZåBYqKWº~ƒð!<ôÁŹ“ˆE“†é± ™¾˜ËÅ•¤]bÖ c ½uw}=óE¹Ÿ—ŸËW€o3©Ïw¤bY~€^÷‡€f„Q®ß›¥|û^œå´Æ.˲×:=–E£¼ÚÐgeo .dbx¡YÀ¥ä”§J‡µ«\+ðrP4½šúwY2M½`(ôçxK0‚ 0‚ 0  *†H†÷  0„1 0 UGB10U Isle of Man10U Douglas10U Canonical Ltd.1402U +Canonical Ltd. Master Certificate Authority0 120412113908Z 420411113908Z01 0 UGB10U Isle of Man10U Canonical Ltd.10U Secure Boot1+0)U "Canonical Ltd. Secure Boot Signing0‚"0  *†H†÷ ‚0‚ ‚É_›b °d‚¬¾ÉâbãKÒŸŠÕa+]8ô·Î¹š¸C¸C—w«O pF ümÆmê€^Ò·f‡Þ mÐA—¨¥¯ cO÷|ÂRÌ 1©»‰]™FoUs¹viì×Áü!ÖÆçO½"Þä¨[-Û•4—Ö(K!LÊ»y¦Zùgæ\xE=m°Y&ÅWãN‚ºö,NÈ7Mÿ…„Gàí;|¼¯é§ oÃé£Î¾¦ãÍ<µX,žÂ`"79ÿAÁ)¤eQÿ34ªBù•xü-õÚŠ…|‚û7,k¥¨ß|U €.<°cáÍ8H‰è ‚¼ýÔh>ÙÝ”£ 00 Uÿ00U%0+ +‚7 0, `†H†øB OpenSSL Generated Certificate0UaH*¢ƒ ²­Zñ rPÚ3ÝÎð0U#0€­‘™ Â*±õŒ#¶eZ&Ž4Zc0  *†H†÷  ‚Š¡)· JÕÅý«%êÀ}âüj– y“gî%%äZöªñó‡^ñZ\Ë#se¹Þ"kÖIgÉ£Æ×bN\µùƒ@܇œaB"Ä*\NÅ£âàR²ëô‹+Ü89]ûˆ¡Ve_+O&ÿxëŒ]2ãÆE¯%› ÿŽïG £é‹7’’iv~4;’gN°%í¼^_´ÖÊ@ÿäâ1# …%® UìåG^ß[¼3ãÆõ¶Ù÷ݳ´¡1ÓZ\]}>¿ ääè´Y};´Œ£µ £¹>„oŒ!Ã9¡YÀ¥ä”§J‡µ«\+ðr¸œ½šúwY2M½`(ôçxK0‚ˆ0‚p  9\§’zPÂ0  *†H†÷  0A10U Toliman10 U Cisco10UVirtual UEFI Root CA0  180403174734Z20990403161930Z0?10 U Cisco10U Antares10U Virtual UEFI SubCA0‚"0  *†H†÷ ‚0‚ ‚¸M†Ð!¢+Ÿ ¦w˜1\WÀë>“aòe~Ñæˆ"Í¥‹O/øKh‘ïLQÂ÷gôF§‰ýBá¤ÎKj)g@ÈgìéàÞüðâ­EðÒ¨W»‹ £ŠsUãWÓüÂÄêPú‚IHf±x+¢GUH%Ìm".a—•¯›.MX¶~xùú²['Þ}¢¾ ¬sì—°^ííå¥u?xàqÎ/΃íS10˜Næù¢ˆˆ¦#| ·T:•í^y^Nþͪނüö–qNII¹Óé°«×*G·S0'|Üf˜ oÑ~õ=>Ô¢jˆY//=ÈÆ(ÞBþÙR=$Âü@˜öv¿Œ»e£9070 `†H†øB0U%0  +‚7 0 U€0  *†H†÷  ‚W¤`L)éò}k\“ÛÌlŸ?iHšuÞdóƒJ ©&!îéV]á>ÙuËÌ¿Mäè‰=~B‡@ÃÕàqyÜláqbǘÂË' /ŸÌìú‹²ó žóòÃÉŸÛ%“¤Í»åŽô×U¨´uA1ýN] Â¬ÅÞFçÜÏÕèG“Œ2ÍDÕtÇ0šW¥VÐ~Ï´ôó)ùÛ›SÒ½/­ju&Edºº(–‡Ž·ðyWúzd÷,Nïgyj„½½šúwY2M½`(ôçxK세Kle¥ ©¾q–R0! bÖÓ h2Û²Ò à'%'߶=IÒ•r¦ôL½šúwY2M½`(ôçxKo¬êÏìýN0;tô€ €˜âЀ+“oŽÇtÎ!ó†hœ½šúwY2M½`(ôçxKN: [CƦ»Ó@O4=Ï9bgΔøµ.#©Ú’ ½šúwY2M½`(ôçxK+™Ï&B.’þ6_¿Kà 'lžáKzoÿDû/ki™9½šúwY2M½`(ôçxK.p‘g†¦÷sQ§«pµWÆ2.©#²¨Ó¹+Q¯}½šúwY2M½`(ôçxK?ΛŸß>ðTR°ù^ä·ðmt:syqUŽpjÎ>s½šúwY2M½`(ôçxKGÌa'⚆à:kï,ÔøÅZmkÛ6!hÃ,ã*Zß½šúwY2M½`(ôçxKqòoÒ"I~T£Fb«$—üÈ wõhéãÙ¿Ëýcu½šúwY2M½`(ôçxK‚Û;δöCΗÃч͛YAÍ=èXo+ÚV7W_g½šúwY2M½`(ôçxKŠÖHYñ•µõ¯ª” jag¬ÖzˆnF“dr!ÅYE¹½šúwY2M½`(ôçxKŽ¢‰Ïç «seË(îQíÓ<òPmèˆû­Ö¿€H½šúwY2M½`(ôçxK®ë®1Q's핪.g9í1©…g0:3"˜ø7 ©ÕZ¡½šúwY2M½`(ôçxKÄ ½¬Gu­ØÛ’ª"µ·ûŒ”¡F,餹]Š3ˆÂü½šúwY2M½`(ôçxKÆÁ¨±î*(µ¨Lƒ×É‹[ '(aëæ’–½šúwY2M½`(ôçxKÉ3f¸çùƒ—TÉ—ñ së&Ø¡ ¹ã½¿Æg«Û‹½šúwY2M½`(ôçxKdW[Ùxš.­Vö4R¯kø ùDxYuéðN-d×E½šúwY2M½`(ôçxKEÇÈ®u Ï»Hü7R}dÝdM®Ø‘<ÍŠ$ÉM…igߎ½šúwY2M½`(ôçxKØûLž.z‚%ekK‚s·Ë¤°>òéë à )$졺†½šúwY2M½`(ôçxK¹*ò˜Ü›xÇt’ÖUq ×*­£×{åF ä2xïnM½šúwY2M½`(ôçxKᮃÀ.o(XÔëÑw#´õê5yÕD=ìÅù<½šúwY2M½`(ôçxK9ÛÂ(ŽôK_•3,·wãè@Û¦€cJ¨õɱ½šúwY2M½`(ôçxK2õ” ¢Ø¢ÁEæü‰df(ÿÌ|zBÊå3})Ä ½½šúwY2M½`(ôçxKÔ_Ë£–®ó>èöì®X¯èGj( &üqö!}ÏIº/½šúwY2M½`(ôçxKK†h¥Ôe¼ÝªüÿBOËЮÎ2üp¨>‘`èŸ ½šúwY2M½`(ôçxK‰óÑöä…Ã4Í •ãÍýÀq±„˜T„zDÜUHâÜû½šúwY2M½`(ôçxKÉì5ònUšÿ´ âëÞT5L5©˜`[Ï—-U½šúwY2M½`(ôçxK³å4¿kW†—3“Ÿ$¶k¤eã^‘°6**ÍépI½šúwY2M½`(ôçxKŸcíWÔ´.ñ f±D¦[¡¶WùKŽ²ðÄÍ`Á½šúwY2M½`(ôçxKÝY¯VDãŒcûà…0 ÍwF*!’Y°[ÂYæs½šúwY2M½`(ôçxKÛ¯žm=[8¶…S0J¼ˆ‚~¼ø ¹Çá—ͼX"Í1l½šúwY2M½`(ôçxKeóÀ „Ób¹r.˜÷^^™ln“O{+.kæÞÈ콚úwY2M½`(ôçxK[$Ž‘=q…==¥®ÝšKÅz‘q&W8û_Ë-†¢ñȆ½šúwY2M½`(ôçxK&yeãAòϨƒF 5Vª¯w§ kÄ„É0tl÷µ½šúwY2M½`(ôçxK»ÑmSco##§¨o=ÿ–Ÿ„ˆÀWKÂׇþÉ?½šúwY2M½`(ôçxK à!ö|~ø_Ní6¿p’8 <#Ê‘ýC ”° ½šúwY2M½`(ôçxK•ŸA7Ç°Òvq•åos€}:Üøöç¿-M™0_‰½šúwY2M½`(ôçxKæ!jÊïd@¥Uì¾Ù@±¥òVší’•a7®XH.ñ·½šúwY2M½`(ôçxKnþþ [G‹{”LÓ¨¬¢Ì¤ ˆˆâŸŠËX$׺°½šúwY2M½`(ôçxK®LÔzAǃÜHóBÀvÂÁo4ôÒßPÑÊ;µ­…½šúwY2M½`(ôçxKØÔæÝöä-t¦¥6êbýä) \ž\6•£Bïµõ¤½šúwY2M½`(ôçxKòw¯O›Ü‘ŠèŸ£\Á³N4˜L®—e2,<°IWM6Pœ½šúwY2M½`(ôçxK ÂLuëïV¹ñ:¹Þ`âì¡ÄQ4⻳lö T›#L½šúwY2M½`(ôçxKƒXò¥W-pYµÈcPU(’éEbo_Éʬ÷½èW¤½šúwY2M½`(ôçxKºßõäðþ§p¨û"äÄ8!ã! õ-OtÝPñÐ9¼½šúwY2M½`(ôçxKÄR«„`sßZÎ%̦Mkz Ù0ŠeëR@ãÄëÊ©Ì ½šúwY2M½`(ôçxKñ†>È·ô?”­û ‹JiIzŒeì¼*Uà»Bw+ŒÜ‘½šúwY2M½`(ôçxK{ÉËTcε^¸ºwѬ҃Ä?JW`<Áò,ëÅy½šúwY2M½`(ôçxKè9]¾WèQx´ºõ¢Wðn‘!¦|Y_jâ%ý½šúwY2M½`(ôçxK´ÜÊòÈϧ´“Žqþ+–‘ä!oÙT(g-l~s½šúwY2M½`(ôçxK>Î'˳ìD8Ìå#¹'Äð_Ü\Y:7fÛ˜L^Cz?ö¡k½šúwY2M½`(ôçxKhîF2ǾfÈ>‰Ý“ê¿E´ÂÇ-}ÇIš¢ C½šúwY2M½`(ôçxKâK1ZUqH=‹s³-áMáë.«!ý-œ1Ÿõ^нšúwY2M½`(ôçxKç :´ìˆUì¥)7ØKZÂOˆ&kRpçì´ª%8½šúwY2M½`(ôçxK~¬€©ÈLÔ¯ìc‰ÙN±h¨UyQ¤Õ9°q0(U+kŒ½šúwY2M½`(ôçxKçh1!êg÷K¼°ÍÅåp,ŒÅ_¶]p-û©Hµô½šúwY2M½`(ôçxKÜÌ<áÀä°±‡Ór úGõÂoW£Y¾{'€N¬ºÄ½šúwY2M½`(ôçxKWÿq*䉳t“Àv§Í©a)بýhÒ¶¯c91]½šúwY2M½`(ôçxK:‘ðùå(¢™L}“ ,^áLèáÈ0Jä•­ÅŒÄE< ½šúwY2M½`(ôçxKISyl›òQ «¥³Õ~+…××d4ìuº£…t彚úwY2M½`(ôçxK¨²Éu뫧ÛÞ^éiÀêî*1Ë‘¨gV¦·p½šúwY2M½`(ôçxKŽSïÜøRÎå¦é)1¼Bæ<ÓöI̧èrRäY– ½šúwY2M½`(ôçxKŸ¤Õ?Ô>ÊÿBº~CS%+~^rµ nÿ€'ÖmC½šúwY2M½`(ôçxKÓrÀÐôýÉõ.ž#üVîrAJóPÐΦÂj5¦Ã!z½šúwY2M½`(ôçxK\Xj…é7‰EpÔùëh(¹|AË›¦ÓÜÌ_RzU½šúwY2M½`(ôçxK€N5Lch»'©®ŽIŠW+)4%šœOS¢rTI½šúwY2M½`(ôçxKöJ)”Šˆ¾ÿÛ^ §7 Ï ÙÎkÏŽd !1«‡½šúwY2M½`(ôçxKØ~q4Tao[ׄšµÁq*¸O4”xì*8ùpÀ‰½šúwY2M½`(ôçxKë[­ÒnO®eù¤#XÞï|å,À_»Çgvæ˜*½šúwY2M½`(ôçxK»"‰ééM ÿ?bQj°~—›,lïâ«pÆßÁŸ¥½šúwY2M½`(ôçxK (ð@‹÷%ægØq8¨î¼R–-(Gñn5‡;A¶­½šúwY2M½`(ôçxK ùŠ©…Œ sø›§~‡ìoYlIPû‹º€¦/»‘K½šúwY2M½`(ôçxK uê pê¤Óót$mµOÇ´>Yj53 ¹ÃkOÙur^½šúwY2M½`(ôçxK Q×oÄ“Iv]¨†‚Bk,þžj¤òrSê´2㧽šúwY2M½`(ôçxK£¢šÐQ0×þ[ôÒYecÍí‡@–ªÌi“*.IQš½šúwY2M½`(ôçxKw0´/þI?é¶%—Í+o4Ójõ“0ñ¤/” ½šúwY2M½`(ôçxKáqZŸÏá¤DÎÿ…†ž´"3 ÀK1L)]m§ž½šúwY2M½`(ôçxK‘¨Ôså(¨x#½bæUß®Tú+úrýÀ)†Ö¸½šúwY2M½`(ôçxK‹XÁý¸Ú‹3Ìî_—:÷4Ùóã?]±W<+ ˆ¨ ½šúwY2M½`(ôçxK‘†ïß^òÞ‚Eº®4††º 5ÿ=˜eÁS|퓽šúwY2M½`(ôçxK' „²†ñc°jªäë¸ßøÞ} ‚[ˆ9ÿf'NÿG½šúwY2M½`(ôçxK)̤TN£0Ö‘Ç„i\œk"¬{[‰Ë×(Ñ@꽚úwY2M½`(ôçxK+"˜ê¢kĤUŠé.{°äø\óKøHýö6ÀÁ¾Ä˜—½šúwY2M½`(ôçxK-ÏŽp#ÑèáE=hÖì0Ù¾ÙL¼¸ÝÁ̬½šúwY2M½`(ôçxK1*Å[PÀ›0³Ì“¹”¡>î¬Tï‰/ÄG»½–¡½šúwY2M½`(ôçxK2­2–‚›ÄmϬ^ÝË¿,í\ø;"Ïœn`ǘԧ½šúwY2M½`(ôçxK4 £+X3Ž+V¯0 ©ßÖ¹Ò'àâ£IX±Æ%ž…½šúwY2M½`(ôçxK6.Ó ±à’(1©o ÏÞa‰Sæ•Éï.°ºÃuP½šúwY2M½`(ôçxK6z1僈1­,FGˆjlßò決‘ ÿ…Üz‡®›^˜½šúwY2M½`(ôçxK7e×iÀ[ù‹B{5;!7褛o… ñYíj†xj¦4½šúwY2M½`(ôçxK8mi\ß-EvàÊÌõäžxÚQ¯™UÀ¸úv7;y”³½šúwY2M½`(ôçxK:Ot¾¯®+“ƒ­‚Ò3¦Ï=³Çâè—¾ïBUúúwY2M½`(ôçxK:çlEÊpé Y˜Bb-ÒQ¼¡ûæ¹Å.Ás°5½šúwY2M½`(ôçxK;èçë45Á’Çi„gˆ™AÑöÏ QL¡i“OsY½šúwY2M½`(ôçxK>9&ð¸¡ZÕ¡Ag»dz„<=C!ã]¼DÜèÈ7A-(°½šúwY2M½`(ôçxK@ ÆmY·°”©ã ¦½:ÿ0WƒçY/B¾_ôº½šúwY2M½`(ôçxKA…‚m«[¨4{x¢+_š upÊ\“§MGŠy=ƒºÄ˜½šúwY2M½`(ôçxKAÑî±wÀ2NÝeWó„å2Þ õšDkï³Q¼%w½šúwY2M½`(ôçxKE‡kMØaÔ[:”€tz]´ZH²§)A ¶A/Š‡é]½šúwY2M½`(ôçxKFg¿% ×Á k„tÆͱßdŠXso¿WÐ]ou]«gô½šúwY2M½`(ôçxKGÿc±@¶üíy1æQÚ[./]®ô=ÂûÅ2±½šúwY2M½`(ôçxKWæ‘:úÌR"½vͯ1ø툉Td%Stï z‚×õšÓ•–½šúwY2M½`(ôçxKXú"q!ÇmížcÈ~:e3î öð¡¢?ÄE›Æ¼ß½šúwY2M½`(ôçxK]šË»J}KhRßYpâÎÖoö"îœÐíØAÌ­½šúwY2M½`(ôçxKaÎÄ£w¿YÀþ®ãp4¿—Õ¼nâ:ߺæãõû<ý½šúwY2M½`(ôçxKcW´E6,Ƙ KĶ(â=¾$¶élŠãÜ°Õ¬½šúwY2M½`(ôçxKe²çÌÙÃ1ßRßsÊ É2ÒŸ™tÅo0‡²Ý1G½šúwY2M½`(ôçxKfª íÂ8MœB]9'æíJ]@ÅçÍM¬ˆõwòñ½šúwY2M½`(ôçxKhsÒö)½RéTîÿYwªƒgC™—bÿ!,”3Æ—½šúwY2M½`(ôçxKm»êÒ>Œ† ø´tûü¥ Mã⋈»ÌÜGG“N½šúwY2M½`(ôçxKmêÑ2WßÃÌƤ³pº‘u_éàìAP0”.Z¼Gð|ˆ½šúwY2M½`(ôçxKp¡E ò­9Ui­ þ±ÙÁ%2Né ì9ÂXˆ4Ô‰-Q«½šúwY2M½`(ôçxKrÂo‚|ë’˜—˜–Æ®tÓë϶]A²fÉ ¾‚½šúwY2M½`(ôçxKxd!ˆ¨´±sÔ¨õì”Ø(dqV ™5zXbK7u ½šúwY2M½`(ôçxKxƒƒ¤Ç3»‡Ò¿Qg=Ç>’ß«}QÜqV'®whm#¼½šúwY2M½`(ôçxKx´íÊ«ÈÙ > â€,®´ðž#£9LJÌn‡èóS•1½šúwY2M½`(ôçxKI̳ 2;z±“ÉU¸ÇDð¢·\1I^`pP'½šúwY2M½`(ôçxK‚¬ºHÕ#lÏ÷ešüYMî+Ö.ñ£ ›P†(Ï4ô½šúwY2M½`(ôçxK‰Mx962˜Ì‘Zèt.ó0×¢f™ôYGŒò,+k²…f½šúwY2M½`(ôçxKŒI×Wåª!ÁcH#22—ØhòX‘e)ïÅ ïp½šúwY2M½`(ôçxK“Ö iYevåÜFKá*…úR€¶õ$Ô¡ÃüÉÐHÏ­½šúwY2M½`(ôçxKcõûÅåz¶Þl”ˆ` ár±vÕ«WÔÈŸ`þ-⽚úwY2M½`(ôçxK‘ej¤ïI;8$ ·&2HäâÖW¥ÈHˆ ¶[s 2ûS½šúwY2M½`(ôçxK‘——¿Ž[Æ„9¬Äcë¸ú«ývMËè/;©wÊÈÏj½šúwY2M½`(ôçxK”pxù|a––Œ:霚]Xf~†ˆ,öÈÉÕ‰g¤–»zô<½šúwY2M½`(ôçxK–äP”PÓ€ÚÃbÿŽ)U‰ŠåX…Ò ‰Â{¢©Ð ½šúwY2M½`(ôçxK—ƒµîD’éè‘ÆUñô€5•­E<b:ðþ{òÀ¥x…㽚úwY2M½`(ôçxK—¥ DDb óŒØÆQ,¬šuýCzáäÒ))€va#'½šúwY2M½`(ôçxK—¨ÅºÖï»]jÚNºG-ÄÆÍIrü]ã!4/佚úwY2M½`(ôçxK™( æìŒAÚ®KØ«Hõ‚héC¦pÓ\¥â½Í>|L” r½šúwY2M½`(ôçxK™-5š§¥÷‰Òh¹L¹HZkæCb°í´DÌ|9d{½šúwY2M½`(ôçxK™T¡©U豉«ÊAK‘ö l@¨ko>óh݆1½šúwY2M½`(ôçxK›¯Ov×kõÖ¨—¿½_B›¡Mà‹HÃîv“ ‚ÿ8‘½šúwY2M½`(ôçxKœ%ŸË0_Ç9~Õu™càïk6ä WýsnkЋŸu½šúwY2M½`(ôçxKÒÜ·/^t'òéà:±…£@<ö©¤y¤ÛÙ~"P©½šúwY2M½`(ôçxKžÓ?¼ À2øœ¢Ä«4íÃ:E¥ %!£µ‡j£ê,½šúwY2M½`(ôçxK¤Ùx·Ä½¡T5Õø¹Y.Â¥­ûê{­j5ìµ0”d/½šúwY2M½`(ôçxK©$ÓÊÖÚB·9›– • oö±«¥¸s°Õó î!s´‹l½šúwY2M½`(ôçxK­;å‰ÀGN—Þ[²¿3SIH·k¸vßÜX±þ×gµ¡[ü½šúwY2M½`(ôçxK¸Öµç…{Eƒ|{ãØV­ë—Ç)°fZ=G:KëQÜó½šúwY2M½`(ôçxK¹?™Y‹ ú ¬Á,üü%hy?nwžy^m|"Su½šúwY2M½`(ôçxK»Ú3»cœ~€m°VÉŠSò/ïû äm®Iš½šúwY2M½`(ôçxK¼uùÿ2\µ™žf»ÔOJå7¤/ßï5SHãf⽚úwY2M½`(ôçxK½Ð&éØWÓþu¯Áp*)ð´öýö¢²\—©ÎŽšúwY2M½`(ôçxK¾C]÷Í(ª*|´üsG[wå«ó’÷k|vú?iŒ·š½šúwY2M½`(ôçxK¾÷f;åêM¿Øhn$poLûÍg¦Åfí”Î ÄDp½šúwY2M½`(ôçxKÂF—YÁ”~ô¶_r©õ³¯‹onr{h» ‘8\¿BjŠ½šúwY2M½`(ôçxKÃP[ó쥬äÇk‹Ñ 9 eÑóNu¸£^ãÆ›–½šúwY2M½`(ôçxKÄ-Ç Ï^Œóû‘ýòˆ@!­ƒl¦Šß,»y•Á õˆÔ½šúwY2M½`(ôçxKÆd¥¸9ä¡gBR~jÎ<'oÒn4ÇÐã"½šúwY2M½`(ôçxKË4¯ë tÄ¥ˆ³nº¤A–èÒú€Ü¨Á8rÈPyk½šúwY2M½`(ôçxKÌŽìn¹!,¿‰zZÎ~Š¾ìáŸmï x•‘ËGñð„½šúwY2M½`(ôçxKÏ¢CÁÍ.<Œë~p‡ÎËûƒ%»ùз y­óèA(½šúwY2M½`(ôçxKØšÑlHÔû¼TKúøg f ”HåK¿òpNBˆ½šúwY2M½`(ôçxKÙfŠµ'…g†Á4µä½Û÷$R;is"š¹*¡¥M õ½šúwY2M½`(ôçxKÚ5`ý 2µLƒÔòÿ†Ò“i¬òÈ–ø¯§CkúFU½šúwY2M½`(ôçxKߪ´ƒ‡©áÔÆR(œ¶«á–Èô³–Çä»Ã•Þiwö½šúwY2M½`(ôçxKß‘¬…©OÍ ûU½|¾ú¬¸Åîs—þ,ÈY„Ež.¡N½šúwY2M½`(ôçxKàQ·ˆìºí¥0FÇjö•",aW¸ÄÁ¹ÂÏÆ_F彚úwY2M½`(ôçxKãmüq!Âãšêˆ„ž(E«2ooçNS›~TØ61½šúwY2M½`(ôçxK㘑ô‹¼Å“¸í†Î‚ÎfoÁ[ŸËý+ºÐ¨›ôÇ¿¿½šúwY2M½`(ôçxKæ…oy™-ÉO¢ô2—ì2ÒÙ§o{æaÆ¡>ü;ÍõȽšúwY2M½`(ôçxKêÿŒ…ºM[k€FõÖG×yºÚwhæIÐGÿ›f ½šúwY2M½`(ôçxKfIa §OjÆäß»)¢à®;Š#(Ž~.r½šúwY2M½`(ôçxKî×àïòíUž*yî6™b¯;™‘1ã ·ýTo® rg½šúwY2M½`(ôçxKñ´öQ; TJh­Â‘ï¨ÅŸB ¥Ü²> Zú~ =½šúwY2M½`(ôçxKò¡m5µTiA‡§ @Êh)Yôó\,àê¸ýd÷¬*¹õÂJ½šúwY2M½`(ôçxKóÔaÅé•@?É|¢Ø©ËâpY}2ºßÖkwI_”½šúwY2M½`(ôçxKôŽmØqŽ•;`¢O,¾¦ •!Þ®gÛ%B[}:Îô1³[ôÀæ‹Óµw¹«á©ÏñËßTiÊxçE (QsC>RÅÂR™äs€£?[_Ö±ÊÝô¤­îz<É-Ò6aßä‹Ê“Òª à˜+Œ BootOrder€"¤öîšöÛ 5(Þ¶Ktµ‚ü+naßä‹Ê“Òª à˜+Œ>Boot0000 ,UiAppɽ¸|ëø4Oªê>ä¯e¡!ª,FvEƒnŠ¶ôf#1ÿ€íÛèÄA+ù˜‡™Ô{ãÚ7ôœaßä‹Ê“Òª à˜+ŒlBoot0001UEFI Google PersistentDisk  ÐA ÿN¬ŸYM…âR,Y²€ÍÛE1¦ìA¾'Sº&7Öå÷òV(Calling EFI Application from Boot OptioniÊxçE (QsC>RÅÂR™äsiÊxçE (QsC>RÅÂR™äsiÊxçE (QsC>RÅÂR™äsiÊxçE (QsC>RÅÂR™äsiÊxçE (QsC>RÅÂR™äsiÊxçE (QsC>RÅÂR™äsiÊxçE (QsC>RÅÂR™äsà€ ŒVà’w¬Í`:£Ë–+KY\H˲×:=–E£¼ÚÐgeo$dbÒúÒˆ¤G—’[ªG»‰0‚0‚ø  aÓÄ0  *†H†÷  0‘1 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110627212245Z 260627213245Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1+0)U"Microsoft Corporation UEFI CA 20110‚"0  *†H†÷ ‚0‚ ‚¥lLÇE jK ¤À‡u CTdàí’} ²s¿ ÆJEa Å-–Óõ+ ûMI›A€<¹Týæ¼ÑĤŠAŠ\Yƒh2»ŒGÉîq¼!OšŠ|ÿD?2²&H®uµîÉLJ~ä‚šxwM °½öÓÓ¼ú+¥Q8]õûºÛxÛÿì –Õƒ¸é¶À{@{á('ÉúïV^æ~”~ÀðD²y9åÚ²b‹M¿8pâh$É3¤7ÕXi^Ó|íÁSçN°*‡caocYê²+y× agŠ[ý^­‡º†gOqX"""΋ïTqÎP5Xv•îj±¢Õ£‚v0‚r0 +‚70# +‚7øÁk·wSJó%7N¡&{ p€0U­¿C ½‚pœŒÕO1nÕ"˜ŠÔ0 +‚7  SubCA0 U†0Uÿ0ÿ0U#0€EfRCá~X¿ÖNž#U;:"j¨0\UU0S0Q O M†Khttp://crl.microsoft.com/pki/crl/products/MicCorThiParMarRoo_2010-10-05.crl0`+T0R0P+0†Dhttp://www.microsoft.com/pki/certs/MicCorThiParMarRoo_2010-10-05.crt0  *†H†÷  ‚5Bÿ0ÌÎ÷v ­hX5)F2v'|ïA'BJªm8HYUóéX4¦ ‚ª]­‚Ú€ƒA´ò¹ó]ñPù³U„B( ½²®QÅÀ¬—•!Ûüwž•s‘ˆÊ½½R¹P ßWž aí åm%Ù@@ÈΣJÂM¯šT½Ç¼¹+=I+2üj!iO›È~B4ü6‹ @À³š%u'ÍÉ£ö]Ñç6Tz¹PµÓÑ¿»tßÜ€Õíô/k/ÞfŒ°#åÇ„ØíêÁ3‚­VK-ñh•ÍÏðrð®»Ý†…˜,!L3+ðJðh‡µ’U2u¡j‚j<£%¤í­×®ËØ@Y „Ñ•Lb‘"tŒ=GD¦ä°›45±ú¶S¨,ì¤qȸºèDfäGTŽV³Ÿ˜²†Ðh>#µ/^P…Æ‚_A¡ô. à™Òluä¶iµ!†úÑöâMÑÚ­,wS%27ÇlRr•†°ñ5ajõ²;PV¦2-þ¢‰ùB†'U¡‚ÊZ›ø0˜T¦G–%/È&äA”\?å–ã…[<>?»GrUâ%"±Ù{ç*£÷Fà Ö‰ã5'bq¦ïÐ'  Y7`ø8”¸àxpøºL†‡”öà®Eîe¶£~iu’›õ¦¼YƒX€0KËWÅ+‰q*ÒÆÚ²¢3äEFI PART\YQCÿÿ?Þÿ?Yd³Ë@‘)4BXý¬€€øZ>e¯=ƃ„rGŽy=iØG}ä LB“G`ŠýîÖÀdÈÞÿ?Hah!IdontNeedEFI[L-·¹Ca¶Â.¾v¡Œÿ(s*ÁøÒºK É>É;+ûõp4\Bl±ø÷ˆ#S} ÿÿ€G&6yÛˆ=zÙ­¼“Ö¡ûø _3˜àܽ¸/x ÐA * à+ûõp4\Bl±ø÷ˆ#S}0\EFI\BOOT\BOOTX64.EFIÿ€?®#±r5fó‡_,I.—b) ¯à€Á§+‘Þ,1ÒÍÓûö›Ö.KÐP«]`FàC«¶=ØÝ‹#¢Shim0‚ž0‚† íT¡Õ¯‡H”Ÿ‰2îœ|40  *†H†÷  0 10UDebian Secure Boot CA0 160816180918Z 460809180918Z0 10UDebian Secure Boot CA0‚"0  *†H†÷ ‚0‚ ‚•Ô‹›Ú¬.Ê‚7Á¤ËJÃB“Âz)ÓnÝd¯€¯êf¢aœƒ Åk¹5%ÿÅûè)CÞÎK=ÆM±ï&C•hÍþÂ$›Þ؆Qè8C½±šåkøTP‹³K_üä5P| ±â„¨6Hä€èêŸú¿Å{^ξ,€xI5À!ÏïfÕŠ–+f/H±çì‚æÊà_q$9P ŽÑr(P¥!ôãaº fÈßN&6 c+¯«Ä(¢Vd…¦UA®<ˆ•ÝÐmÙ)ÛØÄhµüôW‰kÛàïî@ bêXԣغ¦—.Åk¤‘w¦µ­#§ë IF|véž2´‰¯Wy£Ò0Ï0A+50301+0†%https://dsa.debian.org/secure-boot-ca0U#0€lÎÎ~Ll aIóÝ'ßÌ\»Až¡0 `†H†øBÿ÷0U% 0 +0Uÿ†0Uÿ0ÿ0UlÎÎ~Ll aIóÝ'ßÌ\»Až¡0  *†H†÷  ‚w–>GÉÎ Ï‹‰ÎYí&& ¹­©+½¡ëˆyÿ1Þþõjïap¿œNfláb—WeGÝJÆ÷ôÞ¨ñb̃W¬<¦‘¯U&ri.ÍÝM³Ñ`$-2Ol^ò£ò¡_b0®­ñHfd}6D 4=.¯ŽÃ­Â‘Ø7àîz_‚;gŽŠÄ¤ß5Âr+LQד“žº Y—òâ) DMêîø>`ÊÏNš%‘„?·ZÇî¼k€£Ùý²mzcëïñ°@%Õèëk÷Ëÿå!",.š5`K[_8F„ œÏr“bî\˜Ö³}%9•ßN`v°{°nãdŸ!V­9¯€‰°‰A´}ϽL‹?+Àúل̓k!)€ãF€åF¯go-tpm-tools-0.4.7/internal/test/eventlogs/eventlogwithsp800155.bin000066400000000000000000000642661510276467000251510ustar00rootroot00000000000000)Spec ID Event03 0  SP800-155 Event3y+З ^L8G€2o•Œ©/­ Google, Inc.Google Compute Engine Google, Inc.y+2.7(FŽ…¢£jEŒy ä‹eÿFirmwareRIM SP800-155 Event3y+З ^L8G€2o•Œ©/­ Google, Inc.Google Compute Engine Google, Inc.y+2.7¨https://storage.googleapis.com/gce_tcb_integrity/ovmf_x64_csm/ed6ebf6065569c5ec4c313a62c600f9ed9d3616611c7995784a583794c6faee081190b6564a915952204d63d57df2250.fd.signed@1þ)û‚oÜ­™’Ì©ôõj£ úš‚¶[ËΞŽ_må ¾ÿ›ó7kùÅ£»¤] !Ó@¤£ ¸†T†ÑPÍœëFb¹/3m8¸}p³sÊÄÆx3i$º¨Ü*ή´¦0GCE Virtual Firmware v2žŠ÷Bqð@’U'Ár7i¬þ~ {tÞ£Lé´—U««èºÉ­R=ZÝìN/¢˜ã®hý'o §Mæ'¤­+{FñÔ (ë?^àU«Éˆ?,§Ù¾ßŽÈÈHüåª Ò/PÎxõ»ñ^ GCE NonHostInfo€ÔýÑñM@AIMëÉÄSCÒ'} ÌüK³(ˆ£E¼ŠêÚºU+b}™4Œvv«1Aõ°@¤ ,ÞÐÆôSÔÆõœ^ìa«Æ°1E@¢6|º2jRª+1\ÌÎh¨Î Æï*Çå®5aßä‹Ê“Òª à˜+Œ SecureBoot€/” ¨…¼—á5@¢y%CøqÂ(Š \Ãàãv A-ÂðyþǾ5ØïjóO·ì@tÓGÀ1¶ ÈXj`xqä¥ñAƒøŸÍ’o±¸ï‚F¿Q‹ Û& -0UIƒŽñ…õ­·í™6vyaßä‹Ê“Òª à˜+ŒUPK¡YÀ¥ä”§J‡µ«\+ðrU9ÒúÒˆ¤G—’[ªG»‰0‚%0‚  b<â_f¯N#À²}Ë0  *†H†÷  0—1 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS1$0"UUEFI Platform Key v202502030 250203182727Z 350201182727Z0—1 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS1$0"UUEFI Platform Key v202502030‚"0  *†H†÷ ‚0‚ ‚Ô˜!OÝ—Ÿ>ûýä©€\û¥ãF­‘ò=¯µ×¨•Øu5|³áƒ.|Ú)Ò‹Ê?LmÒ-+)f+í’^[¯²Xw¦¥”S£]Ý¼Õ $¸èá0J]àv}*½v±[KW ¡ÖAßÃ’aŽlKŒyÈÖk»_;wµì‘o"U’lNÎÕéÆKbðRÈiÁ#Ÿ!±Š@Á±-¢í†³zi'½`õäô! ááSøÚéEHö»0Ü2©Ï½Ú1ÃkƒXÉ£|šž §ÍF†?¡y£â˹(×–dÑÍ œ¿cA°T`Ñš@BÿÒq•S”Tòe ú·p°Am£k0i0Uÿ0ÿ0)U" H^ÐBjÖ¸æÎ’€ä­v‰Án)9ÐPõ òÑë‘ñÐ0+U#$0"€ H^ÐBjÖ¸æÎ’€ä­v‰Án)9ÐPõ òÑë‘ñÐ0  *†H†÷  ‚k ìè.óÁ¦Ã/Úf÷r ¯¶\å4dvxs¬¶š~™ä•D^oÙŽHÅž¥‡nM¯£P~Tè?Ä®Z ;£‚¶DãgWvd F¡ùë2§ä“?¿×óýuúЂ×çòë[Ô²ü‡H-«×¦õ]ôÕ#d‹.…9oÐ ²aôMêýZ …€àÖúfΓ“¤™\.‡Uh ”É™°^»wâ1Õ…jyY?hëH^ïO®Ÿ3ùü¦S%ű±[xÏÑ“‘$x€¼®ðL»àð´ÎøÃÑ_ÞvJ– ‹ŽÂ’É®ÐÚDÞÑ,*{dÑÕŸ{J-­ûëht¤N€8Vk|ÙÛ2Ý]ùFPÿº’N †MP™£–ŽO¥%G’ð÷V1™ÜæQ5D0€…ä¼ ‹›s$ŸSO’á)J[ë¢T?¯ul­m¤ôœNf¬•ßD™où³îÙççƒaßä‹Ê“Òª à˜+Œ]KEK¡YÀ¥ä”§J‡µ«\+ðr]AÒúÒˆ¤G—’[ªG»‰0‚-0‚ P±ˆ’àêGWÇcå‘»0  *†H†÷  0›1 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS1(0&UUEFI Key Exchange Key v202502030 250203182733Z 350201182733Z0›1 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS1(0&UUEFI Key Exchange Key v202502030‚"0  *†H†÷ ‚0‚ ‚ìƒl:`‰Ô}“¾,½E („zæœ6.OíÔ&Áá6µ´Žm=^8kFvjÄ{×0WÊÁÓBðë;˜Qí¿AÅ©}æЫX¨×Ì#Ûì„eÇ^6[‰Àø *bì¡4Ûa2TOŸ‘µHÜ~yæ_&&wêÒÞðÓ ™¸gcs=:3Ñ3jùü¤øvÈú„z¸a§å' ?ן(ß”;àF`ÀSÙÍ'™Áõb‡ZíÙûwýäBêR¯Éì927kOÖ ¿æ¤±ÕÃQ7Ùå '9ù§Jœ´'¡¡!žþÖþ€”… ?~ü?|"’˜ÓJ>BoøD|U‹M2Òœà󘛣k0i0Uÿ0ÿ0)U" ‚¹ý&+Ý NyT¬ZôÞ…q{^‡jZ‹—IWj!S²$0+U#$0"€ ‚¹ý&+Ý NyT¬ZôÞ…q{^‡jZ‹—IWj!S²$0  *†H†÷  ‚ Hÿ]ùÚÃÉ"[Ž5ò.€„(ú,‰¹(!©ÚÑÅý~k.¨~\‡´<ñg¶+¾¶7‚±éçÌÖŽ–: %Êšä{>*Z——Î «)ap9·t y Ëü/:âÌšdñóÇkËW59+wì1,ÓºU’ÑÁ®Yé PÈ’VC¥C¾>/y‡€ wÒèOo+ý!ð "u1¨Ò5°;ÓrÌçºR}2]ŠRâ” žV 3Ïi%ŸŸÔd¿„ì.½zf´YÎÎøÇöÂ.^>ÈjM Îäó6ÀM §fK=£G„é fÓ2þWîPºœW"k`=Ø“r‘à^ö"` §ë}€¦0Û:zxÜKV*)™žâ\†‹N ^›Á!CF”{zVkM•›Ç0/I™ÀM%2ãq|´¸%,› 9®6.<®×VS¬s`²$Ž¸1ór Q"föC&¸[åÛ€pë ¿.?‡–æ%¾m˲×:=–E£¼ÚÐgeoIdb¡YÀ¥ä”§J‡µ«\+ðrI-ÒúÒˆ¤G—’[ªG»‰0‚0‚ ?„©Œé 5‡µ³n±E0  *†H†÷  0‘1 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI DB Key v202502030 250203182738Z 350201182738Z0‘1 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI DB Key v202502030‚"0  *†H†÷ ‚0‚ ‚º¼Õ”­iDÔʘ„jrÖ™™¡7§¡ Îc‘·ÆÕ½uÙ8|eê½´AGòo ó v­6Kï7éZç^¬êýªQ`¥-%¾o}Åø“@› \e†>ðßoê&¶Ï³{º]Æ”¢uTz›ÙÁ·:ƒ gq±Ä>ëÇÝÇÃ6K.–ôz6%¹† °úiõ /'(ÓMîfH,OL‹Óà]–˜'C¼-üBÑÐxªj`ø†î Š‹`™ÉæQwF,ÛÛW8´¼û¬ÎæL p ‡²Ê>•Ï%6”ŒÚIž_QÜð‘Uª¯›Âom„eð}ñ€ON"­(çÞÁñ£k0i0Uÿ0ÿ0)U" nšùM^î›OQïèÜÓÿtÃòŠñ$Ñ[9q•ÈÜRÁ90+U#$0"€ nšùM^î›OQïèÜÓÿtÃòŠñ$Ñ[9q•ÈÜRÁ90  *†H†÷  ‚ kº`ÛrÎA>{kn!ÖÑá—ú¦Hèh÷µ9ßR/c~ŒþyO[šZÍOŒ¬v¦ýž¦=Ô“Ùv¬Q»qRcÌûV ;A¼^|ý›wvˆŒçe 8ƒ “»<»0ò«¸cü®ðy/ÆMUù!õ|û(»¢/Ñ‚…àËÐ`ùoùAŒÍhDdÃy.¡¬ñOx ÿ\⨠ à†˜kë qÍ­CWM{«x|3…ªWç Ï~PÂŒ“zŸ¿´èBbði‚yO¢â<ÊQû}D$cò¯÷«uº+dÚœ—Ž={†yUú89‚ ÿñ;½%ÝwÕÜ€ÓfŠq² Ÿ_¸B7 M´Ã×Þw 9¾ÿOCH¡¶—£™„GŽ‡CìòdJ2ÛÑ'&æâ ‘OržžpÌ0“);PÞcÖè£úÑá4[è– Í›mZ$rŠø?é¿Ôœx”¸“˲×:=–E£¼ÚÐgeomdbx¡YÀ¥ä”§J‡µ«\+ðr˜|ÒúÒˆ¤G—’[ªG»‰0‚h0‚P  ªŸ²° ¨0  *†H†÷  01 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS10UUEFI DB Key v10 181208011941Z 281205011941Z01 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS10UUEFI DB Key v10‚"0  *†H†÷ ‚0‚ ‚­gÕ8?––”"N‡&‘HΟeé¼u%Péìžì›ßx„ô0Ù6ww×kÃs׋ý& SIþô)M™‡ÿm#w(/ùþÅØ —µîÔõ)ógM”b¸MM[ºíÆshV¦°‡`HâEø'uZ™œêÍt$ÞàÖTñ‹á½(5GìÅ—è7È*Úl;¨;g1*/9²èUüvy´X+˜L[Xü"Æì^*ìð.R»Ówu![¤hW&<isËYŽLŠˆ@Ð_†e³ Þ"ÕÚ]]Õã‚*Y5Ü”MšIJ¤ÀÚÄgW¤q¸=ƒ5hufÿuio¶¥2 C^ ‹£æ0ã0UÕÛšgd3Fˆ°ó2‹öä”Z8ð>0³U#«0¨€ÕÛšgd3Fˆ°ó2‹öä”Z8ð>¡„¤01 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS10UUEFI DB Key v1‚ ªŸ²° ¨0 U0ÿ0  *†H†÷  ‚'kÛ7)€)5FügˆG£5T*Ê*µ£Æþlªà¿°¡Ñ~"µñ¼S íÓ» :eü9è÷c-¤êE¿ŒªŒ~¤ýdNÄ\œS`‚wWv:F ²÷‚¦& ¼‘· ±{­-P³‘ÛŠ¢×ýÞGÈM.Äs­ŒWé‚„žá q]2æs–ñ£[…â}a†eTœ«D#ÚWûÈ`‚*!ˆ°Á=£žhl8=䲃áÌGP‹Ã^eÃkݸ.˜ä~¸¤ŠÚòÓ*‰Î(âÙýúÄn1¤g…P¨ŒÌŠx–ä~çêcy-~^«¬~â1ot¹óίÃâľQaó8¡YÀ¥ä”§J‡µ«\+ðr¹ÒúÒˆ¤G—’[ªG»‰0‚‰0‚q  ìæßûÕ[º0  *†H†÷  0‰1 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS1!0UUEFI Key Exchange Key v10 181208011940Z 281205011940Z0‰1 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS1!0UUEFI Key Exchange Key v10‚"0  *†H†÷ ‚0‚ ‚Âa½Qú|”68»ÊpeÕ$3YÇ‹äýî—¤\ílçêÍyH,‘¨câö¤¼é(‘¦]iÞ¬Œ :GlÈÁš@ãÄÔ_Œñyiºå'ýw_qǟߧ]dEéð6ozOÏEâèíÒ‰‰ûA•ß»Á³úÜï ±ñ;ïcgW$à‹_jAÖö/>Ébdy·s‚è˜×ý+îy~q"Ë­®ñok(Ábßæõ#ðOóšVÚ™]‡ÜYö÷9&’m§.-ÉЈQ]„´ÂSƒ N­œêF_@í$ÿàþ0õ¦pµ; ‚frp®•Þ3†ÿe"šôËZÜ{£ñ0î0UªZd­…‚Ì—ºõãt][Ë;A›0¾U#¶0³€ªZd­…‚Ì—ºõãt][Ë;A›¡¤Œ0‰1 0 UUS10U California10U Mountain View10U  Google LLC.10U  Chromium OS1!0UUEFI Key Exchange Key v1‚ ìæßûÕ[º0 U0ÿ0  *†H†÷  ‚ZÇwš­4Ãí8ÿ9Ê+^2Áä%‹Â.àÀaƒÔù¤¶‘/.ïZóh¢Ã°ïÉLêìëÅL×0tŽ 7_‘2U,&¨¼‰Ø+žq¬$‹'P)6/R -ÌDñ5«QŽàÍŽÁ;·ò-ïŒHÅ‚hi˧g»°X$_]Å‘Ùêý.GÌ<ºúB²Øþ®šáUàóÛ²0éM ˜ âëªS^º 7è@ “Æsý;‡·¯Yâæ\W ìÛëÔ&*d<.¸r I¼‚¼±#Ò²¶°/!û²¥oÌ#ýÝ%Í(`’¡YÀ¥ä”§J‡µ«\+ðrçÒúÒˆ¤G—’[ªG»‰0‚Ó0‚»  Û—°Ñ¿Ôqñ0  *†H†÷  01 0 UUS10U California10U Mountain View10U Google LLC.10U Chromium OS10U UEFI DB Key v10  180427150637Z22180310150637Z01 0 UUS10U California10U Mountain View10U Google LLC.10U Chromium OS10U UEFI DB Key v10‚"0  *†H†÷ ‚0‚ ‚µ³(o+ \(çléÏ0P¶¤uûœHѾ„Û_Ô 5§m´j¡NeטQ|`ÄŠŸ7_,qõÒBEú› žhõ5”Êô{Hƀlíȹx–Ð +±ÇLy­g!`Ը撳ü±F›äå*‡=EOÑ­n4Y{’ÛJ‘c?°ð<©|3¾©‹7srGô)ÈRQ ßì!âöWdÄ=t¡dï SŽzŠ.‘ÄCc-µõzÝ3m@>wìÌyŸ*À×Nq‡p+‹ûS)U0ƒ;Ðbÿ`ërÀ {™ ›CïÚ2CGZVtžñ ÌT ˜±O:I£P0N0USº1ˆô+اª€ªÉ›ã4jo0U#0€Sº1ˆô+اª€ªÉ›ã4jo0 U0ÿ0  *†H†÷  ‚²8÷ Z:u¨·AÎ)›ÿ‡ò£´( ¥Âþñg^ÇÕQ—“ ‹ýF”fâzÓ²½Z—Zj¦õŸ¸„)–ˆSHЭO®ø¶íFP…ô-¹4;Ñ-—šÞ5IÎäHTÏ› GjáwoôZÐßCš›h^€!€ÉÇ+BŸ¬‚:ÄIýÝmÓ‰j²*ž~öë-½ä»»ø„'o!…cÜŒS@[a.’ÿë/ݦµpL»/f{b?µ rRC§ß —t7D5j£ß&9Ѳø? ¶lÛoí½t [QIÇG£¨œƒ`O©ÀBSTæÁeóNË´÷vY¡YÀ¥ä”§J‡µ«\+ðrýÒúÒˆ¤G—’[ªG»‰0‚é0‚Ñ  ¨qž9¬c0  *†H†÷  0‰1 0 UUS10U California10U Mountain View10U Google LLC.10U Chromium OS1!0U UEFI Key Exchange Key v10  180427150637Z22180310150637Z0‰1 0 UUS10U California10U Mountain View10U Google LLC.10U Chromium OS1!0U UEFI Key Exchange Key v10‚"0  *†H†÷ ‚0‚ ‚›!ÑÏ1YS¯##™3æ¹°¾ƒA–Iå©‘œ'“e–P¤Ú-D¿ÔÈ£ýÕïÛUäà÷÷—$nä1°œÐäåD9¾}°Ÿ@†5T£1¹U¾ˆÃÒe›Ä§öp²Ù„HÆ€ŽPOd°;ÈËñ¼/$ú󴼆òœÝ¸RåÔ:vpÄ7 Ò<=&rÞ¨éìSÒsnŠiº5é“Ä@~Y$Oð%¿îAVp\Ê¿Ä‘]a#Tæ~½¤jŽ?ÖêMs-D~3 GcD‘ScÄR{?ª·º´À\ÔF§^ú½¶¬tГ™tB™Sç d=±=±ÞsÁ°íñ»G£P0N0U¹Ni¯Ü“<ÃYŸ?ÕyÄŒ[í0U#0€¹Ni¯Ü“<ÃYŸ?ÕyÄŒ[í0 U0ÿ0  *†H†÷  ‚}Ï߸¤â1vbI²“èÑÒîlHrAB`©~Lï3WwšP:vq0åf>µG4š@hsIWúój¥c£/§¢ÒJ™ò„EØNt/ÍèØF(ÍÜÝöٌҨˆsA©<]}Ì%²ÞNQëú ëyE¹8bt®K²™l1âˆÃáÏ‘Vîøn™»IÞ,¼!P"4˜2Jô°ìɆkçZYⓨ<ÜÐÌêÉ«ˆ¶øÉÉÏpñ¸:ÎÅy_îŠ/Ž¸ü[—/õÿ!i€°âðg¼dÂc ëZ¤†‹¾í ²Ävúï@ï·}Ëš/Ñ`¤t¦iî5ÓÉ(ûêÌmõ¸iÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ð gD[gLÃ2-D$ ãKP•£Ö uFâ¸þ"NÁQâç\’P£$£<Õá¿?'À·±Ÿz ¥YNý›2BRöãœÊ7ž¡P?ŸL”5!\°QÃÉ ­hdëÒ.¹™ÔÛ `M ACPI DATA ³3÷)ôÆД1ªÁ]ÚõÔ,ß$! €:«{¡ã}U78Ò×ðˆë˜ƒ;œ9/j£Wh·Ñ\ ò1¾#ÅzìRð÷…K_2­ ßk'm¬ázkM­3V«M?PoÖF º ACPI DATA XÙœ0Š)nË,˜Frs¡’ 5Wdàÿ_MåéÓ­Cvaˆ KK­ŠØ(™{_sHøA Žó$/ò#`àßf]¼²·jõ¸OE깄(ÅäjDL~"±zIEõÃ{W¦ZVäU ACPI DATA€Boot0000 ,UiAppɽ¸|ëø4Oªê>ä¯e¡!ª,FvEƒnŠ¶ôf#1ÿ€ÍÛE1¦ìA¾'Sº&7Öå÷òV =gr´øNÔu•×*,L_ýõ»rÇPâo*®âÆV3º w Ú²1+NW¨M†Z!å²îgz!*Ú ˜˜€xÓ×@ö4kþ º©8Ê Cšq(Calling EFI Application from Boot OptioniÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðà€1 Ó<µŽðü{@Ò0¾­«Å¶¢¯ ªïÒÎ £ 5Aš¡GxWp<°OÉ„±àºv±µ;û #øbB”ÓŠýfå´èAy9öëî¨ò­çX¦^ÌÆTº¬\ûŒ+œk”¾ÖsQ˲×:=–E£¼ÚÐgeo-dbÒúÒˆ¤G—’[ªG»‰0‚0‚ ?„©Œé 5‡µ³n±E0  *†H†÷  0‘1 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI DB Key v202502030 250203182738Z 350201182738Z0‘1 0 UUS10U California10U Mountain View10U  Google LLC.10U Container Optimized OS10UUEFI DB Key v202502030‚"0  *†H†÷ ‚0‚ ‚º¼Õ”­iDÔʘ„jrÖ™™¡7§¡ Îc‘·ÆÕ½uÙ8|eê½´AGòo ó v­6Kï7éZç^¬êýªQ`¥-%¾o}Åø“@› \e†>ðßoê&¶Ï³{º]Æ”¢uTz›ÙÁ·:ƒ gq±Ä>ëÇÝÇÃ6K.–ôz6%¹† °úiõ /'(ÓMîfH,OL‹Óà]–˜'C¼-üBÑÐxªj`ø†î Š‹`™ÉæQwF,ÛÛW8´¼û¬ÎæL p ‡²Ê>•Ï%6”ŒÚIž_QÜð‘Uª¯›Âom„eð}ñ€ON"­(çÞÁñ£k0i0Uÿ0ÿ0)U" nšùM^î›OQïèÜÓÿtÃòŠñ$Ñ[9q•ÈÜRÁ90+U#$0"€ nšùM^î›OQïèÜÓÿtÃòŠñ$Ñ[9q•ÈÜRÁ90  *†H†÷  ‚ kº`ÛrÎA>{kn!ÖÑá—ú¦Hèh÷µ9ßR/c~ŒþyO[šZÍOŒ¬v¦ýž¦=Ô“Ùv¬Q»qRcÌûV ;A¼^|ý›wvˆŒçe 8ƒ “»<»0ò«¸cü®ðy/ÆMUù!õ|û(»¢/Ñ‚…àËÐ`ùoùAŒÍhDdÃy.¡¬ñOx ÿ\⨠ à†˜kë qÍ­CWM{«x|3…ªWç Ï~PÂŒ“zŸ¿´èBbði‚yO¢â<ÊQû}D$cò¯÷«uº+dÚœ—Ž={†yUú89‚ ÿñ;½%ÝwÕÜ€µtó”ÑÓHΛû»’·“¸1 =ItOȨ «WÝNË,U#æe‰KíS@D$z&Œ»› ZÜGÀeg]•ï¼:ªÏ´ñ[4ýz&Rk>^½Ä¬¤ðËAð9ÙÂÕWÔõ¼´—†dEFI PART\²"€¾ÿÿ_"Þÿ_’Tq²(Húœ@Æ\™Ìcš€€·ŸÆU ¯=ƃ„rGŽy=iØG}äYF…|”D†™½WÀ<dÞÿ_STATE]*:þ2O§A·%¬Ì2…£ ”~…íÿ>O/üuò<)PÿÏôKERN-Aâ¸<~;ÝGŠ<ò¡<üì§K&UhNFŸÿguµîe°ÐDÐDROOT-A]*:þ2O§A·%¬Ì2…£ GžKœ9L£›®ÀYHŽ ÐÿOKERN-Bâ¸<~;ÝGŠ<ò¡<üì‡B!?F¦5âÿ®ÝoÊÐÿÏDROOT-B]*:þ2O§A·%¬Ì2…£ ËÏ‹VŸL*¬†l¨$À­e@@@@KERN-Câ¸<~;ÝGŠ<ò¡<üìÎvVŒ†H/´ñP0\º:A@A@ROOT-C¯=ƃ„rGŽy=iØG}ä$_bVÍJ°_àw¹ðò±àDÿdOEM=u .Hž°Cƒ7±Q’Ë^Ñ„´Ü¥1I9«^åÏSB@B@reserved=u .Hž°Cƒ7±Q’Ë^ýñì»Eñ°«/‘=DãC@C@reservedHah!IdontNeedEFIs Œà Kì˜/LÉÂÃ9 @?@RWFW(s*ÁøÒºK É>É;±úüm+xJõˆtºL †ªíÐÿÏEFI-SYSTEM€¢ydö’–Xo³yR†Bá;*{… EýÄ‹z§)ÜØ®?Šªžž*¶ÀËì&üíó‰T— À‚bf ¹–e–ž ö9ØL<Ü÷hæ£17›-W^ÝY81·d“êøÿÂ÷HY˜Ð$¾#x ÐA * бúüm+xJõˆtºL †ªí0\EFI\BOOT\BOOTX64.EFIÿ R_÷ LúK,v¢â?ÄI—“+Óò Š:®PÕÒX8É\J­Î{TŒš•.·’^6nÚS|Yð €î%q3JW¿#!–DGåBHú‡ˆx©}Ër h: ±¬cLvÀÀ¾w÷aMokList R_÷ LúK,v¢â?ÄI—“+Óò Š:®PÕÒX8É\J­Î{TŒš•.·’^6nÚS|Yð €î%q3JW¿#!–DGåBHú‡ˆx©}Ër h: ±¬cLvÀÀ¾w÷a MokListXà€‡]9¸‡/Šÿ:’üŸž@¬u&Ž ’.“šUeyŠ^ñ/à‹I¿•Ž‰ Ì§¥6i=A£M ñCâ”cüÓD.„³j~qð¨”eA–éÑ.pÐrxt` V&MºS.݇)Åë8DP«]`FàC«¶=ØÝ‹# SbatLevelsbat,1,2021030218 à€>þ¸zôŠµ®çü½5º·í†\ _b¢¡àH_ÒRÒæÆËŽÐu†•¿í &¿nÖ+ „)õ ‘á .d¦ce‡ºÅ¸T–¦~m<<õ$§«rkM"YM„é!‘¬Žá[x=P«]`FàC«¶=ØÝ‹#MokListTrusted ¿‹E0ØÒFÝt¬S¡4q»¡yAß÷ Kõ/4ETÅ;Þ.»ŒÒ·ãÑ` Ö1Ã…¥×Ìâðßoê&¶Ï³{º]Æ”¢uTz›ÙÁ·:ƒ gq±Ä>ëÇÝÇÃ6K.–ôz6%¹† °úiõ /'(ÓMîfH,OL‹Óà]–˜'C¼-üBÑÐxªj`ø†î Š‹`™ÉæQwF,ÛÛW8´¼û¬ÎæL p ‡²Ê>•Ï%6”ŒÚIž_QÜð‘Uª¯›Âom„eð}ñ€ON"­(çÞÁñ£k0i0Uÿ0ÿ0)U" nšùM^î›OQïèÜÓÿtÃòŠñ$Ñ[9q•ÈÜRÁ90+U#$0"€ nšùM^î›OQïèÜÓÿtÃòŠñ$Ñ[9q•ÈÜRÁ90  *†H†÷  ‚ kº`ÛrÎA>{kn!ÖÑá—ú¦Hèh÷µ9ßR/c~ŒþyO[šZÍOŒ¬v¦ýž¦=Ô“Ùv¬Q»qRcÌûV ;A¼^|ý›wvˆŒçe 8ƒ “»<»0ò«¸cü®ðy/ÆMUù!õ|û(»¢/Ñ‚…àËÐ`ùoùAŒÍhDdÃy.¡¬ñOx ÿ\⨠ à†˜kë qÍ­CWM{«x|3…ªWç Ï~PÂŒ“zŸ¿´èBbði‚yO¢â<ÊQû}D$cò¯÷«uº+dÚœ—Ž={†yUú89‚ ÿñ;½%ÝwÕÜ€¾ ³—Ÿ fæ.nv`\à6‚ J«üN+‘ãçkŠÿꈾV ¹™4“¾F&Ê ½%E6OkɨÛ–þ¨ëØ…}H¾­ÏŠÎeIíýeDq@Ðn?2œ+¡Y ±ƒ™\p'¾^ <8\EFI\BOOT\grub-lakitu.efiÿ ¯„ûQ°XvוfG[´#ó€-w å/ž=§ŒA‚T E®éà õûp²Î„“ÇSˆÓ¹ 6.p¾—)ßeµ7TýÝn—úñ–¼n ’ž ;²Ôqÿù{€»Ütˆe"bf•grub_cmd: defaultA=2 £Ò—¡zÎ-ÊÍ`BÑÌØà D ?§÷M 2µ"GzÒ—ÇH„*ΚãáÍËM[µ§Y¶L g ò×AÌ<ècítd&¡ñ©˜¾Ÿgÿ«ß¡òÛv–ˆX¨\5‡W[AcuŠÄÇŠgrub_cmd: defaultB=3 ¼Ý‰“Èçê2Yxm/Ì{f&í)› –aد2ý-mÇ¿`‰ðtë3.åÙsR¶Å\¦Íʪ Ãp–I´ZÈ:óf\LŽ‹*¦¤'ÜAªH ¯·ùU‚ㆥ®¶`.”[äö¶y²Î¢‘Ÿ"grub_cmd: gptpriority hd0 2 prioA ß³¹ AË牕Ü^$cpïfØAæ ÁǶÜz6мuÀ¾ö›Ü'}tÊ8Ðì(D²¯? ²Ì¥CÌ>YNu×`h²5ÐF$¯¼fœ¹ÿuòtc´ô¨ÖSê‘C‰Š‹wa¡r½ £"grub_cmd: gptpriority hd0 4 prioB ܘXü»É­¸â¡GZçÍÇk ì~ýÚ?üÂZ¯¢y#ÀÞ”dÛŒˆBŠ¯X’ð• ‚ïªGpøJ¶_—,vYQ–8ÐÝUl‡PênÞPö‹2æC(X=&µ¦DêÍ¿{3grub_cmd: [ 4 -lt 5 ] Œ¡K–T:^-¾Ut (Æ•cŠã M?øl,©¹í/ºbã›Yõ®‚ûÒ®ÁÂÃX@Jd¬ Fžm÷ç ݽ7$+ àn˜½Ÿ­Bð ¹v®0|Ǩ²Îoÿ¦A«µŽ·ea¸grub_cmd: set default=3 OD¤§§R>cwê–Ó‹6»l"Ø Ó§“ôq¶¿è׃õæ)1L­GcÔ‰†¨ÍMòTu3K@ô› Tƒm4e3°ÈÇÌ&0‘ŠHl¤DAmÕ¢gã70¸˜ÆÝz%†£‚¬@‘Â"grub_cmd: set timeout=0 }Ánš¶Ç-%Ñsrõ>uÖ ¦¿ @;MÅC%Hâ' "H° cóz¹%Ûˆ•¯Ö!Yb Å*·‘Ï©£}1bòbe 3 ¨bS3ÀÈc_Rß죞({gÇE§LÒ•ê¥ángrub_cmd: menuentry local image A { linux /syslinux/vmlinuz.A init=/usr/lib/systemd/systemd rootwait ro noresume loglevel=7 console=tty1 console=ttyS0,115200 security=apparmor virtio_net.napi_tx=1 nmi_watchdog=0 csm.disabled=1 loadpin.exclude=kernel-module,firmware modules-load=loadpin_trigger firmware_class.path=/var/lib/nvidia/firmware module.sig_enforce=1 i915.modeset=1 cros_efi systemd.mask=update-engine.service confidential-gke.hardened=false systemd.default_timeout_start_sec=900s cos.protected_stateful_partition=m 'ds=nocloud;s=/usr/share/oem/' root=PARTUUID=264B02A7-6855-464E-9FFF-6775B5EE65B0 } d²]Ý*bvOÄ 3Åìf™ g³Æä̲BåÞ"6FPBᢊ:ôLà4Ÿ8 ¿ ÆÀl 7Ô™w¢;c+Çå^9MXƒÅìÞM‹„-òIõÖý~6Ňùªè`ë{‡¢Ò`)yngrub_cmd: menuentry local image B { linux /syslinux/vmlinuz.B init=/usr/lib/systemd/systemd rootwait ro noresume loglevel=7 console=tty1 console=ttyS0,115200 security=apparmor virtio_net.napi_tx=1 nmi_watchdog=0 csm.disabled=1 loadpin.exclude=kernel-module,firmware modules-load=loadpin_trigger firmware_class.path=/var/lib/nvidia/firmware module.sig_enforce=1 i915.modeset=1 cros_efi systemd.mask=update-engine.service confidential-gke.hardened=false systemd.default_timeout_start_sec=900s cos.protected_stateful_partition=m 'ds=nocloud;s=/usr/share/oem/' root=PARTUUID=7F1D4287-3F21-9046-A635-E2FFAEDD6FCA } } Êׂ·¬ÏfLÎ\túCít o®võ`á/»Z˜¼×I øGŠÔ›c’ÉᙸïyÁÚ úUËF/@¥ùCé®ZnJqìq¯%û³³”…€ÿÒxÝX›Å9Í}ŒnÒÁbð5Ûgrub_cmd: menuentry verified image A { linux /syslinux/vmlinuz.A init=/usr/lib/systemd/systemd rootwait ro noresume loglevel=7 console=tty1 console=ttyS0,115200 security=apparmor virtio_net.napi_tx=1 nmi_watchdog=0 csm.disabled=1 loadpin.exclude=kernel-module,firmware modules-load=loadpin_trigger firmware_class.path=/var/lib/nvidia/firmware module.sig_enforce=1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi systemd.mask=update-engine.service confidential-gke.hardened=false systemd.default_timeout_start_sec=900s cos.protected_stateful_partition=m 'ds=nocloud;s=/usr/share/oem/' root=/dev/dm-0 dm-mod.create="vroot,,,ro,0 4077568 verity 0 PARTUUID=264B02A7-6855-464E-9FFF-6775B5EE65B0 PARTUUID=264B02A7-6855-464E-9FFF-6775B5EE65B0 4096 4096 509696 509696 sha256 6af0869bb4f7acdc9ec11fc0e363bce77f4972c6da00722ef47bd501da9ec626 41199e1b418d348c95f4747abbd1d949bfc8e250bd283da27111739c5db7d475;oemroot,,,ro,0 1024000 verity 0 PARTUUID=625f249d-cd56-b04a-9d5f-e077b9f0f2b1 PARTUUID=625f249d-cd56-b04a-9d5f-e077b9f0f2b1 4096 4096 128000 128000 sha256 be14f1ca27cdb3de0564d683fca5855de82f8be1409de341b265939627d27919 465d1ca7f7063aac35b5e3ce9d944ffcdb0b3cd58020b87d8ccf2f4b5ed0f932" } UïPÛºn„ÍÝZï#$IR(çK{ 4×7–øðUÚøî1¥ÉÝdF^“ÌùoÑPŒŸ´ÀûÞØ o×5aENŽÊ‚•'kVvÍKi4ÓÜ蜟1fo2swV³·ÖkTUê‡ã“J[Ûgrub_cmd: menuentry verified image B { linux /syslinux/vmlinuz.B init=/usr/lib/systemd/systemd rootwait ro noresume loglevel=7 console=tty1 console=ttyS0,115200 security=apparmor virtio_net.napi_tx=1 nmi_watchdog=0 csm.disabled=1 loadpin.exclude=kernel-module,firmware modules-load=loadpin_trigger firmware_class.path=/var/lib/nvidia/firmware module.sig_enforce=1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi systemd.mask=update-engine.service confidential-gke.hardened=false systemd.default_timeout_start_sec=900s cos.protected_stateful_partition=m 'ds=nocloud;s=/usr/share/oem/' root=/dev/dm-0 dm-mod.create="vroot,,,ro,0 4077568 verity 0 PARTUUID=7F1D4287-3F21-9046-A635-E2FFAEDD6FCA PARTUUID=7F1D4287-3F21-9046-A635-E2FFAEDD6FCA 4096 4096 509696 509696 sha256 6af0869bb4f7acdc9ec11fc0e363bce77f4972c6da00722ef47bd501da9ec626 41199e1b418d348c95f4747abbd1d949bfc8e250bd283da27111739c5db7d475;oemroot,,,ro,0 1024000 verity 0 PARTUUID=625f249d-cd56-b04a-9d5f-e077b9f0f2b1 PARTUUID=625f249d-cd56-b04a-9d5f-e077b9f0f2b1 4096 4096 128000 128000 sha256 be14f1ca27cdb3de0564d683fca5855de82f8be1409de341b265939627d27919 465d1ca7f7063aac35b5e3ce9d944ffcdb0b3cd58020b87d8ccf2f4b5ed0f932" } zGÀX³Nµ ^\Õùÿ勪 >í Þ6l0Ὂ¼…L GNá@p†´Œ¡“ù<š¼£ "—l ®NÒÊ}jkš)üÉÇrà•ï§EjÉ_ˆõ9:³Ž…ãO$* /-Žºngrub_cmd: menuentry Alternate USB Boot { linux (hd0,3)/boot/vmlinuz init=/usr/lib/systemd/systemd rootwait ro noresume loglevel=7 console=tty1 console=ttyS0,115200 security=apparmor virtio_net.napi_tx=1 nmi_watchdog=0 csm.disabled=1 loadpin.exclude=kernel-module,firmware modules-load=loadpin_trigger firmware_class.path=/var/lib/nvidia/firmware module.sig_enforce=1 root=PARTUUID=264B02A7-6855-464E-9FFF-6775B5EE65B0 i915.modeset=1 cros_efi systemd.mask=update-engine.service confidential-gke.hardened=false systemd.default_timeout_start_sec=900s cos.protected_stateful_partition=m 'ds=nocloud;s=/usr/share/oem/' } j7zIÜñipòhKû(…Ž’’ ®š£óê½ÓßÉ™*ìµp?k( –o*dAuaò‚@Êÿ §B…P] !»M˜"…Žô—ž3=ÉüÚõÏãŽN̺)³ƒ†úŽHú²± ð±D!%grub_cmd: setparams verified image B +ó—–ˆ®˜œó­¿l;Q¹T ¿ýÿmlt ~QÕØ$Ãn•¿I~hÿ™7ô>ö< ŽìbMã)òÜš)o);ÂÄ'Ý—üóÎ{ÂMÎ빆6­à&½ ·Ü´þrq®ê¬grub_cmd: linux /syslinux/vmlinuz.B init=/usr/lib/systemd/systemd rootwait ro noresume loglevel=7 console=tty1 console=ttyS0,115200 security=apparmor virtio_net.napi_tx=1 nmi_watchdog=0 csm.disabled=1 loadpin.exclude=kernel-module,firmware modules-load=loadpin_trigger firmware_class.path=/var/lib/nvidia/firmware module.sig_enforce=1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi systemd.mask=update-engine.service confidential-gke.hardened=false systemd.default_timeout_start_sec=900s cos.protected_stateful_partition=m ds=nocloud;s=/usr/share/oem/ root=/dev/dm-0 dm-mod.create=vroot,,,ro,0 4077568 verity 0 PARTUUID=7F1D4287-3F21-9046-A635-E2FFAEDD6FCA PARTUUID=7F1D4287-3F21-9046-A635-E2FFAEDD6FCA 4096 4096 509696 509696 sha256 6af0869bb4f7acdc9ec11fc0e363bce77f4972c6da00722ef47bd501da9ec626 41199e1b418d348c95f4747abbd1d949bfc8e250bd283da27111739c5db7d475;oemroot,,,ro,0 1024000 verity 0 PARTUUID=625f249d-cd56-b04a-9d5f-e077b9f0f2b1 PARTUUID=625f249d-cd56-b04a-9d5f-e077b9f0f2b1 4096 4096 128000 128000 sha256 be14f1ca27cdb3de0564d683fca5855de82f8be1409de341b265939627d27919 465d1ca7f7063aac35b5e3ce9d944ffcdb0b3cd58020b87d8ccf2f4b5ed0f932 ˆ+Ì°¸kÅwÀ_£Æ`5‰ lޛуÊû(?ÚãÐ :à_t›eU@xê.Á× V í Që¯Bæ€RÔêì7„€}—|Õ»ë—æY(æ·ö:ó½\ T ê>'8ž²|RqD}*Ì`ôͧ ¸²Ü-˜sæ غ®u›~YBýGOëÉ]•«}ÀEå+OѯLÊT/Ô;ŠX\1Û+¡D'ìò @®Í e´«O»Øwõ^…Ùb½ û;öN= Å£6 \ßmå=a]1ùb°â(T؆kÑLpaÒA³ñÓ ¡ïÛО¤|CVQùã£åÇ<.û,Zá…i_ç,° %¤¨|쥨¹ …±Ú€¯®kernel_cmdline: /syslinux/vmlinuz.B init=/usr/lib/systemd/systemd rootwait ro noresume loglevel=7 console=tty1 console=ttyS0,115200 security=apparmor virtio_net.napi_tx=1 nmi_watchdog=0 csm.disabled=1 loadpin.exclude=kernel-module,firmware modules-load=loadpin_trigger firmware_class.path=/var/lib/nvidia/firmware module.sig_enforce=1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi systemd.mask=update-engine.service confidential-gke.hardened=false systemd.default_timeout_start_sec=900s cos.protected_stateful_partition=m ds=nocloud;s=/usr/share/oem/ root=/dev/dm-0 "dm-mod.create=vroot,,,ro,0 4077568 verity 0 PARTUUID=7F1D4287-3F21-9046-A635-E2FFAEDD6FCA PARTUUID=7F1D4287-3F21-9046-A635-E2FFAEDD6FCA 4096 4096 509696 509696 sha256 6af0869bb4f7acdc9ec11fc0e363bce77f4972c6da00722ef47bd501da9ec626 41199e1b418d348c95f4747abbd1d949bfc8e250bd283da27111739c5db7d475;oemroot,,,ro,0 1024000 verity 0 PARTUUID=625f249d-cd56-b04a-9d5f-e077b9f0f2b1 PARTUUID=625f249d-cd56-b04a-9d5f-e077b9f0f2b1 4096 4096 128000 128000 sha256 be14f1ca27cdb3de0564d683fca5855de82f8be1409de341b265939627d27919 465d1ca7f7063aac35b5e3ce9d944ffcdb0b3cd58020b87d8ccf2f4b5ed0f932"€D:k{‚·¯VO.9<ÙÕ£ˆ·úJ˜ Ø=k{…­5Ž³¶®j‡:·ï#¢cRÅÜOªZîÚÏ^´ !K ïyu`4Hwt?Ü*S‚ºÆçbÖ$ÌóöT@|K­÷Øù)]ÓÚ½ïe²vwàExit Boot Services Invocation€GUEÝÉx׿Ð6úÌ~.˜HŸ µOuBËØr¨ꃛ+t|~½^¦a\@ô/D¦Ûë  .È]êç¥0­Œm ¨@ º¾l‰‰&ž• Œô@Æé—i^dÔUÄJe,Ѐö# t(Exit Boot Services Returned with Successgo-tpm-tools-0.4.7/internal/test/eventlogs/gdc-host.bin000066400000000000000000001423761510276467000231130ustar00rootroot00000000000000!Spec ID Event03  StartupLocality Í`³ë÷˜æfÂðÛÐm³¨_¤aXÆTF2^Çü©Boot Guard Measured S-CRTM "rïÆøÃÛS^æ¥L=¢ÃjšcÝ7O8ªæ«LjÂu 2.3.5€ O²¸µã}˜a~çÓÈ´Ïd}Iäźak“Ï‹m™Üÿ#€ ߪ=ûâ¿©zSX“³ ¾f¢À_Y€¢zË-‰|£ 3¹xÿ € â;º××䶖¬6ÌfZò*1wh‘­°òÇéüy䘋€ ã°ÄB˜üšûôÈ™o¹$'®Aäd›“L¤•™xR¸U  Šð¹”ø.¼¬æí¿.Oé`ò&¤?wj3çŒ(No voltage offset and OC_LOCK bit is set€ Z¨'ÛÌûDÒ­žÏÚV½êb † ”¾Õ·¢{ºMØ5aßä‹Ê“Òª à˜+Œ SecureBoot€ kÃÒ«Vθ-êk˜Q[owzŒ€8\|”k.·ë—aßä‹Ê“Òª à˜+ŒsPK¡YÀ¥ä”§J‡µ«\+ðrsWˆ_¦ ©.L–3¤ÚFŒfç0‚C0‚« 1wià—˜­Hˆ¶AlPòà0  *†H†÷  0¸1 0 UUS10 U Texas10U Round Rock10U Dell Technologies Inc.1,0*U #Dell Infrastructure Solutions Group1503U ,Dell Technologies Inc. Platform Key Gen16 3K0  220215160218Z20520215161218Z0¸1 0 UUS10 U Texas10U Round Rock10U Dell Technologies Inc.1,0*U #Dell Infrastructure Solutions Group1503U ,Dell Technologies Inc. Platform Key Gen16 3K0‚¢0  *†H†÷ ‚0‚Š‚È)åžáû\%ø™Ý€aó06è•k–²òÓ{j~ ¨©¸áè|Ì—%Ÿ r{ié–X½‘V“£Ë_x½ùü2^?e£1#+üßHÑð’æã4•Ýîg´Öè±é½|÷Mи4Rùÿë%3Cð+Kvºs‡c™š¹—Em €+p`ÒÌ’“äëøíP=óV\è[å€Þä6vyÉà_- *ŒˆÖ)œ¯GO¶éè웉G»¥„Ã"R ImQœV&rý>2žCÒ® (‹Ô8¼ýŒ×)%l_§t+8:×MÉYtįËý×S£Tn<&ø²þÞUpxY…y¶òˆ9 ÞTïfPÅÕ†@©r2ÅÆugm÷ÔÖ’¥®.u`«&O(c½¿X1»DØÓü÷n€ý§Ú(¦üM1·â›ÒZ9kpÛ"äh8É£¥¨ØƒQª¸ò$ïS@Á áIɺcM‘&f®Le.˜×#åÑ⟔1 £E0C0Uÿô0Uÿ0ÿ0Uì~ñ„38v•¥;ÕAÖ±$r~e0  *†H†÷  ‚v2æŒ9—q€”N/ë£âQ)ó×¢W„´r%:(/•ˆrAAª^ClTívÆÕ‚DkÔ(íñur¡Áé¤3?4BeÀ-Ihz52˜<¼Ë|¦ë!AïÙõn\OTg‡g ®ÒWìCæFèكç/6è_Xñ•´5¨…ØD5V4÷‹k2ö^.K ³ÏlÆ GXKÕ^éq(9Cª½ J’È0"˧9ŽÑ×ÍѧA˜ç tFšv ƒñDDܱ‰ye^R£Z>ƒâ—„¹‰ÌŒÐNÔfð—WGo6¤µ”€ùbK…¬ Óg(|ŒY%.¥â1¢së׃|öˆÏbˆðÊ2I\.8“\ôÿ^ÈÚéŽTÅêczêá‹{*mlìe˜æ™÷®ÏoÑ DÓ8 ×õ²ô»ØDu(ž"SQÏÿ*Ò5“±7àÝ[.T”]˜˜Î:ëo{¯õúÉ®ýéN¨°ú/ MØm&WÌVµÉ¨^:Žö˜;€ cÀîxëI¹Â°7h¨'ëù±#pöXQ±šˆ;ó.¯*>aßä‹Ê“Òª à˜+ŒKEK¡YÀ¥ä”§J‡µ«\+ðrü½šúwY2M½`(ôçxK0‚è0‚Р a ш0  *†H†÷  0‘1 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110624204129Z 260624205129Z0€1 0 UUS10U Washington10URedmond10U Microsoft Corporation1*0(U!Microsoft Corporation KEK CA 20110‚"0  *†H†÷ ‚0‚ ‚Ä赊¿­W&°&ÃêçûWzD] ÚJåt*æ°ìmëì¹ãZc2|Oã §8“ŽÆõà„±š›,çõ·‘Ö áâÀ¨¬0ßHóPšd§QÈ…O †Îþ/áŸÿ‚ÀíéÍÎôSjb: C¹â%ýþùÔÄ«â#‰p·¤Mì®åœúÂ×ÁËÔèÄ/å™î$‹ìò‹êÃJûC ~µG’lÜæ‰ëõ3ë*qåùƒ<ÿ% /hvFÿºO¾Ü­q*XªûÒy=ä›e;Ì)*ŸürY¢ë®’ïö5€Æìä_ÌvÍïc’Á¯y@„y‡ãR¨è{i£‚O0‚K0 +‚70UbüCÍ >¤ËgÒ[ÙU¬{̶Š_0 +‚7  SubCA0 U†0Uÿ0ÿ0U#0€EfRCá~X¿ÖNž#U;:"j¨0\UU0S0Q O M†Khttp://crl.microsoft.com/pki/crl/products/MicCorThiParMarRoo_2010-10-05.crl0`+T0R0P+0†Dhttp://www.microsoft.com/pki/certs/MicCorThiParMarRoo_2010-10-05.crt0  *†H†÷  ‚Ô„ˆõ”Ê*<û*’ × ÑñèRf¨î¢µuzª-¤vZêy·¹7jQ{döádòg¾÷¨x½ºÎˆXd ÖWÈ£_ÖÛÆÐiÎHK2·ë]Ò0õÀõ¸ºx£+þ›Û4V„ì‚Ê®A%pœkéþ×–å甲* Kÿ(){÷×|¥Ñv¹Èyí’œÂþßo~l{ÔÁEÝ4Q–9å^VØ–ô¦B³ wýòqVÌŸ†#¤‡Ë¦ýX~Ôig‘~òå ‹Š<‡„ëãνCå­-„“Žj+Z|DúRªÈ-»àRßøš=Á`°á3µ£ˆÑe ç¬|¤Á‚‡N8±/ Ňoý.¼9¶çæÃàäÍ'„ï”Bï)‹FA;gØùCYeË ¼ý’Oôu;§©$üPA@yà-O j'vnRí–i{¯÷‡ÐE­Sû0ª76aÚJi4ØhíÖÏl” ÓÏl"y­±ð¼¢F`©ÄÂ!‚ñýòèy2`¿Ø¬¥"KÊÁØKë}?W5²æOu´°`"S®‘yÖ›A†Tp²Þ 5|°4rº—`;ðy뢲]¢¸‡Åéöµ—%o8Ÿã‘úŠy˜Ãi·£ —øÊ®×ÄóÀuk4 µ™`ó\°ÅWN6Ò2„¿ž€ É“™»ögÚLi²¬Ã‡^¾~;¿8ÎgTK¥ˆ“LkçŸ˲×:=–E£¼ÚÐgeo{db¡YÀ¥ä”§J‡µ«\+ðr@$½šúwY2M½`(ôçxK0‚0‚ø  aÓÄ0  *†H†÷  0‘1 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110627212245Z 260627213245Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1+0)U"Microsoft Corporation UEFI CA 20110‚"0  *†H†÷ ‚0‚ ‚¥lLÇE jK ¤À‡u CTdàí’} ²s¿ ÆJEa Å-–Óõ+ ûMI›A€<¹Týæ¼ÑĤŠAŠ\Yƒh2»ŒGÉîq¼!OšŠ|ÿD?2²&H®uµîÉLJ~ä‚šxwM °½öÓÓ¼ú+¥Q8]õûºÛxÛÿì –Õƒ¸é¶À{@{á('ÉúïV^æ~”~ÀðD²y9åÚ²b‹M¿8pâh$É3¤7ÕXi^Ó|íÁSçN°*‡caocYê²+y× agŠ[ý^­‡º†gOqX"""΋ïTqÎP5Xv•îj±¢Õ£‚v0‚r0 +‚70# +‚7øÁk·wSJó%7N¡&{ p€0U­¿C ½‚pœŒÕO1nÕ"˜ŠÔ0 +‚7  SubCA0 U†0Uÿ0ÿ0U#0€EfRCá~X¿ÖNž#U;:"j¨0\UU0S0Q O M†Khttp://crl.microsoft.com/pki/crl/products/MicCorThiParMarRoo_2010-10-05.crl0`+T0R0P+0†Dhttp://www.microsoft.com/pki/certs/MicCorThiParMarRoo_2010-10-05.crt0  *†H†÷  ‚5Bÿ0ÌÎ÷v ­hX5)F2v'|ïA'BJªm8HYUóéX4¦ ‚ª]­‚Ú€ƒA´ò¹ó]ñPù³U„B( ½²®QÅÀ¬—•!Ûüwž•s‘ˆÊ½½R¹P ßWž aí åm%Ù@@ÈΣJÂM¯šT½Ç¼¹+=I+2üj!iO›È~B4ü6‹ @À³š%u'ÍÉ£ö]Ñç6Tz¹PµÓÑ¿»tßÜ€Õíô/k/ÞfŒ°#åÇ„ØíêÁ3‚­VK-ñh•ÍÏðrð®»Ý†…˜,!L3+ðJðh‡µ’U2u¡j‚j<£%¤í­×®ËØ@Y „Ñ•Lb‘"tŒ=GD¦ä°›45±ú¶S¨,ì¤qȸºèDfäGTŽV³Ÿ˜²†Ðh>#µ/^P…Æ‚_A¡ô. à™Òluä¶iµ!†úÑöâMÑÚ­,wS%27ÇlRr•†°ñ5ajõ²;PV¦2-þ¢‰ùB†'U¡‚ÊZ›ø0˜T¦G–%/È&äA”\?å–ã…[<>?»GrUâ%"±Ù{ç*£÷Fà Ö‰ã5'bq¦ïÐ'  Y7`ø8”¸àxpøºL†‡”öà®Eîe¶£~iu’›õ¦¼YƒX¡YÀ¥ä”§J‡µ«\+ðr뽚úwY2M½`(ôçxK0‚×0‚¿  avV0  *†H†÷  0ˆ1 0 UUS10U Washington10URedmond10U Microsoft Corporation1200U)Microsoft Root Certificate Authority 20100 111019184142Z 261019185142Z0„1 0 UUS10U Washington10URedmond10U Microsoft Corporation1.0,U%Microsoft Windows Production PCA 20110‚"0  *†H†÷ ‚0‚ ‚Ý »¢ä. ãçÅ÷–i¼!½i33ï­ËT€îƒ»Å „Ù÷Ò‹ó8°«¤­-|byÿãJ?5 pãÄçkàœÀ6uéŠ1ÝpåÜ7µtF–([‡`#,¿ÜG¥g÷Q'žrë¦É¹;S5|åÓì'¹‡þ¹É# o¨F‘Án–http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0  *†H†÷  ‚ü|qQ¥yÂn²ï9>¼«\`ìß¨Ó éôö–…¶QˆfG¢°=*hw»‘Lb{¶ÁǺz‡4Kbz™éÊüÎJ7É-¤W|þ=ܸZúÖij…:ê³Ùnäi!7ÞÑöugÓ“W^)9Èî-áÍäEs[ÐÒÎz«‚FXÐ^³g¯l5ò¼å?$â5¢ uöV™Ôx,ÑëЈªñߺ~,c·›#!ÄùxlâX6+‘̤Ùò-ºù”@íEñΊ\k>«Óp* jà_GÑÕc 2ò¯×6*pZåBYqKWº~ƒð!<ôÁŹ“ˆE“†é± ™¾˜ËÅ•¤]bÖ c ½uw}=óE¹Ÿ—ŸËW€o3©Ïw¤bY~¡YÀ¥ä”§J‡µ«\+ðrûß[éÕ£ SG‡5DZûpb0‚Ë0‚³  éÙÿiæóçä0  *†H†÷  0M1 0 UUS10U California10U Palo Alto10U  VMware, Inc.0 081016171605Z 191231171605Z0M1 0 UUS10U California10U Palo Alto10U  VMware, Inc.0‚ 0  *†H†÷ ‚ 0‚‚Åe§EÏgó.yS»Ìv'–·jú“²¬„tYÜ?WmåMþå¹¼«€ ¤¿üdÈþTFK]“ÿï0ˆ¿û$ ºðð]^°_>ö×0U#0€Y>û$ ºðð]^°_>ö×0 U0ÿ0  *†H†÷  ‚½¶¦»U£ëØLL`/ï&Ù7zH*³”!!>Úv{ì7êÿæψ…N´¬… b³ùZ„Z"æùÄÐ0ž9<‘xõâ R ma1•SFÿ o”™J² M‚­Û0ò}&!*\Áyš8Ä)ã'Š¡àAj»¢:ì„‚³ª­/XÜí¼¡‹nÚÞkI|×çÄF æT3 ÍIJwñÎÈ· çŒÃ;|œÙò…ȼü@ð| Ùóz‘· • .xö#,>î隟mKðîi€f>èý·ýôm¢çxƒD„â­Q›QÌæñÏ}I×ÅuŽÉRG ¡YÀ¥ä”§J‡µ«\+ðrR6ˆ_¦ ©.L–3¤ÚFŒfç0‚"0‚Š rÕé`’ÎHþ[~ birr­Œ0  *†H†÷  0Œ1 0 UUS10 U Texas10U Round Rock10U Dell Technologies Inc.10U Dell Edge HZP10U Dell Technologies Inc.0  221128215758Z20521130215758Z0Œ1 0 UUS10 U Texas10U Round Rock10U Dell Technologies Inc.10U Dell Edge HZP10U Dell Technologies Inc.0‚¢0  *†H†÷ ‚0‚Š‚Ô)×zòî%ô3ž_:ÝëÏÕ9oGâ:´Ï*ò»Î—_ª›LÔ”H‘!ä&«f®©„­øÊ÷ Öà7Wa„±r49òžUÊ?¶®=$½U91ž#¥­S‰ŽvÆK5¡2°'‚¨úDáaÎB&š=çß2S:kÇé<2ÛÍ¥€yÅv?j£sfl—¢}F?¹àÀ¥HIºoß÷‰ 4ÉÁª¶Müñ¡Q "É€48­~ƒyÖÙûUñÐ9êÚ¦ßÓÁì)¡?˜îBÙ”¹zw?;‘Õ›iž`ä¯*“±¿É6îå¢Ò–æ°‚Î\gØ´¦^²*sâæ@Ǭbíf=«7P¹ò.˜X]Ì´ñ1?ù £áõ ºs†‡Mè€ê5ƒt´:»ùñ)@NË%ñc[ Õ _—œ€­¾&!:o`»‚pY­*Ÿvâ.´»¼$ èÔ¢ƒæ~2;;–ä»ÑÿyÏߎÌ^_ø)ÞT*dˆA­U8-70]ãx0v0Uÿ€0U% 0 +0U²LG†R$êoªÀ‹ç” ¼åDž0U#0€²LG†R$êoªÀ‹ç” ¼åDž0Uÿ0ÿ0  *†H†÷  ‚€wÀÐé`BR. šÒëš‹^w¡±g>n˜\ó'¡ÉC}h¢‰lã­–y Ë"–£uêÞH æ7V,ÿugUþŸÈUÔ?ç.@­n@Éç´k_˜^Ÿ6Ö«µ¦ª…¶T¬ðŠ?ê¯ET©¾Üf‡Â» zXpšyŃaÔ iæ4Ò×ÑKÉü›’÷a+H_1¨Œu>öÏAÈ̳|z6öQ=ºg­67³ æÄ©ýÚ” "^¬0Õ›š¡N#ØÀ'_…‡ŒávÍ,xCi‹^ÜÂì})¹~Çû®o«ÏfÛj’#dÐ¥¯¥)KÒ£a  V‚ÆêíW2ÛЗôäf**Jò®É|G]ëÇÀÒSøHxâ>K‘q,±óˆŽ™oi{ΤHRÔ¥Ëx’\Óƒ%™=ס×æ[ÚÜæ.ÔyõŠF³›¹xÝWøNç ² <Ö;ÏVz}MþÄûÎùüªI<$K„…êç¶ù±\yEX ¿µ±>U¶ã¥À€ ¤Ø.© 'G`*ŽÒ¿ˆ-ÿÚéksÉk~5ÒAÆyLFîY˲×:=–E£¼ÚÐgeoÈYdbx&ÄÁLP’@¬©Aù6“C(L0eüáU˜¨B¨©è9Í2šAn>Jg"¥4¯º@¶Ö¦œÃñäŽyYõ{òHÕCÐE&ÄÁLP’@¬©Aù6“C(¬'0½šúwY2M½`(ôçxK€´Ùi1¿ ý‘¦ÑO¤Ræm²@Œ¨`MA’eŸ ½šúwY2M½`(ôçxKõ/ƒ£úœûÖ’r($ÛäE4Ò[…$k;•}¬nÎz½šúwY2M½`(ôçxKÅÙØ¡†âÈ- ¯ª*o.s‡ >d÷,Nïgyj„½½šúwY2M½`(ôçxK세Kle¥ ©¾q–R0! bÖÓ h2Û²Ò à'%'߶=IÒ•r¦ôL½šúwY2M½`(ôçxKo¬êÏìýN0;tô€ €˜âЀ+“oŽÇtÎ!ó†hœ½šúwY2M½`(ôçxKN: [CƦ»Ó@O4=Ï9bgΔøµ.#©Ú’ ½šúwY2M½`(ôçxK+™Ï&B.’þ6_¿Kà 'lžáKzoÿDû/ki™9½šúwY2M½`(ôçxK.p‘g†¦÷sQ§«pµWÆ2.©#²¨Ó¹+Q¯}½šúwY2M½`(ôçxK?ΛŸß>ðTR°ù^ä·ðmt:syqUŽpjÎ>s½šúwY2M½`(ôçxKGÌa'⚆à:kï,ÔøÅZmkÛ6!hÃ,ã*Zß½šúwY2M½`(ôçxKqòoÒ"I~T£Fb«$—üÈ wõhéãÙ¿Ëýcu½šúwY2M½`(ôçxK‚Û;δöCΗÃч͛YAÍ=èXo+ÚV7W_g½šúwY2M½`(ôçxKŠÖHYñ•µõ¯ª” jag¬ÖzˆnF“dr!ÅYE¹½šúwY2M½`(ôçxKŽ¢‰Ïç «seË(îQíÓ<òPmèˆû­Ö¿€H½šúwY2M½`(ôçxK®ë®1Q's핪.g9í1©…g0:3"˜ø7 ©ÕZ¡½šúwY2M½`(ôçxKÄ ½¬Gu­ØÛ’ª"µ·ûŒ”¡F,餹]Š3ˆÂü½šúwY2M½`(ôçxKÆÁ¨±î*(µ¨Lƒ×É‹[ '(aëæ’–½šúwY2M½`(ôçxKÉ3f¸çùƒ—TÉ—ñ së&Ø¡ ¹ã½¿Æg«Û‹½šúwY2M½`(ôçxKdW[Ùxš.­Vö4R¯kø ùDxYuéðN-d×E½šúwY2M½`(ôçxKEÇÈ®u Ï»Hü7R}dÝdM®Ø‘<ÍŠ$ÉM…igߎ½šúwY2M½`(ôçxKØûLž.z‚%ekK‚s·Ë¤°>òéë à )$졺†½šúwY2M½`(ôçxK¹*ò˜Ü›xÇt’ÖUq ×*­£×{åF ä2xïnM½šúwY2M½`(ôçxKᮃÀ.o(XÔëÑw#´õê5yÕD=ìÅù<½šúwY2M½`(ôçxK9ÛÂ(ŽôK_•3,·wãè@Û¦€cJ¨õɱ½šúwY2M½`(ôçxK2õ” ¢Ø¢ÁEæü‰df(ÿÌ|zBÊå3})Ä ½½šúwY2M½`(ôçxKÔ_Ë£–®ó>èöì®X¯èGj( &üqö!}ÏIº/½šúwY2M½`(ôçxKK†h¥Ôe¼ÝªüÿBOËЮÎ2üp¨>‘`èŸ ½šúwY2M½`(ôçxK‰óÑöä…Ã4Í •ãÍýÀq±„˜T„zDÜUHâÜû½šúwY2M½`(ôçxKÉì5ònUšÿ´ âëÞT5L5©˜`[Ï—-U½šúwY2M½`(ôçxK³å4¿kW†—3“Ÿ$¶k¤eã^‘°6**ÍépI½šúwY2M½`(ôçxKŸcíWÔ´.ñ f±D¦[¡¶WùKŽ²ðÄÍ`Á½šúwY2M½`(ôçxKÝY¯VDãŒcûà…0 ÍwF*!’Y°[ÂYæs½šúwY2M½`(ôçxKÛ¯žm=[8¶…S0J¼ˆ‚~¼ø ¹Çá—ͼX"Í1l½šúwY2M½`(ôçxKeóÀ „Ób¹r.˜÷^^™ln“O{+.kæÞÈ콚úwY2M½`(ôçxK[$Ž‘=q…==¥®ÝšKÅz‘q&W8û_Ë-†¢ñȆ½šúwY2M½`(ôçxK&yeãAòϨƒF 5Vª¯w§ kÄ„É0tl÷µ½šúwY2M½`(ôçxK»ÑmSco##§¨o=ÿ–Ÿ„ˆÀWKÂׇþÉ?½šúwY2M½`(ôçxK à!ö|~ø_Ní6¿p’8 <#Ê‘ýC ”° ½šúwY2M½`(ôçxK•ŸA7Ç°Òvq•åos€}:Üøöç¿-M™0_‰½šúwY2M½`(ôçxKæ!jÊïd@¥Uì¾Ù@±¥òVší’•a7®XH.ñ·½šúwY2M½`(ôçxKnþþ [G‹{”LÓ¨¬¢Ì¤ ˆˆâŸŠËX$׺°½šúwY2M½`(ôçxK®LÔzAǃÜHóBÀvÂÁo4ôÒßPÑÊ;µ­…½šúwY2M½`(ôçxKØÔæÝöä-t¦¥6êbýä) \ž\6•£Bïµõ¤½šúwY2M½`(ôçxKòw¯O›Ü‘ŠèŸ£\Á³N4˜L®—e2,<°IWM6Pœ½šúwY2M½`(ôçxK ÂLuëïV¹ñ:¹Þ`âì¡ÄQ4⻳lö T›#L½šúwY2M½`(ôçxKƒXò¥W-pYµÈcPU(’éEbo_Éʬ÷½èW¤½šúwY2M½`(ôçxKºßõäðþ§p¨û"äÄ8!ã! õ-OtÝPñÐ9¼½šúwY2M½`(ôçxKÄR«„`sßZÎ%̦Mkz Ù0ŠeëR@ãÄëÊ©Ì ½šúwY2M½`(ôçxKñ†>È·ô?”­û ‹JiIzŒeì¼*Uà»Bw+ŒÜ‘½šúwY2M½`(ôçxK{ÉËTcε^¸ºwѬ҃Ä?JW`<Áò,ëÅy½šúwY2M½`(ôçxKè9]¾WèQx´ºõ¢Wðn‘!¦|Y_jâ%ý½šúwY2M½`(ôçxK´ÜÊòÈϧ´“Žqþ+–‘ä!oÙT(g-l~s½šúwY2M½`(ôçxK>Î'˳ìD8Ìå#¹'Äð_Ü\Y:7fÛ˜L^Cz?ö¡k½šúwY2M½`(ôçxKhîF2ǾfÈ>‰Ý“ê¿E´ÂÇ-}ÇIš¢ C½šúwY2M½`(ôçxKâK1ZUqH=‹s³-áMáë.«!ý-œ1Ÿõ^нšúwY2M½`(ôçxKç :´ìˆUì¥)7ØKZÂOˆ&kRpçì´ª%8½šúwY2M½`(ôçxKÜÌ<áÀä°±‡Ór úGõÂoW£Y¾{'€N¬ºÄ½šúwY2M½`(ôçxKWÿq*䉳t“Àv§Í©a)بýhÒ¶¯c91]½šúwY2M½`(ôçxK:‘ðùå(¢™L}“ ,^áLèáÈ0Jä•­ÅŒÄE< ½šúwY2M½`(ôçxKISyl›òQ «¥³Õ~+…××d4ìuº£…t彚úwY2M½`(ôçxK¨²Éu뫧ÛÞ^éiÀêî*1Ë‘¨gV¦·p½šúwY2M½`(ôçxKŽSïÜøRÎå¦é)1¼Bæ<ÓöI̧èrRäY– ½šúwY2M½`(ôçxK™-5š§¥÷‰Òh¹L¹HZkæCb°í´DÌ|9d{½šúwY2M½`(ôçxKŸ¤Õ?Ô>ÊÿBº~CS%+~^rµ nÿ€'ÖmC½šúwY2M½`(ôçxKÓrÀÐôýÉõ.ž#üVîrAJóPÐΦÂj5¦Ã!z½šúwY2M½`(ôçxK\Xj…é7‰EpÔùëh(¹|AË›¦ÓÜÌ_RzU½šúwY2M½`(ôçxKöJ)”Šˆ¾ÿÛ^ §7 Ï ÙÎkÏŽd !1«‡½šúwY2M½`(ôçxKØ~q4Tao[ׄšµÁq*¸O4”xì*8ùpÀ‰½šúwY2M½`(ôçxKë[­ÒnO®eù¤#XÞï|å,À_»Çgvæ˜*½šúwY2M½`(ôçxK»"‰ééM ÿ?bQj°~—›,lïâ«pÆßÁŸ¥½šúwY2M½`(ôçxK (ð@‹÷%ægØq8¨î¼R–-(Gñn5‡;A¶­½šúwY2M½`(ôçxK ùŠ©…Œ sø›§~‡ìoYlIPû‹º€¦/»‘K½šúwY2M½`(ôçxK uê pê¤Óót$mµOÇ´>Yj53 ¹ÃkOÙur^½šúwY2M½`(ôçxK Q×oÄ“Iv]¨†‚Bk,þžj¤òrSê´2㧽šúwY2M½`(ôçxK£¢šÐQ0×þ[ôÒYecÍí‡@–ªÌi“*.IQš½šúwY2M½`(ôçxKw0´/þI?é¶%—Í+o4Ójõ“0ñ¤/” ½šúwY2M½`(ôçxKáqZŸÏá¤DÎÿ…†ž´"3 ÀK1L)]m§ž½šúwY2M½`(ôçxK‘¨Ôså(¨x#½bæUß®Tú+úrýÀ)†Ö¸½šúwY2M½`(ôçxK‹XÁý¸Ú‹3Ìî_—:÷4Ùóã?]±W<+ ˆ¨ ½šúwY2M½`(ôçxK‘†ïß^òÞ‚Eº®4††º 5ÿ=˜eÁS|퓽šúwY2M½`(ôçxK' „²†ñc°jªäë¸ßøÞ} ‚[ˆ9ÿf'NÿG½šúwY2M½`(ôçxK)̤TN£0Ö‘Ç„i\œk"¬{[‰Ë×(Ñ@꽚úwY2M½`(ôçxK+"˜ê¢kĤUŠé.{°äø\óKøHýö6ÀÁ¾Ä˜—½šúwY2M½`(ôçxK-ÏŽp#ÑèáE=hÖì0Ù¾ÙL¼¸ÝÁ̬½šúwY2M½`(ôçxK1*Å[PÀ›0³Ì“¹”¡>î¬Tï‰/ÄG»½–¡½šúwY2M½`(ôçxK2­2–‚›ÄmϬ^ÝË¿,í\ø;"Ïœn`ǘԧ½šúwY2M½`(ôçxK4 £+X3Ž+V¯0 ©ßÖ¹Ò'àâ£IX±Æ%ž…½šúwY2M½`(ôçxK6.Ó ±à’(1©o ÏÞa‰Sæ•Éï.°ºÃuP½šúwY2M½`(ôçxK6z1僈1­,FGˆjlßò決‘ ÿ…Üz‡®›^˜½šúwY2M½`(ôçxK7e×iÀ[ù‹B{5;!7褛o… ñYíj†xj¦4½šúwY2M½`(ôçxK8mi\ß-EvàÊÌõäžxÚQ¯™UÀ¸úv7;y”³½šúwY2M½`(ôçxK:Ot¾¯®+“ƒ­‚Ò3¦Ï=³Çâè—¾ïBUúúwY2M½`(ôçxK:çlEÊpé Y˜Bb-ÒQ¼¡ûæ¹Å.Ás°5½šúwY2M½`(ôçxK;èçë45Á’Çi„gˆ™AÑöÏ QL¡i“OsY½šúwY2M½`(ôçxK>9&ð¸¡ZÕ¡Ag»dz„<=C!ã]¼DÜèÈ7A-(°½šúwY2M½`(ôçxK@ ÆmY·°”©ã ¦½:ÿ0WƒçY/B¾_ôº½šúwY2M½`(ôçxKA…‚m«[¨4{x¢+_š upÊ\“§MGŠy=ƒºÄ˜½šúwY2M½`(ôçxKAÑî±wÀ2NÝeWó„å2Þ õšDkï³Q¼%w½šúwY2M½`(ôçxKE‡kMØaÔ[:”€tz]´ZH²§)A ¶A/Š‡é]½šúwY2M½`(ôçxKFg¿% ×Á k„tÆͱßdŠXso¿WÐ]ou]«gô½šúwY2M½`(ôçxKGÿc±@¶üíy1æQÚ[./]®ô=ÂûÅ2±½šúwY2M½`(ôçxKWæ‘:úÌR"½vͯ1ø툉Td%Stï z‚×õšÓ•–½šúwY2M½`(ôçxKXú"q!ÇmížcÈ~:e3î öð¡¢?ÄE›Æ¼ß½šúwY2M½`(ôçxK]šË»J}KhRßYpâÎÖoö"îœÐíØAÌ­½šúwY2M½`(ôçxKaÎÄ£w¿YÀþ®ãp4¿—Õ¼nâ:ߺæãõû<ý½šúwY2M½`(ôçxKcW´E6,Ƙ KĶ(â=¾$¶élŠãÜ°Õ¬½šúwY2M½`(ôçxKe²çÌÙÃ1ßRßsÊ É2ÒŸ™tÅo0‡²Ý1G½šúwY2M½`(ôçxKfª íÂ8MœB]9'æíJ]@ÅçÍM¬ˆõwòñ½šúwY2M½`(ôçxKhsÒö)½RéTîÿYwªƒgC™—bÿ!,”3Æ—½šúwY2M½`(ôçxKm»êÒ>Œ† ø´tûü¥ Mã⋈»ÌÜGG“N½šúwY2M½`(ôçxKmêÑ2WßÃÌƤ³pº‘u_éàìAP0”.Z¼Gð|ˆ½šúwY2M½`(ôçxKp¡E ò­9Ui­ þ±ÙÁ%2Né ì9ÂXˆ4Ô‰-Q«½šúwY2M½`(ôçxKrÂo‚|ë’˜—˜–Æ®tÓë϶]A²fÉ ¾‚½šúwY2M½`(ôçxKxd!ˆ¨´±sÔ¨õì”Ø(dqV ™5zXbK7u ½šúwY2M½`(ôçxKxƒƒ¤Ç3»‡Ò¿Qg=Ç>’ß«}QÜqV'®whm#¼½šúwY2M½`(ôçxKx´íÊ«ÈÙ > â€,®´ðž#£9LJÌn‡èóS•1½šúwY2M½`(ôçxKI̳ 2;z±“ÉU¸ÇDð¢·\1I^`pP'½šúwY2M½`(ôçxK‚¬ºHÕ#lÏ÷ešüYMî+Ö.ñ£ ›P†(Ï4ô½šúwY2M½`(ôçxK‰Mx962˜Ì‘Zèt.ó0×¢f™ôYGŒò,+k²…f½šúwY2M½`(ôçxKŒI×Wåª!ÁcH#22—ØhòX‘e)ïÅ ïp½šúwY2M½`(ôçxK“Ö iYevåÜFKá*…úR€¶õ$Ô¡ÃüÉÐHÏ­½šúwY2M½`(ôçxKcõûÅåz¶Þl”ˆ` ár±vÕ«WÔÈŸ`þ-⽚úwY2M½`(ôçxK‘ej¤ïI;8$ ·&2HäâÖW¥ÈHˆ ¶[s 2ûS½šúwY2M½`(ôçxK‘——¿Ž[Æ„9¬Äcë¸ú«ývMËè/;©wÊÈÏj½šúwY2M½`(ôçxK”pxù|a––Œ:霚]Xf~†ˆ,öÈÉÕ‰g¤–»zô<½šúwY2M½`(ôçxK–äP”PÓ€ÚÃbÿŽ)U‰ŠåX…Ò ‰Â{¢©Ð ½šúwY2M½`(ôçxK—ƒµîD’éè‘ÆUñô€5•­E<b:ðþ{òÀ¥x…㽚úwY2M½`(ôçxK—¥ DDb óŒØÆQ,¬šuýCzáäÒ))€va#'½šúwY2M½`(ôçxK—¨ÅºÖï»]jÚNºG-ÄÆÍIrü]ã!4/佚úwY2M½`(ôçxK™( æìŒAÚ®KØ«Hõ‚héC¦pÓ\¥â½Í>|L” r½šúwY2M½`(ôçxK™T¡©U豉«ÊAK‘ö l@¨ko>óh݆1½šúwY2M½`(ôçxK›¯Ov×kõÖ¨—¿½_B›¡Mà‹HÃîv“ ‚ÿ8‘½šúwY2M½`(ôçxKœ%ŸË0_Ç9~Õu™càïk6ä WýsnkЋŸu½šúwY2M½`(ôçxKÒÜ·/^t'òéà:±…£@<ö©¤y¤ÛÙ~"P©½šúwY2M½`(ôçxKžÓ?¼ À2øœ¢Ä«4íÃ:E¥ %!£µ‡j£ê,½šúwY2M½`(ôçxK¤Ùx·Ä½¡T5Õø¹Y.Â¥­ûê{­j5ìµ0”d/½šúwY2M½`(ôçxK©$ÓÊÖÚB·9›– • oö±«¥¸s°Õó î!s´‹l½šúwY2M½`(ôçxK­;å‰ÀGN—Þ[²¿3SIH·k¸vßÜX±þ×gµ¡[ü½šúwY2M½`(ôçxK¸Öµç…{Eƒ|{ãØV­ë—Ç)°fZ=G:KëQÜó½šúwY2M½`(ôçxK¹?™Y‹ ú ¬Á,üü%hy?nwžy^m|"Su½šúwY2M½`(ôçxK»Ú3»cœ~€m°VÉŠSò/ïû äm®Iš½šúwY2M½`(ôçxK¼uùÿ2\µ™žf»ÔOJå7¤/ßï5SHãf⽚úwY2M½`(ôçxK½Ð&éØWÓþu¯Áp*)ð´öýö¢²\—©ÎŽšúwY2M½`(ôçxK¾C]÷Í(ª*|´üsG[wå«ó’÷k|vú?iŒ·š½šúwY2M½`(ôçxK¾÷f;åêM¿Øhn$poLûÍg¦Åfí”Î ÄDp½šúwY2M½`(ôçxKÂF—YÁ”~ô¶_r©õ³¯‹onr{h» ‘8\¿BjŠ½šúwY2M½`(ôçxKÃP[ó쥬äÇk‹Ñ 9 eÑóNu¸£^ãÆ›–½šúwY2M½`(ôçxKÄ-Ç Ï^Œóû‘ýòˆ@!­ƒl¦Šß,»y•Á õˆÔ½šúwY2M½`(ôçxKÆd¥¸9ä¡gBR~jÎ<'oÒn4ÇÐã"½šúwY2M½`(ôçxKË4¯ë tÄ¥ˆ³nº¤A–èÒú€Ü¨Á8rÈPyk½šúwY2M½`(ôçxKÌŽìn¹!,¿‰zZÎ~Š¾ìáŸmï x•‘ËGñð„½šúwY2M½`(ôçxKÏ¢CÁÍ.<Œë~p‡ÎËûƒ%»ùз y­óèA(½šúwY2M½`(ôçxKØšÑlHÔû¼TKúøg f ”HåK¿òpNBˆ½šúwY2M½`(ôçxKÙfŠµ'…g†Á4µä½Û÷$R;is"š¹*¡¥M õ½šúwY2M½`(ôçxKÚ5`ý 2µLƒÔòÿ†Ò“i¬òÈ–ø¯§CkúFU½šúwY2M½`(ôçxKߪ´ƒ‡©áÔÆR(œ¶«á–Èô³–Çä»Ã•Þiwö½šúwY2M½`(ôçxKß‘¬…©OÍ ûU½|¾ú¬¸Åîs—þ,ÈY„Ež.¡N½šúwY2M½`(ôçxKàQ·ˆìºí¥0FÇjö•",aW¸ÄÁ¹ÂÏÆ_F彚úwY2M½`(ôçxKãmüq!Âãšêˆ„ž(E«2ooçNS›~TØ61½šúwY2M½`(ôçxK㘑ô‹¼Å“¸í†Î‚ÎfoÁ[ŸËý+ºÐ¨›ôÇ¿¿½šúwY2M½`(ôçxKæ…oy™-ÉO¢ô2—ì2ÒÙ§o{æaÆ¡>ü;ÍõȽšúwY2M½`(ôçxKêÿŒ…ºM[k€FõÖG×yºÚwhæIÐGÿ›f ½šúwY2M½`(ôçxKfIa §OjÆäß»)¢à®;Š#(Ž~.r½šúwY2M½`(ôçxKî×àïòíUž*yî6™b¯;™‘1ã ·ýTo® rg½šúwY2M½`(ôçxKñ´öQ; TJh­Â‘ï¨ÅŸB ¥Ü²> Zú~ =½šúwY2M½`(ôçxKò¡m5µTiA‡§ @Êh)Yôó\,àê¸ýd÷¬*¹õÂJ½šúwY2M½`(ôçxKóÔaÅé•@?É|¢Ø©ËâpY}2ºßÖkwI_”½šúwY2M½`(ôçxKôŽmØqŽ•;`¢O,¾¦ •!Þ®gÛ%B[}:Îô1³[ôÀæ‹Óµw¹«á©ÏñËßT½šúwY2M½`(ôçxK ;Ã9é¶ù¬Ø(¸4‚¥ÃöNg姺¨§S³Jö½šúwY2M½`(ôçxKB Ì|ßöLYHHMj~ÃQNo\¦½î× “” “̽šúwY2M½`(ôçxK(ˆxñ.‹œlËöÇ=_N˜\¬óü°ÂND‘+>¹½šúwY2M½`(ôçxK.¤Ëj±ÓÜè-Týâmí$;£áçÆÒ*YOågˆ½šúwY2M½`(ôçxK@ÖÊà)sx€ÏL:šÑZ M‹ºD8«–âvÌxDTÞ罚úwY2M½`(ôçxKOüäúˆ—ÐÈ FÖÚ´G&Ñ6ü$’ïÐþߣˆzœ½šúwY2M½`(ôçxK\*þ4½Šzë»Cœ%ûjBOå5¬MöÁ—E¶ñ‰:½šúwY2M½`(ôçxK™×­ Ö~R3½vp/K€‡ÏÄìeIMl¨«¨XþºÚ½šúwY2M½`(ôçxK¦¨Q½÷S+K€ú•êßßø°ËµŠ}99Éñç…½šúwY2M½`(ôçxK½ÔlŸ]8„SÆÙ4uÓšWerºÿua,2F£ZS)±½šúwY2M½`(ôçxKË™K@¶l¿Uüf5UÊðÔñÎ&tdÐE,#aà^áÍP½šúwY2M½`(ôçxKÖî·‚ãl¯ûMŸ‚‡Þ“ «Ìo¤Uûýo7'=½šúwY2M½`(ôçxKÝ Ï}±âb-ôTp7¬jó >Àk0'IˆÅk½šúwY2M½`(ôçxKä%r¯¬r]Jzªøð”Úζ‚ôé'ƒ²»? b¯½šúwY2M½`(ôçxKæ#mÁîL|z›9e”t0„{á%÷®·‘¡(:꽚úwY2M½`(ôçxK‰¤e}èr˜U,ùàóÁ÷Æ-úc¹ò[¼fèd”½šúwY2M½`(ôçxKõè’ÝnÄÂÞúJI\ !›by¶M£Ñ²ãJßK_½9½šúwY2M½`(ôçxKÔ$ÍZ6Œ4Lf$ó¸çO«3w“úv_û.½šúwY2M½`(ôçxK#.BO³ÿNüuÐ c†w'„ºPpî$ߊ·™½šúwY2M½`(ôçxK‘r§bfµ»/€ ñ…£nT¯Õn–s‡ê} Mx ‰½šúwY2M½`(ôçxKÜŠÿª£ã.￉›0Y˳¤‹‚úœ“Õ¶½šúwY2M½`(ôçxK™YíNåHµŸ!“¤Ucê…»"LÙmì–ÀçüͽšúwY2M½`(ôçxKG³xgdK.è ;-_¾!âwÁaz,/W¬à…Ÿ½šúwY2M½`(ôçxKú¼7ó•æõ$r´O¥/Ÿ ¤€ðQ˜Æh·[ôF½šúwY2M½`(ôçxKãóüÿ ¿ÁÀ`¤¿Vˆ^ýU¨éÎ<_HiDL¬ÿ­ ½šúwY2M½`(ôçxKLÚã’ Q,œ*‹Jº––› —¶Ld¥Ø˜Ë ¹½šúwY2M½`(ôçxK[‰ñª$5 =ٲѴû¤øõlñù¸ÖÙ¸&""5Á½šúwY2M½`(ôçxKL•W± >!f>-#ãÁ®œäµÞ X¢—3#6¢Ø½šúwY2M½`(ôçxKà`Ú Và ϱvnŽ„hh¡éšT±J¥ÐhŸ(@ÎÆß½šúwY2M½`(ôçxKHôXMáÅìe %æÆ#c\ὂaÄÔ î#U´Ê½šúwY2M½`(ôçxK¯y±@d`À˜}GG¯‘J"ŒÖ"ÎÚ·¤öpþçg¡YÀ¥ä”§J‡µ«\+ðr,½šúwY2M½`(ôçxK0‚ü0‚ä §Fï0  *†H†÷  0 10UDebian Secure Boot CA0 160816182250Z 260816182250Z0$1"0 UDebian Secure Boot Signer0‚"0  *†H†÷ ‚0‚ ‚ÓуÚe¢/Z`•ë÷dž| †Úe£¦ë[;ÎÈû?¡rKžßPÅ3¤ +_ÖA ¶Ï•H튲­Öå7N`ͲJ8³D€”¯ŸnTÛ¨<·K0Þ!o £fºj+–Öšaw Ôí<Ðq»­Œð"\>%Ìm".a—•¯›.MX¶~xùú²['Þ}¢¾ ¬sì—°^ííå¥u?xàqÎ/΃íS10˜Næù¢ˆˆ¦#| ·T:•í^y^Nþͪނüö–qNII¹Óé°«×*G·S0'|Üf˜ oÑ~õ=>Ô¢jˆY//=ÈÆ(ÞBþÙR=$Âü@˜öv¿Œ»e£9070 `†H†øB0U%0  +‚7 0 U€0  *†H†÷  ‚W¤`L)éò}k\“ÛÌlŸ?iHšuÞdóƒJ ©&!îéV]á>ÙuËÌ¿Mäè‰=~B‡@ÃÕàqyÜláqbǘÂË' /ŸÌìú‹²ó žóòÃÉŸÛ%“¤Í»åŽô×U¨´uA1ýN] Â¬ÅÞFçÜÏÕèG“Œ2ÍDÕtÇ0šW¥VÐ~Ï´ôó)ùÛ›SÒ½/­ju&Edºº(–‡Ž·ðyWúz ÃÐì¨#Ëð©AªØryÑÄ™€-Ñæ6¸©½šúwY2M½`(ôçxK“šîôõúQâ3@ÃòäHΈrRjý÷Rçó£ò¼Ÿ`I½šúwY2M½`(ôçxK§ó/PN°þ­š~ùNѺ ì]æ÷ïoð¦+“¾ß]E½šúwY2M½`(ôçxKæÊhéAFbšð?iÂønkïbù0³|o¼Èx·ùŒ4彚úwY2M½`(ôçxKÏ?|$¯mFá3»j“i¤t9K*ŠÝÆ:ˆÇ^·Ã¦Ç½šúwY2M½`(ôçxK;Ý.’®A{!CÌ™<ä“cÿ¦\œÄa¶¤§y™t½šúwY2M½`(ôçxKV³ÚrYëìDš~¿tÆþ‘,é¿J §a ^›À¶ͽšúwY2M½`(ôçxK\Î×8E·éh¿:ÎRÅÆ`ª-¦ÝïòÎdE KˆZ½šúwY2M½`(ôçxK8¯/⛿â#“9óÊH·ò¤(óMåd $'½šúwY2M½`(ôçxK>3=è}!G²« <«HöqŠý)é‘z=_`èuW¶½šúwY2M½`(ôçxKVûyª²néÐàÊ7/¸j‹´Y¬¼P] ³^jc*=_ˆÜ³½šúwY2M½`(ôçxK·ÓãÄ©0ÿüÛFSN÷ÃÔT5ï—÷˜†qOU#²彚úwY2M½`(ôçxK­Ì oÖÜY¿Bð6À3ü>Cðzƒé 2y;b” ~½šúwY2M½`(ôçxK˜Ì‹‘þÅ%/bèCÙÕج*/%:£R³#jP’ Ò½šúwY2M½`(ôçxK½ˆ#U¿hÏˆì ƒ¶6‘H¬S=Y ϶&½šúwY2M½`(ôçxKŽÂT íÝY.ajô8m©ê÷hUï y.&ü›2éQ×l…½šúwY2M½`(ôçxK …ÚªHèC á+PxyM¢–(¬´;iÈ)¹•Êr½šúwY2M½`(ôçxK/šŽ¶ÈáŽ~Šþ›Qâ3ØŽÇl¢Vÿ*„+:©ôf½šúwY2M½`(ôçxKAÌàüFv Ê6‹íºEÂ’ò¾b/¹¾sÏQç©næVR½šúwY2M½`(ôçxKNäZ!{8¨Á7wß`ñ%^RºóÏSsã×âÈ^,Û½šúwY2M½`(ôçxKž tñFFšÎçÒ,}ؾç>¶*Æ,ø¾àÄQe(½šúwY2M½`(ôçxKµ%1ÈCQëiZŠÿ z[ß“—,Þ߯@gtT%×^!Í »½šúwY2M½`(ôçxK¹²“>+l3ÉÿŽ"M€ (òšLëå µ×Fy¤Tÿ½šúwY2M½`(ôçxKÁ'ðîü.E‰ØŽM¨£°Œ©ÕˆI‡¦~駭ü½šúwY2M½`(ôçxKÑNåamÈìtÖ•¯ÚÌx»ï¯§©z\þ«›–†ÎžÝ7½šúwY2M½`(ôçxKøÝ"Æ|Y ÝÉ…ž_÷8Ê؉u$+цñAõ×eã±ìþb½šúwY2M½`(ôçxK÷äÇûuZÅ4¼ßaª¡…9ä.$x‘éºBárÇB½šúwY2M½`(ôçxKÿô!©ÜÓï8­X^‹¬¤¬.LÛߦyÁp‰bN1 Ú½šúwY2M½`(ôçxKŠ¥ ûF š<€m(uwÚ ?}•àÁ<4뽚úwY2M½`(ôçxK¨£03 ¢i(9̺„€<^t-PmXÄn¸2,ÿ&ÄÁLP’@¬©Aù6“C(0½šúwY2M½`(ôçxK^ê‰T‹ `²þíÚ< Çþ›Ík”覃¸R8½šúwY2M½`(ôçxKæƨXdo±ïÆyþ(±#gþ’æ¾+6™žÿ9О½šúwY2M½`(ôçxK ß_NQìx¹mÐ%ý¶†ãŸor’xRY›eœ&½šúwY2M½`(ôçxK »C’Ú¬z¸›0¤¬eu1¹{ú«ù ¯åù¶ë ct½šúwY2M½`(ôçxK “9v-ó6«=ФcßqZ9Ï°ô’F\`lk×½‰Œ½šúwY2M½`(ôçxK ¾Êo)ì o3}räˆK ³H˜:* ×?O½šúwY2M½`(ôçxK Éóû™–!HÃʃ62u>Ôü ¹[1æR*Í[ü½šúwY2M½`(ôçxK34)ÿbퟗ>HÜîå-¾.ImTµÏÖÈdÒѽšúwY2M½`(ôçxK6íºõ­A¤¡wz¿/¯^g4g^Ù^i5‚ž ªÒ½šúwY2M½`(ôçxKQˆ1þs‚µÐ>Æ!"‹Š¶Ty½ ¿£ÅÁÐôœ0a5½šúwY2M½`(ôçxKZéIêˆUë“ä9ÛÆ[Ú.B…,/ßg‰úg6ãÃA+\½šúwY2M½`(ôçxKlˆTGÕYâ“Q¸&Àl¸¿ï+”­585‡rÑ“ø.ÑʽšúwY2M½`(ôçxKrk>¶Tj0óø=›–Îöpé¨ÑpŠqæ-Ä,#Á½šúwY2M½`(ôçxKrà½gÏ]V«Šß;ݼ‚¿2¨ØªŒ^/mò”(ÖؽšúwY2M½`(ôçxKx'¯™6,úðq}­ä±¿àCŠÑqÁZÝÂH·[øʤK²Å½šúwY2M½`(ôçxK¨¹e»„Ó‡k”)©TÌ•SϪØÈ£;ý3ÿð佚úwY2M½`(ôçxK‹ô4´žÌ÷¢ÍeËì;= <5¾P_ß{Õcõ!½šúwY2M½`(ôçxK™˜ÓcÄ‘¾½tº¹M’‘soܦC£fd¼1ZB½šúwY2M½`(ôçxK¦µ6UÓ¢¯ G'Yykä¤ T•§ØiuLHH…t§½šúwY2M½`(ôçxK­h&á”m&Óêóh\ˆÙ}…Þ;MË=â®Ç`ÑùÂ$Q?¼eYW×5ú)õ@νšúwY2M½`(ôçxKØËë—5õg+6~O–ÍÇIia]JélrMBÎøóú½šúwY2M½`(ôçxKé,"ë;VBÖ\ÂÊòGÒYG8„D•oYâ°Ñú½šúwY2M½`(ôçxKþc¨Ox,ÉÓüòÌùüûÐ7`‡‡XÒb…íf›Ünm½šúwY2M½`(ôçxKÊaJ~“”ŒÐþUÓ™ùÑ©nE AR'ÂÆ[½šúwY2M½`(ôçxKU¹› å=¼þHZ©Ç7Ï?¶ï=‘úµ™ª|«í§cµº½šúwY2M½`(ôçxKwÝ£ ˆÿ^; æb x  S^ˇæðˆŠ k/½šúwY2M½`(ôçxKÈ<±9"­™õ`tFuÝ7̔ܭZ˦G/î4qÙ9è„&ÄÁLP’@¬©Aù6“C(0½šúwY2M½`(ôçxKÅ[䢦¬WJFñáÅL¬)ÒÍ{@8žqW»2ÄYL½šúwY2M½`(ôçxKéØsËÎÞ64ळdKQáÈ  H')’Ç8Q>¼–Í>3`½šúwY2M½`(ôçxKfЀ>%PÙç‚šáµøGÌ›ûæ›QphìµÚ»z‰ü½šúwY2M½`(ôçxK(ASçÐJŸ~\=¿á{&r­/½Ñò{ìx”·‘˜S콚úwY2M½`(ôçxKíÒËUrn«íìèÊ]í(š×“«;iÑcÈuþÁ œÕ½šúwY2M½`(ôçxK®ÅÄ™Vt¨IÁÑ8Dcó°+Z¦%¥Ã üOçÙ»X¦#˜½šúwY2M½`(ôçxKÊe©²‘]šZ@{Ài‰64šãÛi„û§ªØÞU½šúwY2M½`(ôçxKˆØJ¦Þo.–ÏÉ­«[èe7òrè‘֭ã±é½šúwY2M½`(ôçxKj‚FT·G‘RŒ÷8£xæ)H8t¶ÛÖ~ Œ3'²ü¬d½šúwY2M½`(ôçxK®Ö,J¼²RFCár?j­Ì1§JôÒ(];ˆ ÄL"ÞŽšúwY2M½`(ôçxK!ò}‰òç}î|Ô3n::Þ6**®Ÿ²ï┑¥óÕí½šúwY2M½`(ôçxK% ຆ mF‰D‘Ö0Õ‹ ö•É,âJ)T†÷˜[½šúwY2M½`(ôçxK9Ÿ¦ÏZ‡ƒ–7µ_b»,Æ©?¥¯ç­v´¯³ É'½šúwY2M½`(ôçxK;0Ãæ©#Ë·Ïeµ9_±È×D€ò\¿Ëš{ýc?í½šúwY2M½`(ôçxK?éøÑÜ£ü™„ÞLÂÆ&«³‹s˜ZD|: 9ÊT½šúwY2M½`(ôçxKE”WÄŽE "…û9/Êx»oM¨7†(‰«y‹Ü½ð½šúwY2M½`(ôçxKZNtWâÖ5‚†ð÷ µg.NÛxquPdžÂ2ê[½šúwY2M½`(ôçxK^+·¼‹à¹Ýÿu`fhæv¯Áq€ï [›8?¹•½šúwY2M½`(ôçxKÝþÄMÄ0-¥Ew5<ý¾´³æNÁÁî/à€½šúwY2M½`(ôçxK‘AêNkñô×,(¡ÐÑ$©(Õ§Ókü~~SïD#`ÿ™½šúwY2M½`(ôçxK“õ#>™p§ÛLš¢Þ$cg(çÆlò»çK² “º–½šúwY2M½`(ôçxK®ÊŠ«|KÝ!Ū£#õ—½PD]vi\²‘ ̵ñc¸½šúwY2M½`(ôçxK¿Ê¤Eò T®¦PÐ=|9·|Ø*z‚MÅZ¥‡ÄÀ÷B£½šúwY2M½`(ôçxKÃ)~5éïÄÀQpj«wÒš&æ-š8Þ%mÿëw îÈfj½šúwY2M½`(ôçxKÈu®ŠµDWqr†šNÆç¬ç¨uô*/»¤µ/)4™Þ½šúwY2M½`(ôçxKÛ\aR¢>¶±¯ê­ItóeJÆû¾v‡ »tíæ2¹å½šúwY2M½`(ôçxKÛ´$ËŠÓ^æ…F &EÄh`'©íóů„+•rñ'i—½šúwY2M½`(ôçxKáÛû¬G6‘ŒIw˜ÖíR—&¦±‰Kàe•S‹"½šúwY2M½`(ôçxKæ7%&"Ã.GtU±/†O ²|Dgš.xåÅm¡ÿ΋A½šúwY2M½`(ôçxKôØêÖÃ%8Ñ»9ðïÜ/U7”ÁJ^EùU\3Y%ÙÓ½šúwY2M½`(ôçxKõÀ¸üáºçvË:Þ(·fN“Ó|ŸXrI:Ì%ú὚úwY2M½`(ôçxKýE‘­Òå°fCcr qI)‚Õ²#¡A¦$‚FÍ#ö~’l½šúwY2M½`(ôçxKd·¹J²©>yÒ—ëöÎ 0÷™~Y)äï ;]TÆN{½šúwY2M½`(ôçxK˜=Ìá ò&–©è{çúÖ6~ô®‹ýT͵(¥ÄŽ™½šúwY2M½`(ôçxK8`·ÇÿoKÍXe„;.†²ì¥ÿO°q™Ÿ!)ÔÇu;€o4½šúwY2M½`(ôçxKG÷¥ó‚†©Æwölþ*„ÕÊ”ËoÁëèá˜n‘íÕŒ¾3½šúwY2M½`(ôçxKR£ÊM¹#ÀdŠÀKèlà-¼j:ªÈ1#f± ]ìn,¢Ù½šúwY2M½`(ôçxKWi/¸ €š;ä ´DuÝír%ÇoÝ_ðžN×Ó0¥‡3¥½šúwY2M½`(ôçxKx6F[ßúçhï®Üº¨µx{¯Q²y*€ãA£ø$ÿ‚ʽšúwY2M½`(ôçxKz”º¢®ãdŠü ¯.ýRj[v4žÉøÀ;Â%v8½šúwY2M½`(ôçxK…%W‰ 1Å·sßðž¥\×êeô[@TÁF>?ܽšúwY2M½`(ôçxKS2³PWz·±˜“ý¡² jbâb!BdõT¶>€P½šúwY2M½`(ôçxKŽØªçÕAÌ»0 ¢±ÿWRf-‹#û§ýÿØ ½)½šúwY2M½`(ôçxK“5ÉÝp¢ìN2*¶¢ÑlLÔïDÀ c·ºZ&ùë}½šúwY2M½`(ôçxKšù%Aæ>¬¼W„»DÛfù¶&ONÁxÆÎ2êöGî¼¢½šúwY2M½`(ôçxK¤³þã$Ò\Sû\´†0Ü€Ý~猬Œî©'9i—ã;νšúwY2M½`(ôçxK©ƒç>W½ðÉ¢“1)è}ó—ȼÄñhC¡jV½šúwY2M½`(ôçxKÎŒDá…úª•œò2)`xTï~1nÐw=f×¾^ H彚úwY2M½`(ôçxKè£7íiïV'ʺʿN¦Öâ·T±!¬%¼Á ½šúwY2M½`(ôçxKéÇ|Õ¤ß ¤,¤ŽlFŽerW÷?f}ä^îtn×Õ½šúwY2M½`(ôçxKý0b5ŽÄæ€ïßÔÅDs¸` 7Ù!ßG/¿›e½šúwY2M½`(ôçxKebZ="¡„ÛÕÍûžœ;ÙeB”ꢹ†(¼'>¼µ½šúwY2M½`(ôçxK€#ηäu–!¦,r›«ÈS%•÷dW"JÖT+{&Ô½šúwY2M½`(ôçxK(÷ݵR里àƒs3¸_?NƒÓ“‡üSc´"÷\ȽšúwY2M½`(ôçxKßE'“RžÚuÄÔQR:½šúwY2M½`(ôçxK‘P ÑÏh¹å0dÞ‚Ô· XÒð 8Ì@d'Ó#Ùü5½šúwY2M½`(ôçxK zVN“˜œWOÑŠ¨[ëXÃÙöá ñ,es¼+½šúwY2M½`(ôçxK£0ýæ\z_ uÈ 0gÃëuàÏ›Nâ@ðÖ =ŽšúwY2M½`(ôçxK±I²ž‚âH'ûà0Ë&Í3e½osç§1Å÷ÜÙ½šúwY2M½`(ôçxK¹yÚŸ'¥hŒA-ö‘RQ+¢RÔf9[@ÔòÑU½šúwY2M½`(ôçxK»DýŒÐJ¼;TåÌê—ïçÓ“<4(‹†öì´óíÞ½šúwY2M½`(ôçxKÁT|ùW©iKkŽ5?äÛj8"ßû†”x½šúwY2M½`(ôçxKÎ÷]¨é‘¬–ÓoŠV(I ÕÆ0(ºƒ'}\'Ð ½šúwY2M½`(ôçxKÕ¼ûa›üíd$›“ x^­_Ê9'ðÎ<^ý?šðK7¿½šúwY2M½`(ôçxKÚ™C'qt– }? eavór>Òð:Q‹ëžøœß 8ØÕ‚ÊAsø ëÄCïyg½šúwY2M½`(ôçxKû ¼%jê\ù=©œòdÌBôçºk2Ûc¸'b瞀\½šúwY2M½`(ôçxK xƒ§gë[™áâ Öfù (Úî¸õå%=Žxwü´½šúwY2M½`(ôçxKD!+­ô kã1c E7ˆà²;zHµÜÛeÑ´³½šúwY2M½`(ôçxKÛ¢„Gý¾<Š$þãëˆcŒáØù|Ô’PVÀ­‘ÊQ#}½šúwY2M½`(ôçxK¥?:,|AÉ0™srfµaŸö¤3û;‡4b-z¯«šz½šúwY2M½`(ôçxK#üÖ¿0„Îæ©ùˆ^R9# ÝàÈpXžäaU¨ôè[½šúwY2M½`(ôçxK&L¼WeqŠ Ì°÷œÝ:‰‚ûoO RËGûöнšúwY2M½`(ôçxK&l)ÈÜ8”³Kï‡#Û(îΰ»k»í ÌAÓkýšúwY2M½`(ôçxK+žÌõ…±Q"e{”SK±1ª|‡N"b‹…Û>è>M½šúwY2M½`(ôçxK2igÇÿÁ¸m¸³+p芉Ì4ÏÏ0 ˜Àwäsù±¡½šúwY2M½`(ôçxK3$P‰œÿ~Á\S’òr'«ž kmŸŽ!ϵ_½šúwY2M½`(ôçxK;v–ßbzÞ0»½ÅÎ?<'$ —3SèU{lЀɽšúwY2M½`(ôçxKTõ ‘)o/Dس8®íû¾†ßIÛ]è¤Q‘ª©1õ¼ö½šúwY2M½`(ôçxKXh˜Æ ÿS›vÒ=¿,’ä_juIá?SÒ“p‹y<© -½šúwY2M½`(ôçxKZG°±/ÙÍ9Æ'Ñæ¿JþÙ`¡]j]„ûó—UÒÓ#½šúwY2M½`(ôçxK^g¿$ ööˆh¤”Å 0«%[aŸ¢„ë&gJ½šúwY2M½`(ôçxKaS\ªGaüHÌzƒ]úð µiíü¦(ùƒÕŠ:Â_*½šúwY2M½`(ôçxKi£ANxb%¼Q›¯ Ëû&-:»ØcŸ>Ê*)ù”½šúwY2M½`(ôçxKláò˜o Fh; })m „DŽÏvƱƒþ)ÃníŽ/½šúwY2M½`(ôçxKlýÛbòTÓŠ[ÍÔ=QdzH|§ ²&¬  ;³ÒºÀ½šúwY2M½`(ôçxKsjû]òžÉÈ…2¾œbø ¿#ç/-4ˆ·W¯ñ~sJνšúwY2M½`(ôçxKt³œ mÈ¡Ñ–Õ™)–¶­G}rêøn£Ü쫽šúwY2M½`(ôçxK|sr¦ qàHy¸“ IDÙm7S࢒J1#_¹x‚ò½šúwY2M½`(ôçxK)+ÎÉ{`ñêr½÷Ùj¨w‚»T…Å\{?ð5½šúwY2M½`(ôçxK.°ú-ñ:ˆ•Irœ­¿ ¶lž!•WA·(Y ñµÊ½šúwY2M½`(ôçxK]˜®ä˜Ï'ýfHÇà,ü Jˆªs#|»#Rþ88Jrh=½šúwY2M½`(ôçxKŠ0\_¾|Vùã!MzÛcAô#O<å#5–z-6_½šúwY2M½`(ôçxK’\&B…t§ñ˜ÊØóÆ‘­“-ž<*Ù%Fÿp™í½šúwY2M½`(ôçxK’øXö +ÒF°]wYãNw±\4ÈK¤É0³ øÛ ½šúwY2M½`(ôçxK”õúXS—Œük±z©FäCÿÊ¥,†r©D`ôO½šúwY2M½`(ôçxKž½©UJÕ»ž=\ç÷ÈmO[ x+ñÛó jr4tš]Õ½šúwY2M½`(ôçxK­Þ+¢q–9Q$h;€ïÁ†î~QÔ4øÿgÙsônŽ`/½šúwY2M½`(ôçxK´“ŽÒÿsï1廾¾m»}˜ˆ©ûå%R¥ífRϽšúwY2M½`(ôçxK¶}¸Õ<’_ë­¯ÎCV l…÷>"En®NÖîwö©áŒ½šúwY2M½`(ôçxKÄpæ´R%:b56’IyÍÑ8àŽMÈov72æK ½šúwY2M½`(ôçxKÌs–Ñíüäžp×Úó- :/ëâ¬vº…7pá>ò½šúwY2M½`(ôçxKÎùüÎjÑœØ#k#°<ø?aL©k7’ù—Ó‡‘Ês™2 ½šúwY2M½`(ôçxK«îR(’ú²"´ÑT„a{ɇ\žå5;OôvW}‘‹½šúwY2M½`(ôçxKòTwFýµÙÙêæßE„…u+ëÏ)\6ÒsQE÷H‡½šúwY2M½`(ôçxK™lU•]û6˜†›Ü*pkÌv$hqk\½§)\ùˆA" ½šúwY2M½`(ôçxKkTIù‘ZiwB‹ßE±ØtÄø¨6µ½ü7=ôÀšúwY2M½`(ôçxKmMÁg?|ûo§]qsšýâ·„âäæõª0ö"¤Ä½šúwY2M½`(ôçxKË•¤Òàà*[VÐYÉò#Â2gSêŒDÒãúlD†b›ã‡©½šúwY2M½`(ôçxKÜ|ÈÑÜã«ßnb'ƒ5²#·€ð0Þ{4ˆ£ö£a´½šúwY2M½`(ôçxKˆÏ {Õß~Ñ õg4;éáƒuUw½Hl%Û&†€½šúwY2M½`(ôçxKÎe•!Í„˜úÙbå÷ UÅCfì Ça¦ ÇÄ¢v¤½šúwY2M½`(ôçxK)’ŽOao-rSéÕ©"’?MÁ·ŠX¾D™¹‚ìòp½šúwY2M½`(ôçxKØx÷c ±ä TxËW:ê Ž}áA#y:B8…‚B†·½šúwY2M½`(ôçxKÌ .'SìuÉîªÆ\9î¦úíWdé0ãYvÍ3-‘½šúwY2M½`(ôçxK{”ðP_7±›C*º¾.>08À,ëSF ¶ 5I½šúwY2M½`(ôçxKÏÒ¨ò;¼çBOJn'Þóhñ{oú"e( ’snp^ù½šúwY2M½`(ôçxKð³ÐÔÅEx€âÙ·rŽ¶KÒˆµÔ¢nȃóÀ”Šò”f½šúwY2M½`(ôçxKè†f·à¶ä‚ ú¨MZ„úBË]&cÈHÓX²‘2tº!½šúwY2M½`(ôçxK!UM;ùõ-<Ò—Ò}õbÀý ¿g8hóØÆÀdÜV ½šúwY2M½`(ôçxKøóŒOëéØä^q¤YÅ¿ñqu\4_aŸP< @^8Œœÿ%ÿ€ ’Vp‹:±KòêYeÆS ç&÷i†·’XSÑ>P< 0^8Œœÿ%ÿ€ ’Vp‹:±KòêYeÆS ç&÷i†·’XSÑ>P< ^8Œœÿ%ÿ€ ’Vp‹:±KòêYeÆS ç&÷i†·’XSÑ>P< ^8Œœÿ%ÿ€ I¤½çyG8ÆuÛvþÄHT…²éÉÉâê­â8 !^¦˜­ÛzátG’`ts'C^mÿ€ 1ïý•ÞõŽþåã"üš;\þ™ˆ˜I˜°4¾É8 à ^@—‹8‡ 2ZEˆ¤ÛO²JEÿ€ ‡Â¡¿› \™PyÐjÒp¥v_Þ)€©¢ŠÑÄÀX 8 € ^@%óH] ±³F¶+@€ËU™"ÿ€ ¿u;“¢…%Ä°û¾óP·Q±3ÃÇ:GÕXÛ˜8 à ^ ×öúÊ÷C¥FÉeÕõÿ€ ÜÐH8Èd/z‘­øáægúñϳRìå"bªÔÍ[®rw8 €)]@Ša¤1§¿×GŠÔS‰RÒNÿ€ íቯök$EB«Ïyì%^& ‘sºáËßY‡q„ÓñZ8 @Ë\@qª¨¨œ‹v€E”nQVÇqÜÿ€ QŸ­(î\ødhAnŽ«ãûœ£SVwN‚Bß!Õ[²Ï·ä8 €Ô\€«ÑN4;bÁHOºU’ÆË„eçÿ€ &ÿ2~Nô(‘~!/¾¸ü‹$ŠýÏõÇ÷Ë žªÍåÜ8 `Â\`—’-ß›z>áC§é1aÐOÕ,ÿ€ ß ¯í×ÐQaaÐ*dœ=܈ݣO`V`ÿVϥĩ@€¨8 )]z“Š ÛîWNNª}y#J}aÿ€ YÎWWš d°–ÿwôg#²“ñç©ìúdjw6a¡w’î„8 ÀË\àö¦äysíC”þãçV3b©ÿ€ 4r÷Pìm¦ŠÆ€G0×8Ãô±H—ãG„Rêbòm?8 PË\Àc”Ò8C‡)B‘;K‘ÖpýÍÿ€ ÖCn!™¼Ô+7ªŠ¡Ïa)Ä®¯ç‰·"•nƒ8 p)] ’Á§€§>ûDœ©Ÿ¹‹†pÿ€ …Áƒ¶÷)Mé¯v`F|ÊN%j©9ׯ§(X°[=8 °¤\€@®Í¹Wå"@ž½#Æë'åÿ€ ¤3ø·«Ï&}}eqZˆ‚r¸ æZ¼U9N¦çsŽ²i8 ÀÁ\à=¤Åäë»|{‚¨=ÿZ;¼*çïÉŠÒ7)ù¤ÄPU8 Â\@ð¯‰^kt[ÞN¢hv@AUÿ€ 0µN˜CÂ%òˆü*¢ »·©Š9²@ã„Œ¬ @ôIÝ8  Ë\  |lä†NGNbÁ—ž sÿ€ eJR¨åa7Rù“ö0áîN€–A;Ž0»[!8—u8 àÂ\€«ná¶}–>J¡u]|_“Ssÿ€ (ÍÖÊ+¢d 8œñF5É𗀂û¢H·v¥òÐW8 °¥\H„$5®ÉqÅJ‚+QÖz8²ÿ€ /õTQ/ˆ²õƒ#SB¿ha‰cÞÅ’â†}ÁùZËs/ðÖ8 ð“\` ;?R(:ëŒO¬ŠKR8®˜ñÿ€  ¶Ÿt§8@Üqâ(ð[æÊ¿KÊ&8Yñ]ªphÜÔ8 `Á\”Ê9/ºÜP‘GÏáZ@æVÿ€ AéA?‰[õ¶6{×­6G 1ùj%[ó1q:ËV–8 Â\âeäFܪiFª4#t.££ÿ€ „dxZ7(™þl{s(æ>]mó÷@ý€HûD‘ÿÁ=Q8 °Ë\àmלøˆíM§yí±bÂÿ€ B© ã„|‹4k¸.× ö€¶åù& Œ¯©*ÓÙ6Ü8 €Ë\`63KS3^5IžlvÆtˆTûÿ€ d\½¹´M ¤ Y±èüïzÕŒ­ùJJ3‘*È–T8 àÂ\ cè5¤ÈG-:VÚÍuÿ€ oL3_Ä—°5…dãõ€ M©4WLùÉáÔf<“U8 0¥\ Å™#Ÿ½YÙñKŠaßšUI®-ÿ€ оœeδFw}˜(?JðÒ–úhá½£“¸Ç3ëJYž8 ÀË\àýi§ª5{KÖOº©ºl!œÿ€ íyÝô¶fX&Kï]< ÖW¾_Ý2ÞŽÂ DhÅ ‘„ @Ô\ãd`\efi\Dell\System_Services\System_Services.efiÿ  ð¥½ÃüùëXКxÌØ0P]©´ðXlëOÚÉí:4Ÿ® ¦Ý?n§FO­)ôS=  6]€ Âi‰!ÊŸÐ)P¾5?rˆv3«P•¢Pñä6 má 8aßä‹Ê“Òª à˜+Œ BootOrder€ ¯h•(Ù¾T©h]ߟ‡2`V3Óј¯ÜËÖ?œ¦aßä‹Ê“Òª à˜+ŒvBoot0000bUbuntu*˜!ÂåµRæAšÊÇþK•4\EFI\ubuntu\shimx64.efiÿ€ «¬x`ö(%Ž·TEÚ;žió'?K®¤ˆØtT#íÄaßä‹Ê“Òª à˜+Œ”Boot0001`CIQ Custom Rocky Linux*ß‚ø•óPB¡ÌèK<¿2\EFI\rocky\shimx64.efiÿ€ i42·À^ó" ]¹{êëNi–.x5‚ ¶í3ÞaaÖ’aßä‹Ê“Òª à˜+ŒbBoot0002€Embedded NIC 1 Port 1 Partition 1E:†_xNÎÄÏõŸªÿ€ =gr´øNÔu•×*,L_ýõ»rÇPâo*®âÆV3º(Calling EFI Application from Boot Option ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ € ÍJpoÉ]ÎTrvïaÐ X¢Vc܈ê놰<¦ Dýò”—,J™.å»Ï ã”pÑo€ ‡/_ëÞ~ÐÆßà²`ofaÂè_Á¹R»è< öäEFI PART\¥"1ÎÿÆo"ÞÆo•(°U^TwD°¤ç’f©€€‹ P(s*ÁøÒºK É>É;ÂåµRæAšÊÇþK•ÿŸ!¯=ƃ„rGŽy=iØG}äõ÷^~7~@–2¯Ä  !ÿŸa¯=ƃ„rGŽy=iØG}äl¨ÝévPG©c yÉ aÿÆo€ rMæ„MÐþa‹¥wl{Ê(¾8¦TN$äNòY¹‡·«Î€X ЧZÀ84\EFI\ubuntu\shimx64.efiÿ  /k VGd̦t^Í—‰Žtí8‘ÇÆ<æñ}È&JMokList  Š:®PÕÒX8É\J­Î{TŒš•.·’^6nÚS|Yð MokListXà€ ’.“šUeyŠ^ñ/à‹I¿•Ž‰ Ì§¥6i=A£MDP«]`FàC«¶=ØÝ‹# SbatLevelsbat,1,2021030218   Kõ/4ETÅ;Þ.»ŒÒ·ãÑ` Ö1Ã…¥×ÌâU$>ì ǡDZÄ'(hd0,gpt2)/grub/x86_64-efi/command.lst  2ü]èÀ¥Ü ~¶ Ê1§~³GU9áÙzECÜ¡¹²lW"(hd0,gpt2)/grub/x86_64-efi/fs.lst  vo8©I'þ›{Áè ð6>wŽÆèúê'.uÓüC&(hd0,gpt2)/grub/x86_64-efi/crypto.lst  FøˆÅ/6ºù¶-`¼Bj1J­ZøjCb©%¡ßœ((hd0,gpt2)/grub/x86_64-efi/terminal.lst  GìõÁluVùm©ú/®…Æ{l:;¸È{äyÔ.grub_cmd: configfile (hd0,gpt2)/grub/grub.cfg  Ê;|Se&ìè»\ý ²NÁª±´ú¨\¢g”?É(hd0,gpt2)/grub/grub.cfg  ó¨ÛxY‚“)Ò9jë S¿üçhv18ÓãõPllP3)grub_cmd: [ -s (hd0,gpt2)/grub/grubenv ]  öA"…€dˆ^ðs>BÆ£ÒÓýd&q÷Û —Kˆ t0(hd0,gpt2)/grub/grubenv  :àÄŽBןMvç÷‡É#•XeÃ&;›&‹Ýe grub_cmd: set have_grubenv=true  ø¹Ÿw˜9è€HdÊÞ‘óaµ¶` ƒ/ë®øx¬‹DÒ~grub_cmd: load_env  öA"…€dˆ^ðs>BÆ£ÒÓýd&q÷Û —Kˆ t0(hd0,gpt2)/grub/grubenv  Ò¹)ƒæjÿ™˜/å¯Uàù'}Àø‡™4á{~AVžgrub_cmd: [ = 2 ]  ‚¤¡NC¤÷a®c(] ðZñ9ò`úå{, szó8+grub_cmd: [ = 1 ]  Î$¼¼ µÍG3Œ ÇÕõDmy“nD: –±’§½egrub_cmd: [ ]  :‰@¿&u}ó6Œ¶Ô\òuo2>uÚöš—ÒѼXgrub_cmd: set default=0  Eh6·X1¤-dZµ40/¹÷B­ª7·ýáR!]iâYûgrub_cmd: [ xy = xy ]  ñ}MûK—ñbFc,!±¬!%É\ˆ™î埻46U#grub_cmd: menuentry_id_option=--id  Jð»7 ž;y‚}àL“^2Õ+R€GküPÓm†^%grub_cmd: export menuentry_id_option  Î$¼¼ µÍG3Œ ÇÕõDmy“nD: –±’§½egrub_cmd: [ ]  Eh6·X1¤-dZµ40/¹÷B­ª7·ýáR!]iâYûgrub_cmd: [ xy = xy ]  ·;ø:£åðù~è€Ðý1äö,A€~JQK¢«9·3ºgrub_cmd: font=unicode  ûù…êšj~=½óK^îÆ¡MiÞ”`© ˆKšm8ü¬„}grub_cmd: loadfont unicode  gãøÔm´Hf -(úO`ß#éõT³ µ·6kgrub_cmd: set gfxmode=auto  v&«Ø¾tBÂåu6J>•Ë:;SÛz …VXò ŒÝÈmËPlq£Ngrub_cmd: insmod gfxterm  >š^6SO‘ÌCI÷…®^0îš:€uFˆ™š0grub_cmd: set locale_dir=(hd0,gpt2)/grub/locale  7êj“ý徔ߕʂY’þWØ™ë<¢ìÈÊ ngrub_cmd: set lang=en_US  ¬rõö#Ôr£p+*ܳà¸Ár—ÿ%)›£¢7«/grub_cmd: insmod gettext  ?=È DCk&‰NûÄ/t¾"À˜ìAE Xp]Ð,"grub_cmd: terminal_output gfxterm  ‚¤¡NC¤÷a®c(] ðZñ9ò`úå{, szó8+grub_cmd: [ = 1 ]  Eh6·X1¤-dZµ40/¹÷B­ª7·ýáR!]iâYûgrub_cmd: [ xy = xy ]  aÊ¥OÂK¨³ç›æ?7Zót$NNÞŽ `€ £ú_»#grub_cmd: set timeout_style=hidden  Ó§“ôq¶¿è׃õæ)1L­GcÔ‰†¨ÍMòTu3K@ô›grub_cmd: set timeout=0  |Ú•ý…‘‰ÐÇÂ̹ÀVr˜E‰ä€žÎæeÖ)Ï},grub_cmd: set menu_color_normal=white/black  oyŸàìµÄ»L•£ MÉ„” ;F>Â^DBF4Š*4grub_cmd: set menu_color_highlight=black/light-gray  ð´³Â1‚Ž¢úJ,üåïÉÑ^™ÿ¹ÆsIÁ07A¯grub_cmd: [ != 1 ]  úgsڶ̈́ã Î§©%"’4!ÍÕVB…IÉ3>?pT2grub_cmd: [ -e (hd0,gpt2)/grub/gfxblacklist.txt ]  òIça§ãuø¬õ‘BÁDL:¡¼Zqšçê¶ ;q  "grub_cmd: set linux_gfx_mode=keep  "àA%µNë2p$WYª>‹Ó·zd}¹ˆ¶±êüi`ªE grub_cmd: export linux_gfx_mode  e‚Ölu0'ã+ÈŸ¹},WŒ[Z:X8Þç€^^JQÎgrub_cmd: menuentry Ubuntu --class ubuntu --class gnu-linux --class gnu --class os --id gnulinux-simple-50122111-fc31-4bcf-bf60-75e9c6196f59 { recordfail load_video gfxmode $linux_gfx_mode insmod gzio if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi insmod part_gpt insmod ext2 search --no-floppy --fs-uuid --set=root 711ea75d-b827-4633-87ba-3abd566f09a8 linux /vmlinuz-6.9.0-rc7+ root=/dev/mapper/ubuntu--vg-ubuntu--lv ro nohibernate kvm_intel.tdx=on intel_iommu=on initrd /initrd.img-6.9.0-rc7+ }  ë˜ãÍ»…¯ë†Øüºs›ÈŽ§Y*Dkf×^]{›ÁÔ grub_cmd: submenu Advanced options for Ubuntu --id gnulinux-advanced-50122111-fc31-4bcf-bf60-75e9c6196f59 { menuentry 'Ubuntu, with Linux 6.9.0-rc7+' --class ubuntu --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-6.9.0-rc7+-advanced-50122111-fc31-4bcf-bf60-75e9c6196f59' { recordfail load_video gfxmode $linux_gfx_mode insmod gzio if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi insmod part_gpt insmod ext2 search --no-floppy --fs-uuid --set=root 711ea75d-b827-4633-87ba-3abd566f09a8 echo 'Loading Linux 6.9.0-rc7+ ...' linux /vmlinuz-6.9.0-rc7+ root=/dev/mapper/ubuntu--vg-ubuntu--lv ro nohibernate kvm_intel.tdx=on intel_iommu=on echo 'Loading initial ramdisk ...' initrd /initrd.img-6.9.0-rc7+ } menuentry 'Ubuntu, with Linux 6.9.0-rc7+ (recovery mode)' --class ubuntu --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-6.9.0-rc7+-recovery-50122111-fc31-4bcf-bf60-75e9c6196f59' { recordfail load_video insmod gzio if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi insmod part_gpt insmod ext2 search --no-floppy --fs-uuid --set=root 711ea75d-b827-4633-87ba-3abd566f09a8 echo 'Loading Linux 6.9.0-rc7+ ...' linux /vmlinuz-6.9.0-rc7+ root=/dev/mapper/ubuntu--vg-ubuntu--lv ro recovery nomodeset dis_ucode_ldr echo 'Loading initial ramdisk ...' initrd /initrd.img-6.9.0-rc7+ } menuentry 'Ubuntu, with Linux 6.8.0-58-generic' --class ubuntu --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-6.8.0-58-generic-advanced-50122111-fc31-4bcf-bf60-75e9c6196f59' { recordfail load_video gfxmode $linux_gfx_mode insmod gzio if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi insmod part_gpt insmod ext2 search --no-floppy --fs-uuid --set=root 711ea75d-b827-4633-87ba-3abd566f09a8 echo 'Loading Linux 6.8.0-58-generic ...' linux /vmlinuz-6.8.0-58-generic root=/dev/mapper/ubuntu--vg-ubuntu--lv ro nohibernate kvm_intel.tdx=on intel_iommu=on echo 'Loading initial ramdisk ...' initrd /initrd.img-6.8.0-58-generic } menuentry 'Ubuntu, with Linux 6.8.0-58-generic (recovery mode)' --class ubuntu --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-6.8.0-58-generic-recovery-50122111-fc31-4bcf-bf60-75e9c6196f59' { recordfail load_video insmod gzio if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi insmod part_gpt insmod ext2 search --no-floppy --fs-uuid --set=root 711ea75d-b827-4633-87ba-3abd566f09a8 echo 'Loading Linux 6.8.0-58-generic ...' linux /vmlinuz-6.8.0-58-generic root=/dev/mapper/ubuntu--vg-ubuntu--lv ro recovery nomodeset dis_ucode_ldr echo 'Loading initial ramdisk ...' initrd /initrd.img-6.8.0-58-generic } }  ]H~(W³mHïð>V8>F’Þ$¸g³ËV8>F’Þ$¸g³Ëí4Ù³£Ò`‘«Ygrub_cmd: [ -n true ]  Nz"ùk®F}ðòiuà¿vÖ¹)“0eºæ¨\e0ä`¿grub_cmd: [ -z ]  Î,Âwº;Ç[f!cëãp4MK®×_µ½@¶ºßgrub_cmd: save_env recordfail  v&«Ø¾tBÂåu6J>•Ë:;S?ÄÉ똢µÐoÌgrub_cmd: set gfxpayload=keep  µ]„»° ^»ÆÊÝjœ´›5¿ÌlNùÅ;fgrub_cmd: [ keep = keep ]  ÏÐ;6èoaq"çóÿèŸ|ðú§sñ¼í(÷ðÁú&grub_cmd: set vt_handoff=vt.handoff=7  lFtÔÆRîg¹Šb×TËòÕÜ ÚãÖn‚ǔė„grub_cmd: insmod gzio  †Thò佟 ÄÿÝ¡3_@]ßoñƒ³sõè’Mgrub_cmd: [ xefi = xxen ]  bÍv t.FÆÿFÎÝóa¨'þÆWYÂG”grub_cmd: insmod part_gpt  ¸8¤Ò† û±z·ö eY ›; ›1ØÒû grub_cmd: insmod ext2  Žq¡K3ÈeµV¹ôBFœ¤äÙú`Reå@ÝiåWgrub_cmd: search --no-floppy --fs-uuid --set=root 711ea75d-b827-4633-87ba-3abd566f09a8  tõÐÉT º["—ØåšÖ¾gòQ ýQÓLDM´ÿ‚Ë#zgrub_cmd: linux /vmlinuz-6.9.0-rc7+ root=/dev/mapper/ubuntu--vg-ubuntu--lv ro nohibernate kvm_intel.tdx=on intel_iommu=on  õ$Æ__±@/initrd.img-6.9.0-rc7+  ¯e˜tmÙlæ‘ín ¶Â\R´ä^® ﹸ¬Æ"í";LOADED_IMAGE::LoadOptions  M¿³Qý’ÚR¾7Š áÈ©œœi×>$Æ__±@ì"; Linux initrd€ Ø=k{…­5Ž³¶®j‡:·ï#¢cRÅÜOªZîÚÏ^´Exit Boot Services Invocation€ µOuBËØr¨ꃛ+t|~½^¦a\@ô/D¦Ûë (Exit Boot Services Returned with Successgo-tpm-tools-0.4.7/internal/test/eventlogs/glinux-alex.bin000066400000000000000000000370111510276467000236250ustar00rootroot00000000000000%Spec ID Event03  StartupLocality2¾ðÿ–”ùâWüµ8¹ªk ¾æ À(@ΓбŠ÷}E–XâQ,§=Y54â2f†y†ÌFIT Type 0x02 Measured S-CRTM™€?ŠúuUuÉßËÏa;HÁ#Uò M¾Ñ%Æw+^of$)€ì±ÊoJîêçè‰ñ;ÎèûFIT Type 0x07 Measured S-CRTMiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸FIT Type 0x2D Measured S-CRTMÄ/í­&‚ËùxAÃDç®3 Ôr @ C‚¸V€ù ?kꊴ}(=³+n«í»ñUûkT U@¤­Nô¿¸:bQ…è9G©¯ŒÞÞ[‹zÈmlp¡I bmª\Ø»Xìt%0™ †í¹oÁ0h?CTÖ9ÿ¨€WÍMÁ”BGZ¨'CHO;ªˆáB¸ Z¨'ÛÌûDÒ­žÏÚV½êb † ”¾Õ·¢{ºMØ5aßä‹Ê“Òª à˜+Œ SecureBoot€«ÎöÔÕ.ì«£p€f<í_’ åˆ>÷k‘›"UÆ)/=%‹¨oöîÁ €'3ɺ”örõFaßä‹Ê“Òª à˜+Œ"PK¡YÀ¥ä”§J‡µ«\+ðr" p!}óRVC›’=Ã/¥î0‚ò0‚Ú ”PÆjeh©E’£š?‚0  *†H†÷  010 ULENOVO0 161208071822Z 361208071821Z010 ULENOVO0‚"0  *†H†÷ ‚0‚ ‚°é4§u”Ó°1Ð!¢×O±¯3¶3 ÿ6 :¯Øgo½ ªž`Š6lëì]:û °e9/¶*v6”ÇÖXVÔhy)Âõ¶Šhd…€<º!G¥C6öJÊh™TZ{-¹… ?oÈDé–‚¶›¨wW>>dAÁk$~¥DdÖ9¼y, Çï9ä椣$ÔʲoØŠËå¼IgïÆñ§]®HÕ1í ¶E{”XþŽ±÷¬ PÌ{Ì8ÝÁÉ-i ȧH2tX0öõIYHêìù¦¬äAïãß–^yKŠ(QÐ*ÆÂ?óïüÍ!½‹æs±üÍôyäd AäNÚ߬³£F0D0BU;09€aúÄÖ`†*ïÈuû#Ø#¡010 ULENOVO‚”PÆjeh©E’£š?‚0  *†H†÷  ‚~xJ† Ódo€J Aï%*i[{\ßzÜ;1Ñ2ƒßGÎNÉòÕ—Ð#ŽžþÖc`9IŽhZ69np ç¸6wäìŒj5G‹ƒ˜²Õò¬™ŠÏ$“ º*‰È(ã<æjÍ_|3Žû°0ßa"c0ðÆ$2´är£x{0âÚñúd®è´ZtXÐô·éš{™í ¿ï¦¡¶^Æ­€^3ùç7Ž'Ä“ÜsÖÎOVî•g´ûÜ(w½6/bÝÈ¢0X÷ßèm|$õ¯]L|ÿß…×¢Þ*f=l7ÆŒ‰k-—Ïÿ8ñqoô5=ì~?'žÕ´I¹S]¼Ê€ð/¼sƒí|‰~ 2ö8â‚l cÀîxëI¹Â°7h¨'ëù±#pöXQ±šˆ;ó.¯*>aßä‹Ê“Òª à˜+ŒKEK¡YÀ¥ä”§J‡µ«\+ðrü½šúwY2M½`(ôçxK0‚è0‚Р a ш0  *†H†÷  0‘1 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110624204129Z 260624205129Z0€1 0 UUS10U Washington10URedmond10U Microsoft Corporation1*0(U!Microsoft Corporation KEK CA 20110‚"0  *†H†÷ ‚0‚ ‚Ä赊¿­W&°&ÃêçûWzD] ÚJåt*æ°ìmëì¹ãZc2|Oã §8“ŽÆõà„±š›,çõ·‘Ö áâÀ¨¬0ßHóPšd§QÈ…O †Îþ/áŸÿ‚ÀíéÍÎôSjb: C¹â%ýþùÔÄ«â#‰p·¤Mì®åœúÂ×ÁËÔèÄ/å™î$‹ìò‹êÃJûC ~µG’lÜæ‰ëõ3ë*qåùƒ<ÿ% /hvFÿºO¾Ü­q*XªûÒy=ä›e;Ì)*ŸürY¢ë®’ïö5€Æìä_ÌvÍïc’Á¯y@„y‡ãR¨è{i£‚O0‚K0 +‚70UbüCÍ >¤ËgÒ[ÙU¬{̶Š_0 +‚7  SubCA0 U†0Uÿ0ÿ0U#0€EfRCá~X¿ÖNž#U;:"j¨0\UU0S0Q O M†Khttp://crl.microsoft.com/pki/crl/products/MicCorThiParMarRoo_2010-10-05.crl0`+T0R0P+0†Dhttp://www.microsoft.com/pki/certs/MicCorThiParMarRoo_2010-10-05.crt0  *†H†÷  ‚Ô„ˆõ”Ê*<û*’ × ÑñèRf¨î¢µuzª-¤vZêy·¹7jQ{döádòg¾÷¨x½ºÎˆXd ÖWÈ£_ÖÛÆÐiÎHK2·ë]Ò0õÀõ¸ºx£+þ›Û4V„ì‚Ê®A%pœkéþ×–å甲* Kÿ(){÷×|¥Ñv¹Èyí’œÂþßo~l{ÔÁEÝ4Q–9å^VØ–ô¦B³ wýòqVÌŸ†#¤‡Ë¦ýX~Ôig‘~òå ‹Š<‡„ëãνCå­-„“Žj+Z|DúRªÈ-»àRßøš=Á`°á3µ£ˆÑe ç¬|¤Á‚‡N8±/ Ňoý.¼9¶çæÃàäÍ'„ï”Bï)‹FA;gØùCYeË ¼ý’Oôu;§©$üPA@yà-O j'vnRí–i{¯÷‡ÐE­Sû0ª76aÚJi4ØhíÖÏl” ÓÏl"y­±ð¼¢F`©ÄÂ!‚ñýòèy2`¿Ø¬¥"KÊÁØKë}?W5²æOu´°`"S®‘yÖ›A†Tp²Þ 5|°4rº—`;ðy뢲]¢¸‡Åéöµ—%o8Ÿã‘úŠy˜Ãi·£ —øÊ®×ÄóÀuk4 µ™`ó\°ÅWN6Ò2„¿ž€Y½Ô×¥—•\weoHÏu»Ûã m¶”΂Ž†éc(QM= r¹‰4˜þ¿ö,(5ËPXc˲×:=–E£¼ÚÐgeo?db¡YÀ¥ä”§J‡µ«\+ðr³—QHÜ&_áJšûøƒ»³^0‚ƒ0‚k  Hb4u’‡4•‡# M0  *†H†÷  0U1 0 UUS10U North Carolina10 U Lenovo10U Lenovo UEFI CA 20140 140124161424Z 340119161424Z0U1 0 UUS10U North Carolina10 U Lenovo10U Lenovo UEFI CA 20140‚"0  *†H†÷ ‚0‚ ‚¼;ƒ¸p°‹“JÈ*¯ɱ™Ee'< cßýð >(|åê-PžÒŠ"Ù´æ1T¾{eíª0Ë'AÊÃQ`g,ÿó†¬WçwgÛ&ÀŸjÓžS‡Ä‡gè­Yë=²’È?é ÄÔŽ”šad!gôóƒ¿é@éyüs˜?ãËÊÃ期'ž&üÍ/£[ê\è’-Á†8-Bì0F“âÐÎnî¡#1®~`wXƒy—ãkþØk ÆUឬìßž6&$òݤ›J®’[êJ.æDýðGb ¹±„'àÃ0ûQ+ÖkØ›2 jä«(‹ÅS°b”=hKô b}õûΠì‰ë*?¯¿4˽°±·ÏgøÈËóJDÿ,…ZÜ¡YÀ¥ä”§J‡µ«\+ðrE)QHÜ&_áJšûøƒ»³^0‚0‚ý  ÜpuªÛ^z0  *†H†÷  0d1 0 UUS10UNorth Carolina10U Morrisville10 U Lenovo10U  ThinkStation0 130730131326Z 330725131326Z0d1 0 UUS10UNorth Carolina10U Morrisville10 U Lenovo10U  ThinkStation0‚"0  *†H†÷ ‚0‚ ‚Ý¿w¤âU§*`¢¿Õwy¬ŽYƒ7T°Ñ¹ ±ÄÂ)Oõˆ¶·ÈúÀ r´Â%Î[?”ÿ»ôÒ¬Y=XY&Ú»¨_²E©¡°»'4xt¶@ØNïDRûˆöX© pø[Øå ¡L[‚ò‘z Éì?ô0FŸÓ¿.šUÆ òS~}ØЕh‰ç Ý;°V&˜-åS—¨?ó Ã\ªÙÃ€Ú ¤ €òÄ 3~í®J•Ì@‹§â„YáL¾å-´w©Ì³ ·þ¶L ‚Ï€ Xéìý>¾{Ó ¹ ‰Öu*ïöÛÉ&ñ~¸cD0I)óÖËs8nò)úÅå›ÜNÅ¢ç£É0Æ0UÍÛˆb^æâÆå¿Œ¶]0–U#Ž0‹€ÍÛˆb^æâÆå¿Œ¶]¡h¤f0d1 0 UUS10UNorth Carolina10U Morrisville10 U Lenovo10U  ThinkStation‚ ÜpuªÛ^z0 U0ÿ0  *†H†÷  ‚ÓZhÅ[ûšõÝæ(ü¾ÌR{–8« :¬S¨ºäƒJ!ðÝÚ§55Åå”ß/±¤ØAùXÚwiø›,2%KjÀä[DÜO’¨Ð­£jtÜ0ƒ(%²|bÛúb|[¡TF¡áºÂ·šÜªìîJq+L( |ÏN÷ {Dk¹SÖè»à¯‹—b%Ö~™~åònj{7–Æ îsŠ,¼ýɼ'XÂFa·ŽnØp‡·x ª³AÊJÝlôŠ4xÖy’áè¤ÅÔ©ÖšAÁã <¼ã¼Ñ˜jœìáWh¶²6žÝ‰ÂxNÌÚ’| }gqô?ïÄY{\AÊå¡YÀ¥ä”§J‡µ«\+ðr@$½šúwY2M½`(ôçxK0‚0‚ø  aÓÄ0  *†H†÷  0‘1 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110627212245Z 260627213245Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1+0)U"Microsoft Corporation UEFI CA 20110‚"0  *†H†÷ ‚0‚ ‚¥lLÇE jK ¤À‡u CTdàí’} ²s¿ ÆJEa Å-–Óõ+ ûMI›A€<¹Týæ¼ÑĤŠAŠ\Yƒh2»ŒGÉîq¼!OšŠ|ÿD?2²&H®uµîÉLJ~ä‚šxwM °½öÓÓ¼ú+¥Q8]õûºÛxÛÿì –Õƒ¸é¶À{@{á('ÉúïV^æ~”~ÀðD²y9åÚ²b‹M¿8pâh$É3¤7ÕXi^Ó|íÁSçN°*‡caocYê²+y× agŠ[ý^­‡º†gOqX"""΋ïTqÎP5Xv•îj±¢Õ£‚v0‚r0 +‚70# +‚7øÁk·wSJó%7N¡&{ p€0U­¿C ½‚pœŒÕO1nÕ"˜ŠÔ0 +‚7  SubCA0 U†0Uÿ0ÿ0U#0€EfRCá~X¿ÖNž#U;:"j¨0\UU0S0Q O M†Khttp://crl.microsoft.com/pki/crl/products/MicCorThiParMarRoo_2010-10-05.crl0`+T0R0P+0†Dhttp://www.microsoft.com/pki/certs/MicCorThiParMarRoo_2010-10-05.crt0  *†H†÷  ‚5Bÿ0ÌÎ÷v ­hX5)F2v'|ïA'BJªm8HYUóéX4¦ ‚ª]­‚Ú€ƒA´ò¹ó]ñPù³U„B( ½²®QÅÀ¬—•!Ûüwž•s‘ˆÊ½½R¹P ßWž aí åm%Ù@@ÈΣJÂM¯šT½Ç¼¹+=I+2üj!iO›È~B4ü6‹ @À³š%u'ÍÉ£ö]Ñç6Tz¹PµÓÑ¿»tßÜ€Õíô/k/ÞfŒ°#åÇ„ØíêÁ3‚­VK-ñh•ÍÏðrð®»Ý†…˜,!L3+ðJðh‡µ’U2u¡j‚j<£%¤í­×®ËØ@Y „Ñ•Lb‘"tŒ=GD¦ä°›45±ú¶S¨,ì¤qȸºèDfäGTŽV³Ÿ˜²†Ðh>#µ/^P…Æ‚_A¡ô. à™Òluä¶iµ!†úÑöâMÑÚ­,wS%27ÇlRr•†°ñ5ajõ²;PV¦2-þ¢‰ùB†'U¡‚ÊZ›ø0˜T¦G–%/È&äA”\?å–ã…[<>?»GrUâ%"±Ù{ç*£÷Fà Ö‰ã5'bq¦ïÐ'  Y7`ø8”¸àxpøºL†‡”öà®Eîe¶£~iu’›õ¦¼YƒX¡YÀ¥ä”§J‡µ«\+ðr뽚úwY2M½`(ôçxK0‚×0‚¿  avV0  *†H†÷  0ˆ1 0 UUS10U Washington10URedmond10U Microsoft Corporation1200U)Microsoft Root Certificate Authority 20100 111019184142Z 261019185142Z0„1 0 UUS10U Washington10URedmond10U Microsoft Corporation1.0,U%Microsoft Windows Production PCA 20110‚"0  *†H†÷ ‚0‚ ‚Ý »¢ä. ãçÅ÷–i¼!½i33ï­ËT€îƒ»Å „Ù÷Ò‹ó8°«¤­-|byÿãJ?5 pãÄçkàœÀ6uéŠ1ÝpåÜ7µtF–([‡`#,¿ÜG¥g÷Q'žrë¦É¹;S5|åÓì'¹‡þ¹É# o¨F‘Án–http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0  *†H†÷  ‚ü|qQ¥yÂn²ï9>¼«\`ìß¨Ó éôö–…¶QˆfG¢°=*hw»‘Lb{¶ÁǺz‡4Kbz™éÊüÎJ7É-¤W|þ=ܸZúÖij…:ê³Ùnäi!7ÞÑöugÓ“W^)9Èî-áÍäEs[ÐÒÎz«‚FXÐ^³g¯l5ò¼å?$â5¢ uöV™Ôx,ÑëЈªñߺ~,c·›#!ÄùxlâX6+‘̤Ùò-ºù”@íEñΊ\k>«Óp* jà_GÑÕc 2ò¯×6*pZåBYqKWº~ƒð!<ôÁŹ“ˆE“†é± ™¾˜ËÅ•¤]bÖ c ½uw}=óE¹Ÿ—ŸËW€o3©Ïw¤bY~€ž¶ƒ±­çBpÜ`ƒÝqjÌc£3  D´ÎJMÊšóÈ—ÜVî'Ã…ëˆ÷Ϲ +‚e[²˲×:=–E£¼ÚÐgeoŒdbx&ÄÁLP’@¬©Aù6“C(Œ0½šúwY2M½`(ôçxK€´Ùi1¿ ý‘¦ÑO¤Ræm²@Œ¨`MA’eŸ ½šúwY2M½`(ôçxKõ/ƒ£úœûÖ’r($ÛäE4Ò[…$k;•}¬nÎz½šúwY2M½`(ôçxKÅÙØ¡†âÈ- ¯ª*o.s‡ >d÷,Nïgyj„½½šúwY2M½`(ôçxK63„ÑM. xbd„ÄY­W£ïC–&`HÐXÅ¡›¿v½šúwY2M½`(ôçxK세Kle¥ ©¾q–R0! bÖÓ h2Û²Ò à'%'߶=IÒ•r¦ôL½šúwY2M½`(ôçxK^ê‰T‹ `²þíÚ< Çþ›Ík”覃¸R8½šúwY2M½`(ôçxKæƨXdo±ïÆyþ(±#gþ’æ¾+6™žÿ9О½šúwY2M½`(ôçxK ß_NQìx¹mÐ%ý¶†ãŸor’xRY›eœ&½šúwY2M½`(ôçxK »C’Ú¬z¸›0¤¬eu1¹{ú«ù ¯åù¶ë ct½šúwY2M½`(ôçxK “9v-ó6«=ФcßqZ9Ï°ô’F\`lk×½‰Œ½šúwY2M½`(ôçxK ¾Êo)ì o3}räˆK ³H˜:* ×?O½šúwY2M½`(ôçxK Éóû™–!HÃʃ62u>Ôü ¹[1æR*Í[ü½šúwY2M½`(ôçxKo¬êÏìýN0;tô€ €˜âЀ+“oŽÇtÎ!ó†hœ½šúwY2M½`(ôçxKN: [CƦ»Ó@O4=Ï9bgΔøµ.#©Ú’ ½šúwY2M½`(ôçxK34)ÿbퟗ>HÜîå-¾.ImTµÏÖÈdÒѽšúwY2M½`(ôçxK+™Ï&B.’þ6_¿Kà 'lžáKzoÿDû/ki™9½šúwY2M½`(ôçxK+¿,§¸ñÙ'îR¶û*]ÐI¸Z+›Rœ]fb°Uø½šúwY2M½`(ôçxK,sÙ3%ºmËå‰Ô¤Æ<[“UYï’ûðPíPÄâRñ}½šúwY2M½`(ôçxK.p‘g†¦÷sQ§«pµWÆ2.©#²¨Ó¹+Q¯}½šúwY2M½`(ôçxK0f(úTw0W(ºJF}çÐ8zTõiÓvŸÎ^uì‰Ò“½šúwY2M½`(ôçxK6íºõ­A¤¡wz¿/¯^g4g^Ù^i5‚ž ªÒ½šúwY2M½`(ôçxK8AÒ!6ƒ×\ æ!`9MlN g`¶ö¹b¼…[½šúwY2M½`(ôçxK?ΛŸß>ðTR°ù^ä·ðmt:syqUŽpjÎ>s½šúwY2M½`(ôçxKC—Úʃžc|µ ’ßC¼-/²¨õŸ&üzKÔÙu’½šúwY2M½`(ôçxKGÌa'⚆à:kï,ÔøÅZmkÛ6!hÃ,ã*Zß½šúwY2M½`(ôçxKQˆ1þs‚µÐ>Æ!"‹Š¶Ty½ ¿£ÅÁÐôœ0a5½šúwY2M½`(ôçxKZéIêˆUë“ä9ÛÆ[Ú.B…,/ßg‰úg6ãÃA+\½šúwY2M½`(ôçxKk€xäAŠ¦ë{³^`’ÏGžëŒäÍçÐrÌ´/f½šúwY2M½`(ôçxKlˆTGÕYâ“Q¸&Àl¸¿ï+”­585‡rÑ“ø.ÑʽšúwY2M½`(ôçxKo(ÿqÉÛÕ¯.{¿Ë«d|ÂeÝõ²“Ͷ&õ :x^½šúwY2M½`(ôçxKqòoÒ"I~T£Fb«$—üÈ wõhéãÙ¿Ëýcu½šúwY2M½`(ôçxKrk>¶Tj0óø=›–Îöpé¨ÑpŠqæ-Ä,#Á½šúwY2M½`(ôçxKrà½gÏ]V«Šß;ݼ‚¿2¨ØªŒ^/mò”(ÖؽšúwY2M½`(ôçxKx'¯™6,úðq}­ä±¿àCŠÑqÁZÝÂH·[øʤK²Å½šúwY2M½`(ôçxK¨¹e»„Ó‡k”)©TÌ•SϪØÈ£;ý3ÿð佚úwY2M½`(ôçxK‚Û;δöCΗÃч͛YAÍ=èXo+ÚV7W_g½šúwY2M½`(ôçxK‰Z—…öÊ~ÔOÁ¡G qóñ"8bÙÿÌ:âß’=¯½šúwY2M½`(ôçxKŠÖHYñ•µõ¯ª” jag¬ÖzˆnF“dr!ÅYE¹½šúwY2M½`(ôçxK‹ô4´žÌ÷¢ÍeËì;= <5¾P_ß{Õcõ!½šúwY2M½`(ôçxKŽ¢‰Ïç «seË(îQíÓ<òPmèˆû­Ö¿€H½šúwY2M½`(ôçxK™˜ÓcÄ‘¾½tº¹M’‘soܦC£fd¼1ZB½šúwY2M½`(ôçxKžJi1ah.Uýèþõ`ëˆìþܯfÀÊ÷²·4½šúwY2M½`(ôçxK¦µ6UÓ¢¯ G'Yykä¤ T•§ØiuLHH…t§½šúwY2M½`(ôçxK§ó/PN°þ­š~ùNѺ ì]æ÷ïoð¦+“¾ß]E½šúwY2M½`(ôçxK­h&á”m&Óêóh\ˆÙ}…Þ;MË=â®Ç`ÑùÂ$Q?¼eYW×5ú)õ@νšúwY2M½`(ôçxKØËë—5õg+6~O–ÍÇIia]JélrMBÎøóú½šúwY2M½`(ôçxKé,"ë;VBÖ\ÂÊòGÒYG8„D•oYâ°Ñú½šúwY2M½`(ôçxKýÝn=)ê„Çt=­JÛǵþÁ³‘ù2@†¬ÇÖÛؽšúwY2M½`(ôçxKþc¨Ox,ÉÓüòÌùüûÐ7`‡‡XÒb…íf›Ünm½šúwY2M½`(ôçxKþϲ2Ñ.™KmH],qgrŠ¥RY„­\¦u"š6½šúwY2M½`(ôçxKÊaJ~“”ŒÐþUÓ™ùÑ©nE AR'ÂÆ[½šúwY2M½`(ôçxKU¹› å=¼þHZ©Ç7Ï?¶ï=‘úµ™ª|«í§cµº½šúwY2M½`(ôçxKwÝ£ ˆÿ^; æb x  S^ˇæðˆŠ k/½šúwY2M½`(ôçxKÈ<±9"­™õ`tFuÝ7̔ܭZ˦G/î4qÙ9脽šúwY2M½`(ôçxK;‡S> ÃÐì¨#Ëð©AªØryÑÄ™€-Ñæ6¸©½šúwY2M½`(ôçxK“šîôõúQâ3@ÃòäHΈrRjý÷Rçó£ò¼Ÿ`I½šúwY2M½`(ôçxKdW[Ùxš.­Vö4R¯kø ùDxYuéðN-d×E½šúwY2M½`(ôçxKEÇÈ®u Ï»Hü7R}dÝdM®Ø‘<ÍŠ$ÉM…igߎiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸€·SýÂ-l(DôëÀ“Ð.™XÍC 蘟ZY Ò8"B5oñº£ŠBýÉiOb5˜qkgHdT­_ðý4 ÐA PðÿùÿiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸iÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸iÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸iÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸iÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸iÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸iÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸€6@ ˆPª{ eóÉúâ™w!¥ g¸¿Ì&ůZà \ {“©'Œ9ÅÔNU§®è¼Å3cdEFI PART\$'Np¯ž;"Žž;ÕDkRÎVG¼F43%|[€€ XTHah!IdontNeedEFIÍâGÛ°³Cšv:öŒÁ%ÿ(s*ÁøÒºK É>É;°—f@ÎOK°Æ+Îx„·gÿ=EFI System Partition¯=ƃ„rGŽy=iØG}ä"j-ÕD±‹¬µ³"=&=ÿz¯=ƃ„rGŽy=iØG}ä×>{îêhFÖ÷]ã&? zÿž;€Ò÷”kÎbâÙ‰ ^Ïñ×c¼» [—žf¹z>Ÿ×°Ãb„A¡5A×J~%ˆ>ÔR”Q%ª<aßä‹Ê“Òª à˜+Œ BootOrder€ìñTY·¤ìl$Âg²%ŒÕu ¯¤!÷¶’±×I'ì¹@ü,³°´@tì.òÉÝ!¦aßä‹Ê“Òª à˜+ŒvBoot0001bdebian*=°—f@ÎOK°Æ+Îx„·g4\EFI\DEBIAN\GRUBX64.EFIÿ€.¹J½P1†ì[ëÑŃ|[™ÿ˜ ‘!<–šž’b»Í†>3çÇOd€>:ñúÁÞèÎ÷•”|aßä‹Ê“Òª à˜+ŒLBoot0002ÒUEFI: PXE IPv4 Intel(R) Ethernet Connection (2) I219-LM ÐA  %¤®ùà ÿxïGd-É; A¬MQÐLæPXE IPv4 Intel(R) Ethernet Connection (2) I219-LMÿBO€£×Uy2ތޫUñ³6×i)Vg Ãëp¸!¬¯n³c¹pÁ N‹ƒ¿=ï`ÇíÁ©–Zaßä‹Ê“Òª à˜+ŒmBoot0003óUEFI: PXE IPv6 Intel(R) Ethernet Connection (2) I219-LM ÐA  %¤®ùà <@ÿxïGd-É; A¬MQÐLæPXE IPv6 Intel(R) Ethernet Connection (2) I219-LMÿBO€_wloR_ÓDliÅê~„A>Sæ óÄÊØI/¹åôÜ[ͯ¾O¡ïaÔß³w3xÚaŒaßä‹Ê“Òª à˜+Œ\Boot0006 0Generic Usb Deviceçuâ™ u7K¢æÅ8^lËÿçuâ™ u7K¢æÅ8^lËÿ€¶e©å²W]~ìÖÅñ3±¸î‹»ç¾ ùQïì-+So£Ì.SÏQ[?V>/žUy#SôÕ¼Jƒ‚aßä‹Ê“Òª à˜+ŒRBoot0007 0CD/DVD Deviceçuâ™ u7K¢æÅ8^lËÿçuâ™ u7K¢æÅ8^lËÿ€¤— &—Iªa6@hä¼£Ö)^ ƒÕvÒ·+ïhG¡l¢ ÈoljíÇŽÙÚµÇ䟪à6^ Š ÐA %8Œ‘¹nþ*=°—f@ÎOK°Æ+Îx„·g4\EFI\DEBIAN\GRUBX64.EFIÿgo-tpm-tools-0.4.7/internal/test/eventlogs/rhel8-uefi.bin000066400000000000000000001023621510276467000233420ustar00rootroot00000000000000)Spec ID Event03 0?p‹Û¯òfUµ@6GL  Ðüñ2¨ûõ¤á¥Œ×MÒ5}çP;[jýZy‰©Ž¾ m±‚.BÏ’4ö§ŠÅËIô›ÁÄ9?71a!‹¶ߊ÷¦ŒΦ‚ae‰¿ c0GCE Virtual Firmware v1žŠ÷Bqð@’U'Ár7i¬þ~ {tÞ£Lé´—U««èºÉ­R=ZÝìN/¢˜ã®hý'o §Mæ'¤­+{FñÔ (ë?^àU«Éˆ?,§Ù¾ßŽÈÈHüåª Ò/PÎxõ»ñ^ GCE NonHostInfo€ÔýÑñM@AIMëÉÄSCÒ'} ÌüK³(ˆ£E¼ŠêÚºU+b}™4Œvv«1Aõ°@¤ ,ÞÐÆôSÔÆõœ^ìa«Æ°1E@¢6|º2jRª+1\ÌÎh¨Î Æï*Çå®5aßä‹Ê“Òª à˜+Œ SecureBoot€Z½”«ó>4§›=“ÓPçBØìØ Û»ã—fX…eÅ̘¢®¶äJ‘xÉñ“[ÒAóƒrD„» §cU<–w Ó¥æøàÁïÍòUZ÷Sú:jþCë{* ô¦øØäÝE–hó°àJaßä‹Ê“Òª à˜+Œ&PK¡YÀ¥ä”§J‡µ«\+ðr& ÒúÒˆ¤G—’[ªG»‰0‚ö0‚Þ  ÕJègƒ]ê0  *†H†÷  010 U newpk0 180821215115Z 180920215115Z010 U newpk0‚"0  *†H†÷ ‚0‚ ‚̹Õ|ømkcêÉbô “Éþã|,EÎ…RRH|ûC&¿ ¥‰°òÝÇ6èi•ªŒoТ#o4ÂO±žkÆú¸”ÁœŽp‡‘BÎi!“}ÚuŸ¿1 PÁï€#û¾;Vã ×Gê0¯Ô]©c‰¢ü9á–¡‡Ã=&²Ó¢lìÈ—×ÎÚ겕<³ÎŠÏÚ:Qˆ?%°K>ÌÝùÚÛQÕ‘š¡½ˆâñ´ñ³’·ãgæ­ŒjÜ'?ÜÔNlÁ½ïÞV*ÚY` yÓ©|WýQa7}ä·n•ðR›CžÜH<ͼ9Ÿ£èG F¸6Ü’³•¨ÎJãF#XK£S0Q0U˜P„Bó/Û—‚'(—t1F^`ËÅ0U#0€˜P„Bó/Û—‚'(—t1F^`ËÅ0Uÿ0ÿ0  *†H†÷  ‚Š¡R?ªç½°$«‹­2°Iý{4Ë;€v`=ŽÜÊkiÂ[”踜Œ,×¼¬}‚YõÄ.¢l¥ì˜ð1#6øË0ƒg::+b!`,ºõ.ù(nÊfpX(†gi„l'X%œPép¸`nT…J¯mE¦[4ü&M<á»$.yàÑȬ|Ù8GCk3PWãsž¦‡ÝÃâJüs{K ‡Çƒ 6Zêi‡@„ ,”€/=®=ËpÄ5¹>q²£Æ­Ø$?}`«o îzšÏuŸèL«ÍQ‡hX3²Ù¼8%*˜KEûg3›%œ?¬¤CDÌÍÓÈ ná€ðPy¶ÌBé.èZtÙÂviÀâ b&GØ[Šd}-.f‚Áb {l¦·"ZfWÂVµ‚ À§¦@“íy΋V—=ÞöÚ‘¿ ëW’³ÈBB7Bµ)C¥‹ß#(¤4“~2xˆ>aßä‹Ê“Òª à˜+ŒKEK¡YÀ¥ä”§J‡µ«\+ðrüÒúÒˆ¤G—’[ªG»‰0‚è0‚Р a ш0  *†H†÷  0‘1 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110624204129Z 260624205129Z0€1 0 UUS10U Washington10URedmond10U Microsoft Corporation1*0(U!Microsoft Corporation KEK CA 20110‚"0  *†H†÷ ‚0‚ ‚Ä赊¿­W&°&ÃêçûWzD] ÚJåt*æ°ìmëì¹ãZc2|Oã §8“ŽÆõà„±š›,çõ·‘Ö áâÀ¨¬0ßHóPšd§QÈ…O †Îþ/áŸÿ‚ÀíéÍÎôSjb: C¹â%ýþùÔÄ«â#‰p·¤Mì®åœúÂ×ÁËÔèÄ/å™î$‹ìò‹êÃJûC ~µG’lÜæ‰ëõ3ë*qåùƒ<ÿ% /hvFÿºO¾Ü­q*XªûÒy=ä›e;Ì)*ŸürY¢ë®’ïö5€Æìä_ÌvÍïc’Á¯y@„y‡ãR¨è{i£‚O0‚K0 +‚70UbüCÍ >¤ËgÒ[ÙU¬{̶Š_0 +‚7  SubCA0 U†0Uÿ0ÿ0U#0€EfRCá~X¿ÖNž#U;:"j¨0\UU0S0Q O M†Khttp://crl.microsoft.com/pki/crl/products/MicCorThiParMarRoo_2010-10-05.crl0`+T0R0P+0†Dhttp://www.microsoft.com/pki/certs/MicCorThiParMarRoo_2010-10-05.crt0  *†H†÷  ‚Ô„ˆõ”Ê*<û*’ × ÑñèRf¨î¢µuzª-¤vZêy·¹7jQ{döádòg¾÷¨x½ºÎˆXd ÖWÈ£_ÖÛÆÐiÎHK2·ë]Ò0õÀõ¸ºx£+þ›Û4V„ì‚Ê®A%pœkéþ×–å甲* Kÿ(){÷×|¥Ñv¹Èyí’œÂþßo~l{ÔÁEÝ4Q–9å^VØ–ô¦B³ wýòqVÌŸ†#¤‡Ë¦ýX~Ôig‘~òå ‹Š<‡„ëãνCå­-„“Žj+Z|DúRªÈ-»àRßøš=Á`°á3µ£ˆÑe ç¬|¤Á‚‡N8±/ Ňoý.¼9¶çæÃàäÍ'„ï”Bï)‹FA;gØùCYeË ¼ý’Oôu;§©$üPA@yà-O j'vnRí–i{¯÷‡ÐE­Sû0ª76aÚJi4ØhíÖÏl” ÓÏl"y­±ð¼¢F`©ÄÂ!‚ñýòèy2`¿Ø¬¥"KÊÁØKë}?W5²æOu´°`"S®‘yÖ›A†Tp²Þ 5|°4rº—`;ðy뢲]¢¸‡Åéöµ—%o8Ÿã‘úŠy˜Ãi·£ —øÊ®×ÄóÀuk4 µ™`ó\°ÅWN6Ò2„¿ž€ ¢œ'û¢a€`³"ÇÉr bº8ÄŠ”bù‡tņéÙTç)!³¥%A$¶62̯Z 5 Íbº¾öúà[î|<å(ó(yÓwŒ6ù»ñêóbB:؛Ȧ’ƒ­(!Åü7k ˲×:=–E£¼ÚÐgeoG db¡YÀ¥ä”§J‡µ«\+ðr@$ÒúÒˆ¤G—’[ªG»‰0‚0‚ø  aÓÄ0  *†H†÷  0‘1 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110627212245Z 260627213245Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1+0)U"Microsoft Corporation UEFI CA 20110‚"0  *†H†÷ ‚0‚ ‚¥lLÇE jK ¤À‡u CTdàí’} ²s¿ ÆJEa Å-–Óõ+ ûMI›A€<¹Týæ¼ÑĤŠAŠ\Yƒh2»ŒGÉîq¼!OšŠ|ÿD?2²&H®uµîÉLJ~ä‚šxwM °½öÓÓ¼ú+¥Q8]õûºÛxÛÿì –Õƒ¸é¶À{@{á('ÉúïV^æ~”~ÀðD²y9åÚ²b‹M¿8pâh$É3¤7ÕXi^Ó|íÁSçN°*‡caocYê²+y× agŠ[ý^­‡º†gOqX"""΋ïTqÎP5Xv•îj±¢Õ£‚v0‚r0 +‚70# +‚7øÁk·wSJó%7N¡&{ p€0U­¿C ½‚pœŒÕO1nÕ"˜ŠÔ0 +‚7  SubCA0 U†0Uÿ0ÿ0U#0€EfRCá~X¿ÖNž#U;:"j¨0\UU0S0Q O M†Khttp://crl.microsoft.com/pki/crl/products/MicCorThiParMarRoo_2010-10-05.crl0`+T0R0P+0†Dhttp://www.microsoft.com/pki/certs/MicCorThiParMarRoo_2010-10-05.crt0  *†H†÷  ‚5Bÿ0ÌÎ÷v ­hX5)F2v'|ïA'BJªm8HYUóéX4¦ ‚ª]­‚Ú€ƒA´ò¹ó]ñPù³U„B( ½²®QÅÀ¬—•!Ûüwž•s‘ˆÊ½½R¹P ßWž aí åm%Ù@@ÈΣJÂM¯šT½Ç¼¹+=I+2üj!iO›È~B4ü6‹ @À³š%u'ÍÉ£ö]Ñç6Tz¹PµÓÑ¿»tßÜ€Õíô/k/ÞfŒ°#åÇ„ØíêÁ3‚­VK-ñh•ÍÏðrð®»Ý†…˜,!L3+ðJðh‡µ’U2u¡j‚j<£%¤í­×®ËØ@Y „Ñ•Lb‘"tŒ=GD¦ä°›45±ú¶S¨,ì¤qȸºèDfäGTŽV³Ÿ˜²†Ðh>#µ/^P…Æ‚_A¡ô. à™Òluä¶iµ!†úÑöâMÑÚ­,wS%27ÇlRr•†°ñ5ajõ²;PV¦2-þ¢‰ùB†'U¡‚ÊZ›ø0˜T¦G–%/È&äA”\?å–ã…[<>?»GrUâ%"±Ù{ç*£÷Fà Ö‰ã5'bq¦ïÐ'  Y7`ø8”¸àxpøºL†‡”öà®Eîe¶£~iu’›õ¦¼YƒX¡YÀ¥ä”§J‡µ«\+ðrëÒúÒˆ¤G—’[ªG»‰0‚×0‚¿  avV0  *†H†÷  0ˆ1 0 UUS10U Washington10URedmond10U Microsoft Corporation1200U)Microsoft Root Certificate Authority 20100 111019184142Z 261019185142Z0„1 0 UUS10U Washington10URedmond10U Microsoft Corporation1.0,U%Microsoft Windows Production PCA 20110‚"0  *†H†÷ ‚0‚ ‚Ý »¢ä. ãçÅ÷–i¼!½i33ï­ËT€îƒ»Å „Ù÷Ò‹ó8°«¤­-|byÿãJ?5 pãÄçkàœÀ6uéŠ1ÝpåÜ7µtF–([‡`#,¿ÜG¥g÷Q'žrë¦É¹;S5|åÓì'¹‡þ¹É# o¨F‘Án–http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0  *†H†÷  ‚ü|qQ¥yÂn²ï9>¼«\`ìß¨Ó éôö–…¶QˆfG¢°=*hw»‘Lb{¶ÁǺz‡4Kbz™éÊüÎJ7É-¤W|þ=ܸZúÖij…:ê³Ùnäi!7ÞÑöugÓ“W^)9Èî-áÍäEs[ÐÒÎz«‚FXÐ^³g¯l5ò¼å?$â5¢ uöV™Ôx,ÑëЈªñߺ~,c·›#!ÄùxlâX6+‘̤Ùò-ºù”@íEñΊ\k>«Óp* jà_GÑÕc 2ò¯×6*pZåBYqKWº~ƒð!<ôÁŹ“ˆE“†é± ™¾˜ËÅ•¤]bÖ c ½uw}=óE¹Ÿ—ŸËW€o3©Ïw¤bY~€^÷‡€f„Q®ß›¥|û^œå´ „£kV‘¹s@{   "¹¬^ÌQÑúä_ô:å@ɼ› B…%-•JA©xŽåÅN¦àñàßóœ|¨ˆÏÒÓzKxˆóŠ, c6ß—.ÖË­ÙÆ.˲×:=–E£¼ÚÐgeo .dbx¡YÀ¥ä”§J‡µ«\+ðrP4½šúwY2M½`(ôçxK0‚ 0‚ 0  *†H†÷  0„1 0 UGB10U Isle of Man10U Douglas10U Canonical Ltd.1402U +Canonical Ltd. Master Certificate Authority0 120412113908Z 420411113908Z01 0 UGB10U Isle of Man10U Canonical Ltd.10U Secure Boot1+0)U "Canonical Ltd. Secure Boot Signing0‚"0  *†H†÷ ‚0‚ ‚É_›b °d‚¬¾ÉâbãKÒŸŠÕa+]8ô·Î¹š¸C¸C—w«O pF ümÆmê€^Ò·f‡Þ mÐA—¨¥¯ cO÷|ÂRÌ 1©»‰]™FoUs¹viì×Áü!ÖÆçO½"Þä¨[-Û•4—Ö(K!LÊ»y¦Zùgæ\xE=m°Y&ÅWãN‚ºö,NÈ7Mÿ…„Gàí;|¼¯é§ oÃé£Î¾¦ãÍ<µX,žÂ`"79ÿAÁ)¤eQÿ34ªBù•xü-õÚŠ…|‚û7,k¥¨ß|U €.<°cáÍ8H‰è ‚¼ýÔh>ÙÝ”£ 00 Uÿ00U%0+ +‚7 0, `†H†øB OpenSSL Generated Certificate0UaH*¢ƒ ²­Zñ rPÚ3ÝÎð0U#0€­‘™ Â*±õŒ#¶eZ&Ž4Zc0  *†H†÷  ‚Š¡)· JÕÅý«%êÀ}âüj– y“gî%%äZöªñó‡^ñZ\Ë#se¹Þ"kÖIgÉ£Æ×bN\µùƒ@܇œaB"Ä*\NÅ£âàR²ëô‹+Ü89]ûˆ¡Ve_+O&ÿxëŒ]2ãÆE¯%› ÿŽïG £é‹7’’iv~4;’gN°%í¼^_´ÖÊ@ÿäâ1# …%® UìåG^ß[¼3ãÆõ¶Ù÷ݳ´¡1ÓZ\]}>¿ ääè´Y};´Œ£µ £¹>„oŒ!Ã9¡YÀ¥ä”§J‡µ«\+ðr¸œ½šúwY2M½`(ôçxK0‚ˆ0‚p  9\§’zPÂ0  *†H†÷  0A10U Toliman10 U Cisco10UVirtual UEFI Root CA0  180403174734Z20990403161930Z0?10 U Cisco10U Antares10U Virtual UEFI SubCA0‚"0  *†H†÷ ‚0‚ ‚¸M†Ð!¢+Ÿ ¦w˜1\WÀë>“aòe~Ñæˆ"Í¥‹O/øKh‘ïLQÂ÷gôF§‰ýBá¤ÎKj)g@ÈgìéàÞüðâ­EðÒ¨W»‹ £ŠsUãWÓüÂÄêPú‚IHf±x+¢GUH%Ìm".a—•¯›.MX¶~xùú²['Þ}¢¾ ¬sì—°^ííå¥u?xàqÎ/΃íS10˜Næù¢ˆˆ¦#| ·T:•í^y^Nþͪނüö–qNII¹Óé°«×*G·S0'|Üf˜ oÑ~õ=>Ô¢jˆY//=ÈÆ(ÞBþÙR=$Âü@˜öv¿Œ»e£9070 `†H†øB0U%0  +‚7 0 U€0  *†H†÷  ‚W¤`L)éò}k\“ÛÌlŸ?iHšuÞdóƒJ ©&!îéV]á>ÙuËÌ¿Mäè‰=~B‡@ÃÕàqyÜláqbǘÂË' /ŸÌìú‹²ó žóòÃÉŸÛ%“¤Í»åŽô×U¨´uA1ýN] Â¬ÅÞFçÜÏÕèG“Œ2ÍDÕtÇ0šW¥VÐ~Ï´ôó)ùÛ›SÒ½/­ju&Edºº(–‡Ž·ðyWúzd÷,Nïgyj„½½šúwY2M½`(ôçxK세Kle¥ ©¾q–R0! bÖÓ h2Û²Ò à'%'߶=IÒ•r¦ôL½šúwY2M½`(ôçxKo¬êÏìýN0;tô€ €˜âЀ+“oŽÇtÎ!ó†hœ½šúwY2M½`(ôçxKN: [CƦ»Ó@O4=Ï9bgΔøµ.#©Ú’ ½šúwY2M½`(ôçxK+™Ï&B.’þ6_¿Kà 'lžáKzoÿDû/ki™9½šúwY2M½`(ôçxK.p‘g†¦÷sQ§«pµWÆ2.©#²¨Ó¹+Q¯}½šúwY2M½`(ôçxK?ΛŸß>ðTR°ù^ä·ðmt:syqUŽpjÎ>s½šúwY2M½`(ôçxKGÌa'⚆à:kï,ÔøÅZmkÛ6!hÃ,ã*Zß½šúwY2M½`(ôçxKqòoÒ"I~T£Fb«$—üÈ wõhéãÙ¿Ëýcu½šúwY2M½`(ôçxK‚Û;δöCΗÃч͛YAÍ=èXo+ÚV7W_g½šúwY2M½`(ôçxKŠÖHYñ•µõ¯ª” jag¬ÖzˆnF“dr!ÅYE¹½šúwY2M½`(ôçxKŽ¢‰Ïç «seË(îQíÓ<òPmèˆû­Ö¿€H½šúwY2M½`(ôçxK®ë®1Q's핪.g9í1©…g0:3"˜ø7 ©ÕZ¡½šúwY2M½`(ôçxKÄ ½¬Gu­ØÛ’ª"µ·ûŒ”¡F,餹]Š3ˆÂü½šúwY2M½`(ôçxKÆÁ¨±î*(µ¨Lƒ×É‹[ '(aëæ’–½šúwY2M½`(ôçxKÉ3f¸çùƒ—TÉ—ñ së&Ø¡ ¹ã½¿Æg«Û‹½šúwY2M½`(ôçxKdW[Ùxš.­Vö4R¯kø ùDxYuéðN-d×E½šúwY2M½`(ôçxKEÇÈ®u Ï»Hü7R}dÝdM®Ø‘<ÍŠ$ÉM…igߎ½šúwY2M½`(ôçxKØûLž.z‚%ekK‚s·Ë¤°>òéë à )$졺†½šúwY2M½`(ôçxK¹*ò˜Ü›xÇt’ÖUq ×*­£×{åF ä2xïnM½šúwY2M½`(ôçxKᮃÀ.o(XÔëÑw#´õê5yÕD=ìÅù<½šúwY2M½`(ôçxK9ÛÂ(ŽôK_•3,·wãè@Û¦€cJ¨õɱ½šúwY2M½`(ôçxK2õ” ¢Ø¢ÁEæü‰df(ÿÌ|zBÊå3})Ä ½½šúwY2M½`(ôçxKÔ_Ë£–®ó>èöì®X¯èGj( &üqö!}ÏIº/½šúwY2M½`(ôçxKK†h¥Ôe¼ÝªüÿBOËЮÎ2üp¨>‘`èŸ ½šúwY2M½`(ôçxK‰óÑöä…Ã4Í •ãÍýÀq±„˜T„zDÜUHâÜû½šúwY2M½`(ôçxKÉì5ònUšÿ´ âëÞT5L5©˜`[Ï—-U½šúwY2M½`(ôçxK³å4¿kW†—3“Ÿ$¶k¤eã^‘°6**ÍépI½šúwY2M½`(ôçxKŸcíWÔ´.ñ f±D¦[¡¶WùKŽ²ðÄÍ`Á½šúwY2M½`(ôçxKÝY¯VDãŒcûà…0 ÍwF*!’Y°[ÂYæs½šúwY2M½`(ôçxKÛ¯žm=[8¶…S0J¼ˆ‚~¼ø ¹Çá—ͼX"Í1l½šúwY2M½`(ôçxKeóÀ „Ób¹r.˜÷^^™ln“O{+.kæÞÈ콚úwY2M½`(ôçxK[$Ž‘=q…==¥®ÝšKÅz‘q&W8û_Ë-†¢ñȆ½šúwY2M½`(ôçxK&yeãAòϨƒF 5Vª¯w§ kÄ„É0tl÷µ½šúwY2M½`(ôçxK»ÑmSco##§¨o=ÿ–Ÿ„ˆÀWKÂׇþÉ?½šúwY2M½`(ôçxK à!ö|~ø_Ní6¿p’8 <#Ê‘ýC ”° ½šúwY2M½`(ôçxK•ŸA7Ç°Òvq•åos€}:Üøöç¿-M™0_‰½šúwY2M½`(ôçxKæ!jÊïd@¥Uì¾Ù@±¥òVší’•a7®XH.ñ·½šúwY2M½`(ôçxKnþþ [G‹{”LÓ¨¬¢Ì¤ ˆˆâŸŠËX$׺°½šúwY2M½`(ôçxK®LÔzAǃÜHóBÀvÂÁo4ôÒßPÑÊ;µ­…½šúwY2M½`(ôçxKØÔæÝöä-t¦¥6êbýä) \ž\6•£Bïµõ¤½šúwY2M½`(ôçxKòw¯O›Ü‘ŠèŸ£\Á³N4˜L®—e2,<°IWM6Pœ½šúwY2M½`(ôçxK ÂLuëïV¹ñ:¹Þ`âì¡ÄQ4⻳lö T›#L½šúwY2M½`(ôçxKƒXò¥W-pYµÈcPU(’éEbo_Éʬ÷½èW¤½šúwY2M½`(ôçxKºßõäðþ§p¨û"äÄ8!ã! õ-OtÝPñÐ9¼½šúwY2M½`(ôçxKÄR«„`sßZÎ%̦Mkz Ù0ŠeëR@ãÄëÊ©Ì ½šúwY2M½`(ôçxKñ†>È·ô?”­û ‹JiIzŒeì¼*Uà»Bw+ŒÜ‘½šúwY2M½`(ôçxK{ÉËTcε^¸ºwѬ҃Ä?JW`<Áò,ëÅy½šúwY2M½`(ôçxKè9]¾WèQx´ºõ¢Wðn‘!¦|Y_jâ%ý½šúwY2M½`(ôçxK´ÜÊòÈϧ´“Žqþ+–‘ä!oÙT(g-l~s½šúwY2M½`(ôçxK>Î'˳ìD8Ìå#¹'Äð_Ü\Y:7fÛ˜L^Cz?ö¡k½šúwY2M½`(ôçxKhîF2ǾfÈ>‰Ý“ê¿E´ÂÇ-}ÇIš¢ C½šúwY2M½`(ôçxKâK1ZUqH=‹s³-áMáë.«!ý-œ1Ÿõ^нšúwY2M½`(ôçxKç :´ìˆUì¥)7ØKZÂOˆ&kRpçì´ª%8½šúwY2M½`(ôçxK~¬€©ÈLÔ¯ìc‰ÙN±h¨UyQ¤Õ9°q0(U+kŒ½šúwY2M½`(ôçxKçh1!êg÷K¼°ÍÅåp,ŒÅ_¶]p-û©Hµô½šúwY2M½`(ôçxKÜÌ<áÀä°±‡Ór úGõÂoW£Y¾{'€N¬ºÄ½šúwY2M½`(ôçxKWÿq*䉳t“Àv§Í©a)بýhÒ¶¯c91]½šúwY2M½`(ôçxK:‘ðùå(¢™L}“ ,^áLèáÈ0Jä•­ÅŒÄE< ½šúwY2M½`(ôçxKISyl›òQ «¥³Õ~+…××d4ìuº£…t彚úwY2M½`(ôçxK¨²Éu뫧ÛÞ^éiÀêî*1Ë‘¨gV¦·p½šúwY2M½`(ôçxKŽSïÜøRÎå¦é)1¼Bæ<ÓöI̧èrRäY– ½šúwY2M½`(ôçxKŸ¤Õ?Ô>ÊÿBº~CS%+~^rµ nÿ€'ÖmC½šúwY2M½`(ôçxKÓrÀÐôýÉõ.ž#üVîrAJóPÐΦÂj5¦Ã!z½šúwY2M½`(ôçxK\Xj…é7‰EpÔùëh(¹|AË›¦ÓÜÌ_RzU½šúwY2M½`(ôçxK€N5Lch»'©®ŽIŠW+)4%šœOS¢rTI½šúwY2M½`(ôçxKöJ)”Šˆ¾ÿÛ^ §7 Ï ÙÎkÏŽd !1«‡½šúwY2M½`(ôçxKØ~q4Tao[ׄšµÁq*¸O4”xì*8ùpÀ‰½šúwY2M½`(ôçxKë[­ÒnO®eù¤#XÞï|å,À_»Çgvæ˜*½šúwY2M½`(ôçxK»"‰ééM ÿ?bQj°~—›,lïâ«pÆßÁŸ¥½šúwY2M½`(ôçxK (ð@‹÷%ægØq8¨î¼R–-(Gñn5‡;A¶­½šúwY2M½`(ôçxK ùŠ©…Œ sø›§~‡ìoYlIPû‹º€¦/»‘K½šúwY2M½`(ôçxK uê pê¤Óót$mµOÇ´>Yj53 ¹ÃkOÙur^½šúwY2M½`(ôçxK Q×oÄ“Iv]¨†‚Bk,þžj¤òrSê´2㧽šúwY2M½`(ôçxK£¢šÐQ0×þ[ôÒYecÍí‡@–ªÌi“*.IQš½šúwY2M½`(ôçxKw0´/þI?é¶%—Í+o4Ójõ“0ñ¤/” ½šúwY2M½`(ôçxKáqZŸÏá¤DÎÿ…†ž´"3 ÀK1L)]m§ž½šúwY2M½`(ôçxK‘¨Ôså(¨x#½bæUß®Tú+úrýÀ)†Ö¸½šúwY2M½`(ôçxK‹XÁý¸Ú‹3Ìî_—:÷4Ùóã?]±W<+ ˆ¨ ½šúwY2M½`(ôçxK‘†ïß^òÞ‚Eº®4††º 5ÿ=˜eÁS|퓽šúwY2M½`(ôçxK' „²†ñc°jªäë¸ßøÞ} ‚[ˆ9ÿf'NÿG½šúwY2M½`(ôçxK)̤TN£0Ö‘Ç„i\œk"¬{[‰Ë×(Ñ@꽚úwY2M½`(ôçxK+"˜ê¢kĤUŠé.{°äø\óKøHýö6ÀÁ¾Ä˜—½šúwY2M½`(ôçxK-ÏŽp#ÑèáE=hÖì0Ù¾ÙL¼¸ÝÁ̬½šúwY2M½`(ôçxK1*Å[PÀ›0³Ì“¹”¡>î¬Tï‰/ÄG»½–¡½šúwY2M½`(ôçxK2­2–‚›ÄmϬ^ÝË¿,í\ø;"Ïœn`ǘԧ½šúwY2M½`(ôçxK4 £+X3Ž+V¯0 ©ßÖ¹Ò'àâ£IX±Æ%ž…½šúwY2M½`(ôçxK6.Ó ±à’(1©o ÏÞa‰Sæ•Éï.°ºÃuP½šúwY2M½`(ôçxK6z1僈1­,FGˆjlßò決‘ ÿ…Üz‡®›^˜½šúwY2M½`(ôçxK7e×iÀ[ù‹B{5;!7褛o… ñYíj†xj¦4½šúwY2M½`(ôçxK8mi\ß-EvàÊÌõäžxÚQ¯™UÀ¸úv7;y”³½šúwY2M½`(ôçxK:Ot¾¯®+“ƒ­‚Ò3¦Ï=³Çâè—¾ïBUúúwY2M½`(ôçxK:çlEÊpé Y˜Bb-ÒQ¼¡ûæ¹Å.Ás°5½šúwY2M½`(ôçxK;èçë45Á’Çi„gˆ™AÑöÏ QL¡i“OsY½šúwY2M½`(ôçxK>9&ð¸¡ZÕ¡Ag»dz„<=C!ã]¼DÜèÈ7A-(°½šúwY2M½`(ôçxK@ ÆmY·°”©ã ¦½:ÿ0WƒçY/B¾_ôº½šúwY2M½`(ôçxKA…‚m«[¨4{x¢+_š upÊ\“§MGŠy=ƒºÄ˜½šúwY2M½`(ôçxKAÑî±wÀ2NÝeWó„å2Þ õšDkï³Q¼%w½šúwY2M½`(ôçxKE‡kMØaÔ[:”€tz]´ZH²§)A ¶A/Š‡é]½šúwY2M½`(ôçxKFg¿% ×Á k„tÆͱßdŠXso¿WÐ]ou]«gô½šúwY2M½`(ôçxKGÿc±@¶üíy1æQÚ[./]®ô=ÂûÅ2±½šúwY2M½`(ôçxKWæ‘:úÌR"½vͯ1ø툉Td%Stï z‚×õšÓ•–½šúwY2M½`(ôçxKXú"q!ÇmížcÈ~:e3î öð¡¢?ÄE›Æ¼ß½šúwY2M½`(ôçxK]šË»J}KhRßYpâÎÖoö"îœÐíØAÌ­½šúwY2M½`(ôçxKaÎÄ£w¿YÀþ®ãp4¿—Õ¼nâ:ߺæãõû<ý½šúwY2M½`(ôçxKcW´E6,Ƙ KĶ(â=¾$¶élŠãÜ°Õ¬½šúwY2M½`(ôçxKe²çÌÙÃ1ßRßsÊ É2ÒŸ™tÅo0‡²Ý1G½šúwY2M½`(ôçxKfª íÂ8MœB]9'æíJ]@ÅçÍM¬ˆõwòñ½šúwY2M½`(ôçxKhsÒö)½RéTîÿYwªƒgC™—bÿ!,”3Æ—½šúwY2M½`(ôçxKm»êÒ>Œ† ø´tûü¥ Mã⋈»ÌÜGG“N½šúwY2M½`(ôçxKmêÑ2WßÃÌƤ³pº‘u_éàìAP0”.Z¼Gð|ˆ½šúwY2M½`(ôçxKp¡E ò­9Ui­ þ±ÙÁ%2Né ì9ÂXˆ4Ô‰-Q«½šúwY2M½`(ôçxKrÂo‚|ë’˜—˜–Æ®tÓë϶]A²fÉ ¾‚½šúwY2M½`(ôçxKxd!ˆ¨´±sÔ¨õì”Ø(dqV ™5zXbK7u ½šúwY2M½`(ôçxKxƒƒ¤Ç3»‡Ò¿Qg=Ç>’ß«}QÜqV'®whm#¼½šúwY2M½`(ôçxKx´íÊ«ÈÙ > â€,®´ðž#£9LJÌn‡èóS•1½šúwY2M½`(ôçxKI̳ 2;z±“ÉU¸ÇDð¢·\1I^`pP'½šúwY2M½`(ôçxK‚¬ºHÕ#lÏ÷ešüYMî+Ö.ñ£ ›P†(Ï4ô½šúwY2M½`(ôçxK‰Mx962˜Ì‘Zèt.ó0×¢f™ôYGŒò,+k²…f½šúwY2M½`(ôçxKŒI×Wåª!ÁcH#22—ØhòX‘e)ïÅ ïp½šúwY2M½`(ôçxK“Ö iYevåÜFKá*…úR€¶õ$Ô¡ÃüÉÐHÏ­½šúwY2M½`(ôçxKcõûÅåz¶Þl”ˆ` ár±vÕ«WÔÈŸ`þ-⽚úwY2M½`(ôçxK‘ej¤ïI;8$ ·&2HäâÖW¥ÈHˆ ¶[s 2ûS½šúwY2M½`(ôçxK‘——¿Ž[Æ„9¬Äcë¸ú«ývMËè/;©wÊÈÏj½šúwY2M½`(ôçxK”pxù|a––Œ:霚]Xf~†ˆ,öÈÉÕ‰g¤–»zô<½šúwY2M½`(ôçxK–äP”PÓ€ÚÃbÿŽ)U‰ŠåX…Ò ‰Â{¢©Ð ½šúwY2M½`(ôçxK—ƒµîD’éè‘ÆUñô€5•­E<b:ðþ{òÀ¥x…㽚úwY2M½`(ôçxK—¥ DDb óŒØÆQ,¬šuýCzáäÒ))€va#'½šúwY2M½`(ôçxK—¨ÅºÖï»]jÚNºG-ÄÆÍIrü]ã!4/佚úwY2M½`(ôçxK™( æìŒAÚ®KØ«Hõ‚héC¦pÓ\¥â½Í>|L” r½šúwY2M½`(ôçxK™-5š§¥÷‰Òh¹L¹HZkæCb°í´DÌ|9d{½šúwY2M½`(ôçxK™T¡©U豉«ÊAK‘ö l@¨ko>óh݆1½šúwY2M½`(ôçxK›¯Ov×kõÖ¨—¿½_B›¡Mà‹HÃîv“ ‚ÿ8‘½šúwY2M½`(ôçxKœ%ŸË0_Ç9~Õu™càïk6ä WýsnkЋŸu½šúwY2M½`(ôçxKÒÜ·/^t'òéà:±…£@<ö©¤y¤ÛÙ~"P©½šúwY2M½`(ôçxKžÓ?¼ À2øœ¢Ä«4íÃ:E¥ %!£µ‡j£ê,½šúwY2M½`(ôçxK¤Ùx·Ä½¡T5Õø¹Y.Â¥­ûê{­j5ìµ0”d/½šúwY2M½`(ôçxK©$ÓÊÖÚB·9›– • oö±«¥¸s°Õó î!s´‹l½šúwY2M½`(ôçxK­;å‰ÀGN—Þ[²¿3SIH·k¸vßÜX±þ×gµ¡[ü½šúwY2M½`(ôçxK¸Öµç…{Eƒ|{ãØV­ë—Ç)°fZ=G:KëQÜó½šúwY2M½`(ôçxK¹?™Y‹ ú ¬Á,üü%hy?nwžy^m|"Su½šúwY2M½`(ôçxK»Ú3»cœ~€m°VÉŠSò/ïû äm®Iš½šúwY2M½`(ôçxK¼uùÿ2\µ™žf»ÔOJå7¤/ßï5SHãf⽚úwY2M½`(ôçxK½Ð&éØWÓþu¯Áp*)ð´öýö¢²\—©ÎŽšúwY2M½`(ôçxK¾C]÷Í(ª*|´üsG[wå«ó’÷k|vú?iŒ·š½šúwY2M½`(ôçxK¾÷f;åêM¿Øhn$poLûÍg¦Åfí”Î ÄDp½šúwY2M½`(ôçxKÂF—YÁ”~ô¶_r©õ³¯‹onr{h» ‘8\¿BjŠ½šúwY2M½`(ôçxKÃP[ó쥬äÇk‹Ñ 9 eÑóNu¸£^ãÆ›–½šúwY2M½`(ôçxKÄ-Ç Ï^Œóû‘ýòˆ@!­ƒl¦Šß,»y•Á õˆÔ½šúwY2M½`(ôçxKÆd¥¸9ä¡gBR~jÎ<'oÒn4ÇÐã"½šúwY2M½`(ôçxKË4¯ë tÄ¥ˆ³nº¤A–èÒú€Ü¨Á8rÈPyk½šúwY2M½`(ôçxKÌŽìn¹!,¿‰zZÎ~Š¾ìáŸmï x•‘ËGñð„½šúwY2M½`(ôçxKÏ¢CÁÍ.<Œë~p‡ÎËûƒ%»ùз y­óèA(½šúwY2M½`(ôçxKØšÑlHÔû¼TKúøg f ”HåK¿òpNBˆ½šúwY2M½`(ôçxKÙfŠµ'…g†Á4µä½Û÷$R;is"š¹*¡¥M õ½šúwY2M½`(ôçxKÚ5`ý 2µLƒÔòÿ†Ò“i¬òÈ–ø¯§CkúFU½šúwY2M½`(ôçxKߪ´ƒ‡©áÔÆR(œ¶«á–Èô³–Çä»Ã•Þiwö½šúwY2M½`(ôçxKß‘¬…©OÍ ûU½|¾ú¬¸Åîs—þ,ÈY„Ež.¡N½šúwY2M½`(ôçxKàQ·ˆìºí¥0FÇjö•",aW¸ÄÁ¹ÂÏÆ_F彚úwY2M½`(ôçxKãmüq!Âãšêˆ„ž(E«2ooçNS›~TØ61½šúwY2M½`(ôçxK㘑ô‹¼Å“¸í†Î‚ÎfoÁ[ŸËý+ºÐ¨›ôÇ¿¿½šúwY2M½`(ôçxKæ…oy™-ÉO¢ô2—ì2ÒÙ§o{æaÆ¡>ü;ÍõȽšúwY2M½`(ôçxKêÿŒ…ºM[k€FõÖG×yºÚwhæIÐGÿ›f ½šúwY2M½`(ôçxKfIa §OjÆäß»)¢à®;Š#(Ž~.r½šúwY2M½`(ôçxKî×àïòíUž*yî6™b¯;™‘1ã ·ýTo® rg½šúwY2M½`(ôçxKñ´öQ; TJh­Â‘ï¨ÅŸB ¥Ü²> Zú~ =½šúwY2M½`(ôçxKò¡m5µTiA‡§ @Êh)Yôó\,àê¸ýd÷¬*¹õÂJ½šúwY2M½`(ôçxKóÔaÅé•@?É|¢Ø©ËâpY}2ºßÖkwI_”½šúwY2M½`(ôçxKôŽmØqŽ•;`¢O,¾¦ •!Þ®gÛ%B[}:Îô1³[ôÀæ‹Óµw¹«á©ÏñËßTiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ð€7ˆØ»z'º1¢ö!.ŒGí`Þ wB«6dðuÆV—jŽ ߤ‚–jµÖi^„­çrõ ò„’Ô¢å…;¼¬bìšü ÃkŠŸ0*û¿8v̧Çj’ÇD ·C:ìq$›åÚ˜-8aßä‹Ê“Òª à˜+Œ BootOrder€SÎùiÄÏQñ3úÑ ¬ïHssÒ SC³âͯ®Ÿ¬EüÔèQÛ?#bÕÁ注 4 ?k³Ù‚¢Kò “’+Š x9ùçþö͆XÀéµ›·éWb—:-ý-—¹’©8$Êaßä‹Ê“Òª à˜+ŒšBoot0002bRed Hat Enterprise Linux*@L7rï0&¡FˆÖ&“x@4\EFI\redhat\shimx64.efiÿ€"¤öîšöÛ 5(Þ¶Ktµ‚ü+ 1—¾0¡` „ä½J¡T¿µFÏ.lö _Œ6*“ #­ Rañ/4 ½ŽFv bÖ´Õv¤ñþ¡ÆKÆV±ÒŽ¬÷zæégÅÒ©‹út˜naßä‹Ê“Òª à˜+Œ>Boot0000 ,UiAppɽ¸|ëø4Oªê>ä¯e¡!ª,FvEƒnŠ¶ôf#1ÿ€íÛèÄA+ù˜‡™Ô{ãÚ7ô ¨°ex,ÿ¾ÿÝhŒõE |–0«fe×*©%|òÛ6 œ o o½6Y?WÀ–:Ø9…qM–t–NDrG([Æ C(nàm¥ «ˆõ»/Kžœaßä‹Ê“Òª à˜+ŒlBoot0001UEFI Google PersistentDisk  ÐA ÿN¬ŸYM…âR,Y²€ÍÛE1¦ìA¾'Sº&7Öå÷òV =gr´øNÔu•×*,L_ýõ»rÇPâo*®âÆV3º w Ú²1+NW¨M†Z!å²îgz!*Ú ˜˜€xÓ×@ö4kþ º©8Ê Cšq(Calling EFI Application from Boot OptioniÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðà€ ŒVà’w¬Í`:£Ë–+KY\ 1‡¬.7üDéwÍ ó"7بZè½Iemø¢ [2}›”„ —š,nõ¥rÝŽ¾Iv)a(}¥¬¡ýÖíD&-“·ÿCo€èuYCH˲×:=–E£¼ÚÐgeo$dbÒúÒˆ¤G—’[ªG»‰0‚0‚ø  aÓÄ0  *†H†÷  0‘1 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110627212245Z 260627213245Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1+0)U"Microsoft Corporation UEFI CA 20110‚"0  *†H†÷ ‚0‚ ‚¥lLÇE jK ¤À‡u CTdàí’} ²s¿ ÆJEa Å-–Óõ+ ûMI›A€<¹Týæ¼ÑĤŠAŠ\Yƒh2»ŒGÉîq¼!OšŠ|ÿD?2²&H®uµîÉLJ~ä‚šxwM °½öÓÓ¼ú+¥Q8]õûºÛxÛÿì –Õƒ¸é¶À{@{á('ÉúïV^æ~”~ÀðD²y9åÚ²b‹M¿8pâh$É3¤7ÕXi^Ó|íÁSçN°*‡caocYê²+y× agŠ[ý^­‡º†gOqX"""΋ïTqÎP5Xv•îj±¢Õ£‚v0‚r0 +‚70# +‚7øÁk·wSJó%7N¡&{ p€0U­¿C ½‚pœŒÕO1nÕ"˜ŠÔ0 +‚7  SubCA0 U†0Uÿ0ÿ0U#0€EfRCá~X¿ÖNž#U;:"j¨0\UU0S0Q O M†Khttp://crl.microsoft.com/pki/crl/products/MicCorThiParMarRoo_2010-10-05.crl0`+T0R0P+0†Dhttp://www.microsoft.com/pki/certs/MicCorThiParMarRoo_2010-10-05.crt0  *†H†÷  ‚5Bÿ0ÌÎ÷v ­hX5)F2v'|ïA'BJªm8HYUóéX4¦ ‚ª]­‚Ú€ƒA´ò¹ó]ñPù³U„B( ½²®QÅÀ¬—•!Ûüwž•s‘ˆÊ½½R¹P ßWž aí åm%Ù@@ÈΣJÂM¯šT½Ç¼¹+=I+2üj!iO›È~B4ü6‹ @À³š%u'ÍÉ£ö]Ñç6Tz¹PµÓÑ¿»tßÜ€Õíô/k/ÞfŒ°#åÇ„ØíêÁ3‚­VK-ñh•ÍÏðrð®»Ý†…˜,!L3+ðJðh‡µ’U2u¡j‚j<£%¤í­×®ËØ@Y „Ñ•Lb‘"tŒ=GD¦ä°›45±ú¶S¨,ì¤qȸºèDfäGTŽV³Ÿ˜²†Ðh>#µ/^P…Æ‚_A¡ô. à™Òluä¶iµ!†úÑöâMÑÚ­,wS%27ÇlRr•†°ñ5ajõ²;PV¦2-þ¢‰ùB†'U¡‚ÊZ›ø0˜T¦G–%/È&äA”\?å–ã…[<>?»GrUâ%"±Ù{ç*£÷Fà Ö‰ã5'bq¦ïÐ'  Y7`ø8”¸àxpøºL†‡”öà®Eîe¶£~iu’›õ¦¼YƒX€ó(03 †ºFqÅ‘ïЪ÷}P Žh›ãa;½¤³}¹GNÀ™sYómÈh±/à†tTܽ ÇãQÞl·¶¨ûÒ_”†²yW ïzàxÑ_YÀ5m3×Ö¦„&•š¨C÷6}¯‚ÈdEFI PART\ÉR+ÿÿ"Þÿ¶ë*<á—AŽâYéí)YÜ€€2— (s*ÁøÒºK É>É;L7rï0&¡FˆÖ&“x@ÿGEFI System Partition¯=ƃ„rGŽy=iØG}äÁaLxøÅF€ÿL(œ>Hÿ÷€•ôÙ;NŒ ´sNüõGãoÄ @ÖÊà)sx€ÏL:šÑZ M‹ºD8«–âvÌxDTÞç fÞš!Y)G ¯ƒƒ üM è,djbÁÝŸŒÓ1Òà_Öf7}¼èJylà«œ Þ½Hý| ÐA *@L7rï0&¡FˆÖ&“x@4\EFI\redhat\shimx64.efiÿ ¶C”ìÚÇ Ýq—Ò­RCÄÇu(ƒ i»Ý¾ZD€·«.V2c‹—‹º—ŽfÐKg{?Ô­.\~[ G“ÂB]ö¨‚ÚÝÕj€¡U¢“¢'wh QØ À¼É§ÔQ!íNpªÉ*„ €Ã¤y¡V²MokList R_÷ LúK,v¢â?ÄI—“+Óò Š:®PÕÒX8É\J­Î{TŒš•.·’^6nÚS|Yð €î%q3JW¿#!–DGåBHú‡ˆx©}Ër h: ±¬cLvÀÀ¾w÷a MokListX€O`ÑÖ¬švƒx4ñ7ÉR‡y è¢hÄ1Úrʪä÷)ö¹ÛõÑÔ4’Ô¥¶ˆ …†ã ÁÐ1°tFX¥Nì=… ÙžÐ!5 œXôŨÇË^<¾ÌAÌ«tFUCCŸ~±æ`°½È84\EFI\redhat\grubx64.efiÿà€ÃCß;xX»(·2„Wi’H‘ ’)!¦ù¡BâVßÈ[QjC±é)!.¯ÚUEo›çð¡ Â;Í7-JÍ$”ŒxBCо†l*A±œ \§ÖžîPäGd¬Êœm‹!³sDÚ¦ÀP«]`FàC«¶=ØÝ‹#˜Shim0‚”0‚|  ƒs +r€ÑZ0  *†H†÷  0_10U Red Hat, Inc.1!0U Red Hat Secure Boot CA 51"0  *†H†÷  secalert@redhat.com0 200609081536Z 380118081536Z0_10U Red Hat, Inc.1!0U Red Hat Secure Boot CA 51"0  *†H†÷  secalert@redhat.com0‚"0  *†H†÷ ‚0‚ ‚κêA¡ˆ ¿¡Ô©úS.ž¼ü;(œ0R  ô6ȃAö©ÉIedÕ²vžXÁ.êÏ“8kGÖº’Åøçw¥WißA±Ä[- Átª†€¶¤Y煮D^R@Ôw¡…œïóÆŸóÖ„FäfÜ&jÖØŠnGJÊãLCt™z2Œà3¿åøFg=ê”;¿=Ý‹ö0ŒET ¤Þ#5Z™sØ€çe0,s†°-£¦6¦M]‘§g»ê;[‚ŠœÏƒÚ1ÑT4¼*”NðÎÏ ºôûäÔH‰#‹ŒÜŽE×z¨Õå„RÂÕv:µ×¸z°ÉИiûŽ õ…£S0Q0UÌo¥ç(hºIN“›½h ‘DvšŸ0U#0€Ìo¥ç(hºIN“›½h ‘DvšŸ0Uÿ0ÿ0  *†H†÷  ‚ç^BjfÌr>›\ɯ£ÊT.íd«À¹¾'©X±Y0M¶—µm¯l;qJ ¡‰§çõmQ±ÓÈÖä2K²ÒÜ)£&•äRixÓ0DD°uwÌT­än""ÿ]ÿ“ ù˜:œ9· Ðóø§ ‹oœŠá­üA˜P¦_ º¥üƒY.žn¿ô>Ãtf%”Š]¿!¶›Ÿgø~ÜBL݈s}Œ•Ð?wÁ¸dñ µÍл1​èXuɉ•ÒÞ º–Í€ ñ"2G,4¼¼ÌlÏ¡¼~W/=!AÃ:Å Tºí‘ÞOŒ6Ù~Ɖ×I~öÂC|??ÑáºjÝ$eMÔÝv„°NNóT`}Ox§grub_cmd set pager=1  m"Ã:ÉÏ’Fàþƒkè¾.äÚ \uÚ_ŠÁØï±âÔðxiuV xél·ÎZäzÿ§ óøЬ-ï^ö7ÍWOOÞ¦³;Ô*QŠÎìoÒʶ;˜K ,sÊöŠ°¯˜U3 •à.grub_cmd [ -f (hd0,gpt1)/EFI/redhat/grubenv ] þ'ÖÙ¹ÒL^n*e·u„Øt ŸŸ2xg7,x6撚jV’|X†@~6÷âyÜ(tÐËH %V‘¨ð²IP‰ES¥FŽ8R¼ásµX㢯cLÎ0vÖCÙ¦DÇC?+ö%¶3grub_cmd load_env -f (hd0,gpt1)/EFI/redhat/grubenv ëˆKåï±vˆ;BhÓ½ó¤ÍO© »ßÚ G\ ²QŒHQxîwµ¨ëe6[¥2ÛáÑ·?„d íl!Q¸u,ëüÂ,‘ŒFÑE²¼­Ç«&7Pu¬-q ™VŸ­r¯äÓQK&.jÌGgrub_cmd [ ] Ñn7#‡ƒEÒÖô-˜f =/ú› ÿ*¾äaIÞ1ß8D[}}힙ٯœ+ɪ–ÙIÑÒì3 úü qÇ–wW ‰Øù¨ ê¹ów–¹–¾^» ͱdY_óÃ*ë*Õ±òL¦°^ÿSgrub_cmd set default=40dbec753972719b80322b2d180ca1c2-4.18.0-240.22.1.el8_3.x86_64 ®®> åÃ8O-C~\PnóV !݆¥@Niº°Ä–å£Ô°•D"ؾ*áÛlJ€* «ý‡‘c•º3l„“Æ`ÁˆëŠà+­)BC0SQ…=s²Âü_ñ­ljùï¬cgrub_cmd [ xy = xy ] Ý~b)Œ–_ëÍ+mߖʇŒ]cÒí Ôk]8R ³¢QD7¡ðÊC:dêÜ+îUx×èýg`r £Uj'¸FÍcOm*gÑÀ÷ê9×R¥˜Œ •UA‚gÙDS6 ~ß«èçÕ‰Ë1/,ò-"grub_cmd menuentry_id_option=--id ¬²Ž›¬é¿ 3ü.­·¬Cù ÁŠz‡õºsP Zé9§Ê‚ó˜ÕI°<&öï^ì*Ý l½®ï‹BÖ3+LÛsèÍùšä–ar¿«|ì0ž£A½£¨›§¹‰QÉ }ö;$grub_cmd export menuentry_id_option ëˆKåï±vˆ;BhÓ½ó¤ÍO© »ßÚ G\ ²QŒHQxîwµ¨ëe6[¥2ÛáÑ·?„d íl!Q¸u,ëüÂ,‘ŒFÑE²¼­Ç«&7Pu¬-q ™VŸ­r¯äÓQK&.jÌGgrub_cmd [ ] A„Xm%¥rõrr•ÉA@¿iÛx´ 糚ýúWj†tˆ-V¾gù«yœ hïnoâèB ï‚Q˜R ×M#5Áqüƒ¬©m4þˆ‚pÛr·y`ÕÙ=wõÉuÆ÷2ƒú’grub_cmd serial --speed=38400 #EÄ=e À¨eóÂôÆ :óó¸ äžt*í-+x#Ï/D¡0ŒXùƒ°µ ¸+e³þh`0fñéW´óÚ§©öô”ë –Ÿ”ÃøÞ÷@5¿ö±¨N>Ì'grub_cmd terminal_input serial console êèðµ)‘Áò¶ìQ»÷ÿ -£-Ù¸û|P-ðÛàÉÓú—vÿ»å;Ò.è €kî1 r åÃ8O-C~\PnóV !݆¥@Niº°Ä–å£Ô°•D"ؾ*áÛlJ€* «ý‡‘c•º3l„“Æ`ÁˆëŠà+­)BC0SQ…=s²Âü_ñ­ljùï¬cgrub_cmd [ xy = xy ] Ö^6¾(QÑ#ƒ›ó“Dç¹k Ò^¾@ÂÓpg»Ú,(LÉÁe/˜n'Zc, [ía PòÊ·ðúÕøå›Xi¾«Â›{Ñ{[ðÒŒ’—§0¤¬ùhñZÒ&Ú¤ grub_cmd set timeout_style=menu 6JÈ™@µ|Ð,òFxœŒõ ,Ù3ËHr*lµÜðsÕj ¹k ©ÎRfÁäàAƒçŒ ¢ŸpÀà|ÕâZ³ ýN.í´ºjˆ»“ë\©czÚ‰¡ð@p²£Å“êíû•&grub_cmd set timeout=0 yé›Z3¹vN©_ž.H¼Ê ‚ ÜSuU2Ëä)D¤dð¸Æ„›‘Å´  Ï»ƒÙ6h¨ ç9Š Œ6VÕ;s¶„J=ÇŸv,®~vÍÖ;“– Íâ‰m\'eÉ[Oâjgrub_cmd set tuned_params= i«ôRêVYcÏ8K¯³ýøˆ2 ­îð«¿Ó;‰éîþo!™Õ ŒFâQ¨·:1èñKÅ :tÍçAÜò5 ŒÚ…•N¹Ì/çO9Ъ MBÑ!¤¸'Ïk&ÐäÀæú]ÞFgrub_cmd set tuned_initrd= ŸÕÿÍ‚|Uv£¡ænÆŒH§Üz JkQç”Öˆ)[b‘| ¼¦ŽJÀ³ n¹|5à jbÝ‘Ä'KÓËònª‚~á¿4 J`t•$±‚ÖûËÝl_ ×ÊÊ•@é$/grub_cmd [ -f (hd0,gpt1)/EFI/redhat/user.cfg ] 7Å1x* Ë^úôE6Ë‰Û Ù_vm§½¯ÔN,¤¾9q·åWçwìÆCS ‰Å/ öã/ŠJžx¾•¡ Œé cdZæÅ穧SÉLŽ¤ «1Œ¨Ðý±€‘Ùí¢grub_cmd insmod increment Áܧp½‘‘á÷è·N›?R ðööŒR]²Êjm8«äk‰\FÙq¨%†©’ y íô³žy—tY<úgú)a4‡&¥Ðk`ÛKV©Ù Ôå&`9³êƒšYµšö^*W…ÿ(Qâöq’H„PBó ÇäYû+øp·º½ÂT‰ù߃ùs]?âø®vR¼)¨Ù—{?#mŒygrub_cmd insmod xfs äáRò—®¤y:($f¤ùzµB -Î6ããÔÝW/EN€Fл´S2´ë§¿=ûô0!“ÍýÚ Î×KÁYÕyL7¡BÁ¢üÆ©º[.¢/Œk’æIÄ‘B2åÞ\è V@…,Þqgrub_cmd set root=hd1,gpt2 ®®> åÃ8O-C~\PnóV !݆¥@Niº°Ä–å£Ô°•D"ؾ*áÛlJ€* «ý‡‘c•º3l„“Æ`ÁˆëŠà+­)BC0SQ…=s²Âü_ñ­ljùï¬cgrub_cmd [ xy = xy ] S¼×iåx(¬ÎzhÛ³»f]Ü# R…l^m8 çc&WÙV§hW'×ë$«õ¦¦ž ’sáŽötOÐX›öÇm+°¯¢ÏR‡"³Ô¸SõFaÅÉ>íó^!WÈ(\‚I›grub_cmd search --no-floppy --fs-uuid --set=root --hint-bios=hd1,gpt2 --hint-efi=hd1,gpt2 --hint-baremetal=ahci1,gpt2 f3948fb4-cce7-4193-940a-c50052e93bf3 *€M%Á3ú_¨Û0ðâ‘Vòz ŽOF)fy<ÑÍE×–QcÕŸžèK¡¢ÉZ,!&›Ï Ù¥¸lWÍ&ÞNÊ\lQLÀg5¥2Äk|.’Qc-(ª;Ú«// ÌöÆÜ¢:¬Ôgrub_cmd insmod part_gpt º9åÅÉE£î:Ã@‘áçAV³ ƒ]؃ Œ38Ðè‡3° üàÜ9°sjj(Y) ý´áÓççgtr—e1)n  ä»C¼M<Üô& Õi_&0°”óT¬¾sí–-òz<grub_cmd insmod fat ³è4 ν/ÿßp³ }f|a–÷ ªë4u ~ ÿÉ{µv}”J$w¡—é2D!\~šÙ åÃ8O-C~\PnóV !݆¥@Niº°Ä–å£Ô°•D"ؾ*áÛlJ€* «ý‡‘c•º3l„“Æ`ÁˆëŠà+­)BC0SQ…=s²Âü_ñ­ljùï¬cgrub_cmd [ xy = xy ] ¯ìÀyãÀ4ˆÃÎ fÏ8Á© ÑàÄR¥íZA^]W®y— /ü\zâ¶ð`i´ ¨i _.¶Q‘9õ|^ÿ׃‰œò šÅw7žƒsŽTŠñOÚp7\¨ÙòB€grub_cmd search --no-floppy --fs-uuid --set=boot --hint-bios=hd1,gpt1 --hint-efi=hd1,gpt1 --hint-baremetal=ahci1,gpt1 E94E-DE2D :‹ý?'!áªaN“ËCêP},1óì Ó—!ÁÖí¢îØc²Y˜ò±Ð*k x¤©fEº» vi-ö #ñY°Š™AÛê±b6ÿ6È9†üA$+ñÂo(¿;-®oVP’M˜J®œgrub_cmd [ -z root=UUID=f3948fb4-cce7-4193-940a-c50052e93bf3 ro net.ifnames=0 biosdevname=0 scsi_mod.use_blk_mq=Y crashkernel=auto console=ttyS0,38400n8 ] ­M}Nï•3š<®ð»‰_ÉüN ¦£B$ô dØ/Ø«ïÁË)Ωwë0ÿý~0°³ çOöÆicMq²ÐÇßk ÏýŽÙô£‘§‡/hè)‘'D+ÝQavt°I˜fmgrub_cmd insmod blscfg ~J¨I%Ÿ~ ZqÕ\‰ìi ¦GQ7xÞ¡Ui¿Çߥö}Ø·¼ý p/a¯ÃpÙœ! B®bºŒ“ÖÝñK±Qa|8‚Ñf̹}i„CüJÞ‹ËÙöš=ëÌe-T£©Ÿgrub_cmd blscfg “Ô›qËcÒu*òï˜âÄA#¤b ®’M¯©£±á›–,$öÐ{f_µ s¡ž›µ¸ ENFßmNE7£ŽØJjeÞ²ª“`X¦äǾëä/rÞ·­ÿ_*÷° 3#Êgrub_cmd [ = 1 -o = 1 ] ,5˜‰S,­3õŒÏíS á¸Vè ö¬ˆ÷ÑDÃý‡ši騤_.YuGOÞ˜¹„•>º©ÎU Í2}kk= × Ú‘løßÝñòQÕ7!ö ؼˆ!Ä‹ ›ÜÌDÿæE=,È]ü:grub_cmd set menu_hide_ok=0 ü`³À[úùé­b„§Müã@ ,Q «e\'H÷ÁrÿŸm•seˆ;¤ðÓe€·–~Zðp ’2âï­"Ht‘ªf[`Å©ZºýþCø ‡|m•²A(põÒJ_ßñ¸Ögrub_cmd [ = 1 ] ü`³À[úùé­b„§Müã@ ,Q «e\'H÷ÁrÿŸm•seˆ;¤ðÓe€·–~Zðp ’2âï­"Ht‘ªf[`Å©ZºýþCø ‡|m•²A(põÒJ_ßñ¸Ögrub_cmd [ = 1 ] –Ó– æ\Ê} <à¥cKÔ£ ¸{1Gf—z?—«ð¥ûfGøÃT¦1 )Tè- LýK¶}}(‹KÖÄ–Ð6F‹¶ñ ¤z{bW+…Ï1Ù"fnLyu~£g!Ågrub_cmd set boot_success=0  éžXªg#©LÇTkú]ªNi BãËD½ôM¿é:f©æìÔ5Wðß#×,GóD% ©ÀÍÆ5Íõâ¶÷ñOaù‡Ê¤fÂ*žªLÀ±Ÿ4A5Þ½á@j*^Ò6£zµ2grub_cmd save_env boot_success boot_indeterminate ¬þ* 0›à ?¸°Eê“-¯H¤¼ cŽ>ð†X”vOŸª‰ãÉ!WØ„@)(…Õ êÕ¤©”ãÒ\M3Ž˜ù††¥¯K¤wVá²dXdÆ"öeA²£¼hž•ÌÇÜ@grub_cmd menuentry System setup --id uefi-firmware { fwsetup } ÏKÕÉ£óq„Öº|ù¾8Í ,Õ }Âj…Åò™‹XÿÓëx@H2ª›©?ÒÚp¶Ú%lÒ —KçXäȈßmqiƒWÄmeÛ„2×Þ,Yë)å†Qwiä¸ÄniŠ·Px^1grub_cmd [ -f (hd0,gpt1)/EFI/redhat/custom.cfg ] _ m¯ƒ‹¨¿OчÀçÞ*ü¾] °. «í×1º6/@˜õDkñŒ¦Í87JïñÁ&Y! yô6êÊþ[d,ÙU&<’I>‹I¦j›Ô€Caê{»¶ú?’Ø8¤Î¹¥_̽§Mgrub_cmd [ -z (hd0,gpt1)/EFI/redhat -a -f (hd0,gpt1)/EFI/redhat/custom.cfg ] WKñæ’$#äñ÷>20“`O¦ W†kÛšûÆ]ï¤ó`iƒI_á6`-?J¸ª§¨·J¨•t ªze››o¢¥ 6ÿÏ“y„‚Š|ˆB9ÖÇ6ƒî!`ˆ¬? ˆæh): §õž»grub_cmd load_video ®®> åÃ8O-C~\PnóV !݆¥@Niº°Ä–å£Ô°•D"ؾ*áÛlJ€* «ý‡‘c•º3l„“Æ`ÁˆëŠà+­)BC0SQ…=s²Âü_ñ­ljùï¬cgrub_cmd [ xy = xy ] {·ëóBpH^hOˆ|Œ›Í ëË!Ò˜]#NZ¿k…AŒQc>XÎüûËý>¦â¤ŠN Óòí¶/ne&Û}ÓÊPÙŽgUÁ3kÉœpúäHb½Âf^ ¦Ør¡ãz[ïì¬}cTgrub_cmd insmod all_video ¦Û† ß­5¾IÆ¥¿ ªÈ‘‡— ôÉÁ]Ï®]#]áI'¥‡˜L1Gÿ±ŽîàWÅF ™Õ_”ÀÙèÉò¥p²T?DŸg׎Ž5") «0]Cn~ ¢BD—öþt­®ú/ö…grub_cmd set gfx_payload=keep ErP$ Kû–6Þ‹à$ ÂU•Ü»ìMO Evý)ººqõÓ‰ †$™Åô ¯Ž«ŒŠLäù1S­›¹ u^äC߯uÖh­—¶Ï£ÔwÑVR¶¾Š÷‹Ÿgrub_cmd insmod gzio ƒMÞ>L}ylâܵ¼§µ‹ÖÜ’ õ¢€–”l}©‚N†!õvÈJ¢;êp7(oyô¸|p i &¸-ãõçS™$±OSái~ˬ_âÙ¦ººPVÚ9qñH5Np¾RøŒ(½ºÏgrub_cmd linux (hd0,gpt2)/boot/vmlinuz-4.18.0-240.22.1.el8_3.x86_64 root=UUID=f3948fb4-cce7-4193-940a-c50052e93bf3 ro net.ifnames=0 biosdevname=0 scsi_mod.use_blk_mq=Y crashkernel=auto console=ttyS0,38400n8 Á’BÉY“ì9kàP—#xN´} Ÿ*5ît^2XM–qÐ R?BdÿA­ üb %KÂõ²V¤ $»-oEÁ‡øº6Ý®…f qÕ(ú9ôŒ6œÊIó!é!Kòi–+hëYŸxgrub_linuxefi Kernel€_;ÈÇ6<5¨|ål`O© —÷ äÀ8/˜þ®¿Ô9#¨_ÖÚš ᤅ$¤Õ’Œ1… ¡©jn ØDæ;2§:­ÞOxݧË}÷=uO:Yd@GëqaB fê•ïî õƒèZü¨Ú:ý(Àæ>ºp½ ê¾Bhd¿WBJV>•ÆtÄ>’Êš ³«žež~Ï'Ÿî¶ÒgÔ>…cæùCwdêö…:Ož 쪖xÉÁþbçÄJ¿OuPÙžÊê%™˜ÑŠ!ß=ÂꚉŒ‡`Ñ Ç6iÊ&œ¬Ôgrub_kernel_cmdline (hd0,gpt2)/boot/vmlinuz-4.18.0-240.22.1.el8_3.x86_64 root=UUID=f3948fb4-cce7-4193-940a-c50052e93bf3 ro net.ifnames=0 biosdevname=0 scsi_mod.use_blk_mq=Y crashkernel=auto console=ttyS0,38400n8 βïv5å¡YZsÜ\xç4“â5 ’IÖɘ¸ñJ ôý0TÍ× ^P´ Z ¢ P&hoúóyÞD ç+Þ˜,jñ8ˆTá1Œ¢1¸™=4„ŸÀ3LꌷpZKgrub_cmd initrd (hd0,gpt2)/boot/initramfs-4.18.0-240.22.1.el8_3.x86_64.img ¥Z·MNìòDösYá¿ÿb,» ßÔ›|R»Ø³CIñâxiýà_âÌÖÛÎ ô_ ô‰ì*¡®RÚ"Oœ9 j_kpÞQ âXHª¢±¶–oûå¼#ëmöØà´‚Ú:grub_linuxefi Initrd€D:k{‚·¯VO.9<ÙÕ£ˆ·úJ˜ Ø=k{…­5Ž³¶®j‡:·ï#¢cRÅÜOªZîÚÏ^´ !K ïyu`4Hwt?Ü*S‚ºÆçbÖ$ÌóöT@|K­÷Øù)]ÓÚ½ïe²vwàExit Boot Services Invocation€GUEÝÉx׿Ð6úÌ~.˜HŸ µOuBËØr¨ꃛ+t|~½^¦a\@ô/D¦Ûë  .È]êç¥0­Œm ¨@ º¾l‰‰&ž• Œô@Æé—i^dÔUÄJe,Ѐö# t(Exit Boot Services Returned with Successgo-tpm-tools-0.4.7/internal/test/eventlogs/ubuntu-1804-amd-sev.bin000066400000000000000000000626351510276467000246500ustar00rootroot00000000000000)Spec ID Event03 0?p‹Û¯òfUµ@6GL  Ðüñ2¨ûõ¤á¥Œ×MÒ5}çP;[jýZy‰©Ž¾ m±‚.BÏ’4ö§ŠÅËIô›ÁÄ9?71a!‹¶ߊ÷¦ŒΦ‚ae‰¿ c0GCE Virtual Firmware v1+líÑca—»Á¯ª€ÌnÍ> jÉ$H¨ WU¦;Íe¹öÕrn’]Èi»F”(Å gã,8%ž¤€’4ÌϽ'…Ã+Þˆ(3»mö½˜šIôVcæ<á™üÐP, GCE NonHostInfo€WÍMÁ”BGZ¨'CHO;ªˆáB¸ Z¨'ÛÌûDÒ­žÏÚV½êb † ”¾Õ·¢{ºMØ Ï¤âÆõrb{ðmViÌ*±ƒXÒ{E¼cnÁ ϯ·@øG¦§K^®Ö·32ì5aßä‹Ê“Òª à˜+Œ SecureBoot€Z½”«ó>4§›=“ÓPçBØìØ Û»ã—fX…eÅ̘¢®¶äJ‘xÉñ“[ÒAóƒrD„» §cU<–w Ó¥æøàÁïÍòUZ÷Sú:jþCë{* ô¦øØäÝE–hó°àJaßä‹Ê“Òª à˜+Œ&PK¡YÀ¥ä”§J‡µ«\+ðr& ÒúÒˆ¤G—’[ªG»‰0‚ö0‚Þ  ÕJègƒ]ê0  *†H†÷  010 U newpk0 180821215115Z 180920215115Z010 U newpk0‚"0  *†H†÷ ‚0‚ ‚̹Õ|ømkcêÉbô “Éþã|,EÎ…RRH|ûC&¿ ¥‰°òÝÇ6èi•ªŒoТ#o4ÂO±žkÆú¸”ÁœŽp‡‘BÎi!“}ÚuŸ¿1 PÁï€#û¾;Vã ×Gê0¯Ô]©c‰¢ü9á–¡‡Ã=&²Ó¢lìÈ—×ÎÚ겕<³ÎŠÏÚ:Qˆ?%°K>ÌÝùÚÛQÕ‘š¡½ˆâñ´ñ³’·ãgæ­ŒjÜ'?ÜÔNlÁ½ïÞV*ÚY` yÓ©|WýQa7}ä·n•ðR›CžÜH<ͼ9Ÿ£èG F¸6Ü’³•¨ÎJãF#XK£S0Q0U˜P„Bó/Û—‚'(—t1F^`ËÅ0U#0€˜P„Bó/Û—‚'(—t1F^`ËÅ0Uÿ0ÿ0  *†H†÷  ‚Š¡R?ªç½°$«‹­2°Iý{4Ë;€v`=ŽÜÊkiÂ[”踜Œ,×¼¬}‚YõÄ.¢l¥ì˜ð1#6øË0ƒg::+b!`,ºõ.ù(nÊfpX(†gi„l'X%œPép¸`nT…J¯mE¦[4ü&M<á»$.yàÑȬ|Ù8GCk3PWãsž¦‡ÝÃâJüs{K ‡Çƒ 6Zêi‡@„ ,”€/=®=ËpÄ5¹>q²£Æ­Ø$?}`«o îzšÏuŸèL«ÍQ‡hX3²Ù¼8%*˜KEûg3›%œ?¬¤CDÌÍÓÈ ná€ðPy¶ÌBé.èZtÙÂviÀâ b&GØ[Šd}-.f‚Áb {l¦·"ZfWÂVµ‚ À§¦@“íy΋V—=ÞöÚ‘¿ ëW’³ÈBB7Bµ)C¥‹ß#(¤4“~2xˆ>aßä‹Ê“Òª à˜+ŒKEK¡YÀ¥ä”§J‡µ«\+ðrüÒúÒˆ¤G—’[ªG»‰0‚è0‚Р a ш0  *†H†÷  0‘1 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110624204129Z 260624205129Z0€1 0 UUS10U Washington10URedmond10U Microsoft Corporation1*0(U!Microsoft Corporation KEK CA 20110‚"0  *†H†÷ ‚0‚ ‚Ä赊¿­W&°&ÃêçûWzD] ÚJåt*æ°ìmëì¹ãZc2|Oã §8“ŽÆõà„±š›,çõ·‘Ö áâÀ¨¬0ßHóPšd§QÈ…O †Îþ/áŸÿ‚ÀíéÍÎôSjb: C¹â%ýþùÔÄ«â#‰p·¤Mì®åœúÂ×ÁËÔèÄ/å™î$‹ìò‹êÃJûC ~µG’lÜæ‰ëõ3ë*qåùƒ<ÿ% /hvFÿºO¾Ü­q*XªûÒy=ä›e;Ì)*ŸürY¢ë®’ïö5€Æìä_ÌvÍïc’Á¯y@„y‡ãR¨è{i£‚O0‚K0 +‚70UbüCÍ >¤ËgÒ[ÙU¬{̶Š_0 +‚7  SubCA0 U†0Uÿ0ÿ0U#0€EfRCá~X¿ÖNž#U;:"j¨0\UU0S0Q O M†Khttp://crl.microsoft.com/pki/crl/products/MicCorThiParMarRoo_2010-10-05.crl0`+T0R0P+0†Dhttp://www.microsoft.com/pki/certs/MicCorThiParMarRoo_2010-10-05.crt0  *†H†÷  ‚Ô„ˆõ”Ê*<û*’ × ÑñèRf¨î¢µuzª-¤vZêy·¹7jQ{döádòg¾÷¨x½ºÎˆXd ÖWÈ£_ÖÛÆÐiÎHK2·ë]Ò0õÀõ¸ºx£+þ›Û4V„ì‚Ê®A%pœkéþ×–å甲* Kÿ(){÷×|¥Ñv¹Èyí’œÂþßo~l{ÔÁEÝ4Q–9å^VØ–ô¦B³ wýòqVÌŸ†#¤‡Ë¦ýX~Ôig‘~òå ‹Š<‡„ëãνCå­-„“Žj+Z|DúRªÈ-»àRßøš=Á`°á3µ£ˆÑe ç¬|¤Á‚‡N8±/ Ňoý.¼9¶çæÃàäÍ'„ï”Bï)‹FA;gØùCYeË ¼ý’Oôu;§©$üPA@yà-O j'vnRí–i{¯÷‡ÐE­Sû0ª76aÚJi4ØhíÖÏl” ÓÏl"y­±ð¼¢F`©ÄÂ!‚ñýòèy2`¿Ø¬¥"KÊÁØKë}?W5²æOu´°`"S®‘yÖ›A†Tp²Þ 5|°4rº—`;ðy뢲]¢¸‡Åéöµ—%o8Ÿã‘úŠy˜Ãi·£ —øÊ®×ÄóÀuk4 µ™`ó\°ÅWN6Ò2„¿ž€ ¢œ'û¢a€`³"ÇÉr bº8ÄŠ”bù‡tņéÙTç)!³¥%A$¶62̯Z 5 Íbº¾öúà[î|<å(ó(yÓwŒ6ù»ñêóbB:؛Ȧ’ƒ­(!Åü7k ˲×:=–E£¼ÚÐgeoG db¡YÀ¥ä”§J‡µ«\+ðr@$ÒúÒˆ¤G—’[ªG»‰0‚0‚ø  aÓÄ0  *†H†÷  0‘1 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110627212245Z 260627213245Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1+0)U"Microsoft Corporation UEFI CA 20110‚"0  *†H†÷ ‚0‚ ‚¥lLÇE jK ¤À‡u CTdàí’} ²s¿ ÆJEa Å-–Óõ+ ûMI›A€<¹Týæ¼ÑĤŠAŠ\Yƒh2»ŒGÉîq¼!OšŠ|ÿD?2²&H®uµîÉLJ~ä‚šxwM °½öÓÓ¼ú+¥Q8]õûºÛxÛÿì –Õƒ¸é¶À{@{á('ÉúïV^æ~”~ÀðD²y9åÚ²b‹M¿8pâh$É3¤7ÕXi^Ó|íÁSçN°*‡caocYê²+y× agŠ[ý^­‡º†gOqX"""΋ïTqÎP5Xv•îj±¢Õ£‚v0‚r0 +‚70# +‚7øÁk·wSJó%7N¡&{ p€0U­¿C ½‚pœŒÕO1nÕ"˜ŠÔ0 +‚7  SubCA0 U†0Uÿ0ÿ0U#0€EfRCá~X¿ÖNž#U;:"j¨0\UU0S0Q O M†Khttp://crl.microsoft.com/pki/crl/products/MicCorThiParMarRoo_2010-10-05.crl0`+T0R0P+0†Dhttp://www.microsoft.com/pki/certs/MicCorThiParMarRoo_2010-10-05.crt0  *†H†÷  ‚5Bÿ0ÌÎ÷v ­hX5)F2v'|ïA'BJªm8HYUóéX4¦ ‚ª]­‚Ú€ƒA´ò¹ó]ñPù³U„B( ½²®QÅÀ¬—•!Ûüwž•s‘ˆÊ½½R¹P ßWž aí åm%Ù@@ÈΣJÂM¯šT½Ç¼¹+=I+2üj!iO›È~B4ü6‹ @À³š%u'ÍÉ£ö]Ñç6Tz¹PµÓÑ¿»tßÜ€Õíô/k/ÞfŒ°#åÇ„ØíêÁ3‚­VK-ñh•ÍÏðrð®»Ý†…˜,!L3+ðJðh‡µ’U2u¡j‚j<£%¤í­×®ËØ@Y „Ñ•Lb‘"tŒ=GD¦ä°›45±ú¶S¨,ì¤qȸºèDfäGTŽV³Ÿ˜²†Ðh>#µ/^P…Æ‚_A¡ô. à™Òluä¶iµ!†úÑöâMÑÚ­,wS%27ÇlRr•†°ñ5ajõ²;PV¦2-þ¢‰ùB†'U¡‚ÊZ›ø0˜T¦G–%/È&äA”\?å–ã…[<>?»GrUâ%"±Ù{ç*£÷Fà Ö‰ã5'bq¦ïÐ'  Y7`ø8”¸àxpøºL†‡”öà®Eîe¶£~iu’›õ¦¼YƒX¡YÀ¥ä”§J‡µ«\+ðrëÒúÒˆ¤G—’[ªG»‰0‚×0‚¿  avV0  *†H†÷  0ˆ1 0 UUS10U Washington10URedmond10U Microsoft Corporation1200U)Microsoft Root Certificate Authority 20100 111019184142Z 261019185142Z0„1 0 UUS10U Washington10URedmond10U Microsoft Corporation1.0,U%Microsoft Windows Production PCA 20110‚"0  *†H†÷ ‚0‚ ‚Ý »¢ä. ãçÅ÷–i¼!½i33ï­ËT€îƒ»Å „Ù÷Ò‹ó8°«¤­-|byÿãJ?5 pãÄçkàœÀ6uéŠ1ÝpåÜ7µtF–([‡`#,¿ÜG¥g÷Q'žrë¦É¹;S5|åÓì'¹‡þ¹É# o¨F‘Án–http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0  *†H†÷  ‚ü|qQ¥yÂn²ï9>¼«\`ìß¨Ó éôö–…¶QˆfG¢°=*hw»‘Lb{¶ÁǺz‡4Kbz™éÊüÎJ7É-¤W|þ=ܸZúÖij…:ê³Ùnäi!7ÞÑöugÓ“W^)9Èî-áÍäEs[ÐÒÎz«‚FXÐ^³g¯l5ò¼å?$â5¢ uöV™Ôx,ÑëЈªñߺ~,c·›#!ÄùxlâX6+‘̤Ùò-ºù”@íEñΊ\k>«Óp* jà_GÑÕc 2ò¯×6*pZåBYqKWº~ƒð!<ôÁŹ“ˆE“†é± ™¾˜ËÅ•¤]bÖ c ½uw}=óE¹Ÿ—ŸËW€o3©Ïw¤bY~€ž¶ƒ±­çBpÜ`ƒÝqjÌc£3  D´ÎJMÊšóÈ—ÜVî'Ã…ëˆ÷Ϲ +‚e[ œ)>o~{¶«ñ£û-<Ä»( TM¼IƒÕ€0©/!­f$¥a›¿¹°²˲×:=–E£¼ÚÐgeoŒdbx&ÄÁLP’@¬©Aù6“C(Œ0½šúwY2M½`(ôçxK€´Ùi1¿ ý‘¦ÑO¤Ræm²@Œ¨`MA’eŸ ½šúwY2M½`(ôçxKõ/ƒ£úœûÖ’r($ÛäE4Ò[…$k;•}¬nÎz½šúwY2M½`(ôçxKÅÙØ¡†âÈ- ¯ª*o.s‡ >d÷,Nïgyj„½½šúwY2M½`(ôçxK63„ÑM. xbd„ÄY­W£ïC–&`HÐXÅ¡›¿v½šúwY2M½`(ôçxK세Kle¥ ©¾q–R0! bÖÓ h2Û²Ò à'%'߶=IÒ•r¦ôL½šúwY2M½`(ôçxK^ê‰T‹ `²þíÚ< Çþ›Ík”覃¸R8½šúwY2M½`(ôçxKæƨXdo±ïÆyþ(±#gþ’æ¾+6™žÿ9О½šúwY2M½`(ôçxK ß_NQìx¹mÐ%ý¶†ãŸor’xRY›eœ&½šúwY2M½`(ôçxK »C’Ú¬z¸›0¤¬eu1¹{ú«ù ¯åù¶ë ct½šúwY2M½`(ôçxK “9v-ó6«=ФcßqZ9Ï°ô’F\`lk×½‰Œ½šúwY2M½`(ôçxK ¾Êo)ì o3}räˆK ³H˜:* ×?O½šúwY2M½`(ôçxK Éóû™–!HÃʃ62u>Ôü ¹[1æR*Í[ü½šúwY2M½`(ôçxKo¬êÏìýN0;tô€ €˜âЀ+“oŽÇtÎ!ó†hœ½šúwY2M½`(ôçxKN: [CƦ»Ó@O4=Ï9bgΔøµ.#©Ú’ ½šúwY2M½`(ôçxK34)ÿbퟗ>HÜîå-¾.ImTµÏÖÈdÒѽšúwY2M½`(ôçxK+™Ï&B.’þ6_¿Kà 'lžáKzoÿDû/ki™9½šúwY2M½`(ôçxK+¿,§¸ñÙ'îR¶û*]ÐI¸Z+›Rœ]fb°Uø½šúwY2M½`(ôçxK,sÙ3%ºmËå‰Ô¤Æ<[“UYï’ûðPíPÄâRñ}½šúwY2M½`(ôçxK.p‘g†¦÷sQ§«pµWÆ2.©#²¨Ó¹+Q¯}½šúwY2M½`(ôçxK0f(úTw0W(ºJF}çÐ8zTõiÓvŸÎ^uì‰Ò“½šúwY2M½`(ôçxK6íºõ­A¤¡wz¿/¯^g4g^Ù^i5‚ž ªÒ½šúwY2M½`(ôçxK8AÒ!6ƒ×\ æ!`9MlN g`¶ö¹b¼…[½šúwY2M½`(ôçxK?ΛŸß>ðTR°ù^ä·ðmt:syqUŽpjÎ>s½šúwY2M½`(ôçxKC—Úʃžc|µ ’ßC¼-/²¨õŸ&üzKÔÙu’½šúwY2M½`(ôçxKGÌa'⚆à:kï,ÔøÅZmkÛ6!hÃ,ã*Zß½šúwY2M½`(ôçxKQˆ1þs‚µÐ>Æ!"‹Š¶Ty½ ¿£ÅÁÐôœ0a5½šúwY2M½`(ôçxKZéIêˆUë“ä9ÛÆ[Ú.B…,/ßg‰úg6ãÃA+\½šúwY2M½`(ôçxKk€xäAŠ¦ë{³^`’ÏGžëŒäÍçÐrÌ´/f½šúwY2M½`(ôçxKlˆTGÕYâ“Q¸&Àl¸¿ï+”­585‡rÑ“ø.ÑʽšúwY2M½`(ôçxKo(ÿqÉÛÕ¯.{¿Ë«d|ÂeÝõ²“Ͷ&õ :x^½šúwY2M½`(ôçxKqòoÒ"I~T£Fb«$—üÈ wõhéãÙ¿Ëýcu½šúwY2M½`(ôçxKrk>¶Tj0óø=›–Îöpé¨ÑpŠqæ-Ä,#Á½šúwY2M½`(ôçxKrà½gÏ]V«Šß;ݼ‚¿2¨ØªŒ^/mò”(ÖؽšúwY2M½`(ôçxKx'¯™6,úðq}­ä±¿àCŠÑqÁZÝÂH·[øʤK²Å½šúwY2M½`(ôçxK¨¹e»„Ó‡k”)©TÌ•SϪØÈ£;ý3ÿð佚úwY2M½`(ôçxK‚Û;δöCΗÃч͛YAÍ=èXo+ÚV7W_g½šúwY2M½`(ôçxK‰Z—…öÊ~ÔOÁ¡G qóñ"8bÙÿÌ:âß’=¯½šúwY2M½`(ôçxKŠÖHYñ•µõ¯ª” jag¬ÖzˆnF“dr!ÅYE¹½šúwY2M½`(ôçxK‹ô4´žÌ÷¢ÍeËì;= <5¾P_ß{Õcõ!½šúwY2M½`(ôçxKŽ¢‰Ïç «seË(îQíÓ<òPmèˆû­Ö¿€H½šúwY2M½`(ôçxK™˜ÓcÄ‘¾½tº¹M’‘soܦC£fd¼1ZB½šúwY2M½`(ôçxKžJi1ah.Uýèþõ`ëˆìþܯfÀÊ÷²·4½šúwY2M½`(ôçxK¦µ6UÓ¢¯ G'Yykä¤ T•§ØiuLHH…t§½šúwY2M½`(ôçxK§ó/PN°þ­š~ùNѺ ì]æ÷ïoð¦+“¾ß]E½šúwY2M½`(ôçxK­h&á”m&Óêóh\ˆÙ}…Þ;MË=â®Ç`ÑùÂ$Q?¼eYW×5ú)õ@νšúwY2M½`(ôçxKØËë—5õg+6~O–ÍÇIia]JélrMBÎøóú½šúwY2M½`(ôçxKé,"ë;VBÖ\ÂÊòGÒYG8„D•oYâ°Ñú½šúwY2M½`(ôçxKýÝn=)ê„Çt=­JÛǵþÁ³‘ù2@†¬ÇÖÛؽšúwY2M½`(ôçxKþc¨Ox,ÉÓüòÌùüûÐ7`‡‡XÒb…íf›Ünm½šúwY2M½`(ôçxKþϲ2Ñ.™KmH],qgrŠ¥RY„­\¦u"š6½šúwY2M½`(ôçxKÊaJ~“”ŒÐþUÓ™ùÑ©nE AR'ÂÆ[½šúwY2M½`(ôçxKU¹› å=¼þHZ©Ç7Ï?¶ï=‘úµ™ª|«í§cµº½šúwY2M½`(ôçxKwÝ£ ˆÿ^; æb x  S^ˇæðˆŠ k/½šúwY2M½`(ôçxKÈ<±9"­™õ`tFuÝ7̔ܭZ˦G/î4qÙ9脽šúwY2M½`(ôçxK;‡S> ÃÐì¨#Ëð©AªØryÑÄ™€-Ñæ6¸©½šúwY2M½`(ôçxK“šîôõúQâ3@ÃòäHΈrRjý÷Rçó£ò¼Ÿ`I½šúwY2M½`(ôçxKdW[Ùxš.­Vö4R¯kø ùDxYuéðN-d×E½šúwY2M½`(ôçxKEÇÈ®u Ï»Hü7R}dÝdM®Ø‘<ÍŠ$ÉM…igߎiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ð€7ˆØ»z'º1¢ö!.ŒGí`Þ wB«6dðuÆV—jŽ ߤ‚–jµÖi^„­çrõ ò„’Ô¢å…;¼¬bìšü ÃkŠŸ0*û¿8v̧Çj’ÇD ·C:ìq$›åÚ˜-8aßä‹Ê“Òª à˜+Œ BootOrder€&(iAèìJO^ó.d:3~#Ú­ kgV“Z9'ˆ‹à2WÀ`gYQÅ!r’68®="Ê §÷ð ØTIüwŒ X4ïŸO5NÎÈôaĆ…"“×AÜY²=ªgr¬¹Â« £OǦaßä‹Ê“Òª à˜+ŒvBoot0002bubuntu*(PáÉì†$ûæG‹QZZÞÕ–4\EFI\ubuntu\shimx64.efiÿ€"¤öîšöÛ 5(Þ¶Ktµ‚ü+ 1—¾0¡` „ä½J¡T¿µFÏ.lö _Œ6*“ #­ Rañ/4 ½ŽFv bÖ´Õv¤ñþ¡ÆKÆV±ÒŽ¬÷zæégÅÒ©‹út˜naßä‹Ê“Òª à˜+Œ>Boot0000 ,UiAppɽ¸|ëø4Oªê>ä¯e¡!ª,FvEƒnŠ¶ôf#1ÿ€5Áy{fÎ0ý^ŸQ Pͽ©É“‡ +ç¤Yã Ç»xˆûX(9‡þ ÑÓÁ¾'kÉév“æ\I ¢S3Ç®Âà™04“Œ‰;<+Êö~ˆÃB£Õ†ö÷úâÆ¡$zžØiˆ mKä—Ôû¶aßä‹Ê“Òª à˜+Œ`Boot0001&UEFI nvme_card-pd ÐA ÿN¬ŸYM…âR,Y²€ÍÛE1¦ìA¾'Sº&7Öå÷òV =gr´øNÔu•×*,L_ýõ»rÇPâo*®âÆV3º w Ú²1+NW¨M†Z!å²îgz!*Ú ˜˜€xÓ×@ö4kþ º©8Ê Cšq(Calling EFI Application from Boot OptioniÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ð€Z­—˜9oKåôЙýé²¢fÕ ±‚ú_0Éd JJ2ÊŒI†û€#ä9c»Î°a‹ 0#š«ßüX"®¸(Ûj­ÜK.' o˜£åý8íè‰oædC§‡\ùà¯%E\€ äEFI PART\Kmbÿ_F"Þ_FNbÎS*aVF´hùP˜¤n€€)Úvׯ=ƃ„rGŽy=iØG}äªc0,êI’x–h/VxÞ_FHah!IdontNeedEFI9b—ôÕÓ–D¥Ò4µq‚ÿ'(s*ÁøÒºK É>É;áÉì†$ûæG‹QZZÞÕ–(ÿw€!ç”8XÈötßá&S×},96 .¤Ëj±ÓÜè-Týâmí$;£áçÆÒ*YOågˆ ›+¯psý›}ó i®~HE4P®{S³}áyÚuñu¸²íi÷Ó”PS³\¾ 0¤€«¼xx„ ÐA *(PáÉì†$ûæG‹QZZÞÕ–4\EFI\ubuntu\shimx64.efiÿ€šL|‰Z]@Ãa!ÿYÆþ&zL2à ƒ_”—ºÂ÷Áq›ÌKëç*N§×$Pˆï2ÒS[³ °¡›$9ZFî©yH=‘£Œ`#ß ª)m…A”ξ—öµèIÕzNkzŒœ|( È’­»o[ ÿPê ÿ4ü§!?x T ÂÇø®øÀRzŠÌmšÕŠ44køÂ<„å>L¯ë Fðþzà b0C³±J—ÚåAëµ]ä ¶›á¼Î ¡Åçzæ ²¸mi©;.² (hd0,gpt15)/EFI/ubuntu/grub.cfg Vk¢3ˆñ× }×°¨¶o×áè £ ßV ]D•é€áÄS´=†ãü/äœ*@u´©8 ©¤Þu3ÂëÆc´›jâK(ÕJã-ƒmâ±æzHu‚žõs U[8tu×ΗCgrub_cmd: search.fs_uuid 06e1e1ff-449b-426c-b154-7ae1cc646a2d root ÉÛؼ9(ù=AïAv£A]òÕ„ë g˜E·˜`Üî“Š~‡ |{}Ô+SIåF2»ú‚§@T Ç)# =Ø°ƒS—Æ9v<“þ–ÔãyÙ€ÐCÇø«£Èö ­ }›*ŒëÙv&8!e*grub_cmd: set prefix=(hd0,gpt1)/boot/grub ~…Ÿ³}W‚, Ó¶6ç…:ÿ Q7%|Üì Î~ ƒÁ ó÷ìñáÞF¸Ó/Iºew‘ ±ñ1¹nÅ`[åË:YwGõà3*t@ŒeËkeNò¨É úk‡U¼üZ‚,(hd0,gpt1)/boot/grub/x86_64-efi/command.lst ð‘e\zÇ1N°ß!“ÞGbb 2ü]èÀ¥Ü ~¶ Ê1§~³GU9áÙzECÜ¡¹²lW sá|>£mêWow(c “tiTò¾‘CëKvpas×Ù¦Œ2çÉt°ÿ\í‰`9'(hd0,gpt1)/boot/grub/x86_64-efi/fs.lst ÿÒ9Œñ R2””Ö:Îëòš vo8©I'þ›{Áè ð6>wŽÆèúê'.uÓüC ÇÐåAe°Òj`Ö;‘Ntw‚]^͇„ 6CLkÙVrTA¸*f¶X6½8úÔ+(hd0,gpt1)/boot/grub/x86_64-efi/crypto.lst f·&ÆÖKÁ Ó”Š•(õꔓŽô FøˆÅ/6ºù¶-`¼Bj1J­ZøjCb©%¡ßœ €$ýMñêýkº6Å–Ã:ûµ'ãkXÁŸ­ÎÔ{È®’øžóÊï#F³½T\ýØÞ-(hd0,gpt1)/boot/grub/x86_64-efi/terminal.lst „¾åh¯.2jÜãD+çÕ ‡M>æÕwm„tüºívÍÔO2W-„T3ïq84~†m} «ŒS¬ÌGÿïUĶr[KÚÇëcäí~ÂÕePë —JåFµß¶±¹ÆVŸG7­š×»3grub_cmd: configfile (hd0,gpt1)/boot/grub/grub.cfg Wí:I~!rÂ¥S¡\ª_ uË ý—¦Ý) +­'<5ùwÈ °vo¥›h_dz1þ£þ ~xÅYz¹8óK ~ËŸi’=È•p„¨X Là}»aôSïñå=!3,É(hd0,gpt1)/boot/grub/grub.cfg >\×êÜ.+/•mAù ãs/¸3 ~+4“º£ùäƨ6(-fµ…V’îDÔoâ ÛÁs V»Í†G¦å¿çÈqo6Îÿô¬¡´ÃïJÙôzlîh»ƒätf0¾×ÐSá*©u.grub_cmd: [ -s (hd0,gpt1)/boot/grub/grubenv ] ²~¾U…1—›dZBDµ^núÛM® .B4ÈQÝòQ°ÿÉ5î¹k{ïÔò߆šVâ‚ÞÂ?À d7>wÆ·ªÿPè¹e>¨Q×dƒ¥;Aþ×IìöÝðèÔŠé6ôvëU’…]¥(hd0,gpt1)/boot/grub/grubenv wÆ·ªÿPè¹e>¨Q×dƒ¥;Aþ×IìöÝðèÔŠé6ôvëU’…]¥(hd0,gpt1)/boot/grub/grubenv q ¿#|š½©A2H¾Ç°û Î$¼¼ µÍG3Œ ÇÕõDmy“nD: –±’§½e ".%på/r»™óï—ËuÔÞ:TUƒêMfV€g?t»'ÐÊ\³µŠ%ìxÎHQgrub_cmd: [ ] u@‘ E+»î0«â‰¯—>Í×àïk :‰@¿&u}ó6Œ¶Ô\òuo2>uÚöš—ÒѼX kö$/Ž°ÊrÆã¥ÔƦ.XXDdèF–Íg0nòÛŒö%•-_ÙªÞý9G—@grub_cmd: set default=0 õ°gåœ?g±›ƒo¾é複¡œÝ Eh6·X1¤-dZµ40/¹÷B­ª7·ýáR!]iâYû ±øÐ6®ý2ÎwêBn{=®ãxÝy®Ú–;,S‰‡‡–,éêåWÌéJgrub_cmd: [ xy = xy ] ½R å eüõÂÑ*‹è'~C€# ñ}MûK—ñbFc,!±¬!%É\ˆ™î埻46U †a•?QŒ‰Œ¹@|ƒ¦Tý¯˜Ò]™ËÃÑRUµ2ºÐD÷¦;)aîÑ龬f#grub_cmd: menuentry_id_option=--id bHY›® x̽¡…í/΂íAâ— Jð»7 ž;y‚}àL“^2Õ+R€GküPÓm†^ •-Î9©âƒî{=ï¶dü”*•˜½‹m ©„;(xnÇÂk¯¢Œ <ûˆÛ·µh%grub_cmd: export menuentry_id_option q ¿#|š½©A2H¾Ç°û Î$¼¼ µÍG3Œ ÇÕõDmy“nD: –±’§½e ".%på/r»™óï—ËuÔÞ:TUƒêMfV€g?t»'ÐÊ\³µŠ%ìxÎHQgrub_cmd: [ ] }ÂrÚ°╉a»™¢ãnÂJ ß$ñÊæ´(ýЛÁKß%_“ð]VÃw$…–÷=_ \ÓLîœâL¦ä¨ËFTûÏåŲòÙgo„Sèšiìô¡S°%ÿ{¤°:.*!grub_cmd: terminal_input console ^ Gõ4± ÖŠRU@æ þ×É0“J#'Ÿ¡w£˜‘ͯlÍ"¼ÌéjÍÑ ¤}T"ï "F¥[Äæö æôªÜ ]^€ºÎz´€¬“ &Ñu²æ‹£ iL"grub_cmd: terminal_output console ºE+ð ˆ(³]é‰À…8 ‚¤¡NC¤÷a®c(] ðZñ9ò`úå{, szó8+ ®aÄ[<%Èœê?}ÞädŽw`†÷Ö/´¹ÁÕaH¡¾¿Þj9SDV{SŒmðmžgrub_cmd: [ = 1 ] õ°gåœ?g±›ƒo¾é複¡œÝ Eh6·X1¤-dZµ40/¹÷B­ª7·ýáR!]iâYû ±øÐ6®ý2ÎwêBn{=®ãxÝy®Ú–;,S‰‡‡–,éêåWÌéJgrub_cmd: [ xy = xy ] Xy^…’Ùÿ;k9­ÖÛ©XïõG¢ aÊ¥OÂK¨³ç›æ?7Zót$NNÞŽ `€ £ú_» ŸvͧoØ.KE %ƒW§F.§Þä7zÐÙKHŸ}‹DçˆeBõÜŠñV#grub_cmd: set timeout_style=hidden 1¸æBþ“aïY™mµ'‚O" Íõ“¦ªªë•rC»Ž'ÙoLrnÅ#Í8)‚½ñúõM œE+¥¹¦LŽØÌ’·æœvÀÿéŸÀó‰@õ@´e¸kUh…ëZÌéñlï grub_cmd: set timeout=0.1  WT‰ZZœâ]ÆÂP&'Œ-cg |Ú•ý…‘‰ÐÇÂ̹ÀVr˜E‰ä€žÎæeÖ)Ï} i|`Íß}8k‘¢kÕQw}RÖ%®'ýanôBLWÔ²¹uR´„}b‡a£–¬,grub_cmd: set menu_color_normal=white/black Ô¥®Á¼ÊþÆT ÙË$:¤eØ7 oyŸàìµÄ»L•£ MÉ„” ;F>Â^DBF4Š* NîøÜĦ8†Êil­E‘=9"¹§òdºxð.€ \›f‚)ìÿ—,Lņ±M˜p4grub_cmd: set menu_color_highlight=black/light-gray B2‡¤ ‘Kµ—Û2ùf—Ñûž ð´³Â1‚Ž¢úJ,üåïÉÑ^™ÿ¹ÆsIÁ07A¯ zZÀyo¨/Núˆ¶!9…²ØxæIˆj™XvfÏ…ÅôwŠ£Ï„•,¦ÊÓó…SËgrub_cmd: [ != 1 ] ),ÎÒŽ6¨éèT ›ðãË6‘ ]ˆNRÐá‘Ø‚wǨS¨š-„GCÈ釴tØñÇæ ¥à|ü–qvk›¸8sÆÿKí}û¹'Õ°'=*ë¹0Û¤c 7 u ’Û×ÅI_¯§E>Ð7grub_cmd: [ -e (hd0,gpt1)/boot/grub/gfxblacklist.txt ] ‹Ó·zd}¹ˆ¶±êüi`ªE õå6]n—d”6,ƒâè€|ï¡OÔ¬f 2Q îÕTHˆ,»Ý¨ðFˆFY° grub_cmd: export linux_gfx_mode “½)€óÏ\µšQÅŽHâ·_€' I Œåñ¢Ði€©q»dBÁ"`ª£„•¤Õ²³ê ¹’ý£Öh”ÛbØ$O¡©Gšì‰ J#ÊûK‹—·6¦íêñ&y8I¿Žgrub_cmd: menuentry Ubuntu --class ubuntu --class gnu-linux --class gnu --class os --id gnulinux-simple-06e1e1ff-449b-426c-b154-7ae1cc646a2d { recordfail load_video gfxmode $linux_gfx_mode insmod gzio if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi insmod part_gpt insmod ext2 if [ x$feature_platform_search_hint = xy ]; then search --no-floppy --fs-uuid --set=root 06e1e1ff-449b-426c-b154-7ae1cc646a2d else search --no-floppy --fs-uuid --set=root 06e1e1ff-449b-426c-b154-7ae1cc646a2d fi linux /boot/vmlinuz-5.4.0-1046-gcp root=LABEL=cloudimg-rootfs ro console=ttyS0 initrd /boot/initrd.img-5.4.0-1046-gcp } Aáo|ãð»‰?¹qŒ‰ IY ©€ ›é ­­q8€Õ7yv• œ ŸÊ©¦+AÛ w(R É«ˆŽ ùKˆbkDz|-k¼¸¨©2K”:QI§D¾OÂ͈½SZÝ¥šœ&h·*ãK›+À-½grub_cmd: submenu Advanced options for Ubuntu --id gnulinux-advanced-06e1e1ff-449b-426c-b154-7ae1cc646a2d { menuentry 'Ubuntu, with Linux 5.4.0-1046-gcp' --class ubuntu --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-5.4.0-1046-gcp-advanced-06e1e1ff-449b-426c-b154-7ae1cc646a2d' { recordfail load_video gfxmode $linux_gfx_mode insmod gzio if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi insmod part_gpt insmod ext2 if [ x$feature_platform_search_hint = xy ]; then search --no-floppy --fs-uuid --set=root 06e1e1ff-449b-426c-b154-7ae1cc646a2d else search --no-floppy --fs-uuid --set=root 06e1e1ff-449b-426c-b154-7ae1cc646a2d fi echo 'Loading Linux 5.4.0-1046-gcp ...' linux /boot/vmlinuz-5.4.0-1046-gcp root=LABEL=cloudimg-rootfs ro console=ttyS0 echo 'Loading initial ramdisk ...' initrd /boot/initrd.img-5.4.0-1046-gcp } menuentry 'Ubuntu, with Linux 5.4.0-1046-gcp (recovery mode)' --class ubuntu --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-5.4.0-1046-gcp-recovery-06e1e1ff-449b-426c-b154-7ae1cc646a2d' { recordfail load_video insmod gzio if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi insmod part_gpt insmod ext2 if [ x$feature_platform_search_hint = xy ]; then search --no-floppy --fs-uuid --set=root 06e1e1ff-449b-426c-b154-7ae1cc646a2d else search --no-floppy --fs-uuid --set=root 06e1e1ff-449b-426c-b154-7ae1cc646a2d fi echo 'Loading Linux 5.4.0-1046-gcp ...' linux /boot/vmlinuz-5.4.0-1046-gcp root=LABEL=cloudimg-rootfs ro recovery nomodeset dis_ucode_ldr echo 'Loading initial ramdisk ...' initrd /boot/initrd.img-5.4.0-1046-gcp } } '?\€Á.“\7ÂÏãáa¼B׎ £t0• ƒp!ëÌùŒŒ1å“ãfB”6á55„Çìr ®Ø–¢±a!VÙ>Ò3Lj„f 4•ÍÉè–.‡cŸØÏAÉNŠH„áš+Áá1grub_cmd: [ -f (hd0,gpt1)/boot/grub/custom.cfg ] £2móBW^Qù¡ÈÕÑzïòÐ ÕGWX1¿oósƒ°·Žy #r£¦zÐÑÊ5Û û³†EHa±º§zaWm4,'ÀÐ%—d˜%ÎäLöX¯+ تI–ák›l2±ã;´Lgrub_cmd: [ -z (hd0,gpt1)/boot/grub -a -f (hd0,gpt1)/boot/grub/custom.cfg ] ÇjeëÚj£Ú«¼ÖH;ð ô ¿]¤fÀ÷x™ ÜÈú,Eaº’‘-_¼JÁãû £ {äû›ë‹"‚ÿФ~±6G&(Ô(KÙ®ŽŠt¨á_ „´cm·i*J`Ìgrub_cmd: setparams Ubuntu ˜ÐføÿÐFºË8±Œ¾é­§) ¥~~(nüNê‰e@ñ:8Ì’ä'{í‚ ígL”¿.­ °»…ÿxŸ%ÝcãAsk”ô¿:Íÿö ÓÿÊW‰ës}(£šömäf@Kû» Ú×grub_cmd: recordfail ºÁp…þõ6b¥ ï¿6hDÀtÿ d½¨ö[…׆‚H¢’ÄIf È÷PuÁ ‡®Y¤Û@á ³SϘ3›é«­ñ€Ø:¾µîîÀC³ò$v»]°º/Ca & óF ì³Á$í© l§¢grub_cmd: set recordfail=1 UÏÖF>ó4«¶´€€³>Àc©ÀQë ϤgoþuGçzf 3µ›>í4Ù³£Ò`‘«Y “J¯Éœ°§ËøwíEìüqHàÉ4ÐRk(&Å|“€,Éb<%’6‰Þ/ËbfŸãáágrub_cmd: [ -z ] ’^æ›|ŠÄ“|¾GÕÈSQØi´è× Î,Âwº;Ç[f!cëãp4MK®×_µ½@¶ºß .GÅä›óÉ4ôˆüÀsH•P¦M¶* | DÉÝœ*ù7d|‡½wã8>pž úgrub_cmd: save_env recordfail åžfÖì„ G$÷‘é)ñSáD v&«Ø¾tBÂåu6J>•Ë:;S»á†<ךæk eÍéŒû ‰q˜jˆÍøgrub_cmd: gfxmode keep .gmÝ›ð× Í\fØW2Þ{w¶ ¥‹wÏœIÀ¹yßgçòÁ“Óa>?ÄÉ똢µÐoÌ |^¡± ¦’ $á-µö¥°ënÓfÌëŠËDx…rB"õc#¤“ѳ©Xú|grub_cmd: set gfxpayload=keep RAµß¥†y‰]•÷Ÿú _BºKUê µ]„»° ^»ÆÊÝjœ´›5¿ÌlNùÅ;f ÷ÇDY» ø®$‘X‡œʳ¸¯”^ ÷±iw½e¨ \ˆÿ)Ëvó½Ögrub_cmd: [ keep = keep ] 0‹z½F+=ƒÐ³DM)õ0p4¡Ý± yvû‚[&Ú:ñýs$é2w7½ñ“‘ï›J¥×jŠl3 L)û lFtÔÆRîg¹Šb×TËòÕÜ ÚãÖn‚ǔė„ †*ç—aS$ý\=ûü²&9b…^ÒÛ)iù„VðÚ¶ªŠ¢âþ¼g)W†¨çê¤^6Í£úóÐ¥õü’ìM$ïJÙXFiY4¶Â² åkå+Ûâ÷Oûgrub_cmd: insmod part_gpt ¯?«¬ž\V¸/ «˜2‰ª»öï ¸8¤Ò† û±z·ö eY ›; ›1ØÒû áB¥”Ùˆý¥¦[$¤¤Œ,ô°6ÝwJ♯E·Ó; þ¤©iÓÀÚrºSùîê÷¦grub_cmd: insmod ext2 õ°gåœ?g±›ƒo¾é複¡œÝ Eh6·X1¤-dZµ40/¹÷B­ª7·ýáR!]iâYû ±øÐ6®ý2ÎwêBn{=®ãxÝy®Ú–;,S‰‡‡–,éêåWÌéJgrub_cmd: [ xy = xy ] •',ðõó3³áBÌzAŠO“Ç B v`"Ÿã?F&œ©¤jÖ†gÛ/^óušštÜ{-×k2 OžÖè5[>·9-SÅqÂ|Í£‹’xK#^Jc×]~‘„ÌÜFtÅSï˱Wgrub_cmd: search --no-floppy --fs-uuid --set=root 06e1e1ff-449b-426c-b154-7ae1cc646a2d Šum9 ‹ç-ä-Õ˜‹¾[•g>0Ø °à"P\¶êsv,‚·rôa–rú}Üä–ñ¢ ëìÇì ò!¢Ü_jž­›,§RÚ|uš'2ƒ÷„¦Vajg\y1íP‹o%ièR“\€8UÆYgrub_cmd: linux /boot/vmlinuz-5.4.0-1046-gcp root=LABEL=cloudimg-rootfs ro console=ttyS0 ÌÓK®Ý‚RôâÖˆ$t01ÜýðÚ ðÈŽÙÛmÞs(½Ëë&Û”í)¬‘¼»J]Ç›\ª—K ÆíÉ—Gôzõè¢9 ÑìIÈû©–°II¯o#~0~CKÝ´^Û—# ³ ±5Éeâ/boot/vmlinuz-5.4.0-1046-gcp çÐÐÍvw…—ó®Šéÿ $¦Ui 9ØÛÒ183­¤Þñ*š;äœÞL €”€ âô(£ ¼ŸýÁ ?¼Ùºî§¬•Y½Ìì§^èU„Êb\x&=†ê]Cû¼H‚3R›ŽŸñYE±¨Ykernel_cmdline: /boot/vmlinuz-5.4.0-1046-gcp root=LABEL=cloudimg-rootfs ro console=ttyS0 uáÜ4¨ŠU[ú˜ÛûÂa¬ w2 (q_ꢚ*å“a ‹öI–(`ćgPµá· Ø75Öδ ej)FÒ ‚%2à¨EY™îÌÀ²ˆñeÙ„1P|§È^'ñÚ¾[ž¢1grub_cmd: initrd /boot/initrd.img-5.4.0-1046-gcp ÓuªçÆñ€h²§'g¬Zœ5 ùÀ ”?5,z5|Jm›'5ží®8åž×íŸ8¤ÆªÚî Óøg¿g‘<S#öüª¡ ‚•iÄxÏ zçr^ú„õ®ËÐëx’;« /boot/initrd.img-5.4.0-1046-gcp€D:k{‚·¯VO.9<ÙÕ£ˆ·úJ˜ Ø=k{…­5Ž³¶®j‡:·ï#¢cRÅÜOªZîÚÏ^´ !K ïyu`4Hwt?Ü*S‚ºÆçbÖ$ÌóöT@|K­÷Øù)]ÓÚ½ïe²vwàExit Boot Services Invocation€GUEÝÉx׿Ð6úÌ~.˜HŸ µOuBËØr¨ꃛ+t|~½^¦a\@ô/D¦Ûë  .È]êç¥0­Œm ¨@ º¾l‰‰&ž• Œô@Æé—i^dÔUÄJe,Ѐö# t(Exit Boot Services Returned with Successgo-tpm-tools-0.4.7/internal/test/eventlogs/ubuntu-2104-no-dbx.bin000066400000000000000000001020401510276467000244560ustar00rootroot00000000000000)Spec ID Event03 0?p‹Û¯òfUµ@6GL  Ðüñ2¨ûõ¤á¥Œ×MÒ5}çP;[jýZy‰©Ž¾ m±‚.BÏ’4ö§ŠÅËIô›ÁÄ9?71a!‹¶ߊ÷¦ŒΦ‚ae‰¿ c0GCE Virtual Firmware v1žŠ÷Bqð@’U'Ár7i¬þ~ {tÞ£Lé´—U««èºÉ­R=ZÝìN/¢˜ã®hý'o §Mæ'¤­+{FñÔ (ë?^àU«Éˆ?,§Ù¾ßŽÈÈHüåª Ò/PÎxõ»ñ^ GCE NonHostInfo€WÍMÁ”BGZ¨'CHO;ªˆáB¸ Z¨'ÛÌûDÒ­žÏÚV½êb † ”¾Õ·¢{ºMØ Ï¤âÆõrb{ðmViÌ*±ƒXÒ{E¼cnÁ ϯ·@øG¦§K^®Ö·32ì5aßä‹Ê“Òª à˜+Œ SecureBoot€Z½”«ó>4§›=“ÓPçBØìØ Û»ã—fX…eÅ̘¢®¶äJ‘xÉñ“[ÒAóƒrD„» §cU<–w Ó¥æøàÁïÍòUZ÷Sú:jþCë{* ô¦øØäÝE–hó°àJaßä‹Ê“Òª à˜+Œ&PK¡YÀ¥ä”§J‡µ«\+ðr& ÒúÒˆ¤G—’[ªG»‰0‚ö0‚Þ  ÕJègƒ]ê0  *†H†÷  010 U newpk0 180821215115Z 180920215115Z010 U newpk0‚"0  *†H†÷ ‚0‚ ‚̹Õ|ømkcêÉbô “Éþã|,EÎ…RRH|ûC&¿ ¥‰°òÝÇ6èi•ªŒoТ#o4ÂO±žkÆú¸”ÁœŽp‡‘BÎi!“}ÚuŸ¿1 PÁï€#û¾;Vã ×Gê0¯Ô]©c‰¢ü9á–¡‡Ã=&²Ó¢lìÈ—×ÎÚ겕<³ÎŠÏÚ:Qˆ?%°K>ÌÝùÚÛQÕ‘š¡½ˆâñ´ñ³’·ãgæ­ŒjÜ'?ÜÔNlÁ½ïÞV*ÚY` yÓ©|WýQa7}ä·n•ðR›CžÜH<ͼ9Ÿ£èG F¸6Ü’³•¨ÎJãF#XK£S0Q0U˜P„Bó/Û—‚'(—t1F^`ËÅ0U#0€˜P„Bó/Û—‚'(—t1F^`ËÅ0Uÿ0ÿ0  *†H†÷  ‚Š¡R?ªç½°$«‹­2°Iý{4Ë;€v`=ŽÜÊkiÂ[”踜Œ,×¼¬}‚YõÄ.¢l¥ì˜ð1#6øË0ƒg::+b!`,ºõ.ù(nÊfpX(†gi„l'X%œPép¸`nT…J¯mE¦[4ü&M<á»$.yàÑȬ|Ù8GCk3PWãsž¦‡ÝÃâJüs{K ‡Çƒ 6Zêi‡@„ ,”€/=®=ËpÄ5¹>q²£Æ­Ø$?}`«o îzšÏuŸèL«ÍQ‡hX3²Ù¼8%*˜KEûg3›%œ?¬¤CDÌÍÓÈ ná€ðPy¶ÌBé.èZtÙÂviÀâ b&GØ[Šd}-.f‚Áb {l¦·"ZfWÂVµ‚ À§¦@“íy΋V—=ÞöÚ‘¿ ëW’³ÈBB7Bµ)C¥‹ß#(¤4“~2xˆ>aßä‹Ê“Òª à˜+ŒKEK¡YÀ¥ä”§J‡µ«\+ðrüÒúÒˆ¤G—’[ªG»‰0‚è0‚Р a ш0  *†H†÷  0‘1 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110624204129Z 260624205129Z0€1 0 UUS10U Washington10URedmond10U Microsoft Corporation1*0(U!Microsoft Corporation KEK CA 20110‚"0  *†H†÷ ‚0‚ ‚Ä赊¿­W&°&ÃêçûWzD] ÚJåt*æ°ìmëì¹ãZc2|Oã §8“ŽÆõà„±š›,çõ·‘Ö áâÀ¨¬0ßHóPšd§QÈ…O †Îþ/áŸÿ‚ÀíéÍÎôSjb: C¹â%ýþùÔÄ«â#‰p·¤Mì®åœúÂ×ÁËÔèÄ/å™î$‹ìò‹êÃJûC ~µG’lÜæ‰ëõ3ë*qåùƒ<ÿ% /hvFÿºO¾Ü­q*XªûÒy=ä›e;Ì)*ŸürY¢ë®’ïö5€Æìä_ÌvÍïc’Á¯y@„y‡ãR¨è{i£‚O0‚K0 +‚70UbüCÍ >¤ËgÒ[ÙU¬{̶Š_0 +‚7  SubCA0 U†0Uÿ0ÿ0U#0€EfRCá~X¿ÖNž#U;:"j¨0\UU0S0Q O M†Khttp://crl.microsoft.com/pki/crl/products/MicCorThiParMarRoo_2010-10-05.crl0`+T0R0P+0†Dhttp://www.microsoft.com/pki/certs/MicCorThiParMarRoo_2010-10-05.crt0  *†H†÷  ‚Ô„ˆõ”Ê*<û*’ × ÑñèRf¨î¢µuzª-¤vZêy·¹7jQ{döádòg¾÷¨x½ºÎˆXd ÖWÈ£_ÖÛÆÐiÎHK2·ë]Ò0õÀõ¸ºx£+þ›Û4V„ì‚Ê®A%pœkéþ×–å甲* Kÿ(){÷×|¥Ñv¹Èyí’œÂþßo~l{ÔÁEÝ4Q–9å^VØ–ô¦B³ wýòqVÌŸ†#¤‡Ë¦ýX~Ôig‘~òå ‹Š<‡„ëãνCå­-„“Žj+Z|DúRªÈ-»àRßøš=Á`°á3µ£ˆÑe ç¬|¤Á‚‡N8±/ Ňoý.¼9¶çæÃàäÍ'„ï”Bï)‹FA;gØùCYeË ¼ý’Oôu;§©$üPA@yà-O j'vnRí–i{¯÷‡ÐE­Sû0ª76aÚJi4ØhíÖÏl” ÓÏl"y­±ð¼¢F`©ÄÂ!‚ñýòèy2`¿Ø¬¥"KÊÁØKë}?W5²æOu´°`"S®‘yÖ›A†Tp²Þ 5|°4rº—`;ðy뢲]¢¸‡Åéöµ—%o8Ÿã‘úŠy˜Ãi·£ —øÊ®×ÄóÀuk4 µ™`ó\°ÅWN6Ò2„¿ž€ ¢œ'û¢a€`³"ÇÉr bº8ÄŠ”bù‡tņéÙTç)!³¥%A$¶62̯Z 5 Íbº¾öúà[î|<å(ó(yÓwŒ6ù»ñêóbB:؛Ȧ’ƒ­(!Åü7k ˲×:=–E£¼ÚÐgeoG db¡YÀ¥ä”§J‡µ«\+ðr@$ÒúÒˆ¤G—’[ªG»‰0‚0‚ø  aÓÄ0  *†H†÷  0‘1 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110627212245Z 260627213245Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1+0)U"Microsoft Corporation UEFI CA 20110‚"0  *†H†÷ ‚0‚ ‚¥lLÇE jK ¤À‡u CTdàí’} ²s¿ ÆJEa Å-–Óõ+ ûMI›A€<¹Týæ¼ÑĤŠAŠ\Yƒh2»ŒGÉîq¼!OšŠ|ÿD?2²&H®uµîÉLJ~ä‚šxwM °½öÓÓ¼ú+¥Q8]õûºÛxÛÿì –Õƒ¸é¶À{@{á('ÉúïV^æ~”~ÀðD²y9åÚ²b‹M¿8pâh$É3¤7ÕXi^Ó|íÁSçN°*‡caocYê²+y× agŠ[ý^­‡º†gOqX"""΋ïTqÎP5Xv•îj±¢Õ£‚v0‚r0 +‚70# +‚7øÁk·wSJó%7N¡&{ p€0U­¿C ½‚pœŒÕO1nÕ"˜ŠÔ0 +‚7  SubCA0 U†0Uÿ0ÿ0U#0€EfRCá~X¿ÖNž#U;:"j¨0\UU0S0Q O M†Khttp://crl.microsoft.com/pki/crl/products/MicCorThiParMarRoo_2010-10-05.crl0`+T0R0P+0†Dhttp://www.microsoft.com/pki/certs/MicCorThiParMarRoo_2010-10-05.crt0  *†H†÷  ‚5Bÿ0ÌÎ÷v ­hX5)F2v'|ïA'BJªm8HYUóéX4¦ ‚ª]­‚Ú€ƒA´ò¹ó]ñPù³U„B( ½²®QÅÀ¬—•!Ûüwž•s‘ˆÊ½½R¹P ßWž aí åm%Ù@@ÈΣJÂM¯šT½Ç¼¹+=I+2üj!iO›È~B4ü6‹ @À³š%u'ÍÉ£ö]Ñç6Tz¹PµÓÑ¿»tßÜ€Õíô/k/ÞfŒ°#åÇ„ØíêÁ3‚­VK-ñh•ÍÏðrð®»Ý†…˜,!L3+ðJðh‡µ’U2u¡j‚j<£%¤í­×®ËØ@Y „Ñ•Lb‘"tŒ=GD¦ä°›45±ú¶S¨,ì¤qȸºèDfäGTŽV³Ÿ˜²†Ðh>#µ/^P…Æ‚_A¡ô. à™Òluä¶iµ!†úÑöâMÑÚ­,wS%27ÇlRr•†°ñ5ajõ²;PV¦2-þ¢‰ùB†'U¡‚ÊZ›ø0˜T¦G–%/È&äA”\?å–ã…[<>?»GrUâ%"±Ù{ç*£÷Fà Ö‰ã5'bq¦ïÐ'  Y7`ø8”¸àxpøºL†‡”öà®Eîe¶£~iu’›õ¦¼YƒX¡YÀ¥ä”§J‡µ«\+ðrëÒúÒˆ¤G—’[ªG»‰0‚×0‚¿  avV0  *†H†÷  0ˆ1 0 UUS10U Washington10URedmond10U Microsoft Corporation1200U)Microsoft Root Certificate Authority 20100 111019184142Z 261019185142Z0„1 0 UUS10U Washington10URedmond10U Microsoft Corporation1.0,U%Microsoft Windows Production PCA 20110‚"0  *†H†÷ ‚0‚ ‚Ý »¢ä. ãçÅ÷–i¼!½i33ï­ËT€îƒ»Å „Ù÷Ò‹ó8°«¤­-|byÿãJ?5 pãÄçkàœÀ6uéŠ1ÝpåÜ7µtF–([‡`#,¿ÜG¥g÷Q'žrë¦É¹;S5|åÓì'¹‡þ¹É# o¨F‘Án–http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0  *†H†÷  ‚ü|qQ¥yÂn²ï9>¼«\`ìß¨Ó éôö–…¶QˆfG¢°=*hw»‘Lb{¶ÁǺz‡4Kbz™éÊüÎJ7É-¤W|þ=ܸZúÖij…:ê³Ùnäi!7ÞÑöugÓ“W^)9Èî-áÍäEs[ÐÒÎz«‚FXÐ^³g¯l5ò¼å?$â5¢ uöV™Ôx,ÑëЈªñߺ~,c·›#!ÄùxlâX6+‘̤Ùò-ºù”@íEñΊ\k>«Óp* jà_GÑÕc 2ò¯×6*pZåBYqKWº~ƒð!<ôÁŹ“ˆE“†é± ™¾˜ËÅ•¤]bÖ c ½uw}=óE¹Ÿ—ŸËW€o3©Ïw¤bY~€sD$ÉþÇÄ –ô·Lˆs;^ Ÿu¶‚;ÿjñJN 6qœÝT<¼+ñÞŽ~ôÐíùKù ÌnðÆꙪ#ø¢€B>”­Ùm ëQ€POÀ÷¤ ³aÓ›Ö©^Áh †íj°ù‚&˲×:=–E£¼ÚÐgeodbxiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ð€¶ ëïp®$Ùþ‘=ÐÆÒ´àØ ÀI AP“Ç á«¡õO‡®wG"1Ëôí@¦„vÔŠFQUã ¬uŠôlž¨øc%CÄD0mÐlÊžüŽÏ9l0•ô{¦“¼ðaèuŸÁ9‰:aßä‹Ê“Òª à˜+Œ BootOrder€ÝèxÍ®C×ZG™šèrº‘\ê‰ ´¯¡O¦ÝR¡Õ(g½ÒN½}œŒù¯ƒÁ4•;- SÞuÒ¦# 7 ÷ÝÛŒ ´Á8Ã¥>ªT|Þd<Ú $äDÇN-bæÀa1ÂîU¦aßä‹Ê“Òª à˜+ŒvBoot0003bubuntu*(P@÷¦nï%iBƒo!ëò4\EFI\ubuntu\shimx64.efiÿ€"¤öîšöÛ 5(Þ¶Ktµ‚ü+ 1—¾0¡` „ä½J¡T¿µFÏ.lö _Œ6*“ #­ Rañ/4 ½ŽFv bÖ´Õv¤ñþ¡ÆKÆV±ÒŽ¬÷zæégÅÒ©‹út˜naßä‹Ê“Òª à˜+Œ>Boot0000 ,UiAppɽ¸|ëø4Oªê>ä¯e¡!ª,FvEƒnŠ¶ôf#1ÿ€íÛèÄA+ù˜‡™Ô{ãÚ7ô ¨°ex,ÿ¾ÿÝhŒõE |–0«fe×*©%|òÛ6 œ o o½6Y?WÀ–:Ø9…qM–t–NDrG([Æ C(nàm¥ «ˆõ»/Kžœaßä‹Ê“Òª à˜+ŒlBoot0001UEFI Google PersistentDisk  ÐA ÿN¬ŸYM…âR,Y²€1—‰À=^—§t®Êì’ôŸ ¡:‰‹ƒf4¦,açÎÔêZï½®ZšÚ9¬¯„—¬º €¡Þ|Óׇdz,xEÊx´}Ùö£3Q®'àcsD[góÙDó¬]¦4KËøiƒaßä‹Ê“Òª à˜+ŒSBoot0002!VirtScsi(0,3,0) DiskVirtScsi(0,3,0) Diskÿ€ÍÛE1¦ìA¾'Sº&7Öå÷òV =gr´øNÔu•×*,L_ýõ»rÇPâo*®âÆV3º w Ú²1+NW¨M†Z!å²îgz!*Ú ˜˜€xÓ×@ö4kþ º©8Ê Cšq(Calling EFI Application from Boot OptioniÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ð€PîÏÎÂPȱÓV©!~ ל*n -i¤­¿_XÉWý¶®Ü†êzPÉ;@÷¦nï%iBƒo!ëò(ÿw€’æì“` žÇò:ßN¥U;N#d Ùœ“ü°BÛå'»Þ7uüðÝ[ ˆ¡•ÔLÅu6öõ! Øœ‘h±V%\miVÑY4"¼PDm)Áªª†ÿð¦3ó$¬Á.TtyÎP§Zœ@Þ½À’| ÐA *(P@÷¦nï%iBƒo!ëò4\EFI\ubuntu\shimx64.efiÿ h¼ì`åÃòûÝš©ª‘Ú’ü‰?) /k VGd̦t^Í—‰Žtí8‘ÇÆ<æñ}È&J 3Wêe_ ŒªÂeÏÕè |Ç%O£ñåê4Z‡<÷aG*/#ñR—õ\þ$MokList â„¿YM¬Þ5€÷±r=¼Û_5÷ öE< Ñ{Q6¬íŒa,èìmŒï§ü÷Ìèæ™ß óÌu¥$¿·êr¥×Á9·Z>¨|rJ+T¯ù*œGÿȯÂê“Ò8Myƒ% (hd0,gpt15)/EFI/ubuntu/grub.cfg N+RKšð hò$÷\5pï`>j !2á㸗kd`/3Âgëé%×Ò¬Ç%–µE ¤ ì|;J®( ‡ ô¹pµ!ã5W²ÍiµæilæK%†’Ó0ÆþÀ‚˜«f­³Ó†bHCgrub_cmd: search.fs_uuid c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a root ÉÛؼ9(ù=AïAv£A]òÕ„ë g˜E·˜`Üî“Š~‡ |{}Ô+SIåF2»ú‚§@T Ç)# =Ø°ƒS—Æ9v<“þ–ÔãyÙ€ÐCÇø«£Èö ­ }›*ŒëÙv&8!e*grub_cmd: set prefix=(hd0,gpt1)/boot/grub ~…Ÿ³}W‚, Ó¶6ç…:ÿ Q7%|Üì Î~ ƒÁ ó÷ìñáÞF¸Ó/Iºew‘ ±ñ1¹nÅ`[åË:YwGõà3*t@ŒeËkeNò¨É úk‡U¼üZ‚,(hd0,gpt1)/boot/grub/x86_64-efi/command.lst ð‘e\zÇ1N°ß!“ÞGbb 2ü]èÀ¥Ü ~¶ Ê1§~³GU9áÙzECÜ¡¹²lW sá|>£mêWow(c “tiTò¾‘CëKvpas×Ù¦Œ2çÉt°ÿ\í‰`9'(hd0,gpt1)/boot/grub/x86_64-efi/fs.lst ÿÒ9Œñ R2””Ö:Îëòš vo8©I'þ›{Áè ð6>wŽÆèúê'.uÓüC ÇÐåAe°Òj`Ö;‘Ntw‚]^͇„ 6CLkÙVrTA¸*f¶X6½8úÔ+(hd0,gpt1)/boot/grub/x86_64-efi/crypto.lst f·&ÆÖKÁ Ó”Š•(õꔓŽô FøˆÅ/6ºù¶-`¼Bj1J­ZøjCb©%¡ßœ €$ýMñêýkº6Å–Ã:ûµ'ãkXÁŸ­ÎÔ{È®’øžóÊï#F³½T\ýØÞ-(hd0,gpt1)/boot/grub/x86_64-efi/terminal.lst „¾åh¯.2jÜãD+çÕ ‡M>æÕwm„tüºívÍÔO2W-„T3ïq84~†m} «ŒS¬ÌGÿïUĶr[KÚÇëcäí~ÂÕePë —JåFµß¶±¹ÆVŸG7­š×»3grub_cmd: configfile (hd0,gpt1)/boot/grub/grub.cfg 5¦ël}ú¹Ñ5ùi’nQV `±yi (JVý#Äê†Ç… KèÎ>-¤’ ¶S Û³vI‰{o}4R§NkƒÓÀYH„”Ÿá¼Ó蹞%ÅÍ£¥Ói Ù¡(hd0,gpt1)/boot/grub/grub.cfg >\×êÜ.+/•mAù ãs/¸3 ~+4“º£ùäƨ6(-fµ…V’îDÔoâ ÛÁs V»Í†G¦å¿çÈqo6Îÿô¬¡´ÃïJÙôzlîh»ƒätf0¾×ÐSá*©u.grub_cmd: [ -s (hd0,gpt1)/boot/grub/grubenv ] ÏòÈ•”C ˆ˜‡þ!*Cݽ«]2Fgrub_cmd: [ = 2 ] ºE+ð ˆ(³]é‰À…8 ‚¤¡NC¤÷a®c(] ðZñ9ò`úå{, szó8+ ®aÄ[<%Èœê?}ÞädŽw`†÷Ö/´¹ÁÕaH¡¾¿Þj9SDV{SŒmðmžgrub_cmd: [ = 1 ] q ¿#|š½©A2H¾Ç°û Î$¼¼ µÍG3Œ ÇÕõDmy“nD: –±’§½e ".%på/r»™óï—ËuÔÞ:TUƒêMfV€g?t»'ÐÊ\³µŠ%ìxÎHQgrub_cmd: [ ] u@‘ E+»î0«â‰¯—>Í×àïk :‰@¿&u}ó6Œ¶Ô\òuo2>uÚöš—ÒѼX kö$/Ž°ÊrÆã¥ÔƦ.XXDdèF–Íg0nòÛŒö%•-_ÙªÞý9G—@grub_cmd: set default=0 õ°gåœ?g±›ƒo¾é複¡œÝ Eh6·X1¤-dZµ40/¹÷B­ª7·ýáR!]iâYû ±øÐ6®ý2ÎwêBn{=®ãxÝy®Ú–;,S‰‡‡–,éêåWÌéJgrub_cmd: [ xy = xy ] ½R å eüõÂÑ*‹è'~C€# ñ}MûK—ñbFc,!±¬!%É\ˆ™î埻46U †a•?QŒ‰Œ¹@|ƒ¦Tý¯˜Ò]™ËÃÑRUµ2ºÐD÷¦;)aîÑ龬f#grub_cmd: menuentry_id_option=--id bHY›® x̽¡…í/΂íAâ— Jð»7 ž;y‚}àL“^2Õ+R€GküPÓm†^ •-Î9©âƒî{=ï¶dü”*•˜½‹m ©„;(xnÇÂk¯¢Œ <ûˆÛ·µh%grub_cmd: export menuentry_id_option q ¿#|š½©A2H¾Ç°û Î$¼¼ µÍG3Œ ÇÕõDmy“nD: –±’§½e ".%på/r»™óï—ËuÔÞ:TUƒêMfV€g?t»'ÐÊ\³µŠ%ìxÎHQgrub_cmd: [ ] }ÂrÚ°╉a»™¢ãnÂJ ß$ñÊæ´(ýЛÁKß%_“ð]VÃw$…–÷=_ \ÓLîœâL¦ä¨ËFTûÏåŲòÙgo„Sèšiìô¡S°%ÿ{¤°:.*!grub_cmd: terminal_input console ^ Gõ4± ÖŠRU@æ þ×É0“J#'Ÿ¡w£˜‘ͯlÍ"¼ÌéjÍÑ ¤}T"ï "F¥[Äæö æôªÜ ]^€ºÎz´€¬“ &Ñu²æ‹£ iL"grub_cmd: terminal_output console ºE+ð ˆ(³]é‰À…8 ‚¤¡NC¤÷a®c(] ðZñ9ò`úå{, szó8+ ®aÄ[<%Èœê?}ÞädŽw`†÷Ö/´¹ÁÕaH¡¾¿Þj9SDV{SŒmðmžgrub_cmd: [ = 1 ] õ°gåœ?g±›ƒo¾é複¡œÝ Eh6·X1¤-dZµ40/¹÷B­ª7·ýáR!]iâYû ±øÐ6®ý2ÎwêBn{=®ãxÝy®Ú–;,S‰‡‡–,éêåWÌéJgrub_cmd: [ xy = xy ] Xy^…’Ùÿ;k9­ÖÛ©XïõG¢ aÊ¥OÂK¨³ç›æ?7Zót$NNÞŽ `€ £ú_» ŸvͧoØ.KE %ƒW§F.§Þä7zÐÙKHŸ}‹DçˆeBõÜŠñV#grub_cmd: set timeout_style=hidden 1¸æBþ“aïY™mµ'‚O" Íõ“¦ªªë•rC»Ž'ÙoLrnÅ#Í8)‚½ñúõM œE+¥¹¦LŽØÌ’·æœvÀÿéŸÀó‰@õ@´e¸kUh…ëZÌéñlï grub_cmd: set timeout=0.1 UÏÖF>ó4«¶´€€³>Àc©ÀQë ϤgoþuGçzf 3µ›>í4Ù³£Ò`‘«Y “J¯Éœ°§ËøÂ^DBF4Š* NîøÜĦ8†Êil­E‘=9"¹§òdºxð.€ \›f‚)ìÿ—,Lņ±M˜p4grub_cmd: set menu_color_highlight=black/light-gray ðêŽ~”ÁÞh.Ól6|ŽÈ¡ûÙ Ø’üEq›sc¸òC¨«·W}³6ge2‡f üÂLE¢ Ò€õ’fr¤¸ñ…Ï«)Û‚óõj¡$Êdåq ÔW†K?@’JýSE.ã}¯<grub_cmd: set partuuid=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f B2‡¤ ‘Kµ—Û2ùf—Ñûž ð´³Â1‚Ž¢úJ,üåïÉÑ^™ÿ¹ÆsIÁ07A¯ zZÀyo¨/Núˆ¶!9…²ØxæIˆj™XvfÏ…ÅôwŠ£Ï„•,¦ÊÓó…SËgrub_cmd: [ != 1 ] ),ÎÒŽ6¨éèT ›ðãË6‘ ]ˆNRÐá‘Ø‚wǨS¨š-„GCÈ釴tØñÇæ ¥à|ü–qvk›¸8sÆÿKí}û¹'Õ°'=*ë¹0Û¤c 7 u ’Û×ÅI_¯§E>Ð7grub_cmd: [ -e (hd0,gpt1)/boot/grub/gfxblacklist.txt ] ‹Ó·zd}¹ˆ¶±êüi`ªE õå6]n—d”6,ƒâè€|ï¡OÔ¬f 2Q îÕTHˆ,»Ý¨ðFˆFY° grub_cmd: export linux_gfx_mode Ïdëuëå\µB¯Bï G¸b€ W}·4`áÛ2ãÜSt»‰slù9twÜÁäÔúÑbY º>˜‘ SM©Ñ‡(`8äaÇAe§ÿaâ.žøÿÜ• 2þ½6’-møíˆgrub_cmd: menuentry Ubuntu --class ubuntu --class gnu-linux --class gnu --class os --id gnulinux-simple-c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a { recordfail load_video gfxmode $linux_gfx_mode insmod gzio if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi insmod part_gpt insmod ext2 set root='hd0,gpt1' if [ x$feature_platform_search_hint = xy ]; then search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1 c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a else search --no-floppy --fs-uuid --set=root c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a fi if [ "${initrdfail}" = 1 ]; then echo 'GRUB_FORCE_PARTUUID set, initrdless boot failed. Attempting with initrd.' linux /boot/vmlinuz-5.11.0-1008-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro scsi_mod.use_blk_mq=Y ima_hash=sha256 console=ttyS0 initrd /boot/initrd.img-5.11.0-1008-gcp else echo 'GRUB_FORCE_PARTUUID set, attempting initrdless boot.' linux /boot/vmlinuz-5.11.0-1008-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro scsi_mod.use_blk_mq=Y ima_hash=sha256 console=ttyS0 panic=-1 fi initrdfail } ¯md Q T¬¹ºâ EüOÝžªOö SVã$ºv 3ùd&þȪ…lI`µ@­/Õ7@0cæB „ÛÓ0'D~5²ªEY쨵]Y´Ë¸aœ^iË7—„±Ç•X#ê Ìa@k5ŸŸ]´«Ngrub_cmd: submenu Advanced options for Ubuntu --id gnulinux-advanced-c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a { menuentry 'Ubuntu, with Linux 5.11.0-1008-gcp' --class ubuntu --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-5.11.0-1008-gcp-advanced-c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a' { recordfail load_video gfxmode $linux_gfx_mode insmod gzio if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi insmod part_gpt insmod ext2 set root='hd0,gpt1' if [ x$feature_platform_search_hint = xy ]; then search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1 c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a else search --no-floppy --fs-uuid --set=root c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a fi echo 'Loading Linux 5.11.0-1008-gcp ...' if [ "${initrdfail}" = 1 ]; then echo 'GRUB_FORCE_PARTUUID set, initrdless boot failed. Attempting with initrd.' linux /boot/vmlinuz-5.11.0-1008-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro scsi_mod.use_blk_mq=Y ima_hash=sha256 console=ttyS0 echo 'Loading initial ramdisk ...' initrd /boot/initrd.img-5.11.0-1008-gcp else echo 'GRUB_FORCE_PARTUUID set, attempting initrdless boot.' linux /boot/vmlinuz-5.11.0-1008-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro scsi_mod.use_blk_mq=Y ima_hash=sha256 console=ttyS0 panic=-1 fi initrdfail } menuentry 'Ubuntu, with Linux 5.11.0-1008-gcp (recovery mode)' --class ubuntu --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-5.11.0-1008-gcp-recovery-c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a' { recordfail load_video insmod gzio if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi insmod part_gpt insmod ext2 set root='hd0,gpt1' if [ x$feature_platform_search_hint = xy ]; then search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1 c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a else search --no-floppy --fs-uuid --set=root c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a fi echo 'Loading Linux 5.11.0-1008-gcp ...' if [ "${initrdfail}" = 1 ]; then echo 'GRUB_FORCE_PARTUUID set, initrdless boot failed. Attempting with initrd.' linux /boot/vmlinuz-5.11.0-1008-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro recovery nomodeset dis_ucode_ldr scsi_mod.use_blk_mq=Y ima_hash=sha256 echo 'Loading initial ramdisk ...' initrd /boot/initrd.img-5.11.0-1008-gcp else echo 'GRUB_FORCE_PARTUUID set, attempting initrdless boot.' linux /boot/vmlinuz-5.11.0-1008-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro recovery nomodeset dis_ucode_ldr scsi_mod.use_blk_mq=Y ima_hash=sha256 panic=-1 fi initrdfail } menuentry 'Ubuntu, with Linux 5.11.0-1007-gcp' --class ubuntu --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-5.11.0-1007-gcp-advanced-c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a' { recordfail load_video gfxmode $linux_gfx_mode insmod gzio if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi insmod part_gpt insmod ext2 set root='hd0,gpt1' if [ x$feature_platform_search_hint = xy ]; then search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1 c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a else search --no-floppy --fs-uuid --set=root c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a fi echo 'Loading Linux 5.11.0-1007-gcp ...' if [ "${initrdfail}" = 1 ]; then echo 'GRUB_FORCE_PARTUUID set, initrdless boot failed. Attempting with initrd.' linux /boot/vmlinuz-5.11.0-1007-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro scsi_mod.use_blk_mq=Y ima_hash=sha256 console=ttyS0 echo 'Loading initial ramdisk ...' initrd /boot/initrd.img-5.11.0-1007-gcp else echo 'GRUB_FORCE_PARTUUID set, attempting initrdless boot.' linux /boot/vmlinuz-5.11.0-1007-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro scsi_mod.use_blk_mq=Y ima_hash=sha256 console=ttyS0 panic=-1 fi initrdfail } menuentry 'Ubuntu, with Linux 5.11.0-1007-gcp (recovery mode)' --class ubuntu --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-5.11.0-1007-gcp-recovery-c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a' { recordfail load_video insmod gzio if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi insmod part_gpt insmod ext2 set root='hd0,gpt1' if [ x$feature_platform_search_hint = xy ]; then search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1 c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a else search --no-floppy --fs-uuid --set=root c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a fi echo 'Loading Linux 5.11.0-1007-gcp ...' if [ "${initrdfail}" = 1 ]; then echo 'GRUB_FORCE_PARTUUID set, initrdless boot failed. Attempting with initrd.' linux /boot/vmlinuz-5.11.0-1007-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro recovery nomodeset dis_ucode_ldr scsi_mod.use_blk_mq=Y ima_hash=sha256 echo 'Loading initial ramdisk ...' initrd /boot/initrd.img-5.11.0-1007-gcp else echo 'GRUB_FORCE_PARTUUID set, attempting initrdless boot.' linux /boot/vmlinuz-5.11.0-1007-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro recovery nomodeset dis_ucode_ldr scsi_mod.use_blk_mq=Y ima_hash=sha256 panic=-1 fi initrdfail } } ]e¸Õ.@ݧÐZÈ î[± ^Û@^%íÃ!2£Í³Ü&H5Ý+vꔄ„9,« tÍ”ìÔøU†y¥îAžÏG¤N  IA]¥„¼Áþφ`00 ̸‚xY‹Ígrub_cmd: menuentry Ubuntu 21.04 (21.04) (on /dev/sda1) --class ubuntu --class gnu-linux --class gnu --class os --id osprober-gnulinux-simple-c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a { insmod part_gpt insmod ext2 set root='hd0,gpt1' if [ x$feature_platform_search_hint = xy ]; then search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1 c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a else search --no-floppy --fs-uuid --set=root c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a fi linux /boot/vmlinuz-5.11.0-1007-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro scsi_mod.use_blk_mq=Y ima_hash=sha256 console=ttyS0 panic=-1 initrd /boot/initrd.img-5.11.0-1007-gcp } öø´Ó¯e÷PžŸÀ“VÛ45•ÿ ƒôõõB¹$e±&uT?æ˜AÅýXF«ÆùGa¾AQO¹€ N*O×ò ¯’Rè⽪µ› øe®V»©¢ˆRï¦eT#¶Ö œ$S„ `G grub_cmd: submenu Advanced options for Ubuntu 21.04 (21.04) (on /dev/sda1) --id osprober-gnulinux-advanced-c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a { menuentry 'Ubuntu (on /dev/sda1)' --class gnu-linux --class gnu --class os $menuentry_id_option 'osprober-gnulinux-/boot/vmlinuz-5.11.0-1007-gcp--c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a' { insmod part_gpt insmod ext2 set root='hd0,gpt1' if [ x$feature_platform_search_hint = xy ]; then search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1 c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a else search --no-floppy --fs-uuid --set=root c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a fi linux /boot/vmlinuz-5.11.0-1007-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro scsi_mod.use_blk_mq=Y ima_hash=sha256 console=ttyS0 panic=-1 initrd /boot/initrd.img-5.11.0-1007-gcp } menuentry 'Ubuntu, with Linux 5.11.0-1007-gcp (on /dev/sda1)' --class gnu-linux --class gnu --class os $menuentry_id_option 'osprober-gnulinux-/boot/vmlinuz-5.11.0-1007-gcp--c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a' { insmod part_gpt insmod ext2 set root='hd0,gpt1' if [ x$feature_platform_search_hint = xy ]; then search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1 c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a else search --no-floppy --fs-uuid --set=root c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a fi linux /boot/vmlinuz-5.11.0-1007-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro scsi_mod.use_blk_mq=Y ima_hash=sha256 console=ttyS0 panic=-1 initrd /boot/initrd.img-5.11.0-1007-gcp } menuentry 'Ubuntu, with Linux 5.11.0-1007-gcp (recovery mode) (on /dev/sda1)' --class gnu-linux --class gnu --class os $menuentry_id_option 'osprober-gnulinux-/boot/vmlinuz-5.11.0-1007-gcp-root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro recovery nomodeset dis_ucode_ldr scsi_mod.use_blk_mq=Y ima_hash=sha256 panic=-1-c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a' { insmod part_gpt insmod ext2 set root='hd0,gpt1' if [ x$feature_platform_search_hint = xy ]; then search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1 c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a else search --no-floppy --fs-uuid --set=root c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a fi linux /boot/vmlinuz-5.11.0-1007-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro recovery nomodeset dis_ucode_ldr scsi_mod.use_blk_mq=Y ima_hash=sha256 panic=-1 initrd /boot/initrd.img-5.11.0-1007-gcp } } Å +#LªAn÷Á–«N’¸à Vƒ˜Ï.Jõˆu»×ÿàXìE¾ tQ/©¢þ}´¦ %Àؼߴ sÎ( ¸XœD°¸%÷·ùýTXV±°:Þò‹n°CàÊijrž )æ&!grub_cmd: set timeout_style=menu è³tJÙGðu‹D†ToxýnZ_­T "sLø`:¼ÛuøÎF1äÁØówwŠD+Ìòíà»hî óiN$O!“Á“²/]%*­ö€ ×Z™ ’*I'ödžƒÏ4äÔ»×";¥›:grub_cmd: [ 0.1 = 0 ] =¸FÓׄ M¬¸c–¤"ÌÔÓ qlã5v To­˜ h¹«d¹à PòÂÚN½Û}>¾¥Y à :“Wò†zäfüðÕÒ3Lj„f 4•ÍÉè–.‡cŸØÏAÉNŠH„áš+Áá1grub_cmd: [ -f (hd0,gpt1)/boot/grub/custom.cfg ] £2móBW^Qù¡ÈÕÑzïòÐ ÕGWX1¿oósƒ°·Žy #r£¦zÐÑÊ5Û û³†EHa±º§zaWm4,'ÀÐ%—d˜%ÎäLöX¯+ تI–ák›l2±ã;´Lgrub_cmd: [ -z (hd0,gpt1)/boot/grub -a -f (hd0,gpt1)/boot/grub/custom.cfg ] ÇjeëÚj£Ú«¼ÖH;ð ô ¿]¤fÀ÷x™ ÜÈú,Eaº’‘-_¼JÁãû £ {äû›ë‹"‚ÿФ~±6G&(Ô(KÙ®ŽŠt¨á_ „´cm·i*J`Ìgrub_cmd: setparams Ubuntu ˜ÐføÿÐFºË8±Œ¾é­§) ¥~~(nüNê‰e@ñ:8Ì’ä'{í‚ ígL”¿.­ °»…ÿxŸ%ÝcãAsk”ô¿:Íÿö ÓÿÊW‰ës}(£šömäf@Kû» Ú×grub_cmd: recordfail ºÁp…þõ6b¥ ï¿6hDÀtÿ d½¨ö[…׆‚H¢’ÄIf È÷PuÁ ‡®Y¤Û@á ³SϘ3›é«­ñ€Ø:¾µîîÀC³ò$v»]°º/Ca & óF ì³Á$í© l§¢grub_cmd: set recordfail=1 UÏÖF>ó4«¶´€€³>Àc©ÀQë ϤgoþuGçzf 3µ›>í4Ù³£Ò`‘«Y “J¯Éœ°§ËøwíEìüqHàÉ4ÐRk(&Å|“€,Éb<%’6‰Þ/ËbfŸãáágrub_cmd: [ -z ] ’^æ›|ŠÄ“|¾GÕÈSQØi´è× Î,Âwº;Ç[f!cëãp4MK®×_µ½@¶ºß .GÅä›óÉ4ôˆüÀsH•P¦M¶* | DÉÝœ*ù7d|‡½wã8>pž úgrub_cmd: save_env recordfail åžfÖì„ G$÷‘é)ñSáD v&«Ø¾tBÂåu6J>•Ë:;S»á†<ךæk eÍéŒû ‰q˜jˆÍøgrub_cmd: gfxmode keep .gmÝ›ð× Í\fØW2Þ{w¶ ¥‹wÏœIÀ¹yßgçòÁ“Óa>?ÄÉ똢µÐoÌ |^¡± ¦’ $á-µö¥°ënÓfÌëŠËDx…rB"õc#¤“ѳ©Xú|grub_cmd: set gfxpayload=keep RAµß¥†y‰]•÷Ÿú _BºKUê µ]„»° ^»ÆÊÝjœ´›5¿ÌlNùÅ;f ÷ÇDY» ø®$‘X‡œʳ¸¯”^ ÷±iw½e¨ \ˆÿ)Ëvó½Ögrub_cmd: [ keep = keep ] ˆn*¡™ôöÒ™~ Šèk ÏÐ;6èoaq"çóÿèŸ|ðú§sñ¼í(÷ðÁú ‹ÈèÅaòYˆ¾žiÚ*ö&ÇÓÇ5õ™«Ï'ø<S §hGÜ^I/Az$²ôW&grub_cmd: set vt_handoff=vt.handoff=7 ºPœ£‚ðhû lFtÔÆRîg¹Šb×TËòÕÜ ÚãÖn‚ǔė„ †*ç—aS$ý\=ûü²&9b…^ÒÛ)iù„VðÚ¶ªŠ¢âþ¼g)W†¨çê¤^6Í£úóÐ¥õü’ìM$ïJÙXFiY4¶Â² åkå+Ûâ÷Oûgrub_cmd: insmod part_gpt ¯?«¬ž\V¸/ «˜2‰ª»öï ¸8¤Ò† û±z·ö eY ›; ›1ØÒû áB¥”Ùˆý¥¦[$¤¤Œ,ô°6ÝwJ♯E·Ó; þ¤©iÓÀÚrºSùîê÷¦grub_cmd: insmod ext2 Ëñ¼³÷, M°Ò~énʪš0Ê ûͼÑÌsõÿYO‹!ìÖõÖ*ÒòÚ/·¼ÇX‡ÁL2ÑbÅ<ɨARÕ-ŸöŽgrub_cmd: set root=hd0,gpt1 õ°gåœ?g±›ƒo¾é複¡œÝ Eh6·X1¤-dZµ40/¹÷B­ª7·ýáR!]iâYû ±øÐ6®ý2ÎwêBn{=®ãxÝy®Ú–;,S‰‡‡–,éêåWÌéJgrub_cmd: [ xy = xy ] ÙÙÞiûO‰aÊÂö¯¥ðz7 Ln?=š•šBßzáNf_À¯ ÅAyúF T7’f DÙ­Q%ÐùÌmZý–j«.-Ä™œVñòlßZ¼ÓihJ³Ȇf.¶‘]–œgrub_cmd: search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1 c73d8355-1ac9-41b4-8edf-c1c1a9d5bd6a ºE+ð ˆ(³]é‰À…8 ‚¤¡NC¤÷a®c(] ðZñ9ò`úå{, szó8+ ®aÄ[<%Èœê?}ÞädŽw`†÷Ö/´¹ÁÕaH¡¾¿Þj9SDV{SŒmðmžgrub_cmd: [ = 1 ] T –‚-†@ÏeOc~º—Réâ Ñ»×ÕsÖ6… žûϬžXŸÍ4ö±kLJ"uêl= !dÙFâ|îщŒ~Øv™))c¹-@Øê0…´2„¥{?=ûƒ¬ Eë(®pÝ_ýQ„Dgrub_cmd: echo GRUB_FORCE_PARTUUID set, attempting initrdless boot. §"RøĨ3-ñbçÍ8þî>Oó {5ð‹ÿ.H¡µ:eØ™¡Ä5¤2H‹ÂŽ7c™fGzð®*² Ã\*ýê»ã¬ôÞí_udðÆ6W4 +™Œ“Îg\ÃçXôÈ«\¤Ôßó¡grub_cmd: linux /boot/vmlinuz-5.11.0-1008-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro scsi_mod.use_blk_mq=Y ima_hash=sha256 console=ttyS0 panic=-1 öUŠ]<|U¸/'‘$£rY‘øV< 8Æ9n· „®ñ?8J7·ç¿§zã½æ2§l¬¶\—  „PÔnãM·Û@8$Òåy$”Ÿ*ÚxhL›&fìG)ÄÀæ˜@ºÙ!ß"{¡C/boot/vmlinuz-5.11.0-1008-gcp ÁŽÊZîƒæt‡‘‘XO´[— Ÿ V Ž°dTÉkc ‚s÷… ëã ãçéÉ+ðäYmL ,TN·Ò$šháÍ ¬¯áË‹mˆ\$@^?9 œfžlRmÿÄ¡ÙE˜ŒL¡kernel_cmdline: /boot/vmlinuz-5.11.0-1008-gcp root=PARTUUID=bf817bdf-6a3a-4221-8edb-2c1ca7c5537f ro scsi_mod.use_blk_mq=Y ima_hash=sha256 console=ttyS0 panic=-1 ŒiDÅퟄ?Õõ¼2”çÛ v¼lmpÎ4¢KÚ&5„íÐý]”ù ¢Ý^P é‹=ò sÕü÷ucÔ*³k1Ú€ G˜sä8>ÂØBŽÕrúBžÌûÖ>¿}4+¡š~è(í3Ó•grub_cmd: initrdfail UÏÖF>ó4«¶´€€³>Àc©ÀQë ϤgoþuGçzf 3µ›>í4Ù³£Ò`‘«Y “J¯Éœ°§ËøwíEìüqHàÉ4ÐRk(&Å|“€,Éb<%’6‰Þ/ËbfŸãáágrub_cmd: [ -z ] p&‰ ü¨4˜9Ü·‘=ÈKÕ{Ñ k,—ö@ºØsÈ¡4G’®þ;©>Øò ¸è‘“Rlÿ_» É2 }ú‹ /¿àéRâ¿ ˜G‹²xç‹2è¯_/ÊÞö‚âòèO'›«N"²grub_cmd: set initrdfail=1 z†Áò8gØ•¹Tqa‹Þ- $6¯ãËT«€}l¥&í12ÜYxžÓòñHèiHéx L÷&ìÔ"µm÷Ê/7|²¤îmœ¡õ´@–øüf·;VÐïü91Å©3'QrË÷grub_cmd: [ -n ] ŸP–{Àf‚iDj©/+ˆb  X9ý›þ¾;Þw9ßjƒ 7âZGÿ¦¡d´¢ PÈ &%Ðýô` , ™>¹`ɸ­*Í0™ê#ë?êX³&=Ù‰UóJ¨”Ž4èd·G ­grub_cmd: save_env initrdfail€D:k{‚·¯VO.9<ÙÕ£ˆ·úJ˜ Ø=k{…­5Ž³¶®j‡:·ï#¢cRÅÜOªZîÚÏ^´ !K ïyu`4Hwt?Ü*S‚ºÆçbÖ$ÌóöT@|K­÷Øù)]ÓÚ½ïe²vwàExit Boot Services Invocation€GUEÝÉx׿Ð6úÌ~.˜HŸ µOuBËØr¨ꃛ+t|~½^¦a\@ô/D¦Ûë  .È]êç¥0­Œm ¨@ º¾l‰‰&ž• Œô@Æé—i^dÔUÄJe,Ѐö# t(Exit Boot Services Returned with Successgo-tpm-tools-0.4.7/internal/test/eventlogs/ubuntu-2104-no-secure-boot.bin000066400000000000000000001125741510276467000261450ustar00rootroot00000000000000)Spec ID Event03 0?p‹Û¯òfUµ@6GL  Ðüñ2¨ûõ¤á¥Œ×MÒ5}çP;[jýZy‰©Ž¾ m±‚.BÏ’4ö§ŠÅËIô›ÁÄ9?71a!‹¶ߊ÷¦ŒΦ‚ae‰¿ c0GCE Virtual Firmware v1žŠ÷Bqð@’U'Ár7i¬þ~ {tÞ£Lé´—U««èºÉ­R=ZÝìN/¢˜ã®hý'o §Mæ'¤­+{FñÔ (ë?^àU«Éˆ?,§Ù¾ßŽÈÈHüåª Ò/PÎxõ»ñ^ GCE NonHostInfo€WÍMÁ”BGZ¨'CHO;ªˆáB¸ Z¨'ÛÌûDÒ­žÏÚV½êb † ”¾Õ·¢{ºMØ Ï¤âÆõrb{ðmViÌ*±ƒXÒ{E¼cnÁ ϯ·@øG¦§K^®Ö·32ì5aßä‹Ê“Òª à˜+Œ SecureBoot€Z½”«ó>4§›=“ÓPçBØìØ Û»ã—fX…eÅ̘¢®¶äJ‘xÉñ“[ÒAóƒrD„» §cU<–w Ó¥æøàÁïÍòUZ÷Sú:jþCë{* ô¦øØäÝE–hó°àJaßä‹Ê“Òª à˜+Œ&PK¡YÀ¥ä”§J‡µ«\+ðr& ÒúÒˆ¤G—’[ªG»‰0‚ö0‚Þ  ÕJègƒ]ê0  *†H†÷  010 U newpk0 180821215115Z 180920215115Z010 U newpk0‚"0  *†H†÷ ‚0‚ ‚̹Õ|ømkcêÉbô “Éþã|,EÎ…RRH|ûC&¿ ¥‰°òÝÇ6èi•ªŒoТ#o4ÂO±žkÆú¸”ÁœŽp‡‘BÎi!“}ÚuŸ¿1 PÁï€#û¾;Vã ×Gê0¯Ô]©c‰¢ü9á–¡‡Ã=&²Ó¢lìÈ—×ÎÚ겕<³ÎŠÏÚ:Qˆ?%°K>ÌÝùÚÛQÕ‘š¡½ˆâñ´ñ³’·ãgæ­ŒjÜ'?ÜÔNlÁ½ïÞV*ÚY` yÓ©|WýQa7}ä·n•ðR›CžÜH<ͼ9Ÿ£èG F¸6Ü’³•¨ÎJãF#XK£S0Q0U˜P„Bó/Û—‚'(—t1F^`ËÅ0U#0€˜P„Bó/Û—‚'(—t1F^`ËÅ0Uÿ0ÿ0  *†H†÷  ‚Š¡R?ªç½°$«‹­2°Iý{4Ë;€v`=ŽÜÊkiÂ[”踜Œ,×¼¬}‚YõÄ.¢l¥ì˜ð1#6øË0ƒg::+b!`,ºõ.ù(nÊfpX(†gi„l'X%œPép¸`nT…J¯mE¦[4ü&M<á»$.yàÑȬ|Ù8GCk3PWãsž¦‡ÝÃâJüs{K ‡Çƒ 6Zêi‡@„ ,”€/=®=ËpÄ5¹>q²£Æ­Ø$?}`«o îzšÏuŸèL«ÍQ‡hX3²Ù¼8%*˜KEûg3›%œ?¬¤CDÌÍÓÈ ná€ðPy¶ÌBé.èZtÙÂviÀâ b&GØ[Šd}-.f‚Áb {l¦·"ZfWÂVµ‚ À§¦@“íy΋V—=ÞöÚ‘¿ ëW’³ÈBB7Bµ)C¥‹ß#(¤4“~2xˆ>aßä‹Ê“Òª à˜+ŒKEK¡YÀ¥ä”§J‡µ«\+ðrüÒúÒˆ¤G—’[ªG»‰0‚è0‚Р a ш0  *†H†÷  0‘1 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110624204129Z 260624205129Z0€1 0 UUS10U Washington10URedmond10U Microsoft Corporation1*0(U!Microsoft Corporation KEK CA 20110‚"0  *†H†÷ ‚0‚ ‚Ä赊¿­W&°&ÃêçûWzD] ÚJåt*æ°ìmëì¹ãZc2|Oã §8“ŽÆõà„±š›,çõ·‘Ö áâÀ¨¬0ßHóPšd§QÈ…O †Îþ/áŸÿ‚ÀíéÍÎôSjb: C¹â%ýþùÔÄ«â#‰p·¤Mì®åœúÂ×ÁËÔèÄ/å™î$‹ìò‹êÃJûC ~µG’lÜæ‰ëõ3ë*qåùƒ<ÿ% /hvFÿºO¾Ü­q*XªûÒy=ä›e;Ì)*ŸürY¢ë®’ïö5€Æìä_ÌvÍïc’Á¯y@„y‡ãR¨è{i£‚O0‚K0 +‚70UbüCÍ >¤ËgÒ[ÙU¬{̶Š_0 +‚7  SubCA0 U†0Uÿ0ÿ0U#0€EfRCá~X¿ÖNž#U;:"j¨0\UU0S0Q O M†Khttp://crl.microsoft.com/pki/crl/products/MicCorThiParMarRoo_2010-10-05.crl0`+T0R0P+0†Dhttp://www.microsoft.com/pki/certs/MicCorThiParMarRoo_2010-10-05.crt0  *†H†÷  ‚Ô„ˆõ”Ê*<û*’ × ÑñèRf¨î¢µuzª-¤vZêy·¹7jQ{döádòg¾÷¨x½ºÎˆXd ÖWÈ£_ÖÛÆÐiÎHK2·ë]Ò0õÀõ¸ºx£+þ›Û4V„ì‚Ê®A%pœkéþ×–å甲* Kÿ(){÷×|¥Ñv¹Èyí’œÂþßo~l{ÔÁEÝ4Q–9å^VØ–ô¦B³ wýòqVÌŸ†#¤‡Ë¦ýX~Ôig‘~òå ‹Š<‡„ëãνCå­-„“Žj+Z|DúRªÈ-»àRßøš=Á`°á3µ£ˆÑe ç¬|¤Á‚‡N8±/ Ňoý.¼9¶çæÃàäÍ'„ï”Bï)‹FA;gØùCYeË ¼ý’Oôu;§©$üPA@yà-O j'vnRí–i{¯÷‡ÐE­Sû0ª76aÚJi4ØhíÖÏl” ÓÏl"y­±ð¼¢F`©ÄÂ!‚ñýòèy2`¿Ø¬¥"KÊÁØKë}?W5²æOu´°`"S®‘yÖ›A†Tp²Þ 5|°4rº—`;ðy뢲]¢¸‡Åéöµ—%o8Ÿã‘úŠy˜Ãi·£ —øÊ®×ÄóÀuk4 µ™`ó\°ÅWN6Ò2„¿ž€ ¢œ'û¢a€`³"ÇÉr bº8ÄŠ”bù‡tņéÙTç)!³¥%A$¶62̯Z 5 Íbº¾öúà[î|<å(ó(yÓwŒ6ù»ñêóbB:؛Ȧ’ƒ­(!Åü7k ˲×:=–E£¼ÚÐgeoG db¡YÀ¥ä”§J‡µ«\+ðr@$ÒúÒˆ¤G—’[ªG»‰0‚0‚ø  aÓÄ0  *†H†÷  0‘1 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110627212245Z 260627213245Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1+0)U"Microsoft Corporation UEFI CA 20110‚"0  *†H†÷ ‚0‚ ‚¥lLÇE jK ¤À‡u CTdàí’} ²s¿ ÆJEa Å-–Óõ+ ûMI›A€<¹Týæ¼ÑĤŠAŠ\Yƒh2»ŒGÉîq¼!OšŠ|ÿD?2²&H®uµîÉLJ~ä‚šxwM °½öÓÓ¼ú+¥Q8]õûºÛxÛÿì –Õƒ¸é¶À{@{á('ÉúïV^æ~”~ÀðD²y9åÚ²b‹M¿8pâh$É3¤7ÕXi^Ó|íÁSçN°*‡caocYê²+y× agŠ[ý^­‡º†gOqX"""΋ïTqÎP5Xv•îj±¢Õ£‚v0‚r0 +‚70# +‚7øÁk·wSJó%7N¡&{ p€0U­¿C ½‚pœŒÕO1nÕ"˜ŠÔ0 +‚7  SubCA0 U†0Uÿ0ÿ0U#0€EfRCá~X¿ÖNž#U;:"j¨0\UU0S0Q O M†Khttp://crl.microsoft.com/pki/crl/products/MicCorThiParMarRoo_2010-10-05.crl0`+T0R0P+0†Dhttp://www.microsoft.com/pki/certs/MicCorThiParMarRoo_2010-10-05.crt0  *†H†÷  ‚5Bÿ0ÌÎ÷v ­hX5)F2v'|ïA'BJªm8HYUóéX4¦ ‚ª]­‚Ú€ƒA´ò¹ó]ñPù³U„B( ½²®QÅÀ¬—•!Ûüwž•s‘ˆÊ½½R¹P ßWž aí åm%Ù@@ÈΣJÂM¯šT½Ç¼¹+=I+2üj!iO›È~B4ü6‹ @À³š%u'ÍÉ£ö]Ñç6Tz¹PµÓÑ¿»tßÜ€Õíô/k/ÞfŒ°#åÇ„ØíêÁ3‚­VK-ñh•ÍÏðrð®»Ý†…˜,!L3+ðJðh‡µ’U2u¡j‚j<£%¤í­×®ËØ@Y „Ñ•Lb‘"tŒ=GD¦ä°›45±ú¶S¨,ì¤qȸºèDfäGTŽV³Ÿ˜²†Ðh>#µ/^P…Æ‚_A¡ô. à™Òluä¶iµ!†úÑöâMÑÚ­,wS%27ÇlRr•†°ñ5ajõ²;PV¦2-þ¢‰ùB†'U¡‚ÊZ›ø0˜T¦G–%/È&äA”\?å–ã…[<>?»GrUâ%"±Ù{ç*£÷Fà Ö‰ã5'bq¦ïÐ'  Y7`ø8”¸àxpøºL†‡”öà®Eîe¶£~iu’›õ¦¼YƒX¡YÀ¥ä”§J‡µ«\+ðrëÒúÒˆ¤G—’[ªG»‰0‚×0‚¿  avV0  *†H†÷  0ˆ1 0 UUS10U Washington10URedmond10U Microsoft Corporation1200U)Microsoft Root Certificate Authority 20100 111019184142Z 261019185142Z0„1 0 UUS10U Washington10URedmond10U Microsoft Corporation1.0,U%Microsoft Windows Production PCA 20110‚"0  *†H†÷ ‚0‚ ‚Ý »¢ä. ãçÅ÷–i¼!½i33ï­ËT€îƒ»Å „Ù÷Ò‹ó8°«¤­-|byÿãJ?5 pãÄçkàœÀ6uéŠ1ÝpåÜ7µtF–([‡`#,¿ÜG¥g÷Q'žrë¦É¹;S5|åÓì'¹‡þ¹É# o¨F‘Án–http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0  *†H†÷  ‚ü|qQ¥yÂn²ï9>¼«\`ìß¨Ó éôö–…¶QˆfG¢°=*hw»‘Lb{¶ÁǺz‡4Kbz™éÊüÎJ7É-¤W|þ=ܸZúÖij…:ê³Ùnäi!7ÞÑöugÓ“W^)9Èî-áÍäEs[ÐÒÎz«‚FXÐ^³g¯l5ò¼å?$â5¢ uöV™Ôx,ÑëЈªñߺ~,c·›#!ÄùxlâX6+‘̤Ùò-ºù”@íEñΊ\k>«Óp* jà_GÑÕc 2ò¯×6*pZåBYqKWº~ƒð!<ôÁŹ“ˆE“†é± ™¾˜ËÅ•¤]bÖ c ½uw}=óE¹Ÿ—ŸËW€o3©Ïw¤bY~€^÷‡€f„Q®ß›¥|û^œå´ „£kV‘¹s@{   "¹¬^ÌQÑúä_ô:å@ɼ› B…%-•JA©xŽåÅN¦àñàßóœ|¨ˆÏÒÓzKxˆóŠ, c6ß—.ÖË­ÙÆ.˲×:=–E£¼ÚÐgeo .dbx¡YÀ¥ä”§J‡µ«\+ðrP4½šúwY2M½`(ôçxK0‚ 0‚ 0  *†H†÷  0„1 0 UGB10U Isle of Man10U Douglas10U Canonical Ltd.1402U +Canonical Ltd. Master Certificate Authority0 120412113908Z 420411113908Z01 0 UGB10U Isle of Man10U Canonical Ltd.10U Secure Boot1+0)U "Canonical Ltd. Secure Boot Signing0‚"0  *†H†÷ ‚0‚ ‚É_›b °d‚¬¾ÉâbãKÒŸŠÕa+]8ô·Î¹š¸C¸C—w«O pF ümÆmê€^Ò·f‡Þ mÐA—¨¥¯ cO÷|ÂRÌ 1©»‰]™FoUs¹viì×Áü!ÖÆçO½"Þä¨[-Û•4—Ö(K!LÊ»y¦Zùgæ\xE=m°Y&ÅWãN‚ºö,NÈ7Mÿ…„Gàí;|¼¯é§ oÃé£Î¾¦ãÍ<µX,žÂ`"79ÿAÁ)¤eQÿ34ªBù•xü-õÚŠ…|‚û7,k¥¨ß|U €.<°cáÍ8H‰è ‚¼ýÔh>ÙÝ”£ 00 Uÿ00U%0+ +‚7 0, `†H†øB OpenSSL Generated Certificate0UaH*¢ƒ ²­Zñ rPÚ3ÝÎð0U#0€­‘™ Â*±õŒ#¶eZ&Ž4Zc0  *†H†÷  ‚Š¡)· JÕÅý«%êÀ}âüj– y“gî%%äZöªñó‡^ñZ\Ë#se¹Þ"kÖIgÉ£Æ×bN\µùƒ@܇œaB"Ä*\NÅ£âàR²ëô‹+Ü89]ûˆ¡Ve_+O&ÿxëŒ]2ãÆE¯%› ÿŽïG £é‹7’’iv~4;’gN°%í¼^_´ÖÊ@ÿäâ1# …%® UìåG^ß[¼3ãÆõ¶Ù÷ݳ´¡1ÓZ\]}>¿ ääè´Y};´Œ£µ £¹>„oŒ!Ã9¡YÀ¥ä”§J‡µ«\+ðr¸œ½šúwY2M½`(ôçxK0‚ˆ0‚p  9\§’zPÂ0  *†H†÷  0A10U Toliman10 U Cisco10UVirtual UEFI Root CA0  180403174734Z20990403161930Z0?10 U Cisco10U Antares10U Virtual UEFI SubCA0‚"0  *†H†÷ ‚0‚ ‚¸M†Ð!¢+Ÿ ¦w˜1\WÀë>“aòe~Ñæˆ"Í¥‹O/øKh‘ïLQÂ÷gôF§‰ýBá¤ÎKj)g@ÈgìéàÞüðâ­EðÒ¨W»‹ £ŠsUãWÓüÂÄêPú‚IHf±x+¢GUH%Ìm".a—•¯›.MX¶~xùú²['Þ}¢¾ ¬sì—°^ííå¥u?xàqÎ/΃íS10˜Næù¢ˆˆ¦#| ·T:•í^y^Nþͪނüö–qNII¹Óé°«×*G·S0'|Üf˜ oÑ~õ=>Ô¢jˆY//=ÈÆ(ÞBþÙR=$Âü@˜öv¿Œ»e£9070 `†H†øB0U%0  +‚7 0 U€0  *†H†÷  ‚W¤`L)éò}k\“ÛÌlŸ?iHšuÞdóƒJ ©&!îéV]á>ÙuËÌ¿Mäè‰=~B‡@ÃÕàqyÜláqbǘÂË' /ŸÌìú‹²ó žóòÃÉŸÛ%“¤Í»åŽô×U¨´uA1ýN] Â¬ÅÞFçÜÏÕèG“Œ2ÍDÕtÇ0šW¥VÐ~Ï´ôó)ùÛ›SÒ½/­ju&Edºº(–‡Ž·ðyWúzd÷,Nïgyj„½½šúwY2M½`(ôçxK세Kle¥ ©¾q–R0! bÖÓ h2Û²Ò à'%'߶=IÒ•r¦ôL½šúwY2M½`(ôçxKo¬êÏìýN0;tô€ €˜âЀ+“oŽÇtÎ!ó†hœ½šúwY2M½`(ôçxKN: [CƦ»Ó@O4=Ï9bgΔøµ.#©Ú’ ½šúwY2M½`(ôçxK+™Ï&B.’þ6_¿Kà 'lžáKzoÿDû/ki™9½šúwY2M½`(ôçxK.p‘g†¦÷sQ§«pµWÆ2.©#²¨Ó¹+Q¯}½šúwY2M½`(ôçxK?ΛŸß>ðTR°ù^ä·ðmt:syqUŽpjÎ>s½šúwY2M½`(ôçxKGÌa'⚆à:kï,ÔøÅZmkÛ6!hÃ,ã*Zß½šúwY2M½`(ôçxKqòoÒ"I~T£Fb«$—üÈ wõhéãÙ¿Ëýcu½šúwY2M½`(ôçxK‚Û;δöCΗÃч͛YAÍ=èXo+ÚV7W_g½šúwY2M½`(ôçxKŠÖHYñ•µõ¯ª” jag¬ÖzˆnF“dr!ÅYE¹½šúwY2M½`(ôçxKŽ¢‰Ïç «seË(îQíÓ<òPmèˆû­Ö¿€H½šúwY2M½`(ôçxK®ë®1Q's핪.g9í1©…g0:3"˜ø7 ©ÕZ¡½šúwY2M½`(ôçxKÄ ½¬Gu­ØÛ’ª"µ·ûŒ”¡F,餹]Š3ˆÂü½šúwY2M½`(ôçxKÆÁ¨±î*(µ¨Lƒ×É‹[ '(aëæ’–½šúwY2M½`(ôçxKÉ3f¸çùƒ—TÉ—ñ së&Ø¡ ¹ã½¿Æg«Û‹½šúwY2M½`(ôçxKdW[Ùxš.­Vö4R¯kø ùDxYuéðN-d×E½šúwY2M½`(ôçxKEÇÈ®u Ï»Hü7R}dÝdM®Ø‘<ÍŠ$ÉM…igߎ½šúwY2M½`(ôçxKØûLž.z‚%ekK‚s·Ë¤°>òéë à )$졺†½šúwY2M½`(ôçxK¹*ò˜Ü›xÇt’ÖUq ×*­£×{åF ä2xïnM½šúwY2M½`(ôçxKᮃÀ.o(XÔëÑw#´õê5yÕD=ìÅù<½šúwY2M½`(ôçxK9ÛÂ(ŽôK_•3,·wãè@Û¦€cJ¨õɱ½šúwY2M½`(ôçxK2õ” ¢Ø¢ÁEæü‰df(ÿÌ|zBÊå3})Ä ½½šúwY2M½`(ôçxKÔ_Ë£–®ó>èöì®X¯èGj( &üqö!}ÏIº/½šúwY2M½`(ôçxKK†h¥Ôe¼ÝªüÿBOËЮÎ2üp¨>‘`èŸ ½šúwY2M½`(ôçxK‰óÑöä…Ã4Í •ãÍýÀq±„˜T„zDÜUHâÜû½šúwY2M½`(ôçxKÉì5ònUšÿ´ âëÞT5L5©˜`[Ï—-U½šúwY2M½`(ôçxK³å4¿kW†—3“Ÿ$¶k¤eã^‘°6**ÍépI½šúwY2M½`(ôçxKŸcíWÔ´.ñ f±D¦[¡¶WùKŽ²ðÄÍ`Á½šúwY2M½`(ôçxKÝY¯VDãŒcûà…0 ÍwF*!’Y°[ÂYæs½šúwY2M½`(ôçxKÛ¯žm=[8¶…S0J¼ˆ‚~¼ø ¹Çá—ͼX"Í1l½šúwY2M½`(ôçxKeóÀ „Ób¹r.˜÷^^™ln“O{+.kæÞÈ콚úwY2M½`(ôçxK[$Ž‘=q…==¥®ÝšKÅz‘q&W8û_Ë-†¢ñȆ½šúwY2M½`(ôçxK&yeãAòϨƒF 5Vª¯w§ kÄ„É0tl÷µ½šúwY2M½`(ôçxK»ÑmSco##§¨o=ÿ–Ÿ„ˆÀWKÂׇþÉ?½šúwY2M½`(ôçxK à!ö|~ø_Ní6¿p’8 <#Ê‘ýC ”° ½šúwY2M½`(ôçxK•ŸA7Ç°Òvq•åos€}:Üøöç¿-M™0_‰½šúwY2M½`(ôçxKæ!jÊïd@¥Uì¾Ù@±¥òVší’•a7®XH.ñ·½šúwY2M½`(ôçxKnþþ [G‹{”LÓ¨¬¢Ì¤ ˆˆâŸŠËX$׺°½šúwY2M½`(ôçxK®LÔzAǃÜHóBÀvÂÁo4ôÒßPÑÊ;µ­…½šúwY2M½`(ôçxKØÔæÝöä-t¦¥6êbýä) \ž\6•£Bïµõ¤½šúwY2M½`(ôçxKòw¯O›Ü‘ŠèŸ£\Á³N4˜L®—e2,<°IWM6Pœ½šúwY2M½`(ôçxK ÂLuëïV¹ñ:¹Þ`âì¡ÄQ4⻳lö T›#L½šúwY2M½`(ôçxKƒXò¥W-pYµÈcPU(’éEbo_Éʬ÷½èW¤½šúwY2M½`(ôçxKºßõäðþ§p¨û"äÄ8!ã! õ-OtÝPñÐ9¼½šúwY2M½`(ôçxKÄR«„`sßZÎ%̦Mkz Ù0ŠeëR@ãÄëÊ©Ì ½šúwY2M½`(ôçxKñ†>È·ô?”­û ‹JiIzŒeì¼*Uà»Bw+ŒÜ‘½šúwY2M½`(ôçxK{ÉËTcε^¸ºwѬ҃Ä?JW`<Áò,ëÅy½šúwY2M½`(ôçxKè9]¾WèQx´ºõ¢Wðn‘!¦|Y_jâ%ý½šúwY2M½`(ôçxK´ÜÊòÈϧ´“Žqþ+–‘ä!oÙT(g-l~s½šúwY2M½`(ôçxK>Î'˳ìD8Ìå#¹'Äð_Ü\Y:7fÛ˜L^Cz?ö¡k½šúwY2M½`(ôçxKhîF2ǾfÈ>‰Ý“ê¿E´ÂÇ-}ÇIš¢ C½šúwY2M½`(ôçxKâK1ZUqH=‹s³-áMáë.«!ý-œ1Ÿõ^нšúwY2M½`(ôçxKç :´ìˆUì¥)7ØKZÂOˆ&kRpçì´ª%8½šúwY2M½`(ôçxK~¬€©ÈLÔ¯ìc‰ÙN±h¨UyQ¤Õ9°q0(U+kŒ½šúwY2M½`(ôçxKçh1!êg÷K¼°ÍÅåp,ŒÅ_¶]p-û©Hµô½šúwY2M½`(ôçxKÜÌ<áÀä°±‡Ór úGõÂoW£Y¾{'€N¬ºÄ½šúwY2M½`(ôçxKWÿq*䉳t“Àv§Í©a)بýhÒ¶¯c91]½šúwY2M½`(ôçxK:‘ðùå(¢™L}“ ,^áLèáÈ0Jä•­ÅŒÄE< ½šúwY2M½`(ôçxKISyl›òQ «¥³Õ~+…××d4ìuº£…t彚úwY2M½`(ôçxK¨²Éu뫧ÛÞ^éiÀêî*1Ë‘¨gV¦·p½šúwY2M½`(ôçxKŽSïÜøRÎå¦é)1¼Bæ<ÓöI̧èrRäY– ½šúwY2M½`(ôçxKŸ¤Õ?Ô>ÊÿBº~CS%+~^rµ nÿ€'ÖmC½šúwY2M½`(ôçxKÓrÀÐôýÉõ.ž#üVîrAJóPÐΦÂj5¦Ã!z½šúwY2M½`(ôçxK\Xj…é7‰EpÔùëh(¹|AË›¦ÓÜÌ_RzU½šúwY2M½`(ôçxK€N5Lch»'©®ŽIŠW+)4%šœOS¢rTI½šúwY2M½`(ôçxKöJ)”Šˆ¾ÿÛ^ §7 Ï ÙÎkÏŽd !1«‡½šúwY2M½`(ôçxKØ~q4Tao[ׄšµÁq*¸O4”xì*8ùpÀ‰½šúwY2M½`(ôçxKë[­ÒnO®eù¤#XÞï|å,À_»Çgvæ˜*½šúwY2M½`(ôçxK»"‰ééM ÿ?bQj°~—›,lïâ«pÆßÁŸ¥½šúwY2M½`(ôçxK (ð@‹÷%ægØq8¨î¼R–-(Gñn5‡;A¶­½šúwY2M½`(ôçxK ùŠ©…Œ sø›§~‡ìoYlIPû‹º€¦/»‘K½šúwY2M½`(ôçxK uê pê¤Óót$mµOÇ´>Yj53 ¹ÃkOÙur^½šúwY2M½`(ôçxK Q×oÄ“Iv]¨†‚Bk,þžj¤òrSê´2㧽šúwY2M½`(ôçxK£¢šÐQ0×þ[ôÒYecÍí‡@–ªÌi“*.IQš½šúwY2M½`(ôçxKw0´/þI?é¶%—Í+o4Ójõ“0ñ¤/” ½šúwY2M½`(ôçxKáqZŸÏá¤DÎÿ…†ž´"3 ÀK1L)]m§ž½šúwY2M½`(ôçxK‘¨Ôså(¨x#½bæUß®Tú+úrýÀ)†Ö¸½šúwY2M½`(ôçxK‹XÁý¸Ú‹3Ìî_—:÷4Ùóã?]±W<+ ˆ¨ ½šúwY2M½`(ôçxK‘†ïß^òÞ‚Eº®4††º 5ÿ=˜eÁS|퓽šúwY2M½`(ôçxK' „²†ñc°jªäë¸ßøÞ} ‚[ˆ9ÿf'NÿG½šúwY2M½`(ôçxK)̤TN£0Ö‘Ç„i\œk"¬{[‰Ë×(Ñ@꽚úwY2M½`(ôçxK+"˜ê¢kĤUŠé.{°äø\óKøHýö6ÀÁ¾Ä˜—½šúwY2M½`(ôçxK-ÏŽp#ÑèáE=hÖì0Ù¾ÙL¼¸ÝÁ̬½šúwY2M½`(ôçxK1*Å[PÀ›0³Ì“¹”¡>î¬Tï‰/ÄG»½–¡½šúwY2M½`(ôçxK2­2–‚›ÄmϬ^ÝË¿,í\ø;"Ïœn`ǘԧ½šúwY2M½`(ôçxK4 £+X3Ž+V¯0 ©ßÖ¹Ò'àâ£IX±Æ%ž…½šúwY2M½`(ôçxK6.Ó ±à’(1©o ÏÞa‰Sæ•Éï.°ºÃuP½šúwY2M½`(ôçxK6z1僈1­,FGˆjlßò決‘ ÿ…Üz‡®›^˜½šúwY2M½`(ôçxK7e×iÀ[ù‹B{5;!7褛o… ñYíj†xj¦4½šúwY2M½`(ôçxK8mi\ß-EvàÊÌõäžxÚQ¯™UÀ¸úv7;y”³½šúwY2M½`(ôçxK:Ot¾¯®+“ƒ­‚Ò3¦Ï=³Çâè—¾ïBUúúwY2M½`(ôçxK:çlEÊpé Y˜Bb-ÒQ¼¡ûæ¹Å.Ás°5½šúwY2M½`(ôçxK;èçë45Á’Çi„gˆ™AÑöÏ QL¡i“OsY½šúwY2M½`(ôçxK>9&ð¸¡ZÕ¡Ag»dz„<=C!ã]¼DÜèÈ7A-(°½šúwY2M½`(ôçxK@ ÆmY·°”©ã ¦½:ÿ0WƒçY/B¾_ôº½šúwY2M½`(ôçxKA…‚m«[¨4{x¢+_š upÊ\“§MGŠy=ƒºÄ˜½šúwY2M½`(ôçxKAÑî±wÀ2NÝeWó„å2Þ õšDkï³Q¼%w½šúwY2M½`(ôçxKE‡kMØaÔ[:”€tz]´ZH²§)A ¶A/Š‡é]½šúwY2M½`(ôçxKFg¿% ×Á k„tÆͱßdŠXso¿WÐ]ou]«gô½šúwY2M½`(ôçxKGÿc±@¶üíy1æQÚ[./]®ô=ÂûÅ2±½šúwY2M½`(ôçxKWæ‘:úÌR"½vͯ1ø툉Td%Stï z‚×õšÓ•–½šúwY2M½`(ôçxKXú"q!ÇmížcÈ~:e3î öð¡¢?ÄE›Æ¼ß½šúwY2M½`(ôçxK]šË»J}KhRßYpâÎÖoö"îœÐíØAÌ­½šúwY2M½`(ôçxKaÎÄ£w¿YÀþ®ãp4¿—Õ¼nâ:ߺæãõû<ý½šúwY2M½`(ôçxKcW´E6,Ƙ KĶ(â=¾$¶élŠãÜ°Õ¬½šúwY2M½`(ôçxKe²çÌÙÃ1ßRßsÊ É2ÒŸ™tÅo0‡²Ý1G½šúwY2M½`(ôçxKfª íÂ8MœB]9'æíJ]@ÅçÍM¬ˆõwòñ½šúwY2M½`(ôçxKhsÒö)½RéTîÿYwªƒgC™—bÿ!,”3Æ—½šúwY2M½`(ôçxKm»êÒ>Œ† ø´tûü¥ Mã⋈»ÌÜGG“N½šúwY2M½`(ôçxKmêÑ2WßÃÌƤ³pº‘u_éàìAP0”.Z¼Gð|ˆ½šúwY2M½`(ôçxKp¡E ò­9Ui­ þ±ÙÁ%2Né ì9ÂXˆ4Ô‰-Q«½šúwY2M½`(ôçxKrÂo‚|ë’˜—˜–Æ®tÓë϶]A²fÉ ¾‚½šúwY2M½`(ôçxKxd!ˆ¨´±sÔ¨õì”Ø(dqV ™5zXbK7u ½šúwY2M½`(ôçxKxƒƒ¤Ç3»‡Ò¿Qg=Ç>’ß«}QÜqV'®whm#¼½šúwY2M½`(ôçxKx´íÊ«ÈÙ > â€,®´ðž#£9LJÌn‡èóS•1½šúwY2M½`(ôçxKI̳ 2;z±“ÉU¸ÇDð¢·\1I^`pP'½šúwY2M½`(ôçxK‚¬ºHÕ#lÏ÷ešüYMî+Ö.ñ£ ›P†(Ï4ô½šúwY2M½`(ôçxK‰Mx962˜Ì‘Zèt.ó0×¢f™ôYGŒò,+k²…f½šúwY2M½`(ôçxKŒI×Wåª!ÁcH#22—ØhòX‘e)ïÅ ïp½šúwY2M½`(ôçxK“Ö iYevåÜFKá*…úR€¶õ$Ô¡ÃüÉÐHÏ­½šúwY2M½`(ôçxKcõûÅåz¶Þl”ˆ` ár±vÕ«WÔÈŸ`þ-⽚úwY2M½`(ôçxK‘ej¤ïI;8$ ·&2HäâÖW¥ÈHˆ ¶[s 2ûS½šúwY2M½`(ôçxK‘——¿Ž[Æ„9¬Äcë¸ú«ývMËè/;©wÊÈÏj½šúwY2M½`(ôçxK”pxù|a––Œ:霚]Xf~†ˆ,öÈÉÕ‰g¤–»zô<½šúwY2M½`(ôçxK–äP”PÓ€ÚÃbÿŽ)U‰ŠåX…Ò ‰Â{¢©Ð ½šúwY2M½`(ôçxK—ƒµîD’éè‘ÆUñô€5•­E<b:ðþ{òÀ¥x…㽚úwY2M½`(ôçxK—¥ DDb óŒØÆQ,¬šuýCzáäÒ))€va#'½šúwY2M½`(ôçxK—¨ÅºÖï»]jÚNºG-ÄÆÍIrü]ã!4/佚úwY2M½`(ôçxK™( æìŒAÚ®KØ«Hõ‚héC¦pÓ\¥â½Í>|L” r½šúwY2M½`(ôçxK™-5š§¥÷‰Òh¹L¹HZkæCb°í´DÌ|9d{½šúwY2M½`(ôçxK™T¡©U豉«ÊAK‘ö l@¨ko>óh݆1½šúwY2M½`(ôçxK›¯Ov×kõÖ¨—¿½_B›¡Mà‹HÃîv“ ‚ÿ8‘½šúwY2M½`(ôçxKœ%ŸË0_Ç9~Õu™càïk6ä WýsnkЋŸu½šúwY2M½`(ôçxKÒÜ·/^t'òéà:±…£@<ö©¤y¤ÛÙ~"P©½šúwY2M½`(ôçxKžÓ?¼ À2øœ¢Ä«4íÃ:E¥ %!£µ‡j£ê,½šúwY2M½`(ôçxK¤Ùx·Ä½¡T5Õø¹Y.Â¥­ûê{­j5ìµ0”d/½šúwY2M½`(ôçxK©$ÓÊÖÚB·9›– • oö±«¥¸s°Õó î!s´‹l½šúwY2M½`(ôçxK­;å‰ÀGN—Þ[²¿3SIH·k¸vßÜX±þ×gµ¡[ü½šúwY2M½`(ôçxK¸Öµç…{Eƒ|{ãØV­ë—Ç)°fZ=G:KëQÜó½šúwY2M½`(ôçxK¹?™Y‹ ú ¬Á,üü%hy?nwžy^m|"Su½šúwY2M½`(ôçxK»Ú3»cœ~€m°VÉŠSò/ïû äm®Iš½šúwY2M½`(ôçxK¼uùÿ2\µ™žf»ÔOJå7¤/ßï5SHãf⽚úwY2M½`(ôçxK½Ð&éØWÓþu¯Áp*)ð´öýö¢²\—©ÎŽšúwY2M½`(ôçxK¾C]÷Í(ª*|´üsG[wå«ó’÷k|vú?iŒ·š½šúwY2M½`(ôçxK¾÷f;åêM¿Øhn$poLûÍg¦Åfí”Î ÄDp½šúwY2M½`(ôçxKÂF—YÁ”~ô¶_r©õ³¯‹onr{h» ‘8\¿BjŠ½šúwY2M½`(ôçxKÃP[ó쥬äÇk‹Ñ 9 eÑóNu¸£^ãÆ›–½šúwY2M½`(ôçxKÄ-Ç Ï^Œóû‘ýòˆ@!­ƒl¦Šß,»y•Á õˆÔ½šúwY2M½`(ôçxKÆd¥¸9ä¡gBR~jÎ<'oÒn4ÇÐã"½šúwY2M½`(ôçxKË4¯ë tÄ¥ˆ³nº¤A–èÒú€Ü¨Á8rÈPyk½šúwY2M½`(ôçxKÌŽìn¹!,¿‰zZÎ~Š¾ìáŸmï x•‘ËGñð„½šúwY2M½`(ôçxKÏ¢CÁÍ.<Œë~p‡ÎËûƒ%»ùз y­óèA(½šúwY2M½`(ôçxKØšÑlHÔû¼TKúøg f ”HåK¿òpNBˆ½šúwY2M½`(ôçxKÙfŠµ'…g†Á4µä½Û÷$R;is"š¹*¡¥M õ½šúwY2M½`(ôçxKÚ5`ý 2µLƒÔòÿ†Ò“i¬òÈ–ø¯§CkúFU½šúwY2M½`(ôçxKߪ´ƒ‡©áÔÆR(œ¶«á–Èô³–Çä»Ã•Þiwö½šúwY2M½`(ôçxKß‘¬…©OÍ ûU½|¾ú¬¸Åîs—þ,ÈY„Ež.¡N½šúwY2M½`(ôçxKàQ·ˆìºí¥0FÇjö•",aW¸ÄÁ¹ÂÏÆ_F彚úwY2M½`(ôçxKãmüq!Âãšêˆ„ž(E«2ooçNS›~TØ61½šúwY2M½`(ôçxK㘑ô‹¼Å“¸í†Î‚ÎfoÁ[ŸËý+ºÐ¨›ôÇ¿¿½šúwY2M½`(ôçxKæ…oy™-ÉO¢ô2—ì2ÒÙ§o{æaÆ¡>ü;ÍõȽšúwY2M½`(ôçxKêÿŒ…ºM[k€FõÖG×yºÚwhæIÐGÿ›f ½šúwY2M½`(ôçxKfIa §OjÆäß»)¢à®;Š#(Ž~.r½šúwY2M½`(ôçxKî×àïòíUž*yî6™b¯;™‘1ã ·ýTo® rg½šúwY2M½`(ôçxKñ´öQ; TJh­Â‘ï¨ÅŸB ¥Ü²> Zú~ =½šúwY2M½`(ôçxKò¡m5µTiA‡§ @Êh)Yôó\,àê¸ýd÷¬*¹õÂJ½šúwY2M½`(ôçxKóÔaÅé•@?É|¢Ø©ËâpY}2ºßÖkwI_”½šúwY2M½`(ôçxKôŽmØqŽ•;`¢O,¾¦ •!Þ®gÛ%B[}:Îô1³[ôÀæ‹Óµw¹«á©ÏñËßTiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ð€¶ ëïp®$Ùþ‘=ÐÆÒ´àØ ÀI AP“Ç á«¡õO‡®wG"1Ëôí@¦„vÔŠFQUã ¬uŠôlž¨øc%CÄD0mÐlÊžüŽÏ9l0•ô{¦“¼ðaèuŸÁ9‰:aßä‹Ê“Òª à˜+Œ BootOrder€æú/±B3È®ÎÜËZv-hÑow´ ºÌ}¦æ™É>2ù?4ÄU“¢¡çÕk6vfÙØ Á© ›*ž'B‚"2;Q÷­¨ÚT¤Hó-úXj‘ }¥%€à¿†XûE“ªëA¡–€z‘h¦aßä‹Ê“Òª à˜+ŒvBoot0003bubuntu*(PaïœNLDˆ9Ïq±% \4\EFI\ubuntu\shimx64.efiÿ€"¤öîšöÛ 5(Þ¶Ktµ‚ü+ 1—¾0¡` „ä½J¡T¿µFÏ.lö _Œ6*“ #­ Rañ/4 ½ŽFv bÖ´Õv¤ñþ¡ÆKÆV±ÒŽ¬÷zæégÅÒ©‹út˜naßä‹Ê“Òª à˜+Œ>Boot0000 ,UiAppɽ¸|ëø4Oªê>ä¯e¡!ª,FvEƒnŠ¶ôf#1ÿ€íÛèÄA+ù˜‡™Ô{ãÚ7ô ¨°ex,ÿ¾ÿÝhŒõE |–0«fe×*©%|òÛ6 œ o o½6Y?WÀ–:Ø9…qM–t–NDrG([Æ C(nàm¥ «ˆõ»/Kžœaßä‹Ê“Òª à˜+ŒlBoot0001UEFI Google PersistentDisk  ÐA ÿN¬ŸYM…âR,Y²€1—‰À=^—§t®Êì’ôŸ ¡:‰‹ƒf4¦,açÎÔêZï½®ZšÚ9¬¯„—¬º €¡Þ|Óׇdz,xEÊx´}Ùö£3Q®'àcsD[góÙDó¬]¦4KËøiƒaßä‹Ê“Òª à˜+ŒSBoot0002!VirtScsi(0,3,0) DiskVirtScsi(0,3,0) Diskÿ€ÍÛE1¦ìA¾'Sº&7Öå÷òV =gr´øNÔu•×*,L_ýõ»rÇPâo*®âÆV3º w Ú²1+NW¨M†Z!å²îgz!*Ú ˜˜€xÓ×@ö4kþ º©8Ê Cšq(Calling EFI Application from Boot OptioniÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ð€ïˆUÓù{)nª©cø‰ ØtÅ€ ñ®;·7ëOT?yq÷é!½ÃÌT°ŽþÇÊ*ç¦ha „90«ê„ Áç8m,*e Ffå½ñºP²Kz„€‹o m›º¤ë½]‘úô²)äEFI PART\ øfÿ_F"Þ_FÕÍ•“ èê@‡§‰xËõe€€nà‘¯=ƃ„rGŽy=iØG}䮦Cdéå÷MšÑ2žPó<xÞ_FHah!IdontNeedEFIb ÅÌÃÓH¸9>l¸­ê}ÿ'(s*ÁøÒºK É>É;aïœNLDˆ9Ïq±% \(ÿw€"ß@Öã-G!ñ²@k+J;°ÊêÕ be·2°³ó0¼Ñ„3tåìnÅ®ò|Û—¢=®¸X »õ& OIÚYðœÑe#´M².ƒØ¶ñFVÓ°xÝEG«QwüxÏUx7o_›¸!œ@Þ½Ð| ÐA *(PaïœNLDˆ9Ïq±% \4\EFI\ubuntu\shimx64.efiÿ h¼ì`åÃòûÝš©ª‘Ú’ü‰?) /k VGd̦t^Í—‰Žtí8‘ÇÆ<æñ}È&J 3Wêe_ ŒªÂeÏÕè |Ç%O£ñåê4Z‡<÷aG*/#ñR—õ\þ$MokList â„¿Y£mêWow(c “tiTò¾‘CëKvpas×Ù¦Œ2çÉt°ÿ\í‰`9'(hd0,gpt1)/boot/grub/x86_64-efi/fs.lst ÿÒ9Œñ R2””Ö:Îëòš vo8©I'þ›{Áè ð6>wŽÆèúê'.uÓüC ÇÐåAe°Òj`Ö;‘Ntw‚]^͇„ 6CLkÙVrTA¸*f¶X6½8úÔ+(hd0,gpt1)/boot/grub/x86_64-efi/crypto.lst f·&ÆÖKÁ Ó”Š•(õꔓŽô FøˆÅ/6ºù¶-`¼Bj1J­ZøjCb©%¡ßœ €$ýMñêýkº6Å–Ã:ûµ'ãkXÁŸ­ÎÔ{È®’øžóÊï#F³½T\ýØÞ-(hd0,gpt1)/boot/grub/x86_64-efi/terminal.lst „¾åh¯.2jÜãD+çÕ ‡M>æÕwm„tüºívÍÔO2W-„T3ïq84~†m} «ŒS¬ÌGÿïUĶr[KÚÇëcäí~ÂÕePë —JåFµß¶±¹ÆVŸG7­š×»3grub_cmd: configfile (hd0,gpt1)/boot/grub/grub.cfg l— 36A‘jQyÕ¹ú÷z¢ûä ê™U–UÖ¼d¦“qjW÷Ù7Ú¢ÜleÓ†ª!þÑ? 膸ÍfҜʢܳ´˜ÁoÅìuæ’ }¡œ}Ú5¿ù¯ÅAý_dÒµ_;¾ú ˆ(hd0,gpt1)/boot/grub/grub.cfg >\×êÜ.+/•mAù ãs/¸3 ~+4“º£ùäƨ6(-fµ…V’îDÔoâ ÛÁs V»Í†G¦å¿çÈqo6Îÿô¬¡´ÃïJÙôzlîh»ƒätf0¾×ÐSá*©u.grub_cmd: [ -s (hd0,gpt1)/boot/grub/grubenv ] ²~¾U…1—›dZBDµ^núÛM® .B4ÈQÝòQ°ÿÉ5î¹k{ïÔò߆šVâ‚ÞÂ?À d7>wÆ·ªÿPè¹e>¨Q×dƒ¥;Aþ×IìöÝðèÔŠé6ôvëU’…]¥(hd0,gpt1)/boot/grub/grubenv wÆ·ªÿPè¹e>¨Q×dƒ¥;Aþ×IìöÝðèÔŠé6ôvëU’…]¥(hd0,gpt1)/boot/grub/grubenv ´é›@ÒÝÜßhèªCžÝ^ºËÿÉ Ò¹)ƒæjÿ™˜/å¯Uàù'}Àø‡™4á{~AVž -š‰ù `îGd‹mèl,x@²kÓH¾tÃjàÈ>ˆ˜‡þ!*Cݽ«]2Fgrub_cmd: [ = 2 ] ºE+ð ˆ(³]é‰À…8 ‚¤¡NC¤÷a®c(] ðZñ9ò`úå{, szó8+ ®aÄ[<%Èœê?}ÞädŽw`†÷Ö/´¹ÁÕaH¡¾¿Þj9SDV{SŒmðmžgrub_cmd: [ = 1 ] q ¿#|š½©A2H¾Ç°û Î$¼¼ µÍG3Œ ÇÕõDmy“nD: –±’§½e ".%på/r»™óï—ËuÔÞ:TUƒêMfV€g?t»'ÐÊ\³µŠ%ìxÎHQgrub_cmd: [ ] u@‘ E+»î0«â‰¯—>Í×àïk :‰@¿&u}ó6Œ¶Ô\òuo2>uÚöš—ÒѼX kö$/Ž°ÊrÆã¥ÔƦ.XXDdèF–Íg0nòÛŒö%•-_ÙªÞý9G—@grub_cmd: set default=0 õ°gåœ?g±›ƒo¾é複¡œÝ Eh6·X1¤-dZµ40/¹÷B­ª7·ýáR!]iâYû ±øÐ6®ý2ÎwêBn{=®ãxÝy®Ú–;,S‰‡‡–,éêåWÌéJgrub_cmd: [ xy = xy ] ½R å eüõÂÑ*‹è'~C€# ñ}MûK—ñbFc,!±¬!%É\ˆ™î埻46U †a•?QŒ‰Œ¹@|ƒ¦Tý¯˜Ò]™ËÃÑRUµ2ºÐD÷¦;)aîÑ龬f#grub_cmd: menuentry_id_option=--id bHY›® x̽¡…í/΂íAâ— Jð»7 ž;y‚}àL“^2Õ+R€GküPÓm†^ •-Î9©âƒî{=ï¶dü”*•˜½‹m ©„;(xnÇÂk¯¢Œ <ûˆÛ·µh%grub_cmd: export menuentry_id_option q ¿#|š½©A2H¾Ç°û Î$¼¼ µÍG3Œ ÇÕõDmy“nD: –±’§½e ".%på/r»™óï—ËuÔÞ:TUƒêMfV€g?t»'ÐÊ\³µŠ%ìxÎHQgrub_cmd: [ ] }ÂrÚ°╉a»™¢ãnÂJ ß$ñÊæ´(ýЛÁKß%_“ð]VÃw$…–÷=_ \ÓLîœâL¦ä¨ËFTûÏåŲòÙgo„Sèšiìô¡S°%ÿ{¤°:.*!grub_cmd: terminal_input console ^ Gõ4± ÖŠRU@æ þ×É0“J#'Ÿ¡w£˜‘ͯlÍ"¼ÌéjÍÑ ¤}T"ï "F¥[Äæö æôªÜ ]^€ºÎz´€¬“ &Ñu²æ‹£ iL"grub_cmd: terminal_output console ºE+ð ˆ(³]é‰À…8 ‚¤¡NC¤÷a®c(] ðZñ9ò`úå{, szó8+ ®aÄ[<%Èœê?}ÞädŽw`†÷Ö/´¹ÁÕaH¡¾¿Þj9SDV{SŒmðmžgrub_cmd: [ = 1 ] õ°gåœ?g±›ƒo¾é複¡œÝ Eh6·X1¤-dZµ40/¹÷B­ª7·ýáR!]iâYû ±øÐ6®ý2ÎwêBn{=®ãxÝy®Ú–;,S‰‡‡–,éêåWÌéJgrub_cmd: [ xy = xy ] Xy^…’Ùÿ;k9­ÖÛ©XïõG¢ aÊ¥OÂK¨³ç›æ?7Zót$NNÞŽ `€ £ú_» ŸvͧoØ.KE %ƒW§F.§Þä7zÐÙKHŸ}‹DçˆeBõÜŠñV#grub_cmd: set timeout_style=hidden 1¸æBþ“aïY™mµ'‚O" Íõ“¦ªªë•rC»Ž'ÙoLrnÅ#Í8)‚½ñúõM œE+¥¹¦LŽØÌ’·æœvÀÿéŸÀó‰@õ@´e¸kUh…ëZÌéñlï grub_cmd: set timeout=0.1 UÏÖF>ó4«¶´€€³>Àc©ÀQë ϤgoþuGçzf 3µ›>í4Ù³£Ò`‘«Y “J¯Éœ°§ËøÂ^DBF4Š* NîøÜĦ8†Êil­E‘=9"¹§òdºxð.€ \›f‚)ìÿ—,Lņ±M˜p4grub_cmd: set menu_color_highlight=black/light-gray ÿí‹­,šÛÇ÷Ú@þ­Îry­ ¢»¡¾Ñ(£ ·ž"ÄfÊÝ(”+Mugå Lc‹Q Ÿ>Û‘4àåã8ÍUl:ú½û#Æ@aŠšh U,€Qpò1ÀQ/"rºfÂóËD*<grub_cmd: set partuuid=6443a6ae-e5e9-4df7-9a06-d1329e50f33c B2‡¤ ‘Kµ—Û2ùf—Ñûž ð´³Â1‚Ž¢úJ,üåïÉÑ^™ÿ¹ÆsIÁ07A¯ zZÀyo¨/Núˆ¶!9…²ØxæIˆj™XvfÏ…ÅôwŠ£Ï„•,¦ÊÓó…SËgrub_cmd: [ != 1 ] ),ÎÒŽ6¨éèT ›ðãË6‘ ]ˆNRÐá‘Ø‚wǨS¨š-„GCÈ釴tØñÇæ ¥à|ü–qvk›¸8sÆÿKí}û¹'Õ°'=*ë¹0Û¤c 7 u ’Û×ÅI_¯§E>Ð7grub_cmd: [ -e (hd0,gpt1)/boot/grub/gfxblacklist.txt ] ‹Ó·zd}¹ˆ¶±êüi`ªE õå6]n—d”6,ƒâè€|ï¡OÔ¬f 2Q îÕTHˆ,»Ý¨ðFˆFY° grub_cmd: export linux_gfx_mode êUð¦ÀHA™òIÛåZUcÿ0lôîÌÌ@©OÔáx„:ýŽ” grub_cmd: submenu Advanced options for Ubuntu --id gnulinux-advanced-fadc363a-fae5-4b46-9bf5-303a0043410b { menuentry 'Ubuntu, with Linux 5.11.0-1006-gcp' --class ubuntu --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-5.11.0-1006-gcp-advanced-fadc363a-fae5-4b46-9bf5-303a0043410b' { recordfail load_video gfxmode $linux_gfx_mode insmod gzio if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi insmod part_gpt insmod ext2 if [ x$feature_platform_search_hint = xy ]; then search --no-floppy --fs-uuid --set=root fadc363a-fae5-4b46-9bf5-303a0043410b else search --no-floppy --fs-uuid --set=root fadc363a-fae5-4b46-9bf5-303a0043410b fi echo 'Loading Linux 5.11.0-1006-gcp ...' if [ "${initrdfail}" = 1 ]; then echo 'GRUB_FORCE_PARTUUID set, initrdless boot failed. Attempting with initrd.' linux /boot/vmlinuz-5.11.0-1006-gcp root=PARTUUID=6443a6ae-e5e9-4df7-9a06-d1329e50f33c ro console=ttyS0 echo 'Loading initial ramdisk ...' initrd /boot/initrd.img-5.11.0-1006-gcp else echo 'GRUB_FORCE_PARTUUID set, attempting initrdless boot.' linux /boot/vmlinuz-5.11.0-1006-gcp root=PARTUUID=6443a6ae-e5e9-4df7-9a06-d1329e50f33c ro console=ttyS0 panic=-1 fi initrdfail } menuentry 'Ubuntu, with Linux 5.11.0-1006-gcp (recovery mode)' --class ubuntu --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-5.11.0-1006-gcp-recovery-fadc363a-fae5-4b46-9bf5-303a0043410b' { recordfail load_video insmod gzio if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi insmod part_gpt insmod ext2 if [ x$feature_platform_search_hint = xy ]; then search --no-floppy --fs-uuid --set=root fadc363a-fae5-4b46-9bf5-303a0043410b else search --no-floppy --fs-uuid --set=root fadc363a-fae5-4b46-9bf5-303a0043410b fi echo 'Loading Linux 5.11.0-1006-gcp ...' if [ "${initrdfail}" = 1 ]; then echo 'GRUB_FORCE_PARTUUID set, initrdless boot failed. Attempting with initrd.' linux /boot/vmlinuz-5.11.0-1006-gcp root=PARTUUID=6443a6ae-e5e9-4df7-9a06-d1329e50f33c ro recovery nomodeset dis_ucode_ldr echo 'Loading initial ramdisk ...' initrd /boot/initrd.img-5.11.0-1006-gcp else echo 'GRUB_FORCE_PARTUUID set, attempting initrdless boot.' linux /boot/vmlinuz-5.11.0-1006-gcp root=PARTUUID=6443a6ae-e5e9-4df7-9a06-d1329e50f33c ro recovery nomodeset dis_ucode_ldr panic=-1 fi initrdfail } } '?\€Á.“\7ÂÏãáa¼B׎ £t0• ƒp!ëÌùŒŒ1å“ãfB”6á55„Çìr ®Ø–¢±a!VÙ>Ò3Lj„f 4•ÍÉè–.‡cŸØÏAÉNŠH„áš+Áá1grub_cmd: [ -f (hd0,gpt1)/boot/grub/custom.cfg ] £2móBW^Qù¡ÈÕÑzïòÐ ÕGWX1¿oósƒ°·Žy #r£¦zÐÑÊ5Û û³†EHa±º§zaWm4,'ÀÐ%—d˜%ÎäLöX¯+ تI–ák›l2±ã;´Lgrub_cmd: [ -z (hd0,gpt1)/boot/grub -a -f (hd0,gpt1)/boot/grub/custom.cfg ] ÇjeëÚj£Ú«¼ÖH;ð ô ¿]¤fÀ÷x™ ÜÈú,Eaº’‘-_¼JÁãû £ {äû›ë‹"‚ÿФ~±6G&(Ô(KÙ®ŽŠt¨á_ „´cm·i*J`Ìgrub_cmd: setparams Ubuntu ˜ÐføÿÐFºË8±Œ¾é­§) ¥~~(nüNê‰e@ñ:8Ì’ä'{í‚ ígL”¿.­ °»…ÿxŸ%ÝcãAsk”ô¿:Íÿö ÓÿÊW‰ës}(£šömäf@Kû» Ú×grub_cmd: recordfail ºÁp…þõ6b¥ ï¿6hDÀtÿ d½¨ö[…׆‚H¢’ÄIf È÷PuÁ ‡®Y¤Û@á ³SϘ3›é«­ñ€Ø:¾µîîÀC³ò$v»]°º/Ca & óF ì³Á$í© l§¢grub_cmd: set recordfail=1 UÏÖF>ó4«¶´€€³>Àc©ÀQë ϤgoþuGçzf 3µ›>í4Ù³£Ò`‘«Y “J¯Éœ°§ËøwíEìüqHàÉ4ÐRk(&Å|“€,Éb<%’6‰Þ/ËbfŸãáágrub_cmd: [ -z ] ’^æ›|ŠÄ“|¾GÕÈSQØi´è× Î,Âwº;Ç[f!cëãp4MK®×_µ½@¶ºß .GÅä›óÉ4ôˆüÀsH•P¦M¶* | DÉÝœ*ù7d|‡½wã8>pž úgrub_cmd: save_env recordfail åžfÖì„ G$÷‘é)ñSáD v&«Ø¾tBÂåu6J>•Ë:;S»á†<ךæk eÍéŒû ‰q˜jˆÍøgrub_cmd: gfxmode keep .gmÝ›ð× Í\fØW2Þ{w¶ ¥‹wÏœIÀ¹yßgçòÁ“Óa>?ÄÉ똢µÐoÌ |^¡± ¦’ $á-µö¥°ënÓfÌëŠËDx…rB"õc#¤“ѳ©Xú|grub_cmd: set gfxpayload=keep RAµß¥†y‰]•÷Ÿú _BºKUê µ]„»° ^»ÆÊÝjœ´›5¿ÌlNùÅ;f ÷ÇDY» ø®$‘X‡œʳ¸¯”^ ÷±iw½e¨ \ˆÿ)Ëvó½Ögrub_cmd: [ keep = keep ] ˆn*¡™ôöÒ™~ Šèk ÏÐ;6èoaq"çóÿèŸ|ðú§sñ¼í(÷ðÁú ‹ÈèÅaòYˆ¾žiÚ*ö&ÇÓÇ5õ™«Ï'ø<S §hGÜ^I/Az$²ôW&grub_cmd: set vt_handoff=vt.handoff=7 ºPœ£‚ðhû lFtÔÆRîg¹Šb×TËòÕÜ ÚãÖn‚ǔė„ †*ç—aS$ý\=ûü²&9b…^ÒÛ)iù„VðÚ¶ªŠ¢âþ¼g)W†¨çê¤^6Í£úóÐ¥õü’ìM$ïJÙXFiY4¶Â² åkå+Ûâ÷Oûgrub_cmd: insmod part_gpt ¯?«¬ž\V¸/ «˜2‰ª»öï ¸8¤Ò† û±z·ö eY ›; ›1ØÒû áB¥”Ùˆý¥¦[$¤¤Œ,ô°6ÝwJ♯E·Ó; þ¤©iÓÀÚrºSùîê÷¦grub_cmd: insmod ext2 õ°gåœ?g±›ƒo¾é複¡œÝ Eh6·X1¤-dZµ40/¹÷B­ª7·ýáR!]iâYû ±øÐ6®ý2ÎwêBn{=®ãxÝy®Ú–;,S‰‡‡–,éêåWÌéJgrub_cmd: [ xy = xy ] © ·D“7˜=ít~;ü7™·&«â yi¯§4·aN9·ëÇ}ïXÀ.tçeÍé9IÈ0en œ¤ˆvE.шUGé4@Qu¢Ô“¾,êÅ{›ì¬[Ôѧ㥳&w¬¤þC1ºWgrub_cmd: search --no-floppy --fs-uuid --set=root fadc363a-fae5-4b46-9bf5-303a0043410b ºE+ð ˆ(³]é‰À…8 ‚¤¡NC¤÷a®c(] ðZñ9ò`úå{, szó8+ ®aÄ[<%Èœê?}ÞädŽw`†÷Ö/´¹ÁÕaH¡¾¿Þj9SDV{SŒmðmžgrub_cmd: [ = 1 ] T –‚-†@ÏeOc~º—Réâ Ñ»×ÕsÖ6… žûϬžXŸÍ4ö±kLJ"uêl= !dÙFâ|îщŒ~Øv™))c¹-@Øê0…´2„¥{?=ûƒ¬ Eë(®pÝ_ýQ„Dgrub_cmd: echo GRUB_FORCE_PARTUUID set, attempting initrdless boot. !©Ðï2ˆ B %ø ¨JoÎg ‚ õ ßóÔm¬öÄ`ŒôÙ¹©yáÅÍsñbó³x¾¢ 2 ö9yQ®kþ¬p¥mOØÕî¶Ñ}d\ýºZç=LgÉ'‚àê‹Ï]1>)t´¢¶“{grub_cmd: linux /boot/vmlinuz-5.11.0-1006-gcp root=PARTUUID=6443a6ae-e5e9-4df7-9a06-d1329e50f33c ro console=ttyS0 panic=-1 Õå}ýã.¹Š2”Õ>nIõiÂ& G嘷¹DþˆÖA©…ørÑêØ}'­ŠéÖÍgycûõ Ñ-Z  J˜£#òm,7Mÿ¢"˜½ŸÀ7«szt£ë×Ûܸ-BE¿Í›Á«Q˜Šà/boot/vmlinuz-5.11.0-1006-gcp Ìå³Û'«€u`‚äŠdú]·f§ µsv‘F¨e±/$  NBˆ /QèËçŒp=ȉ ¯×ýt›¦n¾GÒef^Xz³PjÎ…Zþxýµ)ç7«Õ{ý˜Zi–…v’ï4{kernel_cmdline: /boot/vmlinuz-5.11.0-1006-gcp root=PARTUUID=6443a6ae-e5e9-4df7-9a06-d1329e50f33c ro console=ttyS0 panic=-1 ŒiDÅퟄ?Õõ¼2”çÛ v¼lmpÎ4¢KÚ&5„íÐý]”ù ¢Ý^P é‹=ò sÕü÷ucÔ*³k1Ú€ G˜sä8>ÂØBŽÕrúBžÌûÖ>¿}4+¡š~è(í3Ó•grub_cmd: initrdfail UÏÖF>ó4«¶´€€³>Àc©ÀQë ϤgoþuGçzf 3µ›>í4Ù³£Ò`‘«Y “J¯Éœ°§ËøwíEìüqHàÉ4ÐRk(&Å|“€,Éb<%’6‰Þ/ËbfŸãáágrub_cmd: [ -z ] p&‰ ü¨4˜9Ü·‘=ÈKÕ{Ñ k,—ö@ºØsÈ¡4G’®þ;©>Øò ¸è‘“Rlÿ_» É2 }ú‹ /¿àéRâ¿ ˜G‹²xç‹2è¯_/ÊÞö‚âòèO'›«N"²grub_cmd: set initrdfail=1 z†Áò8gØ•¹Tqa‹Þ- $6¯ãËT«€}l¥&í12ÜYxžÓòñHèiHéx L÷&ìÔ"µm÷Ê/7|²¤îmœ¡õ´@–øüf·;VÐïü91Å©3'QrË÷grub_cmd: [ -n ] ŸP–{Àf‚iDj©/+ˆb  X9ý›þ¾;Þw9ßjƒ 7âZGÿ¦¡d´¢ PÈ &%Ðýô` , ™>¹`ɸ­*Í0™ê#ë?êX³&=Ù‰UóJ¨”Ž4èd·G ­grub_cmd: save_env initrdfail€D:k{‚·¯VO.9<ÙÕ£ˆ·úJ˜ Ø=k{…­5Ž³¶®j‡:·ï#¢cRÅÜOªZîÚÏ^´ !K ïyu`4Hwt?Ü*S‚ºÆçbÖ$ÌóöT@|K­÷Øù)]ÓÚ½ïe²vwàExit Boot Services Invocation€GUEÝÉx׿Ð6úÌ~.˜HŸ µOuBËØr¨ꃛ+t|~½^¦a\@ô/D¦Ûë  .È]êç¥0­Œm ¨@ º¾l‰‰&ž• Œô@Æé—i^dÔUÄJe,Ѐö# t(Exit Boot Services Returned with Successgo-tpm-tools-0.4.7/internal/test/eventlogs/ubuntu-2404-amd-sevsnp.bin000066400000000000000000001303641510276467000253610ustar00rootroot00000000000000)Spec ID Event03 0@1þ)û‚oÜ­™’Ì©ôõj£ úš‚¶[ËΞŽ_må ¾ÿ›ó7kùÅ£»¤] !Ó@¤£ ¸†T†ÑPÍœëFb¹/3m8¸}p³sÊÄÆx3i$º¨Ü*ή´¦0GCE Virtual Firmware v2I™S a¹i´rÇÿÙE&¥a}ç‘ ª¬AuÝGwœWåH4 –)»&Œà+‹†ÅìÃWÙ RG·]YªÀ¹E Ï ðP¿•´€»_7ƒ?O6·a¸:;w?‹;]Šò•£GmÏ GCE NonHostInfo€WÍMÁ”BGZ¨'CHO;ªˆáB¸ Z¨'ÛÌûDÒ­žÏÚV½êb † ”¾Õ·¢{ºMØ Ï¤âÆõrb{ðmViÌ*±ƒXÒ{E¼cnÁ ϯ·@øG¦§K^®Ö·32ì5aßä‹Ê“Òª à˜+Œ SecureBoot€Z½”«ó>4§›=“ÓPçBØìØ Û»ã—fX…eÅ̘¢®¶äJ‘xÉñ“[ÒAóƒrD„» §cU<–w Ó¥æøàÁïÍòUZ÷Sú:jþCë{* ô¦øØäÝE–hó°àJaßä‹Ê“Òª à˜+Œ&PK¡YÀ¥ä”§J‡µ«\+ðr& ÒúÒˆ¤G—’[ªG»‰0‚ö0‚Þ  ÕJègƒ]ê0  *†H†÷  010 U newpk0 180821215115Z 180920215115Z010 U newpk0‚"0  *†H†÷ ‚0‚ ‚̹Õ|ømkcêÉbô “Éþã|,EÎ…RRH|ûC&¿ ¥‰°òÝÇ6èi•ªŒoТ#o4ÂO±žkÆú¸”ÁœŽp‡‘BÎi!“}ÚuŸ¿1 PÁï€#û¾;Vã ×Gê0¯Ô]©c‰¢ü9á–¡‡Ã=&²Ó¢lìÈ—×ÎÚ겕<³ÎŠÏÚ:Qˆ?%°K>ÌÝùÚÛQÕ‘š¡½ˆâñ´ñ³’·ãgæ­ŒjÜ'?ÜÔNlÁ½ïÞV*ÚY` yÓ©|WýQa7}ä·n•ðR›CžÜH<ͼ9Ÿ£èG F¸6Ü’³•¨ÎJãF#XK£S0Q0U˜P„Bó/Û—‚'(—t1F^`ËÅ0U#0€˜P„Bó/Û—‚'(—t1F^`ËÅ0Uÿ0ÿ0  *†H†÷  ‚Š¡R?ªç½°$«‹­2°Iý{4Ë;€v`=ŽÜÊkiÂ[”踜Œ,×¼¬}‚YõÄ.¢l¥ì˜ð1#6øË0ƒg::+b!`,ºõ.ù(nÊfpX(†gi„l'X%œPép¸`nT…J¯mE¦[4ü&M<á»$.yàÑȬ|Ù8GCk3PWãsž¦‡ÝÃâJüs{K ‡Çƒ 6Zêi‡@„ ,”€/=®=ËpÄ5¹>q²£Æ­Ø$?}`«o îzšÏuŸèL«ÍQ‡hX3²Ù¼8%*˜KEûg3›%œ?¬¤CDÌÍÓÈ ná€ðPy¶ÌBé.èZtÙÂviÀâ b&GØ[Šd}-.f‚Áb {l¦·"ZfWÂVµ‚ À§¦@“íy΋V—=ÞöÚ‘¿ ëW’³ÈBB7Bµ)C¥‹ß#(¤4“~2xˆ>aßä‹Ê“Òª à˜+ŒKEK¡YÀ¥ä”§J‡µ«\+ðrüÒúÒˆ¤G—’[ªG»‰0‚è0‚Р a ш0  *†H†÷  0‘1 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110624204129Z 260624205129Z0€1 0 UUS10U Washington10URedmond10U Microsoft Corporation1*0(U!Microsoft Corporation KEK CA 20110‚"0  *†H†÷ ‚0‚ ‚Ä赊¿­W&°&ÃêçûWzD] ÚJåt*æ°ìmëì¹ãZc2|Oã §8“ŽÆõà„±š›,çõ·‘Ö áâÀ¨¬0ßHóPšd§QÈ…O †Îþ/áŸÿ‚ÀíéÍÎôSjb: C¹â%ýþùÔÄ«â#‰p·¤Mì®åœúÂ×ÁËÔèÄ/å™î$‹ìò‹êÃJûC ~µG’lÜæ‰ëõ3ë*qåùƒ<ÿ% /hvFÿºO¾Ü­q*XªûÒy=ä›e;Ì)*ŸürY¢ë®’ïö5€Æìä_ÌvÍïc’Á¯y@„y‡ãR¨è{i£‚O0‚K0 +‚70UbüCÍ >¤ËgÒ[ÙU¬{̶Š_0 +‚7  SubCA0 U†0Uÿ0ÿ0U#0€EfRCá~X¿ÖNž#U;:"j¨0\UU0S0Q O M†Khttp://crl.microsoft.com/pki/crl/products/MicCorThiParMarRoo_2010-10-05.crl0`+T0R0P+0†Dhttp://www.microsoft.com/pki/certs/MicCorThiParMarRoo_2010-10-05.crt0  *†H†÷  ‚Ô„ˆõ”Ê*<û*’ × ÑñèRf¨î¢µuzª-¤vZêy·¹7jQ{döádòg¾÷¨x½ºÎˆXd ÖWÈ£_ÖÛÆÐiÎHK2·ë]Ò0õÀõ¸ºx£+þ›Û4V„ì‚Ê®A%pœkéþ×–å甲* Kÿ(){÷×|¥Ñv¹Èyí’œÂþßo~l{ÔÁEÝ4Q–9å^VØ–ô¦B³ wýòqVÌŸ†#¤‡Ë¦ýX~Ôig‘~òå ‹Š<‡„ëãνCå­-„“Žj+Z|DúRªÈ-»àRßøš=Á`°á3µ£ˆÑe ç¬|¤Á‚‡N8±/ Ňoý.¼9¶çæÃàäÍ'„ï”Bï)‹FA;gØùCYeË ¼ý’Oôu;§©$üPA@yà-O j'vnRí–i{¯÷‡ÐE­Sû0ª76aÚJi4ØhíÖÏl” ÓÏl"y­±ð¼¢F`©ÄÂ!‚ñýòèy2`¿Ø¬¥"KÊÁØKë}?W5²æOu´°`"S®‘yÖ›A†Tp²Þ 5|°4rº—`;ðy뢲]¢¸‡Åéöµ—%o8Ÿã‘úŠy˜Ãi·£ —øÊ®×ÄóÀuk4 µ™`ó\°ÅWN6Ò2„¿ž€ ¢œ'û¢a€`³"ÇÉr bº8ÄŠ”bù‡tņéÙTç)!³¥%A$¶62̯Z 5 Íbº¾öúà[î|<å(ó(yÓwŒ6ù»ñêóbB:؛Ȧ’ƒ­(!Åü7k ˲×:=–E£¼ÚÐgeoG db¡YÀ¥ä”§J‡µ«\+ðr@$ÒúÒˆ¤G—’[ªG»‰0‚0‚ø  aÓÄ0  *†H†÷  0‘1 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110627212245Z 260627213245Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1+0)U"Microsoft Corporation UEFI CA 20110‚"0  *†H†÷ ‚0‚ ‚¥lLÇE jK ¤À‡u CTdàí’} ²s¿ ÆJEa Å-–Óõ+ ûMI›A€<¹Týæ¼ÑĤŠAŠ\Yƒh2»ŒGÉîq¼!OšŠ|ÿD?2²&H®uµîÉLJ~ä‚šxwM °½öÓÓ¼ú+¥Q8]õûºÛxÛÿì –Õƒ¸é¶À{@{á('ÉúïV^æ~”~ÀðD²y9åÚ²b‹M¿8pâh$É3¤7ÕXi^Ó|íÁSçN°*‡caocYê²+y× agŠ[ý^­‡º†gOqX"""΋ïTqÎP5Xv•îj±¢Õ£‚v0‚r0 +‚70# +‚7øÁk·wSJó%7N¡&{ p€0U­¿C ½‚pœŒÕO1nÕ"˜ŠÔ0 +‚7  SubCA0 U†0Uÿ0ÿ0U#0€EfRCá~X¿ÖNž#U;:"j¨0\UU0S0Q O M†Khttp://crl.microsoft.com/pki/crl/products/MicCorThiParMarRoo_2010-10-05.crl0`+T0R0P+0†Dhttp://www.microsoft.com/pki/certs/MicCorThiParMarRoo_2010-10-05.crt0  *†H†÷  ‚5Bÿ0ÌÎ÷v ­hX5)F2v'|ïA'BJªm8HYUóéX4¦ ‚ª]­‚Ú€ƒA´ò¹ó]ñPù³U„B( ½²®QÅÀ¬—•!Ûüwž•s‘ˆÊ½½R¹P ßWž aí åm%Ù@@ÈΣJÂM¯šT½Ç¼¹+=I+2üj!iO›È~B4ü6‹ @À³š%u'ÍÉ£ö]Ñç6Tz¹PµÓÑ¿»tßÜ€Õíô/k/ÞfŒ°#åÇ„ØíêÁ3‚­VK-ñh•ÍÏðrð®»Ý†…˜,!L3+ðJðh‡µ’U2u¡j‚j<£%¤í­×®ËØ@Y „Ñ•Lb‘"tŒ=GD¦ä°›45±ú¶S¨,ì¤qȸºèDfäGTŽV³Ÿ˜²†Ðh>#µ/^P…Æ‚_A¡ô. à™Òluä¶iµ!†úÑöâMÑÚ­,wS%27ÇlRr•†°ñ5ajõ²;PV¦2-þ¢‰ùB†'U¡‚ÊZ›ø0˜T¦G–%/È&äA”\?å–ã…[<>?»GrUâ%"±Ù{ç*£÷Fà Ö‰ã5'bq¦ïÐ'  Y7`ø8”¸àxpøºL†‡”öà®Eîe¶£~iu’›õ¦¼YƒX¡YÀ¥ä”§J‡µ«\+ðrëÒúÒˆ¤G—’[ªG»‰0‚×0‚¿  avV0  *†H†÷  0ˆ1 0 UUS10U Washington10URedmond10U Microsoft Corporation1200U)Microsoft Root Certificate Authority 20100 111019184142Z 261019185142Z0„1 0 UUS10U Washington10URedmond10U Microsoft Corporation1.0,U%Microsoft Windows Production PCA 20110‚"0  *†H†÷ ‚0‚ ‚Ý »¢ä. ãçÅ÷–i¼!½i33ï­ËT€îƒ»Å „Ù÷Ò‹ó8°«¤­-|byÿãJ?5 pãÄçkàœÀ6uéŠ1ÝpåÜ7µtF–([‡`#,¿ÜG¥g÷Q'žrë¦É¹;S5|åÓì'¹‡þ¹É# o¨F‘Án–http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0  *†H†÷  ‚ü|qQ¥yÂn²ï9>¼«\`ìß¨Ó éôö–…¶QˆfG¢°=*hw»‘Lb{¶ÁǺz‡4Kbz™éÊüÎJ7É-¤W|þ=ܸZúÖij…:ê³Ùnäi!7ÞÑöugÓ“W^)9Èî-áÍäEs[ÐÒÎz«‚FXÐ^³g¯l5ò¼å?$â5¢ uöV™Ôx,ÑëЈªñߺ~,c·›#!ÄùxlâX6+‘̤Ùò-ºù”@íEñΊ\k>«Óp* jà_GÑÕc 2ò¯×6*pZåBYqKWº~ƒð!<ôÁŹ“ˆE“†é± ™¾˜ËÅ•¤]bÖ c ½uw}=óE¹Ÿ—ŸËW€o3©Ïw¤bY~€rY´é¼Ù˜­8à3Ÿ¼~ÊÀ ¼Ã0š`Èú°íáÁ]îÇ¡éö]1Š÷œ?{·pí O%o`Š6Üuâ\ÁU3F= üßÖùôÎÇÐĵ5@²˜|ƒp»òú“ÒP ÒE˲×:=–E£¼ÚÐgeo¬Edbx&ÄÁLP’@¬©Aù6“C(¬E0½šúwY2M½`(ôçxK€´Ùi1¿ ý‘¦ÑO¤Ræm²@Œ¨`MA’eŸ ½šúwY2M½`(ôçxKõ/ƒ£úœûÖ’r($ÛäE4Ò[…$k;•}¬nÎz½šúwY2M½`(ôçxKÅÙØ¡†âÈ- ¯ª*o.s‡ >d÷,Nïgyj„½½šúwY2M½`(ôçxK세Kle¥ ©¾q–R0! bÖÓ h2Û²Ò à'%'߶=IÒ•r¦ôL½šúwY2M½`(ôçxKo¬êÏìýN0;tô€ €˜âЀ+“oŽÇtÎ!ó†hœ½šúwY2M½`(ôçxKN: [CƦ»Ó@O4=Ï9bgΔøµ.#©Ú’ ½šúwY2M½`(ôçxK+™Ï&B.’þ6_¿Kà 'lžáKzoÿDû/ki™9½šúwY2M½`(ôçxK.p‘g†¦÷sQ§«pµWÆ2.©#²¨Ó¹+Q¯}½šúwY2M½`(ôçxK?ΛŸß>ðTR°ù^ä·ðmt:syqUŽpjÎ>s½šúwY2M½`(ôçxKGÌa'⚆à:kï,ÔøÅZmkÛ6!hÃ,ã*Zß½šúwY2M½`(ôçxKqòoÒ"I~T£Fb«$—üÈ wõhéãÙ¿Ëýcu½šúwY2M½`(ôçxK‚Û;δöCΗÃч͛YAÍ=èXo+ÚV7W_g½šúwY2M½`(ôçxKŠÖHYñ•µõ¯ª” jag¬ÖzˆnF“dr!ÅYE¹½šúwY2M½`(ôçxKŽ¢‰Ïç «seË(îQíÓ<òPmèˆû­Ö¿€H½šúwY2M½`(ôçxK®ë®1Q's핪.g9í1©…g0:3"˜ø7 ©ÕZ¡½šúwY2M½`(ôçxKÄ ½¬Gu­ØÛ’ª"µ·ûŒ”¡F,餹]Š3ˆÂü½šúwY2M½`(ôçxKÆÁ¨±î*(µ¨Lƒ×É‹[ '(aëæ’–½šúwY2M½`(ôçxKÉ3f¸çùƒ—TÉ—ñ së&Ø¡ ¹ã½¿Æg«Û‹½šúwY2M½`(ôçxKdW[Ùxš.­Vö4R¯kø ùDxYuéðN-d×E½šúwY2M½`(ôçxKEÇÈ®u Ï»Hü7R}dÝdM®Ø‘<ÍŠ$ÉM…igߎ½šúwY2M½`(ôçxKØûLž.z‚%ekK‚s·Ë¤°>òéë à )$졺†½šúwY2M½`(ôçxK¹*ò˜Ü›xÇt’ÖUq ×*­£×{åF ä2xïnM½šúwY2M½`(ôçxKᮃÀ.o(XÔëÑw#´õê5yÕD=ìÅù<½šúwY2M½`(ôçxK9ÛÂ(ŽôK_•3,·wãè@Û¦€cJ¨õɱ½šúwY2M½`(ôçxK2õ” ¢Ø¢ÁEæü‰df(ÿÌ|zBÊå3})Ä ½½šúwY2M½`(ôçxKÔ_Ë£–®ó>èöì®X¯èGj( &üqö!}ÏIº/½šúwY2M½`(ôçxKK†h¥Ôe¼ÝªüÿBOËЮÎ2üp¨>‘`èŸ ½šúwY2M½`(ôçxK‰óÑöä…Ã4Í •ãÍýÀq±„˜T„zDÜUHâÜû½šúwY2M½`(ôçxKÉì5ònUšÿ´ âëÞT5L5©˜`[Ï—-U½šúwY2M½`(ôçxK³å4¿kW†—3“Ÿ$¶k¤eã^‘°6**ÍépI½šúwY2M½`(ôçxKŸcíWÔ´.ñ f±D¦[¡¶WùKŽ²ðÄÍ`Á½šúwY2M½`(ôçxKÝY¯VDãŒcûà…0 ÍwF*!’Y°[ÂYæs½šúwY2M½`(ôçxKÛ¯žm=[8¶…S0J¼ˆ‚~¼ø ¹Çá—ͼX"Í1l½šúwY2M½`(ôçxKeóÀ „Ób¹r.˜÷^^™ln“O{+.kæÞÈ콚úwY2M½`(ôçxK[$Ž‘=q…==¥®ÝšKÅz‘q&W8û_Ë-†¢ñȆ½šúwY2M½`(ôçxK&yeãAòϨƒF 5Vª¯w§ kÄ„É0tl÷µ½šúwY2M½`(ôçxK»ÑmSco##§¨o=ÿ–Ÿ„ˆÀWKÂׇþÉ?½šúwY2M½`(ôçxK à!ö|~ø_Ní6¿p’8 <#Ê‘ýC ”° ½šúwY2M½`(ôçxK•ŸA7Ç°Òvq•åos€}:Üøöç¿-M™0_‰½šúwY2M½`(ôçxKæ!jÊïd@¥Uì¾Ù@±¥òVší’•a7®XH.ñ·½šúwY2M½`(ôçxKnþþ [G‹{”LÓ¨¬¢Ì¤ ˆˆâŸŠËX$׺°½šúwY2M½`(ôçxK®LÔzAǃÜHóBÀvÂÁo4ôÒßPÑÊ;µ­…½šúwY2M½`(ôçxKØÔæÝöä-t¦¥6êbýä) \ž\6•£Bïµõ¤½šúwY2M½`(ôçxKòw¯O›Ü‘ŠèŸ£\Á³N4˜L®—e2,<°IWM6Pœ½šúwY2M½`(ôçxK ÂLuëïV¹ñ:¹Þ`âì¡ÄQ4⻳lö T›#L½šúwY2M½`(ôçxKƒXò¥W-pYµÈcPU(’éEbo_Éʬ÷½èW¤½šúwY2M½`(ôçxKºßõäðþ§p¨û"äÄ8!ã! õ-OtÝPñÐ9¼½šúwY2M½`(ôçxKÄR«„`sßZÎ%̦Mkz Ù0ŠeëR@ãÄëÊ©Ì ½šúwY2M½`(ôçxKñ†>È·ô?”­û ‹JiIzŒeì¼*Uà»Bw+ŒÜ‘½šúwY2M½`(ôçxK{ÉËTcε^¸ºwѬ҃Ä?JW`<Áò,ëÅy½šúwY2M½`(ôçxKè9]¾WèQx´ºõ¢Wðn‘!¦|Y_jâ%ý½šúwY2M½`(ôçxK´ÜÊòÈϧ´“Žqþ+–‘ä!oÙT(g-l~s½šúwY2M½`(ôçxK>Î'˳ìD8Ìå#¹'Äð_Ü\Y:7fÛ˜L^Cz?ö¡k½šúwY2M½`(ôçxKhîF2ǾfÈ>‰Ý“ê¿E´ÂÇ-}ÇIš¢ C½šúwY2M½`(ôçxKâK1ZUqH=‹s³-áMáë.«!ý-œ1Ÿõ^нšúwY2M½`(ôçxKç :´ìˆUì¥)7ØKZÂOˆ&kRpçì´ª%8½šúwY2M½`(ôçxKÜÌ<áÀä°±‡Ór úGõÂoW£Y¾{'€N¬ºÄ½šúwY2M½`(ôçxKWÿq*䉳t“Àv§Í©a)بýhÒ¶¯c91]½šúwY2M½`(ôçxK:‘ðùå(¢™L}“ ,^áLèáÈ0Jä•­ÅŒÄE< ½šúwY2M½`(ôçxKISyl›òQ «¥³Õ~+…××d4ìuº£…t彚úwY2M½`(ôçxK¨²Éu뫧ÛÞ^éiÀêî*1Ë‘¨gV¦·p½šúwY2M½`(ôçxKŽSïÜøRÎå¦é)1¼Bæ<ÓöI̧èrRäY– ½šúwY2M½`(ôçxK™-5š§¥÷‰Òh¹L¹HZkæCb°í´DÌ|9d{½šúwY2M½`(ôçxKŸ¤Õ?Ô>ÊÿBº~CS%+~^rµ nÿ€'ÖmC½šúwY2M½`(ôçxKÓrÀÐôýÉõ.ž#üVîrAJóPÐΦÂj5¦Ã!z½šúwY2M½`(ôçxK\Xj…é7‰EpÔùëh(¹|AË›¦ÓÜÌ_RzU½šúwY2M½`(ôçxKöJ)”Šˆ¾ÿÛ^ §7 Ï ÙÎkÏŽd !1«‡½šúwY2M½`(ôçxKØ~q4Tao[ׄšµÁq*¸O4”xì*8ùpÀ‰½šúwY2M½`(ôçxKë[­ÒnO®eù¤#XÞï|å,À_»Çgvæ˜*½šúwY2M½`(ôçxK»"‰ééM ÿ?bQj°~—›,lïâ«pÆßÁŸ¥½šúwY2M½`(ôçxK (ð@‹÷%ægØq8¨î¼R–-(Gñn5‡;A¶­½šúwY2M½`(ôçxK ùŠ©…Œ sø›§~‡ìoYlIPû‹º€¦/»‘K½šúwY2M½`(ôçxK uê pê¤Óót$mµOÇ´>Yj53 ¹ÃkOÙur^½šúwY2M½`(ôçxK Q×oÄ“Iv]¨†‚Bk,þžj¤òrSê´2㧽šúwY2M½`(ôçxK£¢šÐQ0×þ[ôÒYecÍí‡@–ªÌi“*.IQš½šúwY2M½`(ôçxKw0´/þI?é¶%—Í+o4Ójõ“0ñ¤/” ½šúwY2M½`(ôçxKáqZŸÏá¤DÎÿ…†ž´"3 ÀK1L)]m§ž½šúwY2M½`(ôçxK‘¨Ôså(¨x#½bæUß®Tú+úrýÀ)†Ö¸½šúwY2M½`(ôçxK‹XÁý¸Ú‹3Ìî_—:÷4Ùóã?]±W<+ ˆ¨ ½šúwY2M½`(ôçxK‘†ïß^òÞ‚Eº®4††º 5ÿ=˜eÁS|퓽šúwY2M½`(ôçxK' „²†ñc°jªäë¸ßøÞ} ‚[ˆ9ÿf'NÿG½šúwY2M½`(ôçxK)̤TN£0Ö‘Ç„i\œk"¬{[‰Ë×(Ñ@꽚úwY2M½`(ôçxK+"˜ê¢kĤUŠé.{°äø\óKøHýö6ÀÁ¾Ä˜—½šúwY2M½`(ôçxK-ÏŽp#ÑèáE=hÖì0Ù¾ÙL¼¸ÝÁ̬½šúwY2M½`(ôçxK1*Å[PÀ›0³Ì“¹”¡>î¬Tï‰/ÄG»½–¡½šúwY2M½`(ôçxK2­2–‚›ÄmϬ^ÝË¿,í\ø;"Ïœn`ǘԧ½šúwY2M½`(ôçxK4 £+X3Ž+V¯0 ©ßÖ¹Ò'àâ£IX±Æ%ž…½šúwY2M½`(ôçxK6.Ó ±à’(1©o ÏÞa‰Sæ•Éï.°ºÃuP½šúwY2M½`(ôçxK6z1僈1­,FGˆjlßò決‘ ÿ…Üz‡®›^˜½šúwY2M½`(ôçxK7e×iÀ[ù‹B{5;!7褛o… ñYíj†xj¦4½šúwY2M½`(ôçxK8mi\ß-EvàÊÌõäžxÚQ¯™UÀ¸úv7;y”³½šúwY2M½`(ôçxK:Ot¾¯®+“ƒ­‚Ò3¦Ï=³Çâè—¾ïBUúúwY2M½`(ôçxK:çlEÊpé Y˜Bb-ÒQ¼¡ûæ¹Å.Ás°5½šúwY2M½`(ôçxK;èçë45Á’Çi„gˆ™AÑöÏ QL¡i“OsY½šúwY2M½`(ôçxK>9&ð¸¡ZÕ¡Ag»dz„<=C!ã]¼DÜèÈ7A-(°½šúwY2M½`(ôçxK@ ÆmY·°”©ã ¦½:ÿ0WƒçY/B¾_ôº½šúwY2M½`(ôçxKA…‚m«[¨4{x¢+_š upÊ\“§MGŠy=ƒºÄ˜½šúwY2M½`(ôçxKAÑî±wÀ2NÝeWó„å2Þ õšDkï³Q¼%w½šúwY2M½`(ôçxKE‡kMØaÔ[:”€tz]´ZH²§)A ¶A/Š‡é]½šúwY2M½`(ôçxKFg¿% ×Á k„tÆͱßdŠXso¿WÐ]ou]«gô½šúwY2M½`(ôçxKGÿc±@¶üíy1æQÚ[./]®ô=ÂûÅ2±½šúwY2M½`(ôçxKWæ‘:úÌR"½vͯ1ø툉Td%Stï z‚×õšÓ•–½šúwY2M½`(ôçxKXú"q!ÇmížcÈ~:e3î öð¡¢?ÄE›Æ¼ß½šúwY2M½`(ôçxK]šË»J}KhRßYpâÎÖoö"îœÐíØAÌ­½šúwY2M½`(ôçxKaÎÄ£w¿YÀþ®ãp4¿—Õ¼nâ:ߺæãõû<ý½šúwY2M½`(ôçxKcW´E6,Ƙ KĶ(â=¾$¶élŠãÜ°Õ¬½šúwY2M½`(ôçxKe²çÌÙÃ1ßRßsÊ É2ÒŸ™tÅo0‡²Ý1G½šúwY2M½`(ôçxKfª íÂ8MœB]9'æíJ]@ÅçÍM¬ˆõwòñ½šúwY2M½`(ôçxKhsÒö)½RéTîÿYwªƒgC™—bÿ!,”3Æ—½šúwY2M½`(ôçxKm»êÒ>Œ† ø´tûü¥ Mã⋈»ÌÜGG“N½šúwY2M½`(ôçxKmêÑ2WßÃÌƤ³pº‘u_éàìAP0”.Z¼Gð|ˆ½šúwY2M½`(ôçxKp¡E ò­9Ui­ þ±ÙÁ%2Né ì9ÂXˆ4Ô‰-Q«½šúwY2M½`(ôçxKrÂo‚|ë’˜—˜–Æ®tÓë϶]A²fÉ ¾‚½šúwY2M½`(ôçxKxd!ˆ¨´±sÔ¨õì”Ø(dqV ™5zXbK7u ½šúwY2M½`(ôçxKxƒƒ¤Ç3»‡Ò¿Qg=Ç>’ß«}QÜqV'®whm#¼½šúwY2M½`(ôçxKx´íÊ«ÈÙ > â€,®´ðž#£9LJÌn‡èóS•1½šúwY2M½`(ôçxKI̳ 2;z±“ÉU¸ÇDð¢·\1I^`pP'½šúwY2M½`(ôçxK‚¬ºHÕ#lÏ÷ešüYMî+Ö.ñ£ ›P†(Ï4ô½šúwY2M½`(ôçxK‰Mx962˜Ì‘Zèt.ó0×¢f™ôYGŒò,+k²…f½šúwY2M½`(ôçxKŒI×Wåª!ÁcH#22—ØhòX‘e)ïÅ ïp½šúwY2M½`(ôçxK“Ö iYevåÜFKá*…úR€¶õ$Ô¡ÃüÉÐHÏ­½šúwY2M½`(ôçxKcõûÅåz¶Þl”ˆ` ár±vÕ«WÔÈŸ`þ-⽚úwY2M½`(ôçxK‘ej¤ïI;8$ ·&2HäâÖW¥ÈHˆ ¶[s 2ûS½šúwY2M½`(ôçxK‘——¿Ž[Æ„9¬Äcë¸ú«ývMËè/;©wÊÈÏj½šúwY2M½`(ôçxK”pxù|a––Œ:霚]Xf~†ˆ,öÈÉÕ‰g¤–»zô<½šúwY2M½`(ôçxK–äP”PÓ€ÚÃbÿŽ)U‰ŠåX…Ò ‰Â{¢©Ð ½šúwY2M½`(ôçxK—ƒµîD’éè‘ÆUñô€5•­E<b:ðþ{òÀ¥x…㽚úwY2M½`(ôçxK—¥ DDb óŒØÆQ,¬šuýCzáäÒ))€va#'½šúwY2M½`(ôçxK—¨ÅºÖï»]jÚNºG-ÄÆÍIrü]ã!4/佚úwY2M½`(ôçxK™( æìŒAÚ®KØ«Hõ‚héC¦pÓ\¥â½Í>|L” r½šúwY2M½`(ôçxK™T¡©U豉«ÊAK‘ö l@¨ko>óh݆1½šúwY2M½`(ôçxK›¯Ov×kõÖ¨—¿½_B›¡Mà‹HÃîv“ ‚ÿ8‘½šúwY2M½`(ôçxKœ%ŸË0_Ç9~Õu™càïk6ä WýsnkЋŸu½šúwY2M½`(ôçxKÒÜ·/^t'òéà:±…£@<ö©¤y¤ÛÙ~"P©½šúwY2M½`(ôçxKžÓ?¼ À2øœ¢Ä«4íÃ:E¥ %!£µ‡j£ê,½šúwY2M½`(ôçxK¤Ùx·Ä½¡T5Õø¹Y.Â¥­ûê{­j5ìµ0”d/½šúwY2M½`(ôçxK©$ÓÊÖÚB·9›– • oö±«¥¸s°Õó î!s´‹l½šúwY2M½`(ôçxK­;å‰ÀGN—Þ[²¿3SIH·k¸vßÜX±þ×gµ¡[ü½šúwY2M½`(ôçxK¸Öµç…{Eƒ|{ãØV­ë—Ç)°fZ=G:KëQÜó½šúwY2M½`(ôçxK¹?™Y‹ ú ¬Á,üü%hy?nwžy^m|"Su½šúwY2M½`(ôçxK»Ú3»cœ~€m°VÉŠSò/ïû äm®Iš½šúwY2M½`(ôçxK¼uùÿ2\µ™žf»ÔOJå7¤/ßï5SHãf⽚úwY2M½`(ôçxK½Ð&éØWÓþu¯Áp*)ð´öýö¢²\—©ÎŽšúwY2M½`(ôçxK¾C]÷Í(ª*|´üsG[wå«ó’÷k|vú?iŒ·š½šúwY2M½`(ôçxK¾÷f;åêM¿Øhn$poLûÍg¦Åfí”Î ÄDp½šúwY2M½`(ôçxKÂF—YÁ”~ô¶_r©õ³¯‹onr{h» ‘8\¿BjŠ½šúwY2M½`(ôçxKÃP[ó쥬äÇk‹Ñ 9 eÑóNu¸£^ãÆ›–½šúwY2M½`(ôçxKÄ-Ç Ï^Œóû‘ýòˆ@!­ƒl¦Šß,»y•Á õˆÔ½šúwY2M½`(ôçxKÆd¥¸9ä¡gBR~jÎ<'oÒn4ÇÐã"½šúwY2M½`(ôçxKË4¯ë tÄ¥ˆ³nº¤A–èÒú€Ü¨Á8rÈPyk½šúwY2M½`(ôçxKÌŽìn¹!,¿‰zZÎ~Š¾ìáŸmï x•‘ËGñð„½šúwY2M½`(ôçxKÏ¢CÁÍ.<Œë~p‡ÎËûƒ%»ùз y­óèA(½šúwY2M½`(ôçxKØšÑlHÔû¼TKúøg f ”HåK¿òpNBˆ½šúwY2M½`(ôçxKÙfŠµ'…g†Á4µä½Û÷$R;is"š¹*¡¥M õ½šúwY2M½`(ôçxKÚ5`ý 2µLƒÔòÿ†Ò“i¬òÈ–ø¯§CkúFU½šúwY2M½`(ôçxKߪ´ƒ‡©áÔÆR(œ¶«á–Èô³–Çä»Ã•Þiwö½šúwY2M½`(ôçxKß‘¬…©OÍ ûU½|¾ú¬¸Åîs—þ,ÈY„Ež.¡N½šúwY2M½`(ôçxKàQ·ˆìºí¥0FÇjö•",aW¸ÄÁ¹ÂÏÆ_F彚úwY2M½`(ôçxKãmüq!Âãšêˆ„ž(E«2ooçNS›~TØ61½šúwY2M½`(ôçxK㘑ô‹¼Å“¸í†Î‚ÎfoÁ[ŸËý+ºÐ¨›ôÇ¿¿½šúwY2M½`(ôçxKæ…oy™-ÉO¢ô2—ì2ÒÙ§o{æaÆ¡>ü;ÍõȽšúwY2M½`(ôçxKêÿŒ…ºM[k€FõÖG×yºÚwhæIÐGÿ›f ½šúwY2M½`(ôçxKfIa §OjÆäß»)¢à®;Š#(Ž~.r½šúwY2M½`(ôçxKî×àïòíUž*yî6™b¯;™‘1ã ·ýTo® rg½šúwY2M½`(ôçxKñ´öQ; TJh­Â‘ï¨ÅŸB ¥Ü²> Zú~ =½šúwY2M½`(ôçxKò¡m5µTiA‡§ @Êh)Yôó\,àê¸ýd÷¬*¹õÂJ½šúwY2M½`(ôçxKóÔaÅé•@?É|¢Ø©ËâpY}2ºßÖkwI_”½šúwY2M½`(ôçxKôŽmØqŽ•;`¢O,¾¦ •!Þ®gÛ%B[}:Îô1³[ôÀæ‹Óµw¹«á©ÏñËßT½šúwY2M½`(ôçxK ;Ã9é¶ù¬Ø(¸4‚¥ÃöNg姺¨§S³Jö½šúwY2M½`(ôçxKB Ì|ßöLYHHMj~ÃQNo\¦½î× “” “̽šúwY2M½`(ôçxK(ˆxñ.‹œlËöÇ=_N˜\¬óü°ÂND‘+>¹½šúwY2M½`(ôçxK.¤Ëj±ÓÜè-Týâmí$;£áçÆÒ*YOågˆ½šúwY2M½`(ôçxK@ÖÊà)sx€ÏL:šÑZ M‹ºD8«–âvÌxDTÞ罚úwY2M½`(ôçxKOüäúˆ—ÐÈ FÖÚ´G&Ñ6ü$’ïÐþߣˆzœ½šúwY2M½`(ôçxK\*þ4½Šzë»Cœ%ûjBOå5¬MöÁ—E¶ñ‰:½šúwY2M½`(ôçxK™×­ Ö~R3½vp/K€‡ÏÄìeIMl¨«¨XþºÚ½šúwY2M½`(ôçxK¦¨Q½÷S+K€ú•êßßø°ËµŠ}99Éñç…½šúwY2M½`(ôçxK½ÔlŸ]8„SÆÙ4uÓšWerºÿua,2F£ZS)±½šúwY2M½`(ôçxKË™K@¶l¿Uüf5UÊðÔñÎ&tdÐE,#aà^áÍP½šúwY2M½`(ôçxKÖî·‚ãl¯ûMŸ‚‡Þ“ «Ìo¤Uûýo7'=½šúwY2M½`(ôçxKÝ Ï}±âb-ôTp7¬jó >Àk0'IˆÅk½šúwY2M½`(ôçxKä%r¯¬r]Jzªøð”Úζ‚ôé'ƒ²»? b¯½šúwY2M½`(ôçxKæ#mÁîL|z›9e”t0„{á%÷®·‘¡(:꽚úwY2M½`(ôçxK‰¤e}èr˜U,ùàóÁ÷Æ-úc¹ò[¼fèd”½šúwY2M½`(ôçxKõè’ÝnÄÂÞúJI\ !›by¶M£Ñ²ãJßK_½9½šúwY2M½`(ôçxKÔ$ÍZ6Œ4Lf$ó¸çO«3w“úv_û.½šúwY2M½`(ôçxK#.BO³ÿNüuÐ c†w'„ºPpî$ߊ·™½šúwY2M½`(ôçxK‘r§bfµ»/€ ñ…£nT¯Õn–s‡ê} Mx ‰½šúwY2M½`(ôçxKÜŠÿª£ã.￉›0Y˳¤‹‚úœ“Õ¶½šúwY2M½`(ôçxK™YíNåHµŸ!“¤Ucê…»"LÙmì–ÀçüͽšúwY2M½`(ôçxKG³xgdK.è ;-_¾!âwÁaz,/W¬à…Ÿ½šúwY2M½`(ôçxKú¼7ó•æõ$r´O¥/Ÿ ¤€ðQ˜Æh·[ôF½šúwY2M½`(ôçxKãóüÿ ¿ÁÀ`¤¿Vˆ^ýU¨éÎ<_HiDL¬ÿ­ ½šúwY2M½`(ôçxKLÚã’ Q,œ*‹Jº––› —¶Ld¥Ø˜Ë ¹½šúwY2M½`(ôçxK[‰ñª$5 =ٲѴû¤øõlñù¸ÖÙ¸&""5Á½šúwY2M½`(ôçxKL•W± >!f>-#ãÁ®œäµÞ X¢—3#6¢Ø½šúwY2M½`(ôçxKà`Ú Và ϱvnŽ„hh¡éšT±J¥ÐhŸ(@ÎÆß½šúwY2M½`(ôçxKHôXMáÅìe %æÆ#c\ὂaÄÔ î#U´Ê½šúwY2M½`(ôçxK¯y±@d`À˜}GG¯‘J"ŒÖ"ÎÚ·¤öpþçg½šúwY2M½`(ôçxKÅ[䢦¬WJFñáÅL¬)ÒÍ{@8žqW»2ÄYL½šúwY2M½`(ôçxKéØsËÎÞ64ळdKQáÈ  H')’Ç8Q>¼–Í>3`½šúwY2M½`(ôçxKfЀ>%PÙç‚šáµøGÌ›ûæ›QphìµÚ»z‰ü½šúwY2M½`(ôçxK(ASçÐJŸ~\=¿á{&r­/½Ñò{ìx”·‘˜S콚úwY2M½`(ôçxKíÒËUrn«íìèÊ]í(š×“«;iÑcÈuþÁ œÕ½šúwY2M½`(ôçxK®ÅÄ™Vt¨IÁÑ8Dcó°+Z¦%¥Ã üOçÙ»X¦#˜½šúwY2M½`(ôçxKÊe©²‘]šZ@{Ài‰64šãÛi„û§ªØÞU½šúwY2M½`(ôçxKˆØJ¦Þo.–ÏÉ­«[èe7òrè‘֭ã±é½šúwY2M½`(ôçxKj‚FT·G‘RŒ÷8£xæ)H8t¶ÛÖ~ Œ3'²ü¬d½šúwY2M½`(ôçxK®Ö,J¼²RFCár?j­Ì1§JôÒ(];ˆ ÄL"ÞŽšúwY2M½`(ôçxK!ò}‰òç}î|Ô3n::Þ6**®Ÿ²ï┑¥óÕí½šúwY2M½`(ôçxK% ຆ mF‰D‘Ö0Õ‹ ö•É,âJ)T†÷˜[½šúwY2M½`(ôçxK9Ÿ¦ÏZ‡ƒ–7µ_b»,Æ©?¥¯ç­v´¯³ É'½šúwY2M½`(ôçxK;0Ãæ©#Ë·Ïeµ9_±È×D€ò\¿Ëš{ýc?í½šúwY2M½`(ôçxK?éøÑÜ£ü™„ÞLÂÆ&«³‹s˜ZD|: 9ÊT½šúwY2M½`(ôçxKE”WÄŽE "…û9/Êx»oM¨7†(‰«y‹Ü½ð½šúwY2M½`(ôçxKZNtWâÖ5‚†ð÷ µg.NÛxquPdžÂ2ê[½šúwY2M½`(ôçxK^+·¼‹à¹Ýÿu`fhæv¯Áq€ï [›8?¹•½šúwY2M½`(ôçxKÝþÄMÄ0-¥Ew5<ý¾´³æNÁÁî/à€½šúwY2M½`(ôçxK‘AêNkñô×,(¡ÐÑ$©(Õ§Ókü~~SïD#`ÿ™½šúwY2M½`(ôçxK“õ#>™p§ÛLš¢Þ$cg(çÆlò»çK² “º–½šúwY2M½`(ôçxK®ÊŠ«|KÝ!Ū£#õ—½PD]vi\²‘ ̵ñc¸½šúwY2M½`(ôçxK¿Ê¤Eò T®¦PÐ=|9·|Ø*z‚MÅZ¥‡ÄÀ÷B£½šúwY2M½`(ôçxKÃ)~5éïÄÀQpj«wÒš&æ-š8Þ%mÿëw îÈfj½šúwY2M½`(ôçxKÈu®ŠµDWqr†šNÆç¬ç¨uô*/»¤µ/)4™Þ½šúwY2M½`(ôçxKÛ\aR¢>¶±¯ê­ItóeJÆû¾v‡ »tíæ2¹å½šúwY2M½`(ôçxKÛ´$ËŠÓ^æ…F &EÄh`'©íóů„+•rñ'i—½šúwY2M½`(ôçxKáÛû¬G6‘ŒIw˜ÖíR—&¦±‰Kàe•S‹"½šúwY2M½`(ôçxKæ7%&"Ã.GtU±/†O ²|Dgš.xåÅm¡ÿ΋A½šúwY2M½`(ôçxKôØêÖÃ%8Ñ»9ðïÜ/U7”ÁJ^EùU\3Y%ÙÓ½šúwY2M½`(ôçxKõÀ¸üáºçvË:Þ(·fN“Ó|ŸXrI:Ì%ú὚úwY2M½`(ôçxKýE‘­Òå°fCcr qI)‚Õ²#¡A¦$‚FÍ#ö~’l½šúwY2M½`(ôçxKd·¹J²©>yÒ—ëöÎ 0÷™~Y)äï ;]TÆN{½šúwY2M½`(ôçxK˜=Ìá ò&–©è{çúÖ6~ô®‹ýT͵(¥ÄŽ™½šúwY2M½`(ôçxK8`·ÇÿoKÍXe„;.†²ì¥ÿO°q™Ÿ!)ÔÇu;€o4½šúwY2M½`(ôçxKG÷¥ó‚†©Æwölþ*„ÕÊ”ËoÁëèá˜n‘íÕŒ¾3½šúwY2M½`(ôçxKR£ÊM¹#ÀdŠÀKèlà-¼j:ªÈ1#f± ]ìn,¢Ù½šúwY2M½`(ôçxKWi/¸ €š;ä ´DuÝír%ÇoÝ_ðžN×Ó0¥‡3¥½šúwY2M½`(ôçxKx6F[ßúçhï®Üº¨µx{¯Q²y*€ãA£ø$ÿ‚ʽšúwY2M½`(ôçxKz”º¢®ãdŠü ¯.ýRj[v4žÉøÀ;Â%v8½šúwY2M½`(ôçxK…%W‰ 1Å·sßðž¥\×êeô[@TÁF>?ܽšúwY2M½`(ôçxKS2³PWz·±˜“ý¡² jbâb!BdõT¶>€P½šúwY2M½`(ôçxKŽØªçÕAÌ»0 ¢±ÿWRf-‹#û§ýÿØ ½)½šúwY2M½`(ôçxK“5ÉÝp¢ìN2*¶¢ÑlLÔïDÀ c·ºZ&ùë}½šúwY2M½`(ôçxKšù%Aæ>¬¼W„»DÛfù¶&ONÁxÆÎ2êöGî¼¢½šúwY2M½`(ôçxK¤³þã$Ò\Sû\´†0Ü€Ý~猬Œî©'9i—ã;νšúwY2M½`(ôçxK©ƒç>W½ðÉ¢“1)è}ó—ȼÄñhC¡jV½šúwY2M½`(ôçxKÎŒDá…úª•œò2)`xTï~1nÐw=f×¾^ H彚úwY2M½`(ôçxKè£7íiïV'ʺʿN¦Öâ·T±!¬%¼Á ½šúwY2M½`(ôçxKéÇ|Õ¤ß ¤,¤ŽlFŽerW÷?f}ä^îtn×Õ½šúwY2M½`(ôçxKý0b5ŽÄæ€ïßÔÅDs¸` 7Ù!ßG/¿›e½šúwY2M½`(ôçxKebZ="¡„ÛÕÍûžœ;ÙeB”ꢹ†(¼'>¼µ½šúwY2M½`(ôçxK€#ηäu–!¦,r›«ÈS%•÷dW"JÖT+{&Ô½šúwY2M½`(ôçxK(÷ݵR里àƒs3¸_?NƒÓ“‡üSc´"÷\ȽšúwY2M½`(ôçxKßE'“RžÚuÄÔQR:½šúwY2M½`(ôçxK‘P ÑÏh¹å0dÞ‚Ô· XÒð 8Ì@d'Ó#Ùü5½šúwY2M½`(ôçxK zVN“˜œWOÑŠ¨[ëXÃÙöá ñ,es¼+½šúwY2M½`(ôçxK£0ýæ\z_ uÈ 0gÃëuàÏ›Nâ@ðÖ =ŽšúwY2M½`(ôçxK±I²ž‚âH'ûà0Ë&Í3e½osç§1Å÷ÜÙ½šúwY2M½`(ôçxK¹yÚŸ'¥hŒA-ö‘RQ+¢RÔf9[@ÔòÑU½šúwY2M½`(ôçxK»DýŒÐJ¼;TåÌê—ïçÓ“<4(‹†öì´óíÞ½šúwY2M½`(ôçxKÁT|ùW©iKkŽ5?äÛj8"ßû†”x½šúwY2M½`(ôçxKÎ÷]¨é‘¬–ÓoŠV(I ÕÆ0(ºƒ'}\'Ð ½šúwY2M½`(ôçxKÕ¼ûa›üíd$›“ x^­_Ê9'ðÎ<^ý?šðK7¿½šúwY2M½`(ôçxKÚ™C'qt– }? eavór>Òð:Q‹ëžøœß 8ØÕ‚ÊAsø ëÄCïyg½šúwY2M½`(ôçxKû ¼%jê\ù=©œòdÌBôçºk2Ûc¸'b瞀\½šúwY2M½`(ôçxK xƒ§gë[™áâ Öfù (Úî¸õå%=Žxwü´½šúwY2M½`(ôçxKD!+­ô kã1c E7ˆà²;zHµÜÛeÑ´³½šúwY2M½`(ôçxKÛ¢„Gý¾<Š$þãëˆcŒáØù|Ô’PVÀ­‘ÊQ#}½šúwY2M½`(ôçxK¥?:,|AÉ0™srfµaŸö¤3û;‡4b-z¯«šz½šúwY2M½`(ôçxK#üÖ¿0„Îæ©ùˆ^R9# ÝàÈpXžäaU¨ôè[½šúwY2M½`(ôçxK&L¼WeqŠ Ì°÷œÝ:‰‚ûoO RËGûöнšúwY2M½`(ôçxK&l)ÈÜ8”³Kï‡#Û(îΰ»k»í ÌAÓkýšúwY2M½`(ôçxK+žÌõ…±Q"e{”SK±1ª|‡N"b‹…Û>è>M½šúwY2M½`(ôçxK2igÇÿÁ¸m¸³+p芉Ì4ÏÏ0 ˜Àwäsù±¡½šúwY2M½`(ôçxK3$P‰œÿ~Á\S’òr'«ž kmŸŽ!ϵ_½šúwY2M½`(ôçxK;v–ßbzÞ0»½ÅÎ?<'$ —3SèU{lЀɽšúwY2M½`(ôçxKTõ ‘)o/Dس8®íû¾†ßIÛ]è¤Q‘ª©1õ¼ö½šúwY2M½`(ôçxKXh˜Æ ÿS›vÒ=¿,’ä_juIá?SÒ“p‹y<© -½šúwY2M½`(ôçxKZG°±/ÙÍ9Æ'Ñæ¿JþÙ`¡]j]„ûó—UÒÓ#½šúwY2M½`(ôçxK^g¿$ ööˆh¤”Å 0«%[aŸ¢„ë&gJ½šúwY2M½`(ôçxKaS\ªGaüHÌzƒ]úð µiíü¦(ùƒÕŠ:Â_*½šúwY2M½`(ôçxKi£ANxb%¼Q›¯ Ëû&-:»ØcŸ>Ê*)ù”½šúwY2M½`(ôçxKláò˜o Fh; })m „DŽÏvƱƒþ)ÃníŽ/½šúwY2M½`(ôçxKlýÛbòTÓŠ[ÍÔ=QdzH|§ ²&¬  ;³ÒºÀ½šúwY2M½`(ôçxKsjû]òžÉÈ…2¾œbø ¿#ç/-4ˆ·W¯ñ~sJνšúwY2M½`(ôçxKt³œ mÈ¡Ñ–Õ™)–¶­G}rêøn£Ü쫽šúwY2M½`(ôçxK|sr¦ qàHy¸“ IDÙm7S࢒J1#_¹x‚ò½šúwY2M½`(ôçxK)+ÎÉ{`ñêr½÷Ùj¨w‚»T…Å\{?ð5½šúwY2M½`(ôçxK.°ú-ñ:ˆ•Irœ­¿ ¶lž!•WA·(Y ñµÊ½šúwY2M½`(ôçxK]˜®ä˜Ï'ýfHÇà,ü Jˆªs#|»#Rþ88Jrh=½šúwY2M½`(ôçxKŠ0\_¾|Vùã!MzÛcAô#O<å#5–z-6_½šúwY2M½`(ôçxK’\&B…t§ñ˜ÊØóÆ‘­“-ž<*Ù%Fÿp™í½šúwY2M½`(ôçxK’øXö +ÒF°]wYãNw±\4ÈK¤É0³ øÛ ½šúwY2M½`(ôçxK”õúXS—Œük±z©FäCÿÊ¥,†r©D`ôO½šúwY2M½`(ôçxKž½©UJÕ»ž=\ç÷ÈmO[ x+ñÛó jr4tš]Õ½šúwY2M½`(ôçxK­Þ+¢q–9Q$h;€ïÁ†î~QÔ4øÿgÙsônŽ`/½šúwY2M½`(ôçxK´“ŽÒÿsï1廾¾m»}˜ˆ©ûå%R¥ífRϽšúwY2M½`(ôçxK¶}¸Õ<’_ë­¯ÎCV l…÷>"En®NÖîwö©áŒ½šúwY2M½`(ôçxKÄpæ´R%:b56’IyÍÑ8àŽMÈov72æK ½šúwY2M½`(ôçxKÌs–Ñíüäžp×Úó- :/ëâ¬vº…7pá>ò½šúwY2M½`(ôçxKÎùüÎjÑœØ#k#°<ø?aL©k7’ù—Ó‡‘Ês™2 ½šúwY2M½`(ôçxK«îR(’ú²"´ÑT„a{ɇ\žå5;OôvW}‘‹½šúwY2M½`(ôçxKòTwFýµÙÙêæßE„…u+ëÏ)\6ÒsQE÷H‡½šúwY2M½`(ôçxK™lU•]û6˜†›Ü*pkÌv$hqk\½§)\ùˆA" ½šúwY2M½`(ôçxKkTIù‘ZiwB‹ßE±ØtÄø¨6µ½ü7=ôÀšúwY2M½`(ôçxKmMÁg?|ûo§]qsšýâ·„âäæõª0ö"¤Ä½šúwY2M½`(ôçxKË•¤Òàà*[VÐYÉò#Â2gSêŒDÒãúlD†b›ã‡©½šúwY2M½`(ôçxKÜ|ÈÑÜã«ßnb'ƒ5²#·€ð0Þ{4ˆ£ö£a´½šúwY2M½`(ôçxKˆÏ {Õß~Ñ õg4;éáƒuUw½Hl%Û&†€½šúwY2M½`(ôçxKÎe•!Í„˜úÙbå÷ UÅCfì Ça¦ ÇÄ¢v¤½šúwY2M½`(ôçxK)’ŽOao-rSéÕ©"’?MÁ·ŠX¾D™¹‚ìòp½šúwY2M½`(ôçxKØx÷c ±ä TxËW:ê Ž}áA#y:B8…‚B†·½šúwY2M½`(ôçxKÌ .'SìuÉîªÆ\9î¦úíWdé0ãYvÍ3-‘½šúwY2M½`(ôçxK{”ðP_7±›C*º¾.>08À,ëSF ¶ 5I½šúwY2M½`(ôçxKÏÒ¨ò;¼çBOJn'Þóhñ{oú"e( ’snp^ù½šúwY2M½`(ôçxKð³ÐÔÅEx€âÙ·rŽ¶KÒˆµÔ¢nȃóÀ”Šò”f½šúwY2M½`(ôçxKè†f·à¶ä‚ ú¨MZ„úBË]&cÈHÓX²‘2tº!½šúwY2M½`(ôçxK!UM;ùõ-<Ò—Ò}õbÀý ¿g8hóØÆÀdÜV ½šúwY2M½`(ôçxKøóŒOëéØä^q¤YÅ¿ñqu\4_aŸRÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ð gD[gLÃ2-D$ ãKP•£Ö uFâ¸þ"NÁQâç\’P£$£<Õá¿?'À·±Ÿz ¥YNý›2BRöãœÊ7ž¡P?ŸL”5!\°QÃÉ ­hdëÒ.¹™ÔÛ `M ACPI DATA ³3÷)ôÆД1ªÁ]ÚõÔ,ß$! €:«{¡ã}U78Ò×ðˆë˜ƒ;œ9/j£Wh·Ñ\ ò1¾#ÅzìRð÷…K_2­ ßk'm¬ázkM­3V«M?PoÖF º ACPI DATA >j±$¦,çBâžòŽYðNß ¢!ºu#cÇ /þÅïò¾™òbt>øÐ2qFn£… sï» Ô<Æ–èŠc¥Î¨õ\‹º»©]Ÿ'+¸xEÍxÍ8>”öBé™iÂÝqÄ5 ACPI DATA€H`·\D:›>¼]LÜL‡ŠG‡ Œv\×–¤–#ÈÔi‘{'Ž1oè*W7â” M }‰ð Ä%ïƒ@QÄm÷­¥mDÖùÜök¥®a·åWOõ¦~ÿðwG‘ô3+*|)a8aßä‹Ê“Òª à˜+Œ BootOrder€KíwX€Žº¹•÷Nµg+N Tx ­ò”êÐÏ“Q(½Þâõ©õ*#|ÇrÃMð1$Ñg% òD¿@»S %VK&Ió8Ðz·Ez™ëK³èo¿´)éeVŽC`Žå†)ÈÒøÈaßä‹Ê“Òª à˜+Œ˜Boot0002„Ubuntu ÐA *(P¶è$üŒ^–CªÝ,jšC¹-4\EFI\ubuntu\shimx64.efiÿ€5Áy{fÎ0ý^ŸQ Pͽ©É“‡ +ç¤Yã Ç»xˆûX(9‡þ ÑÓÁ¾'kÉév“æ\I ¢S3Ç®Âà™04“Œ‰;<+Êö~ˆÃB£Õ†ö÷úâÆ¡$zžØiˆ mKä—Ôû¶aßä‹Ê“Òª à˜+Œ`Boot0001&UEFI nvme_card-pd ÐA ÿN¬ŸYM…âR,Y²€"¤öîšöÛ 5(Þ¶Ktµ‚ü+ 1—¾0¡` „ä½J¡T¿µFÏ.lö _Œ6*“ #­ Rañ/4 ½ŽFv bÖ´Õv¤ñþ¡ÆKÆV±ÒŽ¬÷zæégÅÒ©‹út˜naßä‹Ê“Òª à˜+Œ>Boot0000 ,UiAppɽ¸|ëø4Oªê>ä¯e¡!ª,FvEƒnŠ¶ôf#1ÿ€ÍÛE1¦ìA¾'Sº&7Öå÷òV =gr´øNÔu•×*,L_ýõ»rÇPâo*®âÆV3º w Ú²1+NW¨M†Z!å²îgz!*Ú ˜˜€xÓ×@ö4kþ º©8Ê Cšq(Calling EFI Application from Boot OptioniÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ðiÊxçE (QsC>RÅÂR™äs ß?a˜©/Û@W-Ä=×HêwŠÜR¼IŒè$À¸ 9CA·,Ò'ÅÆ°~ø ßØa6Ä)+ŽWes­~Ù®AŸX´¹qÉïü`á­Ÿ‰ð€4WO’zéÙ[çëu‡Sÿ¶?kíB ý‚«5]Œ91žµ¼‹ÁßrlŸ’ƒ%1ü@÷ŒŒìL|TÅ •¾bY.(›Ñ¼í¢6Ýz¤¼‘+*îÅŽf’!]+"#>Ùû9E*¨#mÉéYdEFI PART\Kå,ÿÿ?"Þÿ?H¤:›@¾›H¸ÃœûO¶¢€€²—ž¯=ƃ„rGŽy=iØG}äÉóp‚ä´EC€îZbÛ~¿? Þÿ?Hah!IdontNeedEFIóêž8-O‘u¢e‡ï÷úÿ'(s*ÁøÒºK É>É;¶è$üŒ^–CªÝ,jšC¹-(ÿwÿ¼æYbB£R²uýoqrܶ.h€øC»ýv‘û¿Dx €~¬zQq ùu»jÁ°ën·š9^ rMæ„MÐþa‹¥wl{Ê(¾8¦TN$äNòY¹‡·«Î€ F7û\ÓGåðšâOŠPÎÄÒýËiÈì@¼‚ܼH«Ú€Dþ4 ûp²–ëG¤€·¼À„ ÐA *(P¶è$üŒ^–CªÝ,jšC¹-4\EFI\ubuntu\shimx64.efiÿ h¼ì`åÃòûÝš©ª‘Ú’ü‰?) /k VGd̦t^Í—‰Žtí8‘ÇÆ<æñ}È&J 3Wêe_ ŒªÂeÏÕè |Ç%O£ñåê4Z‡<÷aG*/#ñR—õ\þ$MokList R_÷ LúK,v¢â?ÄI—“+Óò Š:®PÕÒX8É\J­Î{TŒš•.·’^6nÚS|Yð €î%q3JW¿#!–DGåBHú‡ˆx©}Ër h: ±¬cLvÀÀ¾w÷a MokListXà€‡]9¸‡/Šÿ:’üŸž@¬u&Ž ’.“šUeyŠ^ñ/à‹I¿•Ž‰ Ì§¥6i=A£M ñCâ”cüÓD.„³j~qð¨”eA–éÑ.pÐrxt` V&MºS.݇)Åë8DP«]`FàC«¶=ØÝ‹# SbatLevelsbat,1,2021030218  ¿‹E0ØÒFÝt¬S¡4q»¡yAß÷ Kõ/4ETÅ;Þ.»ŒÒ·ãÑ` Ö1Ã…¥×Ìâþ’h g ‹óJµ:Ü[{È]² PŒ™ö0áê÷Ÿ (Á% \ ¥zëÝsVzp?*_ôyÜÅ;q³>UQÂ&¯ü|“ž£®¾ÅŒ¤÷ç‡xwøH‚Óo (hd0,gpt15)/EFI/ubuntu/grub.cfg Fhsæ)†/»h./nS3>þ’h g ‹óJµ:Ü[{È]² PŒ™ö0áê÷Ÿ (Á% \ ¥zëÝsVzp?*_ôyÜÅ;q³>UQÂ&¯ü|“ž£®¾ÅŒ¤÷ç‡xwøH‚Óo (hd0,gpt15)/EFI/ubuntu/grub.cfg w6b V¨Š£Âéëäc•½ÍžP S ÍëÏü||]’¯6âIî,U$>ì Ç¡Ç局 ëw+'mÀ~è‚)ÿtî=6Ò¯ fÀ FìZíS{ÍÒ7>thÆݤ|8Ìjkp³g<((hd0,gpt16)/grub/x86_64-efi/command.lst ð‘e\zÇ1N°ß!“ÞGbb 2ü]èÀ¥Ü ~¶ Ê1§~³GU9áÙzECÜ¡¹²lW sá|>£mêWow(c “tiTò¾‘CëKvpas×Ù¦Œ2çÉt°ÿ\í‰`9#(hd0,gpt16)/grub/x86_64-efi/fs.lst ÿÒ9Œñ R2””Ö:Îëòš vo8©I'þ›{Áè ð6>wŽÆèúê'.uÓüC ÇÐåAe°Òj`Ö;‘Ntw‚]^͇„ 6CLkÙVrTA¸*f¶X6½8úÔ'(hd0,gpt16)/grub/x86_64-efi/crypto.lst f·&ÆÖKÁ Ó”Š•(õꔓŽô FøˆÅ/6ºù¶-`¼Bj1J­ZøjCb©%¡ßœ €$ýMñêýkº6Å–Ã:ûµ'ãkXÁŸ­ÎÔ{È®’øžóÊï#F³½T\ýØÞ)(hd0,gpt16)/grub/x86_64-efi/terminal.lst T/2ß&݇_„ÅæÞ·WάC {«Ÿ¾qjb}0 g¶Â+lЬ©³+vÉ’ò=@ÒFkg 5—lrH&¸ð|% Î͵ݪºŠ'×@.0S4ˆ.zƒ’¾½Õ_@-UOjn}–/grub_cmd: configfile (hd0,gpt16)/grub/grub.cfg HæCBÜ4:B±NÙ5­ƒpSa Þ–V©Óš(ØDÐœ†lÅ/Pñþõš®N/ÔÂI1¶* # Ôé m7¿È¾ó»?Æe]ã½r¥÷%‡ø‚rqÚ•he:i`~ºý]ÆZ(hd0,gpt16)/grub/grub.cfg ]¢²8‚^/-Š„á²dáÞѧi j×~OÞ‹ò#(“ÏJÂs Pý?N@˜ÃQR½‹Ú‡ö W—HoQï^Òpû&n¶céÛ’·Ì¼=J‚¹-_)õ%,¤#+©{Ú¿ø¦hŠ*grub_cmd: [ -s (hd0,gpt16)/grub/grubenv ] Gs|=ið½}î’a®Ú]Šþb öA"…€dˆ^ðs>BÆ£ÒÓýd&q÷Û —Kˆ t0 ¦±;§R§Ö1èùç(²7âÈŒ_^¡ÚÆrðdr±[Ã3³.b)cÏ7ßE¹‰(hd0,gpt16)/grub/grubenv BÆ£ÒÓýd&q÷Û —Kˆ t0 ¦±;§R§Ö1èùç(²7âÈŒ_^¡ÚÆrðdr±[Ã3³.b)cÏ7ßE¹‰(hd0,gpt16)/grub/grubenv ´é›@ÒÝÜßhèªCžÝ^ºËÿÉ Ò¹)ƒæjÿ™˜/å¯Uàù'}Àø‡™4á{~AVž -š‰ù `îGd‹mèl,x@²kÓH¾tÃjàÈ>ˆ˜‡þ!*Cݽ«]2Fgrub_cmd: [ = 2 ] ºE+ð ˆ(³]é‰À…8 ‚¤¡NC¤÷a®c(] ðZñ9ò`úå{, szó8+ ®aÄ[<%Èœê?}ÞädŽw`†÷Ö/´¹ÁÕaH¡¾¿Þj9SDV{SŒmðmžgrub_cmd: [ = 1 ] q ¿#|š½©A2H¾Ç°û Î$¼¼ µÍG3Œ ÇÕõDmy“nD: –±’§½e ".%på/r»™óï—ËuÔÞ:TUƒêMfV€g?t»'ÐÊ\³µŠ%ìxÎHQgrub_cmd: [ ] u@‘ E+»î0«â‰¯—>Í×àïk :‰@¿&u}ó6Œ¶Ô\òuo2>uÚöš—ÒѼX kö$/Ž°ÊrÆã¥ÔƦ.XXDdèF–Íg0nòÛŒö%•-_ÙªÞý9G—@grub_cmd: set default=0 õ°gåœ?g±›ƒo¾é複¡œÝ Eh6·X1¤-dZµ40/¹÷B­ª7·ýáR!]iâYû ±øÐ6®ý2ÎwêBn{=®ãxÝy®Ú–;,S‰‡‡–,éêåWÌéJgrub_cmd: [ xy = xy ] ½R å eüõÂÑ*‹è'~C€# ñ}MûK—ñbFc,!±¬!%É\ˆ™î埻46U †a•?QŒ‰Œ¹@|ƒ¦Tý¯˜Ò]™ËÃÑRUµ2ºÐD÷¦;)aîÑ龬f#grub_cmd: menuentry_id_option=--id bHY›® x̽¡…í/΂íAâ— Jð»7 ž;y‚}àL“^2Õ+R€GküPÓm†^ •-Î9©âƒî{=ï¶dü”*•˜½‹m ©„;(xnÇÂk¯¢Œ <ûˆÛ·µh%grub_cmd: export menuentry_id_option q ¿#|š½©A2H¾Ç°û Î$¼¼ µÍG3Œ ÇÕõDmy“nD: –±’§½e ".%på/r»™óï—ËuÔÞ:TUƒêMfV€g?t»'ÐÊ\³µŠ%ìxÎHQgrub_cmd: [ ] }ÂrÚ°╉a»™¢ãnÂJ ß$ñÊæ´(ýЛÁKß%_“ð]VÃw$…–÷=_ \ÓLîœâL¦ä¨ËFTûÏåŲòÙgo„Sèšiìô¡S°%ÿ{¤°:.*!grub_cmd: terminal_input console ^ Gõ4± ÖŠRU@æ þ×É0“J#'Ÿ¡w£˜‘ͯlÍ"¼ÌéjÍÑ ¤}T"ï "F¥[Äæö æôªÜ ]^€ºÎz´€¬“ &Ñu²æ‹£ iL"grub_cmd: terminal_output console ºE+ð ˆ(³]é‰À…8 ‚¤¡NC¤÷a®c(] ðZñ9ò`úå{, szó8+ ®aÄ[<%Èœê?}ÞädŽw`†÷Ö/´¹ÁÕaH¡¾¿Þj9SDV{SŒmðmžgrub_cmd: [ = 1 ] õ°gåœ?g±›ƒo¾é複¡œÝ Eh6·X1¤-dZµ40/¹÷B­ª7·ýáR!]iâYû ±øÐ6®ý2ÎwêBn{=®ãxÝy®Ú–;,S‰‡‡–,éêåWÌéJgrub_cmd: [ xy = xy ] Xy^…’Ùÿ;k9­ÖÛ©XïõG¢ aÊ¥OÂK¨³ç›æ?7Zót$NNÞŽ `€ £ú_» ŸvͧoØ.KE %ƒW§F.§Þä7zÐÙKHŸ}‹DçˆeBõÜŠñV#grub_cmd: set timeout_style=hidden 1¸æBþ“aïY™mµ'‚O" Íõ“¦ªªë•rC»Ž'ÙoLrnÅ#Í8)‚½ñúõM œE+¥¹¦LŽØÌ’·æœvÀÿéŸÀó‰@õ@´e¸kUh…ëZÌéñlï grub_cmd: set timeout=0.1 UÏÖF>ó4«¶´€€³>Àc©ÀQë ϤgoþuGçzf 3µ›>í4Ù³£Ò`‘«Y “J¯Éœ°§ËøLK€›‰í ù‡oŸÝ4®Cç Sˆ‹ÊF J”÷!êôvbÁ¸E({Çz)þ›Jc3grub_cmd: unset initrdless_boot_fallback_triggered ëP€×êx@´œyÏ:lk“ ÿ¤¥ê澘—Luè9ôBîÙÙõÁÖ\ÓUàOÈ(s Žf&l¯blíȬx$›pÌ¢“jæX&¨°º¬©Æª›ÈNV°+wI¬z×—Æþj6grub_cmd: save_env initrdless_boot_fallback_triggered  WT‰ZZœâ]ÆÂP&'Œ-cg |Ú•ý…‘‰ÐÇÂ̹ÀVr˜E‰ä€žÎæeÖ)Ï} i|`Íß}8k‘¢kÕQw}RÖ%®'ýanôBLWÔ²¹uR´„}b‡a£–¬,grub_cmd: set menu_color_normal=white/black Ô¥®Á¼ÊþÆT ÙË$:¤eØ7 oyŸàìµÄ»L•£ MÉ„” ;F>Â^DBF4Š* NîøÜĦ8†Êil­E‘=9"¹§òdºxð.€ \›f‚)ìÿ—,Lņ±M˜p4grub_cmd: set menu_color_highlight=black/light-gray Š>7VÚód™µ¯>í#r•‹%® Ùî,íæžerOÏ­VšpkhÑù‰ýLÔP÷Š*Ó"`Ô |ò"¡F”Äø£ç½½‘o¼ýš•¾b îZlT6 š¥‰N¤ÒM¶Í¹\:eú>îÞ<grub_cmd: set partuuid=8270f3c9-b4e4-4345-80ee-5a62db7ebf3f B2‡¤ ‘Kµ—Û2ùf—Ñûž ð´³Â1‚Ž¢úJ,üåïÉÑ^™ÿ¹ÆsIÁ07A¯ zZÀyo¨/Núˆ¶!9…²ØxæIˆj™XvfÏ…ÅôwŠ£Ï„•,¦ÊÓó…SËgrub_cmd: [ != 1 ] ´o“ÊP_¢ô8ÇÒ“ƒ¦“»J…É PI€-…É\Å*•â·ÇÜ%¡"ê¨ÌDZ#»ð hw’3ðã•'ó¥/ø˜M÷¶ÓLxJgÎÓªuS‘.xœªéb„ûyq–®£š ì^þ3grub_cmd: [ -e (hd0,gpt16)/grub/gfxblacklist.txt ] §³™¡§¤ëëí8ÐT'D$þ ¡Õ˜×lÙ,ß6ï7š®CÞÑÌQ+×Jå°?É[‰—U G´Ho˺ٺ!9Ðß±¿L~¹1'n¤ȹÜt~ÔR‘ŽÌyÖ­‘g&Scgrub_cmd: [ efi != pc ] h—z'Ù<^(6÷ÅMbMÔîÀö} òIça§ãuø¬õ‘BÁDL:¡¼Zqšçê¶ ;q  áo¸Dk=ŒÜ3U¶ž=Ùdm\qÄ#ÁÛª™dQ©ñ‘ pøú—æ¤ì:¾kô"grub_cmd: set linux_gfx_mode=keep îðúDNY× Ža_%bˆ&çþÝù "àA%µNë2p$WYª>‹Ó·zd}¹ˆ¶±êüi`ªE õå6]n—d”6,ƒâè€|ï¡OÔ¬f 2Q îÕTHˆ,»Ý¨ðFˆFY° grub_cmd: export linux_gfx_mode Ê#s†âl´gT@/Õ+¹‰?[ŠÌ º ö½òîFzmfÔå+¤Ù`ÒŽUONÓßñàcûøç ’¼ÄGé«\oˈiX hÞÖF>÷¾Ï ÃøR²ûK]6HëÏz¬Z7ªµ “Lgrub_cmd: menuentry Ubuntu --class ubuntu --class gnu-linux --class gnu --class os --id gnulinux-simple-3ac66944-8849-48de-97e9-3c12eb5de1aa { recordfail load_video gfxmode $linux_gfx_mode insmod gzio if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi insmod part_gpt insmod ext2 search --no-floppy --fs-uuid --set=root 94f07b36-6512-4b02-849a-286e93dcebf7 if [ "${initrdfail}" = 1 ]; then echo 'GRUB_FORCE_PARTUUID set, initrdless boot failed. Attempting with initrd.' linux /vmlinuz-6.8.0-1010-gcp root=PARTUUID=8270f3c9-b4e4-4345-80ee-5a62db7ebf3f ro console=ttyS0,115200 initrd /initrd.img-6.8.0-1010-gcp else echo 'GRUB_FORCE_PARTUUID set, attempting initrdless boot.' linux /vmlinuz-6.8.0-1010-gcp root=PARTUUID=8270f3c9-b4e4-4345-80ee-5a62db7ebf3f ro console=ttyS0,115200 panic=-1 fi initrdfail } v! (a?£_[„\¤çüï{ DŒÜÝ‚õ¼_ ýžÏiúÖ' úx »Ô(¥ÚÊ ë¤5oF&‘ÌÓqïŠ\ùMøýû ÝÏÕ–J™éÒ†rÜØ<[Šü?î³S þgFgrub_cmd: submenu Advanced options for Ubuntu --id gnulinux-advanced-3ac66944-8849-48de-97e9-3c12eb5de1aa { menuentry 'Ubuntu, with Linux 6.8.0-1010-gcp' --class ubuntu --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-6.8.0-1010-gcp-advanced-3ac66944-8849-48de-97e9-3c12eb5de1aa' { recordfail load_video gfxmode $linux_gfx_mode insmod gzio if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi insmod part_gpt insmod ext2 search --no-floppy --fs-uuid --set=root 94f07b36-6512-4b02-849a-286e93dcebf7 echo 'Loading Linux 6.8.0-1010-gcp ...' if [ "${initrdfail}" = 1 ]; then echo 'GRUB_FORCE_PARTUUID set, initrdless boot failed. Attempting with initrd.' linux /vmlinuz-6.8.0-1010-gcp root=PARTUUID=8270f3c9-b4e4-4345-80ee-5a62db7ebf3f ro console=ttyS0,115200 echo 'Loading initial ramdisk ...' initrd /initrd.img-6.8.0-1010-gcp else echo 'GRUB_FORCE_PARTUUID set, attempting initrdless boot.' linux /vmlinuz-6.8.0-1010-gcp root=PARTUUID=8270f3c9-b4e4-4345-80ee-5a62db7ebf3f ro console=ttyS0,115200 panic=-1 fi initrdfail } menuentry 'Ubuntu, with Linux 6.8.0-1010-gcp (recovery mode)' --class ubuntu --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-6.8.0-1010-gcp-recovery-3ac66944-8849-48de-97e9-3c12eb5de1aa' { recordfail load_video insmod gzio if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi insmod part_gpt insmod ext2 search --no-floppy --fs-uuid --set=root 94f07b36-6512-4b02-849a-286e93dcebf7 echo 'Loading Linux 6.8.0-1010-gcp ...' if [ "${initrdfail}" = 1 ]; then echo 'GRUB_FORCE_PARTUUID set, initrdless boot failed. Attempting with initrd.' linux /vmlinuz-6.8.0-1010-gcp root=PARTUUID=8270f3c9-b4e4-4345-80ee-5a62db7ebf3f ro recovery nomodeset dis_ucode_ldr echo 'Loading initial ramdisk ...' initrd /initrd.img-6.8.0-1010-gcp else echo 'GRUB_FORCE_PARTUUID set, attempting initrdless boot.' linux /vmlinuz-6.8.0-1010-gcp root=PARTUUID=8270f3c9-b4e4-4345-80ee-5a62db7ebf3f ro recovery nomodeset dis_ucode_ldr panic=-1 fi initrdfail } } .9‹&Þ <”pBi]²fAx ]H~(W³mHïð>V8>F’Þ$¸g³Ë¢šMgv Ÿ{nšßÁ}Ñ„ÿ/ágrub_cmd: insmod bli &Þ¿ùçj'ÁéVÒÊ8þ±1.â ÈÀ•ª„ n¯5V‡Kx‰V8>F’Þ$¸g³Ë­íêñ’:®Ö~sûqJÙaÍd mé$Ú\ìã’ ÙË’´5‘Bˆ–Yêf.ku?¨n¶J©c¹µ-:grub_cmd: [ 0 = 0 ] ØQǽKz|Á‰Œ²X\7T º ºsg3zPjl{²#5néØ;­ÓÆî‘̨Éw¿â<^ á\ ïÁ> ^Ï©£pÔ`f¢8ڎȉCî‘{¶®b&i³ÎªX–C²e›2,qOgrub_cmd: menuentry UEFI Firmware Settings --id uefi-firmware { fwsetup } ŸÝq=âS|–aR­Ÿî®çM>m Cyã¥þ©Ê-å×®LÛÇŒÄ/³ÃtK'#ñQž,.O äõ©È~†d»A: KA?Õ‰]Ÿÿ³´ð×BÎX™k:®†eþÉibÕ¦8-grub_cmd: [ -f (hd0,gpt16)/grub/custom.cfg ] ÚÇ‹Áùýámáu2.ïÁP+—˜ã oU™îaö,Eh“Rò ÷í‡%ƒî‹ƒãßp,e§|™ ¢wK_8µüˆÊbP¦»¹„/ƒaÖ <¶Žï õüÍøt®¢¾í„oùþ»ÈO7Dgrub_cmd: [ -z (hd0,gpt16)/grub -a -f (hd0,gpt16)/grub/custom.cfg ] ÇjeëÚj£Ú«¼ÖH;ð ô ¿]¤fÀ÷x™ ÜÈú,Eaº’‘-_¼JÁãû £ {äû›ë‹"‚ÿФ~±6G&(Ô(KÙ®ŽŠt¨á_ „´cm·i*J`Ìgrub_cmd: setparams Ubuntu ˜ÐføÿÐFºË8±Œ¾é­§) ¥~~(nüNê‰e@ñ:8Ì’ä'{í‚ ígL”¿.­ °»…ÿxŸ%ÝcãAsk”ô¿:Íÿö ÓÿÊW‰ës}(£šömäf@Kû» Ú×grub_cmd: recordfail ºÁp…þõ6b¥ ï¿6hDÀtÿ d½¨ö[…׆‚H¢’ÄIf È÷PuÁ ‡®Y¤Û@á ³SϘ3›é«­ñ€Ø:¾µîîÀC³ò$v»]°º/Ca & óF ì³Á$í© l§¢grub_cmd: set recordfail=1 UÏÖF>ó4«¶´€€³>Àc©ÀQë ϤgoþuGçzf 3µ›>í4Ù³£Ò`‘«Y “J¯Éœ°§ËøwíEìüqHàÉ4ÐRk(&Å|“€,Éb<%’6‰Þ/ËbfŸãáágrub_cmd: [ -z ] ’^æ›|ŠÄ“|¾GÕÈSQØi´è× Î,Âwº;Ç[f!cëãp4MK®×_µ½@¶ºß .GÅä›óÉ4ôˆüÀsH•P¦M¶* | DÉÝœ*ù7d|‡½wã8>pž úgrub_cmd: save_env recordfail åžfÖì„ G$÷‘é)ñSáD v&«Ø¾tBÂåu6J>•Ë:;S»á†<ךæk eÍéŒû ‰q˜jˆÍøgrub_cmd: gfxmode keep .gmÝ›ð× Í\fØW2Þ{w¶ ¥‹wÏœIÀ¹yßgçòÁ“Óa>?ÄÉ똢µÐoÌ |^¡± ¦’ $á-µö¥°ënÓfÌëŠËDx…rB"õc#¤“ѳ©Xú|grub_cmd: set gfxpayload=keep RAµß¥†y‰]•÷Ÿú _BºKUê µ]„»° ^»ÆÊÝjœ´›5¿ÌlNùÅ;f ÷ÇDY» ø®$‘X‡œʳ¸¯”^ ÷±iw½e¨ \ˆÿ)Ëvó½Ögrub_cmd: [ keep = keep ] ˆn*¡™ôöÒ™~ Šèk ÏÐ;6èoaq"çóÿèŸ|ðú§sñ¼í(÷ðÁú ‹ÈèÅaòYˆ¾žiÚ*ö&ÇÓÇ5õ™«Ï'ø<S §hGÜ^I/Az$²ôW&grub_cmd: set vt_handoff=vt.handoff=7 ºPœ£‚ðhû lFtÔÆRîg¹Šb×TËòÕÜ ÚãÖn‚ǔė„ †*ç—aS$ý\=ûü²&9b…^ÒÛ)iù„VðÚ¶ªŠ¢âþ¼g)W†¨çê¤^6Í£úóÐ¥õü’ìM$ïJÙXFiY4¶Â² åkå+Ûâ÷Oûgrub_cmd: insmod part_gpt ¯?«¬ž\V¸/ «˜2‰ª»öï ¸8¤Ò† û±z·ö eY ›; ›1ØÒû áB¥”Ùˆý¥¦[$¤¤Œ,ô°6ÝwJ♯E·Ó; þ¤©iÓÀÚrºSùîê÷¦grub_cmd: insmod ext2 3i¡1’bæ3Túï<£ÉÜgÌî Hê¬ZónHk0‰Ä‹ZO/#‘ø¡sjùÂcóæ³ É +Ñ•_ˆ"ÿ“í†. i«ÃÀ§ û<ªÊÞ"# ^J¾AÔrØ<8éÆK6ÂWgrub_cmd: search --no-floppy --fs-uuid --set=root 94f07b36-6512-4b02-849a-286e93dcebf7 ºE+ð ˆ(³]é‰À…8 ‚¤¡NC¤÷a®c(] ðZñ9ò`úå{, szó8+ ®aÄ[<%Èœê?}ÞädŽw`†÷Ö/´¹ÁÕaH¡¾¿Þj9SDV{SŒmðmžgrub_cmd: [ = 1 ] T –‚-†@ÏeOc~º—Réâ Ñ»×ÕsÖ6… žûϬžXŸÍ4ö±kLJ"uêl= !dÙFâ|îщŒ~Øv™))c¹-@Øê0…´2„¥{?=ûƒ¬ Eë(®pÝ_ýQ„Dgrub_cmd: echo GRUB_FORCE_PARTUUID set, attempting initrdless boot. ±í㯌ª/B²ò[ h1LrŽ ¥uçì´×x ±i»ú¤¹÷ĵÌnýe"†«Ø&¶8Âr (D¦ú8Åõƒ,(beN*U<˜QUZ8w^•Úã|‡³o†èRµG<¿—Á¹ÔÎ&|grub_cmd: linux /vmlinuz-6.8.0-1010-gcp root=PARTUUID=8270f3c9-b4e4-4345-80ee-5a62db7ebf3f ro console=ttyS0,115200 panic=-1 jÛÓçÉ‚DN:íbŽÏ8’B ¦ÍÖÿIñO”¨7S·Ô#Bi_bƒ#¨({ «R»‡W3¬Ô“Ëüéu¼ÒRWQÓÖç-Š'¤Dž¶,´"“÷Ѷït’—~-/Ñ]/vmlinuz-6.8.0-1010-gcp ‰¡*–UNˆªÖFì× ÄÖ¿±ß´ S5x@¯ƒ6kÈåcÕ¶áQ4©»Üö Ñ®D)´ Àw€¸ÒŠ’ ÝqœïvÚ‚zÜB~«ŸžvÚŒ8•¦ÞìAnÿG)t÷@å|kernel_cmdline: /vmlinuz-6.8.0-1010-gcp root=PARTUUID=8270f3c9-b4e4-4345-80ee-5a62db7ebf3f ro console=ttyS0,115200 panic=-1 ŒiDÅퟄ?Õõ¼2”çÛ v¼lmpÎ4¢KÚ&5„íÐý]”ù ¢Ý^P é‹=ò sÕü÷ucÔ*³k1Ú€ G˜sä8>ÂØBŽÕrúBžÌûÖ>¿}4+¡š~è(í3Ó•grub_cmd: initrdfail UÏÖF>ó4«¶´€€³>Àc©ÀQë ϤgoþuGçzf 3µ›>í4Ù³£Ò`‘«Y “J¯Éœ°§ËøwíEìüqHàÉ4ÐRk(&Å|“€,Éb<%’6‰Þ/ËbfŸãáágrub_cmd: [ -z ] p&‰ ü¨4˜9Ü·‘=ÈKÕ{Ñ k,—ö@ºØsÈ¡4G’®þ;©>Øò ¸è‘“Rlÿ_» É2 }ú‹ /¿àéRâ¿ ˜G‹²xç‹2è¯_/ÊÞö‚âòèO'›«N"²grub_cmd: set initrdfail=1 z†Áò8gØ•¹Tqa‹Þ- $6¯ãËT«€}l¥&í12ÜYxžÓòñHèiHéx L÷&ìÔ"µm÷Ê/7|²¤îmœ¡õ´@–øüf·;VÐïü91Å©3'QrË÷grub_cmd: [ -n ] ŸP–{Àf‚iDj©/+ˆb  X9ý›þ¾;Þw9ßjƒ 7âZGÿ¦¡d´¢ PÈ &%Ðýô` , ™>¹`ɸ­*Í0™ê#ë?êX³&=Ù‰UóJ¨”Ž4èd·G ­grub_cmd: save_env initrdfail xYûiÈÖÖ’éÙÏs›øcÕý`\y h,ª†<3Ò}Û ŠÑ®H•{7|ý'5šr ’ âk¨X« ¦P4Õ?ñïØÂ×ëò u׋äÊx²ÌÌ.4|}Vk³OpWÈ»«™ø"í";LOADED_IMAGE::LoadOptions€±L_½ÇÍ—6 åOìVÖÚ„• #Ýì¼2êž‘ÿÉ„µ]Ÿ³K$öÖÙ]]3Ý•è$A_ÝO tÍ>ÜDÅΉ—ßûmãkÆ5#ºaG®’3 3¨XÇœATI '¤èü­d½_;†n(Exit Boot Services Returned with Failure€D:k{‚·¯VO.9<ÙÕ£ˆ·úJ˜ Ø=k{…­5Ž³¶®j‡:·ï#¢cRÅÜOªZîÚÏ^´ !K ïyu`4Hwt?Ü*S‚ºÆçbÖ$ÌóöT@|K­÷Øù)]ÓÚ½ïe²vwàExit Boot Services Invocation€GUEÝÉx׿Ð6úÌ~.˜HŸ µOuBËØr¨ꃛ+t|~½^¦a\@ô/D¦Ûë  .È]êç¥0­Œm ¨@ º¾l‰‰&ž• Œô@Æé—i^dÔUÄJe,Ѐö# t(Exit Boot Services Returned with Successgo-tpm-tools-0.4.7/internal/test/load_random_external_key.go000066400000000000000000000022521510276467000242470ustar00rootroot00000000000000// Package test provides helper methods for testing. It should never be // included in non-test libraries/binaries. package test import ( "crypto/rand" "crypto/rsa" "io" "testing" "github.com/google/go-tpm/legacy/tpm2" "github.com/google/go-tpm/tpmutil" ) // LoadRandomExternalKey loads a randomly generated external key into the // TPM simulator and returns its' handle. If any errors occur, calls Fatal() // on the passed testing.TB. func LoadRandomExternalKey(tb testing.TB, rw io.ReadWriter) tpmutil.Handle { tb.Helper() pk, err := rsa.GenerateKey(rand.Reader, 2048) if err != nil { tb.Fatal(err) } public := tpm2.Public{ Type: tpm2.AlgRSA, NameAlg: tpm2.AlgSHA1, Attributes: tpm2.FlagSign | tpm2.FlagUserWithAuth, RSAParameters: &tpm2.RSAParams{ Sign: &tpm2.SigScheme{ Alg: tpm2.AlgRSASSA, Hash: tpm2.AlgSHA1, }, KeyBits: 2048, ExponentRaw: uint32(pk.PublicKey.E), ModulusRaw: pk.PublicKey.N.Bytes(), }, } private := tpm2.Private{ Type: tpm2.AlgRSA, Sensitive: pk.Primes[0].Bytes(), } handle, _, err := tpm2.LoadExternal(rw, public, private, tpm2.HandleNull) if err != nil { tb.Error(err) } return handle } go-tpm-tools-0.4.7/internal/test/simulate_test.go000066400000000000000000000013271510276467000221020ustar00rootroot00000000000000package test import ( "crypto" "testing" "github.com/google/go-tpm-tools/client" "github.com/google/go-tpm-tools/server" ) func TestGetTPM(t *testing.T) { tpm := GetSimulatorWithLog(t, SP800155EventLog) defer tpm.Close() ak, err := client.AttestationKeyECC(tpm) if err != nil { t.Fatalf("failed to create key: %v", err) } nonce := []byte("hello") attestation, err := ak.Attest(client.AttestOpts{Nonce: nonce}) if err != nil { t.Fatalf("failed to attest: %v", err) } _, err = server.VerifyAttestation(attestation, server.VerifyOpts{ Nonce: nonce, TrustedAKs: []crypto.PublicKey{ak.PublicKey()}, }) if err != nil { t.Errorf("failed to verify attestation for SP800 155 event log: %v", err) } } go-tpm-tools-0.4.7/internal/test/tdx_test_files/000077500000000000000000000000001510276467000217065ustar00rootroot00000000000000go-tpm-tools-0.4.7/internal/test/tdx_test_files/tdxReportData.bin000066400000000000000000000001001510276467000251540ustar00rootroot00000000000000lbÞÁ¸I£«I å2£YDÞ¤|®ñù€†9“Ù‰•Eët£í1;˜zF}¬êÖðÈzmvlföòŸŠË(go-tpm-tools-0.4.7/internal/test/test_cert.go000066400000000000000000000025531510276467000212160ustar00rootroot00000000000000package test import ( "crypto/rand" "crypto/rsa" "crypto/x509" "math/big" "testing" "time" ) // GetTestCert returns an x509 Certificate with the provided issuingURL and signed with the provided parent certificate and key. // If parentCert and parentKey are nil, the certificate will be self-signed. func GetTestCert(t *testing.T, issuingURL []string, parentCert *x509.Certificate, parentKey *rsa.PrivateKey) (*x509.Certificate, *rsa.PrivateKey) { t.Helper() certKey, _ := rsa.GenerateKey(rand.Reader, 2048) template := &x509.Certificate{ SerialNumber: big.NewInt(1), NotBefore: time.Now(), NotAfter: time.Now().AddDate(10, 0, 0), KeyUsage: x509.KeyUsageCertSign | x509.KeyUsageCRLSign, ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, BasicConstraintsValid: true, IsCA: true, MaxPathLenZero: true, IssuingCertificateURL: issuingURL, } if parentCert == nil && parentKey == nil { parentCert = template parentKey = certKey } certBytes, err := x509.CreateCertificate(rand.Reader, template, parentCert, certKey.Public(), parentKey) if err != nil { t.Fatalf("Unable to create test certificate: %v", err) } cert, err := x509.ParseCertificate(certBytes) if err != nil { t.Fatalf("Unable to parse test certificate: %v", err) } return cert, certKey } go-tpm-tools-0.4.7/internal/test/test_data.go000066400000000000000000000115261510276467000211720ustar00rootroot00000000000000package test import _ "embed" // Necessary to use go:embed // Raw binary TCG Event Logs var ( //go:embed eventlogs/arch-linux-workstation.bin ArchLinuxWorkstationEventLog []byte //go:embed eventlogs/debian-10.bin Debian10EventLog []byte //go:embed eventlogs/glinux-alex.bin GlinuxAlexEventLog []byte //go:embed eventlogs/rhel8-uefi.bin Rhel8EventLog []byte //go:embed eventlogs/ubuntu-1804-amd-sev.bin Ubuntu1804AmdSevEventLog []byte //go:embed eventlogs/ubuntu-2104-no-dbx.bin Ubuntu2104NoDbxEventLog []byte //go:embed eventlogs/ubuntu-2104-no-secure-boot.bin Ubuntu2104NoSecureBootEventLog []byte //go:embed eventlogs/ubuntu-2404-amd-sevsnp.bin Ubuntu2404AmdSevSnpEventLog []byte //go:embed eventlogs/cos-85-amd-sev.bin Cos85AmdSevEventLog []byte //go:embed eventlogs/cos-93-amd-sev.bin Cos93AmdSevEventLog []byte //go:embed eventlogs/cos-101-amd-sev.bin Cos101AmdSevEventLog []byte //go:embed eventlogs/gdc-host.bin GdcHost []byte //go:embed eventlogs/eventlogwithsp800155.bin SP800155EventLog []byte //go:embed eventlogs/confidential-gke-debug-251000_eventlog.bin CGKE251000 []byte ) // Kernel command lines from event logs. var ( Ubuntu2404AmdSevSnpCmdline = "/vmlinuz-6.8.0-1010-gcp root=PARTUUID=8270f3c9-b4e4-4345-80ee-5a62db7ebf3f ro console=ttyS0,115200 panic=-1\x00" Cos85AmdSevCmdline = "/syslinux/vmlinuz.A init=/usr/lib/systemd/systemd boot=local rootwait ro noresume noswap loglevel=7 noinitrd console=ttyS0 security=apparmor virtio_net.napi_tx=1 systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi root=/dev/dm-0 \"dm=1 vroot none ro 1,0 4077568 verity payload=PARTUUID=EF8ECEE2-2385-AE4F-A146-1ED93D8AC217 hashtree=PARTUUID=EF8ECEE2-2385-AE4F-A146-1ED93D8AC217 hashstart=4077568 alg=sha256 root_hexdigest=795872ee03859c10dfcc4d67b4b96c85094b340c2d8784783abc2fa12a6ed671 salt=40eb77fb9093cbff56a6f9c2214c4f7554817d079513b7c77de4953d6b8ffc16\"\x00" Cos93AmdSevCmdline = "/syslinux/vmlinuz.A init=/usr/lib/systemd/systemd boot=local rootwait ro noresume loglevel=7 noinitrd console=ttyS0 security=apparmor virtio_net.napi_tx=1 systemd.unified_cgroup_hierarchy=false systemd.legacy_systemd_cgroup_controller=false csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 console=tty1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi root=/dev/dm-0 \"dm=1 vroot none ro 1,0 4077568 verity payload=PARTUUID=05CDEDEA-42C6-2248-B6B3-AB4CE3EA7501 hashtree=PARTUUID=05CDEDEA-42C6-2248-B6B3-AB4CE3EA7501 hashstart=4077568 alg=sha256 root_hexdigest=8db95edb446a7311634fc8409e6eab39c66886c4db16aeeef166bbd8fe4ff357 salt=3ec6b6fef69119253b9a5f79a5bb06bc7b12f177063b2466a04f08976375af44\"\x00" Cos101AmdSevCmdline = "/syslinux/vmlinuz.A init=/usr/lib/systemd/systemd boot=local rootwait ro noresume loglevel=7 console=tty1 console=ttyS0 security=apparmor virtio_net.napi_tx=1 nmi_watchdog=0 csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi root=/dev/dm-0 \"dm=1 vroot none ro 1,0 4077568 verity payload=PARTUUID=1D70214B-9AB3-E542-8372-3CCD786534FA hashtree=PARTUUID=1D70214B-9AB3-E542-8372-3CCD786534FA hashstart=4077568 alg=sha256 root_hexdigest=48d436350a7e83bde985cd3f7e79fa443557743b42243803ce31104ca4719c5d salt=b323b014b6f463172fca758a1c5a6745a2c8e5872be0e175e2f4b40c8295b2ab\"\x00" ) // Attestation .pb files. var ( //go:embed attestations/gce-cos-85-no-nonce.pb COS85NoNonce []byte //go:embed attestations/gce-cos-85-nonce9009.pb COS85Nonce9009 []byte ) // EK and AK Certificates. var ( //go:embed certificates/pca_tpm_ecc_enc_cert.pem GCEEncryptECCCertPCA []byte //go:embed certificates/pca_tpm_ecc_sign_cert.pem GCESignECCCertPCA []byte //go:embed certificates/pca_tpm_rsa_enc_cert.pem GCEEncryptRSACertPCA []byte //go:embed certificates/pca_tpm_rsa_sign_cert.pem GCESignRSACertPCA []byte //go:embed certificates/uca_tpm_ecc_enc_cert.pem GCEEncryptECCCertUCA []byte //go:embed certificates/uca_tpm_ecc_sign_cert.pem GCESignECCCertUCA []byte //go:embed certificates/uca_tpm_rsa_enc_cert.pem GCEEncryptRSACertUCA []byte //go:embed certificates/uca_tpm_rsa_sign_cert.pem GCESignRSACertUCA []byte ) // GCECertPEMs provides a variety of GCE test certificates, including AK/EK, // RSA/ECC, and PCA/UCA. var GCECertPEMs = [][]byte{ GCEEncryptECCCertPCA, GCESignECCCertPCA, GCEEncryptRSACertPCA, GCESignRSACertPCA, GCEEncryptECCCertUCA, GCESignECCCertUCA, GCEEncryptRSACertUCA, GCESignRSACertUCA, } // TDX test files var ( //go:embed tdx_test_files/tdxReportData.bin TdxReportData []byte // Use as tdx nonce ) go-tpm-tools-0.4.7/internal/test/test_other.go000066400000000000000000000010361510276467000213750ustar00rootroot00000000000000//go:build !windows // +build !windows package test import ( "flag" "io" "github.com/google/go-tpm/legacy/tpm2" ) // As this package is only included in tests, this flag will not conflict with // the --tpm-path flag in gotpm/cmd var tpmPath = flag.String("tpm-path", "", "Path to Linux TPM character device (i.e. /dev/tpm0 or /dev/tpmrm0). Empty value (default) will run tests against the simulator.") func useRealTPM() bool { return *tpmPath != "" } func getRealTPM() (io.ReadWriteCloser, error) { return tpm2.OpenTPM(*tpmPath) } go-tpm-tools-0.4.7/internal/test/test_tpm.go000066400000000000000000000160161510276467000210600ustar00rootroot00000000000000package test import ( "encoding/binary" "io" "sync" "testing" "github.com/google/go-attestation/attest" "github.com/google/go-tpm-tools/simulator" "github.com/google/go-tpm/legacy/tpm2" gtpm2 "github.com/google/go-tpm/tpm2" "github.com/google/go-tpm/tpmutil" ) // Only open the TPM device once. Reopening the device causes issues on Linux. var ( tpm io.ReadWriteCloser lock sync.Mutex ) // PCR registers that are OK to use in tests (can be reset without reboot) var ( DebugPCR = 16 ApplicationPCR = 23 ) type noClose struct { io.ReadWriter } func (n noClose) Close() error { return nil } type simulatedTpm struct { io.ReadWriteCloser eventLog []byte } func (s simulatedTpm) EventLog() ([]byte, error) { return s.eventLog, nil } // SkipOnUnsupportedAlg skips the test if the algorithm is not found in the TPM // capability. func SkipOnUnsupportedAlg(t testing.TB, rw io.ReadWriter, alg tpm2.Algorithm) { moreData := true for i := uint32(0); moreData; i++ { var err error var descs []interface{} descs, moreData, err = tpm2.GetCapability(rw, tpm2.CapabilityAlgs, 1, i) if err != nil { t.Fatalf("Could not get TPM algorithm capability: %v", err) } for _, desc := range descs { if desc.(tpm2.AlgorithmDescription).ID == alg { return } } if !moreData { break } } t.Skipf("Algorithm %v is not supported by the TPM", alg) } // GetTPM is a cross-platform testing helper function that retrives the // appropriate TPM device from the flags passed into "go test". // // If using a test TPM, this will also retrieve a test eventlog. In this case, // GetTPM extends the test event log's events into the test TPM. func GetTPM(tb testing.TB) io.ReadWriteCloser { tb.Helper() if !useRealTPM() { return GetSimulatorWithLog(tb, Rhel8EventLog) } lock.Lock() defer lock.Unlock() if tpm == nil { var err error if tpm, err = getRealTPM(); err != nil { tb.Fatalf("Failed to open TPM: %v", err) } } return noClose{tpm} } // SkipForRealTPM causes a test or benchmark to be skipped if we are not using // a test TPM. This lets us avoid clobbering important PCRs on a real machine. func SkipForRealTPM(tb testing.TB) { if useRealTPM() { tb.Skip("Running against a real TPM, Skipping Test") } } // GetSimulatorWithLog returns a simulated TPM with PCRs that match the events // of the passed in eventlog. This allows for testing attestation flows. func GetSimulatorWithLog(tb testing.TB, eventLog []byte) io.ReadWriteCloser { simulator, err := simulator.Get() if err != nil { tb.Fatalf("Simulator initialization failed: %v", err) } // Make sure that whatever happens, we close the simulator tb.Cleanup(func() { if !simulator.IsClosed() { tb.Error("simulator was not properly closed") if err := simulator.Close(); err != nil { tb.Errorf("when closing simulator: %v", err) } } }) // Extend event log events on simulator TPM. simulateEventLogEvents(tb, simulator, eventLog) return simulatedTpm{simulator, eventLog} } // simulateEventLogEvents simulates the events in the test event log // "server/test/ubuntu-2104-event-log" by parsing the log // and manually extending the TPM. func simulateEventLogEvents(tb testing.TB, rw io.ReadWriter, eventLog []byte) { attestEventLog, err := attest.ParseEventLog(eventLog) if err != nil { tb.Fatalf("Failed to parse test event log: %v", err) } // TODO: The Ubuntu 21.04 event log also includes SHA384, but this is not yet // supported by go-attestation or go-tpm-tools. hashAlgs := map[tpm2.Algorithm]attest.HashAlg{ tpm2.AlgSHA1: attest.HashSHA1, tpm2.AlgSHA256: attest.HashSHA256, } for tpm2Alg, attestAlg := range hashAlgs { events := attestEventLog.Events(attestAlg) for _, event := range events { // EV_NO_ACTION if event.Type == 0x03 { continue } extendOnePcr(tb, rw, event.Index, tpm2Alg, event.Digest) } } } func extendOnePcr(tb testing.TB, rw io.ReadWriter, pcr int, hashAlg tpm2.Algorithm, hash []byte) { err := tpm2.PCRExtend(rw, tpmutil.Handle(pcr), hashAlg, hash, "") if err != nil { tb.Fatalf("PCRExtend failed: %v", err) } } // CreateTpm2EventLog generates a sample event log that is based on gceConfidentialTechnology func CreateTpm2EventLog(gceConfidentialTechnologyEnum byte) []byte { pcr0 := uint32(0) algorithms := []gtpm2.TPMIAlgHash{gtpm2.TPMAlgSHA1, gtpm2.TPMAlgSHA256, gtpm2.TPMAlgSHA384} specEventInfo := []byte{ 'S', 'p', 'e', 'c', ' ', 'I', 'D', ' ', 'E', 'v', 'e', 'n', 't', '0', '3', 0, 0, 0, 0, 0, // platformClass 0, // specVersionMinor, 2, // specVersionMajor, 0, // specErrata 2, // uintnSize byte(len(algorithms)), 0, 0, 0} // NumberOfAlgorithms for _, alg := range algorithms { var algInfo [4]byte algo, _ := alg.Hash() binary.LittleEndian.PutUint16(algInfo[0:2], uint16(alg)) binary.LittleEndian.PutUint16(algInfo[2:4], uint16(algo.Size())) specEventInfo = append(specEventInfo, algInfo[:]...) } vendorInfoSize := byte(0) specEventInfo = append(specEventInfo, vendorInfoSize) specEventHeader := make([]byte, 32) evNoAction := uint32(0x03) binary.LittleEndian.PutUint32(specEventHeader[0:4], pcr0) binary.LittleEndian.PutUint32(specEventHeader[4:8], evNoAction) binary.LittleEndian.PutUint32(specEventHeader[28:32], uint32(len(specEventInfo))) specEvent := append(specEventHeader, specEventInfo...) // After the Spec ID Event, all events must use all the specified digest algorithms. extendHashes := func(buffer []byte, info []byte) []byte { var numberOfDigests [4]byte binary.LittleEndian.PutUint32(numberOfDigests[:], uint32(len(algorithms))) buffer = append(buffer, numberOfDigests[:]...) for _, alg := range algorithms { algo, _ := alg.Hash() digest := make([]byte, 2+algo.Size()) binary.LittleEndian.PutUint16(digest[0:2], uint16(alg)) h := algo.New() h.Write(info) copy(digest[2:], h.Sum(nil)) buffer = append(buffer, digest...) } return buffer } writeTpm2Event := func(buffer []byte, pcr uint32, eventType uint32, info []byte) []byte { header := make([]byte, 8) binary.LittleEndian.PutUint32(header[0:4], pcr) binary.LittleEndian.PutUint32(header[4:8], eventType) buffer = append(buffer, header...) buffer = extendHashes(buffer, info) var eventSize [4]byte binary.LittleEndian.PutUint32(eventSize[:], uint32(len(info))) buffer = append(buffer, eventSize[:]...) return append(buffer, info...) } evSCRTMversion := uint32(0x08) versionEventInfo := []byte{ 'G', 0, 'C', 0, 'E', 0, ' ', 0, 'V', 0, 'i', 0, 'r', 0, 't', 0, 'u', 0, 'a', 0, 'l', 0, ' ', 0, 'F', 0, 'i', 0, 'r', 0, 'm', 0, 'w', 0, 'a', 0, 'r', 0, 'e', 0, ' ', 0, 'v', 0, '1', 0, 0, 0} withVersionEvent := writeTpm2Event(specEvent, pcr0, evSCRTMversion, versionEventInfo) nonHostEventInfo := []byte{ 'G', 'C', 'E', ' ', 'N', 'o', 'n', 'H', 'o', 's', 't', 'I', 'n', 'f', 'o', 0, gceConfidentialTechnologyEnum, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} evNonHostInfo := uint32(0x11) return writeTpm2Event(withVersionEvent, pcr0, evNonHostInfo, nonHostEventInfo) } go-tpm-tools-0.4.7/internal/test/test_windows.go000066400000000000000000000005311510276467000217450ustar00rootroot00000000000000package test import ( "flag" "io" "github.com/google/go-tpm/legacy/tpm2" ) var useTBS = flag.Bool("use-tbs", false, "Run the tests against the Windows TBS. Value of false (default) will run tests against the simulator.") func useRealTPM() bool { return *useTBS } func getRealTPM() (io.ReadWriteCloser, error) { return tpm2.OpenTPM() } go-tpm-tools-0.4.7/launcher/000077500000000000000000000000001510276467000156745ustar00rootroot00000000000000go-tpm-tools-0.4.7/launcher/.gcloudignore000066400000000000000000000001201510276467000203470ustar00rootroot00000000000000# Ignores binary uploads for Cloud Build. launcher launcher.test image/launcher go-tpm-tools-0.4.7/launcher/agent/000077500000000000000000000000001510276467000167725ustar00rootroot00000000000000go-tpm-tools-0.4.7/launcher/agent/agent.go000066400000000000000000000310671510276467000204260ustar00rootroot00000000000000// Package agent coordinates the communication between the TPM and the remote // attestation service. It handles: // - All TPM-related functionality (quotes, logs, certs, etc...) // - Fetching the relevant principal ID tokens // - Calling VerifyAttestation on the remote service package agent import ( "bytes" "context" "encoding/base64" "fmt" "io" "net/http" "os" "sync" "time" "github.com/cenkalti/backoff/v4" "github.com/google/go-configfs-tsm/configfs/configfsi" "github.com/google/go-configfs-tsm/configfs/linuxtsm" tg "github.com/google/go-tdx-guest/client" tlabi "github.com/google/go-tdx-guest/client/linuxabi" "github.com/google/go-tpm-tools/cel" "github.com/google/go-tpm-tools/client" "github.com/google/go-tpm-tools/internal" "github.com/google/go-tpm-tools/launcher/internal/logging" "github.com/google/go-tpm-tools/launcher/internal/signaturediscovery" "github.com/google/go-tpm-tools/launcher/spec" pb "github.com/google/go-tpm-tools/proto/attest" "github.com/google/go-tpm-tools/verifier" "github.com/google/go-tpm-tools/verifier/models" "github.com/google/go-tpm-tools/verifier/oci" "github.com/google/go-tpm-tools/verifier/util" ) const ( audienceSTS = "https://sts.googleapis.com" ) type principalIDTokenFetcher func(audience string) ([][]byte, error) // AttestationAgent is an agent that interacts with GCE's Attestation Service // to Verify an attestation message. It is an interface instead of a concrete // struct to make testing easier. type AttestationAgent interface { MeasureEvent(cel.Content) error Attest(context.Context, AttestAgentOpts) ([]byte, error) AttestWithClient(ctx context.Context, opts AttestAgentOpts, client verifier.Client) ([]byte, error) Refresh(context.Context) error Close() error } type attestRoot interface { // Extend measures the cel content into a measurement register and appends to the CEL. Extend(cel.Content) error // GetCEL fetches the CEL with events corresponding to the sequence of Extended measurements // to this attestation root GetCEL() *cel.CEL // Attest fetches a technology-specific quote from the root of trust. Attest(nonce []byte) (any, error) } // AttestAgentOpts contains user generated options when calling the // VerifyAttestation API type AttestAgentOpts struct { TokenOptions *models.TokenOptions } type agent struct { measuredRots []attestRoot avRot attestRoot fetchedAK *client.Key client verifier.Client principalFetcher principalIDTokenFetcher sigsFetcher signaturediscovery.Fetcher launchSpec spec.LaunchSpec logger logging.Logger sigsCache *sigsCache } // CreateAttestationAgent returns an agent capable of performing remote // attestation using the machine's (v)TPM to GCE's Attestation Service. // - tpm is a handle to the TPM on the instance // - akFetcher is a func to fetch an attestation key: see go-tpm-tools/client. // - principalFetcher is a func to fetch GCE principal tokens for a given audience. // - signaturesFetcher is a func to fetch container image signatures associated with the running workload. // - logger will log any partial errors returned by VerifyAttestation. func CreateAttestationAgent(tpm io.ReadWriteCloser, akFetcher util.TpmKeyFetcher, verifierClient verifier.Client, principalFetcher principalIDTokenFetcher, sigsFetcher signaturediscovery.Fetcher, launchSpec spec.LaunchSpec, logger logging.Logger) (AttestationAgent, error) { // Fetched the AK and save it, so the agent doesn't need to create a new key everytime ak, err := akFetcher(tpm) if err != nil { return nil, fmt.Errorf("failed to create an Attestation Agent: %w", err) } attestAgent := &agent{ client: verifierClient, fetchedAK: ak, principalFetcher: principalFetcher, sigsFetcher: sigsFetcher, launchSpec: launchSpec, logger: logger, sigsCache: &sigsCache{}, } // Add TPM logger.Info("Adding TPM PCRs for measurement.") var tpmAR = &tpmAttestRoot{ fetchedAK: ak, tpm: tpm, } attestAgent.measuredRots = append(attestAgent.measuredRots, tpmAR) // check if is a TDX machine qp, err := tg.GetQuoteProvider() if err != nil { return nil, err } // Use qp.IsSupported to check the TDX RTMR interface is enabled if qp.IsSupported() == nil { logger.Info("Adding TDX RTMRs for measurement.") // try to create tsm client for tdx rtmr tsm, err := linuxtsm.MakeClient() if err != nil { return nil, fmt.Errorf("failed to create TSM for TDX: %v", err) } var tdxAR = &tdxAttestRoot{ qp: qp, tsmClient: tsm, } attestAgent.measuredRots = append(attestAgent.measuredRots, tdxAR) logger.Info("Using TDX RTMR as attestation root.") attestAgent.avRot = tdxAR } else { logger.Info("Using TPM PCR as attestation root.") attestAgent.avRot = tpmAR } return attestAgent, nil } // Close cleans up the agent func (a *agent) Close() error { a.fetchedAK.Close() return nil } // MeasureEvent takes in a cel.Content and appends it to the CEL eventlog // under the attestation agent. // MeasureEvent measures to all Attest Roots. func (a *agent) MeasureEvent(event cel.Content) error { for _, attestRoot := range a.measuredRots { if err := attestRoot.Extend(event); err != nil { return err } } return nil } // Attest fetches the nonce and connection ID from the Attestation Service, // creates an attestation message, and returns the resultant // principalIDTokens and Metadata Server-generated ID tokens for the instance. // When possible, Attest uses the technology-specific attestation root-of-trust // (TDX RTMR), otherwise falls back to the vTPM. func (a *agent) Attest(ctx context.Context, opts AttestAgentOpts) ([]byte, error) { if a.client == nil { return nil, fmt.Errorf("attest agent does not have initialized verifier client") } return a.AttestWithClient(ctx, opts, a.client) } // AttestWithClient fetches the nonce and connection ID from the Attestation Service via the provided client, // creates an attestation message, and returns the resultant // principalIDTokens and Metadata Server-generated ID tokens for the instance. // When possible, Attest uses the technology-specific attestation root-of-trust // (TDX RTMR), otherwise falls back to the vTPM. func (a *agent) AttestWithClient(ctx context.Context, opts AttestAgentOpts, client verifier.Client) ([]byte, error) { challenge, err := client.CreateChallenge(ctx) if err != nil { return nil, err } tokenOpts := opts.TokenOptions if tokenOpts == nil { tokenOpts = &models.TokenOptions{TokenType: "OIDC"} } // The customer is responsible for providing an audience if they provided nonces. if tokenOpts.Audience == "" && len(tokenOpts.Nonces) == 0 { tokenOpts.Audience = audienceSTS } principalTokens, err := a.principalFetcher(challenge.Name) if err != nil { return nil, fmt.Errorf("failed to get principal tokens: %w", err) } // attResult can be tdx or tpm or other attest root attResult, err := a.avRot.Attest(challenge.Nonce) if err != nil { return nil, fmt.Errorf("failed to attest: %v", err) } var cosCel bytes.Buffer if err := a.avRot.GetCEL().EncodeCEL(&cosCel); err != nil { return nil, err } req := verifier.VerifyAttestationRequest{ Challenge: challenge, GcpCredentials: principalTokens, TokenOptions: tokenOpts, } switch v := attResult.(type) { case *pb.Attestation: a.logger.Info("attestation through TPM quote") v.CanonicalEventLog = cosCel.Bytes() req.Attestation = v case *verifier.TDCCELAttestation: a.logger.Info("attestation through TDX quote") certChain, err := internal.GetCertificateChain(a.fetchedAK.Cert(), http.DefaultClient) if err != nil { return nil, fmt.Errorf("failed when fetching certificate chain: %w", err) } v.CanonicalEventLog = cosCel.Bytes() v.IntermediateCerts = certChain v.AkCert = a.fetchedAK.CertDERBytes() req.TDCCELAttestation = v default: return nil, fmt.Errorf("received an unsupported attestation type! %v", v) } signatures := a.sigsCache.get() if len(signatures) > 0 { for _, sig := range signatures { verifierSig, err := convertOCIToContainerSignature(sig) if err != nil { a.logger.Error(fmt.Sprintf("error converting container signatures: %v", err)) continue } req.ContainerImageSignatures = append(req.ContainerImageSignatures, verifierSig) } a.logger.Info("Found container image signatures: %v\n", signatures) } resp, err := client.VerifyAttestation(ctx, req) if err != nil { return nil, err } if len(resp.PartialErrs) > 0 { a.logger.Error(fmt.Sprintf("Partial errors from VerifyAttestation: %v", resp.PartialErrs)) } return resp.ClaimsToken, nil } func convertOCIToContainerSignature(ociSig oci.Signature) (*verifier.ContainerSignature, error) { payload, err := ociSig.Payload() if err != nil { return nil, fmt.Errorf("failed to get payload from signature [%v]: %v", ociSig, err) } b64Sig, err := ociSig.Base64Encoded() if err != nil { return nil, fmt.Errorf("failed to get base64 signature from signature [%v]: %v", ociSig, err) } sigBytes, err := base64.StdEncoding.DecodeString(b64Sig) if err != nil { return nil, fmt.Errorf("failed to decode signature for signature [%v]: %v", ociSig, err) } return &verifier.ContainerSignature{ Payload: payload, Signature: sigBytes, }, nil } type tpmAttestRoot struct { tpmMu sync.Mutex fetchedAK *client.Key tpm io.ReadWriteCloser cosCel cel.CEL } func (t *tpmAttestRoot) GetCEL() *cel.CEL { return &t.cosCel } func (t *tpmAttestRoot) Extend(c cel.Content) error { return t.cosCel.AppendEventPCR(t.tpm, cel.CosEventPCR, c) } func (t *tpmAttestRoot) Attest(nonce []byte) (any, error) { t.tpmMu.Lock() defer t.tpmMu.Unlock() return t.fetchedAK.Attest(client.AttestOpts{ Nonce: nonce, CertChainFetcher: http.DefaultClient, }) } type tdxAttestRoot struct { tdxMu sync.Mutex qp *tg.LinuxConfigFsQuoteProvider tsmClient configfsi.Client cosCel cel.CEL } func (t *tdxAttestRoot) GetCEL() *cel.CEL { return &t.cosCel } func (t *tdxAttestRoot) Extend(c cel.Content) error { return t.cosCel.AppendEventRTMR(t.tsmClient, cel.CosRTMR, c) } func (t *tdxAttestRoot) Attest(nonce []byte) (any, error) { t.tdxMu.Lock() defer t.tdxMu.Unlock() var tdxNonce [tlabi.TdReportDataSize]byte copy(tdxNonce[:], nonce) rawQuote, err := tg.GetRawQuote(t.qp, tdxNonce) if err != nil { return nil, err } ccelData, err := os.ReadFile("/sys/firmware/acpi/tables/data/CCEL") if err != nil { return nil, err } ccelTable, err := os.ReadFile("/sys/firmware/acpi/tables/CCEL") if err != nil { return nil, err } return &verifier.TDCCELAttestation{ CcelAcpiTable: ccelTable, CcelData: ccelData, TdQuote: rawQuote, }, nil } // Refresh refreshes the internal state of the attestation agent. // It will reset the container image signatures for now. func (a *agent) Refresh(ctx context.Context) error { signatures := fetchContainerImageSignatures(ctx, a.sigsFetcher, a.launchSpec.SignedImageRepos, defaultRetryPolicy, a.logger) a.sigsCache.set(signatures) a.logger.Info("Refreshed container image signature cache", "signatures", signatures) return nil } func fetchContainerImageSignatures(ctx context.Context, fetcher signaturediscovery.Fetcher, targetRepos []string, retry func() backoff.BackOff, logger logging.Logger) []oci.Signature { signatures := make([][]oci.Signature, len(targetRepos)) var wg sync.WaitGroup for i, repo := range targetRepos { wg.Add(1) go func(targetRepo string, index int) { defer wg.Done() // backoff independently per repo var sigs []oci.Signature err := backoff.RetryNotify( func() error { s, err := fetcher.FetchImageSignatures(ctx, targetRepo) sigs = s return err }, retry(), func(err error, _ time.Duration) { logger.Error(fmt.Sprintf("Failed to fetch container image signatures from repo: %v", err.Error()), "repo", targetRepo) }) if err != nil { logger.Error(fmt.Sprintf("Failed all attempts to refresh container signatures from repo: %v", err.Error()), "repo", targetRepo) } else { signatures[index] = sigs } }(repo, i) } wg.Wait() var foundSigs []oci.Signature for _, sigs := range signatures { foundSigs = append(foundSigs, sigs...) } return foundSigs } func defaultRetryPolicy() backoff.BackOff { b := backoff.NewConstantBackOff(time.Millisecond * 300) return backoff.WithMaxRetries(b, 3) } type sigsCache struct { mu sync.RWMutex items []oci.Signature } func (c *sigsCache) set(sigs []oci.Signature) { c.mu.Lock() defer c.mu.Unlock() c.items = make([]oci.Signature, len(sigs)) copy(c.items, sigs) } func (c *sigsCache) get() []oci.Signature { c.mu.RLock() defer c.mu.RUnlock() return c.items } go-tpm-tools-0.4.7/launcher/agent/agent_test.go000066400000000000000000000457361510276467000214750ustar00rootroot00000000000000package agent import ( "context" "crypto/rand" "crypto/rsa" "encoding/base64" "fmt" "math" "runtime" "sync" "testing" "time" "github.com/cenkalti/backoff/v4" "github.com/golang-jwt/jwt/v4" "github.com/google/go-cmp/cmp" "github.com/google/go-tpm-tools/cel" "github.com/google/go-tpm-tools/client" "github.com/google/go-tpm-tools/internal/test" "github.com/google/go-tpm-tools/launcher/internal/logging" "github.com/google/go-tpm-tools/launcher/internal/signaturediscovery" "github.com/google/go-tpm-tools/launcher/spec" attestpb "github.com/google/go-tpm-tools/proto/attest" "github.com/google/go-tpm-tools/verifier" "github.com/google/go-tpm-tools/verifier/fake" "github.com/google/go-tpm-tools/verifier/oci" "github.com/google/go-tpm-tools/verifier/oci/cosign" "google.golang.org/protobuf/encoding/protojson" ) const ( imageRef = "gcr.io/fakeRepo/fakeTestImage:latest" imageDigest = "sha256:adb591795f9e9047f9117163b83c2ebcd5edc4503644d59a98cf911aef0367f8" restartPolicy = spec.Always imageID = "sha256:d5496fd75dd8262f0495ab5706fc464659eb7f481e384700e6174b6c44144cae" arg = "-h" envK = "foo" envV = "foo" env = envK + "=" + envV ) func TestAttestRacing(t *testing.T) { ctx := context.Background() tpm := test.GetTPM(t) defer client.CheckedClose(t, tpm) fakeSigner, err := rsa.GenerateKey(rand.Reader, 2048) if err != nil { t.Fatalf("failed to generate signing key %v", err) } verifierClient := fake.NewClient(fakeSigner) agent, err := CreateAttestationAgent(tpm, client.AttestationKeyECC, verifierClient, placeholderPrincipalFetcher, signaturediscovery.NewFakeClient(), spec.LaunchSpec{}, logging.SimpleLogger()) if err != nil { t.Fatal(err) } var wg sync.WaitGroup for i := 0; i < 5; i++ { wg.Add(1) go func() { defer wg.Done() _, err := agent.Attest(ctx, AttestAgentOpts{}) if err != nil { t.Error(err) } }() } wg.Wait() agent.Close() } func TestAttest(t *testing.T) { ctx := context.Background() testCases := []struct { name string launchSpec spec.LaunchSpec principalIDTokenFetcher func(string) ([][]byte, error) containerSignaturesFetcher signaturediscovery.Fetcher }{ { name: "Happy path with container signatures", launchSpec: spec.LaunchSpec{ SignedImageRepos: []string{signaturediscovery.FakeRepoWithSignatures}, }, principalIDTokenFetcher: placeholderPrincipalFetcher, containerSignaturesFetcher: signaturediscovery.NewFakeClient(), }, } for _, tc := range testCases { tc := tc t.Run(tc.name, func(t *testing.T) { t.Parallel() tpm := test.GetTPM(t) defer client.CheckedClose(t, tpm) fakeSigner, err := rsa.GenerateKey(rand.Reader, 2048) if err != nil { t.Fatalf("failed to generate signing key %v", err) } verifierClient := fake.NewClient(fakeSigner) agent, err := CreateAttestationAgent(tpm, client.AttestationKeyECC, verifierClient, tc.principalIDTokenFetcher, tc.containerSignaturesFetcher, tc.launchSpec, logging.SimpleLogger()) if err != nil { t.Fatalf("failed to create an attestation agent %v", err) } err = measureFakeEvents(agent) if err != nil { t.Errorf("failed to measure events: %v", err) } if err := agent.Refresh(ctx); err != nil { t.Fatalf("failed to fresh attestation agent: %v", err) } tokenBytes, err := agent.Attest(ctx, AttestAgentOpts{}) if err != nil { t.Fatalf("failed to attest to Attestation Service: %v", err) } agent.Close() claims := &fake.Claims{} keyFunc := func(_ *jwt.Token) (interface{}, error) { return fakeSigner.Public(), nil } token, err := jwt.ParseWithClaims(string(tokenBytes), claims, keyFunc) if err != nil { t.Errorf("failed to parse token %s", err) } if err = claims.Valid(); err != nil { t.Errorf("Invalid exp, iat, or nbf: %s", err) } if !claims.VerifyAudience("https://sts.googleapis.com", true) { t.Errorf("Invalid aud") } if !claims.VerifyIssuer("fake-issuer-for-testing", true) { t.Errorf("Invalid iss") } if claims.Subject != "https://www.googleapis.com/compute/v1/projects/fakeProject/zones/fakeZone/instances/fakeInstance" { t.Errorf("Invalid sub") } got := claims.ContainerImageSignatures want := []fake.ContainerImageSignatureClaims{ { Payload: "test data,ECDSA_P256_SHA256", Signature: base64.StdEncoding.EncodeToString([]byte("test data")), PubKey: "test data", SigAlg: "ECDSA_P256_SHA256", }, { Payload: "hello world,RSASSA_PKCS1V15_SHA256", Signature: base64.StdEncoding.EncodeToString([]byte("hello world")), PubKey: "hello world", SigAlg: "RSASSA_PKCS1V15_SHA256", }, } if !cmp.Equal(got, want) { t.Errorf("ContainerImageSignatureClaims does not match expected value: got %v, want %v", got, want) } ms := &attestpb.MachineState{} err = protojson.Unmarshal([]byte(claims.MachineStateMarshaled), ms) if err != nil { t.Fatalf("failed to unmarshal claims as MachineState: %v", err) } validateContainerState(t, ms.GetCos()) fmt.Printf("token.Claims: %v\n", token.Claims) }) } } func placeholderPrincipalFetcher(_ string) ([][]byte, error) { return [][]byte{}, nil } func TestFetchContainerImageSignatures(t *testing.T) { ctx := context.Background() testCases := []struct { name string targetRepos []string wantBase64Sigs []string wantSignatureClaims []fake.ContainerImageSignatureClaims wantPartialErrLen int }{ { name: "fetchContainerImageSignatures with repos that have signatures", targetRepos: []string{signaturediscovery.FakeRepoWithSignatures}, wantBase64Sigs: []string{ "dGVzdCBkYXRh", // base64 encoded "test data". "aGVsbG8gd29ybGQ=", // base64 encoded "hello world". }, wantSignatureClaims: []fake.ContainerImageSignatureClaims{ { Payload: "test data,ECDSA_P256_SHA256", Signature: base64.StdEncoding.EncodeToString([]byte("test data")), PubKey: "test data", SigAlg: "ECDSA_P256_SHA256", }, { Payload: "hello world,RSASSA_PKCS1V15_SHA256", Signature: base64.StdEncoding.EncodeToString([]byte("hello world")), PubKey: "hello world", SigAlg: "RSASSA_PKCS1V15_SHA256", }, }, wantPartialErrLen: 0, }, { name: "fetchContainerImageSignatures with nil target repos", targetRepos: nil, wantBase64Sigs: nil, wantSignatureClaims: nil, wantPartialErrLen: 0, }, { name: "fetchContainerImageSignatures with empty target repos", targetRepos: []string{}, wantBase64Sigs: nil, wantSignatureClaims: nil, wantPartialErrLen: 0, }, { name: "fetchContainerImageSignatures with non exist repos", targetRepos: []string{signaturediscovery.FakeNonExistRepo}, wantBase64Sigs: nil, wantSignatureClaims: nil, wantPartialErrLen: 0, }, { name: "fetchContainerImageSignatures with repos that don't have signatures", targetRepos: []string{signaturediscovery.FakeRepoWithNoSignatures}, wantBase64Sigs: nil, wantSignatureClaims: nil, wantPartialErrLen: 0, }, { name: "fetchContainerImageSignatures with repos that have all invalid signatures", targetRepos: []string{signaturediscovery.FakeRepoWithAllInvalidSignatures}, wantBase64Sigs: []string{ "aW52YWxpZCBzaWduYXR1cmU=", // base64 encoded "invalid signature". "aW52YWxpZCBzaWduYXR1cmU=", // base64 encoded "invalid signature". }, wantSignatureClaims: nil, wantPartialErrLen: 2, }, { name: "fetchContainerImageSignatures with repos that have partial valid signatures", targetRepos: []string{signaturediscovery.FakeRepoWithPartialValidSignatures}, wantBase64Sigs: []string{ "dGVzdCBkYXRh", // base64 encoded "test data". "aW52YWxpZCBzaWduYXR1cmU=", // base64 encoded "invalid signature". }, wantSignatureClaims: []fake.ContainerImageSignatureClaims{ { Payload: "test data,ECDSA_P256_SHA256", Signature: base64.StdEncoding.EncodeToString([]byte("test data")), PubKey: "test data", SigAlg: "ECDSA_P256_SHA256", }, }, wantPartialErrLen: 1, }, } for _, tc := range testCases { t.Run(tc.name, func(t *testing.T) { tpm := test.GetTPM(t) defer client.CheckedClose(t, tpm) ak, err := client.AttestationKeyECC(tpm) if err != nil { t.Fatalf("failed to create AK: %v", err) } testRetryPolicy := func() backoff.BackOff { b := backoff.NewExponentialBackOff() b.MaxElapsedTime = time.Millisecond return b } sdClient := signaturediscovery.NewFakeClient() gotSigs := fetchContainerImageSignatures(ctx, sdClient, tc.targetRepos, testRetryPolicy, logging.SimpleLogger()) if len(gotSigs) != len(tc.wantBase64Sigs) { t.Errorf("fetchContainerImageSignatures did not return expected signatures for test case %s, got signatures length %d, but want %d", tc.name, len(gotSigs), len(tc.wantBase64Sigs)) } gotBase64Sigs := convertOCISignatureToBase64(t, gotSigs) if !cmp.Equal(gotBase64Sigs, tc.wantBase64Sigs) { t.Errorf("fetchContainerImageSignatures did not return expected signatures for test case %s, got signatures %v, but want %v", tc.name, gotBase64Sigs, tc.wantBase64Sigs) } fakeSigner, err := rsa.GenerateKey(rand.Reader, 2048) if err != nil { t.Errorf("failed to generate signing key %v", err) } verifierClient := fake.NewClient(fakeSigner) chal, err := verifierClient.CreateChallenge(ctx) if err != nil { t.Fatalf("failed to create challenge %v", err) } attestation, err := ak.Attest(client.AttestOpts{Nonce: chal.Nonce}) if err != nil { t.Fatalf("failed to attest %v", err) } var containerSigs []*verifier.ContainerSignature for _, gotSig := range gotSigs { sig, err := convertOCIToContainerSignature(gotSig) if err != nil { t.Fatalf("failed to convert gotSigs: %v", err) } containerSigs = append(containerSigs, sig) } req := verifier.VerifyAttestationRequest{ Attestation: attestation, ContainerImageSignatures: containerSigs, } got, err := verifierClient.VerifyAttestation(context.Background(), req) if err != nil { t.Fatalf("VerifyAttestation failed: %v", err) } claims := &fake.Claims{} keyFunc := func(_ *jwt.Token) (interface{}, error) { return fakeSigner.Public(), nil } _, err = jwt.ParseWithClaims(string(got.ClaimsToken), claims, keyFunc) if err != nil { t.Errorf("failed to parse token %s", err) } gotSignatureClaims := claims.ContainerImageSignatures if !cmp.Equal(gotSignatureClaims, tc.wantSignatureClaims) { t.Errorf("ContainerImageSignatureClaims does not match expected value: got %v, want %v", gotSignatureClaims, tc.wantSignatureClaims) } if len(got.PartialErrs) != tc.wantPartialErrLen { t.Errorf("VerifyAttestation did not return expected partial error length for test case %s, got partial errors length %d, but want %d", tc.name, len(got.ClaimsToken), tc.wantPartialErrLen) } }) } } // Represents the return value from FetchImageSignatures type returnVal struct { result []oci.Signature err error } // Implments signaturediscovery.Fetcher methods type failingClient struct { mu sync.Mutex results map[string][]returnVal numTimes map[string]int } func NewFailingClient(mymap map[string][]returnVal) signaturediscovery.Fetcher { numTimes := map[string]int{} for k := range mymap { numTimes[k] = 0 } return &failingClient{ results: mymap, numTimes: numTimes, } } // Return test data in a round robin fashion func (f *failingClient) FetchImageSignatures(_ context.Context, targetRepository string) ([]oci.Signature, error) { f.mu.Lock() defer f.mu.Unlock() attempt := f.numTimes[targetRepository] r := f.results[targetRepository][attempt] f.numTimes[targetRepository] = intMin(attempt+1, len(f.results[targetRepository])-1) return r.result, r.err } func intMin(a, b int) int { return int(math.Min(float64(a), float64(b))) } func TestFetchContainerImageSignatures_RetriesOnFailure(t *testing.T) { ctx := context.Background() testCases := []struct { name string resultmap map[string][]returnVal }{ { name: "one repo, no failures", resultmap: map[string][]returnVal{ "repo1": { returnVal{ result: []oci.Signature{cosign.NewFakeSignature("test data", oci.ECDSAP256SHA256)}, err: nil, }, }, }, }, { name: "one repo fails", resultmap: map[string][]returnVal{ "repo1": { returnVal{ result: []oci.Signature{cosign.NewFakeSignature("test data", oci.ECDSAP256SHA256)}, err: fmt.Errorf("partial error"), }, }, }, }, { name: "one repo, failure then success", resultmap: map[string][]returnVal{ "repo1": { returnVal{ result: []oci.Signature{}, err: fmt.Errorf("failure 1"), }, returnVal{ result: []oci.Signature{cosign.NewFakeSignature("test data", oci.ECDSAP256SHA256)}, err: nil, }, }, }, }, { name: "two repos, no failures", resultmap: map[string][]returnVal{ "repo1": { returnVal{ result: []oci.Signature{cosign.NewFakeSignature("test data", oci.ECDSAP256SHA256)}, err: nil, }, }, "repo2": { returnVal{ result: []oci.Signature{cosign.NewFakeSignature("test data again", oci.ECDSAP256SHA256)}, err: nil, }, }, }, }, { name: "two repos, failure then success", resultmap: map[string][]returnVal{ "failrepo": { returnVal{ result: []oci.Signature{}, err: fmt.Errorf("failure 1"), }, returnVal{ result: []oci.Signature{cosign.NewFakeSignature("test data", oci.ECDSAP256SHA256)}, err: nil, }, }, "successRepo": { returnVal{ result: []oci.Signature{cosign.NewFakeSignature("test data again", oci.ECDSAP256SHA256)}, err: nil, }, }, }, }, { name: "two repos, failures", resultmap: map[string][]returnVal{ "repo1": { returnVal{ result: []oci.Signature{}, err: fmt.Errorf("failure 1"), }, }, "repo2": { returnVal{ result: []oci.Signature{}, err: fmt.Errorf("failure 2"), }, }, }, }, } for _, tc := range testCases { t.Run(tc.name, func(t *testing.T) { sdClient := NewFailingClient(tc.resultmap) retryPolicy := func() backoff.BackOff { b := backoff.NewExponentialBackOff() return backoff.WithMaxRetries(b, 2) } repos := []string{} wantSigs := []oci.Signature{} for k, v := range tc.resultmap { repos = append(repos, k) for _, result := range v { if result.err == nil { wantSigs = append(wantSigs, result.result...) } } } gotSigs := fetchContainerImageSignatures(ctx, sdClient, repos, retryPolicy, logging.SimpleLogger()) if len(gotSigs) != len(wantSigs) { t.Errorf("fetchContainerImageSignatures did not return expected signatures for test case %s, got signatures length %d, but want %d", tc.name, len(gotSigs), len(wantSigs)) } if !cmp.Equal(convertOCISignatureToBase64(t, gotSigs), convertOCISignatureToBase64(t, wantSigs)) { t.Errorf("fetchContainerImageSignatures did not return expected signatures for test case %s, got signatures %v, but want %v", tc.name, gotSigs, wantSigs) } }) } } func TestCacheConcurrentSetGet(t *testing.T) { cache := &sigsCache{} if sigs := cache.get(); len(sigs) != 0 { t.Errorf("signature cache should be empty, but got: %v", sigs) } var wg sync.WaitGroup for i := 0; i < runtime.NumCPU(); i++ { wg.Add(1) go func(idx int) { defer wg.Done() if idx%2 == 1 { sigs := generateRandSigs(t) cache.set(sigs) } else { cache.get() } }(i) } wg.Wait() } func generateRandSigs(t *testing.T) []oci.Signature { t.Helper() b := make([]byte, 32) _, err := rand.Read(b) if err != nil { t.Fatalf("Unable to generate random bytes: %v", err) } randB64Str := base64.StdEncoding.EncodeToString(b) return []oci.Signature{ cosign.NewFakeSignature(randB64Str, oci.ECDSAP256SHA256), } } func convertOCISignatureToBase64(t *testing.T, sigs []oci.Signature) []string { t.Helper() var base64Sigs []string for _, sig := range sigs { b64Sig, err := sig.Base64Encoded() if err != nil { t.Fatalf("oci.Signature did not return expected base64 signature: %v", err) } base64Sigs = append(base64Sigs, b64Sig) } return base64Sigs } func validateContainerState(t *testing.T, cos *attestpb.AttestedCosState) { if cos == nil { t.Errorf("failed to find COS state in MachineState") } ctr := cos.GetContainer() if ctr == nil { t.Errorf("failed to find ContainerState in CosState") return } if ctr.ImageReference != imageRef { t.Errorf("got image ref %v, want image ref %v", ctr.ImageReference, imageRef) } if ctr.ImageDigest != imageDigest { t.Errorf("got image digest %v, want image digest %v", ctr.ImageDigest, imageDigest) } if ctr.RestartPolicy.String() != string(restartPolicy) { t.Errorf("got restart policy %v, want restart policy %v", ctr.RestartPolicy.String(), restartPolicy) } if len(ctr.Args) != 1 { t.Fatalf("got args %v, want length 1", ctr.Args) } if ctr.Args[0] != arg { t.Errorf("got args %v, want [%v]", ctr.Args, arg) } if len(ctr.OverriddenArgs) != 1 { t.Fatalf("got overridden args %v, want length 1", ctr.OverriddenArgs) } if ctr.OverriddenArgs[0] != arg { t.Errorf("got overridden args %v, want [%v]", ctr.OverriddenArgs, arg) } if len(ctr.EnvVars) != 1 { t.Fatalf("got envs %v, want length 1", ctr.EnvVars) } if val := ctr.EnvVars[envK]; val != envV { t.Errorf("got args %v, want map[%v]", ctr.EnvVars, env) } if len(ctr.OverriddenEnvVars) != 1 { t.Fatalf("got overridden envs %v, want length 1", ctr.OverriddenEnvVars) } if val := ctr.EnvVars[envK]; val != envV { t.Errorf("got overridden args %v, want map[%v]", ctr.OverriddenEnvVars, env) } } func measureFakeEvents(attestAgent AttestationAgent) error { if err := attestAgent.MeasureEvent(cel.CosTlv{EventType: cel.ImageRefType, EventContent: []byte(imageRef)}); err != nil { return err } if err := attestAgent.MeasureEvent(cel.CosTlv{EventType: cel.ImageDigestType, EventContent: []byte(imageDigest)}); err != nil { return err } if err := attestAgent.MeasureEvent(cel.CosTlv{EventType: cel.RestartPolicyType, EventContent: []byte(restartPolicy)}); err != nil { return err } if err := attestAgent.MeasureEvent(cel.CosTlv{EventType: cel.ImageIDType, EventContent: []byte(imageID)}); err != nil { return err } if err := attestAgent.MeasureEvent(cel.CosTlv{EventType: cel.ArgType, EventContent: []byte(arg)}); err != nil { return err } if err := attestAgent.MeasureEvent(cel.CosTlv{EventType: cel.EnvVarType, EventContent: []byte(env)}); err != nil { return err } if err := attestAgent.MeasureEvent(cel.CosTlv{EventType: cel.OverrideEnvType, EventContent: []byte(env)}); err != nil { return err } if err := attestAgent.MeasureEvent(cel.CosTlv{EventType: cel.OverrideArgType, EventContent: []byte(arg)}); err != nil { return err } return nil } go-tpm-tools-0.4.7/launcher/cloudbuild.yaml000066400000000000000000000311431510276467000207100ustar00rootroot00000000000000substitutions: '_BASE_IMAGE': '' # If left empty, will use the latest image in _BASE_IMAGE_FAMILY of _BASE_IMAGE_PROJECT '_BASE_IMAGE_FAMILY': 'cos-tdx-113-lts' '_BASE_IMAGE_PROJECT': 'confidential-vm-images' '_OUTPUT_IMAGE_PREFIX': 'confidential-space' '_OUTPUT_IMAGE_SUFFIX': '' '_OUTPUT_IMAGE_FAMILY': '' '_BUCKET_NAME': '${PROJECT_ID}_cloudbuild' steps: # determine the base image - name: 'gcr.io/cloud-builders/gcloud' id: BaseImageIdent env: - 'BASE_IMAGE=$_BASE_IMAGE' - 'BASE_IMAGE_FAMILY=$_BASE_IMAGE_FAMILY' - 'BASE_IMAGE_PROJECT=$_BASE_IMAGE_PROJECT' script: | #!/usr/bin/env bash # if BASE_IMAGE is not specified in the substitutions, use the latest image of the image family base_image=${BASE_IMAGE} if [ -z ${base_image} ] then echo "getting the latest image from project:" ${BASE_IMAGE_PROJECT} "family: "${BASE_IMAGE_FAMILY} base_image=$(gcloud compute images describe-from-family ${BASE_IMAGE_FAMILY} --project ${BASE_IMAGE_PROJECT} | grep name | cut -d ' ' -f 2) fi echo "base image:" ${base_image} "project:" ${BASE_IMAGE_PROJECT} echo ${base_image} > /workspace/base_image.txt - name: 'gcr.io/cloud-builders/gcloud' id: DebugImageBuild waitFor: ['BaseImageIdent'] env: - 'OUTPUT_IMAGE_PREFIX=${_OUTPUT_IMAGE_PREFIX}' - 'OUTPUT_IMAGE_SUFFIX=${_OUTPUT_IMAGE_SUFFIX}' - 'OUTPUT_IMAGE_FAMILY=${_OUTPUT_IMAGE_FAMILY}' - 'BUCKET_NAME=$_BUCKET_NAME' - 'SHORT_SHA=${SHORT_SHA}' - 'BASE_IMAGE_PROJECT=$_BASE_IMAGE_PROJECT' script: | #!/usr/bin/env bash set -exuo pipefail base_image=$(cat /workspace/base_image.txt) echo "building the debug image: ${OUTPUT_IMAGE_PREFIX}-debug-${OUTPUT_IMAGE_SUFFIX} with the base image: ${base_image}" gcloud builds submit --config=launcher/image/cloudbuild.yaml \ --region us-west1 \ --substitutions _SHORT_SHA=${SHORT_SHA},\ _BASE_IMAGE=${base_image},\ _BASE_IMAGE_PROJECT=${BASE_IMAGE_PROJECT},\ _OUTPUT_IMAGE_FAMILY=${OUTPUT_IMAGE_FAMILY}-debug,\ _OUTPUT_IMAGE_NAME=${OUTPUT_IMAGE_PREFIX}-debug-${OUTPUT_IMAGE_SUFFIX},\ _IMAGE_ENV=debug,\ _CS_LICENSE=projects/confidential-space-images/global/licenses/confidential-space-debug,\ _BUCKET_NAME=${BUCKET_NAME} exit - name: 'gcr.io/cloud-builders/gcloud' id: HardenedImageBuild waitFor: ['BaseImageIdent'] env: - 'OUTPUT_IMAGE_PREFIX=${_OUTPUT_IMAGE_PREFIX}' - 'OUTPUT_IMAGE_SUFFIX=${_OUTPUT_IMAGE_SUFFIX}' - 'OUTPUT_IMAGE_FAMILY=${_OUTPUT_IMAGE_FAMILY}' - 'BUCKET_NAME=$_BUCKET_NAME' - 'SHORT_SHA=${SHORT_SHA}' - 'BASE_IMAGE_PROJECT=$_BASE_IMAGE_PROJECT' script: | #!/usr/bin/env bash set -exuo pipefail base_image=$(cat /workspace/base_image.txt) echo "building the hardened image: ${OUTPUT_IMAGE_PREFIX}-hardened-${OUTPUT_IMAGE_SUFFIX} with the base image: ${base_image}" gcloud builds submit --config=launcher/image/cloudbuild.yaml \ --region us-west1 \ --substitutions _SHORT_SHA=${SHORT_SHA},\ _BASE_IMAGE=${base_image},\ _BASE_IMAGE_PROJECT=${BASE_IMAGE_PROJECT},\ _OUTPUT_IMAGE_FAMILY=${OUTPUT_IMAGE_FAMILY},\ _OUTPUT_IMAGE_NAME=${OUTPUT_IMAGE_PREFIX}-hardened-${OUTPUT_IMAGE_SUFFIX},\ _IMAGE_ENV=hardened,\ _CS_LICENSE=projects/confidential-space-images/global/licenses/confidential-space,\ _BUCKET_NAME=${BUCKET_NAME} exit - name: 'gcr.io/cloud-builders/gcloud' id: ExperimentsTests waitFor: ['DebugImageBuild'] env: - 'OUTPUT_IMAGE_PREFIX=${_OUTPUT_IMAGE_PREFIX}' - 'OUTPUT_IMAGE_SUFFIX=${_OUTPUT_IMAGE_SUFFIX}' - 'PROJECT_ID=$PROJECT_ID' script: | #!/usr/bin/env bash cd launcher/image/test echo "running experiments client tests on ${OUTPUT_IMAGE_PREFIX}-debug-${OUTPUT_IMAGE_SUFFIX}" gcloud builds submit --config=test_experiments_client.yaml --region us-west1 \ --substitutions _IMAGE_NAME=${OUTPUT_IMAGE_PREFIX}-debug-${OUTPUT_IMAGE_SUFFIX},_IMAGE_PROJECT=${PROJECT_ID} exit - name: 'gcr.io/cloud-builders/gcloud' id: HttpServerTests waitFor: ['DebugImageBuild'] env: - 'OUTPUT_IMAGE_PREFIX=${_OUTPUT_IMAGE_PREFIX}' - 'OUTPUT_IMAGE_SUFFIX=${_OUTPUT_IMAGE_SUFFIX}' - 'PROJECT_ID=$PROJECT_ID' script: | #!/usr/bin/env bash cd launcher/image/test echo "running http server tests on ${OUTPUT_IMAGE_PREFIX}-debug-${OUTPUT_IMAGE_SUFFIX}" gcloud builds submit --config=test_http_server.yaml --region us-west1 \ --substitutions _IMAGE_NAME=${OUTPUT_IMAGE_PREFIX}-debug-${OUTPUT_IMAGE_SUFFIX},_IMAGE_PROJECT=${PROJECT_ID} exit - name: 'gcr.io/cloud-builders/gcloud' id: DebugImageTests waitFor: ['DebugImageBuild'] env: - 'OUTPUT_IMAGE_PREFIX=${_OUTPUT_IMAGE_PREFIX}' - 'OUTPUT_IMAGE_SUFFIX=${_OUTPUT_IMAGE_SUFFIX}' - 'PROJECT_ID=$PROJECT_ID' script: | #!/usr/bin/env bash cd launcher/image/test echo "running debug image tests on ${OUTPUT_IMAGE_PREFIX}-debug-${OUTPUT_IMAGE_SUFFIX}" gcloud builds submit --config=test_debug_cloudbuild.yaml --region us-west1 \ --substitutions _IMAGE_NAME=${OUTPUT_IMAGE_PREFIX}-debug-${OUTPUT_IMAGE_SUFFIX},_IMAGE_PROJECT=${PROJECT_ID} exit - name: 'gcr.io/cloud-builders/gcloud' id: HardenedImageTests waitFor: ['HardenedImageBuild'] env: - 'OUTPUT_IMAGE_PREFIX=${_OUTPUT_IMAGE_PREFIX}' - 'OUTPUT_IMAGE_SUFFIX=${_OUTPUT_IMAGE_SUFFIX}' - 'PROJECT_ID=$PROJECT_ID' script: | #!/usr/bin/env bash cd launcher/image/test echo "running hardened image tests on ${OUTPUT_IMAGE_PREFIX}-hardened-${OUTPUT_IMAGE_SUFFIX}" gcloud builds submit --config=test_hardened_cloudbuild.yaml --region us-west1 \ --substitutions _IMAGE_NAME=${OUTPUT_IMAGE_PREFIX}-hardened-${OUTPUT_IMAGE_SUFFIX},_IMAGE_PROJECT=${PROJECT_ID} exit - name: 'gcr.io/cloud-builders/gcloud' id: LaunchPolicyTests waitFor: ['HardenedImageBuild'] env: - 'OUTPUT_IMAGE_PREFIX=${_OUTPUT_IMAGE_PREFIX}' - 'OUTPUT_IMAGE_SUFFIX=${_OUTPUT_IMAGE_SUFFIX}' - 'PROJECT_ID=$PROJECT_ID' script: | #!/usr/bin/env bash cd launcher/image/test echo "running launch policy tests on ${OUTPUT_IMAGE_PREFIX}-hardened-${OUTPUT_IMAGE_SUFFIX}" gcloud builds submit --config=test_launchpolicy_cloudbuild.yaml --region us-west1 \ --substitutions _HARDENED_IMAGE_NAME=${OUTPUT_IMAGE_PREFIX}-hardened-${OUTPUT_IMAGE_SUFFIX},_IMAGE_PROJECT=${PROJECT_ID} exit - name: 'gcr.io/cloud-builders/gcloud' id: HardenedNetworkIngressTests waitFor: ['HardenedImageBuild'] env: - 'OUTPUT_IMAGE_PREFIX=${_OUTPUT_IMAGE_PREFIX}' - 'OUTPUT_IMAGE_SUFFIX=${_OUTPUT_IMAGE_SUFFIX}' - 'PROJECT_ID=$PROJECT_ID' script: | #!/usr/bin/env bash cd launcher/image/test echo "running hardened image ingress network tests on ${OUTPUT_IMAGE_PREFIX}-hardened-${OUTPUT_IMAGE_SUFFIX}" gcloud builds submit --config=test_ingress_network.yaml --region us-west1 \ --substitutions _IMAGE_NAME=${OUTPUT_IMAGE_PREFIX}-hardened-${OUTPUT_IMAGE_SUFFIX},_IMAGE_PROJECT=${PROJECT_ID} exit - name: 'gcr.io/cloud-builders/gcloud' id: DebugNetworkIngressTests waitFor: ['DebugImageBuild'] env: - 'OUTPUT_IMAGE_PREFIX=${_OUTPUT_IMAGE_PREFIX}' - 'OUTPUT_IMAGE_SUFFIX=${_OUTPUT_IMAGE_SUFFIX}' - 'PROJECT_ID=$PROJECT_ID' script: | #!/usr/bin/env bash cd launcher/image/test echo "running debug image ingress network tests on ${OUTPUT_IMAGE_PREFIX}-debug-${OUTPUT_IMAGE_SUFFIX}" gcloud builds submit --config=test_ingress_network.yaml --region us-west1 \ --substitutions _IMAGE_NAME=${OUTPUT_IMAGE_PREFIX}-debug-${OUTPUT_IMAGE_SUFFIX},_IMAGE_PROJECT=${PROJECT_ID} exit - name: 'gcr.io/cloud-builders/gcloud' id: LogRedirectionTests waitFor: ['HardenedImageBuild'] env: - 'OUTPUT_IMAGE_PREFIX=${_OUTPUT_IMAGE_PREFIX}' - 'OUTPUT_IMAGE_SUFFIX=${_OUTPUT_IMAGE_SUFFIX}' - 'PROJECT_ID=$PROJECT_ID' script: | #!/usr/bin/env bash cd launcher/image/test echo "running log redirection tests on ${OUTPUT_IMAGE_PREFIX}-hardened-${OUTPUT_IMAGE_SUFFIX}" gcloud builds submit --config=test_log_redirection.yaml --region us-west1 \ --substitutions _HARDENED_IMAGE_NAME=${OUTPUT_IMAGE_PREFIX}-hardened-${OUTPUT_IMAGE_SUFFIX},_IMAGE_PROJECT=${PROJECT_ID} exit - name: 'gcr.io/cloud-builders/gcloud' id: HardenedDiscoverContainerSignatureTests waitFor: ['HardenedImageBuild'] env: - 'OUTPUT_IMAGE_PREFIX=${_OUTPUT_IMAGE_PREFIX}' - 'OUTPUT_IMAGE_SUFFIX=${_OUTPUT_IMAGE_SUFFIX}' - 'PROJECT_ID=$PROJECT_ID' script: | #!/usr/bin/env bash cd launcher/image/test echo "running hardened image container signature tests on ${OUTPUT_IMAGE_PREFIX}-hardened-${OUTPUT_IMAGE_SUFFIX}" gcloud builds submit --config=test_discover_signatures.yaml --region us-west1 \ --substitutions _IMAGE_NAME=${OUTPUT_IMAGE_PREFIX}-hardened-${OUTPUT_IMAGE_SUFFIX},_IMAGE_PROJECT=${PROJECT_ID},_SIGNATURE_REPO=us-docker.pkg.dev/confidential-space-images-dev/cs-cosign-tests/hardened exit - name: 'gcr.io/cloud-builders/gcloud' id: DebugDiscoverContainerSignatureTests waitFor: ['DebugImageBuild'] env: - 'OUTPUT_IMAGE_PREFIX=${_OUTPUT_IMAGE_PREFIX}' - 'OUTPUT_IMAGE_SUFFIX=${_OUTPUT_IMAGE_SUFFIX}' - 'PROJECT_ID=$PROJECT_ID' script: | #!/usr/bin/env bash cd launcher/image/test echo "running debug image container signature tests on ${OUTPUT_IMAGE_PREFIX}-debug-${OUTPUT_IMAGE_SUFFIX}" gcloud builds submit --config=test_discover_signatures.yaml --region us-west1 \ --substitutions _IMAGE_NAME=${OUTPUT_IMAGE_PREFIX}-debug-${OUTPUT_IMAGE_SUFFIX},_IMAGE_PROJECT=${PROJECT_ID},_SIGNATURE_REPO=us-docker.pkg.dev/confidential-space-images-dev/cs-cosign-tests/debug exit - name: 'gcr.io/cloud-builders/gcloud' id: MemoryMonitoringTests waitFor: ['HardenedImageBuild'] env: - 'OUTPUT_IMAGE_PREFIX=${_OUTPUT_IMAGE_PREFIX}' - 'OUTPUT_IMAGE_SUFFIX=${_OUTPUT_IMAGE_SUFFIX}' - 'PROJECT_ID=$PROJECT_ID' script: | #!/usr/bin/env bash cd launcher/image/test echo "running memory monitoring tests on ${OUTPUT_IMAGE_PREFIX}-hardened-${OUTPUT_IMAGE_SUFFIX}" gcloud builds submit --config=test_memory_monitoring.yaml --region us-west1 \ --substitutions _IMAGE_NAME=${OUTPUT_IMAGE_PREFIX}-hardened-${OUTPUT_IMAGE_SUFFIX},_IMAGE_PROJECT=${PROJECT_ID} exit - name: 'gcr.io/cloud-builders/gcloud' id: HealthMonitoringTests waitFor: ['HardenedImageBuild'] env: - 'OUTPUT_IMAGE_PREFIX=$_OUTPUT_IMAGE_PREFIX' - 'OUTPUT_IMAGE_SUFFIX=$_OUTPUT_IMAGE_SUFFIX' - 'PROJECT_ID=$PROJECT_ID' script: | #!/usr/bin/env bash cd launcher/image/test echo "running health monitoring tests on ${OUTPUT_IMAGE_PREFIX}-hardened-${OUTPUT_IMAGE_SUFFIX}" gcloud builds submit --config=test_health_monitoring.yaml --region us-west1 \ --substitutions _IMAGE_NAME=${OUTPUT_IMAGE_PREFIX}-hardened-${OUTPUT_IMAGE_SUFFIX},_IMAGE_PROJECT=${PROJECT_ID} exit - name: 'gcr.io/cloud-builders/gcloud' id: ODAWithSignedContainerTest waitFor: ['HardenedImageBuild'] env: - 'OUTPUT_IMAGE_PREFIX=${_OUTPUT_IMAGE_PREFIX}' - 'OUTPUT_IMAGE_SUFFIX=${_OUTPUT_IMAGE_SUFFIX}' - 'PROJECT_ID=$PROJECT_ID' script: | #!/usr/bin/env bash cd launcher/image/test echo "running ODA and signed container tests on ${OUTPUT_IMAGE_PREFIX}-hardened-${OUTPUT_IMAGE_SUFFIX}" gcloud builds submit --config=test_oda_with_signed_container.yaml --region us-west1 \ --substitutions _IMAGE_NAME=${OUTPUT_IMAGE_PREFIX}-hardened-${OUTPUT_IMAGE_SUFFIX},_IMAGE_PROJECT=${PROJECT_ID} exit - name: 'gcr.io/cloud-builders/gcloud' id: MountTests waitFor: ['HardenedImageBuild'] env: - 'OUTPUT_IMAGE_PREFIX=${_OUTPUT_IMAGE_PREFIX}' - 'OUTPUT_IMAGE_SUFFIX=${_OUTPUT_IMAGE_SUFFIX}' - 'PROJECT_ID=$PROJECT_ID' script: | #!/usr/bin/env bash cd launcher/image/test dev_shm_size_kb=$(shuf -i 70000-256000 -n 1) tmpfs_size_kb=$(shuf -i 256-256000 -n 1) echo "running mount tests on ${OUTPUT_IMAGE_PREFIX}-hardened-${OUTPUT_IMAGE_SUFFIX}" gcloud builds submit --config=test_mounts.yaml --region us-west1 \ --substitutions _IMAGE_NAME=${OUTPUT_IMAGE_PREFIX}-hardened-${OUTPUT_IMAGE_SUFFIX},_IMAGE_PROJECT=${PROJECT_ID} exit - name: 'gcr.io/cloud-builders/gcloud' id: PrivilegedTests waitFor: ['HardenedImageBuild'] env: - 'OUTPUT_IMAGE_PREFIX=${_OUTPUT_IMAGE_PREFIX}' - 'OUTPUT_IMAGE_SUFFIX=${_OUTPUT_IMAGE_SUFFIX}' - 'PROJECT_ID=$PROJECT_ID' script: | #!/usr/bin/env bash cd launcher/image/test echo "running privileged tests on ${OUTPUT_IMAGE_PREFIX}-hardened-${OUTPUT_IMAGE_SUFFIX}" gcloud builds submit --config=test_privileged.yaml --region us-west1 \ --substitutions _IMAGE_NAME=${OUTPUT_IMAGE_PREFIX}-hardened-${OUTPUT_IMAGE_SUFFIX},_IMAGE_PROJECT=${PROJECT_ID} exit options: pool: name: 'projects/confidential-space-images-dev/locations/us-west1/workerPools/cs-image-build-vpc' go-tpm-tools-0.4.7/launcher/container_runner.go000066400000000000000000000644321510276467000216070ustar00rootroot00000000000000// Package launcher contains functionalities to start a measured workload package launcher import ( "context" "encoding/json" "errors" "fmt" "io" "math/rand" "os" "os/exec" "path" "strconv" "strings" "time" "cloud.google.com/go/compute/metadata" "github.com/cenkalti/backoff/v4" "github.com/containerd/containerd" "github.com/containerd/containerd/cio" "github.com/containerd/containerd/containers" "github.com/containerd/containerd/content" "github.com/containerd/containerd/images" "github.com/containerd/containerd/oci" "github.com/containerd/containerd/remotes" "github.com/golang-jwt/jwt/v4" "github.com/google/go-tpm-tools/cel" "github.com/google/go-tpm-tools/client" "github.com/google/go-tpm-tools/launcher/agent" "github.com/google/go-tpm-tools/launcher/internal/healthmonitoring/nodeproblemdetector" "github.com/google/go-tpm-tools/launcher/internal/logging" "github.com/google/go-tpm-tools/launcher/internal/signaturediscovery" "github.com/google/go-tpm-tools/launcher/launcherfile" "github.com/google/go-tpm-tools/launcher/registryauth" "github.com/google/go-tpm-tools/launcher/spec" "github.com/google/go-tpm-tools/launcher/teeserver" "github.com/google/go-tpm-tools/verifier" "github.com/google/go-tpm-tools/verifier/fake" "github.com/google/go-tpm-tools/verifier/ita" "github.com/google/go-tpm-tools/verifier/util" v1 "github.com/opencontainers/image-spec/specs-go/v1" specs "github.com/opencontainers/runtime-spec/specs-go" "golang.org/x/oauth2" ) // ContainerRunner contains information about the container settings type ContainerRunner struct { container containerd.Container launchSpec spec.LaunchSpec attestAgent agent.AttestationAgent logger logging.Logger serialConsole *os.File } const tokenFileTmp = ".token.tmp" const teeServerSocket = "teeserver.sock" // Since we only allow one container on a VM, using a deterministic id is probably fine const ( containerID = "tee-container" snapshotID = "tee-snapshot" ) const ( nofile = 131072 // Max number of file descriptor ) const ( // defaultRefreshMultiplier is a multiplier on the current token expiration // time, at which the refresher goroutine will collect a new token. // defaultRefreshMultiplier+defaultRefreshJitter should be <1. defaultRefreshMultiplier = 0.8 // defaultRefreshJitter is a random component applied additively to the // refresh multiplier. The refresher will wait for some time in the range // [defaultRefreshMultiplier-defaultRefreshJitter, defaultRefreshMultiplier+defaultRefreshJitter] defaultRefreshJitter = 0.1 ) // Default OOM score for a CS container. const defaultOOMScore = 1000 // NewRunner returns a runner. func NewRunner(ctx context.Context, cdClient *containerd.Client, token oauth2.Token, launchSpec spec.LaunchSpec, mdsClient *metadata.Client, tpm io.ReadWriteCloser, logger logging.Logger, serialConsole *os.File) (*ContainerRunner, error) { image, err := initImage(ctx, cdClient, launchSpec, token) if err != nil { return nil, err } var mounts []specs.Mount for _, lsMnt := range launchSpec.Mounts { mounts = append(mounts, lsMnt.SpecsMount()) } mounts = appendTokenMounts(mounts) var cgroupOpts []oci.SpecOpts if launchSpec.CgroupNamespace { mounts = appendCgroupRw(mounts) cgroupOpts = []oci.SpecOpts{ oci.WithNamespacedCgroup(), oci.WithLinuxNamespace(specs.LinuxNamespace{Type: specs.CgroupNamespace}), } } envs, err := formatEnvVars(launchSpec.Envs) if err != nil { return nil, err } // Check if there is already a container container, err := cdClient.LoadContainer(ctx, containerID) if err == nil { // container exists, delete it first container.Delete(ctx, containerd.WithSnapshotCleanup) } logger.Info("Preparing Container Runner", "operator_input_image_ref", image.Name(), "image_digest", image.Target().Digest, "operator_override_env_vars", envs, "operator_override_cmd", launchSpec.Cmd, ) imageConfig, err := getImageConfig(ctx, image) if err != nil { return nil, err } logger.Info(fmt.Sprintf("Exposed Ports: : %v\n", imageConfig.ExposedPorts)) if err := openPorts(imageConfig.ExposedPorts); err != nil { return nil, err } logger.Info(fmt.Sprintf("Image Labels : %v\n", imageConfig.Labels)) launchPolicy, err := spec.GetLaunchPolicy(imageConfig.Labels, logger) if err != nil { return nil, fmt.Errorf("failed to parse image Launch Policy: %v: contact the image author", err) } if err := launchPolicy.Verify(launchSpec); err != nil { return nil, err } if launchSpec.MonitoringEnabled == spec.All && !launchSpec.Experiments.EnableHealthMonitoring { logger.Info("Health Monitoring experiment is not enabled - falling back to memory-only.") if err := enableMonitoring(spec.MemoryOnly, logger); err != nil { return nil, err } } else { if err := enableMonitoring(launchSpec.MonitoringEnabled, logger); err != nil { return nil, err } } logger.Info(fmt.Sprintf("Launch Policy : %+v\n", launchPolicy)) if imageConfigDescriptor, err := image.Config(ctx); err != nil { logger.Error(err.Error()) } else { logger.Info("Retrieved image config", "image_id", imageConfigDescriptor.Digest, "image_annotations", imageConfigDescriptor.Annotations, ) } hostname, err := os.Hostname() if err != nil { return nil, &RetryableError{fmt.Errorf("cannot get hostname: [%w]", err)} } rlimits := []specs.POSIXRlimit{{ Type: "RLIMIT_NOFILE", Hard: nofile, Soft: nofile, }} specOpts := []oci.SpecOpts{ oci.WithImageConfigArgs(image, launchSpec.Cmd), oci.WithEnv(envs), oci.WithMounts(mounts), // following 4 options are here to allow the container to have // the host network (same effect as --net-host in ctr command) oci.WithHostHostsFile, oci.WithHostResolvconf, oci.WithHostNamespace(specs.NetworkNamespace), oci.WithEnv([]string{fmt.Sprintf("HOSTNAME=%s", hostname)}), oci.WithAddedCapabilities(launchSpec.AddedCapabilities), withRlimits(rlimits), withOOMScoreAdj(defaultOOMScore), } if launchSpec.DevShmSize != 0 { specOpts = append(specOpts, oci.WithDevShmSize(launchSpec.DevShmSize)) } specOpts = append(specOpts, cgroupOpts...) container, err = cdClient.NewContainer( ctx, containerID, containerd.WithImage(image), containerd.WithNewSnapshot(snapshotID, image), containerd.WithNewSpec(specOpts...), ) if err != nil { if container != nil { container.Delete(ctx, containerd.WithSnapshotCleanup) } return nil, &RetryableError{fmt.Errorf("failed to create a container: [%w]", err)} } containerSpec, err := container.Spec(ctx) if err != nil { return nil, &RetryableError{err} } // Container process Args length should be strictly longer than the Cmd // override length set by the operator, as we want the Entrypoint filed // to be mandatory for the image. // Roughly speaking, Args = Entrypoint + Cmd if len(containerSpec.Process.Args) <= len(launchSpec.Cmd) { return nil, fmt.Errorf("length of Args [%d] is shorter or equal to the length of the given Cmd [%d], maybe the Entrypoint is set to empty in the image?", len(containerSpec.Process.Args), len(launchSpec.Cmd)) } principalFetcherWithImpersonate := func(audience string) ([][]byte, error) { tokens, err := util.PrincipalFetcher(audience, mdsClient) if err != nil { return nil, err } // Fetch impersonated ID tokens. for _, sa := range launchSpec.ImpersonateServiceAccounts { idToken, err := FetchImpersonatedToken(ctx, sa, audience) if err != nil { return nil, fmt.Errorf("failed to get impersonated token for %v: %w", sa, err) } tokens = append(tokens, idToken) } return tokens, nil } asAddr := launchSpec.AttestationServiceAddr var verifierClient verifier.Client if launchSpec.FakeVerifierEnabled { verifierClient = fake.NewClient(nil) } else if launchSpec.ITAConfig.ITARegion == "" { gcaClient, err := util.NewRESTClient(ctx, asAddr, launchSpec.ProjectID, launchSpec.Region) if err != nil { return nil, fmt.Errorf("failed to create REST verifier client: %v", err) } verifierClient = gcaClient } // Create a new signaturediscovery client to fetch signatures. sdClient := getSignatureDiscoveryClient(cdClient, mdsClient, image.Target()) attestAgent, err := agent.CreateAttestationAgent(tpm, client.GceAttestationKeyECC, verifierClient, principalFetcherWithImpersonate, sdClient, launchSpec, logger) if err != nil { return nil, err } return &ContainerRunner{ container, launchSpec, attestAgent, logger, serialConsole, }, nil } func enableMonitoring(enabled spec.MonitoringType, logger logging.Logger) error { if enabled != spec.None { logger.Info("Health Monitoring is enabled by the VM operator") if enabled == spec.All { logger.Info("All health monitoring metrics enabled") if err := nodeproblemdetector.EnableAllConfig(); err != nil { logger.Error("Failed to enable full monitoring config: %v", err) return err } } else if enabled == spec.MemoryOnly { logger.Info("memory/bytes_used enabled") } if err := nodeproblemdetector.StartService(logger); err != nil { logger.Error(err.Error()) return err } } else { logger.Info("Health Monitoring is disabled") } return nil } func getSignatureDiscoveryClient(cdClient *containerd.Client, mdsClient *metadata.Client, imageDesc v1.Descriptor) signaturediscovery.Fetcher { resolverFetcher := func(ctx context.Context) (remotes.Resolver, error) { return registryauth.RefreshResolver(ctx, mdsClient) } imageFetcher := func(ctx context.Context, imageRef string, opts ...containerd.RemoteOpt) (containerd.Image, error) { image, err := pullImageWithRetries( func() (containerd.Image, error) { return cdClient.Pull(ctx, imageRef, opts...) }, pullImageBackoffPolicy, ) if err != nil { return nil, fmt.Errorf("cannot pull signature objects from the signature image [%s]: %w", imageRef, err) } return image, nil } return signaturediscovery.New(imageDesc, resolverFetcher, imageFetcher) } // formatEnvVars formats the environment variables to the oci format func formatEnvVars(envVars []spec.EnvVar) ([]string, error) { var result []string for _, envVar := range envVars { ociFormat, err := cel.FormatEnvVar(envVar.Name, envVar.Value) if err != nil { return nil, fmt.Errorf("failed to format env var: %v", err) } result = append(result, ociFormat) } return result, nil } // appendTokenMounts appends the default mount specs for the OIDC token func appendTokenMounts(mounts []specs.Mount) []specs.Mount { m := specs.Mount{} m.Destination = launcherfile.ContainerRuntimeMountPath m.Type = "bind" m.Source = launcherfile.HostTmpPath m.Options = []string{"rbind", "ro"} return append(mounts, m) } func (r *ContainerRunner) measureCELEvents(ctx context.Context) error { if err := r.measureContainerClaims(ctx); err != nil { return fmt.Errorf("failed to measure container claims: %v", err) } if err := r.measureMemoryMonitor(); err != nil { return fmt.Errorf("failed to measure memory monitoring state: %v", err) } separator := cel.CosTlv{ EventType: cel.LaunchSeparatorType, EventContent: nil, // Success } return r.attestAgent.MeasureEvent(separator) } // measureContainerClaims will measure various container claims into the COS // eventlog in the AttestationAgent. func (r *ContainerRunner) measureContainerClaims(ctx context.Context) error { image, err := r.container.Image(ctx) if err != nil { return err } if err := r.attestAgent.MeasureEvent(cel.CosTlv{EventType: cel.ImageRefType, EventContent: []byte(image.Name())}); err != nil { return err } if err := r.attestAgent.MeasureEvent(cel.CosTlv{EventType: cel.ImageDigestType, EventContent: []byte(image.Target().Digest)}); err != nil { return err } if err := r.attestAgent.MeasureEvent(cel.CosTlv{EventType: cel.RestartPolicyType, EventContent: []byte(r.launchSpec.RestartPolicy)}); err != nil { return err } if imageConfigDescriptor, err := image.Config(ctx); err == nil { // if NO error if err := r.attestAgent.MeasureEvent(cel.CosTlv{EventType: cel.ImageIDType, EventContent: []byte(imageConfigDescriptor.Digest)}); err != nil { return err } } containerSpec, err := r.container.Spec(ctx) if err != nil { return err } for _, arg := range containerSpec.Process.Args { if err := r.attestAgent.MeasureEvent(cel.CosTlv{EventType: cel.ArgType, EventContent: []byte(arg)}); err != nil { return err } } for _, env := range containerSpec.Process.Env { if err := r.attestAgent.MeasureEvent(cel.CosTlv{EventType: cel.EnvVarType, EventContent: []byte(env)}); err != nil { return err } } // Measure the input overridden Env Vars and Args separately, these should be subsets of the Env Vars and Args above. envs, err := formatEnvVars(r.launchSpec.Envs) if err != nil { return err } for _, env := range envs { if err := r.attestAgent.MeasureEvent(cel.CosTlv{EventType: cel.OverrideEnvType, EventContent: []byte(env)}); err != nil { return err } } for _, arg := range r.launchSpec.Cmd { if err := r.attestAgent.MeasureEvent(cel.CosTlv{EventType: cel.OverrideArgType, EventContent: []byte(arg)}); err != nil { return err } } return nil } // measureMemoryMonitor will measure memory monitoring claims into the COS // eventlog in the AttestationAgent. func (r *ContainerRunner) measureMemoryMonitor() error { var enabled uint8 if r.launchSpec.MonitoringEnabled == spec.MemoryOnly { enabled = 1 } if err := r.attestAgent.MeasureEvent(cel.CosTlv{EventType: cel.MemoryMonitorType, EventContent: []byte{enabled}}); err != nil { return err } r.logger.Info("Successfully measured memory monitoring event") return nil } // Retrieves the default OIDC token from the attestation service, and returns how long // to wait before attemping to refresh it. // The token file will be written to a tmp file and then renamed. func (r *ContainerRunner) refreshToken(ctx context.Context) (time.Duration, error) { if err := r.attestAgent.Refresh(ctx); err != nil { return 0, fmt.Errorf("failed to refresh attestation agent: %v", err) } // request a default token token, err := r.attestAgent.Attest(ctx, agent.AttestAgentOpts{}) if err != nil { return 0, fmt.Errorf("failed to retrieve attestation service token: %v", err) } // Get token expiration. claims := &jwt.RegisteredClaims{} _, _, err = jwt.NewParser().ParseUnverified(string(token), claims) if err != nil { return 0, fmt.Errorf("failed to parse token: %w", err) } now := time.Now() if !now.Before(claims.ExpiresAt.Time) { return 0, errors.New("token is expired") } // Write to a temp file first. tmpTokenPath := path.Join(launcherfile.HostTmpPath, tokenFileTmp) if err = os.WriteFile(tmpTokenPath, token, 0644); err != nil { return 0, fmt.Errorf("failed to write a tmp token file: %v", err) } // Rename the temp file to the token file (to avoid race conditions). if err = os.Rename(tmpTokenPath, path.Join(launcherfile.HostTmpPath, launcherfile.AttestationVerifierTokenFilename)); err != nil { return 0, fmt.Errorf("failed to rename the token file: %v", err) } // Print out the claims in the jwt payload mapClaims := jwt.MapClaims{} _, _, err = jwt.NewParser().ParseUnverified(string(token), mapClaims) if err != nil { return 0, fmt.Errorf("failed to parse token: %w", err) } r.logger.Info("successfully refreshed attestation token", "token", mapClaims) return getNextRefreshFromExpiration(time.Until(claims.ExpiresAt.Time), rand.Float64()), nil } // ctx must be a cancellable context. func (r *ContainerRunner) fetchAndWriteToken(ctx context.Context) error { return r.fetchAndWriteTokenWithRetry(ctx, defaultRetryPolicy) } // ctx must be a cancellable context. // retry specifies the refresher goroutine's retry policy. func (r *ContainerRunner) fetchAndWriteTokenWithRetry(ctx context.Context, retry func() *backoff.ExponentialBackOff) error { if err := os.MkdirAll(launcherfile.HostTmpPath, 0755); err != nil { return err } duration, err := r.refreshToken(ctx) if err != nil { return err } // Set a timer to refresh the token before it expires. timer := time.NewTimer(duration) go func() { for { select { case <-ctx.Done(): timer.Stop() r.logger.Info("token refreshing stopped") return case <-timer.C: r.logger.Info("refreshing attestation verifier OIDC token") var duration time.Duration // Refresh token with default retry policy. err := backoff.RetryNotify( func() error { duration, err = r.refreshToken(ctx) return err }, retry(), func(err error, t time.Duration) { r.logger.Error(fmt.Sprintf("failed to refresh attestation service token at time %v: %v", t, err)) }) if err != nil { r.logger.Error(fmt.Sprintf("failed all attempts to refresh attestation service token, stopping refresher: %v", err)) return } timer.Reset(duration) } } }() return nil } // getNextRefreshFromExpiration returns the Duration for the next run of the // token refresher goroutine. It expects pre-validation that expiration is in // the future (e.g., time.Now < expiration). func getNextRefreshFromExpiration(expiration time.Duration, random float64) time.Duration { diff := defaultRefreshJitter * float64(expiration) center := defaultRefreshMultiplier * float64(expiration) minRange := center - diff return time.Duration(minRange + random*2*diff) } /* defaultRetryPolicy retries as follows: Given the following arguments, the retry sequence will be: RetryInterval = 60 sec RandomizationFactor = 0.5 Multiplier = 2 MaxInterval = 3600 sec MaxElapsedTime = 0 (never stops retrying) Request # RetryInterval (seconds) Randomized Interval (seconds) RetryInterval*[1-RandFactor, 1+RandFactor] 1 60 [30, 90] 2 120 [60, 180] 3 240 [120, 360] 4 480 [240, 720] 5 960 [480, 1440] 6 1920 [960, 2880] 7 3600 (MaxInterval) [1800, 5400] 8 3600 (MaxInterval) [1800, 5400] ... */ func defaultRetryPolicy() *backoff.ExponentialBackOff { expBack := backoff.NewExponentialBackOff() expBack.InitialInterval = time.Minute expBack.RandomizationFactor = 0.5 expBack.Multiplier = 2 expBack.MaxInterval = time.Hour // Never stop retrying. expBack.MaxElapsedTime = 0 return expBack } func pullImageBackoffPolicy() backoff.BackOff { b := backoff.NewConstantBackOff(time.Millisecond * 500) return backoff.WithMaxRetries(b, 3) } // Run the container // Container output will always be redirected to logger writer for now func (r *ContainerRunner) Run(ctx context.Context) error { // Note start time for workload setup. start := time.Now() ctx, cancel := context.WithCancel(ctx) defer cancel() if err := r.measureCELEvents(ctx); err != nil { return fmt.Errorf("failed to measure CEL events: %v", err) } // Only refresh token if agent has a default GCA client (not ITA use case). if r.launchSpec.ITAConfig.ITARegion == "" { if err := r.fetchAndWriteToken(ctx); err != nil { return fmt.Errorf("failed to fetch and write OIDC token: %v", err) } } // create and start the TEE server r.logger.Info("EnableOnDemandAttestation is enabled: initializing TEE server.") attestClients := teeserver.AttestClients{} if r.launchSpec.FakeVerifierEnabled { fakeClient := fake.NewClient(nil) attestClients.GCA = fakeClient attestClients.ITA = fakeClient } else if r.launchSpec.ITAConfig.ITARegion != "" { itaClient, err := ita.NewClient(r.launchSpec.ITAConfig) if err != nil { return fmt.Errorf("failed to create ITA client: %v", err) } attestClients.ITA = itaClient } else { gcaClient, err := util.NewRESTClient(ctx, r.launchSpec.AttestationServiceAddr, r.launchSpec.ProjectID, r.launchSpec.Region) if err != nil { return fmt.Errorf("failed to create REST verifier client: %v", err) } attestClients.GCA = gcaClient } teeServer, err := teeserver.New(ctx, path.Join(launcherfile.HostTmpPath, teeServerSocket), r.attestAgent, r.logger, r.launchSpec, attestClients) if err != nil { return fmt.Errorf("failed to create the TEE server: %v", err) } go teeServer.Serve() defer teeServer.Shutdown(ctx) // Avoids breaking existing memory monitoring tests that depend on this log. if r.launchSpec.MonitoringEnabled == spec.None { r.logger.Info("MemoryMonitoring is disabled by the VM operator") } var streamOpt cio.Opt switch r.launchSpec.LogRedirect { case spec.Nowhere: streamOpt = cio.WithStreams(nil, nil, nil) r.logger.Info("Container stdout/stderr will not be redirected.") case spec.Everywhere: w := io.MultiWriter(os.Stdout, r.serialConsole) streamOpt = cio.WithStreams(nil, w, w) r.logger.Info("Container stdout/stderr will be redirected to serial and Cloud Logging. This may result in performance issues due to slow serial console writes.") case spec.CloudLogging: streamOpt = cio.WithStreams(nil, os.Stdout, os.Stdout) r.logger.Info("Container stdout/stderr will be redirected to Cloud Logging.") case spec.Serial: streamOpt = cio.WithStreams(nil, r.serialConsole, r.serialConsole) r.logger.Info("Container stdout/stderr will be redirected to serial logging. This may result in performance issues due to slow serial console writes.") default: return fmt.Errorf("unknown logging redirect location: %v", r.launchSpec.LogRedirect) } task, err := r.container.NewTask(ctx, cio.NewCreator(streamOpt)) if err != nil { return &RetryableError{err} } defer task.Delete(ctx) setupDuration := time.Since(start) r.logger.Info("Workload setup completed", "setup_sec", setupDuration.Seconds(), ) exitStatusC, err := task.Wait(ctx) if err != nil { r.logger.Error(err.Error()) } // Start timer for workload execution. start = time.Now() r.logger.Info("workload task started") if err := task.Start(ctx); err != nil { return &RetryableError{err} } status := <-exitStatusC workloadDuration := time.Since(start) code, _, err := status.Result() if err != nil { return err } if code != 0 { r.logger.Error("workload task ended and returned non-zero", "workload_execution_sec", workloadDuration.Seconds(), ) return &WorkloadError{code} } r.logger.Info("workload task ended and returned 0", "workload_execution_sec", workloadDuration.Seconds(), ) return nil } func pullImageWithRetries(f func() (containerd.Image, error), retry func() backoff.BackOff) (containerd.Image, error) { var err error var image containerd.Image err = backoff.Retry(func() error { image, err = f() return err }, retry()) if err != nil { return nil, fmt.Errorf("failed to pull image with retries, the last error is: %w", err) } return image, nil } func initImage(ctx context.Context, cdClient *containerd.Client, launchSpec spec.LaunchSpec, token oauth2.Token) (containerd.Image, error) { if token.Valid() { remoteOpt := containerd.WithResolver(registryauth.Resolver(token.AccessToken)) image, err := pullImageWithRetries( func() (containerd.Image, error) { return cdClient.Pull(ctx, launchSpec.ImageRef, containerd.WithPullUnpack, remoteOpt) }, pullImageBackoffPolicy, ) if err != nil { return nil, fmt.Errorf("cannot pull the image: %w", err) } return image, nil } image, err := pullImageWithRetries( func() (containerd.Image, error) { return cdClient.Pull(ctx, launchSpec.ImageRef, containerd.WithPullUnpack) }, pullImageBackoffPolicy, ) if err != nil { return nil, fmt.Errorf("cannot pull the image (no token, only works for a public image): %w", err) } return image, nil } // openPorts writes firewall rules to accept all traffic into that port and protocol using iptables. func openPorts(ports map[string]struct{}) error { for k := range ports { portAndProtocol := strings.Split(k, "/") if len(portAndProtocol) != 2 { return fmt.Errorf("failed to parse port and protocol: got %s, expected [port]/[protocol] 80/tcp", portAndProtocol) } port := portAndProtocol[0] _, err := strconv.ParseUint(port, 10, 16) if err != nil { return fmt.Errorf("received invalid port number: %v, %w", port, err) } protocol := portAndProtocol[1] if protocol != "tcp" && protocol != "udp" { return fmt.Errorf("received unknown protocol: got %s, expected tcp or udp", protocol) } // These 2 commands will write firewall rules to accept all INPUT packets for the given port/protocol // for IPv4 and IPv6 traffic. cmd := exec.Command("iptables", "-A", "INPUT", "-p", protocol, "--dport", port, "-j", "ACCEPT") out, err := cmd.CombinedOutput() if err != nil { return fmt.Errorf("failed to open port on IPv4 %s %s: %v %s", port, protocol, err, out) } v6cmd := exec.Command("ip6tables", "-A", "INPUT", "-p", protocol, "--dport", port, "-j", "ACCEPT") out, err = v6cmd.CombinedOutput() if err != nil { return fmt.Errorf("failed to open port on IPv6 %s %s: %v %s", port, protocol, err, out) } } return nil } func getImageConfig(ctx context.Context, image containerd.Image) (v1.ImageConfig, error) { ic, err := image.Config(ctx) if err != nil { return v1.ImageConfig{}, err } switch ic.MediaType { case v1.MediaTypeImageConfig, images.MediaTypeDockerSchema2Config: p, err := content.ReadBlob(ctx, image.ContentStore(), ic) if err != nil { return v1.ImageConfig{}, err } var ociimage v1.Image if err := json.Unmarshal(p, &ociimage); err != nil { return v1.ImageConfig{}, err } return ociimage.Config, nil } return v1.ImageConfig{}, fmt.Errorf("unknown image config media type %s", ic.MediaType) } // Close the container runner func (r *ContainerRunner) Close(ctx context.Context) { // close the agent r.attestAgent.Close() // Exit gracefully: // Delete container and close connection to attestation service. r.container.Delete(ctx, containerd.WithSnapshotCleanup) } // withRlimits sets the rlimit (like the max file descriptor) for the container process func withRlimits(rlimits []specs.POSIXRlimit) oci.SpecOpts { return func(_ context.Context, _ oci.Client, _ *containers.Container, s *oci.Spec) error { s.Process.Rlimits = rlimits return nil } } // Set the container process's OOM score. func withOOMScoreAdj(oomScore int) oci.SpecOpts { return func(_ context.Context, _ oci.Client, _ *containers.Container, s *oci.Spec) error { s.Process.OOMScoreAdj = &oomScore return nil } } // appendCgroupRw mount maps a cgroup as read-write. func appendCgroupRw(mounts []specs.Mount) []specs.Mount { m := specs.Mount{ Destination: "/sys/fs/cgroup", Type: "cgroup", Source: "cgroup", Options: []string{"rw", "nosuid", "noexec", "nodev"}, } return append(mounts, m) } go-tpm-tools-0.4.7/launcher/container_runner_test.go000066400000000000000000000516531510276467000226470ustar00rootroot00000000000000package launcher import ( "bytes" "context" "crypto/rand" "crypto/rsa" "errors" "fmt" "os" "path" "strconv" "sync" "testing" "time" "github.com/cenkalti/backoff/v4" "github.com/containerd/containerd" "github.com/containerd/containerd/defaults" "github.com/containerd/containerd/namespaces" "github.com/containerd/containerd/oci" "github.com/golang-jwt/jwt/v4" "github.com/google/go-cmp/cmp" "github.com/google/go-tpm-tools/cel" "github.com/google/go-tpm-tools/launcher/agent" "github.com/google/go-tpm-tools/launcher/internal/logging" "github.com/google/go-tpm-tools/launcher/launcherfile" "github.com/google/go-tpm-tools/launcher/spec" "github.com/google/go-tpm-tools/verifier" "github.com/opencontainers/go-digest" v1 "github.com/opencontainers/image-spec/specs-go/v1" specs "github.com/opencontainers/runtime-spec/specs-go" "golang.org/x/oauth2" ) const ( idTokenEndpoint = "https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/%s:generateIdToken" ) // Fake attestation agent. type fakeAttestationAgent struct { measureEventFunc func(cel.Content) error attestFunc func(context.Context, agent.AttestAgentOpts) ([]byte, error) sigsCache []string sigsFetcherFunc func(context.Context) []string // attMu sits on top of attempts field and protects attempts. attMu sync.Mutex attempts int } func (f *fakeAttestationAgent) MeasureEvent(event cel.Content) error { if f.measureEventFunc != nil { return f.measureEventFunc(event) } return fmt.Errorf("unimplemented") } func (f *fakeAttestationAgent) Attest(ctx context.Context, _ agent.AttestAgentOpts) ([]byte, error) { if f.attestFunc != nil { return f.attestFunc(ctx, agent.AttestAgentOpts{}) } return nil, fmt.Errorf("unimplemented") } func (f *fakeAttestationAgent) AttestWithClient(_ context.Context, _ agent.AttestAgentOpts, _ verifier.Client) ([]byte, error) { return nil, fmt.Errorf("unimplemented") } // Refresh simulates the behavior of an actual agent. func (f *fakeAttestationAgent) Refresh(ctx context.Context) error { if f.sigsFetcherFunc != nil { f.sigsCache = f.sigsFetcherFunc(ctx) } return nil } func (f *fakeAttestationAgent) Close() error { return nil } type fakeClaims struct { jwt.RegisteredClaims Signatures []string } func createJWT(t *testing.T, ttl time.Duration) []byte { return createJWTWithID(t, "test token", ttl) } func createJWTWithID(t *testing.T, id string, ttl time.Duration) []byte { now := jwt.TimeFunc() claims := &jwt.RegisteredClaims{ ID: id, IssuedAt: jwt.NewNumericDate(now), NotBefore: jwt.NewNumericDate(now), ExpiresAt: jwt.NewNumericDate(now.Add(ttl)), } return createSignedToken(t, claims) } func createJWTWithSignatures(t *testing.T, signatures []string) []byte { now := jwt.TimeFunc() ttl := 5 * time.Second id := "signature token" claims := &fakeClaims{ RegisteredClaims: jwt.RegisteredClaims{ ID: id, IssuedAt: jwt.NewNumericDate(now), NotBefore: jwt.NewNumericDate(now), ExpiresAt: jwt.NewNumericDate(now.Add(ttl)), }, Signatures: signatures, } return createSignedToken(t, claims) } func createSignedToken(t *testing.T, claims jwt.Claims) []byte { t.Helper() privkey, err := rsa.GenerateKey(rand.Reader, 2048) if err != nil { t.Fatalf("Error creating token key: %v", err) } token := jwt.NewWithClaims(jwt.SigningMethodRS256, claims) signed, err := token.SignedString(privkey) if err != nil { t.Fatalf("Error creating signed string: %v", err) } return []byte(signed) } func extractJWTClaims(t *testing.T, token []byte) *jwt.RegisteredClaims { claims := &jwt.RegisteredClaims{} _, _, err := jwt.NewParser().ParseUnverified(string(token), claims) if err != nil { t.Fatalf("failed to parse JWT: %v", token) } return claims } func TestRefreshToken(t *testing.T) { ctx, cancel := context.WithCancel(context.Background()) defer cancel() ttl := 5 * time.Second expectedToken := createJWT(t, ttl) runner := ContainerRunner{ attestAgent: &fakeAttestationAgent{ attestFunc: func(context.Context, agent.AttestAgentOpts) ([]byte, error) { return expectedToken, nil }, }, logger: logging.SimpleLogger(), } if err := os.MkdirAll(launcherfile.HostTmpPath, 0755); err != nil { t.Fatalf("Error creating host token path directory: %v", err) } refreshTime, err := runner.refreshToken(ctx) if err != nil { t.Fatalf("refreshToken returned with error: %v", err) } filepath := path.Join(launcherfile.HostTmpPath, launcherfile.AttestationVerifierTokenFilename) data, err := os.ReadFile(filepath) if err != nil { t.Fatalf("Failed to read from %s: %v", filepath, err) } if !bytes.Equal(data, expectedToken) { t.Errorf("Initial token written to file does not match expected token: got %v, want %v", data, expectedToken) } // Expect refreshTime to be no greater than expectedTTL. if refreshTime >= time.Duration(float64(ttl)) { t.Errorf("Refresh time cannot exceed ttl: got %v, expect no greater than %v", refreshTime, time.Duration(float64(ttl))) } } // TestRefreshTokenWithSignedContainerCacheEnabled checks `refreshToken` updates the default token when signatures get updated. func TestRefreshTokenWithSignedContainerCacheEnabled(t *testing.T) { ctx, cancel := context.WithCancel(context.Background()) defer cancel() oldCache := []string{"old sigs cache"} fakeAgent := &fakeAttestationAgent{ sigsFetcherFunc: func(context.Context) []string { return oldCache }, } fakeAgent.attestFunc = func(context.Context, agent.AttestAgentOpts) ([]byte, error) { return createJWTWithSignatures(t, fakeAgent.sigsCache), nil } runner := ContainerRunner{ attestAgent: fakeAgent, logger: logging.SimpleLogger(), } if err := os.MkdirAll(launcherfile.HostTmpPath, 0755); err != nil { t.Fatalf("Error creating host token path directory: %v", err) } _, err := runner.refreshToken(ctx) if err != nil { t.Fatalf("refreshToken returned with error: %v", err) } // Simulate adding signatures. newCache := []string{"old sigs cache", "new sigs cache"} fakeAgent.sigsFetcherFunc = func(context.Context) []string { return newCache } // Refresh token again to get the updated token. _, err = runner.refreshToken(ctx) if err != nil { t.Fatalf("refreshToken returned with error: %v", err) } // Read the token to check if claims contain the updated signatures. filepath := path.Join(launcherfile.HostTmpPath, launcherfile.AttestationVerifierTokenFilename) token, err := os.ReadFile(filepath) if err != nil { t.Fatalf("Failed to read from %s: %v", filepath, err) } gotClaims := &fakeClaims{} _, _, err = jwt.NewParser().ParseUnverified(string(token), gotClaims) if err != nil { t.Fatalf("failed to parse token: %v", err) } if gotSignatures, wantSignatures := gotClaims.Signatures, newCache; !cmp.Equal(gotSignatures, wantSignatures) { t.Errorf("Updated token written to file does not contain expected signatures: got %v, want %v", gotSignatures, wantSignatures) } } func TestRefreshTokenError(t *testing.T) { if err := os.MkdirAll(launcherfile.HostTmpPath, 0755); err != nil { t.Fatalf("Error creating host token path directory: %v", err) } testcases := []struct { name string agent *fakeAttestationAgent }{ { name: "Attest fails", agent: &fakeAttestationAgent{ attestFunc: func(context.Context, agent.AttestAgentOpts) ([]byte, error) { return nil, errors.New("attest error") }, }, }, { name: "Attest returns expired token", agent: &fakeAttestationAgent{ attestFunc: func(context.Context, agent.AttestAgentOpts) ([]byte, error) { return createJWT(t, -5*time.Second), nil }, }, }, } for _, tc := range testcases { t.Run(tc.name, func(t *testing.T) { runner := ContainerRunner{ attestAgent: tc.agent, logger: logging.SimpleLogger(), } if _, err := runner.refreshToken(context.Background()); err == nil { t.Error("refreshToken succeeded, expected error.") } }) } } func TestFetchAndWriteTokenSucceeds(t *testing.T) { ctx, cancel := context.WithCancel(context.Background()) defer cancel() expectedToken := createJWT(t, 5*time.Second) runner := ContainerRunner{ attestAgent: &fakeAttestationAgent{ attestFunc: func(context.Context, agent.AttestAgentOpts) ([]byte, error) { return expectedToken, nil }, }, logger: logging.SimpleLogger(), } if err := runner.fetchAndWriteToken(ctx); err != nil { t.Fatalf("fetchAndWriteToken failed: %v", err) } filepath := path.Join(launcherfile.HostTmpPath, launcherfile.AttestationVerifierTokenFilename) data, err := os.ReadFile(filepath) if err != nil { t.Fatalf("Failed to read from %s: %v", filepath, err) } if !bytes.Equal(data, expectedToken) { t.Errorf("Token written to file does not match expected token: got %v, want %v", data, expectedToken) } } func TestTokenIsNotChangedIfRefreshFails(t *testing.T) { ctx, cancel := context.WithCancel(context.Background()) defer cancel() expectedToken := createJWT(t, 5*time.Second) ttl := 5 * time.Second attestAgent := &fakeAttestationAgent{} attestAgent.attestFunc = func(context.Context, agent.AttestAgentOpts) ([]byte, error) { attestAgent.attMu.Lock() defer func() { attestAgent.attempts = attestAgent.attempts + 1 attestAgent.attMu.Unlock() }() if attestAgent.attempts%2 == 0 { return expectedToken, nil } return nil, errors.New("attest unsuccessful") } runner := ContainerRunner{ attestAgent: attestAgent, logger: logging.SimpleLogger(), } if err := runner.fetchAndWriteToken(ctx); err != nil { t.Fatalf("fetchAndWriteToken failed: %v", err) } filepath := path.Join(launcherfile.HostTmpPath, launcherfile.AttestationVerifierTokenFilename) data, err := os.ReadFile(filepath) if err != nil { t.Fatalf("Failed to read from %s: %v", filepath, err) } if !bytes.Equal(data, expectedToken) { t.Errorf("Initial token written to file does not match expected token: got %v, want %v", data, expectedToken) } time.Sleep(ttl) data, err = os.ReadFile(filepath) if err != nil { t.Fatalf("Failed to read from %s: %v", filepath, err) } if !bytes.Equal(data, expectedToken) { t.Errorf("Expected token to remain the same after unsuccessful refresh attempt: got %v", data) } } // testRetryPolicy tries the operation at the following times: // t=0s, .5s, 1.25s. It is canceled before the fourth try. func testRetryPolicyThreeTimes() *backoff.ExponentialBackOff { expBack := backoff.NewExponentialBackOff() expBack.InitialInterval = 500 * time.Millisecond expBack.RandomizationFactor = 0 expBack.Multiplier = 1.5 expBack.MaxInterval = 1 * time.Second expBack.MaxElapsedTime = 2249 * time.Millisecond return expBack } func TestTokenRefreshRetryPolicyFail(t *testing.T) { testRetryPolicyWithNTries(t, 4 /*numTries*/, false /*expectRefresh*/) } func TestTokenRefreshRetryPolicy(t *testing.T) { // Test retry policy tries 3 times. for numTries := 1; numTries <= 3; numTries++ { t.Run("RetryPolicyWith"+strconv.Itoa(numTries)+"Tries", func(t *testing.T) { testRetryPolicyWithNTries(t, numTries /*numTries*/, true /*expectRefresh*/) }) } } func testRetryPolicyWithNTries(t *testing.T, numTries int, expectRefresh bool) { strNum := strconv.Itoa(numTries) t.Logf("testing with %d tries", numTries) ctx, cancel := context.WithCancel(context.Background()) defer cancel() expectedInitialToken := createJWTWithID(t, "initial token"+strNum, 5*time.Second) expectedRefreshToken := createJWTWithID(t, "refresh token"+strNum, 100*time.Second) // Wait the initial token's 5s plus a second per retry (MaxInterval). ttl := time.Duration(numTries)*time.Second + 5*time.Second retry := -1 attestFunc := func(context.Context, agent.AttestAgentOpts) ([]byte, error) { retry++ // Success on the initial fetch (subsequent calls use refresher goroutine). if retry == 0 { return expectedInitialToken, nil } if retry == numTries { return expectedRefreshToken, nil } return nil, errors.New("attest unsuccessful") } runner := ContainerRunner{ attestAgent: &fakeAttestationAgent{attestFunc: attestFunc}, logger: logging.SimpleLogger(), } if err := runner.fetchAndWriteTokenWithRetry(ctx, testRetryPolicyThreeTimes); err != nil { t.Fatalf("fetchAndWriteTokenWithRetry failed: %v", err) } filepath := path.Join(launcherfile.HostTmpPath, launcherfile.AttestationVerifierTokenFilename) data, err := os.ReadFile(filepath) if err != nil { t.Fatalf("failed to read from %s: %v", filepath, err) } if !bytes.Equal(data, expectedInitialToken) { gotClaims := extractJWTClaims(t, data) wantClaims := extractJWTClaims(t, expectedInitialToken) t.Errorf("initial token written to file does not match expected token: got ID %v, want ID %v", gotClaims.ID, wantClaims.ID) } time.Sleep(ttl) data, err = os.ReadFile(filepath) if err != nil { t.Fatalf("failed to read from %s: %v", filepath, err) } // No refresh: the token should match initial token. if !expectRefresh && !bytes.Equal(data, expectedInitialToken) { gotClaims := extractJWTClaims(t, data) wantClaims := extractJWTClaims(t, expectedInitialToken) t.Errorf("token refresher should fail and received token should be the initial token: got ID %v, want ID %v", gotClaims.ID, wantClaims.ID) } // Should Refresh: the token should match refreshed token. if expectRefresh && !bytes.Equal(data, expectedRefreshToken) { gotClaims := extractJWTClaims(t, data) wantClaims := extractJWTClaims(t, expectedRefreshToken) t.Errorf("refreshed token did not match expected token: got ID %v, want ID %v", gotClaims.ID, wantClaims.ID) } } func TestFetchAndWriteTokenWithTokenRefresh(t *testing.T) { ctx, cancel := context.WithCancel(context.Background()) defer cancel() expectedToken := createJWT(t, 5*time.Second) expectedRefreshedToken := createJWT(t, 10*time.Second) ttl := 5 * time.Second attestAgent := &fakeAttestationAgent{} attestAgent.attestFunc = func(context.Context, agent.AttestAgentOpts) ([]byte, error) { attestAgent.attMu.Lock() defer func() { attestAgent.attempts = attestAgent.attempts + 1 attestAgent.attMu.Unlock() }() if attestAgent.attempts%2 == 0 { return expectedToken, nil } return expectedRefreshedToken, nil } runner := ContainerRunner{ attestAgent: attestAgent, logger: logging.SimpleLogger(), } if err := runner.fetchAndWriteToken(ctx); err != nil { t.Fatalf("fetchAndWriteToken failed: %v", err) } filepath := path.Join(launcherfile.HostTmpPath, launcherfile.AttestationVerifierTokenFilename) data, err := os.ReadFile(filepath) if err != nil { t.Fatalf("Failed to read from %s: %v", filepath, err) } if !bytes.Equal(data, expectedToken) { t.Errorf("Initial token written to file does not match expected token: got %v, want %v", data, expectedToken) } // Check that token has not been refreshed yet. data, err = os.ReadFile(filepath) if err != nil { t.Fatalf("Failed to read from %s: %v", filepath, err) } if !bytes.Equal(data, expectedToken) { t.Errorf("Token unexpectedly refreshed: got %v, want %v", data, expectedRefreshedToken) } time.Sleep(ttl) // Check that token has changed. data, err = os.ReadFile(filepath) if err != nil { t.Fatalf("Failed to read from %s: %v", filepath, err) } if !bytes.Equal(data, expectedRefreshedToken) { t.Errorf("Refreshed token written to file does not match expected token: got %v, want %v", data, expectedRefreshedToken) } } func TestGetNextRefresh(t *testing.T) { // 0 <= random < 1. for _, randNum := range []float64{0, .1415926, .5, .75, .999999999} { // expiration should always be >0. // 0 or negative expiration means the token has already expired. for _, expInt := range []int64{1, 10, 100, 1000, 10000, 1000000} { expDuration := time.Duration(expInt) next := getNextRefreshFromExpiration(expDuration, randNum) if next >= expDuration { t.Errorf("getNextRefreshFromExpiration(%v, %v) = %v next refresh. expected %v (next refresh) < %v (expiration)", expDuration, randNum, next, next, expDuration) } } } } func TestInitImageDockerPublic(t *testing.T) { // testing image fetching using a dummy token and a docker repo url containerdClient, err := containerd.New(defaults.DefaultAddress) if err != nil { t.Skipf("test needs containerd daemon: %v", err) } ctx := namespaces.WithNamespace(context.Background(), "test") // This is a "valid" token (formatwise) validToken := oauth2.Token{AccessToken: "000000", Expiry: time.Now().Add(time.Hour)} if _, err := initImage(ctx, containerdClient, spec.LaunchSpec{ImageRef: "docker.io/library/hello-world:latest"}, validToken); err != nil { t.Error(err) } else { if err := containerdClient.ImageService().Delete(ctx, "docker.io/library/hello-world:latest"); err != nil { t.Error(err) } } invalidToken := oauth2.Token{} if _, err := initImage(ctx, containerdClient, spec.LaunchSpec{ImageRef: "docker.io/library/hello-world:latest"}, invalidToken); err != nil { t.Error(err) } else { if err := containerdClient.ImageService().Delete(ctx, "docker.io/library/hello-world:latest"); err != nil { t.Error(err) } } } func TestMeasureCELEvents(t *testing.T) { ctx := context.Background() fakeContainer := &fakeContainer{ image: &fakeImage{ name: "fake image name", digest: "fake digest", id: "fake id", }, args: []string{"fake args"}, env: []string{"fake env"}, } testCases := []struct { name string wantCELEvents []cel.CosType launchSpec spec.LaunchSpec }{ { name: "measure full container events and launch separator event", wantCELEvents: []cel.CosType{ cel.ImageRefType, cel.ImageDigestType, cel.RestartPolicyType, cel.ImageIDType, cel.ArgType, cel.EnvVarType, cel.OverrideEnvType, cel.OverrideArgType, cel.MemoryMonitorType, cel.LaunchSeparatorType, }, launchSpec: spec.LaunchSpec{ Envs: []spec.EnvVar{{Name: "hello", Value: "world"}}, Cmd: []string{"hello world"}, }, }, { name: "measure partial container events, memory monitoring event, and launch separator event", wantCELEvents: []cel.CosType{ cel.ImageRefType, cel.ImageDigestType, cel.RestartPolicyType, cel.ImageIDType, cel.ArgType, cel.EnvVarType, cel.MemoryMonitorType, cel.LaunchSeparatorType, }, }, } for _, tc := range testCases { t.Run(tc.name, func(t *testing.T) { gotEvents := []cel.CosType{} fakeAgent := &fakeAttestationAgent{ measureEventFunc: func(content cel.Content) error { got, _ := content.GetTLV() tlv := &cel.TLV{} tlv.UnmarshalBinary(got.Value) gotEvents = append(gotEvents, cel.CosType(tlv.Type)) return nil }, } r := ContainerRunner{ attestAgent: fakeAgent, container: fakeContainer, launchSpec: tc.launchSpec, logger: logging.SimpleLogger(), } if err := r.measureCELEvents(ctx); err != nil { t.Errorf("failed to measureCELEvents: %v", err) } if !cmp.Equal(gotEvents, tc.wantCELEvents) { t.Errorf("failed to measure CEL events, got %v, but want %v", gotEvents, tc.wantCELEvents) } }) } } func TestPullImageWithRetries(t *testing.T) { testCases := []struct { name string imagePuller func(int) (containerd.Image, error) wantPass bool }{ { name: "success with single attempt", imagePuller: func(int) (containerd.Image, error) { return &fakeImage{}, nil }, wantPass: true, }, { name: "failure then success", imagePuller: func(attempts int) (containerd.Image, error) { if attempts%2 == 1 { return nil, errors.New("fake error") } return &fakeImage{}, nil }, wantPass: true, }, { name: "failure with attempts exceeded", imagePuller: func(int) (containerd.Image, error) { return nil, errors.New("fake error") }, wantPass: false, }, } for _, tc := range testCases { t.Run(tc.name, func(t *testing.T) { retryPolicy := func() backoff.BackOff { b := backoff.NewExponentialBackOff() return backoff.WithMaxRetries(b, 2) } attempts := 0 _, err := pullImageWithRetries( func() (containerd.Image, error) { attempts++ return tc.imagePuller(attempts) }, retryPolicy) if gotPass := (err == nil); gotPass != tc.wantPass { t.Errorf("pullImageWithRetries failed, got %v, but want %v", gotPass, tc.wantPass) } }) } } // This ensures fakeContainer implements containerd.Container interface. var _ containerd.Container = &fakeContainer{} // This ensures fakeImage implements containerd.Image interface. var _ containerd.Image = &fakeImage{} type fakeContainer struct { containerd.Container image containerd.Image args []string env []string } func (c *fakeContainer) Image(context.Context) (containerd.Image, error) { return c.image, nil } func (c *fakeContainer) Spec(context.Context) (*oci.Spec, error) { return &oci.Spec{Process: &specs.Process{Args: c.args, Env: c.env}}, nil } type fakeImage struct { containerd.Image name string digest digest.Digest id digest.Digest } func (i *fakeImage) Name() string { return i.name } func (i *fakeImage) Target() v1.Descriptor { return v1.Descriptor{Digest: i.digest} } func (i *fakeImage) Config(_ context.Context) (v1.Descriptor, error) { return v1.Descriptor{Digest: i.id}, nil } go-tpm-tools-0.4.7/launcher/errors.go000066400000000000000000000007401510276467000175400ustar00rootroot00000000000000package launcher import "fmt" // RetryableError means launcher should reboot the VM to retry. type RetryableError struct { Err error } // WorkloadError represents the result of an workload/task that is non-zero. type WorkloadError struct { ReturnCode uint32 } func (e *RetryableError) Error() string { return fmt.Sprintf("failed with retryable error: %v", e.Err.Error()) } func (e *WorkloadError) Error() string { return "workload finished with a non-zero return code" } go-tpm-tools-0.4.7/launcher/go.mod000066400000000000000000000107131510276467000170040ustar00rootroot00000000000000module github.com/google/go-tpm-tools/launcher go 1.23.0 toolchain go1.24.4 require ( cloud.google.com/go/compute/metadata v0.8.0 cloud.google.com/go/logging v1.13.0 github.com/cenkalti/backoff/v4 v4.3.0 github.com/containerd/containerd v1.7.23 github.com/containerd/containerd/v2 v2.0.1 github.com/coreos/go-systemd/v22 v22.5.0 github.com/golang-jwt/jwt/v4 v4.5.1 github.com/google/go-cmp v0.7.0 github.com/google/go-configfs-tsm v0.3.3-0.20240919001351-b4b5b84fdcbc github.com/google/go-tdx-guest v0.3.2-0.20241009005452-097ee70d0843 github.com/google/go-tpm v0.9.6 github.com/google/go-tpm-tools v0.4.4 github.com/google/go-tpm-tools/verifier v0.4.4 github.com/opencontainers/go-digest v1.0.0 github.com/opencontainers/image-spec v1.1.0 github.com/opencontainers/runtime-spec v1.2.0 golang.org/x/oauth2 v0.30.0 google.golang.org/api v0.247.0 google.golang.org/genproto/googleapis/api v0.0.0-20250818200422-3122310a409c google.golang.org/grpc v1.74.2 google.golang.org/protobuf v1.36.7 ) require ( cloud.google.com/go v0.120.0 // indirect cloud.google.com/go/auth v0.16.4 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect cloud.google.com/go/confidentialcomputing v1.9.3-0.20250902151313-51583bd5c9b8 // indirect cloud.google.com/go/longrunning v0.6.7 // indirect github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 // indirect github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20231105174938-2b5cbb29f3e2 // indirect github.com/Microsoft/go-winio v0.6.2 // indirect github.com/Microsoft/hcsshim v0.12.9 // indirect github.com/containerd/cgroups/v3 v3.0.3 // indirect github.com/containerd/containerd/api v1.8.0 // indirect github.com/containerd/continuity v0.4.4 // indirect github.com/containerd/errdefs v1.0.0 // indirect github.com/containerd/errdefs/pkg v0.3.0 // indirect github.com/containerd/fifo v1.1.0 // indirect github.com/containerd/log v0.1.0 // indirect github.com/containerd/platforms v1.0.0-rc.0 // indirect github.com/containerd/ttrpc v1.2.6 // indirect github.com/containerd/typeurl/v2 v2.2.3 // indirect github.com/distribution/reference v0.6.0 // indirect github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect github.com/felixge/httpsnoop v1.0.4 // indirect github.com/go-logr/logr v1.4.3 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/godbus/dbus/v5 v5.1.0 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/google/certificate-transparency-go v1.1.2 // indirect github.com/google/go-attestation v0.5.1 // indirect github.com/google/go-eventlog v0.0.2-0.20241003021507-01bb555f7cba // indirect github.com/google/go-sev-guest v0.14.0 // indirect github.com/google/go-tspi v0.3.0 // indirect github.com/google/logger v1.1.1 // indirect github.com/google/s2a-go v0.1.9 // indirect github.com/google/uuid v1.6.0 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.6 // indirect github.com/googleapis/gax-go/v2 v2.15.0 // indirect github.com/klauspost/compress v1.17.11 // indirect github.com/moby/locker v1.0.1 // indirect github.com/moby/sys/mountinfo v0.7.2 // indirect github.com/moby/sys/sequential v0.6.0 // indirect github.com/moby/sys/signal v0.7.1 // indirect github.com/moby/sys/user v0.3.0 // indirect github.com/moby/sys/userns v0.1.0 // indirect github.com/opencontainers/selinux v1.11.1 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/sirupsen/logrus v1.9.3 // indirect go.opencensus.io v0.24.0 // indirect go.opentelemetry.io/auto/sdk v1.1.0 // indirect go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0 // indirect go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 // indirect go.opentelemetry.io/otel v1.36.0 // indirect go.opentelemetry.io/otel/metric v1.36.0 // indirect go.opentelemetry.io/otel/trace v1.36.0 // indirect go.uber.org/multierr v1.11.0 // indirect golang.org/x/crypto v0.41.0 // indirect golang.org/x/net v0.43.0 // indirect golang.org/x/sync v0.16.0 // indirect golang.org/x/sys v0.35.0 // indirect golang.org/x/text v0.28.0 // indirect golang.org/x/time v0.12.0 // indirect google.golang.org/genproto v0.0.0-20250603155806-513f23925822 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20250818200422-3122310a409c // indirect ) replace ( github.com/google/go-tpm-tools v0.4.4 => ../ github.com/google/go-tpm-tools/verifier v0.4.4 => ../verifier ) go-tpm-tools-0.4.7/launcher/go.sum000066400000000000000000004165061510276467000170430ustar00rootroot00000000000000bazil.org/fuse v0.0.0-20180421153158-65cc252bf669/go.mod h1:Xbm+BRKSBEpa4q4hTSxohYNQpsxXPbPry4JJWOB3LB8= bitbucket.org/creachadair/shell v0.0.6/go.mod h1:8Qqi/cYk7vPnsOePHroKXDJYmb5x7ENhtiFtfZq8K+M= cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= cloud.google.com/go v0.39.0/go.mod h1:rVLT6fkc8chs9sfPtFc1SBH6em7n+ZoXaG+87tDISts= cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU= cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= cloud.google.com/go v0.44.3/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc= cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0= cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To= cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4= cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M= cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc= cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk= cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs= cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc= cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY= cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI= cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk= cloud.google.com/go v0.75.0/go.mod h1:VGuuCn7PG0dwsd5XPVm2Mm3wlh3EL55/79EKB6hlPTY= cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg= cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8= cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= cloud.google.com/go v0.83.0/go.mod h1:Z7MJUsANfY0pYPdw0lbnivPx4/vhy/e2FEkSkF7vAVY= cloud.google.com/go v0.84.0/go.mod h1:RazrYuxIK6Kb7YrzzhPoLmCVzl7Sup4NrbKPg8KHSUM= cloud.google.com/go v0.87.0/go.mod h1:TpDYlFy7vuLzZMMZ+B6iRiELaY7z/gJPaqbMx6mlWcY= cloud.google.com/go v0.90.0/go.mod h1:kRX0mNRHe0e2rC6oNakvwQqzyDmg57xJ+SZU1eT2aDQ= cloud.google.com/go v0.92.2/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI= cloud.google.com/go v0.92.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI= cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI= cloud.google.com/go v0.120.0 h1:wc6bgG9DHyKqF5/vQvX1CiZrtHnxJjBlKUyF9nP6meA= cloud.google.com/go v0.120.0/go.mod h1:/beW32s8/pGRuj4IILWQNd4uuebeT4dkOhKmkfit64Q= cloud.google.com/go/auth v0.16.4 h1:fXOAIQmkApVvcIn7Pc2+5J8QTMVbUGLscnSVNl11su8= cloud.google.com/go/auth v0.16.4/go.mod h1:j10ncYwjX/g3cdX7GpEzsdM+d+ZNsXAbb6qXA7p1Y5M= cloud.google.com/go/auth/oauth2adapt v0.2.8 h1:keo8NaayQZ6wimpNSmW5OPc283g65QNIiLpZnkHRbnc= cloud.google.com/go/auth/oauth2adapt v0.2.8/go.mod h1:XQ9y31RkqZCcwJWNSx2Xvric3RrU88hAYYbjDWYDL+c= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= cloud.google.com/go/compute/metadata v0.8.0 h1:HxMRIbao8w17ZX6wBnjhcDkW6lTFpgcaobyVfZWqRLA= cloud.google.com/go/compute/metadata v0.8.0/go.mod h1:sYOGTp851OV9bOFJ9CH7elVvyzopvWQFNNghtDQ/Biw= cloud.google.com/go/confidentialcomputing v1.9.3-0.20250902151313-51583bd5c9b8 h1:5sgtvzlC80YG1mSB535USESeIQBbpKXMMFzwcIIDX2M= cloud.google.com/go/confidentialcomputing v1.9.3-0.20250902151313-51583bd5c9b8/go.mod h1:u2iGBWSZ9hlgQAwwpwoz2U9V4UBYRysd/vAW7Tg7WPI= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk= cloud.google.com/go/iam v1.5.2 h1:qgFRAGEmd8z6dJ/qyEchAuL9jpswyODjA2lS+w234g8= cloud.google.com/go/iam v1.5.2/go.mod h1:SE1vg0N81zQqLzQEwxL2WI6yhetBdbNQuTvIKCSkUHE= cloud.google.com/go/logging v1.13.0 h1:7j0HgAp0B94o1YRDqiqm26w4q1rDMH7XNRU34lJXHYc= cloud.google.com/go/logging v1.13.0/go.mod h1:36CoKh6KA/M0PbhPKMq6/qety2DCAErbhXT62TuXALA= cloud.google.com/go/longrunning v0.6.7 h1:IGtfDWHhQCgCjwQjV9iiLnUta9LBCo8R9QmAFsS/PrE= cloud.google.com/go/longrunning v0.6.7/go.mod h1:EAFV3IZAKmM56TyiE6VAP3VoTzhZzySwI/YI1s/nRsY= cloud.google.com/go/monitoring v0.1.0/go.mod h1:Hpm3XfzJv+UTiXzCG5Ffp0wijzHTC7Cv4eR7o3x/fEE= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= cloud.google.com/go/spanner v1.17.0/go.mod h1:+17t2ixFwRG4lWRwE+5kipDR9Ef07Jkmc8z0IbMDKUs= cloud.google.com/go/spanner v1.18.0/go.mod h1:LvAjUXPeJRGNuGpikMULjhLj/t9cRvdc+fxRoLiugXA= cloud.google.com/go/spanner v1.25.0/go.mod h1:kQUft3x355hzzaeFbObjsvkzZDgpDkesp3v75WBnI8w= cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= cloud.google.com/go/trace v0.1.0/go.mod h1:wxEwsoeRVPbeSkt7ZC9nWCgmoKQRAoySN7XHW2AmI7g= code.gitea.io/sdk/gitea v0.11.3/go.mod h1:z3uwDV/b9Ls47NGukYM9XhnHtqPh/J+t40lsUrR6JDY= contrib.go.opencensus.io/exporter/aws v0.0.0-20181029163544-2befc13012d0/go.mod h1:uu1P0UCM/6RbsMrgPa98ll8ZcHM858i/AD06a9aLRCA= contrib.go.opencensus.io/exporter/ocagent v0.5.0/go.mod h1:ImxhfLRpxoYiSq891pBrLVhN+qmP8BTVvdH2YLs7Gl0= contrib.go.opencensus.io/exporter/stackdriver v0.12.1/go.mod h1:iwB6wGarfphGGe/e5CWqyUk/cLzKnWsOKPVW3no6OTw= contrib.go.opencensus.io/exporter/stackdriver v0.13.5/go.mod h1:aXENhDJ1Y4lIg4EUaVTwzvYETVNZk10Pu26tevFKLUc= contrib.go.opencensus.io/exporter/stackdriver v0.13.8/go.mod h1:huNtlWx75MwO7qMs0KrMxPZXzNNWebav1Sq/pm02JdQ= contrib.go.opencensus.io/integrations/ocsql v0.1.4/go.mod h1:8DsSdjz3F+APR+0z0WkU1aRorQCFfRxvqjUUPMbF3fE= contrib.go.opencensus.io/resource v0.1.1/go.mod h1:F361eGI91LCmW1I/Saf+rX0+OFcigGlFvXwEGEnkRLA= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 h1:He8afgbRMd7mFxO99hRNu+6tazq8nFF9lIwo9JFroBk= github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8= github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20231105174938-2b5cbb29f3e2 h1:dIScnXFlF784X79oi7MzVT6GWqr/W1uUt0pB5CsDs9M= github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20231105174938-2b5cbb29f3e2/go.mod h1:gCLVsLfv1egrcZu+GoJATN5ts75F2s62ih/457eWzOw= github.com/Azure/azure-amqp-common-go/v2 v2.1.0/go.mod h1:R8rea+gJRuJR6QxTir/XuEd+YuKoUiazDC/N96FiDEU= github.com/Azure/azure-pipeline-go v0.2.1/go.mod h1:UGSo8XybXnIGZ3epmeBw7Jdz+HiUVpqIlpz/HKHylF4= github.com/Azure/azure-sdk-for-go v29.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go v30.1.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-service-bus-go v0.9.1/go.mod h1:yzBx6/BUGfjfeqbRZny9AQIbIe3AcV9WZbAdpkoXOa0= github.com/Azure/azure-storage-blob-go v0.8.0/go.mod h1:lPI3aLPpuLTeUwh1sViKXFxwl2B6teiRqI0deQUvsw0= github.com/Azure/go-autorest v12.0.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/GoogleCloudPlatform/cloudsql-proxy v0.0.0-20191009163259-e802c2cb94ae/go.mod h1:mjwGPas4yKduTyubHvD1Atl9r1rUq8DfVy+gkVvZ+oo= github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0= github.com/Masterminds/goutils v1.1.0/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= github.com/Masterminds/semver v1.4.2/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= github.com/Masterminds/semver/v3 v3.0.3/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= github.com/Masterminds/semver/v3 v3.1.0/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= github.com/Masterminds/sprig v2.15.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o= github.com/Masterminds/sprig v2.22.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o= github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY= github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU= github.com/Microsoft/hcsshim v0.12.9 h1:2zJy5KA+l0loz1HzEGqyNnjd3fyZA31ZBCGKacp6lLg= github.com/Microsoft/hcsshim v0.12.9/go.mod h1:fJ0gkFAna6ukt0bLdKB8djt4XIJhF/vEPuoIWYVvZ8Y= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo= github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI= github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/4+TcAqDqk/vUH7g= github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c= github.com/alcortesm/tgz v0.0.0-20161220082320-9c5fe88206d7/go.mod h1:6zEj6s6u/ghQa61ZWa/C2Aw3RkjiTBOix7dkqa1VLIs= github.com/alecthomas/kingpin v2.2.6+incompatible/go.mod h1:59OFYbFVLKQKq+mqrL6Rw5bR0c3ACQaawgXx0QYndlE= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/aokoli/goutils v1.0.1/go.mod h1:SijmP0QR8LtwsmDs8Yii5Z/S4trXFGFC2oO5g9DP+DQ= github.com/apache/beam v2.28.0+incompatible/go.mod h1:/8NX3Qi8vGstDLLaeaU7+lzVEu/ACaQhYjeefzQ0y1o= github.com/apache/beam v2.32.0+incompatible/go.mod h1:/8NX3Qi8vGstDLLaeaU7+lzVEu/ACaQhYjeefzQ0y1o= github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= github.com/apache/thrift v0.13.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= github.com/apex/log v1.1.4/go.mod h1:AlpoD9aScyQfJDVHmLMEcx4oU6LqzkWp4Mg9GdAcEvQ= github.com/apex/logs v0.0.4/go.mod h1:XzxuLZ5myVHDy9SAmYpamKKRNApGj54PfYLcFrXqDwo= github.com/aphistic/golf v0.0.0-20180712155816-02c07f170c5a/go.mod h1:3NqKYiepwy8kCu4PNA+aP7WUV72eXWJeP9/r3/K9aLE= github.com/aphistic/sweet v0.2.0/go.mod h1:fWDlIh/isSE9n6EPsRmC0det+whmX6dJid3stzu0Xys= github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a/go.mod h1:DAHtR1m6lCRdSC2Tm3DSWRPvIPr6xNKyeHdqDQSQT+A= github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQwij/eHl5CU= github.com/aws/aws-sdk-go v1.15.27/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0= github.com/aws/aws-sdk-go v1.19.18/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.19.45/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.20.6/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.23.20/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.25.11/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.37.0/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g= github.com/aybabtme/rgbterm v0.0.0-20170906152045-cc83f3b3ce59/go.mod h1:q/89r3U2H7sSsE2t6Kca0lfwTK8JdoNGS/yzM/4iH5I= github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84= github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb/go.mod h1:PkYb9DJNAwrSvRx5DYA+gUcOIgTGVMNkfSCbZM8cWpI= github.com/caarlos0/ctrlc v1.0.0/go.mod h1:CdXpj4rmq0q/1Eb44M9zi2nKB0QraNKuRGYGrrHhcQw= github.com/campoy/unique v0.0.0-20180121183637-88950e537e7e/go.mod h1:9IOqJGCPMSc6E5ydlp5NIonxObaeu/Iub/X03EKPVYo= github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= github.com/cavaliercoder/go-cpio v0.0.0-20180626203310-925f9528c45e/go.mod h1:oDpT4efm8tSYHXV5tHSdRvBet/b/QzxZ+XyyPehvm3A= github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.3.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/certifi/gocertifi v0.0.0-20191021191039-0944d244cd40/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA= github.com/certifi/gocertifi v0.0.0-20200922220541-2c3bb06c6054/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA= github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= github.com/clbanning/x2j v0.0.0-20191024224557-825249438eec/go.mod h1:jMjuTZXRI4dUb/I5gc9Hdhagfvm9+RyrPryS/auMzxE= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h6jFvWxBdQXxjopDMZyH2UVceIRfR84bdzbkoKrsWNo= github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoCr5oaCLELYA= github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f/go.mod h1:i/u985jwjWRlyHXQbwatDASoW0RMlZ/3i9yJHE2xLkI= github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd/go.mod h1:sE/e/2PUdi/liOCUjSTXgM1o87ZssimdTWN964YiIeI= github.com/containerd/cgroups/v3 v3.0.3 h1:S5ByHZ/h9PMe5IOQoN7E+nMc2UcLEM/V48DGDJ9kip0= github.com/containerd/cgroups/v3 v3.0.3/go.mod h1:8HBe7V3aWGLFPd/k03swSIsGjZhHI2WzJmticMgVuz0= github.com/containerd/containerd v1.7.23 h1:H2CClyUkmpKAGlhQp95g2WXHfLYc7whAuvZGBNYOOwQ= github.com/containerd/containerd v1.7.23/go.mod h1:7QUzfURqZWCZV7RLNEn1XjUCQLEf0bkaK4GjUaZehxw= github.com/containerd/containerd/api v1.8.0 h1:hVTNJKR8fMc/2Tiw60ZRijntNMd1U+JVMyTRdsD2bS0= github.com/containerd/containerd/api v1.8.0/go.mod h1:dFv4lt6S20wTu/hMcP4350RL87qPWLVa/OHOwmmdnYc= github.com/containerd/containerd/v2 v2.0.1 h1:xqSar9cjkGhfQ2YvanCu7FMLk6+pNCFMCAroM2ALPp0= github.com/containerd/containerd/v2 v2.0.1/go.mod h1:A9DyAg+lXTiSBOsBTqQtJL4O3AGaM1aa4UHmVh4uFhM= github.com/containerd/continuity v0.4.4 h1:/fNVfTJ7wIl/YPMHjf+5H32uFhl63JucB34PlCpMKII= github.com/containerd/continuity v0.4.4/go.mod h1:/lNJvtJKUQStBzpVQ1+rasXO1LAWtUQssk28EZvJ3nE= github.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG8PI= github.com/containerd/errdefs v1.0.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M= github.com/containerd/errdefs/pkg v0.3.0 h1:9IKJ06FvyNlexW690DXuQNx2KA2cUJXx151Xdx3ZPPE= github.com/containerd/errdefs/pkg v0.3.0/go.mod h1:NJw6s9HwNuRhnjJhM7pylWwMyAkmCQvQ4GpJHEqRLVk= github.com/containerd/fifo v1.1.0 h1:4I2mbh5stb1u6ycIABlBw9zgtlK8viPI9QkQNRQEEmY= github.com/containerd/fifo v1.1.0/go.mod h1:bmC4NWMbXlt2EZ0Hc7Fx7QzTFxgPID13eH0Qu+MAb2o= github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= github.com/containerd/platforms v1.0.0-rc.0 h1:GuHWSKgVVO3POn6nRBB4sH63uPOLa87yuuhsGLWaXAA= github.com/containerd/platforms v1.0.0-rc.0/go.mod h1:T1XAzzOdYs3it7l073MNXyxRwQofJfqwi/8cRjufIk4= github.com/containerd/ttrpc v1.2.6 h1:zG+Kn5EZ6MUYCS1t2Hmt2J4tMVaLSFEJVOraDQwNPC4= github.com/containerd/ttrpc v1.2.6/go.mod h1:YCXHsb32f+Sq5/72xHubdiJRQY9inL4a4ZQrAbN1q9o= github.com/containerd/typeurl/v2 v2.2.3 h1:yNA/94zxWdvYACdYO8zofhrTVuQY73fFU1y++dYSw40= github.com/containerd/typeurl/v2 v2.2.3/go.mod h1:95ljDnPfD3bAbDJRugOiShd/DlAAsxGtUBhJxIn7SCk= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk= github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd/v22 v22.1.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk= github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v0.0.0-20161028175848-04cdfd42973b/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/devigned/tab v0.1.1/go.mod h1:XG9mPq0dFghrYvoBF3xdRrJzSTX1b7IQrvaL9mzjeJY= github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8= github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk= github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c h1:+pKlWGMw7gf6bQ+oDZB4KHQFypsfjYlq/C4rfL7D3g8= github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA= github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs= github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU= github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I= github.com/edsrzf/mmap-go v1.0.0/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M= github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o= github.com/envoyproxy/go-control-plane v0.6.9/go.mod h1:SBwIajubJHhxtWwsL9s8ss4safvEdbitLhGGK48rN6g= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po= github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/envoyproxy/protoc-gen-validate v0.3.0-java/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/etcd-io/gofail v0.0.0-20190801230047-ad7f989257ca/go.mod h1:49H/RkXP8pKaZy4h0d+NW16rSLhyVBt4o6VLJbmOqDE= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/fortytw2/leaktest v1.2.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g= github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g= github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4= github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fullstorydev/grpcurl v1.8.0/go.mod h1:Mn2jWbdMrQGJQ8UD62uNyMumT2acsZUCkZIqFxsQf1o= github.com/fullstorydev/grpcurl v1.8.1/go.mod h1:3BWhvHZwNO7iLXaQlojdg5NA6SxUDePli4ecpK1N7gw= github.com/fullstorydev/grpcurl v1.8.2/go.mod h1:YvWNT3xRp2KIRuvCphFodG0fKkMXwaxA9CJgKCcyzUQ= github.com/getsentry/raven-go v0.2.0/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49PX4NzFV5kcQ= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI= github.com/gin-gonic/gin v1.5.0/go.mod h1:Nd6IXA8m5kNZdNEHMBd93KT+mdY3+bewLgRvmCsR2Do= github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-ini/ini v1.25.4/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.10.0/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o= github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI= github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-playground/locales v0.12.1/go.mod h1:IUMDtCfWo/w/mtMfIE/IG2K+Ey3ygWanZIBtBW0W2TM= github.com/go-playground/universal-translator v0.16.0/go.mod h1:1AnU7NaIRDWWzGEKwgtJRd2xk99HeFyHw3yid4rvQIY= github.com/go-redis/redis v6.15.9+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA= github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk= github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/gogo/googleapis v1.1.0/go.mod h1:gf4bu3Q80BeJ6H1S1vYPm8/ELATdvryBaNFGgqEef3s= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= github.com/gogo/protobuf v1.3.0/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang-jwt/jwt/v4 v4.5.1 h1:JdqV9zKUdtaa9gdPlywC3aeoEsR681PlKC+4F5gQgeo= github.com/golang-jwt/jwt/v4 v4.5.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8= github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk= github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= github.com/google/certificate-transparency-go v1.0.21/go.mod h1:QeJfpSbVSfYc7RgB3gJFj9cbuQMMchQxrWXz8Ruopmg= github.com/google/certificate-transparency-go v1.1.2-0.20210422104406-9f33727a7a18/go.mod h1:6CKh9dscIRoqc2kC6YUFICHZMT9NrClyPrRVFrdw1QQ= github.com/google/certificate-transparency-go v1.1.2-0.20210512142713-bed466244fa6/go.mod h1:aF2dp7Dh81mY8Y/zpzyXps4fQW5zQbDu2CxfpJB6NkI= github.com/google/certificate-transparency-go v1.1.2 h1:4hE0GEId6NAW28dFpC+LrRGwQX5dtmXQGDbg8+/MZOM= github.com/google/certificate-transparency-go v1.1.2/go.mod h1:3OL+HKDqHPUfdKrHVQxO6T8nDLO0HF7LRTlkIWXaWvQ= github.com/google/go-attestation v0.5.1 h1:jqtOrLk5MNdliTKjPbIPrAaRKJaKW+0LIU2n/brJYms= github.com/google/go-attestation v0.5.1/go.mod h1:KqGatdUhg5kPFkokyzSBDxwSCFyRgIgtRkMp6c3lOBQ= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= github.com/google/go-configfs-tsm v0.3.3-0.20240919001351-b4b5b84fdcbc h1:SG12DWUUM5igxm+//YX5Yq4vhdoRnOG9HkCodkOn+YU= github.com/google/go-configfs-tsm v0.3.3-0.20240919001351-b4b5b84fdcbc/go.mod h1:EL1GTDFMb5PZQWDviGfZV9n87WeGTR/JUg13RfwkgRo= github.com/google/go-eventlog v0.0.2-0.20241003021507-01bb555f7cba h1:05m5+kgZjxYUZrx3bZfkKHl6wkch+Khao6N21rFHInk= github.com/google/go-eventlog v0.0.2-0.20241003021507-01bb555f7cba/go.mod h1:7huE5P8w2NTObSwSJjboHmB7ioBNblkijdzoVa2skfQ= github.com/google/go-github/v28 v28.1.1/go.mod h1:bsqJWQX05omyWVmc00nEUql9mhQyv38lDZ8kPZcQVoM= github.com/google/go-licenses v0.0.0-20210329231322-ce1d9163b77d/go.mod h1:+TYOmkVoJOpwnS0wfdsJCV9CoD5nJYsHoFk/0CrTK4M= github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/go-replayers/grpcreplay v0.1.0/go.mod h1:8Ig2Idjpr6gifRd6pNVggX6TC1Zw6Jx74AKp7QNH2QE= github.com/google/go-replayers/httpreplay v0.1.0/go.mod h1:YKZViNhiGgqdBlUbI2MwGpq4pXxNmhJLPHQ7cv2b5no= github.com/google/go-sev-guest v0.14.0 h1:dCb4F3YrHTtrDX3cYIPTifEDz7XagZmXQioxRBW4wOo= github.com/google/go-sev-guest v0.14.0/go.mod h1:SK9vW+uyfuzYdVN0m8BShL3OQCtXZe/JPF7ZkpD3760= github.com/google/go-tdx-guest v0.3.2-0.20241009005452-097ee70d0843 h1:+MoPobRN9HrDhGyn6HnF5NYo4uMBKaiFqAtf/D/OB4A= github.com/google/go-tdx-guest v0.3.2-0.20241009005452-097ee70d0843/go.mod h1:g/n8sKITIT9xRivBUbizo34DTsUm2nN2uU3A662h09g= github.com/google/go-tpm v0.9.6 h1:Ku42PT4LmjDu1H5C5ISWLlpI1mj+Zq7sPGKoRw2XROA= github.com/google/go-tpm v0.9.6/go.mod h1:h9jEsEECg7gtLis0upRBQU+GhYVH6jMjrFxI8u6bVUY= github.com/google/go-tspi v0.3.0 h1:ADtq8RKfP+jrTyIWIZDIYcKOMecRqNJFOew2IT0Inus= github.com/google/go-tspi v0.3.0/go.mod h1:xfMGI3G0PhxCdNVcYr1C4C+EizojDg/TXuX5by8CiHI= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/licenseclassifier v0.0.0-20210325184830-bb04aff29e72/go.mod h1:qsqn2hxC+vURpyBRygGUuinTO42MFRLcsmQ/P8v94+M= github.com/google/logger v1.1.1 h1:+6Z2geNxc9G+4D4oDO9njjjn2d0wN5d7uOo0vOIW1NQ= github.com/google/logger v1.1.1/go.mod h1:BkeJZ+1FhQ+/d087r4dzojEg1u2ZX+ZqG1jTUrLM+zQ= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/martian v2.1.1-0.20190517191504-25dcb96d9e51+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/rpmpack v0.0.0-20191226140753-aa36bfddb3a0/go.mod h1:RaTPr0KUf2K7fnZYLNDrr8rxAamWs3iNywJLtQ2AzBg= github.com/google/s2a-go v0.1.9 h1:LGD7gtMgezd8a/Xak7mEWL0PjoTQFvpRudN895yqKW0= github.com/google/s2a-go v0.1.9/go.mod h1:YA0Ei2ZQL3acow2O62kdp9UlnvMmU7kA6Eutn0dXayM= github.com/google/subcommands v1.0.1/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk= github.com/google/trillian v1.3.14-0.20210409160123-c5ea3abd4a41/go.mod h1:1dPv0CUjNQVFEDuAUFhZql16pw/VlPgaX8qj+g5pVzQ= github.com/google/trillian v1.3.14-0.20210511103300-67b5f349eefa/go.mod h1:s4jO3Ai4NSvxucdvqUHON0bCqJyoya32eNw6XJwsmNc= github.com/google/trillian v1.4.0/go.mod h1:1Bja2nEgMDlEJWWRXBUemSPG9qYw84ZYX2gHRVHlR+g= github.com/google/uuid v0.0.0-20161128191214-064e2069ce9c/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/wire v0.3.0/go.mod h1:i1DMg/Lu8Sz5yYl25iOdmc5CT5qusaa+zmRWs16741s= github.com/googleapis/enterprise-certificate-proxy v0.3.6 h1:GW/XbdyBFQ8Qe+YAmFU9uHLo7OnF5tL52HFAgMmyrf4= github.com/googleapis/enterprise-certificate-proxy v0.3.6/go.mod h1:MkHOF77EYAE7qfSuSS9PU6g4Nt4e11cnsDUowfwewLA= github.com/googleapis/gax-go v2.0.2+incompatible/go.mod h1:SFVmujtThgffbyetf+mdk2eWhX2bMyUtNHzFKcPA9HY= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/googleapis/gax-go/v2 v2.15.0 h1:SyjDc1mGgZU5LncH8gimWo9lW1DtIfPibOG81vgd/bo= github.com/googleapis/gax-go/v2 v2.15.0/go.mod h1:zVVkkxAQHa1RQpg9z2AUCMnKhi0Qld9rcmyfL1OZhoc= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/gordonklaus/ineffassign v0.0.0-20200309095847-7953dde2c7bf/go.mod h1:cuNKsD1zp2v6XfE/orVX2QE1LC+i254ceGcVeDT3pTU= github.com/goreleaser/goreleaser v0.134.0/go.mod h1:ZT6Y2rSYa6NxQzIsdfWWNWAlYGXGbreo66NmE+3X3WQ= github.com/goreleaser/nfpm v1.2.1/go.mod h1:TtWrABZozuLOttX2uDlYyECfQX7x5XYkVxhjYcR6G9w= github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= github.com/grpc-ecosystem/go-grpc-middleware v1.2.2/go.mod h1:EaizFBKfUKtMIF5iaDEhniwNedqGo9FuLFzppDr3uwI= github.com/grpc-ecosystem/go-grpc-middleware v1.3.0/go.mod h1:z0ButlSOZa5vEBq9m2m2hlwIgKw+rp3sdCBRoJY+30Y= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= github.com/grpc-ecosystem/grpc-gateway v1.8.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.9.2/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.14.6/go.mod h1:zdiPV4Yse/1gnckTHtghG4GkDEdKCRJduHpTxT3/jcw= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= github.com/hashicorp/consul/api v1.3.0/go.mod h1:MmDNSzIMUjNpY/mQ398R4bk2FnqQLoPndWW5VkKPlCE= github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= github.com/hashicorp/consul/sdk v0.3.0/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= github.com/hashicorp/go-retryablehttp v0.6.4/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU= github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU= github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4= github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ= github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I= github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/huandu/xstrings v1.0.0/go.mod h1:4qWG/gcEcfX4z/mBDHJ++3ReCw9ibxbsNJbcucJdbSo= github.com/huandu/xstrings v1.2.0/go.mod h1:DvyZB1rfVYsBIigL8HwpZgxHwXozlTgGqn63UyNX5k4= github.com/hudl/fargo v1.3.0/go.mod h1:y3CKSmjA+wD2gak7sUSXTAoopbhU08POFhmITJgmKTg= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/imdario/mergo v0.3.4/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.9/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d/go.mod h1:qj24IKcXYK6Iy9ceXlo3Tc+vtHo9lIhSX5JddghvEPo= github.com/jarcoal/httpmock v1.0.5/go.mod h1:ATjnClrvW/3tijVmpL/va5Z3aAyGvqU3gCT8nX0Txik= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= github.com/jhump/protoreflect v1.6.1/go.mod h1:RZQ/lnuN+zqeRVpQigTwO6o0AJUkxbnSnpuG7toUTG4= github.com/jhump/protoreflect v1.8.2/go.mod h1:7GcYQDdMU/O/BBrl/cX6PNHpXh6cenjd8pneu5yW7Tg= github.com/jhump/protoreflect v1.9.0/go.mod h1:7GcYQDdMU/O/BBrl/cX6PNHpXh6cenjd8pneu5yW7Tg= github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg= github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8= github.com/jpillora/backoff v0.0.0-20180909062703-3050d21c67d7/go.mod h1:2iMrUgbbvHEiQClaW2NsSzMyGHqN+rDFqY705q49KG0= github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= github.com/juju/ratelimit v1.0.1/go.mod h1:qapgC/Gy+xNh9UxzV13HGGl/6UXNN+ct+vwSgWNm/qk= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= github.com/kevinburke/ssh_config v0.0.0-20190725054713-01f96b0aa0cd/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.17.11 h1:In6xLpyWOi1+C7tXUUWv2ot1QvBjxevKAaI6IXrJmUc= github.com/klauspost/compress v1.17.11/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= github.com/leodido/go-urn v1.1.0/go.mod h1:+cyI34gQWZcE1eQU7NVgKkkzdXDQHr1dBMtdAPozLkw= github.com/letsencrypt/pkcs11key/v4 v4.0.0/go.mod h1:EFUvBDay26dErnNb70Nd0/VW3tJiIbETBPTl9ATXQag= github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM= github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4= github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ= github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= github.com/mattn/go-ieproxy v0.0.0-20190610004146-91bb50d98149/go.mod h1:31jz6HNzdxOmlERGGEc4v/dMssOfmp2p5bT/okiKFFc= github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.5/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.9/go.mod h1:YNRxwqDuOph6SZLI9vUUz6OYw3QyUt7WiY2yME+cCiQ= github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= github.com/mattn/go-runewidth v0.0.7/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= github.com/mattn/go-shellwords v1.0.10/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y= github.com/mattn/go-zglob v0.0.1/go.mod h1:9fxibJccNxU2cnpIKLRRFA7zX7qhkJIQWBb449FYHOo= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE= github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= github.com/miekg/pkcs11 v1.0.2/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= github.com/miekg/pkcs11 v1.0.3/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg= github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY= github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/mitchellh/reflectwalk v1.0.1/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg= github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc= github.com/moby/sys/mountinfo v0.7.2 h1:1shs6aH5s4o5H2zQLn796ADW1wMrIwHsyJ2v9KouLrg= github.com/moby/sys/mountinfo v0.7.2/go.mod h1:1YOa8w8Ih7uW0wALDUgT1dTTSBrZ+HiBLGws92L2RU4= github.com/moby/sys/sequential v0.6.0 h1:qrx7XFUd/5DxtqcoH1h438hF5TmOvzC/lspjy7zgvCU= github.com/moby/sys/sequential v0.6.0/go.mod h1:uyv8EUTrca5PnDsdMGXhZe6CCe8U/UiTWd+lL+7b/Ko= github.com/moby/sys/signal v0.7.1 h1:PrQxdvxcGijdo6UXXo/lU/TvHUWyPhj7UOpSo8tuvk0= github.com/moby/sys/signal v0.7.1/go.mod h1:Se1VGehYokAkrSQwL4tDzHvETwUZlnY7S5XtQ50mQp8= github.com/moby/sys/user v0.3.0 h1:9ni5DlcW5an3SvRSx4MouotOygvzaXbaSrc/wGDFWPo= github.com/moby/sys/user v0.3.0/go.mod h1:bG+tYYYJgaMtRKgEmuueC0hJEAZWwtIbZTB+85uoHjs= github.com/moby/sys/userns v0.1.0 h1:tVLXkFOxVu9A64/yh59slHVv9ahO9UIev4JZusOLG/g= github.com/moby/sys/userns v0.1.0/go.mod h1:IHUYgu/kao6N8YZlp9Cf444ySSvCmDlmzUcYfDHOl28= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826/go.mod h1:TaXosZuwdSHYgviHp1DAtfrULt5eUgsSMsZf+YrPgl8= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mwitkow/go-proto-validators v0.0.0-20180403085117-0950a7990007/go.mod h1:m2XC9Qq0AlmmVksL6FktJCdTYyLk7V3fKyp0sl1yWQo= github.com/mwitkow/go-proto-validators v0.2.0/go.mod h1:ZfA1hW+UH/2ZHOWvQ3HnQaU0DtnpXu850MZiy+YUgcc= github.com/nats-io/jwt v0.3.0/go.mod h1:fRYCDE99xlTsqUzISS1Bi75UBJ6ljOJQOAAu5VglpSg= github.com/nats-io/jwt v0.3.2/go.mod h1:/euKqTS1ZD+zzjYrY7pseZrTtWQSjujC7xjPc8wL6eU= github.com/nats-io/nats-server/v2 v2.1.2/go.mod h1:Afk+wRZqkMQs/p45uXdrVLuab3gwv3Z8C4HTBu8GD/k= github.com/nats-io/nats.go v1.9.1/go.mod h1:ZjDU1L/7fJ09jvUSRVBR2e7+RnLiiIQyqyzEE/Zbp4w= github.com/nats-io/nkeys v0.1.0/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= github.com/nats-io/nkeys v0.1.3/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c= github.com/nishanths/predeclared v0.0.0-20200524104333-86fad755b4d3/go.mod h1:nt3d53pc1VYcphSCIaYAJtnPYnr3Zyn8fMq2wvPGPso= github.com/oklog/oklog v0.3.2/go.mod h1:FCV+B7mhrz4o+ueLpx+KqkyXRGMWOYEvfiXtdGtbWGs= github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo= github.com/olekukonko/tablewriter v0.0.4/go.mod h1:zq6QwlOf5SlnkVbMSr5EoBv3636FWnp+qbPhuoO21uA= github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.10.3/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug= github.com/opencontainers/image-spec v1.1.0/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM= github.com/opencontainers/runtime-spec v1.2.0 h1:z97+pHb3uELt/yiAWD691HNHQIF07bE7dzrbT927iTk= github.com/opencontainers/runtime-spec v1.2.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/selinux v1.11.1 h1:nHFvthhM0qY8/m+vfhJylliSshm8G1jJ2jDMcgULaH8= github.com/opencontainers/selinux v1.11.1/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec= github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492/go.mod h1:Ngi6UdF0k5OKD5t5wlmGhe/EDKPoUM3BXZSSfIuJbis= github.com/opentracing/basictracer-go v1.0.0/go.mod h1:QfBfYuafItcjQuMwinw9GhYKwFXS9KnPs5lxoYwgW74= github.com/opentracing/opentracing-go v1.0.2/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/openzipkin-contrib/zipkin-go-opentracing v0.4.5/go.mod h1:/wsWhb9smxSfWAKL3wpBW7V8scJMt8N8gnaMCS9E/cA= github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw= github.com/openzipkin/zipkin-go v0.2.1/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= github.com/openzipkin/zipkin-go v0.2.2/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= github.com/otiai10/copy v1.2.0/go.mod h1:rrF5dJ5F0t/EWSYODDu4j9/vEeYHMkc8jt0zJChqQWw= github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE= github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs= github.com/otiai10/mint v1.3.0/go.mod h1:F5AjcsTsWUqX+Na9fpHb52P8pcRX2CI6A3ctIT91xUo= github.com/otiai10/mint v1.3.1/go.mod h1:/yxELlJQ0ufhjUwhshSj+wFjZ78CnZ48/1wtmBH1OTc= github.com/pact-foundation/pact-go v1.0.4/go.mod h1:uExwJY4kCzNPcHRj+hCR/HBbOOIwwtUjcrb0b5/5kLM= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= github.com/pelletier/go-buffruneio v0.2.0/go.mod h1:JkE26KsDizTr40EUHkXVtNPvgGtbSNq5BcowyYOWdKo= github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9iaPbIdPPGyKcA8hKdoy6hAWba7Yac= github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc= github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6JUPA= github.com/pmezard/go-difflib v0.0.0-20151028094244-d8ed2627bdf0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs= github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.3.0/go.mod h1:hJaj2vgQTGQmVCsAACORcieXFeDPbaTKGT+JTgUa3og= github.com/prometheus/client_golang v1.5.1/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU= github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= github.com/prometheus/client_golang v1.10.0/go.mod h1:WJM3cc3yu7XKBKa/I8WeZm+V3eltZnBwfENSU7mdogU= github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.1.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt26CguLLsqA= github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4= github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= github.com/prometheus/common v0.18.0/go.mod h1:U+gB1OBLb1lF3O42bTCL+FK18tX9Oar16Clt/msog/s= github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= github.com/pseudomuto/protoc-gen-doc v1.4.1/go.mod h1:exDTOVwqpp30eV/EDPFLZy3Pwr2sn6hBC1WIYH/UbIg= github.com/pseudomuto/protoc-gen-doc v1.5.0/go.mod h1:exDTOVwqpp30eV/EDPFLZy3Pwr2sn6hBC1WIYH/UbIg= github.com/pseudomuto/protokit v0.2.0/go.mod h1:2PdH30hxVHsup8KpBTOXTBeMVhJZVio3Q8ViKSAXT0Q= github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= github.com/rogpeppe/fastuuid v1.1.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU= github.com/rs/cors v1.8.0/go.mod h1:EBwu+T5AvHOcXwvZIkQFjUN6s8Czyqw12GL/Y0tUyRM= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E= github.com/sassoftware/go-rpmutils v0.0.0-20190420191620-a8f1baeba37b/go.mod h1:am+Fp8Bt506lA3Rk3QCmSqmYmLMnPDhdDUcosQCAx+I= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= github.com/smartystreets/assertions v1.0.0/go.mod h1:kHHU4qYBaI3q23Pp3VPrmWhuIUrLW/7eUrw0BU5VaoM= github.com/smartystreets/go-aws-auth v0.0.0-20180515143844-0c1422d1fdb9/go.mod h1:SnhjPscd9TpLiy1LpzGSKh3bXCfxxXuqd9xmQJy3slM= github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= github.com/smartystreets/gunit v1.0.0/go.mod h1:qwPWnhz6pn0NnRBP++URONOVyNkPyr4SauJk4cUOwJs= github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= github.com/soheilhy/cmux v0.1.5-0.20210205191134-5ec6847320e5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0= github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0= github.com/sony/gobreaker v0.4.1/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY= github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU= github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE= github.com/spf13/cobra v1.1.1/go.mod h1:WnodtKOvamDL/PwE2M4iKs8aMDBZ5Q5klgD3qfVJQMI= github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo= github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s= github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE= github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg= github.com/src-d/gcfg v1.4.0/go.mod h1:p/UMsR43ujA89BJY9duynAwIpvqEujIH/jFlfL7jWoI= github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= github.com/streadway/amqp v0.0.0-20190827072141-edfb9018d271/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= github.com/streadway/handy v0.0.0-20190108123426-d5acb3125c2a/go.mod h1:qNTQ5P5JnDBl6z3cMAg/SywNDC5ABu5ApDIw6lUbRmI= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/testify v0.0.0-20170130113145-4d4bfba8f1d1/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/tj/assert v0.0.0-20171129193455-018094318fb0/go.mod h1:mZ9/Rh9oLWpLLDRpvE+3b7gP/C2YyLFYxNmcLnPTMe0= github.com/tj/go-elastic v0.0.0-20171221160941-36157cbbebc2/go.mod h1:WjeM0Oo1eNAjXGDx2yma7uG2XoyRZTq1uv3M/o7imD0= github.com/tj/go-kinesis v0.0.0-20171128231115-08b17f58cb1b/go.mod h1:/yhzCV0xPfx6jb1bBgRFjl5lytqVqZXEaeqWP8lTEao= github.com/tj/go-spin v1.1.0/go.mod h1:Mg1mzmePZm4dva8Qz60H2lHwmJ2loum4VIrLgVnKwh4= github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tmc/grpc-websocket-proxy v0.0.0-20200427203606-3cfed13b9966/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tomasen/realip v0.0.0-20180522021738-f0c99a92ddce/go.mod h1:o8v6yHRoik09Xen7gje4m9ERNah1d1PPsVq1VEx9vE4= github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw= github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY= github.com/ulikunitz/xz v0.5.6/go.mod h1:2bypXElzHzzJZwzH67Y6wb67pO62Rzfn7BSiF4ABRW8= github.com/ulikunitz/xz v0.5.7/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/urfave/cli v1.22.4/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/xanzy/go-gitlab v0.31.0/go.mod h1:sPLojNBn68fMUWSxIJtdVVIP8uSBYqesTfDUseX11Ug= github.com/xanzy/ssh-agent v0.2.1/go.mod h1:mLlQY/MoOhWBj+gOGMQkOeiEvkx+8pJSI+0Bx9h2kr4= github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8/go.mod h1:HUYIGzjTL3rfEspMxjDjgmT5uz5wzYJKVo23qUhYTos= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ= go.etcd.io/bbolt v1.3.6/go.mod h1:qXsaaIqmgQH0T+OPdb99Bf+PKfBBQVAdyD6TY9G8XM4= go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg= go.etcd.io/etcd/api/v3 v3.5.0-alpha.0/go.mod h1:mPcW6aZJukV6Aa81LSKpBjQXTWlXB5r74ymPoSWa3Sw= go.etcd.io/etcd/api/v3 v3.5.0/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs= go.etcd.io/etcd/client/pkg/v3 v3.5.0/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g= go.etcd.io/etcd/client/v2 v2.305.0-alpha.0/go.mod h1:kdV+xzCJ3luEBSIeQyB/OEKkWKd8Zkux4sbDeANrosU= go.etcd.io/etcd/client/v2 v2.305.0/go.mod h1:h9puh54ZTgAKtEbut2oe9P4L/oqKCVB6xsXlzd7alYQ= go.etcd.io/etcd/client/v3 v3.5.0-alpha.0/go.mod h1:wKt7jgDgf/OfKiYmCq5WFGxOFAkVMLxiiXgLDFhECr8= go.etcd.io/etcd/client/v3 v3.5.0/go.mod h1:AIKXXVX/DQXtfTEqBryiLTUXwON+GuvO6Z7lLS/oTh0= go.etcd.io/etcd/etcdctl/v3 v3.5.0-alpha.0/go.mod h1:YPwSaBciV5G6Gpt435AasAG3ROetZsKNUzibRa/++oo= go.etcd.io/etcd/etcdctl/v3 v3.5.0/go.mod h1:vGTfKdsh87RI7kA2JHFBEGxjQEYx+pi299wqEOdi34M= go.etcd.io/etcd/etcdutl/v3 v3.5.0/go.mod h1:o98rKMCibbFAG8QS9KmvlYDGDShmmIbmRE8vSofzYNg= go.etcd.io/etcd/pkg/v3 v3.5.0-alpha.0/go.mod h1:tV31atvwzcybuqejDoY3oaNRTtlD2l/Ot78Pc9w7DMY= go.etcd.io/etcd/pkg/v3 v3.5.0/go.mod h1:UzJGatBQ1lXChBkQF0AuAtkRQMYnHubxAEYIrC3MSsE= go.etcd.io/etcd/raft/v3 v3.5.0-alpha.0/go.mod h1:FAwse6Zlm5v4tEWZaTjmNhe17Int4Oxbu7+2r0DiD3w= go.etcd.io/etcd/raft/v3 v3.5.0/go.mod h1:UFOHSIvO/nKwd4lhkwabrTD3cqW5yVyYYf/KlD00Szc= go.etcd.io/etcd/server/v3 v3.5.0-alpha.0/go.mod h1:tsKetYpt980ZTpzl/gb+UOJj9RkIyCb1u4wjzMg90BQ= go.etcd.io/etcd/server/v3 v3.5.0/go.mod h1:3Ah5ruV+M+7RZr0+Y/5mNLwC+eQlni+mQmOVdCRJoS4= go.etcd.io/etcd/tests/v3 v3.5.0-alpha.0/go.mod h1:HnrHxjyCuZ8YDt8PYVyQQ5d1ZQfzJVEtQWllr5Vp/30= go.etcd.io/etcd/tests/v3 v3.5.0/go.mod h1:f+mtZ1bE1YPvgKdOJV2BKy4JQW0nAFnQehgOE7+WyJE= go.etcd.io/etcd/v3 v3.5.0-alpha.0/go.mod h1:JZ79d3LV6NUfPjUxXrpiFAYcjhT+06qqw+i28snx8To= go.etcd.io/etcd/v3 v3.5.0/go.mod h1:FldM0/VzcxYWLvWx1sdA7ghKw7C3L2DvUTzGrcEtsC4= go.opencensus.io v0.15.0/go.mod h1:UffZAU+4sDEINUGP/B7UfBBkq4fqLu9zXAX7ke6CHW0= go.opencensus.io v0.20.1/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= go.opencensus.io v0.20.2/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.22.6/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= go.opentelemetry.io/contrib v0.20.0/go.mod h1:G/EtFaa6qaN7+LxqfIAT3GiZa7Wv5DTBUzl5H4LY0Kc= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.20.0/go.mod h1:oVGt1LRbBOBq1A5BQLlUg9UaU/54aiHw8cgjV3aWZ/E= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0 h1:q4XOmH/0opmeuJtPsbFNivyl7bCt7yRBbeEm2sC/XtQ= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0/go.mod h1:snMWehoOh2wsEwnvvwtDyFCxVeDAODenXHtn5vzrKjo= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 h1:F7Jx+6hwnZ41NSFTO5q4LYDtJRXBf2PD0rNBkeB/lus= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0/go.mod h1:UHB22Z8QsdRDrnAtX4PntOl36ajSxcdUMt1sF7Y6E7Q= go.opentelemetry.io/otel v0.20.0/go.mod h1:Y3ugLH2oa81t5QO+Lty+zXf8zC9L26ax4Nzoxm/dooo= go.opentelemetry.io/otel v1.36.0 h1:UumtzIklRBY6cI/lllNZlALOF5nNIzJVb16APdvgTXg= go.opentelemetry.io/otel v1.36.0/go.mod h1:/TcFMXYjyRNh8khOAO9ybYkqaDBb/70aVwkNML4pP8E= go.opentelemetry.io/otel/exporters/otlp v0.20.0/go.mod h1:YIieizyaN77rtLJra0buKiNBOm9XQfkPEKBeuhoMwAM= go.opentelemetry.io/otel/metric v0.20.0/go.mod h1:598I5tYlH1vzBjn+BTuhzTCSb/9debfNp6R3s7Pr1eU= go.opentelemetry.io/otel/metric v1.36.0 h1:MoWPKVhQvJ+eeXWHFBOPoBOi20jh6Iq2CcCREuTYufE= go.opentelemetry.io/otel/metric v1.36.0/go.mod h1:zC7Ks+yeyJt4xig9DEw9kuUFe5C3zLbVjV2PzT6qzbs= go.opentelemetry.io/otel/oteltest v0.20.0/go.mod h1:L7bgKf9ZB7qCwT9Up7i9/pn0PWIa9FqQ2IQ8LoxiGnw= go.opentelemetry.io/otel/sdk v0.20.0/go.mod h1:g/IcepuwNsoiX5Byy2nNV0ySUF1em498m7hBWC279Yc= go.opentelemetry.io/otel/sdk v1.36.0 h1:b6SYIuLRs88ztox4EyrvRti80uXIFy+Sqzoh9kFULbs= go.opentelemetry.io/otel/sdk v1.36.0/go.mod h1:+lC+mTgD+MUWfjJubi2vvXWcVxyr9rmlshZni72pXeY= go.opentelemetry.io/otel/sdk/export/metric v0.20.0/go.mod h1:h7RBNMsDJ5pmI1zExLi+bJK+Dr8NQCh0qGhm1KDnNlE= go.opentelemetry.io/otel/sdk/metric v0.20.0/go.mod h1:knxiS8Xd4E/N+ZqKmUPf3gTTZ4/0TjTXukfxjzSTpHE= go.opentelemetry.io/otel/sdk/metric v1.36.0 h1:r0ntwwGosWGaa0CrSt8cuNuTcccMXERFwHX4dThiPis= go.opentelemetry.io/otel/sdk/metric v1.36.0/go.mod h1:qTNOhFDfKRwX0yXOqJYegL5WRaW376QbB7P4Pb0qva4= go.opentelemetry.io/otel/trace v0.20.0/go.mod h1:6GjCW8zgDjwGHGa6GkyeB8+/5vjT16gUEi0Nf1iBdgw= go.opentelemetry.io/otel/trace v1.36.0 h1:ahxWNuqZjpdiFAyrIoQ4GIiAIhxAunQR6MUoKrsNd4w= go.opentelemetry.io/otel/trace v1.36.0/go.mod h1:gQ+OnDZzrybY4k4seLzPAWNwVBBVlF2szhehOBB/tGA= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4= go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU= go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM= go.uber.org/zap v1.16.0/go.mod h1:MA8QOfq0BHJwdXa996Y4dYkAqRKB8/1K1QMMZVaNZjQ= go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo= gocloud.dev v0.19.0/go.mod h1:SmKwiR8YwIMMJvQBKLsC3fHNyMwXLw3PMDO+VVteJMI= golang.org/x/crypto v0.0.0-20180501155221-613d6eafa307/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190426145343-a29dc8fdc734/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191002192127-34f69633bfdc/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191117063200-497ca9f6d64f/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.41.0 h1:WKYxWedPGCTVVl5+WHSSrOBT0O8lx32+zxmHxijgXp4= golang.org/x/crypto v0.41.0/go.mod h1:pO5AFd7FA68rFak7rOAGVuygIISepHftHnr8dr6+sUc= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek= golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= golang.org/x/exp v0.0.0-20200331195152-e8c3332aa8e5/go.mod h1:4M0jN8W1tt0AVLNr8HDosyJCDCDuyL9N9+3m7wDWgKw= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs= golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY= golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181108082009-03003ca0c849/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190125091013-d26f9f9a57f3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190619014844-b5b0513f8c1b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191002035440-2ec189313ef0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191119073136-fc4aabc6c914/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200421231249-e086a090c8fd/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.43.0 h1:lat02VYK2j4aLzMzecihNvTlJNQUq316m2Mr9rnM6YE= golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181106182150-f42d05182288/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190402181905-9f3314589c9a/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210126194326-f9ce19ea3013/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210413134643-5e61552d6c78/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210427180440-81ed05c6b58c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI= golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190412183630-56d357773e84/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw= golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190221075227-b4e8571b14e0/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190620070143-6f217b454f45/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191119060738-e882bf8e40c2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191220142924-d4481acd189f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200923182605-d9f96fdee20d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201009025420-dfb3f7c4e634/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210309074719-68d13333faf2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210412220455-f1c623a9e750/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210426230700-d19ff857e887/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210503080704-8803ae5d1324/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI= golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.28.0 h1:rhazDwis8INMIwQ4tpjLDzUhx6RlXqZNPEM0huQojng= golang.org/x/text v0.28.0/go.mod h1:U8nCwOR8jO/marOQ0QbDiOngZVEBB7MAiitBuMjXiNU= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE= golang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg= golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190422233926-fe54fb35175b/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190729092621-ff9f1409240a/go.mod h1:jcCCGcm9btYwXyDqrUWc6MKQKKGJCWEQ3AfLSRIbEuI= golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191010075000-0337d82405ff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191112195655-aa38f8e97acc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191118222007-07fc4c7f2b98/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200103221440-774c71fcf114/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= golang.org/x/tools v0.0.0-20200426102838-f3a5411a4c3b/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200522201501-cb1345f3a375/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200717024301-6ddee64345a6/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE= golang.org/x/tools v0.0.0-20201014170642-d1624618ad65/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU= golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk= google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= google.golang.org/api v0.5.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= google.golang.org/api v0.6.0/go.mod h1:btoxGiFvQNVUZQ8W08zLtrVS08CNpINPEfxXxgJL1Q4= google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= google.golang.org/api v0.10.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM= google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc= google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg= google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE= google.golang.org/api v0.37.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8= google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8= google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= google.golang.org/api v0.46.0/go.mod h1:ceL4oozhkAiTID8XMmJBsIxID/9wMXJVVFXPg4ylg3I= google.golang.org/api v0.47.0/go.mod h1:Wbvgpq1HddcWVtzsVLyfLp8lDg6AA241LmgIL59tHXo= google.golang.org/api v0.48.0/go.mod h1:71Pr1vy+TAZRPkPs/xlCf5SsU8WjuAWv1Pfjbtukyy4= google.golang.org/api v0.50.0/go.mod h1:4bNT5pAuq5ji4SRZm+5QIkjny9JAyVD/3gaSihNefaw= google.golang.org/api v0.51.0/go.mod h1:t4HdrdoNgyN5cbEfm7Lum0lcLDLiise1F8qDKX00sOU= google.golang.org/api v0.54.0/go.mod h1:7C4bFFOvVDGXjfDTAsgGwDgAxRDeQ4X8NvUedIt6z3k= google.golang.org/api v0.247.0 h1:tSd/e0QrUlLsrwMKmkbQhYVa109qIintOls2Wh6bngc= google.golang.org/api v0.247.0/go.mod h1:r1qZOPmxXffXg6xS5uhx16Fa/UFY8QU/K4bfKrnvovM= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.3.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= google.golang.org/appengine v1.6.2/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/genproto v0.0.0-20170818010345-ee236bd376b0/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20181107211654-5fc9ac540362/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190508193815-b515fa19cec8/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190530194941-fb225487d101/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s= google.golang.org/genproto v0.0.0-20190620144150-6af8c5fc6601/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s= google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA= google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA= google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210126160654-44e461bb6506/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210331142528-b7513248f0ba/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= google.golang.org/genproto v0.0.0-20210427215850-f767ed18ee4d/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= google.golang.org/genproto v0.0.0-20210429181445-86c259c2b4ab/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= google.golang.org/genproto v0.0.0-20210513213006-bf773b8c8384/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= google.golang.org/genproto v0.0.0-20210604141403-392c879c8b08/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= google.golang.org/genproto v0.0.0-20210608205507-b6d2f5bf0d7d/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= google.golang.org/genproto v0.0.0-20210624195500-8bfb893ecb84/go.mod h1:SzzZ/N+nwJDaO1kznhnlzqS8ocJICar6hYhVyhi++24= google.golang.org/genproto v0.0.0-20210713002101-d411969a0d9a/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k= google.golang.org/genproto v0.0.0-20210716133855-ce7ef5c701ea/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k= google.golang.org/genproto v0.0.0-20210728212813-7823e685a01f/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= google.golang.org/genproto v0.0.0-20210805201207-89edb61ffb67/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= google.golang.org/genproto v0.0.0-20210813162853-db860fec028c/go.mod h1:cFeNkxwySK631ADgubI+/XFU/xp8FD5KIVV4rj8UC5w= google.golang.org/genproto v0.0.0-20210821163610-241b8fcbd6c8/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= google.golang.org/genproto v0.0.0-20250603155806-513f23925822 h1:rHWScKit0gvAPuOnu87KpaYtjK5zBMLcULh7gxkCXu4= google.golang.org/genproto v0.0.0-20250603155806-513f23925822/go.mod h1:HubltRL7rMh0LfnQPkMH4NPDFEWp0jw3vixw7jEM53s= google.golang.org/genproto/googleapis/api v0.0.0-20250818200422-3122310a409c h1:AtEkQdl5b6zsybXcbz00j1LwNodDuH6hVifIaNqk7NQ= google.golang.org/genproto/googleapis/api v0.0.0-20250818200422-3122310a409c/go.mod h1:ea2MjsO70ssTfCjiwHgI0ZFqcw45Ksuk2ckf9G468GA= google.golang.org/genproto/googleapis/rpc v0.0.0-20250818200422-3122310a409c h1:qXWI/sQtv5UKboZ/zUk7h+mrf/lXORyI+n9DKDAusdg= google.golang.org/genproto/googleapis/rpc v0.0.0-20250818200422-3122310a409c/go.mod h1:gw1tLEfykwDz2ET4a12jcXt4couGAm7IwsVaTy0Sflo= google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.0/go.mod h1:chYK+tFQF0nDUGJgXMSgLCQk3phJEuONr2DCgLDdAQM= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= google.golang.org/grpc v1.22.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60= google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.32.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8= google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= google.golang.org/grpc v1.37.1/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= google.golang.org/grpc v1.74.2 h1:WoosgB65DlWVC9FqI82dGsZhWFNBSLjQ84bjROOpMu4= google.golang.org/grpc v1.74.2/go.mod h1:CtQ+BGjaAIXHs/5YS3i473GqwBBa1zGQNevxdeBEXrM= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.25.1-0.20200805231151-a709e31e5d12/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.36.7 h1:IgrO7UwFQGJdRNXH/sQux4R1Dj1WAKcLElzeeRaXV2A= google.golang.org/protobuf v1.36.7/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= gopkg.in/cheggaaa/pb.v1 v1.0.28/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= gopkg.in/gcfg.v1 v1.2.3/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o= gopkg.in/go-playground/assert.v1 v1.2.1/go.mod h1:9RXL0bg/zibRAgZUYszZSwO/z8Y/a8bDuhia5mkpMnE= gopkg.in/go-playground/validator.v9 v9.29.1/go.mod h1:+c9/zcJMFNgbLvly1L1V+PpxWdVbfP1avr/N00E2vyQ= gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k= gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= gopkg.in/src-d/go-billy.v4 v4.3.2/go.mod h1:nDjArDMp+XMs1aFAESLRjfGSgfvoYN0hDfzEk0GjC98= gopkg.in/src-d/go-git-fixtures.v3 v3.5.0/go.mod h1:dLBcvytrw/TYZsNTWCnkNF2DSIlzWYqTe3rJR56Ac7g= gopkg.in/src-d/go-git.v4 v4.13.1/go.mod h1:nx5NYcxdKxq5fpltdHnPa2Exj4Sx0EclMWZQbYDu2z8= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= pack.ag/amqp v0.11.2/go.mod h1:4/cbmt4EJXSKlG6LCfWHoqmN0uFdy5i/+YFz+fTfhV4= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= sourcegraph.com/sourcegraph/appdash v0.0.0-20190731080439-ebfcffb1b5c0/go.mod h1:hI742Nqp5OhwiqlzhgfbWU4mW4yO10fP+LoT9WOswdU= go-tpm-tools-0.4.7/launcher/image/000077500000000000000000000000001510276467000167565ustar00rootroot00000000000000go-tpm-tools-0.4.7/launcher/image/cloudbuild.yaml000066400000000000000000000035051510276467000217730ustar00rootroot00000000000000substitutions: '_BASE_IMAGE': '' '_OUTPUT_IMAGE_NAME': '' '_OUTPUT_IMAGE_FAMILY': '' '_BASE_IMAGE_PROJECT': '' '_IMAGE_ENV': '' '_BUCKET_NAME': '' '_CS_LICENSE': '' '_SHORT_SHA': '' steps: - name: golang:1.23 entrypoint: /bin/bash args: - -c - | cd launcher/launcher CGO_ENABLED=0 go build -o ../image/launcher -ldflags="-X 'main.BuildCommit=${_SHORT_SHA}'" - name: 'gcr.io/cloud-builders/gcloud' id: DownloadExpBinary entrypoint: 'gcloud' args: ['storage', 'cp', 'gs://confidential-space-images_third-party/confidential_space_experiments', './launcher/image/confidential_space_experiments'] - name: 'gcr.io/cos-cloud/cos-customizer' args: ['start-image-build', '-build-context=launcher/image', '-gcs-bucket=${_BUCKET_NAME}', '-gcs-workdir=customizer-${BUILD_ID}', '-image-name=${_BASE_IMAGE}', '-image-project=${_BASE_IMAGE_PROJECT}'] - name: 'gcr.io/cos-cloud/cos-customizer' args: ['run-script', '-script=preload.sh', '-env=IMAGE_ENV=${_IMAGE_ENV}'] - name: 'gcr.io/cos-cloud/cos-customizer' args: ['seal-oem'] - name: 'gcr.io/cos-cloud/cos-customizer' args: ['run-script', '-script=fixup_oem.sh'] - name: 'gcr.io/cos-cloud/cos-customizer' args: ['finish-image-build', '-oem-size=500M', '-disk-size-gb=11', '-image-name=${_OUTPUT_IMAGE_NAME}', '-image-family=${_OUTPUT_IMAGE_FAMILY}', '-image-project=${PROJECT_ID}', '-licenses=${_CS_LICENSE}', '-licenses=projects/confidential-space-images/global/licenses/ek-certificate-license', '-zone=us-central1-a', '-project=${PROJECT_ID}'] timeout: '3000s' options: dynamic_substitutions: true go-tpm-tools-0.4.7/launcher/image/container-runner.service000066400000000000000000000006321510276467000236320ustar00rootroot00000000000000[Unit] Description=Confidential Space Launcher Wants=network-online.target gcr-online.target containerd.service After=network-online.target gcr-online.target containerd.service [Service] ExecStart=/usr/share/oem/confidential_space/cs_container_launcher ExecStopPost=/usr/share/oem/confidential_space/exit_script.sh Restart=no StandardOutput=journal StandardError=journal [Install] WantedBy=multi-user.target go-tpm-tools-0.4.7/launcher/image/debug.conf000066400000000000000000000000751510276467000207150ustar00rootroot00000000000000[Service] # debug image machine won't shutdown ExecStopPost= go-tpm-tools-0.4.7/launcher/image/entrypoint.sh000066400000000000000000000023171510276467000215300ustar00rootroot00000000000000#!/bin/bash main() { # Copy service files. cp /usr/share/oem/confidential_space/container-runner.service /etc/systemd/system/container-runner.service # Override default fluent-bit config. cp /usr/share/oem/confidential_space/fluent-bit-cs.conf /etc/fluent-bit/fluent-bit.conf # Override default system-stats-monitor.json for node-problem-detector. cp /usr/share/oem/confidential_space/system-stats-monitor-cs.json /etc/node_problem_detector/system-stats-monitor.json # Override default boot-disk-size-consistency-monitor.json for node-problem-detector. cp /usr/share/oem/confidential_space/boot-disk-size-consistency-monitor-cs.json /etc/node_problem_detector/boot-disk-size-consistency-monitor.json # Override default docker-monitor.json for node-problem-detector. cp /usr/share/oem/confidential_space/docker-monitor-cs.json /etc/node_problem_detector/docker-monitor.json # Override default kernel-monitor.json for node-problem-detector. cp /usr/share/oem/confidential_space/kernel-monitor-cs.json /etc/node_problem_detector/kernel-monitor.json systemctl daemon-reload systemctl enable container-runner.service systemctl start container-runner.service systemctl start fluent-bit.service } main go-tpm-tools-0.4.7/launcher/image/exit_script.sh000077500000000000000000000003531510276467000216530ustar00rootroot00000000000000#! /bin/bash if [[ $EXIT_STATUS -eq 3 ]] then # reboot after 2 min shutdown --reboot +2 fi if [[ $EXIT_STATUS -eq 0 ]] || [[ $EXIT_STATUS -eq 1 ]] || [[ $EXIT_STATUS -eq 2 ]] then # poweroff after 2 min shutdown --poweroff +2 fi go-tpm-tools-0.4.7/launcher/image/fixup_oem.sh000066400000000000000000000026441510276467000213130ustar00rootroot00000000000000#!/bin/bash main() { if [[ ! -d /mnt/disks/efi ]]; then mkdir /mnt/disks/efi fi mount /dev/sda12 /mnt/disks/efi sed -i -e 's|systemd.mask=usr-share-oem.mount||g' /mnt/disks/efi/efi/boot/grub.cfg # TODO: Remove this fix once the upstream customizer fixed the bug. # Fix a string manipulation bug in the dm part of the kernel cmd. if grep -q "dm-m2d" /mnt/disks/efi/efi/boot/grub.cfg; then sed -i -e 's|dm-m2d|dm-mod|g' /mnt/disks/efi/efi/boot/grub.cfg sed -i -e 's|,oemroot|;oemroot|g' /mnt/disks/efi/efi/boot/grub.cfg fi # Print grub.cfg's kernel command line. grep -i '^\s*linux' /mnt/disks/efi/efi/boot/grub.cfg | \ sed -e 's|.*|[BEGIN_CS_GRUB_CMDLINE]&[END_CS_GRUB_CMDLINE]|g' # Convert grub.cfg's kernel command line into what GRUB passes to the kernel. grep -i '^\s*linux' /mnt/disks/efi/efi/boot/grub.cfg | \ sed -e "s|'ds=nocloud;s=/usr/share/oem/'|ds=nocloud;s=/usr/share/oem/|g" | \ sed -e 's|\\"|"|g' | \ sed -e 's|dm-mod.create="|"dm-mod.create=|g' | \ sed -e 's|.*|[BEGIN_CS_CMDLINE]&[END_CS_CMDLINE]|g' umount /mnt/disks/efi # Now the oem partition is sealed, we mount it to print it's content if [[ ! -d /mnt/disks/oem ]]; then mkdir /mnt/disks/oem fi # Since it's sealed, we mount it read-only to prevent changes mount -o ro /dev/sda8 /mnt/disks/oem ls -l /mnt/disks/oem/ ls -l /mnt/disks/oem/confidential_space umount /mnt/disks/oem } main go-tpm-tools-0.4.7/launcher/image/fluent-bit-cs.conf000066400000000000000000000037261510276467000223110ustar00rootroot00000000000000# # Copyright 2022 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # Forked from https://cos.googlesource.com/cos/overlays/board-overlays/+/refs/heads/master/project-lakitu/app-admin/fluent-bit/files/fluent-bit.conf [SERVICE] # Flush # ===== # set an interval of seconds before to flush records to a destination flush 1 # Daemon # ====== # instruct Fluent Bit to run in foreground or background mode. daemon Off # Log_Level # ========= # Set the verbosity level of the service, values can be: # # - error # - warning # - info # - debug # - trace # # by default 'info' is set, that means it includes 'error' and 'warning'. log_level info # Storage # ======= # Fluent Bit can use memory and filesystem buffering based mechanisms # # - https://docs.fluentbit.io/manual/administration/buffering-and-storage # # storage metrics # --------------- # publish storage pipeline metrics in '/api/v1/storage'. The metrics are # exported only if the 'http_server' option is enabled. # storage.metrics on # Collects CS launcher and workload logs. [INPUT] Name systemd Tag confidential-space-launcher Systemd_Filter _SYSTEMD_UNIT=container-runner.service DB /var/log/google-fluentbit/container-runner.log.db Read_From_Tail False [OUTPUT] Name stackdriver Match * Resource gce_instance severity_key severity go-tpm-tools-0.4.7/launcher/image/hardened.conf000066400000000000000000000002211510276467000213720ustar00rootroot00000000000000[Service] # hardened image should exit after workflow finished ExecStopPost= ExecStopPost=/bin/sleep 60 ExecStopPost=/usr/bin/systemctl poweroff go-tpm-tools-0.4.7/launcher/image/nodeproblemdetector/000077500000000000000000000000001510276467000230165ustar00rootroot00000000000000go-tpm-tools-0.4.7/launcher/image/nodeproblemdetector/boot-disk-size-consistency-monitor-cs.json000066400000000000000000000004571510276467000332110ustar00rootroot00000000000000{ "plugin": "custom", "pluginConfig": { "invoke_interval": "30m", "timeout": "7s", "max_output_length": 80, "enable_message_change_based_condition_update": false }, "source": "boot-disk-size-consistency-monitor", "metricsReporting": false, "rules": [] }go-tpm-tools-0.4.7/launcher/image/nodeproblemdetector/docker-monitor-cs.json000066400000000000000000000003301510276467000272440ustar00rootroot00000000000000{ "plugin": "journald", "pluginConfig": { "source": "dockerd" }, "logPath": "/var/log/journal", "lookback": "5m", "bufferSize": 10, "source": "docker-monitor", "metricsReporting": false, "conditions": [] }go-tpm-tools-0.4.7/launcher/image/nodeproblemdetector/kernel-monitor-cs.json000066400000000000000000000002561510276467000272640ustar00rootroot00000000000000{ "plugin": "kmsg", "logPath": "/dev/kmsg", "lookback": "5m", "bufferSize": 10, "source": "kernel-monitor", "metricsReporting": false, "conditions": [], "rules": [] }go-tpm-tools-0.4.7/launcher/image/nodeproblemdetector/system-stats-monitor-cs.json000066400000000000000000000002571510276467000304650ustar00rootroot00000000000000{ "memory": { "metricsConfigs": { "memory/bytes_used": { "displayName": "memory/bytes_used" } } }, "invokeInterval": "60s" } go-tpm-tools-0.4.7/launcher/image/preload.sh000066400000000000000000000102021510276467000207330ustar00rootroot00000000000000#!/bin/bash readonly OEM_PATH='/usr/share/oem' readonly CS_PATH="${OEM_PATH}/confidential_space" readonly EXPERIMENTS_BINARY="confidential_space_experiments" copy_launcher() { cp launcher "${CS_PATH}/cs_container_launcher" } copy_experiment_client() { # DownloadExpBinary creates the file at EXPERIMENTS_BINARY. cp $EXPERIMENTS_BINARY "${CS_PATH}/${EXPERIMENTS_BINARY}" chmod +x "${CS_PATH}/${EXPERIMENTS_BINARY}" } setup_launcher_systemd_unit() { cp container-runner.service "${CS_PATH}/container-runner.service" cp exit_script.sh "${CS_PATH}/exit_script.sh" } append_cmdline() { local arg="$1" if [[ ! -d /mnt/disks/efi ]]; then mkdir /mnt/disks/efi fi mount /dev/sda12 /mnt/disks/efi sed -i -e "s|cros_efi|cros_efi ${arg}|g" /mnt/disks/efi/efi/boot/grub.cfg umount /mnt/disks/efi } set_default_boot_target() { append_cmdline "systemd.unit=$1" } disable_unit() { append_cmdline "systemd.mask=$1" } enable_unit() { append_cmdline "systemd.wants=$1" } configure_entrypoint() { cp "$1" ${OEM_PATH}/user-data touch ${OEM_PATH}/meta-data append_cmdline "'ds=nocloud;s=${OEM_PATH}/'" } configure_necessary_systemd_units() { # Include basic services. enable_unit "basic.target" # gcr-wait-online.service is WantedBy=gcr-online.target. # The hostname gcr.io does not resolve until systemd-resolved is enabled. enable_unit "systemd-resolved.service" # Dependencies of container-runner.service. enable_unit "network-online.target" enable_unit "gcr-online.target" } configure_cloud_logging() { # Copy CS-specific fluent-bit config to OEM partition. cp fluent-bit-cs.conf "${CS_PATH}" } configure_node_problem_detector() { # Copy CS-specific node-problem-detector configs to OEM partition. cp nodeproblemdetector/system-stats-monitor-cs.json "${CS_PATH}" cp nodeproblemdetector/boot-disk-size-consistency-monitor-cs.json "${CS_PATH}" cp nodeproblemdetector/docker-monitor-cs.json "${CS_PATH}" cp nodeproblemdetector/kernel-monitor-cs.json "${CS_PATH}" } configure_systemd_units_for_debug() { configure_cloud_logging configure_node_problem_detector disable_unit "konlet-startup.service" } configure_systemd_units_for_hardened() { configure_necessary_systemd_units configure_cloud_logging configure_node_problem_detector # Make entrypoint (via cloud-init) the default unit. set_default_boot_target "cloud-final.service" disable_unit "var-lib-docker.mount" disable_unit "docker.service" disable_unit "google-guest-agent.service" disable_unit "google-osconfig-init.service" disable_unit "google-osconfig-agent.service" disable_unit "google-startup-scripts.service" disable_unit "google-shutdown-scripts.service" disable_unit "konlet-startup.service" disable_unit "crash-reporter.service" disable_unit "device_policy_manager.service" disable_unit "docker-events-collector-fluent-bit.service" disable_unit "sshd.service" disable_unit "var-lib-toolbox.mount" } main() { mount -o remount,rw ${OEM_PATH} mkdir ${CS_PATH} # Install container launcher entrypoint. configure_entrypoint "entrypoint.sh" # Install experiment client. copy_experiment_client # Install container launcher. copy_launcher setup_launcher_systemd_unit # Minimum required COS version for 'e': cos-dev-105-17222-0-0. # Minimum required COS version for 'm': cos-dev-113-18203-0-0. append_cmdline "cos.protected_stateful_partition=m" # Increase wait timeout of the protected stateful partition. append_cmdline "systemd.default_timeout_start_sec=900s" if [[ "${IMAGE_ENV}" == "debug" ]]; then configure_systemd_units_for_debug append_cmdline "confidential-space.hardened=false" elif [[ "${IMAGE_ENV}" == "hardened" ]]; then configure_systemd_units_for_hardened append_cmdline "confidential-space.hardened=true" else echo "Unknown image env: ${IMAGE_ENV}." \ "Only 'debug' and 'hardened' are supported." exit 1 fi # Make sure cache is flushed for the OEM partition. sync ${OEM_PATH} # Remount as read-only to avoid unexpected changes mount -o remount,ro ${OEM_PATH} # Verify the content before the OEM sealing step. ls -lh ${CS_PATH} ls -lh ${OEM_PATH} } main go-tpm-tools-0.4.7/launcher/image/test/000077500000000000000000000000001510276467000177355ustar00rootroot00000000000000go-tpm-tools-0.4.7/launcher/image/test/README.md000066400000000000000000000053011510276467000212130ustar00rootroot00000000000000This directory contains the image integration tests. # Tests Integration tests run on [Cloud Build](https://cloud.google.com/build). Run the test with `gcloud builds submit --config=test_{image_type}_cloudbuild.yaml` # Development When writing a test, determine whether it should target the hardened image, debug image, or both. Add it to the corresponding test `test_{image_type}_cloudbuild.yaml` file. If there need to be multiple scripts, please suffix the script with the test name in each script. For example, testing `new_feature` might use three scripts: `test_newfeature_initresource.sh`, `test_newfeature_validate.sh`, and `test_newfeature_cleanupresource.sh`. ## Common Steps Hardened and debug tests will include common steps that do test setup and cleanup activities. They look like: ```yaml - name: 'gcr.io/cloud-builders/gcloud' entrypoint: 'bash' env: - 'CLEANUP=$_CLEANUP' args: ['cleanup.sh'] ``` * `create_vm.sh` creates a VM with the given image project, image name, and metadata. It then caches the VM name in the Cloud Build workspace. * `cleanup.sh` deletes the VM created in create_vm.sh. * `check_failure.sh` checks for a failure message in the status.txt file from a previous test step. This runs last due to Cloud Build exiting on previous step failures. ## Data `data/` contains data that will be loaded as Metadata or onto the VM directly. ## Utils Scripts in `util/` contain functions that can be sourced from other test scripts. * `read_serial.sh` contains a helper to pull the entire serial log for a VM. ## Sharing Data Between Steps `/workspace` is used in Cloud Build as a scratch space for specific builds. Some conventions for Confidential Space tests: * `/workspace/status.txt` contains the success/failure message from test steps. `check_failure.sh` looks for a failed message in the step to determine whether the cloud build is successful. * `workspace/next_start.txt` is used when reading the serial logs. ## Test Failures Due to the sequential/only-proceed-with-success nature of Cloud Build, tests with non-zero exit codes will cause subsequent steps to fail. This is problematic when cleanup of a VM or other resources do not occur. To avoid this issue, test assertions with non-zero exit codes should shell OR (`||`) the result and place a "Test failed" message in `/workspace/status.txt`. For example, `echo $SERIAL_OUTPUT | grep 'Expected output'` will fail and cancel the rest of the Cloud Build on not finding the string "Expected output" in the serial log. The test writer should modify this line to do: ```bash echo $SERIAL_OUTPUT | grep 'Expected output' || echo 'TEST FAILED' > /workspace/status.txt # Optionally, for debugging: echo $SERIAL_OUTPUT > /workspace/status.txt ``` go-tpm-tools-0.4.7/launcher/image/test/check_failure.sh000066400000000000000000000005471510276467000230630ustar00rootroot00000000000000#!/bin/bash set -euo pipefail echo "Checking the status.txt file for test results:" if [ -f /workspace/status.txt ]; then cat /workspace/status.txt if grep -qi 'failed' /workspace/status.txt; then echo "The test failed for build $BUILD_ID." exit 1 else echo "No test failure found." exit fi else echo "No status.txt file found." fi go-tpm-tools-0.4.7/launcher/image/test/cleanup.sh000066400000000000000000000003541510276467000217220ustar00rootroot00000000000000#!/bin/bash # cleanup.sh set -euo pipefail if [ $CLEANUP != "true" ]; then echo "NOT cleaning up." exit 0 fi echo "Cleaning up." echo 'Deleting VM' $1 'in zone' $2 gcloud compute instances delete $1 --zone $2 -q go-tpm-tools-0.4.7/launcher/image/test/create_vm.sh000077500000000000000000000044671510276467000222540ustar00rootroot00000000000000#!/bin/bash set -euxo pipefail print_usage() { echo "usage: test_launcher.sh [-i imageName] [-p projectName] [-m metadata]" echo " -i : which image name to use for the VM" echo " -p : which image project to use for the VM" echo " -m : metadata variables on VM creation; passed directly into gcloud" echo " -f : read a metadata value from a file; specified in format key=filePath" echo " -n : instance name" echo " -z : instance zone" exit 1 } create_vm() { if [ -z "$IMAGE_NAME" ]; then echo "Empty image name supplied." exit 1 fi # use the fake verifier for all tests FAKE_VERIFIER='test-fake-verifier=true' APPEND_METADATA='' if ! [ -z "$METADATA" ]; then if [[ "${METADATA}" == *"^~^"* ]]; then APPEND_METADATA="--metadata ${METADATA}~${FAKE_VERIFIER}" else APPEND_METADATA="--metadata ${METADATA},${FAKE_VERIFIER}" fi else APPEND_METADATA="--metadata ${FAKE_VERIFIER}" fi APPEND_METADATA_FILE='' if ! [ -z "$METADATA_FILE" ]; then APPEND_METADATA_FILE="--metadata-from-file ${METADATA_FILE}" fi echo 'Creating VM' ${VM_NAME} 'with image' $IMAGE_NAME # check the active account gcloud auth list # Max disk for n2d-standard-2 (8GB memory) at 1% memory overhead. MIN_DISK_SIZE=11 MAX_DISK_SIZE_GB=80 ADDTL_DISK_RANGE=$(($MAX_DISK_SIZE_GB - $MIN_DISK_SIZE + 1)) DISK_SIZE_GB=$(($MIN_DISK_SIZE + ($RANDOM % $ADDTL_DISK_RANGE))) gcloud compute instances create $VM_NAME --confidential-compute --maintenance-policy=TERMINATE \ --machine-type=n2d-standard-2 --boot-disk-size=$DISK_SIZE_GB --scopes=cloud-platform --zone $ZONE \ --image=$IMAGE_NAME --image-project=$PROJECT_NAME --shielded-secure-boot $APPEND_METADATA \ $APPEND_METADATA_FILE } IMAGE_NAME='' METADATA_FILE='' METADATA='' PROJECT_NAME='' VM_NAME='' ZONE='' # In getopts, a ':' following a letter means that that flag takes an argument. # For example, i: means -i takes an additional argument. while getopts 'i:f:m:p:n:z:' flag; do case "${flag}" in i) IMAGE_NAME=${OPTARG} ;; f) METADATA_FILE=${OPTARG} ;; m) METADATA=${OPTARG} ;; p) PROJECT_NAME=${OPTARG} ;; n) VM_NAME=${OPTARG} ;; z) ZONE=${OPTARG} ;; *) print_usage ;; esac done create_vm go-tpm-tools-0.4.7/launcher/image/test/data/000077500000000000000000000000001510276467000206465ustar00rootroot00000000000000go-tpm-tools-0.4.7/launcher/image/test/data/cloud-init-config.yaml000066400000000000000000000002531510276467000250440ustar00rootroot00000000000000#cloud-config # will print the string to serial console if cloud-init executed # this config in user-data bootcmd: - echo "user-data in metadata executed" > /dev/ttyS0 go-tpm-tools-0.4.7/launcher/image/test/data/echo_startupscript.sh000066400000000000000000000002131510276467000251230ustar00rootroot00000000000000#!/bin/bash echo "Executing startup script" sudo chmod 666 /dev/ttyS0 sudo echo "Executing startup script: logging to serial" > /dev/ttyS0 go-tpm-tools-0.4.7/launcher/image/test/scripts/000077500000000000000000000000001510276467000214245ustar00rootroot00000000000000go-tpm-tools-0.4.7/launcher/image/test/scripts/test_cloud_init_userdata_disabled.sh000066400000000000000000000010251510276467000306650ustar00rootroot00000000000000#!/bin/bash set -euo pipefail source util/read_serial.sh echo 'Running cloud-init userdata test' echo 'Reading from serial port' SERIAL_OUTPUT=$(read_serial $1 $2) # check whether ./data/cloud-init-config.yaml is executed, will print "user-data in metadata executed" # in serial console if it was executed if echo $SERIAL_OUTPUT | grep -q 'user-data in metadata executed' then echo 'TEST FAILED: user-data executed on the VM' echo 'TEST FAILED.' > /workspace/status.txt else echo 'user-data not executed on the VM' fi go-tpm-tools-0.4.7/launcher/image/test/scripts/test_custom_token.sh000066400000000000000000000010371510276467000255320ustar00rootroot00000000000000 #!/bin/bash set -euo pipefail source util/read_serial.sh # This test requires the workload to run and print # corresponding messages to the serial console. SERIAL_OUTPUT=$(read_serial $2 $3) print_serial=false if echo $SERIAL_OUTPUT | grep -q "Token valid: $1" then echo "- test custom token" else echo "FAILED: Could not find 'Token valid: $1' in the serial console" echo "TEST FAILED. Token was expected to pass validation." > /workspace/status.txt print_serial=true fi if $print_serial; then echo $SERIAL_OUTPUT fi go-tpm-tools-0.4.7/launcher/image/test/scripts/test_experiment_value.sh000066400000000000000000000010451510276467000263730ustar00rootroot00000000000000 #!/bin/bash set -euo pipefail source util/read_serial.sh # This test requires the workload to run and print # corresponding messages to the serial console. SERIAL_OUTPUT=$(read_serial $2 $3) print_serial=false if echo $SERIAL_OUTPUT | grep -q "EnableTestFeatureForImage:$1" then echo "- test experiment verified $1" else echo "FAILED: experiment status expected to be $1" echo "TEST FAILED. Test experiment status expected to be $1" > /workspace/status.txt print_serial=true fi if $print_serial; then echo $SERIAL_OUTPUT fi go-tpm-tools-0.4.7/launcher/image/test/scripts/test_launcher_workload.sh000066400000000000000000000052311510276467000265230ustar00rootroot00000000000000 #!/bin/bash set -euo pipefail source util/read_serial.sh # This test requires the workload to run and printing # corresponding messages to the serial console. SERIAL_OUTPUT=$(read_serial $1 $2) print_serial=false if echo $SERIAL_OUTPUT | grep -q 'Workload running' then echo "- workload running verified" else echo "FAILED: workload not running" echo 'TEST FAILED.' > /workspace/status.txt print_serial=true fi if echo $SERIAL_OUTPUT | grep -q 'Workload args: \[/main newCmd\]' then echo "- arguments verified" else echo "FAILED: arguments not verified" echo 'TEST FAILED.' > /workspace/status.txt print_serial=true fi if echo $SERIAL_OUTPUT | grep -q 'env_bar=val_bar' then echo "- env_bar env var verified" else echo "FAILED: env_bar env not verified" echo 'TEST FAILED.' > /workspace/status.txt print_serial=true fi if echo $SERIAL_OUTPUT | grep -q 'ALLOWED_OVERRIDE=overridden' then echo "- ALLOWED_OVERRIDE env var verified" else echo "FAILED: ALLOWED_OVERRIDE env not verified" echo 'TEST FAILED.' > /workspace/status.txt print_serial=true fi if echo $SERIAL_OUTPUT | grep -q 'aud: \[https://sts.googleapis.com\]' then echo "- token aud verified" else echo "FAILED: token aud not verified" echo 'TEST FAILED.' > /workspace/status.txt print_serial=true fi if echo $SERIAL_OUTPUT | grep -q 'iss: fake-issuer-for-testing' then echo "- token iss verified" else echo "FAILED: token iss not verified" echo 'TEST FAILED.' > /workspace/status.txt print_serial=true fi if echo $SERIAL_OUTPUT | grep -q 'secboot: true' then echo "- token secboot verified" else echo "FAILED: token secboot not verified" echo 'TEST FAILED.' > /workspace/status.txt print_serial=true fi if echo $SERIAL_OUTPUT | grep -q 'oemid: fake-oem-id' then echo "- token oemid verified" else echo "FAILED: token oemid not verified" echo 'TEST FAILED.' > /workspace/status.txt print_serial=true fi if echo $SERIAL_OUTPUT | grep -q 'hwmodel: fake-hw-model' then echo "- token hwmodel verified" else echo "FAILED: token hwmodel not verified" echo 'TEST FAILED.' > /workspace/status.txt print_serial=true fi if echo $SERIAL_OUTPUT | grep -q 'swname: fake-sw-name' then echo "- token swname verified" else echo "FAILED: token swname not verified" echo 'TEST FAILED.' > /workspace/status.txt print_serial=true fi if echo $SERIAL_OUTPUT | grep -q 'Token looks okay' then echo "- OIDC token accessible" else echo "FAILED: OIDC token not accessible" echo 'TEST FAILED.' > /workspace/status.txt print_serial=true fi if $print_serial; then echo $SERIAL_OUTPUT fi go-tpm-tools-0.4.7/launcher/image/test/scripts/test_launcher_workload_cloudlogging.sh000066400000000000000000000054411510276467000312630ustar00rootroot00000000000000 #!/bin/bash set -euo pipefail source util/read_cloud_logging.sh # Allow VM some time to boot and write to cloud logging. sleep 120 # This test requires the workload to run and print # corresponding messages to cloud logging. CLOUD_LOGGING_OUTPUT=$(read_cloud_logging $1) print_logs=false if echo $CLOUD_LOGGING_OUTPUT | grep -q 'Workload running' then echo "- workload running verified" else echo "FAILED: workload not running" echo 'TEST FAILED.' > /workspace/status.txt print_logs=true fi if echo $CLOUD_LOGGING_OUTPUT | grep -q 'Workload args: \[/main newCmd\]' then echo "- arguments verified" else echo "FAILED: arguments not verified" echo 'TEST FAILED.' > /workspace/status.txt print_logs=true fi if echo $CLOUD_LOGGING_OUTPUT | grep -q 'env_bar=val_bar' then echo "- env_bar env var verified" else echo "FAILED: env_bar env not verified" echo 'TEST FAILED.' > /workspace/status.txt print_logs=true fi if echo $CLOUD_LOGGING_OUTPUT | grep -q 'ALLOWED_OVERRIDE=overridden' then echo "- ALLOWED_OVERRIDE env var verified" else echo "FAILED: ALLOWED_OVERRIDE env not verified" echo 'TEST FAILED.' > /workspace/status.txt print_logs=true fi if echo $CLOUD_LOGGING_OUTPUT | grep -q 'aud: \[https://sts.googleapis.com\]' then echo "- token aud verified" else echo "FAILED: token aud not verified" echo 'TEST FAILED.' > /workspace/status.txt print_logs=true fi if echo $CLOUD_LOGGING_OUTPUT | grep -q 'iss: fake-issuer-for-testing' then echo "- token iss verified" else echo "FAILED: token iss not verified" echo 'TEST FAILED.' > /workspace/status.txt print_logs=true fi if echo $CLOUD_LOGGING_OUTPUT | grep -q 'secboot: true' then echo "- token secboot verified" else echo "FAILED: token secboot not verified" echo 'TEST FAILED.' > /workspace/status.txt print_logs=true fi if echo $CLOUD_LOGGING_OUTPUT | grep -q 'oemid: fake-oem-id' then echo "- token oemid verified" else echo "FAILED: token oemid not verified" echo 'TEST FAILED.' > /workspace/status.txt print_logs=true fi if echo $CLOUD_LOGGING_OUTPUT | grep -q 'hwmodel: fake-hw-model' then echo "- token hwmodel verified" else echo "FAILED: token hwmodel not verified" echo 'TEST FAILED.' > /workspace/status.txt print_logs=true fi if echo $CLOUD_LOGGING_OUTPUT | grep -q 'swname: fake-sw-name' then echo "- token swname verified" else echo "FAILED: token swname not verified" echo 'TEST FAILED.' > /workspace/status.txt print_logs=true fi if echo $CLOUD_LOGGING_OUTPUT | grep -q 'Token looks okay' then echo "- OIDC token accessible" else echo "FAILED: OIDC token not accessible" echo 'TEST FAILED.' > /workspace/status.txt print_logs=true fi if $print_logs; then echo $CLOUD_LOGGING_OUTPUT fi go-tpm-tools-0.4.7/launcher/image/test/scripts/test_launcher_workload_discover_signatures.sh000066400000000000000000000012301510276467000326600ustar00rootroot00000000000000#!/bin/bash set -euxo pipefail source util/read_serial.sh # This test requires the workload to run and printing # corresponding messages to the serial console. SERIAL_OUTPUT=$(read_serial $1 $2) print_serial=false # Check how many times "Found container image signatures" is being logged. counts=$(echo $SERIAL_OUTPUT | grep -o "$3" | wc -l) if [ $counts -eq $4 ]; then echo "- container image signatures pattern [$3] found with expected counts: $4" else echo "FAILED: container image signatures want $4 counts, but got $counts" echo 'TEST FAILED.' > /workspace/status.txt print_serial=true fi if $print_serial; then echo $SERIAL_OUTPUT fi go-tpm-tools-0.4.7/launcher/image/test/scripts/test_launchpolicy_cmd.sh000066400000000000000000000006451510276467000263410ustar00rootroot00000000000000#!/bin/bash set -euo pipefail source util/read_serial.sh # Allow VM some time to boot and write to serial console. sleep 120 SERIAL_OUTPUT=$(read_serial $1 $2) if echo $SERIAL_OUTPUT | grep -q 'CMD is not allowed to be overridden on this image' then echo "- CMD launch policy verified" else echo "FAILED: CMD launch policy verification" echo 'TEST FAILED' > /workspace/status.txt echo $SERIAL_OUTPUT fi go-tpm-tools-0.4.7/launcher/image/test/scripts/test_launchpolicy_cmd_cloudlogging.sh000066400000000000000000000007051510276467000310730ustar00rootroot00000000000000#!/bin/bash set -euo pipefail source util/read_cloud_logging.sh # Allow VM some time to boot and write to serial console. sleep 120 CLOUD_LOGGING_OUTPUT=$(read_cloud_logging $1) if echo $CLOUD_LOGGING_OUTPUT | grep -q 'CMD is not allowed to be overridden on this image' then echo "- CMD launch policy verified" else echo "FAILED: CMD launch policy verification" echo 'TEST FAILED' > /workspace/status.txt echo $CLOUD_LOGGING_OUTPUT fi go-tpm-tools-0.4.7/launcher/image/test/scripts/test_launchpolicy_env.sh000066400000000000000000000007641510276467000263700ustar00rootroot00000000000000#!/bin/bash set -euo pipefail source util/read_serial.sh # Allow VM some time to boot and write to serial console. sleep 120 SERIAL_OUTPUT=$(read_serial $1 $2) if echo $SERIAL_OUTPUT | grep -q --fixed-strings 'env var {OUT a} is not allowed to be overridden on this image; allowed envs to be overridden: [ALLOWED_OVERRIDE]' then echo "- Env launch policy verified" else echo "FAILED: Env launch policy verification" echo 'TEST FAILED' > /workspace/status.txt echo $SERIAL_OUTPUT fi go-tpm-tools-0.4.7/launcher/image/test/scripts/test_launchpolicy_env_cloudlogging.sh000066400000000000000000000010231510276467000311120ustar00rootroot00000000000000#!/bin/bash set -euo pipefail source util/read_cloud_logging.sh # Allow VM some time to boot and write to cloud logging. sleep 120 CLOUD_LOGGING_OUTPUT=$(read_cloud_logging $1) if echo $CLOUD_LOGGING_OUTPUT | grep -q --fixed-strings 'env var {OUT a} is not allowed to be overridden on this image; allowed envs to be overridden: [ALLOWED_OVERRIDE]' then echo "- Env launch policy verified" else echo "FAILED: Env launch policy verification" echo 'TEST FAILED' > /workspace/status.txt echo $CLOUD_LOGGING_OUTPUT fi go-tpm-tools-0.4.7/launcher/image/test/scripts/test_launchpolicy_health_monitoring.sh000066400000000000000000000006221510276467000313030ustar00rootroot00000000000000#!/bin/bash set -euo pipefail source util/read_serial.sh # Allow VM some time to boot and write to serial console. sleep 120 SERIAL_OUTPUT=$(read_serial $1 $2) if echo $SERIAL_OUTPUT | grep -q "$3" then echo "- Health monitoring launch policy verified" else echo "FAILED: Health monitoring launch policy verification" echo 'TEST FAILED' > /workspace/status.txt echo $SERIAL_OUTPUT fi go-tpm-tools-0.4.7/launcher/image/test/scripts/test_launchpolicy_log_debug.sh000066400000000000000000000006341510276467000275230ustar00rootroot00000000000000#!/bin/bash set -euo pipefail source util/read_serial.sh # Allow VM some time to boot and write to serial console. sleep 120 SERIAL_OUTPUT=$(read_serial $1 $2) if echo $SERIAL_OUTPUT | grep -q 'logging redirection not allowed by image' then echo "- Log launch policy verified" else echo "FAILED: Log launch policy verification" echo 'TEST FAILED' > /workspace/status.txt echo $SERIAL_OUTPUT fi go-tpm-tools-0.4.7/launcher/image/test/scripts/test_launchpolicy_log_debug_cloudlogging.sh000066400000000000000000000006731510276467000322630ustar00rootroot00000000000000#!/bin/bash set -euo pipefail source util/read_cloud_logging.sh # Allow VM some time to boot and write to cloud logging. sleep 120 CLOUD_LOGGING_OUTPUT=$(read_cloud_logging $1) if echo $CLOUD_LOGGING_OUTPUT | grep -q 'logging redirection not allowed by image' then echo "- Log launch policy verified" else echo "FAILED: Log launch policy verification" echo 'TEST FAILED' > /workspace/status.txt echo $CLOUD_LOGGING_OUTPUT fi go-tpm-tools-0.4.7/launcher/image/test/scripts/test_launchpolicy_log_never.sh000066400000000000000000000006341510276467000275540ustar00rootroot00000000000000#!/bin/bash set -euo pipefail source util/read_serial.sh # Allow VM some time to boot and write to serial console. sleep 120 SERIAL_OUTPUT=$(read_serial $1 $2) if echo $SERIAL_OUTPUT | grep -q 'logging redirection not allowed by image' then echo "- Log launch policy verified" else echo "FAILED: Log launch policy verification" echo 'TEST FAILED' > /workspace/status.txt echo $SERIAL_OUTPUT fi go-tpm-tools-0.4.7/launcher/image/test/scripts/test_launchpolicy_log_never_cloudlogging.sh000066400000000000000000000006731510276467000323140ustar00rootroot00000000000000#!/bin/bash set -euo pipefail source util/read_cloud_logging.sh # Allow VM some time to boot and write to cloud logging. sleep 120 CLOUD_LOGGING_OUTPUT=$(read_cloud_logging $1) if echo $CLOUD_LOGGING_OUTPUT | grep -q 'logging redirection not allowed by image' then echo "- Log launch policy verified" else echo "FAILED: Log launch policy verification" echo 'TEST FAILED' > /workspace/status.txt echo $CLOUD_LOGGING_OUTPUT fi go-tpm-tools-0.4.7/launcher/image/test/scripts/test_launchpolicy_memory_monitoring.sh000066400000000000000000000006221510276467000313460ustar00rootroot00000000000000#!/bin/bash set -euo pipefail source util/read_serial.sh # Allow VM some time to boot and write to serial console. sleep 120 SERIAL_OUTPUT=$(read_serial $1 $2) if echo $SERIAL_OUTPUT | grep -q "$3" then echo "- Memory monitoring launch policy verified" else echo "FAILED: Memory monitoring launch policy verification" echo 'TEST FAILED' > /workspace/status.txt echo $SERIAL_OUTPUT fi go-tpm-tools-0.4.7/launcher/image/test/scripts/test_log_redirect.sh000066400000000000000000000017061510276467000254650ustar00rootroot00000000000000 #!/bin/bash set -euxo pipefail source util/read_serial.sh source util/read_cloud_logging.sh # Allow VM some time to boot and write to serial console. sleep 120 output="" if [[ "$1" == "serial" ]]; then echo "Reading from serial console for VM $3 in zone $4" output=$(read_serial $3 $4) elif [[ "$1" == "cloud_logging" ]]; then echo "Reading from cloud logging for VM $3" output=$(read_cloud_logging $3) else echo "Usage: test_log_redirect.sh " return 1 fi if [[ $output != *"Token looks okay"* ]] && [[ "$2" == "true" ]]; then echo "FAILED: did not find workload logs in $1, but expected to:" echo $output echo 'TEST FAILED.' > /workspace/status.txt elif [[ $output == *"Token looks okay"* ]] && [[ "$2" == "false" ]]; then echo "FAILED: found workload logs in $1, but did not expect to:" echo $output echo 'TEST FAILED.' > /workspace/status.txt fi go-tpm-tools-0.4.7/launcher/image/test/scripts/test_mds_var_change.sh000066400000000000000000000005771510276467000257700ustar00rootroot00000000000000#!/bin/bash set -euo pipefail source util/read_serial.sh SERIAL_OUTPUT=$(read_serial $1 $2) # Check MDS variables haven't been changed to use the wrong workload image. if echo $SERIAL_OUTPUT | grep -v 'Hello from Cloud Run!' then echo "- verified changed MDS vars have no effect" else echo "FAILED: MDS variables changed" echo 'TEST FAILED' > /workspace/status.txt fi go-tpm-tools-0.4.7/launcher/image/test/scripts/test_memory_monitoring.sh000066400000000000000000000006111510276467000265720ustar00rootroot00000000000000#!/bin/bash set -euxo pipefail source util/read_serial.sh # Allow VM some time to boot and write to serial console. sleep 120 SERIAL_OUTPUT=$(read_serial $1 $2) if echo $SERIAL_OUTPUT | grep -q "$3" then echo "- '$3' found in the VM serial output" else echo "FAILED: '$3' not found in the VM serial output" echo 'TEST FAILED.' > /workspace/status.txt echo $SERIAL_OUTPUT fi go-tpm-tools-0.4.7/launcher/image/test/scripts/test_multiwriterpd_disabled.sh000066400000000000000000000023431510276467000275630ustar00rootroot00000000000000#!/bin/bash set -euo pipefail echo 'Running multi-writer PD test' # grep -z reads the whole input, and -v inverts matches. from_src_image=$(gcloud beta compute disks create --image-family confidential-space --image-project confidential-space-images --multi-writer test-multi-writer-img --zone us-west1-a 2>&1 || true) if echo "$from_src_image" | grep -vz 'Cannot create a multi-writer disk from a source image'; then echo "$from_src_image" echo 'Multi-writer PD creation from image source enabled.' echo 'TEST FAILED.' > /workspace/status.txt fi DISK_NAME="source-boot-disk-$BUILD_ID" echo "Creating PD $DISK_NAME" gcloud compute disks create --image-family confidential-space --image-project confidential-space-images $DISK_NAME --zone us-west1-a from_src_disk=$(gcloud beta compute disks create test-multi-writer-disk --source-disk=$DISK_NAME --multi-writer --zone us-west1-a 2>&1 || true) # Cleanup disk before seeing test result. gcloud compute disks delete $DISK_NAME -q --zone us-west1-a if echo "$from_src_disk" | grep -vz 'Cannot create a multi-writer disk from a source disk'; then echo "$from_src_disk" echo 'Multi-writer PD creation from boot disk source enabled.' echo 'TEST FAILED.' > /workspace/status.txt fi go-tpm-tools-0.4.7/launcher/image/test/scripts/test_os_config_os_policy.sh000066400000000000000000000035161510276467000270520ustar00rootroot00000000000000#!/bin/bash set -euo pipefail if $1 == 'debug' then echo 'Running OS Config OS Policy enabled test' else echo 'Running OS Config OS Policy disabled test' fi cat <> shutdown-ospolicy.yaml osPolicies: - id: shutdown-policy mode: ENFORCEMENT resourceGroups: - resources: id: shutdown-vm exec: validate: interpreter: SHELL script: if true; then sudo shutdown now; else exit 101; fi enforce: interpreter: SHELL script: exit 100 instanceFilter: inclusionLabels: - labels: shutdown-label: $2 rollout: disruptionBudget: percent: 100 minWaitDuration: 1s EOT gcloud compute instances add-labels $2 --labels=shutdown-label=$2 --zone=$3 || true GCLOUD_OUTPUT=$(gcloud compute os-config os-policy-assignments create shutdown-policy --location=$3 --file=shutdown-ospolicy.yaml | tail -1 || true) if echo $GCLOUD_OUTPUT | grep -q 'Created OS policy assignment [shutdown-policy]' then GCLOUD_OUTPUT=$(gcloud compute instances describe $2 --zone=$3 --format="value(status)" || true) else echo 'TEST FAILED: OS policy assignment could not be created' echo 'TEST FAILED.' > /workspace/status.txt exit 1 fi if $1 == 'debug' then if echo $GCLOUD_OUTPUT | grep -q 'TERMINATED' then echo 'Success: OS policy assignment stops the VM' else echo 'TEST FAILED: VM did not terminate' echo 'TEST FAILED.' > /workspace/status.txt fi else if echo $GCLOUD_OUTPUT | grep -q 'TERMINATED' then echo 'TEST FAILED: VM incorrectly terminated' echo 'TEST FAILED.' > /workspace/status.txt else echo 'Success: OS policy assignment does not affect VM' fi fi gcloud compute os-config os-policy-assignments delete shutdown-policy --location=$3 --quiet || true go-tpm-tools-0.4.7/launcher/image/test/scripts/test_ssh_manual.sh000077500000000000000000000046271510276467000251650ustar00rootroot00000000000000#!/bin/bash set -euxo pipefail print_usage() { echo "usage: test_ssh_manual.sh [-i imageName] [-p imageProject]" echo " -i : which image name to use for the VM" echo " -p : which image project to use for the VM" exit 1 } run_ssh_test() { BUILD_ID=$(date +%s) HOME_DIR=$(echo ~) VM_NAME="cs-ssh-test-$BUILD_ID" WORKLOAD_IMAGE='us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/basic-test:latest' ZONE="us-central1-a" ACCOUNT_NAME=$(gcloud config list account --format "value(core.account)" | tr @. _) PROJECT_NAME=$(gcloud config get-value project) # Create a new VM source create_vm.sh -n $VM_NAME -i $IMAGE_NAME -p $IMAGE_PROJECT -m tee-image-reference=$WORKLOAD_IMAGE,tee-container-log-redirect=true,enable-osconfig=TRUE -z $ZONE # Add an SSH public key to an OS Login profile gcloud compute os-login ssh-keys add --key-file=$HOME_DIR/.ssh/google_compute_engine.pub || true echo "Sleeping so settings have time to propagate." sleep 30 # SSH into VM with script if [[ $IMAGE_NAME == *"debug"* ]]; then if ssh -i ~/.ssh/google_compute_engine -o StrictHostKeyChecking=no $ACCOUNT_NAME@nic0.$VM_NAME.$ZONE.c.$PROJECT_NAME.internal.gcpnode.com "echo 'SSHABLE'; exit" ; then echo "Success: SSH to host was successful" sed -i '$ d' ~/.ssh/known_hosts else echo "TEST FAILED: SSH to host was ussuccessful" fi else if ssh -i ~/.ssh/google_compute_engine -o StrictHostKeyChecking=no $ACCOUNT_NAME@nic0.$VM_NAME.$ZONE.c.$PROJECT_NAME.internal.gcpnode.com "echo 'SSHABLE'; exit" ; then echo "TEST FAILED: SSH to host was successful" sed -i '$ d' ~/.ssh/known_hosts else echo "Success: SSH to host was ussuccessful" fi fi # Clean up CLEANUP=true source cleanup.sh $VM_NAME $ZONE } IMAGE_NAME='' IMAGE_PROJECT='' # In getopts, a ':' following a letter means that that flag takes an argument. # For example, i: means -i takes an additional argument. while getopts 'i:p:' flag; do case "${flag}" in i) IMAGE_NAME=${OPTARG} ;; p) IMAGE_PROJECT=${OPTARG} ;; *) print_usage ;; esac done if [ -z "$IMAGE_NAME" ]; then echo "Empty image name supplied." exit 1 fi if [ -z "$IMAGE_PROJECT" ]; then echo "Empty image project supplied." exit 1 fi run_ssh_test go-tpm-tools-0.4.7/launcher/image/test/scripts/test_startupscript_disabled.sh000066400000000000000000000006521510276467000276000ustar00rootroot00000000000000#!/bin/bash set -euo pipefail source util/read_serial.sh echo 'Running startup script test' echo 'Reading from serial port:' SERIAL_OUTPUT=$(read_serial $1 $2) echo $SERIAL_OUTPUT # Without the or logic, this step will fail and cleanup does not run. # Instead, we put the test assertion output in /workspace/status.txt. echo $SERIAL_OUTPUT | grep -v 'Executing startup script' || echo 'TEST FAILED' > /workspace/status.txt go-tpm-tools-0.4.7/launcher/image/test/test_debug_cloudbuild.yaml000066400000000000000000000054301510276467000251560ustar00rootroot00000000000000substitutions: '_IMAGE_NAME': '' '_IMAGE_PROJECT': '' '_CLEANUP': 'true' '_VM_NAME_PREFIX': 'cs-debug-test' '_ZONE': 'us-central1-a' '_WORKLOAD_IMAGE': 'us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/basic-test:latest,tee-cmd=["newCmd"],tee-env-ALLOWED_OVERRIDE=overridden' steps: - name: 'gcr.io/cloud-builders/gcloud' id: CreateVM entrypoint: 'bash' env: - 'BUILD_ID=$BUILD_ID' args: ['create_vm.sh','-i', '${_IMAGE_NAME}', '-p', '${_IMAGE_PROJECT}', '-m', 'tee-image-reference=${_WORKLOAD_IMAGE},tee-container-log-redirect=true', '-n', '${_VM_NAME_PREFIX}-${BUILD_ID}', '-z', '${_ZONE}', ] - name: 'gcr.io/cloud-builders/gcloud' id: BasicWorkloadTest entrypoint: 'bash' args: ['scripts/test_launcher_workload.sh', '${_VM_NAME_PREFIX}-${BUILD_ID}', '${_ZONE}'] - name: 'gcr.io/cloud-builders/gcloud' id: BasicWorkloadTestCloudLogging entrypoint: 'bash' env: - 'PROJECT_ID=$PROJECT_ID' args: ['scripts/test_launcher_workload_cloudlogging.sh', '${_VM_NAME_PREFIX}-${BUILD_ID}'] - name: 'gcr.io/cloud-builders/gcloud' id: ChangeMDSVariables entrypoint: 'bash' args: ['util/change_metadata_vars.sh', '-n', '${_VM_NAME_PREFIX}-${BUILD_ID}', '-z', '${_ZONE}', '-m', 'tee-image-reference=gcr.io/cloudrun/hello:latest', ] - name: 'gcr.io/cloud-builders/gcloud' id: ChangeMDSVariablesTest entrypoint: 'bash' args: ['scripts/test_mds_var_change.sh', '${_VM_NAME_PREFIX}-${BUILD_ID}', '${_ZONE}'] - name: 'gcr.io/cloud-builders/gcloud' id: CheckDebugVMAliveAfterLauncherExits script: | #!/usr/bin/env bash set -euo pipefail # Waiting for 2.5 mins, after the workload is finished. # If using a debug image, the VM should still be accessible after # the workload exit normally. # Check the script: launcher/image/exit_script.sh for detail logic. sleep 150 result=$(gcloud compute instances list --filter="name=(${_VM_NAME_PREFIX}-${BUILD_ID})" --zones=${_ZONE} --format="value(STATUS)") if [[ "${result}" == "RUNNING" ]]; then echo "verified debug VM is still running after 2.5 mins" else echo "FAILED: expect debug VM to be still running" echo "TEST FAILED. Expect debug VM to be still running" > /workspace/status.txt fi automapSubstitutions: true - name: 'gcr.io/cloud-builders/gcloud' id: CleanUp entrypoint: 'bash' env: - 'CLEANUP=$_CLEANUP' args: ['cleanup.sh', '${_VM_NAME_PREFIX}-${BUILD_ID}', '${_ZONE}'] # Must come after cleanup. - name: 'gcr.io/cloud-builders/gcloud' id: CheckFailure entrypoint: 'bash' env: - 'BUILD_ID=$BUILD_ID' args: ['check_failure.sh'] options: pool: name: 'projects/confidential-space-images-dev/locations/us-west1/workerPools/cs-image-build-vpc' go-tpm-tools-0.4.7/launcher/image/test/test_debug_unstable_cloudbuild.yaml000066400000000000000000000025331510276467000270540ustar00rootroot00000000000000substitutions: '_IMAGE_NAME': '' '_IMAGE_PROJECT': '' '_CLEANUP': 'true' '_VM_NAME_PREFIX': 'cs-debug-test' '_ZONE': 'us-central1-a' '_WORKLOAD_IMAGE': 'us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/basic-test:latest' steps: - name: 'gcr.io/cloud-builders/gcloud' id: CreateVM entrypoint: 'bash' env: - 'BUILD_ID=$BUILD_ID' args: ['create_vm.sh','-i', '${_IMAGE_NAME}', '-p', '${_IMAGE_PROJECT}', '-m', 'tee-image-reference=${_WORKLOAD_IMAGE},tee-container-log-redirect=true,tee-cmd=["newCmd"],tee-env-ALLOWED_OVERRIDE=overridden,enable-osconfig=TRUE', '-n', '${_VM_NAME_PREFIX}-${BUILD_ID}', '-z', '${_ZONE}', ] - name: 'gcr.io/cloud-builders/gcloud' id: OsConfigOsPolicyEnabledTest entrypoint: 'bash' args: ['scripts/test_os_config_os_policy.sh', 'debug', '${_VM_NAME_PREFIX}-${BUILD_ID}', '${_ZONE}'] - name: 'gcr.io/cloud-builders/gcloud' id: CleanUp entrypoint: 'bash' env: - 'CLEANUP=$_CLEANUP' args: ['cleanup.sh', '${_VM_NAME_PREFIX}-${BUILD_ID}', '${_ZONE}'] # Must come after cleanup. - name: 'gcr.io/cloud-builders/gcloud' id: CheckFailure entrypoint: 'bash' env: - 'BUILD_ID=$BUILD_ID' args: ['check_failure.sh'] options: pool: name: 'projects/confidential-space-images-dev/locations/us-west1/workerPools/cs-image-build-vpc' go-tpm-tools-0.4.7/launcher/image/test/test_discover_signatures.yaml000066400000000000000000000052651510276467000257520ustar00rootroot00000000000000substitutions: '_IMAGE_NAME': '' '_IMAGE_PROJECT': '' '_CLEANUP': 'true' '_VM_NAME_PREFIX': 'discover-signatures' '_ZONE': 'us-west1-a' '_WORKLOAD_IMAGE': 'us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/basic-test:latest' '_SIGNATURE_REPO': 'us-docker.pkg.dev/confidential-space-images-dev/cs-cosign-tests/hardened' steps: - name: 'gcr.io/projectsigstore/cosign:v2.2.0' id: SignContainer entrypoint: 'sh' env: - 'BUILD_ID=$BUILD_ID' args: - -c - | # Unpadded base64 encoding on the CloudKMS public key pub=$(cosign public-key --key gcpkms://projects/confidential-space-images-dev/locations/global/keyRings/cosign-test/cryptoKeys/ecdsa/cryptoKeyVersions/1 | openssl base64) pub=$(echo $pub | tr -d '[:space:]' | sed 's/[=]*$//') # Use cosign sign export COSIGN_REPOSITORY=${_SIGNATURE_REPO} cosign sign --key gcpkms://projects/confidential-space-images-dev/locations/global/keyRings/cosign-test/cryptoKeys/ecdsa/cryptoKeyVersions/1 ${_WORKLOAD_IMAGE} -a dev.cosignproject.cosign/sigalg=ECDSA_P256_SHA256 -a dev.cosignproject.cosign/pub=$pub - name: 'gcr.io/cloud-builders/gcloud' id: CreateVM entrypoint: 'bash' env: - 'BUILD_ID=$BUILD_ID' args: ['create_vm.sh','-i', '${_IMAGE_NAME}', '-p', '${_IMAGE_PROJECT}', '-m', 'tee-image-reference=${_WORKLOAD_IMAGE},tee-container-log-redirect=true,tee-signed-image-repos=${_SIGNATURE_REPO},tee-env-ALLOWED_OVERRIDE=overridden,tee-cmd=["newCmd"]', '-n', '${_VM_NAME_PREFIX}-${BUILD_ID}', '-z', '${_ZONE}', ] - name: 'gcr.io/cloud-builders/gcloud' id: BasicDiscoverSignaturesTest entrypoint: 'bash' args: ['scripts/test_launcher_workload_discover_signatures.sh', '${_VM_NAME_PREFIX}-${BUILD_ID}', '${_ZONE}', 'Found container image signatures', '1'] - name: 'gcr.io/cloud-builders/gcloud' id: CleanUp entrypoint: 'bash' env: - 'CLEANUP=$_CLEANUP' args: ['cleanup.sh', '${_VM_NAME_PREFIX}-${BUILD_ID}', '${_ZONE}'] - name: 'gcr.io/cloud-builders/gcloud' id: DeleteContainerSignatures env: - 'BUILD_ID=$BUILD_ID' entrypoint: 'bash' args: - -c - | echo "Deleting container signatures..." digest=$(gcloud artifacts docker images describe ${_WORKLOAD_IMAGE} --format 'value(image_summary.digest)') tag=${digest/":"/"-"}.sig # Delete container signature by its tag gcloud artifacts docker images delete -q ${_SIGNATURE_REPO}:${tag} # Must come after cleanup. - name: 'gcr.io/cloud-builders/gcloud' id: CheckFailure entrypoint: 'bash' env: - 'BUILD_ID=$BUILD_ID' args: ['check_failure.sh'] options: pool: name: 'projects/confidential-space-images-dev/locations/us-west1/workerPools/cs-image-build-vpc' go-tpm-tools-0.4.7/launcher/image/test/test_experiments_client.yaml000066400000000000000000000024051510276467000255620ustar00rootroot00000000000000substitutions: '_IMAGE_NAME': '' '_IMAGE_PROJECT': '' '_CLEANUP': 'true' '_VM_NAME_PREFIX': 'cs-experiments-test' '_ZONE': 'asia-east1-a' '_WORKLOAD_IMAGE': 'us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/basic-test:latest' steps: - name: 'gcr.io/cloud-builders/gcloud' id: CreateVM entrypoint: 'bash' env: - 'BUILD_ID=$BUILD_ID' args: ['create_vm.sh','-i', '${_IMAGE_NAME}', '-p', '${_IMAGE_PROJECT}', '-m', 'tee-image-reference=${_WORKLOAD_IMAGE},tee-container-log-redirect=true', '-n', '${_VM_NAME_PREFIX}-${BUILD_ID}', '-z', '${_ZONE}', ] - name: 'gcr.io/cloud-builders/gcloud' id: TestExperimentTrue entrypoint: 'bash' args: ['scripts/test_experiment_value.sh', "true", '${_VM_NAME_PREFIX}-${BUILD_ID}', '${_ZONE}'] - name: 'gcr.io/cloud-builders/gcloud' id: CleanUp entrypoint: 'bash' env: - 'CLEANUP=$_CLEANUP' args: ['cleanup.sh', '${_VM_NAME_PREFIX}-${BUILD_ID}', '${_ZONE}'] # Must come after cleanup. - name: 'gcr.io/cloud-builders/gcloud' id: CheckFailure entrypoint: 'bash' env: - 'BUILD_ID=$BUILD_ID' args: ['check_failure.sh'] options: pool: name: 'projects/confidential-space-images-dev/locations/us-west1/workerPools/cs-image-build-vpc' go-tpm-tools-0.4.7/launcher/image/test/test_hardened_cloudbuild.yaml000066400000000000000000000055621510276467000256500ustar00rootroot00000000000000substitutions: # Expects hardened image (not debug) and should have startup-script service # disabled. google-startup-scripts.service is only enabled with multi-user.target. '_IMAGE_NAME': '' '_IMAGE_PROJECT': '' # Add user-data in the metadata to test if it is disabled. '_METADATA_FILE': 'startup-script=data/echo_startupscript.sh,user-data=data/cloud-init-config.yaml' '_CLEANUP': 'true' '_VM_NAME_PREFIX': 'cs-hardened-test' '_ZONE': 'us-west1-a' '_WORKLOAD_IMAGE': 'us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/basic-test:latest' steps: - name: 'gcr.io/cloud-builders/gcloud' id: CreateVM entrypoint: 'bash' env: - 'BUILD_ID=$BUILD_ID' args: ['create_vm.sh','-i', '${_IMAGE_NAME}', '-p', '${_IMAGE_PROJECT}', '-f', '${_METADATA_FILE}', '-m', 'tee-image-reference=${_WORKLOAD_IMAGE},tee-container-log-redirect=true,tee-cmd=["newCmd"],tee-env-ALLOWED_OVERRIDE=overridden', '-n', '${_VM_NAME_PREFIX}-${BUILD_ID}', '-z', '${_ZONE}', ] - name: 'gcr.io/cloud-builders/gcloud' id: BasicWorkloadTest entrypoint: 'bash' args: ['scripts/test_launcher_workload.sh', '${_VM_NAME_PREFIX}-${BUILD_ID}', '${_ZONE}'] - name: 'gcr.io/cloud-builders/gcloud' id: BasicWorkloadTestCloudLogging entrypoint: 'bash' env: - 'PROJECT_ID=$PROJECT_ID' args: ['scripts/test_launcher_workload_cloudlogging.sh', '${_VM_NAME_PREFIX}-${BUILD_ID}'] - name: 'gcr.io/cloud-builders/gcloud' id: ChangeMDSVariables entrypoint: 'bash' args: ['util/change_metadata_vars.sh', '-n', '${_VM_NAME_PREFIX}-${BUILD_ID}', '-z', '${_ZONE}', '-m', 'tee-image-reference=gcr.io/cloudrun/hello:latest', ] - name: 'gcr.io/cloud-builders/gcloud' id: ChangeMDSVariablesTest entrypoint: 'bash' args: ['scripts/test_mds_var_change.sh', '${_VM_NAME_PREFIX}-${BUILD_ID}', '${_ZONE}'] - name: 'gcr.io/cloud-builders/gcloud' id: MultiWriterPDTest entrypoint: 'bash' env: - 'BUILD_ID=$BUILD_ID' args: ['scripts/test_multiwriterpd_disabled.sh'] - name: 'gcr.io/cloud-builders/gcloud' id: StartupScriptDisabledTest entrypoint: 'bash' args: ['scripts/test_startupscript_disabled.sh', '${_VM_NAME_PREFIX}-${BUILD_ID}', '${_ZONE}'] - name: 'gcr.io/cloud-builders/gcloud' id: CloudInitUserDataDisabledTest entrypoint: 'bash' args: ['scripts/test_cloud_init_userdata_disabled.sh', '${_VM_NAME_PREFIX}-${BUILD_ID}', '${_ZONE}'] - name: 'gcr.io/cloud-builders/gcloud' id: CleanUp entrypoint: 'bash' env: - 'CLEANUP=$_CLEANUP' args: ['cleanup.sh', '${_VM_NAME_PREFIX}-${BUILD_ID}', '${_ZONE}'] # Must come after cleanup. - name: 'gcr.io/cloud-builders/gcloud' id: CheckFailure entrypoint: 'bash' env: - 'BUILD_ID=$BUILD_ID' args: ['check_failure.sh'] options: pool: name: 'projects/confidential-space-images-dev/locations/us-west1/workerPools/cs-image-build-vpc' go-tpm-tools-0.4.7/launcher/image/test/test_hardened_unstable_cloudbuild.yaml000066400000000000000000000025421510276467000275400ustar00rootroot00000000000000substitutions: '_IMAGE_NAME': '' '_IMAGE_PROJECT': '' '_CLEANUP': 'true' '_VM_NAME_PREFIX': 'cs-hardened-test' '_ZONE': 'asia-south2-a' '_WORKLOAD_IMAGE': 'us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/basic-test:latest' steps: - name: 'gcr.io/cloud-builders/gcloud' id: CreateVM entrypoint: 'bash' env: - 'BUILD_ID=$BUILD_ID' args: ['create_vm.sh','-i', '${_IMAGE_NAME}', '-p', '${_IMAGE_PROJECT}', '-m', 'tee-image-reference=${_WORKLOAD_IMAGE},tee-container-log-redirect=true,tee-cmd=["newCmd"],tee-env-ALLOWED_OVERRIDE=overridden,enable-osconfig=TRUE', '-n', '${_VM_NAME_PREFIX}-${BUILD_ID}', '-z', '${_ZONE}', ] - name: 'gcr.io/cloud-builders/gcloud' id: OsConfigOsPolicyDisabledTest entrypoint: 'bash' args: ['scripts/test_os_config_os_policy.sh', 'hardened', '${_VM_NAME_PREFIX}-${BUILD_ID}', '${_ZONE}'] - name: 'gcr.io/cloud-builders/gcloud' id: CleanUp entrypoint: 'bash' env: - 'CLEANUP=$_CLEANUP' args: ['cleanup.sh', '${_VM_NAME_PREFIX}-${BUILD_ID}', '${_ZONE}'] # Must come after cleanup. - name: 'gcr.io/cloud-builders/gcloud' id: CheckFailure entrypoint: 'bash' env: - 'BUILD_ID=$BUILD_ID' args: ['check_failure.sh'] options: pool: name: 'projects/confidential-space-images-dev/locations/us-west1/workerPools/cs-image-build-vpc' go-tpm-tools-0.4.7/launcher/image/test/test_health_monitoring.yaml000066400000000000000000000074301510276467000253760ustar00rootroot00000000000000substitutions: '_IMAGE_NAME': '' '_IMAGE_PROJECT': '' '_CLEANUP': 'true' '_VM_NAME_PREFIX': 'health-monitoring' '_ZONE': 'us-west1-a' '_WORKLOAD_IMAGE': 'us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/allmonitoring:latest' steps: - name: 'gcr.io/cloud-builders/gcloud' id: CreateVMAllMonitoringEnabled entrypoint: 'bash' env: - 'BUILD_ID=$BUILD_ID' args: ['create_vm.sh','-i', '${_IMAGE_NAME}', '-p', '${_IMAGE_PROJECT}', '-m', 'tee-image-reference=${_WORKLOAD_IMAGE},tee-monitoring-enable=all', '-n', '${_VM_NAME_PREFIX}-enable-${BUILD_ID}', '-z', '${_ZONE}', ] waitFor: ['-'] # The '-' indicates that this step begins immediately. - name: 'gcr.io/cloud-builders/gcloud' id: CheckAllMonitoringEnabled entrypoint: 'bash' # Search a regex pattern that ensures all monitoring is enabled and measured into COS event logs. args: ['scripts/test_memory_monitoring.sh', '${_VM_NAME_PREFIX}-enable-${BUILD_ID}', '${_ZONE}', 'Health Monitoring is enabled by the VM operator.*All health monitoring metrics enabled'] waitFor: ['CreateVMAllMonitoringEnabled'] - name: 'gcr.io/cloud-builders/gcloud' id: CleanUpVMAllMonitoringEnabled entrypoint: 'bash' env: - 'CLEANUP=$_CLEANUP' args: ['cleanup.sh', '${_VM_NAME_PREFIX}-enable-${BUILD_ID}', '${_ZONE}'] waitFor: ['CheckAllMonitoringEnabled'] - name: 'gcr.io/cloud-builders/gcloud' id: CreateVMMemoryOnlyMonitoringEnabled entrypoint: 'bash' env: - 'BUILD_ID=$BUILD_ID' args: ['create_vm.sh','-i', '${_IMAGE_NAME}', '-p', '${_IMAGE_PROJECT}', '-m', 'tee-image-reference=${_WORKLOAD_IMAGE},tee-monitoring-enable=memoryonly', '-n', '${_VM_NAME_PREFIX}-mem-${BUILD_ID}', '-z', '${_ZONE}', ] waitFor: ['-'] # The '-' indicates that this step begins immediately. - name: 'gcr.io/cloud-builders/gcloud' id: CheckMemoryOnlyMonitoringEnabled entrypoint: 'bash' # Search a regex pattern that ensures all monitoring is enabled and measured into COS event logs. args: ['scripts/test_memory_monitoring.sh', '${_VM_NAME_PREFIX}-mem-${BUILD_ID}', '${_ZONE}', 'memory/bytes_used enabled'] waitFor: ['CreateVMMemoryOnlyMonitoringEnabled'] - name: 'gcr.io/cloud-builders/gcloud' id: CleanUpVMMemoryOnlyMonitoringEnabled entrypoint: 'bash' env: - 'CLEANUP=$_CLEANUP' args: ['cleanup.sh', '${_VM_NAME_PREFIX}-mem-${BUILD_ID}', '${_ZONE}'] waitFor: ['CheckMemoryOnlyMonitoringEnabled'] - name: 'gcr.io/cloud-builders/gcloud' id: CreateVMMonitoringDisabled entrypoint: 'bash' env: - 'BUILD_ID=$BUILD_ID' args: ['create_vm.sh','-i', '${_IMAGE_NAME}', '-p', '${_IMAGE_PROJECT}', '-m', 'tee-image-reference=${_WORKLOAD_IMAGE},tee-monitoring-enable=none', '-n', '${_VM_NAME_PREFIX}-disable-${BUILD_ID}', '-z', '${_ZONE}', ] waitFor: ['-'] # The '-' indicates that this step begins immediately. - name: 'gcr.io/cloud-builders/gcloud' id: CheckMonitoringDisabled entrypoint: 'bash' # Search a regex pattern that ensures monitoring is disabled and measured into COS event logs. args: ['scripts/test_memory_monitoring.sh', '${_VM_NAME_PREFIX}-disable-${BUILD_ID}', '${_ZONE}', 'Health Monitoring is disabled'] waitFor: ['CreateVMMonitoringDisabled'] - name: 'gcr.io/cloud-builders/gcloud' id: CleanUpVMMonitoringDisabled entrypoint: 'bash' env: - 'CLEANUP=$_CLEANUP' args: ['cleanup.sh', '${_VM_NAME_PREFIX}-disable-${BUILD_ID}', '${_ZONE}'] waitFor: ['CheckMonitoringDisabled'] # Must come after cleanup. - name: 'gcr.io/cloud-builders/gcloud' id: CheckFailure entrypoint: 'bash' env: - 'BUILD_ID=$BUILD_ID' args: ['check_failure.sh'] options: pool: name: 'projects/confidential-space-images-dev/locations/us-west1/workerPools/cs-image-build-vpc' go-tpm-tools-0.4.7/launcher/image/test/test_http_server.yaml000066400000000000000000000025521510276467000242310ustar00rootroot00000000000000# Test that the TEE server can accept requests for and serve custom tokens. # This is a happy path test. substitutions: '_IMAGE_NAME': '' '_IMAGE_PROJECT': '' '_CLEANUP': 'true' '_VM_NAME_PREFIX': 'cs-http-server-test' '_ZONE': 'asia-east1-a' '_WORKLOAD_IMAGE': 'us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/ipc/happypath:latest' steps: - name: 'gcr.io/cloud-builders/gcloud' id: CreateVM entrypoint: 'bash' env: - 'BUILD_ID=$BUILD_ID' args: ['create_vm.sh','-i', '${_IMAGE_NAME}', '-p', '${_IMAGE_PROJECT}', '-m', 'tee-image-reference=${_WORKLOAD_IMAGE},tee-container-log-redirect=true', '-n', '${_VM_NAME_PREFIX}-${BUILD_ID}', '-z', '${_ZONE}', ] - name: 'gcr.io/cloud-builders/gcloud' id: TestCustomToken entrypoint: 'bash' args: ['scripts/test_custom_token.sh', "true", '${_VM_NAME_PREFIX}-${BUILD_ID}', '${_ZONE}'] - name: 'gcr.io/cloud-builders/gcloud' id: CleanUp entrypoint: 'bash' env: - 'CLEANUP=$_CLEANUP' args: ['cleanup.sh', '${_VM_NAME_PREFIX}-${BUILD_ID}', '${_ZONE}'] # Must come after cleanup. - name: 'gcr.io/cloud-builders/gcloud' id: CheckFailure entrypoint: 'bash' env: - 'BUILD_ID=$BUILD_ID' args: ['check_failure.sh'] options: pool: name: 'projects/confidential-space-images-dev/locations/us-west1/workerPools/cs-image-build-vpc' go-tpm-tools-0.4.7/launcher/image/test/test_ingress_network.yaml000066400000000000000000000041371510276467000251100ustar00rootroot00000000000000# This test needs to be run in a private Cloud Build pool, so the Cloud Build instance # can be in the same network as the test VM. substitutions: '_IMAGE_NAME': '' '_IMAGE_PROJECT': '' '_CLEANUP': 'true' '_ZONE': 'asia-east1-a' '_WORKLOAD_IMAGE': 'docker.io/library/nginx:latest' steps: - name: 'gcr.io/cloud-builders/gcloud' id: CreateServerWorkload entrypoint: 'bash' env: - 'BUILD_ID=$BUILD_ID' args: ['create_vm.sh','-i', '${_IMAGE_NAME}', '-p', '${_IMAGE_PROJECT}', '-m', 'tee-image-reference=${_WORKLOAD_IMAGE}', '-n', 'ingress-network-test-${BUILD_ID}', '-z', '${_ZONE}', ] - name: 'gcr.io/cloud-builders/gcloud' id: CheckReachability waitFor: ['CreateServerWorkload'] entrypoint: 'bash' args: - -c - | echo "sleeping 200s, waiting for workload server to setup..." sleep 200 internalIP=$(gcloud -q compute instances describe ingress-network-test-${BUILD_ID} --zone=${_ZONE} --format='get(networkInterfaces[0].networkIP)') echo "workload internal IP: "${internalIP} # try to connect to the nginx server response=$(curl -v ${internalIP}:80) echo "got response [${response}]" # check nginx default response if [[ "${response}" == *"Welcome to nginx!"* ]]; then echo "workload reachable through the internal network" else echo "FAILED: workload not reachable through the internal network" echo 'TEST FAILED' > /workspace/status.txt fi - name: 'gcr.io/cloud-builders/gcloud' id: CleanUp waitFor: ['CheckReachability'] entrypoint: 'bash' env: - 'CLEANUP=$_CLEANUP' args: ['cleanup.sh', 'ingress-network-test-${BUILD_ID}', '${_ZONE}'] # Must come after cleanup. - name: 'gcr.io/cloud-builders/gcloud' id: CheckFailure waitFor: ['CleanUp'] entrypoint: 'bash' env: - 'BUILD_ID=$BUILD_ID' args: ['check_failure.sh'] options: pool: name: 'projects/confidential-space-images-dev/locations/us-west1/workerPools/cs-image-build-vpc' go-tpm-tools-0.4.7/launcher/image/test/test_launchpolicy_cloudbuild.yaml000066400000000000000000000301341510276467000265610ustar00rootroot00000000000000substitutions: '_HARDENED_IMAGE_NAME': '' '_IMAGE_PROJECT': '' # Add user-data in the metadata to test if it is disabled. '_METADATA_FILE': 'startup-script=data/echo_startupscript.sh,user-data=data/cloud-init-config.yaml' '_CLEANUP': 'true' '_VM_NAME_PREFIX': 'cs-launchpolicy-test' '_ZONE': 'us-east4-a' '_WORKLOAD_IMAGE_LOG_NEVER': 'us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/launchpolicylognever:latest' '_WORKLOAD_IMAGE_LOG_DEBUG': 'us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/launchpolicylogdebug:latest' '_WORKLOAD_IMAGE_ENV': 'us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/basic-test:latest' '_WORKLOAD_IMAGE_CMD': 'us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/launchpolicycmd:latest' '_WORKLOAD_IMAGE_MEMORY_MONITOR_NEVER': 'us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/memorymonitoringnever:latest' '_WORKLOAD_IMAGE_MEMORY_MONITOR_DEBUG': 'us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/memorymonitoringdebug:latest' '_WORKLOAD_IMAGE_HEALTH_MONITOR_NEVER': 'us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/allmonitoringnone:latest' '_WORKLOAD_IMAGE_HEALTH_MONITOR_DEBUG': 'us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/allmonitoringdebug:latest' '_WORKLOAD_IMAGE_HEALTH_MONITOR_MEMORY': 'us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/allmonitoringmemory:latest' '_MEMORY_MONITOR_VM_NAME_PREFIX': 'memory-monitor' '_HEALTH_MONITOR_VM_NAME_PREFIX': 'health-monitor' steps: - name: 'gcr.io/cloud-builders/gcloud' id: CreateVMLogOverride entrypoint: 'bash' env: - 'BUILD_ID=$BUILD_ID' args: ['create_vm.sh','-i', '${_HARDENED_IMAGE_NAME}', '-p', '${_IMAGE_PROJECT}', '-f', '${_METADATA_FILE}', '-m', 'tee-image-reference=${_WORKLOAD_IMAGE_LOG_NEVER},tee-container-log-redirect=true', '-n', '${_VM_NAME_PREFIX}-log-${BUILD_ID}', '-z', '${_ZONE}', ] - name: 'gcr.io/cloud-builders/gcloud' id: LogOverrideTest entrypoint: 'bash' args: ['scripts/test_launchpolicy_log_never.sh', '${_VM_NAME_PREFIX}-log-${BUILD_ID}', '${_ZONE}'] waitFor: ['CreateVMLogOverride'] - name: 'gcr.io/cloud-builders/gcloud' id: LogOverrideTestCloudLogging entrypoint: 'bash' env: - 'PROJECT_ID=$PROJECT_ID' args: ['scripts/test_launchpolicy_log_never_cloudlogging.sh', '${_VM_NAME_PREFIX}-log-${BUILD_ID}'] waitFor: ['CreateVMLogOverride'] - name: 'gcr.io/cloud-builders/gcloud' id: CleanUpLogOverride entrypoint: 'bash' env: - 'CLEANUP=$_CLEANUP' args: ['cleanup.sh', '${_VM_NAME_PREFIX}-log-${BUILD_ID}', '${_ZONE}'] waitFor: ['LogOverrideTest', 'LogOverrideTestCloudLogging'] - name: 'gcr.io/cloud-builders/gcloud' id: CreateVMLogOverrideDebug entrypoint: 'bash' env: - 'BUILD_ID=$BUILD_ID' args: ['create_vm.sh','-i', '${_HARDENED_IMAGE_NAME}', '-p', '${_IMAGE_PROJECT}', '-f', '${_METADATA_FILE}', '-m', 'tee-image-reference=${_WORKLOAD_IMAGE_LOG_DEBUG},tee-container-log-redirect=true', '-n', '${_VM_NAME_PREFIX}-log-${BUILD_ID}', '-z', '${_ZONE}', ] - name: 'gcr.io/cloud-builders/gcloud' id: LogOverrideDebugTest entrypoint: 'bash' args: ['scripts/test_launchpolicy_log_debug.sh', '${_VM_NAME_PREFIX}-log-${BUILD_ID}', '${_ZONE}'] waitFor: ['CreateVMLogOverrideDebug'] - name: 'gcr.io/cloud-builders/gcloud' id: LogOverrideDebugTestCloudLogging entrypoint: 'bash' env: - 'PROJECT_ID=$PROJECT_ID' args: ['scripts/test_launchpolicy_log_debug_cloudlogging.sh', '${_VM_NAME_PREFIX}-log-${BUILD_ID}'] waitFor: ['CreateVMLogOverrideDebug'] - name: 'gcr.io/cloud-builders/gcloud' id: CleanUpLogOverrideDebug entrypoint: 'bash' env: - 'CLEANUP=$_CLEANUP' args: ['cleanup.sh', '${_VM_NAME_PREFIX}-log-${BUILD_ID}', '${_ZONE}'] waitFor: ['LogOverrideDebugTest', 'LogOverrideDebugTestCloudLogging'] - name: 'gcr.io/cloud-builders/gcloud' id: CreateVMEnvOverride entrypoint: 'bash' env: - 'BUILD_ID=$BUILD_ID' args: ['create_vm.sh','-i', '${_HARDENED_IMAGE_NAME}', '-p', '${_IMAGE_PROJECT}', '-f', '${_METADATA_FILE}', '-m', 'tee-image-reference=${_WORKLOAD_IMAGE_ENV},tee-env-OUT=a', '-n', '${_VM_NAME_PREFIX}-env-${BUILD_ID}', '-z', '${_ZONE}', ] waitFor: ['-'] # The '-' indicates that this step begins immediately. - name: 'gcr.io/cloud-builders/gcloud' id: EnvOverrideTest entrypoint: 'bash' args: ['scripts/test_launchpolicy_env.sh', '${_VM_NAME_PREFIX}-env-${BUILD_ID}', '${_ZONE}'] waitFor: ['CreateVMEnvOverride'] - name: 'gcr.io/cloud-builders/gcloud' id: EnvOverrideTestCloudLogging entrypoint: 'bash' env: - 'PROJECT_ID=$PROJECT_ID' args: ['scripts/test_launchpolicy_env_cloudlogging.sh', '${_VM_NAME_PREFIX}-env-${BUILD_ID}'] waitFor: ['CreateVMEnvOverride'] - name: 'gcr.io/cloud-builders/gcloud' id: CleanUpEnvOverride entrypoint: 'bash' env: - 'CLEANUP=$_CLEANUP' args: ['cleanup.sh', '${_VM_NAME_PREFIX}-env-${BUILD_ID}', '${_ZONE}'] waitFor: ['EnvOverrideTest', 'EnvOverrideTestCloudLogging'] - name: 'gcr.io/cloud-builders/gcloud' id: CreateVMCmdOverride entrypoint: 'bash' env: - 'BUILD_ID=$BUILD_ID' args: ['create_vm.sh','-i', '${_HARDENED_IMAGE_NAME}', '-p', '${_IMAGE_PROJECT}', '-f', '${_METADATA_FILE}', '-m', 'tee-image-reference=${_WORKLOAD_IMAGE_CMD},tee-cmd=["newCmd"]', '-n', '${_VM_NAME_PREFIX}-cmd-${BUILD_ID}', '-z', '${_ZONE}', ] waitFor: ['-'] # The '-' indicates that this step begins immediately. - name: 'gcr.io/cloud-builders/gcloud' id: CmdOverrideTest entrypoint: 'bash' args: ['scripts/test_launchpolicy_cmd.sh', '${_VM_NAME_PREFIX}-cmd-${BUILD_ID}', '${_ZONE}'] waitFor: ['CreateVMCmdOverride'] - name: 'gcr.io/cloud-builders/gcloud' id: CmdOverrideTestCloudLogging entrypoint: 'bash' env: - 'PROJECT_ID=$PROJECT_ID' args: ['scripts/test_launchpolicy_cmd_cloudlogging.sh', '${_VM_NAME_PREFIX}-cmd-${BUILD_ID}'] waitFor: ['CreateVMCmdOverride'] - name: 'gcr.io/cloud-builders/gcloud' id: CleanUpCmdOverride entrypoint: 'bash' env: - 'CLEANUP=$_CLEANUP' args: ['cleanup.sh', '${_VM_NAME_PREFIX}-cmd-${BUILD_ID}', '${_ZONE}'] waitFor: ['CmdOverrideTest', 'CmdOverrideTestCloudLogging'] - name: 'gcr.io/cloud-builders/gcloud' id: CreateVMMemoryMonitorDebugOnly entrypoint: 'bash' env: - 'BUILD_ID=$BUILD_ID' args: ['create_vm.sh','-i', '${_HARDENED_IMAGE_NAME}', '-p', '${_IMAGE_PROJECT}', '-m', 'tee-image-reference=${_WORKLOAD_IMAGE_MEMORY_MONITOR_DEBUG},tee-monitoring-memory-enable=true', '-n', '${_MEMORY_MONITOR_VM_NAME_PREFIX}-debugonly-${BUILD_ID}', '-z', '${_ZONE}', ] waitFor: ['-'] # The '-' indicates that this step begins immediately. - name: 'gcr.io/cloud-builders/gcloud' id: MemoryMonitorDebugOnlyTest entrypoint: 'bash' args: ['scripts/test_launchpolicy_memory_monitoring.sh', '${_MEMORY_MONITOR_VM_NAME_PREFIX}-debugonly-${BUILD_ID}', '${_ZONE}', 'memory monitoring only allowed on debug environment by image'] waitFor: ['CreateVMMemoryMonitorDebugOnly'] - name: 'gcr.io/cloud-builders/gcloud' id: CleanUpMemoryMonitorDebugOnly entrypoint: 'bash' env: - 'CLEANUP=$_CLEANUP' args: ['cleanup.sh', '${_MEMORY_MONITOR_VM_NAME_PREFIX}-debugonly-${BUILD_ID}', '${_ZONE}'] waitFor: ['MemoryMonitorDebugOnlyTest'] - name: 'gcr.io/cloud-builders/gcloud' id: CreateVMMemoryMonitorNever entrypoint: 'bash' env: - 'BUILD_ID=$BUILD_ID' args: ['create_vm.sh','-i', '${_HARDENED_IMAGE_NAME}', '-p', '${_IMAGE_PROJECT}', '-m', 'tee-image-reference=${_WORKLOAD_IMAGE_MEMORY_MONITOR_NEVER},tee-monitoring-memory-enable=true', '-n', '${_MEMORY_MONITOR_VM_NAME_PREFIX}-never-${BUILD_ID}', '-z', '${_ZONE}', ] waitFor: ['-'] # The '-' indicates that this step begins immediately. - name: 'gcr.io/cloud-builders/gcloud' id: MemoryMonitorNeverTest entrypoint: 'bash' args: ['scripts/test_launchpolicy_memory_monitoring.sh', '${_MEMORY_MONITOR_VM_NAME_PREFIX}-never-${BUILD_ID}', '${_ZONE}', 'memory monitoring not allowed by image'] waitFor: ['CreateVMMemoryMonitorNever'] - name: 'gcr.io/cloud-builders/gcloud' id: CleanUpMemoryMonitorNever entrypoint: 'bash' env: - 'CLEANUP=$_CLEANUP' args: ['cleanup.sh', '${_MEMORY_MONITOR_VM_NAME_PREFIX}-never-${BUILD_ID}', '${_ZONE}'] waitFor: ['MemoryMonitorNeverTest'] - name: 'gcr.io/cloud-builders/gcloud' id: CreateVMHealthMonitorDebugOnly entrypoint: 'bash' env: - 'BUILD_ID=$BUILD_ID' args: ['create_vm.sh','-i', '${_HARDENED_IMAGE_NAME}', '-p', '${_IMAGE_PROJECT}', '-m', 'tee-image-reference=${_WORKLOAD_IMAGE_HEALTH_MONITOR_DEBUG},tee-monitoring-enable=all', '-n', '${_HEALTH_MONITOR_VM_NAME_PREFIX}-debugonly-${BUILD_ID}', '-z', '${_ZONE}', ] waitFor: ['-'] # The '-' indicates that this step begins immediately. - name: 'gcr.io/cloud-builders/gcloud' id: HealthMonitorDebugOnlyTest entrypoint: 'bash' args: ['scripts/test_launchpolicy_health_monitoring.sh', '${_HEALTH_MONITOR_VM_NAME_PREFIX}-debugonly-${BUILD_ID}', '${_ZONE}', "'none' monitoring allowed on hardened environment.*'all' monitoring allowed on debug environment"] waitFor: ['CreateVMHealthMonitorDebugOnly'] - name: 'gcr.io/cloud-builders/gcloud' id: CleanUpHealthMonitorDebugOnly entrypoint: 'bash' env: - 'CLEANUP=$_CLEANUP' args: ['cleanup.sh', '${_HEALTH_MONITOR_VM_NAME_PREFIX}-debugonly-${BUILD_ID}', '${_ZONE}'] waitFor: ['HealthMonitorDebugOnlyTest'] - name: 'gcr.io/cloud-builders/gcloud' id: CreateVMHealthMonitorNever entrypoint: 'bash' env: - 'BUILD_ID=$BUILD_ID' args: ['create_vm.sh','-i', '${_HARDENED_IMAGE_NAME}', '-p', '${_IMAGE_PROJECT}', '-m', 'tee-image-reference=${_WORKLOAD_IMAGE_HEALTH_MONITOR_NEVER},tee-monitoring-enable=all', '-n', '${_HEALTH_MONITOR_VM_NAME_PREFIX}-never-${BUILD_ID}', '-z', '${_ZONE}', ] waitFor: ['-'] # The '-' indicates that this step begins immediately. - name: 'gcr.io/cloud-builders/gcloud' id: HealthMonitorNeverTest entrypoint: 'bash' args: ['scripts/test_launchpolicy_health_monitoring.sh', '${_HEALTH_MONITOR_VM_NAME_PREFIX}-never-${BUILD_ID}', '${_ZONE}', "'none' monitoring allowed on hardened environment.*'none' monitoring allowed on debug environment"] waitFor: ['CreateVMHealthMonitorNever'] - name: 'gcr.io/cloud-builders/gcloud' id: CleanUpHealthMonitorNever entrypoint: 'bash' env: - 'CLEANUP=$_CLEANUP' args: ['cleanup.sh', '${_HEALTH_MONITOR_VM_NAME_PREFIX}-never-${BUILD_ID}', '${_ZONE}'] waitFor: ['HealthMonitorNeverTest'] - name: 'gcr.io/cloud-builders/gcloud' id: CreateVMHealthMonitorMemory entrypoint: 'bash' env: - 'BUILD_ID=$BUILD_ID' args: ['create_vm.sh','-i', '${_HARDENED_IMAGE_NAME}', '-p', '${_IMAGE_PROJECT}', '-m', 'tee-image-reference=${_WORKLOAD_IMAGE_HEALTH_MONITOR_MEMORY},tee-monitoring-enable=memoryonly', '-n', '${_HEALTH_MONITOR_VM_NAME_PREFIX}-mem-${BUILD_ID}', '-z', '${_ZONE}', ] waitFor: ['-'] # The '-' indicates that this step begins immediately. - name: 'gcr.io/cloud-builders/gcloud' id: HealthMonitorMemoryTest entrypoint: 'bash' args: ['scripts/test_launchpolicy_health_monitoring.sh', '${_HEALTH_MONITOR_VM_NAME_PREFIX}-mem-${BUILD_ID}', '${_ZONE}', "'memoryOnly' monitoring allowed on hardened environment.*'memoryOnly' monitoring allowed on debug environment"] waitFor: ['CreateVMHealthMonitorMemory'] - name: 'gcr.io/cloud-builders/gcloud' id: CleanUpHealthMonitorMemory entrypoint: 'bash' env: - 'CLEANUP=$_CLEANUP' args: ['cleanup.sh', '${_HEALTH_MONITOR_VM_NAME_PREFIX}-mem-${BUILD_ID}', '${_ZONE}'] waitFor: ['HealthMonitorMemoryTest'] # Must come after cleanup. - name: 'gcr.io/cloud-builders/gcloud' id: CheckFailure entrypoint: 'bash' env: - 'BUILD_ID=$BUILD_ID' args: ['check_failure.sh'] options: pool: name: 'projects/confidential-space-images-dev/locations/us-west1/workerPools/cs-image-build-vpc' go-tpm-tools-0.4.7/launcher/image/test/test_log_redirection.yaml000066400000000000000000000122631510276467000250340ustar00rootroot00000000000000substitutions: '_HARDENED_IMAGE_NAME': '' '_IMAGE_PROJECT': '' '_CLEANUP': 'true' '_VM_NAME_PREFIX': 'cs-logredirect-test' '_ZONE': 'us-west1-a' '_WORKLOAD_IMAGE': 'us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/basic_test:latest' steps: - name: 'gcr.io/cloud-builders/gcloud' id: CreateVMRedirectAll entrypoint: 'bash' env: - 'BUILD_ID=$BUILD_ID' args: ['create_vm.sh','-i', '${_HARDENED_IMAGE_NAME}', '-p', '${_IMAGE_PROJECT}', '-m', 'tee-image-reference=${_WORKLOAD_IMAGE},tee-container-log-redirect=true', '-n', '${_VM_NAME_PREFIX}-${BUILD_ID}-all', '-z', '${_ZONE}', ] - name: 'gcr.io/cloud-builders/gcloud' id: LogAllCheckSerialTest entrypoint: 'bash' args: ['scripts/test_log_redirect.sh', 'serial', 'true', '${_VM_NAME_PREFIX}-${BUILD_ID}-all', '${_ZONE}'] waitFor: ['CreateVMRedirectAll'] - name: 'gcr.io/cloud-builders/gcloud' id: LogAllCheckCloudLoggingTest entrypoint: 'bash' env: - 'PROJECT_ID=$PROJECT_ID' args: ['scripts/test_log_redirect.sh', 'cloud_logging', 'true', '${_VM_NAME_PREFIX}-${BUILD_ID}-all', '${_ZONE}'] waitFor: ['CreateVMRedirectAll'] - name: 'gcr.io/cloud-builders/gcloud' id: CleanUpLogAllTest entrypoint: 'bash' env: - 'CLEANUP=$_CLEANUP' args: ['cleanup.sh', '${_VM_NAME_PREFIX}-${BUILD_ID}-all', '${_ZONE}'] waitFor: ['LogAllCheckSerialTest', 'LogAllCheckCloudLoggingTest'] - name: 'gcr.io/cloud-builders/gcloud' id: CreateVMRedirectSerial entrypoint: 'bash' env: - 'BUILD_ID=$BUILD_ID' args: ['create_vm.sh','-i', '${_HARDENED_IMAGE_NAME}', '-p', '${_IMAGE_PROJECT}', '-m', 'tee-image-reference=${_WORKLOAD_IMAGE},tee-container-log-redirect=serial', '-n', '${_VM_NAME_PREFIX}-${BUILD_ID}-serial', '-z', '${_ZONE}', ] waitFor: ['-'] - name: 'gcr.io/cloud-builders/gcloud' id: LogSerialCheckSerialTest entrypoint: 'bash' args: ['scripts/test_log_redirect.sh', 'serial', 'true', '${_VM_NAME_PREFIX}-${BUILD_ID}-serial', '${_ZONE}'] waitFor: ['CreateVMRedirectSerial'] - name: 'gcr.io/cloud-builders/gcloud' id: LogSerialCheckCloudLoggingTest entrypoint: 'bash' env: - 'PROJECT_ID=$PROJECT_ID' args: ['scripts/test_log_redirect.sh', 'cloud_logging', 'false', '${_VM_NAME_PREFIX}-${BUILD_ID}-serial', '${_ZONE}'] waitFor: ['CreateVMRedirectSerial'] - name: 'gcr.io/cloud-builders/gcloud' id: CleanUpLogSerialTest entrypoint: 'bash' env: - 'CLEANUP=$_CLEANUP' args: ['cleanup.sh', '${_VM_NAME_PREFIX}-${BUILD_ID}-serial', '${_ZONE}'] waitFor: ['LogSerialCheckCloudLoggingTest', 'LogSerialCheckCloudLoggingTest'] - name: 'gcr.io/cloud-builders/gcloud' id: CreateVMRedirectCloudLogging entrypoint: 'bash' env: - 'BUILD_ID=$BUILD_ID' args: ['create_vm.sh','-i', '${_HARDENED_IMAGE_NAME}', '-p', '${_IMAGE_PROJECT}', '-m', 'tee-image-reference=${_WORKLOAD_IMAGE},tee-container-log-redirect=cloud_logging', '-n', '${_VM_NAME_PREFIX}-${BUILD_ID}-clog', '-z', '${_ZONE}', ] waitFor: ['-'] - name: 'gcr.io/cloud-builders/gcloud' id: LogCloudLoggingCheckSerialTest entrypoint: 'bash' args: ['scripts/test_log_redirect.sh', 'serial', 'false', '${_VM_NAME_PREFIX}-${BUILD_ID}-clog', '${_ZONE}'] waitFor: ['CreateVMRedirectCloudLogging'] - name: 'gcr.io/cloud-builders/gcloud' id: LogCloudLoggingCheckCloudLoggingTest entrypoint: 'bash' env: - 'PROJECT_ID=$PROJECT_ID' args: ['scripts/test_log_redirect.sh', 'cloud_logging', 'true', '${_VM_NAME_PREFIX}-${BUILD_ID}-clog', '${_ZONE}'] waitFor: ['CreateVMRedirectCloudLogging'] - name: 'gcr.io/cloud-builders/gcloud' id: CleanUpLogCloudLoggingTest entrypoint: 'bash' env: - 'CLEANUP=$_CLEANUP' args: ['cleanup.sh', '${_VM_NAME_PREFIX}-${BUILD_ID}-clog', '${_ZONE}'] waitFor: ['LogCloudLoggingCheckSerialTest', 'LogCloudLoggingCheckCloudLoggingTest'] - name: 'gcr.io/cloud-builders/gcloud' id: CreateVMRedirectNone entrypoint: 'bash' env: - 'BUILD_ID=$BUILD_ID' args: ['create_vm.sh','-i', '${_HARDENED_IMAGE_NAME}', '-p', '${_IMAGE_PROJECT}', '-m', 'tee-image-reference=${_WORKLOAD_IMAGE},tee-container-log-redirect=false', '-n', '${_VM_NAME_PREFIX}-${BUILD_ID}-none', '-z', '${_ZONE}', ] waitFor: ['-'] - name: 'gcr.io/cloud-builders/gcloud' id: LogNoneCheckSerialTest entrypoint: 'bash' args: ['scripts/test_log_redirect.sh', 'serial', 'false', '${_VM_NAME_PREFIX}-${BUILD_ID}-none', '${_ZONE}'] waitFor: ['CreateVMRedirectNone'] - name: 'gcr.io/cloud-builders/gcloud' id: LogNoneCheckCloudLoggingTest entrypoint: 'bash' env: - 'PROJECT_ID=$PROJECT_ID' args: ['scripts/test_log_redirect.sh', 'cloud_logging', 'false', '${_VM_NAME_PREFIX}-${BUILD_ID}-none', '${_ZONE}'] waitFor: ['CreateVMRedirectNone'] - name: 'gcr.io/cloud-builders/gcloud' id: CleanUpLogNoneTest entrypoint: 'bash' env: - 'CLEANUP=$_CLEANUP' args: ['cleanup.sh', '${_VM_NAME_PREFIX}-${BUILD_ID}-none', '${_ZONE}'] waitFor: ['LogNoneCheckSerialTest', 'LogNoneCheckCloudLoggingTest'] # Must come after cleanup. - name: 'gcr.io/cloud-builders/gcloud' id: CheckFailure entrypoint: 'bash' env: - 'BUILD_ID=$BUILD_ID' args: ['check_failure.sh'] go-tpm-tools-0.4.7/launcher/image/test/test_memory_monitoring.yaml000066400000000000000000000055221510276467000254410ustar00rootroot00000000000000substitutions: '_IMAGE_NAME': '' '_IMAGE_PROJECT': '' '_CLEANUP': 'true' '_VM_NAME_PREFIX': 'memory-monitoring' '_ZONE': 'us-west1-a' '_WORKLOAD_IMAGE': 'us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/memorymonitoring:latest' steps: - name: 'gcr.io/cloud-builders/gcloud' id: CreateVMMemoryMemonitorEnabled entrypoint: 'bash' env: - 'BUILD_ID=$BUILD_ID' args: ['create_vm.sh','-i', '${_IMAGE_NAME}', '-p', '${_IMAGE_PROJECT}', '-m', 'tee-image-reference=${_WORKLOAD_IMAGE},tee-monitoring-memory-enable=true', '-n', '${_VM_NAME_PREFIX}-enable-${BUILD_ID}', '-z', '${_ZONE}', ] waitFor: ['-'] # The '-' indicates that this step begins immediately. - name: 'gcr.io/cloud-builders/gcloud' id: CheckMemoryMonitoringEnabled entrypoint: 'bash' # Search a regex pattern that ensures memory monitoring is enabled and measured into COS event logs. args: ['scripts/test_memory_monitoring.sh', '${_VM_NAME_PREFIX}-enable-${BUILD_ID}', '${_ZONE}', 'node-problem-detector.service successfully started.*Successfully measured memory monitoring event'] waitFor: ['CreateVMMemoryMemonitorEnabled'] - name: 'gcr.io/cloud-builders/gcloud' id: CleanUpVMMemoryMonitorEnabled entrypoint: 'bash' env: - 'CLEANUP=$_CLEANUP' args: ['cleanup.sh', '${_VM_NAME_PREFIX}-enable-${BUILD_ID}', '${_ZONE}'] waitFor: ['CheckMemoryMonitoringEnabled'] - name: 'gcr.io/cloud-builders/gcloud' id: CreateVMMemoryMemonitorDisabled entrypoint: 'bash' env: - 'BUILD_ID=$BUILD_ID' args: ['create_vm.sh','-i', '${_IMAGE_NAME}', '-p', '${_IMAGE_PROJECT}', '-m', 'tee-image-reference=${_WORKLOAD_IMAGE},tee-monitoring-memory-enable=false', '-n', '${_VM_NAME_PREFIX}-disable-${BUILD_ID}', '-z', '${_ZONE}', ] waitFor: ['-'] # The '-' indicates that this step begins immediately. - name: 'gcr.io/cloud-builders/gcloud' id: CheckMemoryMonitoringDisabled entrypoint: 'bash' # Search a regex pattern that ensures memory monitoring is disabled and measured into COS event logs. args: ['scripts/test_memory_monitoring.sh', '${_VM_NAME_PREFIX}-disable-${BUILD_ID}', '${_ZONE}', 'Successfully measured memory monitoring event.*MemoryMonitoring is disabled by the VM operator'] waitFor: ['CreateVMMemoryMemonitorDisabled'] - name: 'gcr.io/cloud-builders/gcloud' id: CleanUpVMMemoryMonitorDisabled entrypoint: 'bash' env: - 'CLEANUP=$_CLEANUP' args: ['cleanup.sh', '${_VM_NAME_PREFIX}-disable-${BUILD_ID}', '${_ZONE}'] waitFor: ['CheckMemoryMonitoringDisabled'] # Must come after cleanup. - name: 'gcr.io/cloud-builders/gcloud' id: CheckFailure entrypoint: 'bash' env: - 'BUILD_ID=$BUILD_ID' args: ['check_failure.sh'] options: pool: name: 'projects/confidential-space-images-dev/locations/us-west1/workerPools/cs-image-build-vpc' go-tpm-tools-0.4.7/launcher/image/test/test_mounts.yaml000066400000000000000000000114501510276467000232060ustar00rootroot00000000000000substitutions: '_IMAGE_NAME': '' '_IMAGE_PROJECT': '' '_CLEANUP': 'true' '_VM_NAME_PREFIX': 'cs-mounts-test' '_ZONE': 'us-west1-a' '_WORKLOAD_IMAGE': 'us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/mounts_workload:latest' '_DEV_SHM_SIZE_KB': '128000' '_TMPFS_SIZE_KB': '222' steps: - name: 'gcr.io/cloud-builders/gcloud' id: CreateVMWithDefaultDevShmSize entrypoint: 'bash' env: - 'BUILD_ID=$BUILD_ID' args: ['create_vm.sh','-i', '${_IMAGE_NAME}', '-p', '${_IMAGE_PROJECT}', '-m', '^~^tee-image-reference=${_WORKLOAD_IMAGE}~tee-container-log-redirect=true', '-n', '${_VM_NAME_PREFIX}-${BUILD_ID}-default', '-z', '${_ZONE}', ] - name: 'gcr.io/cloud-builders/gcloud' id: CreateVMWithMountsAllowed entrypoint: 'bash' env: - 'BUILD_ID=$BUILD_ID' - '_DEV_SHM_SIZE_KB=$_DEV_SHM_SIZE_KB' - '_TMPFS_SIZE_KB=$_TMPFS_SIZE_KB' args: ['create_vm.sh','-i', '${_IMAGE_NAME}', '-p', '${_IMAGE_PROJECT}', '-m', '^~^tee-image-reference=${_WORKLOAD_IMAGE}~tee-container-log-redirect=true~tee-mount=type=tmpfs,source=tmpfs,destination=/tmp/sized,size=${_TMPFS_SIZE_KB}000~tee-dev-shm-size-kb=${_DEV_SHM_SIZE_KB}', '-n', '${_VM_NAME_PREFIX}-${BUILD_ID}-allowed', '-z', '${_ZONE}', ] - name: 'gcr.io/cloud-builders/gcloud' id: CreateVMWithMountsDenied entrypoint: 'bash' env: - 'BUILD_ID=$BUILD_ID' args: ['create_vm.sh','-i', '${_IMAGE_NAME}', '-p', '${_IMAGE_PROJECT}', '-m', '^~^tee-image-reference=${_WORKLOAD_IMAGE}~tee-container-log-redirect=true~tee-mount=type=tmpfs,source=tmpfs,destination=/disallowed', '-n', '${_VM_NAME_PREFIX}-${BUILD_ID}-denied', '-z', '${_ZONE}', ] - name: 'gcr.io/cloud-builders/gcloud' id: CheckDevShmExists env: - '_VM_NAME_PREFIX=$_VM_NAME_PREFIX' - 'BUILD_ID=$BUILD_ID' - '_ZONE=$_ZONE' script: | #!/bin/bash set -euo pipefail source util/read_serial.sh sleep 45 SERIAL_OUTPUT=$(read_serial ${_VM_NAME_PREFIX}-${BUILD_ID}-default ${_ZONE}) if echo $SERIAL_OUTPUT | grep -q "shm.*/dev/shm" then echo "- Verified /dev/shm mounted by defaul" else echo "FAILED: /dev/shm mount failed" echo 'TEST FAILED' > /workspace/status.txt echo $SERIAL_OUTPUT fi - name: 'gcr.io/cloud-builders/gcloud' id: CheckMountsAllowed env: - '_VM_NAME_PREFIX=$_VM_NAME_PREFIX' - 'BUILD_ID=$BUILD_ID' - '_ZONE=$_ZONE' - '_DEV_SHM_SIZE_KB=$_DEV_SHM_SIZE_KB' - '_TMPFS_SIZE_KB=$_TMPFS_SIZE_KB' script: | #!/bin/bash set -euo pipefail source util/read_serial.sh sleep 45 SERIAL_OUTPUT=$(read_serial ${_VM_NAME_PREFIX}-${BUILD_ID}-allowed ${_ZONE}) if echo $SERIAL_OUTPUT | grep -q "tmpfs.*220.*/tmp/sized" then echo "- Mount verified for sized tmpfs" else echo "FAILED: Mount verification for sized tmpfs" echo 'TEST FAILED' > /workspace/status.txt echo $SERIAL_OUTPUT fi if echo $SERIAL_OUTPUT | grep -q "shm.*${_DEV_SHM_SIZE_KB}.*/dev/shm" then echo "- Mount verified for /dev/shm size" else echo "FAILED: Mount verification for /dev/shm size" echo 'TEST FAILED' > /workspace/status.txt echo $SERIAL_OUTPUT fi - name: 'gcr.io/cloud-builders/gcloud' id: CheckMountsDenied env: - '_VM_NAME_PREFIX=$_VM_NAME_PREFIX' - 'BUILD_ID=$BUILD_ID' - '_ZONE=$_ZONE' script: | #!/bin/bash set -euo pipefail source util/read_serial.sh sleep 45 SERIAL_OUTPUT=$(read_serial ${_VM_NAME_PREFIX}-${BUILD_ID}-denied ${_ZONE}) if echo $SERIAL_OUTPUT | grep -q "policy only allows mounts in the following paths" then echo "- Mount launch policy verified for disallowed mounts" else echo "FAILED: Mount launch policy verification for disallowed mounts" echo 'TEST FAILED' > /workspace/status.txt echo $SERIAL_OUTPUT fi waitFor: ['CreateVMWithMountsDenied'] - name: 'gcr.io/cloud-builders/gcloud' id: CleanUpVMWithDefault entrypoint: 'bash' env: - 'CLEANUP=$_CLEANUP' args: ['cleanup.sh', '${_VM_NAME_PREFIX}-${BUILD_ID}-default', '${_ZONE}'] waitFor: ['CheckDevShmExists'] - name: 'gcr.io/cloud-builders/gcloud' id: CleanUpVMWithMountsAllowed entrypoint: 'bash' env: - 'CLEANUP=$_CLEANUP' args: ['cleanup.sh', '${_VM_NAME_PREFIX}-${BUILD_ID}-allowed', '${_ZONE}'] waitFor: ['CheckMountsAllowed'] - name: 'gcr.io/cloud-builders/gcloud' id: CleanUpVMWithMountsDenied entrypoint: 'bash' env: - 'CLEANUP=$_CLEANUP' args: ['cleanup.sh', '${_VM_NAME_PREFIX}-${BUILD_ID}-denied', '${_ZONE}'] waitFor: ['CheckMountsDenied'] # Must come after cleanup. - name: 'gcr.io/cloud-builders/gcloud' id: CheckFailure entrypoint: 'bash' env: - 'BUILD_ID=$BUILD_ID' args: ['check_failure.sh'] go-tpm-tools-0.4.7/launcher/image/test/test_oda_with_signed_container.yaml000066400000000000000000000043501510276467000270530ustar00rootroot00000000000000substitutions: '_IMAGE_NAME': '' '_IMAGE_PROJECT': '' '_CLEANUP': 'true' '_VM_NAME_PREFIX': 'oda-signedcontainer' '_ZONE': 'us-west1-a' # If the workload image changes, the commit author should change the cosign signature as well to not break tests. '_WORKLOAD_IMAGE': 'us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/ipc/happypath@sha256:836d4ad39fa0fec5b386c4051a175036bd13d74a75d57933d30f6b804e509c8c' '_SIGNATURE_REPO': 'us-docker.pkg.dev/confidential-space-images-dev/cs-cosign-tests/oda' '_EXPECTED_SIG': 'MEUCIFoV6g8jU+EDQZJsySY5KcHYh/yRepxDFSUjhcJZ5du8AiEAooEHwjKsPIxO24NYE565E56DLU9H9vNX+jTP1nYwfNE=' steps: - name: 'gcr.io/cloud-builders/gcloud' id: CreateVM entrypoint: 'bash' env: - 'BUILD_ID=$BUILD_ID' args: ['create_vm.sh','-i', '${_IMAGE_NAME}', '-p', '${_IMAGE_PROJECT}', '-m', 'tee-image-reference=${_WORKLOAD_IMAGE},tee-container-log-redirect=true,tee-signed-image-repos=${_SIGNATURE_REPO},tee-env-ALLOWED_OVERRIDE=overridden,tee-cmd=["newCmd"]', '-n', '${_VM_NAME_PREFIX}-${BUILD_ID}', '-z', '${_ZONE}', ] - name: 'gcr.io/cloud-builders/gcloud' id: TestCustomToken entrypoint: 'bash' args: ['scripts/test_custom_token.sh', "true", '${_VM_NAME_PREFIX}-${BUILD_ID}', '${_ZONE}'] - name: 'gcr.io/cloud-builders/gcloud' id: BasicDiscoverSignaturesTest entrypoint: 'bash' # Check how many times container image signatures is being logged. # Since signature logging will occur on refresh the default token, and on attest agent calling the `Attest` method, so the expected number should be 3. # This also checks the fetched signatures are the same. args: ['scripts/test_launcher_workload_discover_signatures.sh', '${_VM_NAME_PREFIX}-${BUILD_ID}', '${_ZONE}', '${_EXPECTED_SIG}', '3'] - name: 'gcr.io/cloud-builders/gcloud' id: CleanUp entrypoint: 'bash' env: - 'CLEANUP=$_CLEANUP' args: ['cleanup.sh', '${_VM_NAME_PREFIX}-${BUILD_ID}', '${_ZONE}'] # Must come after cleanup. - name: 'gcr.io/cloud-builders/gcloud' id: CheckFailure entrypoint: 'bash' env: - 'BUILD_ID=$BUILD_ID' args: ['check_failure.sh'] options: pool: name: 'projects/confidential-space-images-dev/locations/us-west1/workerPools/cs-image-build-vpc' go-tpm-tools-0.4.7/launcher/image/test/test_privileged.yaml000066400000000000000000000122551510276467000240170ustar00rootroot00000000000000 substitutions: '_IMAGE_NAME': '' '_IMAGE_PROJECT': '' '_CLEANUP': 'true' '_VM_NAME_PREFIX': 'cs-priv' '_ZONE': 'asia-east1-a' '_WORKLOAD_IMAGE': 'us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/privileged:latest' '_BASIC_IMAGE': 'us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/basic-test:latest' steps: - name: 'gcr.io/cloud-builders/gcloud' id: CreateVMWithPrivileges entrypoint: 'bash' env: - 'BUILD_ID=$BUILD_ID' # Caps from https://github.com/containerd/containerd/blob/v2.0.3/pkg/cap/cap_linux.go#L118. args: ['create_vm.sh','-i', '${_IMAGE_NAME}', '-p', '${_IMAGE_PROJECT}', '-m', '^~^tee-image-reference=${_WORKLOAD_IMAGE}~tee-container-log-redirect=true~tee-cgroup-ns=true~tee-added-capabilities=["CAP_CHOWN","CAP_DAC_OVERRIDE","CAP_DAC_READ_SEARCH","CAP_FOWNER","CAP_FSETID","CAP_KILL","CAP_SETGID","CAP_SETUID","CAP_SETPCAP","CAP_LINUX_IMMUTABLE","CAP_NET_BIND_SERVICE","CAP_NET_BROADCAST","CAP_NET_ADMIN","CAP_NET_RAW","CAP_IPC_LOCK","CAP_IPC_OWNER","CAP_SYS_MODULE","CAP_SYS_RAWIO","CAP_SYS_CHROOT","CAP_SYS_PTRACE","CAP_SYS_PACCT","CAP_SYS_ADMIN","CAP_SYS_BOOT","CAP_SYS_NICE","CAP_SYS_RESOURCE","CAP_SYS_TIME","CAP_SYS_TTY_CONFIG","CAP_MKNOD","CAP_LEASE","CAP_AUDIT_WRITE","CAP_AUDIT_CONTROL","CAP_SETFCAP","CAP_MAC_OVERRIDE","CAP_MAC_ADMIN","CAP_SYSLOG","CAP_WAKE_ALARM","CAP_BLOCK_SUSPEND","CAP_AUDIT_READ","CAP_PERFMON","CAP_BPF","CAP_CHECKPOINT_RESTORE"]', '-n', '${_VM_NAME_PREFIX}-${BUILD_ID}-privileged', '-z', '${_ZONE}', ] - name: 'gcr.io/cloud-builders/gcloud' id: CreateVMWithCgroupsDenied entrypoint: 'bash' env: - 'BUILD_ID=$BUILD_ID' args: ['create_vm.sh','-i', '${_IMAGE_NAME}', '-p', '${_IMAGE_PROJECT}', '-m', '^~^tee-image-reference=${_BASIC_IMAGE}~tee-container-log-redirect=true~tee-cgroup-ns=true', '-n', '${_VM_NAME_PREFIX}-${BUILD_ID}-cgroupsdenied', '-z', '${_ZONE}', ] - name: 'gcr.io/cloud-builders/gcloud' id: CreateVMWithCapsDenied entrypoint: 'bash' env: - 'BUILD_ID=$BUILD_ID' args: ['create_vm.sh','-i', '${_IMAGE_NAME}', '-p', '${_IMAGE_PROJECT}', '-m', '^~^tee-image-reference=${_BASIC_IMAGE}~tee-container-log-redirect=true~tee-added-capabilities=["CAP_SYS_ADMIN"]', '-n', '${_VM_NAME_PREFIX}-${BUILD_ID}-capsdenied', '-z', '${_ZONE}', ] - name: 'gcr.io/cloud-builders/gcloud' id: CheckPrivilegesExist env: - '_VM_NAME_PREFIX=$_VM_NAME_PREFIX' - 'BUILD_ID=$BUILD_ID' - '_ZONE=$_ZONE' script: | #!/bin/bash set -euo pipefail source util/read_serial.sh sleep 45 SERIAL_OUTPUT=$(read_serial ${_VM_NAME_PREFIX}-${BUILD_ID}-privileged ${_ZONE}) if echo $SERIAL_OUTPUT | grep -q "=ep" then echo "- Verified added all caps" else echo "FAILED: caps not added" echo 'TEST FAILED' > /workspace/status.txt echo $SERIAL_OUTPUT fi if echo $SERIAL_OUTPUT | grep -q "testgroup" then echo "- Verified added cgroup" else echo "FAILED: cgroup not added" echo 'TEST FAILED' > /workspace/status.txt echo $SERIAL_OUTPUT fi - name: 'gcr.io/cloud-builders/gcloud' id: CheckCgroupDenied env: - '_VM_NAME_PREFIX=$_VM_NAME_PREFIX' - 'BUILD_ID=$BUILD_ID' - '_ZONE=$_ZONE' script: | #!/bin/bash set -euo pipefail source util/read_serial.sh sleep 45 SERIAL_OUTPUT=$(read_serial ${_VM_NAME_PREFIX}-${BUILD_ID}-cgroupsdenied ${_ZONE}) if echo $SERIAL_OUTPUT | grep -q "cgroups usage is not allowed" then echo "- cgroup not added" else echo "FAILED: cgroup added even though policy denied" echo 'TEST FAILED' > /workspace/status.txt echo $SERIAL_OUTPUT fi - name: 'gcr.io/cloud-builders/gcloud' id: CheckCapsDenied env: - '_VM_NAME_PREFIX=$_VM_NAME_PREFIX' - 'BUILD_ID=$BUILD_ID' - '_ZONE=$_ZONE' script: | #!/bin/bash set -euo pipefail source util/read_serial.sh sleep 45 SERIAL_OUTPUT=$(read_serial ${_VM_NAME_PREFIX}-${BUILD_ID}-capsdenied ${_ZONE}) if echo $SERIAL_OUTPUT | grep -q "additional capabilities are not allowed" then echo "- caps not added" else echo "FAILED: caps added even though policy denied" echo 'TEST FAILED' > /workspace/status.txt echo $SERIAL_OUTPUT fi - name: 'gcr.io/cloud-builders/gcloud' id: CleanupPrivileged entrypoint: 'bash' env: - 'CLEANUP=$_CLEANUP' args: ['cleanup.sh', '${_VM_NAME_PREFIX}-${BUILD_ID}-privileged', '${_ZONE}'] waitFor: ['CheckPrivilegesExist'] - name: 'gcr.io/cloud-builders/gcloud' id: CleanupCgroupDenied entrypoint: 'bash' env: - 'CLEANUP=$_CLEANUP' args: ['cleanup.sh', '${_VM_NAME_PREFIX}-${BUILD_ID}-cgroupsdenied', '${_ZONE}'] waitFor: ['CheckCgroupDenied'] - name: 'gcr.io/cloud-builders/gcloud' id: CleanupCapsDenied entrypoint: 'bash' env: - 'CLEANUP=$_CLEANUP' args: ['cleanup.sh', '${_VM_NAME_PREFIX}-${BUILD_ID}-capsdenied', '${_ZONE}'] waitFor: ['CheckCapsDenied'] # Must come after cleanup. - name: 'gcr.io/cloud-builders/gcloud' id: CheckFailure entrypoint: 'bash' env: - 'BUILD_ID=$BUILD_ID' args: ['check_failure.sh'] go-tpm-tools-0.4.7/launcher/image/test/util/000077500000000000000000000000001510276467000207125ustar00rootroot00000000000000go-tpm-tools-0.4.7/launcher/image/test/util/change_metadata_vars.sh000077500000000000000000000032021510276467000253660ustar00rootroot00000000000000#!/bin/bash set -euxo pipefail print_usage() { echo "usage: change_metadata_vars.sh -n instanceName -z instanceZone [-m metadata] [-f metadataFromFile]" echo " -m : metadata variables on VM creation; passed directly into gcloud" echo " -f : read a metadata value from a file; specified in format key=filePath" echo " -n : instance name" echo " -z : instance zone" exit 1 } update_metadata() { if [ -z "${VM_NAME}" ]; then echo "Empty VM name supplied." exit 1 fi if [ -z "${ZONE}" ]; then echo "Empty zone supplied." exit 1 fi APPEND_ZONE="--zone ${ZONE}" if [ -z "${METADATA}${METADATA_FILE}" ]; then echo "Empty metadata supplied." exit 1 fi APPEND_METADATA='' if ! [ -z "${METADATA}" ]; then APPEND_METADATA="--metadata ${METADATA}" fi APPEND_METADATA_FILE='' if ! [ -z "${METADATA_FILE}" ]; then APPEND_METADATA_FILE="--metadata-from-file ${METADATA_FILE}" fi echo "Updating VM ${VM_NAME} in ${ZONE} with metadata: ${METADATA_FILE} ${METADATA}" # check the active account gcloud auth list gcloud compute instances add-metadata $VM_NAME \ $APPEND_ZONE $APPEND_METADATA $APPEND_METADATA_FILE } METADATA_FILE='' METADATA='' VM_NAME='' ZONE='' # In getopts, a ':' following a letter means that that flag takes an argument. # For example, i: means -i takes an additional argument. while getopts 'f:m:n:z:' flag; do case "${flag}" in f) METADATA_FILE=${OPTARG} ;; m) METADATA=${OPTARG} ;; n) VM_NAME=${OPTARG} ;; z) ZONE=${OPTARG} ;; *) print_usage ;; esac done update_metadata go-tpm-tools-0.4.7/launcher/image/test/util/read_cloud_logging.sh000066400000000000000000000007431510276467000250610ustar00rootroot00000000000000#!/bin/bash # read_cloud_logging reads the cloud logging of a test VM. It reads the logs for 1 day. # It assumes the PROJECT_ID environment variable is set. # Use var=$(read_cloud_logging ) to capture the output of this command into a variable. read_cloud_logging() { gcloud logging read "resource.type=\"gce_instance\" jsonPayload._HOSTNAME=\"$1\" log_name=\"projects/$PROJECT_ID/logs/confidential-space-launcher\"" \ --format="value(jsonPayload.MESSAGE)" --order asc } go-tpm-tools-0.4.7/launcher/image/test/util/read_serial.sh000077500000000000000000000024401510276467000235230ustar00rootroot00000000000000#!/bin/bash # read_serial attempts to read the serial output until the workload is finished # Use var=$(read_serial ) to capture the output of this command into a variable. read_serial() { local base_cmd='gcloud compute instances get-serial-port-output $1 --zone $2 2>/workspace/next_start.txt' local serial_out=$(eval ${base_cmd}) local last='' # timeout after 10 min timeout="10 minute" endtime=$(date -ud "$timeout" +%s) echo "Reading serial console..." while [ -s /workspace/next_start.txt ]; do if [[ $(date -u +%s) -ge $endtime ]]; then echo "timed out reading serial console, or the workload is running more than ${timeout}" break fi # VM may already exit if grep -qi 'Could not fetch serial port output' /workspace/next_start.txt; then serial_out="$serial_out $1 VM stopped" break fi next=$(cat /workspace/next_start.txt | sed -n 2p | cut -d ' ' -f2) local next_cmd="${base_cmd} ${next}" # sleeping 5s for the next serial console read sleep 5 local tmp=$(eval ${next_cmd}) serial_out="$serial_out $tmp" # break the loop if the workload is finished if echo ${serial_out} | grep -qi "TEE container launcher exiting"; then break fi last=$next done echo $serial_out } go-tpm-tools-0.4.7/launcher/image/testworkloads/000077500000000000000000000000001510276467000216635ustar00rootroot00000000000000go-tpm-tools-0.4.7/launcher/image/testworkloads/allmonitoring/000077500000000000000000000000001510276467000245415ustar00rootroot00000000000000go-tpm-tools-0.4.7/launcher/image/testworkloads/allmonitoring/Dockerfile000066400000000000000000000006261510276467000265370ustar00rootroot00000000000000# From current directory: # GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o main ../basic # gcloud builds submit --tag us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/allmonitoring:latest --project confidential-space-images-dev FROM alpine COPY main / LABEL "tee.launch_policy.hardened_monitoring"="ALL" LABEL "tee.launch_policy.debug_monitoring"="ALL" ENTRYPOINT ["/main"] go-tpm-tools-0.4.7/launcher/image/testworkloads/allmonitoringdebug/000077500000000000000000000000001510276467000255505ustar00rootroot00000000000000go-tpm-tools-0.4.7/launcher/image/testworkloads/allmonitoringdebug/Dockerfile000066400000000000000000000006341510276467000275450ustar00rootroot00000000000000# From current directory: # GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o main ../basic # gcloud builds submit --tag us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/allmonitoringdebug:latest --project confidential-space-images-dev FROM alpine COPY main / LABEL "tee.launch_policy.hardened_monitoring"="NONE" LABEL "tee.launch_policy.debug_monitoring"="ALL" ENTRYPOINT ["/main"] go-tpm-tools-0.4.7/launcher/image/testworkloads/allmonitoringmemoryonly/000077500000000000000000000000001510276467000266745ustar00rootroot00000000000000go-tpm-tools-0.4.7/launcher/image/testworkloads/allmonitoringmemoryonly/Dockerfile000066400000000000000000000006521510276467000306710ustar00rootroot00000000000000# From current directory: # GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o main ../basic # gcloud builds submit --tag us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/allmonitoringmemory:latest --project confidential-space-images-dev FROM alpine COPY main / LABEL "tee.launch_policy.hardened_monitoring"="MEMORYONLY" LABEL "tee.launch_policy.debug_monitoring"="MEMORYONLY" ENTRYPOINT ["/main"] go-tpm-tools-0.4.7/launcher/image/testworkloads/allmonitoringnone/000077500000000000000000000000001510276467000254215ustar00rootroot00000000000000go-tpm-tools-0.4.7/launcher/image/testworkloads/allmonitoringnone/Dockerfile000066400000000000000000000006341510276467000274160ustar00rootroot00000000000000# From current directory: # GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o main ../basic # gcloud builds submit --tag us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/allmonitoringnone:latest --project confidential-space-images-dev FROM alpine COPY main / LABEL "tee.launch_policy.hardened_monitoring"="NONE" LABEL "tee.launch_policy.debug_monitoring"="NONE" ENTRYPOINT ["/main"] go-tpm-tools-0.4.7/launcher/image/testworkloads/basic/000077500000000000000000000000001510276467000227445ustar00rootroot00000000000000go-tpm-tools-0.4.7/launcher/image/testworkloads/basic/Dockerfile000066400000000000000000000007751510276467000247470ustar00rootroot00000000000000# From current directory: # GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o main . # gcloud builds submit --tag us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/basic_test:latest FROM alpine COPY main / ENV env_bar="val_bar" LABEL "tee.launch_policy.allow_env_override"="ALLOWED_OVERRIDE" LABEL "tee.launch_policy.allow_cmd_override"="true" LABEL "tee.launch_policy.log_redirect"="always" ENTRYPOINT ["/main"] # Can be overridden because of the launch policy. CMD ["arg_foo"] go-tpm-tools-0.4.7/launcher/image/testworkloads/basic/main.go000066400000000000000000000017511510276467000242230ustar00rootroot00000000000000// package main is a binary that will print out the MDS vars and check the token. package main import ( "fmt" "os" "github.com/golang-jwt/jwt/v4" ) const tokendir = "/run/container_launcher/attestation_verifier_claims_token" func main() { fmt.Println("Workload running") fmt.Println("Workload args:", os.Args) fmt.Println("Workload env vars:") for _, e := range os.Environ() { fmt.Println(e) } filedata, err := os.ReadFile(tokendir) if err != nil { fmt.Println(err) return } token, _, err := new(jwt.Parser).ParseUnverified(string(filedata), jwt.MapClaims{}) if err != nil { fmt.Println(err) return } claims, ok := token.Claims.(jwt.MapClaims) if !ok { fmt.Println(err) return } fmt.Println("aud: ", claims["aud"]) fmt.Println("iss: ", claims["iss"]) fmt.Println("secboot: ", claims["secboot"]) fmt.Println("oemid: ", claims["oemid"]) fmt.Println("hwmodel: ", claims["hwmodel"]) fmt.Println("swname: ", claims["swname"]) fmt.Println("Token looks okay") } go-tpm-tools-0.4.7/launcher/image/testworkloads/customtoken/000077500000000000000000000000001510276467000242365ustar00rootroot00000000000000go-tpm-tools-0.4.7/launcher/image/testworkloads/customtoken/happypath/000077500000000000000000000000001510276467000262345ustar00rootroot00000000000000go-tpm-tools-0.4.7/launcher/image/testworkloads/customtoken/happypath/Dockerfile000066400000000000000000000030551510276467000302310ustar00rootroot00000000000000# If updated the workload source code or this Dockerfile, need to rebuild the image and regenerate the signature # From current directory: # GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o main . # gcloud builds submit --tag us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/ipc/happypath:latest # # Record the image digest generated by this command # # Updating the container signature # # # Install cosign # go install github.com/sigstore/cosign/v2/cmd/cosign@latest # # Designate the sig repo # export COSIGN_REPOSITORY=us-docker.pkg.dev/confidential-space-images-dev/cs-cosign-tests/oda # # # Since we don't verify the signature in the test, you can just generate your own key # cosign generate-key-pair # cosign public-key --key cosign.key > pub.pem # PUB=$(cat pub.pem | openssl base64) # PUB=$(echo $PUB | tr -d '[:space:]' | sed 's/[=]*$//') # # Sign the container, is from the gcloud builds submit command above # cosign sign --key cosign.key us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/ipc/happypath@sha256: -a dev.cosignproject.cosign/sigalg=ECDSA_P256_SHA256 -a dev.cosignproject.cosign/pub=$PUB # # Once finished, refering to pr#415 to on how to update the signature and image FROM alpine COPY main / ENV env_bar="val_bar" LABEL "tee.launch_policy.allow_env_override"="ALLOWED_OVERRIDE" LABEL "tee.launch_policy.allow_cmd_override"="true" LABEL "tee.launch_policy.log_redirect"="always" ENTRYPOINT ["/main"] # Can be overridden because of the launch policy. CMD ["arg_foo"] go-tpm-tools-0.4.7/launcher/image/testworkloads/customtoken/happypath/main.go000066400000000000000000000075761510276467000275260ustar00rootroot00000000000000// package main is a binary that will print out the validation status of a custom attestation token. package main import ( "context" "encoding/json" "errors" "fmt" "io" "net" "net/http" "strings" "time" "github.com/golang-jwt/jwt/v4" "github.com/google/go-tpm-tools/verifier/fake" ) const ( socketPath = "/run/container_launcher/teeserver.sock" ) func getCustomTokenBytes(body string) ([]byte, error) { httpClient := http.Client{ Transport: &http.Transport{ // Set the DialContext field to a function that creates // a new network connection to a Unix domain socket DialContext: func(_ context.Context, _, _ string) (net.Conn, error) { return net.Dial("unix", socketPath) }, }, } // Get the token from the IPC endpoint url := "http://localhost/v1/token" resp, err := httpClient.Post(url, "application/json", strings.NewReader(body)) if err != nil { return nil, fmt.Errorf("failed to get raw custom token response: %w", err) } tokenbytes, err := io.ReadAll(resp.Body) if err != nil { return nil, fmt.Errorf("failed to read custom token body: %w", err) } resp.Body.Close() return tokenbytes, nil } func decodeAndValidateToken(tokenBytes []byte, keyFunc func(t *jwt.Token) (any, error)) (*jwt.Token, error) { var err error unverifiedClaims := &jwt.RegisteredClaims{} _, _, err = jwt.NewParser().ParseUnverified(string(tokenBytes), unverifiedClaims) if err != nil { return nil, fmt.Errorf("failed to parse claims: %v", err) } now := time.Now() // Add one second for buffer. nbf := unverifiedClaims.NotBefore.Time.Add(time.Second) diff := nbf.Sub(now) ten := 10 * time.Second // Sleep until nbf is valid or max 10 seconds. if diff > 0 { if diff < ten { time.Sleep(diff) } else { time.Sleep(ten) } } token, err := jwt.NewParser().Parse(string(tokenBytes), keyFunc) fmt.Printf("Token valid: %v", token.Valid) if token.Valid { return token, nil } if ve, ok := err.(*jwt.ValidationError); ok { if ve.Errors&jwt.ValidationErrorMalformed != 0 { return nil, fmt.Errorf("token format invalid. Please contact the Confidential Space team for assistance") } if ve.Errors&(jwt.ValidationErrorNotValidYet) != 0 { // If device time is not synchronized with the Attestation Service you may need to account for that here. return nil, errors.New("token is not active yet") } if ve.Errors&(jwt.ValidationErrorExpired) != 0 { return nil, fmt.Errorf("token is expired") } return nil, fmt.Errorf("unknown validation error: %v", err) } return nil, fmt.Errorf("couldn't handle this token or couldn't read a validation error: %v", err) } func getTestRSAPublicKey(token *jwt.Token) (any, error) { // Verify the signing method if _, ok := token.Method.(*jwt.SigningMethodRSA); !ok { return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"]) } return fake.TestPublicKey(), nil } func main() { // Format token request body := `{ "audience": "", "nonces": ["thisIsAcustomNonce", "thisIsAMuchLongerCustomNonceWithPaddingFor74Bytes0000000000000000000000000"], "token_type": "OIDC" }` // The following code could be run in a Confidential Space workload container to generate a // custom attestation intended to be sent to a remote party for verification. tokenbytes, err := getCustomTokenBytes(body) if err != nil { fmt.Println(err) return } // Method to return a public key used for testing keyFunc := getTestRSAPublicKey // The following code could be run by a remote party (not necessarily in a // Confidential Space workload) in order to verify properties of the original // Confidential Space workload that generated the attestation. token, err := decodeAndValidateToken(tokenbytes, keyFunc) if err != nil { fmt.Println(err) return } claimsString, err := json.MarshalIndent(token.Claims, "", " ") if err != nil { fmt.Println(err) return } fmt.Println(string(claimsString)) } go-tpm-tools-0.4.7/launcher/image/testworkloads/launchpolicycmd/000077500000000000000000000000001510276467000250415ustar00rootroot00000000000000go-tpm-tools-0.4.7/launcher/image/testworkloads/launchpolicycmd/Dockerfile000066400000000000000000000006131510276467000270330ustar00rootroot00000000000000# From current directory: # GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o main ../basic # gcloud builds submit --tag us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/launchpolicycmd:latest --project confidential-space-images-dev FROM alpine COPY main / ENV env_bar="val_bar" LABEL "tee.launch_policy.log_redirect"="always" ENTRYPOINT ["/main"] CMD ["arg_foo"] go-tpm-tools-0.4.7/launcher/image/testworkloads/launchpolicylogdebug/000077500000000000000000000000001510276467000260665ustar00rootroot00000000000000go-tpm-tools-0.4.7/launcher/image/testworkloads/launchpolicylogdebug/Dockerfile000066400000000000000000000006171510276467000300640ustar00rootroot00000000000000# From current directory: # GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o main ../basic # gcloud builds submit --tag us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/launchpolicylogdebug:latest --project confidential-space-images-dev FROM alpine COPY main / ENV env_bar="val_bar" LABEL "tee.launch_policy.log_redirect"="never" ENTRYPOINT ["/main"] CMD ["arg_foo"] go-tpm-tools-0.4.7/launcher/image/testworkloads/launchpolicylognever/000077500000000000000000000000001510276467000261175ustar00rootroot00000000000000go-tpm-tools-0.4.7/launcher/image/testworkloads/launchpolicylognever/Dockerfile000066400000000000000000000006171510276467000301150ustar00rootroot00000000000000# From current directory: # GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o main ../basic # gcloud builds submit --tag us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/launchpolicylognever:latest --project confidential-space-images-dev FROM alpine COPY main / ENV env_bar="val_bar" LABEL "tee.launch_policy.log_redirect"="never" ENTRYPOINT ["/main"] CMD ["arg_foo"] go-tpm-tools-0.4.7/launcher/image/testworkloads/memorymonitoring/000077500000000000000000000000001510276467000253015ustar00rootroot00000000000000go-tpm-tools-0.4.7/launcher/image/testworkloads/memorymonitoring/Dockerfile000066400000000000000000000006271510276467000273000ustar00rootroot00000000000000# From current directory: # GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o main ../basic # gcloud builds submit --tag us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/memorymonitoring:latest --project confidential-space-images-dev FROM alpine COPY main / ENV env_bar="val_bar" LABEL "tee.launch_policy.monitoring_memory_allow"="always" ENTRYPOINT ["/main"] CMD ["arg_foo"] go-tpm-tools-0.4.7/launcher/image/testworkloads/memorymonitoringdebug/000077500000000000000000000000001510276467000263105ustar00rootroot00000000000000go-tpm-tools-0.4.7/launcher/image/testworkloads/memorymonitoringdebug/Dockerfile000066400000000000000000000006371510276467000303100ustar00rootroot00000000000000# From current directory: # GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o main ../basic # gcloud builds submit --tag us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/memorymonitoringdebug:latest --project confidential-space-images-dev FROM alpine COPY main / ENV env_bar="val_bar" LABEL "tee.launch_policy.monitoring_memory_allow"="debugonly" ENTRYPOINT ["/main"] CMD ["arg_foo"] go-tpm-tools-0.4.7/launcher/image/testworkloads/memorymonitoringnever/000077500000000000000000000000001510276467000263415ustar00rootroot00000000000000go-tpm-tools-0.4.7/launcher/image/testworkloads/memorymonitoringnever/Dockerfile000066400000000000000000000006331510276467000303350ustar00rootroot00000000000000# From current directory: # GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o main ../basic # gcloud builds submit --tag us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/memorymonitoringnever:latest --project confidential-space-images-dev FROM alpine COPY main / ENV env_bar="val_bar" LABEL "tee.launch_policy.monitoring_memory_allow"="never" ENTRYPOINT ["/main"] CMD ["arg_foo"] go-tpm-tools-0.4.7/launcher/image/testworkloads/mounts/000077500000000000000000000000001510276467000232105ustar00rootroot00000000000000go-tpm-tools-0.4.7/launcher/image/testworkloads/mounts/Dockerfile000066400000000000000000000005341510276467000252040ustar00rootroot00000000000000# From current directory: # gcloud builds submit --tag us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/mounts_workload:latest FROM alpine COPY print_mounts.sh / LABEL "tee.launch_policy.log_redirect"="always" LABEL "tee.launch_policy.allow_mount_destinations"="/run/tmp:/var/tmp:/tmp" ENTRYPOINT ["/print_mounts.sh"] go-tpm-tools-0.4.7/launcher/image/testworkloads/mounts/print_mounts.sh000077500000000000000000000000601510276467000263040ustar00rootroot00000000000000#!/bin/sh df -h df ls -lathr / ls -lathr /tmp go-tpm-tools-0.4.7/launcher/image/testworkloads/privileged/000077500000000000000000000000001510276467000240155ustar00rootroot00000000000000go-tpm-tools-0.4.7/launcher/image/testworkloads/privileged/Dockerfile000066400000000000000000000012001510276467000260000ustar00rootroot00000000000000# From current directory: # gcloud builds submit --tag us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/privileged:latest --project confidential-space-images-dev FROM alpine RUN apk update RUN apk add libcap LABEL "tee.launch_policy.log_redirect"="always" LABEL "tee.launch_policy.allow_capabilities"="true" LABEL "tee.launch_policy.allow_cgroups"="true" # Get capabilities for PID 1. # Run the 'ls' command on /sys/fs/cgroup and attempt to create a new cgroup. ENTRYPOINT ["sh", "-c", "getpcaps 1 && ls -la /sys/fs/cgroup && cd /sys/fs/cgroup && mkdir -p cpu/testgroup && mkdir -p memory/testgroup && ls cpu"] go-tpm-tools-0.4.7/launcher/internal/000077500000000000000000000000001510276467000175105ustar00rootroot00000000000000go-tpm-tools-0.4.7/launcher/internal/experiments/000077500000000000000000000000001510276467000220535ustar00rootroot00000000000000go-tpm-tools-0.4.7/launcher/internal/experiments/experiments.go000066400000000000000000000025751510276467000247560ustar00rootroot00000000000000// Package experiments contains functionalities to retrieve synced experiments package experiments import ( "encoding/json" "fmt" "os" ) // Experiments contains the experiments flags this version of the launcher expects to receive. // Failure to unmarshal the experiment JSON data will result in an empty object being returned // to treat experiment flags as their default value. The error should still be checked. type Experiments struct { EnableTestFeatureForImage bool EnableHealthMonitoring bool EnableItaVerifier bool EnableVerifyCS bool } // New takes a filepath, opens the file, and calls ReadJsonInput with the contents // of the file. // If the file cannot be opened, the experiments map is set to an empty map. func New(fpath string) (Experiments, error) { f, err := os.ReadFile(fpath) if err != nil { // Return default values on failure. return Experiments{}, err } r, err := readJSONInput(f) return r, err } // ReadJSONInput takes a reader and unmarshals the contents into the experiments map. // If the unmarsahlling fails, the experiments map is set to an empty map. func readJSONInput(b []byte) (Experiments, error) { var experiments Experiments if err := json.Unmarshal(b, &experiments); err != nil { // Return default values on failure. return Experiments{}, fmt.Errorf("failed to unmarshal json: %w", err) } return experiments, nil } go-tpm-tools-0.4.7/launcher/internal/experiments/experiments_test.go000066400000000000000000000027071510276467000260120ustar00rootroot00000000000000package experiments import ( "testing" "github.com/google/go-cmp/cmp" ) func TestExperiments(t *testing.T) { tests := []struct { input string expectedExps Experiments }{ { input: "{\"EnableTestFeatureForImage\":true,\"EnableItaVerifier\":true}", expectedExps: Experiments{ EnableTestFeatureForImage: true, EnableItaVerifier: true, }, }, { input: "{\"EnableTestFeatureForImage\":true,\"EnableSignedContainerImage\":true,\"EnableItaVerifier\":true,\"FloatFeature\":-5.6,\"OtherTestFeatureForImage\":false,\"EnableVerifyCS\":true}", expectedExps: Experiments{ EnableTestFeatureForImage: true, EnableItaVerifier: true, EnableVerifyCS: true, }, }, } for i, test := range tests { e, err := readJSONInput([]byte(test.input)) if err != nil { t.Fatalf("testcase %d: failed to create experiments object: %v", i, err) } if !cmp.Equal(e, test.expectedExps) { t.Errorf("testcase %d: unexpected experiments returned: got %v, want %v", i, e, test.expectedExps) } } } func TestExperimentsBadJson(t *testing.T) { tests := []struct { input string }{ {input: "{\"EnableTestFeatureForImage\":true,\"EnableSignedContainerImage\":true"}, {input: "{}"}, {input: ""}, } for i, test := range tests { e, _ := readJSONInput([]byte(test.input)) if e.EnableTestFeatureForImage { t.Errorf("testcase %d: expected EnableTestFeatureForImage to be false, got true", i) } } } go-tpm-tools-0.4.7/launcher/internal/healthmonitoring/000077500000000000000000000000001510276467000230635ustar00rootroot00000000000000go-tpm-tools-0.4.7/launcher/internal/healthmonitoring/nodeproblemdetector/000077500000000000000000000000001510276467000271235ustar00rootroot00000000000000go-tpm-tools-0.4.7/launcher/internal/healthmonitoring/nodeproblemdetector/systemstats_config.go000066400000000000000000000105661510276467000334120ustar00rootroot00000000000000// Package nodeproblemdetector provides configurations for node-problem-detector.service. package nodeproblemdetector import ( "encoding/json" "fmt" "os" "time" "github.com/google/go-tpm-tools/launcher/internal/logging" "github.com/google/go-tpm-tools/launcher/internal/systemctl" ) var systemStatsFilePath = "/etc/node_problem_detector/system-stats-monitor.json" var defaultInvokeIntervalString = (60 * time.Second).String() type metricConfig struct { DisplayName string `json:"displayName"` } type statsConfig struct { MetricsConfigs map[string]metricConfig `json:"metricsConfigs"` } type diskConfig struct { IncludeAllAttachedBlk bool `json:"includeAllAttachedBlk"` IncludeRootBlk bool `json:"includeRootBlk"` LsblkTimeout string `json:"lsblkTimeout"` MetricsConfigs *statsConfig `json:"metricsConfigs"` } // SystemStatsConfig contains configurations for `System Stats Monitor`, // a problem daemon in node-problem-detector that collects pre-defined health-related metrics from different system components. // View the comprehensive configuration details on https://github.com/kubernetes/node-problem-detector/tree/master/pkg/systemstatsmonitor#detailed-configuration-options type SystemStatsConfig struct { CPU *statsConfig `json:"cpu,omitempty"` Disk *diskConfig `json:"disk,omitempty"` Host *statsConfig `json:"host,omitempty"` Memory *statsConfig `json:"memory,omitempty"` InvokeInterval string `json:"invokeInterval,omitempty"` } // NewSystemStatsConfig returns a new SystemStatsConfig struct with default configurations. func NewSystemStatsConfig() SystemStatsConfig { return SystemStatsConfig{ Memory: &statsConfig{MetricsConfigs: map[string]metricConfig{}}, InvokeInterval: defaultInvokeIntervalString, } } var allConfig = &SystemStatsConfig{ CPU: &statsConfig{map[string]metricConfig{ "cpu/usage_time": {"cpu/usage_time"}, "cpu/load_1m": {"cpu/load_1m"}, }}, Disk: &diskConfig{ true, true, "5s", &statsConfig{map[string]metricConfig{ "disk/avg_queue_len": {"disk/avg_queue_len"}, "disk/bytes_used": {"disk/bytes_used"}, "disk/percent_used": {"disk/percent_used"}, "disk/io_time": {"disk/io_time"}, "disk/merged_operation_count": {"disk/merged_operation_count"}, "disk/operation_bytes_count": {"disk/operation_bytes_count"}, "disk/operation_count": {"disk/operation_count"}, "disk/operation_time": {"disk/operation_time"}, "disk/weighted_io": {"disk/weighted_io"}, }}, }, Host: &statsConfig{map[string]metricConfig{ "host/uptime": {"host/uptime"}, }}, Memory: &statsConfig{map[string]metricConfig{ "memory/anonymous_used": {"memory/anonymous_used"}, "memory/bytes_used": {"memory/bytes_used"}, "memory/dirty_used": {"memory/dirty_used"}, "memory/page_cache_used": {"memory/page_cache_used"}, "memory/percent_used": {"memory/percent_used"}, }}, InvokeInterval: defaultInvokeIntervalString, } // EnableAllConfig overwrites system stats config with health monitoring config. func EnableAllConfig() error { return allConfig.WriteFile(systemStatsFilePath) } // EnableMemoryBytesUsed enables "memory/bytes_used" for memory monitoring. func (ssc *SystemStatsConfig) EnableMemoryBytesUsed() { ssc.Memory.MetricsConfigs["memory/bytes_used"] = metricConfig{DisplayName: "memory/bytes_used"} } // WithInvokeInterval overrides the default invokeInterval. func (ssc *SystemStatsConfig) WithInvokeInterval(interval time.Duration) { ssc.InvokeInterval = interval.String() } // WriteFile writes systemStatsConfig data to the named file, creating it if necessary. func (ssc *SystemStatsConfig) WriteFile(path string) error { bytes, err := json.Marshal(ssc) if err != nil { return fmt.Errorf("failed to marshal struct [%v]: %w", ssc, err) } return os.WriteFile(path, bytes, 0644) } // StartService starts Node Problem Detector. func StartService(logger logging.Logger) error { s, err := systemctl.New() if err != nil { return fmt.Errorf("failed to create systemctl client: %v", err) } defer s.Close() logger.Info("Starting node-problem-detector.service") if err := s.Start("node-problem-detector.service"); err != nil { return fmt.Errorf("failed to start node-problem-detector.service") } logger.Info("node-problem-detector.service successfully started") return nil } go-tpm-tools-0.4.7/launcher/internal/healthmonitoring/nodeproblemdetector/systemstats_config_test.go000066400000000000000000000045451510276467000344510ustar00rootroot00000000000000package nodeproblemdetector import ( "bytes" "encoding/json" "io" "os" "path" "testing" "time" "github.com/google/go-cmp/cmp" ) func TestEnableHealthMonitoringConfig(t *testing.T) { tmpDir := t.TempDir() systemStatsFilePath = path.Join(tmpDir, "system-stats-monitor.json") wantBytes, err := json.Marshal(allConfig) if err != nil { t.Fatalf("Error marshaling expected config: %v", err) } EnableAllConfig() file, err := os.OpenFile(systemStatsFilePath, os.O_RDONLY, 0) if err != nil { t.Fatalf("failed to open file %s: %v", systemStatsFilePath, err) } gotBytes, err := io.ReadAll(file) if err != nil { t.Fatalf("failed to read from file %s: %v", systemStatsFilePath, err) } if !bytes.Equal(gotBytes, wantBytes) { t.Errorf("WriteFile() did not write expected contents, got %s, want %s", gotBytes, wantBytes) } } func TestEnableMemoryBytesUsed(t *testing.T) { got := NewSystemStatsConfig() got.EnableMemoryBytesUsed() want := SystemStatsConfig{ Memory: &statsConfig{ MetricsConfigs: map[string]metricConfig{ "memory/bytes_used": {DisplayName: "memory/bytes_used"}, }, }, InvokeInterval: defaultInvokeIntervalString, } if !cmp.Equal(got, want) { t.Errorf("EnableMemoryBytesUsed() failed, got: %v, want: %v", got, want) } } func TestWithInvokeInterval(t *testing.T) { got := SystemStatsConfig{} got.WithInvokeInterval(2 * time.Second) want := SystemStatsConfig{InvokeInterval: (2 * time.Second).String()} if !cmp.Equal(got, want) { t.Errorf("WithInvokeInterval() failed, got: %v, want: %v", got, want) } } func TestWriteFile(t *testing.T) { tmpDir := t.TempDir() tmpConfigFile := path.Join(tmpDir, "system-stats-monitor.json") config := NewSystemStatsConfig() config.EnableMemoryBytesUsed() if err := config.WriteFile(tmpConfigFile); err != nil { t.Fatalf("WriteFile() failed: %v", err) } file, err := os.OpenFile(tmpConfigFile, os.O_RDONLY, 0) if err != nil { t.Fatalf("failed to open file %s: %v", tmpConfigFile, err) } gotBytes, err := io.ReadAll(file) if err != nil { t.Fatalf("failed to read from file %s: %v", tmpConfigFile, err) } wantBytes := []byte(`{"memory":{"metricsConfigs":{"memory/bytes_used":{"displayName":"memory/bytes_used"}}},"invokeInterval":"1m0s"}`) if !bytes.Equal(gotBytes, wantBytes) { t.Errorf("WriteFile() did not write expected contents, got %s, want %s", gotBytes, wantBytes) } } go-tpm-tools-0.4.7/launcher/internal/launchermount/000077500000000000000000000000001510276467000223745ustar00rootroot00000000000000go-tpm-tools-0.4.7/launcher/internal/launchermount/mount.go000066400000000000000000000017671510276467000241000ustar00rootroot00000000000000// Package launchermount defines mount types for the launcher workload. package launchermount import "github.com/opencontainers/runtime-spec/specs-go" // Key-value constants for mount configurations. // Keys are used to specify the specific mount configuration. // For example, TypeKey is used to specify the type of mount. // Consts not suffixed with Key are constant values for given mount configs. const ( TypeKey = "type" SourceKey = "source" DestinationKey = "destination" SizeKey = "size" TypeTmpfs = "tmpfs" ) var ( // AllMountKeys are all possible mount configuration key names. AllMountKeys = []string{TypeKey, SourceKey, DestinationKey, SizeKey} ) // Mount is the interface to implement for a new container launcher mount type. type Mount interface { // SpecsMount converts the Mount type to an OCI spec Mount. SpecsMount() specs.Mount // The absolute path mount point for this mount in the container. // Stored as Destination in specs.Mount. Mountpoint() string } go-tpm-tools-0.4.7/launcher/internal/launchermount/tmpfs.go000066400000000000000000000047011510276467000240560ustar00rootroot00000000000000package launchermount import ( "errors" "fmt" "path/filepath" "strconv" "github.com/opencontainers/runtime-spec/specs-go" ) var errTmpfsMustHaveDest = errors.New("mount type \"tmpfs\" must have destination specified") // TmpfsMount creates a launcher mount type backed by tmpfs, with an optional // size. If size is not specified, it is 50% of memory. // Example input: `type=tmpfs,source=tmpfs,destination=/tmpmount` // `type=tmpfs,source=tmpfs,destination=/sizedtmpmount,size=123345` type TmpfsMount struct { // If the path is relative, it will be interpreted as relative to "/". Destination string // Size in bytes. No support for k, m, g suffixes. Size uint64 } // CreateTmpfsMount takes a map of tmpfs options, with keys defined in the spec package. // Typically, this is called when creating a LaunchSpec and should not be used // in other settings. func CreateTmpfsMount(mountMap map[string]string) (TmpfsMount, error) { if val := mountMap[TypeKey]; val != TypeTmpfs { return TmpfsMount{}, fmt.Errorf("received wrong mount type %v, expected %v", val, TypeTmpfs) } delete(mountMap, TypeKey) if val := mountMap[SourceKey]; val != TypeTmpfs { return TmpfsMount{}, fmt.Errorf("received wrong mount source %v, expected %v", val, TypeTmpfs) } delete(mountMap, SourceKey) dst := mountMap[DestinationKey] if dst == "" { return TmpfsMount{}, errTmpfsMustHaveDest } if !filepath.IsAbs(dst) { dst = filepath.Join("/", dst) } delete(mountMap, DestinationKey) mnt := TmpfsMount{Destination: dst} szStr, ok := mountMap[SizeKey] if ok { sz, err := strconv.ParseUint(szStr, 10, 64) if err != nil { return TmpfsMount{}, fmt.Errorf("failed to convert size option \"%v\" to uint64: %v", szStr, err) } mnt.Size = sz delete(mountMap, SizeKey) } if len(mountMap) != 0 { return TmpfsMount{}, fmt.Errorf("received unknown mount options for tmpfs mount: %+v", mountMap) } return mnt, nil } // SpecsMount returns the OCI runtime spec Mount for the given TmpfsMount. func (tm TmpfsMount) SpecsMount() specs.Mount { specsMnt := specs.Mount{Type: TypeTmpfs, Source: TypeTmpfs, Destination: tm.Destination, Options: []string{"nosuid", "noexec", "nodev"}} if tm.Size != 0 { specsMnt.Options = append(specsMnt.Options, fmt.Sprintf("size=%s", strconv.FormatUint(tm.Size, 10))) } return specsMnt } // Mountpoint gives the place in the container where the tmpfs is mounted. func (tm TmpfsMount) Mountpoint() string { return tm.Destination } go-tpm-tools-0.4.7/launcher/internal/launchermount/tmpfs_test.go000066400000000000000000000134371510276467000251230ustar00rootroot00000000000000package launchermount import ( "regexp" "testing" "github.com/google/go-cmp/cmp" "github.com/opencontainers/runtime-spec/specs-go" ) func TestCreateTmpfsMountAndSpecsMount(t *testing.T) { var testCases = []struct { testName string mountMap map[string]string expectedTmpfs TmpfsMount expectedSpecsMount specs.Mount }{ { "Basic Tmpfs Mount", map[string]string{ "type": "tmpfs", "source": "tmpfs", "destination": "/d", }, TmpfsMount{Destination: "/d"}, specs.Mount{Type: TypeTmpfs, Source: TypeTmpfs, Destination: "/d", Options: []string{"nosuid", "noexec", "nodev"}, }, }, { "Tmpfs Mount with Size", map[string]string{ "type": "tmpfs", "source": "tmpfs", "destination": "/my dest", "size": "21342314", }, TmpfsMount{Destination: "/my dest", Size: 21342314}, specs.Mount{Type: TypeTmpfs, Source: TypeTmpfs, Destination: "/my dest", Options: []string{"nosuid", "noexec", "nodev", "size=21342314"}, }, }, { "Tmpfs Mount with Relative Dst", map[string]string{ "type": "tmpfs", "source": "tmpfs", "destination": "my dest", "size": "21342314", }, TmpfsMount{Destination: "/my dest", Size: 21342314}, specs.Mount{Type: TypeTmpfs, Source: TypeTmpfs, Destination: "/my dest", Options: []string{"nosuid", "noexec", "nodev", "size=21342314"}, }, }, { "Tmpfs Mount with Relative Dst More Complex Filepath", map[string]string{ "type": "tmpfs", "source": "tmpfs", "destination": "grandparent dir/parentDir/my dest", }, TmpfsMount{Destination: "/grandparent dir/parentDir/my dest"}, specs.Mount{Type: TypeTmpfs, Source: TypeTmpfs, Destination: "/grandparent dir/parentDir/my dest", Options: []string{"nosuid", "noexec", "nodev"}, }, }, { "Tmpfs Mount with Dst Internal Rel Parent", map[string]string{ "type": "tmpfs", "source": "tmpfs", "destination": "grandparent dir/parentDir/../../my dest", }, TmpfsMount{Destination: "/my dest"}, specs.Mount{Type: TypeTmpfs, Source: TypeTmpfs, Destination: "/my dest", Options: []string{"nosuid", "noexec", "nodev"}, }, }, { "Tmpfs Mount with Relative Dst Internal Cwd", map[string]string{ "type": "tmpfs", "source": "tmpfs", "destination": "grandparent dir/parentDir/.././my dest", }, TmpfsMount{Destination: "/grandparent dir/my dest"}, specs.Mount{Type: TypeTmpfs, Source: TypeTmpfs, Destination: "/grandparent dir/my dest", Options: []string{"nosuid", "noexec", "nodev"}, }, }, { "Tmpfs Mount with Malformed Relative Dst", map[string]string{ "type": "tmpfs", "source": "tmpfs", "destination": "grandparent dir/parentDir/.../.../my dest", }, TmpfsMount{Destination: "/grandparent dir/parentDir/.../.../my dest"}, specs.Mount{Type: TypeTmpfs, Source: TypeTmpfs, Destination: "/grandparent dir/parentDir/.../.../my dest", Options: []string{"nosuid", "noexec", "nodev"}, }, }, { "Tmpfs Mount with Parent Relative Dst", map[string]string{ "type": "tmpfs", "source": "tmpfs", "destination": "../my dest", }, TmpfsMount{Destination: "/my dest"}, specs.Mount{Type: TypeTmpfs, Source: TypeTmpfs, Destination: "/my dest", Options: []string{"nosuid", "noexec", "nodev"}, }, }, { "Tmpfs Mount with Grandparent Relative Dst", map[string]string{ "type": "tmpfs", "source": "tmpfs", "destination": "../../my dest", }, TmpfsMount{Destination: "/my dest"}, specs.Mount{Type: TypeTmpfs, Source: TypeTmpfs, Destination: "/my dest", Options: []string{"nosuid", "noexec", "nodev"}, }, }, } for _, testcase := range testCases { t.Run(testcase.testName, func(t *testing.T) { mnt, err := CreateTmpfsMount(testcase.mountMap) if err != nil { t.Errorf("got non-nil error %v, want nil error", err) } if diff := cmp.Diff(mnt, testcase.expectedTmpfs); diff != "" { t.Errorf("got %v, want %v:\ndiff: %v", mnt, testcase.expectedTmpfs, diff) } spMnt := mnt.SpecsMount() if diff := cmp.Diff(spMnt, testcase.expectedSpecsMount); diff != "" { t.Errorf("got %v, want %v:\ndiff: %v", spMnt, testcase.expectedSpecsMount, diff) } }) } } func TestCreateTmpfsMountFail(t *testing.T) { var testCases = []struct { testName string mountMap map[string]string wantErr string }{ { "Bad Mount Type", map[string]string{ "type": "tfs", }, "received wrong mount type", }, { "Bad Mount Src", map[string]string{ "type": "tmpfs", "source": "tfffffs", }, "received wrong mount source", }, { "No Dest", map[string]string{ "type": "tmpfs", "source": "tmpfs", }, errTmpfsMustHaveDest.Error(), }, { "Bad Size", map[string]string{ "type": "tmpfs", "source": "tmpfs", "destination": "dst", "size": "notanum", }, "failed to convert size option", }, { "Unknown Opts", map[string]string{ "type": "tmpfs", "source": "tmpfs", "destination": "dst", "size": "111", "rw": "true", }, "received unknown mount options for tmpfs mount", }, } for _, testcase := range testCases { t.Run(testcase.testName, func(t *testing.T) { if _, err := CreateTmpfsMount(testcase.mountMap); err == nil { t.Errorf("got nil error, want non-nil error \"%v\"", testcase.wantErr) } else { if match, _ := regexp.MatchString(testcase.wantErr, err.Error()); !match { t.Errorf("got error \"%v\", but expected \"%v\"", err, testcase.wantErr) } } }) } } go-tpm-tools-0.4.7/launcher/internal/logging/000077500000000000000000000000001510276467000211365ustar00rootroot00000000000000go-tpm-tools-0.4.7/launcher/internal/logging/logging.go000066400000000000000000000140051510276467000231130ustar00rootroot00000000000000// Package logging implements a logger to be used in the client. // Logs to both Cloud Logging and the serial console. package logging import ( "context" "fmt" "log/slog" "os" "cloud.google.com/go/compute/metadata" clogging "cloud.google.com/go/logging" mrpb "google.golang.org/genproto/googleapis/api/monitoredres" ) const ( logName = "confidential-space-launcher" serialConsoleFile = "/dev/console" payloadMessageKey = "MESSAGE" payloadInstanceNameKey = "_HOSTNAME" ) // Logger defines the interface for the CS image logger. type Logger interface { Log(severity clogging.Severity, msg string, args ...any) Info(msg string, args ...any) Warn(msg string, args ...any) Error(msg string, args ...any) SerialConsoleFile() *os.File Close() } type cLogger interface { Log(clogging.Entry) Flush() error } type logger struct { cloudLogger cLogger serialLogger *slog.Logger resource *mrpb.MonitoredResource instanceName string cloudClient *clogging.Client serialConsoleFile *os.File } type payload map[string]any // NewLogger returns a Logger with Cloud and Serial Console logging configured. func NewLogger(ctx context.Context) (Logger, error) { // Retrieve monitored resource information. mdsClient := metadata.NewClient(nil) projectID, err := mdsClient.ProjectIDWithContext(ctx) if err != nil { return nil, err } instanceID, err := mdsClient.InstanceIDWithContext(ctx) if err != nil { return nil, err } instanceName, err := mdsClient.InstanceNameWithContext(ctx) if err != nil { return nil, err } zone, err := mdsClient.ZoneWithContext(ctx) if err != nil { return nil, err } // Configure Cloud Logging client/logger. cloggingClient, err := clogging.NewClient(ctx, projectID) if err != nil { return nil, err } // Configure Serial Console logger. serialConsole, err := os.OpenFile(serialConsoleFile, os.O_WRONLY, 0) if err != nil { return nil, fmt.Errorf("failed to open serial console for writing: %v", err) } slg := slog.New(slog.NewTextHandler(serialConsole, nil)) slg.Info("Serial Console logger initialized") // This is necessary for DEBUG logs to propagate properly. slog.SetDefault(slg) return &logger{ cloudLogger: cloggingClient.Logger(logName), serialLogger: slg, resource: &mrpb.MonitoredResource{ Type: "gce_instance", Labels: map[string]string{ "project_id": projectID, "instance_id": instanceID, "zone": zone, }, }, instanceName: instanceName, cloudClient: cloggingClient, serialConsoleFile: serialConsole, }, err } func (l *logger) SerialConsoleFile() *os.File { return l.serialConsoleFile } func (l *logger) Close() { if l.cloudClient != nil { l.cloudClient.Close() } if l.serialConsoleFile != nil { l.serialConsoleFile.Close() } } // Given a list of args, recursively converts it to a payload. // Assumes alternating keys and values (mirroring slog's behavior). func addArgs(pl payload, args []any) { // Base case - if args is empty. if len(args) == 0 { return } // Base case - if args has one element. if len(args) == 1 { // If the arg is a valid key, add with empty value. key, ok := args[0].(string) if ok { pl[key] = "" } return } key, ok := args[0].(string) if ok { // If key is a valid string, add pair to payload. Otherwise, the pair is skipped. pl[key] = args[1] } // Recurse with remaining args. addArgs(pl, args[2:]) } func (l *logger) writeLog(severity clogging.Severity, msg string, args ...any) { // Write cloud log. logEntry := clogging.Entry{ Severity: severity, Resource: l.resource, } pl := payload{} addArgs(pl, args) if len(msg) > 0 { pl[payloadMessageKey] = msg } if len(l.instanceName) > 0 { // Needed for backwards compatibility with Cloudbuild tests. pl[payloadInstanceNameKey] = l.instanceName } logEntry.Payload = pl l.cloudLogger.Log(logEntry) if err := l.cloudLogger.Flush(); err != nil { l.serialLogger.Error(fmt.Sprintf("cloud.Logger.Flush returned error: %v", err)) } // Write to serial console. switch severity { case clogging.Info, clogging.Notice, clogging.Debug: l.serialLogger.Info(msg, args...) case clogging.Warning: l.serialLogger.Warn(msg, args...) case clogging.Error, clogging.Critical, clogging.Alert, clogging.Emergency: l.serialLogger.Error(msg, args...) default: slog.Debug(msg, args...) } } // Log logs msg and args with the provided severity. func (l *logger) Log(severity clogging.Severity, msg string, args ...any) { l.writeLog(severity, msg, args...) } // Info logs msg and args at 'Info' severity. func (l *logger) Info(msg string, args ...any) { l.writeLog(clogging.Info, msg, args...) } // Warn logs msg and args at 'Warn' severity. func (l *logger) Warn(msg string, args ...any) { l.writeLog(clogging.Warning, msg, args...) } // Error logs msg and args at 'Error' severity. func (l *logger) Error(msg string, args ...any) { l.writeLog(clogging.Error, msg, args...) } // SimpleLogger returns a lightweight implementation that wraps a slog.Default() logger. // Suitable for testing. func SimpleLogger() Logger { return &slogger{slog.Default()} } type slogger struct { slg *slog.Logger } // Log logs msg and args with the provided severity. func (l *slogger) Log(severity clogging.Severity, msg string, args ...any) { level := slog.LevelDebug switch severity { case clogging.Info, clogging.Notice: level = slog.LevelInfo case clogging.Warning: level = slog.LevelWarn case clogging.Error, clogging.Critical, clogging.Alert, clogging.Emergency: level = slog.LevelError } l.slg.Log(context.Background(), level, msg, args...) } // Info logs msg and args at 'Info' severity. func (l *slogger) Info(msg string, args ...any) { l.slg.Info(msg, args...) } // Warn logs msg and args at 'Warn' severity. func (l *slogger) Warn(msg string, args ...any) { l.slg.Warn(msg, args...) } // Error logs msg and args at 'Error' severity. func (l *slogger) Error(msg string, args ...any) { l.slg.Error(msg, args...) } func (l *slogger) SerialConsoleFile() *os.File { return nil } func (l *slogger) Close() {} go-tpm-tools-0.4.7/launcher/internal/logging/logging_test.go000066400000000000000000000153331510276467000241570ustar00rootroot00000000000000package logging import ( "bytes" "errors" "fmt" "log/slog" "reflect" "strings" "testing" clogging "cloud.google.com/go/logging" "github.com/google/go-cmp/cmp" mrpb "google.golang.org/genproto/googleapis/api/monitoredres" ) func toArgs(pl payload) []any { args := []any{} for k, v := range pl { args = append(args, k) args = append(args, v) } return args } func TestAddArgs(t *testing.T) { testcases := []struct { name string args []any expected payload }{ { name: "regular payload", args: []any{"key1", 1, "key2", "two", "key3", false}, expected: payload{ "key1": 1, "key2": "two", "key3": false, }, }, { name: "missing value at end", args: []any{"key1", 1, "key2", "two", "key3"}, expected: payload{ "key1": 1, "key2": "two", "key3": "", }, }, { name: "empty args", args: []any{}, expected: payload{}, }, { name: "incompatible key omitted", args: []any{"key1", 1, 2, "two", "key3", false}, expected: payload{ "key1": 1, "key3": false, }, }, { name: "single arg, valid key", args: []any{"key1"}, expected: payload{ "key1": "", }, }, { name: "single arg, not valid key", args: []any{true}, expected: payload{}, }, } for _, tc := range testcases { t.Run(tc.name, func(t *testing.T) { pl := payload{} addArgs(pl, tc.args) if !reflect.DeepEqual(pl, tc.expected) { t.Errorf("addArgs did not produce expected payload: got %v, want %v", pl, tc.expected) } }) } } // testCLogger implements the cLogger interface. type testCLogger struct { log clogging.Entry } func (c *testCLogger) Log(entry clogging.Entry) { // Cloud Logging sends multiple messages - append everything together for simplicity. c.log = entry } func (c *testCLogger) Flush() error { return nil } // testSLogWriter implements the io.Writer interface. type testSLogWriter struct { log []byte } func (s *testSLogWriter) Write(p []byte) (n int, err error) { s.log = p return 0, nil } func (s *testSLogWriter) checkLogContains(msg string, pl payload) error { if len(s.log) == 0 { return errors.New("serial log is empty") } if !bytes.Contains(s.log, []byte(msg)) { return fmt.Errorf("log did not contain expected message: got %s, want \"%s\"", s.log, msg) } if len(pl) > 0 { strLogs := string(s.log) // Check that each payload value is present in the format key=value. for k, v := range pl { format := "%v=%v" if vStr, ok := v.(string); ok && strings.Contains(vStr, " ") { format = "%v=\"%v\"" } expectedStr := fmt.Sprintf(format, k, v) if !strings.Contains(strLogs, expectedStr) { return fmt.Errorf("logs expected to contain \"%s\", got \"%s\"", expectedStr, strLogs) } } } return nil } func (s *testSLogWriter) checkLogLevel(level slog.Level) error { expected := "level=" + level.String() if !strings.Contains(string(s.log), expected) { return fmt.Errorf("log did not contain expected level %v: %v", expected, string(s.log)) } return nil } func TestWriteLog(t *testing.T) { testResource := &mrpb.MonitoredResource{ Type: "gce_instance", Labels: map[string]string{ "instance_id": "1234", "project_id": "not-a-real-project", "zone": "us-central1-c", }, } // Redirect loggers to buffers. cloudLogger := &testCLogger{} serialLogs := &testSLogWriter{} testLogger := &logger{ cloudLogger: cloudLogger, serialLogger: slog.New(slog.NewTextHandler(serialLogs, nil)), resource: testResource, instanceName: "test-instance", } testMsg := "test message" testPayload := payload{ "key1": "value1", "key2": 2, "key3": false, } testLogger.writeLog(clogging.Info, testMsg, toArgs(testPayload)...) if err := serialLogs.checkLogContains(testMsg, testPayload); err != nil { t.Errorf("Error validating Serial Log contents: %v", err) } if err := serialLogs.checkLogLevel(slog.LevelInfo); err != nil { t.Errorf("Error validating Serial Log level: %v", err) } // Add message and hostnames values to expected payload. testPayload[payloadMessageKey] = testMsg testPayload[payloadInstanceNameKey] = testLogger.instanceName if !cmp.Equal(cloudLogger.log.Payload, testPayload) { t.Errorf("Did not get expected payload in cloud logs: got %v, want %v", cloudLogger.log.Payload, testPayload) } if cloudLogger.log.Severity != clogging.Info { t.Errorf("Did not get expected severity in cloud logs: got %v, want %v", cloudLogger.log.Severity, clogging.Info) } // Compare monitored resource. if cloudLogger.log.Resource.Type != testResource.Type { t.Errorf("Did not get expected monitored resource tyoe: got %v, want %v", cloudLogger.log.Resource.Type, testResource.Type) } if !cmp.Equal(cloudLogger.log.Resource.Labels, testResource.Labels) { t.Errorf("Did not get expected monitored resource labels in cloud logs: got %v, want %v", cloudLogger.log.Resource.Labels, testResource.Labels) } } func TestLogFunctions(t *testing.T) { testcases := []struct { name string cloudSeverity clogging.Severity serialLevel slog.Level logFunc func(lgr *logger, msg string) }{ { name: "logger.Info", cloudSeverity: clogging.Info, serialLevel: slog.LevelInfo, logFunc: func(lgr *logger, msg string) { lgr.Info(msg) }, }, { name: "logger.Warn", cloudSeverity: clogging.Warning, serialLevel: slog.LevelWarn, logFunc: func(lgr *logger, msg string) { lgr.Warn(msg) }, }, { name: "logger.Error", cloudSeverity: clogging.Error, serialLevel: slog.LevelError, logFunc: func(lgr *logger, msg string) { lgr.Error(msg) }, }, } msg := "test message" for _, tc := range testcases { t.Run(tc.name, func(t *testing.T) { // Redirect loggers to buffers. cloudLogs := &testCLogger{} serialLogs := &testSLogWriter{} testLogger := &logger{ cloudLogger: cloudLogs, serialLogger: slog.New(slog.NewTextHandler(serialLogs, nil)), instanceName: "test-instance", } tc.logFunc(testLogger, msg) expectedPayload := payload{ payloadMessageKey: msg, payloadInstanceNameKey: testLogger.instanceName, } if cloudLogs.log.Severity != tc.cloudSeverity { t.Errorf("Cloud logs did not contain expected severity: got %v, want %v", cloudLogs.log.Severity, tc.cloudSeverity) } if !cmp.Equal(cloudLogs.log.Payload, expectedPayload) { t.Errorf("Cloud logs did not contain expected payload: got %v, want %v", cloudLogs.log.Payload, expectedPayload) } if err := serialLogs.checkLogContains(msg, payload{}); err != nil { t.Errorf("Error validating Serial Log contents: %v", err) } if err := serialLogs.checkLogLevel(tc.serialLevel); err != nil { t.Errorf("Error validating Serial Log level: %v", err) } }) } } go-tpm-tools-0.4.7/launcher/internal/rest_network_test.go000066400000000000000000000041101510276467000236200ustar00rootroot00000000000000package internal_test import ( "bytes" "context" "encoding/base64" "reflect" "testing" "github.com/containerd/containerd/namespaces" "github.com/google/go-tpm-tools/proto/attest" "github.com/google/go-tpm-tools/verifier" "github.com/google/go-tpm-tools/verifier/util" "golang.org/x/oauth2" "golang.org/x/oauth2/google" ) func TestNewRESTClient(t *testing.T) { ctx := namespaces.WithNamespace(context.Background(), namespaces.Default) mockOauth2Server, err := util.NewMockOauth2Server() if err != nil { t.Error(err) } defer mockOauth2Server.Stop() // Endpoint is Google's OAuth 2.0 default endpoint. Change to mock server. google.Endpoint = oauth2.Endpoint{ AuthURL: mockOauth2Server.Server.URL + "/o/oauth2/auth", TokenURL: mockOauth2Server.Server.URL + "/token", AuthStyle: oauth2.AuthStyleInParams, } mockAttestationServer, err := util.NewMockAttestationServer() if err != nil { t.Error(err) } defer mockAttestationServer.Stop() restClient, err := util.NewRESTClient(ctx, mockAttestationServer.Server.URL, "test-project", "us-central") if err != nil { t.Errorf("Failed to create rest client %s", err) } gotChallenge, err := restClient.CreateChallenge(ctx) if err != nil { t.Errorf("Failed to call CreateChallenge %s", err) } gotTokenResponse, err := restClient.VerifyAttestation(ctx, verifier.VerifyAttestationRequest{ Challenge: gotChallenge, Attestation: &attest.Attestation{}, }) if err != nil { t.Errorf("Failed to call VerifyAttestation %s", err) } wantNonce, _ := base64.StdEncoding.DecodeString(util.FakeTpmNonce) wantChallenge := &verifier.Challenge{ Name: "projects/test-project/locations/us-central-1/challenges/" + util.FakeChallengeUUID, Nonce: []byte(wantNonce), ConnID: ""} wantToken := "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJ0ZXN0IiwiaWF0IjoxNzA5NzUyNTI1LCJleHAiOjE5MTk3NTI1MjV9.EBLA2zX3c-Fu0l--J9Gey6LIXMO1TFRCoe3bzuPGc1k" if !reflect.DeepEqual(gotChallenge, wantChallenge) { t.Error("Challenge Mismatch") } if !bytes.Equal(gotTokenResponse.ClaimsToken, []byte(wantToken)) { t.Error("Token Mismatch") } } go-tpm-tools-0.4.7/launcher/internal/signaturediscovery/000077500000000000000000000000001510276467000234415ustar00rootroot00000000000000go-tpm-tools-0.4.7/launcher/internal/signaturediscovery/client.go000066400000000000000000000072301510276467000252500ustar00rootroot00000000000000// Package signaturediscovery contains functionalities to discover container image signatures. package signaturediscovery import ( "context" "fmt" "github.com/containerd/containerd" "github.com/containerd/containerd/content" "github.com/containerd/containerd/images" "github.com/containerd/containerd/remotes" "github.com/google/go-tpm-tools/verifier/oci" "github.com/google/go-tpm-tools/verifier/oci/cosign" v1 "github.com/opencontainers/image-spec/specs-go/v1" ) const signatureTagSuffix = "sig" type ( remoteResolverFetcher func(context.Context) (remotes.Resolver, error) imageFetcher func(context.Context, string, ...containerd.RemoteOpt) (containerd.Image, error) ) // Fetcher discovers and fetches OCI signatures from the target repository. type Fetcher interface { FetchImageSignatures(ctx context.Context, targetRepository string) ([]oci.Signature, error) } // Client is a wrapper of containerd.Client to interact with signed image manifest. type Client struct { OriginalImageDesc v1.Descriptor refreshResolver remoteResolverFetcher imageFetcher imageFetcher } // New creates a new client that implements Fetcher interface. func New(originalImageDesc v1.Descriptor, resolverFetcher remoteResolverFetcher, imageFetcher imageFetcher) Fetcher { return &Client{ OriginalImageDesc: originalImageDesc, refreshResolver: resolverFetcher, imageFetcher: imageFetcher, } } // FetchSignedImageManifest fetches a signed image manifest using a tag-based discovery mechanism. func (c *Client) FetchSignedImageManifest(ctx context.Context, targetRepository string) (v1.Manifest, error) { image, err := c.pullSignatureImage(ctx, targetRepository) if err != nil { return v1.Manifest{}, err } return getManifest(ctx, image) } // FetchImageSignatures returns a list of valid image signatures associated with the target OCI image. func (c *Client) FetchImageSignatures(ctx context.Context, targetRepository string) ([]oci.Signature, error) { image, err := c.pullSignatureImage(ctx, targetRepository) if err != nil { return nil, err } manifest, err := getManifest(ctx, image) if err != nil { return nil, err } signatures := make([]oci.Signature, 0, len(manifest.Layers)) for _, layer := range manifest.Layers { blob, err := content.ReadBlob(ctx, image.ContentStore(), layer) if err != nil { return nil, err } sig := &cosign.Sig{ Layer: layer, Blob: blob, SourceRepo: targetRepository, } signatures = append(signatures, sig) } return signatures, nil } func (c *Client) pullSignatureImage(ctx context.Context, signatureRepository string) (containerd.Image, error) { signatureImageRef := fmt.Sprint(signatureRepository, ":", formatSigTag(c.OriginalImageDesc)) // Pull signature image from a public repository. if c.refreshResolver == nil { return c.imageFetcher(ctx, signatureImageRef) } // Refresh resolver before pulling container image. resolver, err := c.refreshResolver(ctx) if err == nil { return c.imageFetcher(ctx, signatureImageRef, containerd.WithResolver(resolver)) } return nil, fmt.Errorf("failed to refresh remote resolver before pulling container image: %v", err) } // formatSigTag turns image digests into tags with signatureTagSuffix: // sha256:9ecc53c2 -> sha256-9ecc53c2.sig func formatSigTag(imageDesc v1.Descriptor) string { digest := imageDesc.Digest return fmt.Sprint(digest.Algorithm(), "-", digest.Encoded(), ".", signatureTagSuffix) } func getManifest(ctx context.Context, image containerd.Image) (v1.Manifest, error) { cs := image.ContentStore() manifest, err := images.Manifest(ctx, cs, image.Target(), image.Platform()) if err != nil { return v1.Manifest{}, err } return manifest, nil } go-tpm-tools-0.4.7/launcher/internal/signaturediscovery/client_test.go000066400000000000000000000134521510276467000263120ustar00rootroot00000000000000package signaturediscovery import ( "context" "fmt" "testing" "github.com/containerd/containerd" "github.com/containerd/containerd/defaults" "github.com/containerd/containerd/namespaces" "github.com/containerd/containerd/remotes" "github.com/google/go-cmp/cmp" "github.com/google/go-tpm-tools/launcher/registryauth" v1 "github.com/opencontainers/image-spec/specs-go/v1" ) func TestFormatSigTag(t *testing.T) { testCases := []struct { name string imageDesc v1.Descriptor wantSigTag string wantPass bool }{ { name: "formatSigTag success", imageDesc: v1.Descriptor{Digest: "sha256:9ecc53c269509f63c69a266168e4a687c7eb8c0cfd753bd8bfcaa4f58a90876f"}, wantSigTag: "sha256-9ecc53c269509f63c69a266168e4a687c7eb8c0cfd753bd8bfcaa4f58a90876f.sig", wantPass: true, }, { name: "formatSigTag failed with wrong image digest", imageDesc: v1.Descriptor{Digest: "sha256:9ecc53c269509f63c69a266168e4a687c7eb8c0cfd753bd8bfcaa4f58a90876f"}, wantSigTag: "sha256-18740b995b4eac1b5706392a96ff8c4f30cefac18772058a71449692f1581f0f.sig", wantPass: false, }, { name: "formatSigTag failed with wrong tag format", imageDesc: v1.Descriptor{Digest: "sha256:9ecc53c269509f63c69a266168e4a687c7eb8c0cfd753bd8bfcaa4f58a90876f"}, wantSigTag: "sha256@9ecc53c269509f63c69a266168e4a687c7eb8c0cfd753bd8bfcaa4f58a90876f.sig", wantPass: false, }, } for _, tc := range testCases { t.Run(tc.name, func(t *testing.T) { if got := formatSigTag(tc.imageDesc) == tc.wantSigTag; got != tc.wantPass { t.Errorf("formatSigTag() failed for test case %v: got %v, wantPass %v", tc.name, got, tc.wantPass) } }) } } func TestFetchSignedImageManifestDockerPublic(t *testing.T) { ctx := namespaces.WithNamespace(context.Background(), "test") targetRepository := "gcr.io/distroless/static" originalImageDesc := v1.Descriptor{Digest: "sha256:9ecc53c269509f63c69a266168e4a687c7eb8c0cfd753bd8bfcaa4f58a90876f"} client := createTestClient(t, originalImageDesc) // testing image manifest fetching using a public docker repo url if _, err := client.FetchSignedImageManifest(ctx, targetRepository); err != nil { t.Errorf("failed to fetch signed image manifest from targetRepository [%s]: %v", targetRepository, err) } } func TestFetchImageSignaturesDockerPublic(t *testing.T) { ctx := namespaces.WithNamespace(context.Background(), "test") originalImageDesc := v1.Descriptor{Digest: "sha256:905a0f3b3d6d0fb37bfa448b9e78f833b73f0b19fc97fed821a09cf49e255df1"} targetRepository := "us-docker.pkg.dev/vegas-codelab-5/cosign-test/base" client := createTestClient(t, originalImageDesc) signatures, err := client.FetchImageSignatures(ctx, targetRepository) if err != nil { t.Errorf("failed to fetch image signatures from targetRepository [%s]: %v", targetRepository, err) } if len(signatures) == 0 { t.Errorf("no image signatures found for the original image %v", originalImageDesc) } var gotBase64Sigs []string for _, sig := range signatures { if _, err := sig.Payload(); err != nil { t.Errorf("Payload() failed: %v", err) } base64Sig, err := sig.Base64Encoded() if err != nil { t.Errorf("Base64Encoded() failed: %v", err) } gotBase64Sigs = append(gotBase64Sigs, base64Sig) } // Check signatures from the OCI image manifest at https://pantheon.corp.google.com/artifacts/docker/vegas-codelab-5/us/cosign-test/base/sha256:1febaa6ac3a5c095435d5276755fb8efcb7f029fefe85cd9bf3ec7de91685b9f;tab=manifest?project=vegas-codelab-5. wantBase64Sigs := []string{"MEUCIQDgoiwMiVl1SAI1iePhH6Oeqztms3IwNtN+w0P92HTqQgIgKjJNcHEy0Ep4g4MH1Vd0gAHvbwH9ahD+jlnMP/rXSGE="} if !cmp.Equal(gotBase64Sigs, wantBase64Sigs) { t.Errorf("signatures did not return expected base64 signatures, got %v, want %v", gotBase64Sigs, wantBase64Sigs) } } func TestPullSignatureImage(t *testing.T) { imageFetcher := func(_ context.Context, _ string, opts ...containerd.RemoteOpt) (containerd.Image, error) { if len(opts) >= 0 { return &fakeImage{}, nil } return nil, fmt.Errorf("unable to fetch image") } testCases := []struct { name string resolverFetcher remoteResolverFetcher wantErr bool }{ { name: "valid resolver", resolverFetcher: func(_ context.Context) (remotes.Resolver, error) { return registryauth.Resolver("valid access"), nil }, wantErr: false, }, { name: "invalid resolver", resolverFetcher: func(_ context.Context) (remotes.Resolver, error) { return nil, fmt.Errorf("invalid resolver") }, wantErr: true, }, { name: "nil resolver", resolverFetcher: nil, wantErr: false, }, } for _, tc := range testCases { c := &Client{ OriginalImageDesc: v1.Descriptor{Digest: "sha256:905a0f3b3d6d0fb37bfa448b9e78f833b73f0b19fc97fed821a09cf49e255df1"}, refreshResolver: tc.resolverFetcher, imageFetcher: imageFetcher, } _, err := c.pullSignatureImage(context.Background(), "fake image repo") if gotErr := err != nil; gotErr != tc.wantErr { t.Errorf("failed to refresh resolver when pulling container image, gotErr: %v, but wantErr: %v", gotErr, tc.wantErr) } } } type fakeImage struct { containerd.Image } func createTestClient(t *testing.T, originalImageDesc v1.Descriptor) *Client { t.Helper() containerdClient, err := containerd.New(defaults.DefaultAddress) if err != nil { t.Skipf("test needs containerd daemon: %v", err) } t.Cleanup(func() { containerdClient.Close() }) resolverFetcher := func(_ context.Context) (remotes.Resolver, error) { return registryauth.Resolver("valid token"), nil } imageFetcher := func(ctx context.Context, imageRef string, opts ...containerd.RemoteOpt) (containerd.Image, error) { return containerdClient.Pull(ctx, imageRef, opts...) } return &Client{ OriginalImageDesc: originalImageDesc, refreshResolver: resolverFetcher, imageFetcher: imageFetcher, } } go-tpm-tools-0.4.7/launcher/internal/signaturediscovery/fakeclient.go000066400000000000000000000041661510276467000261040ustar00rootroot00000000000000package signaturediscovery import ( "context" "fmt" "github.com/google/go-tpm-tools/verifier/oci" "github.com/google/go-tpm-tools/verifier/oci/cosign" ) const ( // FakeRepoWithSignatures represents an OCI registry with container image signatures for testing. FakeRepoWithSignatures = "repo with signatures" // FakeRepoWithNoSignatures represents an OCI registry with no container image signatures for testing. FakeRepoWithNoSignatures = "repo with no signatures" // FakeNonExistRepo represents a non-exist OCI registry for testing. FakeNonExistRepo = "nonexist repo" // FakeRepoWithAllInvalidSignatures represents an OCI registry with all invalid container image signatures for testing. FakeRepoWithAllInvalidSignatures = "repo with all invalid signatures" // FakeRepoWithPartialValidSignatures represents an OCI registry with parital valid container image signatures for testing. FakeRepoWithPartialValidSignatures = "repo with parital valid signatures" ) type fakeClient struct{} // NewFakeClient constructs a new fake signature discovery client. func NewFakeClient() Fetcher { return &fakeClient{} } // FetchImageSignatures returns hardcoded signatures based on the given target repository. func (f *fakeClient) FetchImageSignatures(_ context.Context, targetRepository string) ([]oci.Signature, error) { switch targetRepository { case FakeRepoWithSignatures: return []oci.Signature{ cosign.NewFakeSignature("test data", oci.ECDSAP256SHA256), cosign.NewFakeSignature("hello world", oci.RSASSAPKCS1V152048SHA256), }, nil case FakeRepoWithNoSignatures, FakeNonExistRepo: return nil, fmt.Errorf("cannot fetch the signature object from target repository [%s]", targetRepository) case FakeRepoWithAllInvalidSignatures: return []oci.Signature{ cosign.NewFakeSignature("invalid signature", "unsupported"), cosign.NewFakeSignature("invalid signature", "unsupported"), }, nil case FakeRepoWithPartialValidSignatures: return []oci.Signature{ cosign.NewFakeSignature("test data", oci.ECDSAP256SHA256), cosign.NewFakeSignature("invalid signature", "unsupported"), }, nil default: return []oci.Signature{}, nil } } go-tpm-tools-0.4.7/launcher/internal/systemctl/000077500000000000000000000000001510276467000215375ustar00rootroot00000000000000go-tpm-tools-0.4.7/launcher/internal/systemctl/systemctl.go000066400000000000000000000044171510276467000241230ustar00rootroot00000000000000// Package systemctl implements a subset of systemctl operations. package systemctl import ( "context" "fmt" "log" "github.com/coreos/go-systemd/v22/dbus" ) // Systemd is an interface to connect to host systemd with selected functions. type Systemd interface { Start(string) error Stop(string) error IsActive(context.Context, string) (string, error) Close() } // Systemctl is a wrap around of dbus.Conn and implements the Systemd interface. type Systemctl struct { dbus *dbus.Conn } var _ Systemd = (*Systemctl)(nil) // New connects to systemd over dbus. func New() (*Systemctl, error) { conn, err := dbus.NewWithContext(context.Background()) if err != nil { return nil, err } return &Systemctl{dbus: conn}, nil } // Start is the equivalent of `systemctl start $unit`. func (s *Systemctl) Start(unit string) error { return runSystemdCmd(s.dbus.StartUnitContext, "start", unit) } // Stop is the equivalent of `systemctl stop $unit`. func (s *Systemctl) Stop(unit string) error { return runSystemdCmd(s.dbus.StopUnitContext, "stop", unit) } // IsActive is the equivalent of `systemctl is-active $unit`. // The status can be "active", "activating", "deactivating", "inactive" or "failed". func (s *Systemctl) IsActive(ctx context.Context, unit string) (string, error) { status, err := s.dbus.ListUnitsByNamesContext(ctx, []string{unit}) if err != nil { return "", err } if len(status) != 1 { return "", fmt.Errorf("want 1 unit from ListUnitsByNames, got %d", len(status)) } return status[0].ActiveState, nil } // Close disconnects from dbus. func (s *Systemctl) Close() { s.dbus.Close() } func runSystemdCmd(cmdFunc func(context.Context, string, string, chan<- string) (int, error), cmd string, unit string) error { progress := make(chan string, 1) // Run systemd command in "replace" mode to start the unit and its dependencies, // possibly replacing already queued jobs that conflict with this. if _, err := cmdFunc(context.Background(), unit, "replace", progress); err != nil { return fmt.Errorf("failed to run systemctl [%s] for unit [%s]: %v", cmd, unit, err) } if result := <-progress; result != "done" { return fmt.Errorf("systemctl [%s] result was [%s], want done", cmd, result) } log.Printf("Finished up systemctl [%s] for unit [%s]", cmd, unit) return nil } go-tpm-tools-0.4.7/launcher/internal/systemctl/systemctl_test.go000066400000000000000000000043461510276467000251630ustar00rootroot00000000000000package systemctl import ( "context" "errors" "testing" ) func TestRunSystmedCmd(t *testing.T) { doneUnitFunc := func(_ context.Context, _, _ string, progress chan<- string) (int, error) { progress <- "done" return 1, nil } failedCallUnitFunc := func(context.Context, string, string, chan<- string) (int, error) { return 1, errors.New("something went wrong") } failedUnitFunc := func(_ context.Context, _, _ string, progress chan<- string) (int, error) { progress <- "failed" return 1, nil } testCases := []struct { name string sytemdCmdFunc func(ctx context.Context, unit string, flag string, progress chan<- string) (int, error) wantErr bool }{ { name: "success", sytemdCmdFunc: doneUnitFunc, wantErr: false, }, { name: "failed call", sytemdCmdFunc: failedCallUnitFunc, wantErr: true, }, { name: "failed unit run", sytemdCmdFunc: failedUnitFunc, wantErr: true, }, } for _, tc := range testCases { t.Run(tc.name, func(t *testing.T) { if err := runSystemdCmd(tc.sytemdCmdFunc, "test", "test_unit"); (err != nil) != tc.wantErr { t.Errorf("runSystemdCmd() did not return expected error, got error: %v, but wantErr %v", err, tc.wantErr) } }) } } // TestGetStatus reads the `-.mount` which should exist on all systemd // systems and ensures that one of its properties is valid. func TestGetStatus(t *testing.T) { systemctl, err := New() if err != nil { t.Skipf("Failed to create systemctl client: %v", err) } t.Cleanup(systemctl.Close) testCases := []struct { name string unit string want string }{ { name: "success", unit: "-.mount", //`-.mount` which should exist on all systemd systems, want: "active", }, { name: "success with an inactive unit", unit: "node-problem-detector.service", want: "inactive", }, } for _, tc := range testCases { t.Run(tc.name, func(t *testing.T) { got, err := systemctl.IsActive(context.Background(), tc.unit) if err != nil { t.Fatalf("failed to read status for unit [%s]: %v", tc.unit, got) } if got != tc.want { t.Errorf("GetStatus returned unexpected status for unit [%s], got %s, but want %s", tc.unit, got, tc.want) } }) } } go-tpm-tools-0.4.7/launcher/launcher/000077500000000000000000000000001510276467000174755ustar00rootroot00000000000000go-tpm-tools-0.4.7/launcher/launcher/main.go000066400000000000000000000277661510276467000207720ustar00rootroot00000000000000// package main is a program that will start a container with attestation. package main import ( "bytes" "context" "errors" "fmt" "log" "os" "os/exec" "regexp" "strings" "time" "cloud.google.com/go/compute/metadata" "github.com/containerd/containerd" "github.com/containerd/containerd/defaults" "github.com/containerd/containerd/namespaces" "github.com/google/go-tpm-tools/client" "github.com/google/go-tpm-tools/launcher" "github.com/google/go-tpm-tools/launcher/internal/logging" "github.com/google/go-tpm-tools/launcher/launcherfile" "github.com/google/go-tpm-tools/launcher/registryauth" "github.com/google/go-tpm-tools/launcher/spec" "github.com/google/go-tpm/legacy/tpm2" ) const ( successRC = 0 // workload successful (no reboot) failRC = 1 // workload or launcher internal failed (no reboot) // panic() returns 2 rebootRC = 3 // reboot holdRC = 4 // hold ) var expectedTPMDAParams = launcher.TPMDAParams{ MaxTries: 0x20, // 32 tries RecoveryTime: 0x1C20, // 120 mins LockoutRecovery: 0x15180, // 24 hrs } var rcMessage = map[int]string{ successRC: "workload finished successfully, shutting down the VM", failRC: "workload or launcher error, shutting down the VM", rebootRC: "rebooting VM", holdRC: "VM remains running", } // BuildCommit shows the commit when building the binary, set by -ldflags when building var BuildCommit = "dev" var logger logging.Logger var mdsClient *metadata.Client var welcomeMessage = "TEE container launcher initiating" var exitMessage = "TEE container launcher exiting" var start time.Time func main() { uptime, err := getUptime() if err != nil { logger.Error(fmt.Sprintf("error reading VM uptime: %v", err)) } // Note the current time to later calculate launch time. start = time.Now() var exitCode int // by default exit code is 0 ctx := context.Background() defer func() { os.Exit(exitCode) }() logger, err = logging.NewLogger(ctx) if err != nil { log.Default().Printf("failed to initialize logging: %v", err) exitCode = failRC log.Default().Printf("%s, exit code: %d (%s)\n", exitMessage, exitCode, rcMessage[exitCode]) return } defer logger.Close() logger.Info("Boot completed", "duration_sec", uptime) logger.Info(welcomeMessage, "build_commit", BuildCommit) if err := verifyFsAndMount(); err != nil { logger.Error(fmt.Sprintf("failed to verify filesystem and mounts: %v\n", err)) exitCode = rebootRC logger.Error(exitMessage, "exit_code", exitCode, "exit_msg", rcMessage[exitCode]) return } if err := os.MkdirAll(launcherfile.HostTmpPath, 0755); err != nil { logger.Error(fmt.Sprintf("failed to create %s: %v", launcherfile.HostTmpPath, err)) } // Get RestartPolicy and IsHardened from spec mdsClient = metadata.NewClient(nil) launchSpec, err := spec.GetLaunchSpec(ctx, logger, mdsClient) if err != nil { logger.Error(fmt.Sprintf("failed to get launchspec, make sure you're running inside a GCE VM: %v", err)) // if cannot get launchSpec, exit directly exitCode = failRC logger.Error(exitMessage, "exit_code", exitCode, "exit_msg", rcMessage[exitCode]) return } defer func() { // Catch panic to attempt to output to Cloud Logging. if r := recover(); r != nil { logger.Error(fmt.Sprintf("Panic: %v", r)) exitCode = 2 } msg, ok := rcMessage[exitCode] if ok { logger.Info(exitMessage, "exit_code", exitCode, "exit_msg", msg) } else { logger.Info(exitMessage, "exit_code", exitCode) } }() if err = startLauncher(launchSpec, logger.SerialConsoleFile()); err != nil { logger.Error(err.Error()) } workloadDuration := time.Since(start) logger.Info("Workload completed", "workload", launchSpec.ImageRef, "workload_execution_sec", workloadDuration.Seconds(), ) exitCode = getExitCode(launchSpec.Hardened, launchSpec.RestartPolicy, err) } func getExitCode(isHardened bool, restartPolicy spec.RestartPolicy, err error) int { exitCode := 0 // if in a debug image, will always hold if !isHardened { return holdRC } if err != nil { switch err.(type) { default: // non-retryable error exitCode = failRC case *launcher.RetryableError, *launcher.WorkloadError: if restartPolicy == spec.Always || restartPolicy == spec.OnFailure { exitCode = rebootRC } else { exitCode = failRC } } } else { // if no error if restartPolicy == spec.Always { exitCode = rebootRC } else { exitCode = successRC } } return exitCode } func getUptime() (string, error) { file, err := os.ReadFile("/proc/uptime") if err != nil { return "", fmt.Errorf("error opening /proc/uptime: %v", err) } // proc/uptime contains two values separated by a space. We only need the first. split := bytes.Split(file, []byte(" ")) if len(split) != 2 { return "", fmt.Errorf("unexpected /proc/uptime contents: %s", file) } return string(split[0]), nil } func startLauncher(launchSpec spec.LaunchSpec, serialConsole *os.File) error { logger.Info(fmt.Sprintf("Launch Spec: %+v", launchSpec.LogFriendly())) containerdClient, err := containerd.New(defaults.DefaultAddress) if err != nil { return &launcher.RetryableError{Err: err} } defer containerdClient.Close() tpm, err := tpm2.OpenTPM("/dev/tpmrm0") if err != nil { return &launcher.RetryableError{Err: err} } defer tpm.Close() // check DA info, don't crash if failed daInfo, err := launcher.GetTPMDAInfo(tpm) if err != nil { logger.Error(fmt.Sprintf("Failed to get DA Info: %v", err)) } else { if !daInfo.StartupClearOrderly { logger.Warn(fmt.Sprintf("Failed orderly startup. Avoid using instance reset. Instead, use instance stop/start. DA lockout counter incremented: LockoutCounter: %d / MaxAuthFail: %d", daInfo.LockoutCounter, daInfo.MaxTries)) } if err := launcher.SetTPMDAParams(tpm, expectedTPMDAParams); err != nil { logger.Error(fmt.Sprintf("Failed to set DA params: %v", err)) } daInfo, err := launcher.GetTPMDAInfo(tpm) if err != nil { logger.Error(fmt.Sprintf("Failed to get DA Info: %v", err)) } else { logger.Info(fmt.Sprintf("Updated TPM DA params: %+v", daInfo)) } } // check AK (EK signing) cert gceAk, err := client.GceAttestationKeyECC(tpm) if err != nil { return err } if gceAk.Cert() == nil { return errors.New("failed to find AKCert on this VM: try creating a new VM or contacting support") } gceAk.Close() token, err := registryauth.RetrieveAuthToken(context.Background(), mdsClient) if err != nil { logger.Info(fmt.Sprintf("failed to retrieve auth token: %v, using empty auth for image pulling\n", err)) } logger.Info("Launch started", "duration_sec", time.Since(start).Seconds()) ctx := namespaces.WithNamespace(context.Background(), namespaces.Default) r, err := launcher.NewRunner(ctx, containerdClient, token, launchSpec, mdsClient, tpm, logger, serialConsole) if err != nil { return err } defer r.Close(ctx) return r.Run(ctx) } // verifyFsAndMount checks the partitions/mounts are as expected, based on the command output reported by OS. // These checks are not a security guarantee. func verifyFsAndMount() error { dmLsOutput, err := exec.Command("dmsetup", "ls").Output() if err != nil { return fmt.Errorf("failed to call `dmsetup ls`: %v %s", err, string(dmLsOutput)) } dmDevs := strings.Split(string(dmLsOutput), "\n") devNameToDevNo := make(map[string]string) for _, dmDev := range dmDevs { if dmDev == "" { continue } devFields := strings.Fields(dmDev) if len(devFields) != 2 { continue } devMajorMinor := strings.ReplaceAll(strings.ReplaceAll(devFields[1], "(", ""), ")", "") devNameToDevNo[devFields[0]] = devMajorMinor } var cryptNo, zeroNo string var ok bool if _, ok = devNameToDevNo["protected_stateful_partition"]; !ok { return fmt.Errorf("failed to find /dev/mapper/protected_stateful_partition: %s", string(dmLsOutput)) } if cryptNo, ok = devNameToDevNo["protected_stateful_partition_crypt"]; !ok { return fmt.Errorf("failed to find /dev/mapper/protected_stateful_partition_crypt: %s", string(dmLsOutput)) } if zeroNo, ok = devNameToDevNo["protected_stateful_partition_zero"]; !ok { return fmt.Errorf("failed to find /dev/mapper/protected_stateful_partition_zero: %s", string(dmLsOutput)) } dmTableCloneOutput, err := exec.Command("dmsetup", "table", "/dev/mapper/protected_stateful_partition").Output() if err != nil { return fmt.Errorf("failed to check /dev/mapper/protected_stateful_partition status: %v %s", err, string(dmTableCloneOutput)) } cloneTable := strings.Fields(string(dmTableCloneOutput)) // https://docs.kernel.org/admin-guide/device-mapper/dm-clone.html if len(cloneTable) < 7 { return fmt.Errorf("clone table does not match expected format: %s", string(dmTableCloneOutput)) } if cloneTable[2] != "clone" { return fmt.Errorf("protected_stateful_partition is not a dm-clone device: %s", string(dmTableCloneOutput)) } if cloneTable[4] != cryptNo { return fmt.Errorf("protected_stateful_partition does not have protected_stateful_partition_crypt as a destination device: %s", string(dmTableCloneOutput)) } if cloneTable[5] != zeroNo { return fmt.Errorf("protected_stateful_partition protected_stateful_partition_zero as a source device: %s", string(dmTableCloneOutput)) } // Check protected_stateful_partition_crypt is encrypted and is on integrity protection. dmTableCryptOutput, err := exec.Command("dmsetup", "table", "/dev/mapper/protected_stateful_partition_crypt").Output() if err != nil { return fmt.Errorf("failed to check /dev/mapper/protected_stateful_partition_crypt status: %v %s", err, string(dmTableCryptOutput)) } matched := regexp.MustCompile(`integrity:28:aead`).FindString(string(dmTableCryptOutput)) if len(matched) == 0 { return fmt.Errorf("stateful partition is not integrity protected: \n%s", dmTableCryptOutput) } matched = regexp.MustCompile(`capi:gcm\(aes\)-random`).FindString(string(dmTableCryptOutput)) if len(matched) == 0 { return fmt.Errorf("stateful partition is not using the aes-gcm-random cipher: \n%s", dmTableCryptOutput) } // Make sure /var/lib/containerd is on protected_stateful_partition. findmountOutput, err := exec.Command("findmnt", "/dev/mapper/protected_stateful_partition").Output() if err != nil { return fmt.Errorf("failed to findmnt /dev/mapper/protected_stateful_partition: %v %s", err, string(findmountOutput)) } matched = regexp.MustCompile(`/var/lib/containerd\s+/dev/mapper/protected_stateful_partition\[/var/lib/containerd\]\s+ext4\s+rw,nosuid,nodev,relatime,commit=30`).FindString(string(findmountOutput)) if len(matched) == 0 { return fmt.Errorf("/var/lib/containerd was not mounted on the protected_stateful_partition: \n%s", findmountOutput) } matched = regexp.MustCompile(`/var/lib/google\s+/dev/mapper/protected_stateful_partition\[/var/lib/google\]\s+ext4\s+rw,nosuid,nodev,relatime,commit=30`).FindString(string(findmountOutput)) if len(matched) == 0 { return fmt.Errorf("/var/lib/google was not mounted on the protected_stateful_partition: \n%s", findmountOutput) } // Check /tmp is on tmpfs. findmntOutput, err := exec.Command("findmnt", "tmpfs").Output() if err != nil { return fmt.Errorf("failed to findmnt tmpfs: %v %s", err, string(findmntOutput)) } matched = regexp.MustCompile(`/tmp\s+tmpfs\s+tmpfs`).FindString(string(findmntOutput)) if len(matched) == 0 { return fmt.Errorf("/tmp was not mounted on the tmpfs: \n%s", findmntOutput) } // Check verity status on vroot and oemroot. cryptSetupOutput, err := exec.Command("cryptsetup", "status", "vroot").Output() if err != nil { return fmt.Errorf("failed to check vroot status: %v %s", err, string(cryptSetupOutput)) } if !strings.Contains(string(cryptSetupOutput), "/dev/mapper/vroot is active and is in use.") { return fmt.Errorf("/dev/mapper/vroot was not mounted correctly: \n%s", cryptSetupOutput) } cryptSetupOutput, err = exec.Command("cryptsetup", "status", "oemroot").Output() if err != nil { return fmt.Errorf("failed to check oemroot status: %v %s", err, string(cryptSetupOutput)) } if !strings.Contains(string(cryptSetupOutput), "/dev/mapper/oemroot is active and is in use.") { return fmt.Errorf("/dev/mapper/oemroot was not mounted correctly: \n%s", cryptSetupOutput) } return nil } go-tpm-tools-0.4.7/launcher/launcher/main_test.go000066400000000000000000000066231510276467000220160ustar00rootroot00000000000000package main import ( "errors" "testing" "github.com/google/go-tpm-tools/launcher" "github.com/google/go-tpm-tools/launcher/spec" ) func TestGetExitCode(t *testing.T) { testcases := []struct { name string isHardened bool restartPolicy spec.RestartPolicy err error expectedReturnCode int }{ // no error, debug image { "debug, always restart, nil error", false, spec.Always, nil, holdRC, }, { "debug, never restart, nil error", false, spec.Never, nil, holdRC, }, { "debug, onfailure restart, nil error", false, spec.OnFailure, nil, holdRC, }, // no error, hardened image { "hardened, always restart, nil error", true, spec.Always, nil, rebootRC, }, { "hardened, never restart, nil error", true, spec.Never, nil, successRC, }, { "hardened, onfailure restart, nil error", true, spec.OnFailure, nil, successRC, }, // retryable error, debug image { "debug, always restart, retryable error", false, spec.Always, &launcher.RetryableError{}, holdRC, }, { "debug, never restart, retryable error", false, spec.Never, &launcher.RetryableError{}, holdRC, }, { "debug, onfailure restart, retryable error", false, spec.OnFailure, &launcher.RetryableError{}, holdRC, }, // workload error, debug image (same as retryable error) { "debug, always restart, workload error", false, spec.Always, &launcher.WorkloadError{}, holdRC, }, { "debug, never restart, workload error", false, spec.Never, &launcher.WorkloadError{}, holdRC, }, { "debug, onfailure restart, workload error", false, spec.OnFailure, &launcher.WorkloadError{}, holdRC, }, // retryable error, hardened image { "hardened, always restart, retryable error", true, spec.Always, &launcher.RetryableError{}, rebootRC, }, { "hardened, never restart, retryable error", true, spec.Never, &launcher.RetryableError{}, failRC, }, { "hardened, onfailure restart, retryable error", true, spec.OnFailure, &launcher.RetryableError{}, rebootRC, }, // workload error, hardened image (same as retryable error) { "hardened, always restart, workload error", true, spec.Always, &launcher.WorkloadError{}, rebootRC, }, { "hardened, never restart, workload error", true, spec.Never, &launcher.WorkloadError{}, failRC, }, { "hardened, onfailure restart, workload error", true, spec.OnFailure, &launcher.WorkloadError{}, rebootRC, }, // non-retryable error, debug image { "debug, always restart, non-retryable error", false, spec.Always, errors.New(""), holdRC, }, { "debug, never restart, non-retryable error", false, spec.Never, errors.New(""), holdRC, }, { "debug, onfailure restart, non-retryable error", false, spec.OnFailure, errors.New(""), holdRC, }, // non-retryable error, hardened image { "hardened, always restart, non-retryable error", true, spec.Always, errors.New(""), failRC, }, { "hardened, never restart, non-retryable error", true, spec.Never, errors.New(""), failRC, }, { "hardened, onfailure restart, non-retryable error", true, spec.OnFailure, errors.New(""), failRC, }, } for _, tc := range testcases { t.Run(tc.name, func(t *testing.T) { if rc := getExitCode(tc.isHardened, tc.restartPolicy, tc.err); rc != tc.expectedReturnCode { t.Errorf("got %d, wanted %d", rc, tc.expectedReturnCode) } }) } } go-tpm-tools-0.4.7/launcher/launcherfile/000077500000000000000000000000001510276467000203355ustar00rootroot00000000000000go-tpm-tools-0.4.7/launcher/launcherfile/launcherfile.go000066400000000000000000000011051510276467000233220ustar00rootroot00000000000000// Package launcherfile contains functions and constants for interacting with // launcher files. package launcherfile const ( // HostTmpPath defined the directory in the host that will store attestation tokens HostTmpPath = "/tmp/container_launcher/" // ContainerRuntimeMountPath defined the directory in the container stores attestation tokens ContainerRuntimeMountPath = "/run/container_launcher/" // AttestationVerifierTokenFilename defines the name of the file the attestation token is stored in. AttestationVerifierTokenFilename = "attestation_verifier_claims_token" ) go-tpm-tools-0.4.7/launcher/registryauth/000077500000000000000000000000001510276467000204265ustar00rootroot00000000000000go-tpm-tools-0.4.7/launcher/registryauth/auth.go000066400000000000000000000040351510276467000217200ustar00rootroot00000000000000// Package registryauth contains functionalities to authenticate docker repo. package registryauth import ( "context" "encoding/json" "fmt" "strings" "cloud.google.com/go/compute/metadata" "github.com/containerd/containerd/remotes" "github.com/containerd/containerd/remotes/docker" "golang.org/x/oauth2" ) // RetrieveAuthToken takes in a metadata server client, and uses it to read the // default service account token from a GCE VM and returns the token. func RetrieveAuthToken(ctx context.Context, client *metadata.Client) (oauth2.Token, error) { data, err := client.GetWithContext(ctx, "instance/service-accounts/default/token") if err != nil { return oauth2.Token{}, err } var token oauth2.Token if err := json.Unmarshal([]byte(data), &token); err != nil { return oauth2.Token{}, err } return token, nil } // Resolver returns a custom resolver that can use the token to authenticate with // the repo. func Resolver(token string) remotes.Resolver { options := docker.ResolverOptions{} credentials := func(host string) (string, string, error) { // append the token if is talking to Artifact Registry or GCR Registry if strings.HasSuffix(host, "docker.pkg.dev") || strings.HasSuffix(host, "gcr.io") { return "_token", token, nil } return "", "", nil } authOpts := []docker.AuthorizerOpt{docker.WithAuthCreds(credentials)} //nolint:staticcheck options.Authorizer = docker.NewDockerAuthorizer(authOpts...) return docker.NewResolver(options) } // RefreshResolver takes in a metadata server client, uses it to refresh the default service // account token, and returns a custom resolver that can use the token to authenticate with // the repo. func RefreshResolver(ctx context.Context, client *metadata.Client) (remotes.Resolver, error) { token, err := RetrieveAuthToken(ctx, client) if err != nil { return nil, fmt.Errorf("failed to retrieve auth token from metadata server: %v", err) } if token.Valid() { return Resolver(token.AccessToken), nil } return nil, fmt.Errorf("invalid token from metadata server: %v", token) } go-tpm-tools-0.4.7/launcher/spec/000077500000000000000000000000001510276467000166265ustar00rootroot00000000000000go-tpm-tools-0.4.7/launcher/spec/launch_policy.go000066400000000000000000000243521510276467000220140ustar00rootroot00000000000000package spec import ( "errors" "fmt" "path/filepath" "strconv" "strings" "github.com/google/go-tpm-tools/launcher/internal/logging" ) // LaunchPolicy contains policies on starting the container. // The policy comes from the labels of the image. type LaunchPolicy struct { AllowedEnvOverride []string AllowedCmdOverride bool AllowedLogRedirect policy AllowedMountDestinations []string HardenedImageMonitoring MonitoringType DebugImageMonitoring MonitoringType PrivilegedCaps bool AllowCgroups bool } type policy int const ( debugOnly policy = iota always never ) // MonitoringType represents the possible health monitoring presets for the client. type MonitoringType int const ( // None indicates no monitoring enabled. None MonitoringType = iota // MemoryOnly indicates only memory_bytes_used enabled. MemoryOnly // All indicates all supported metrics enabled. All ) func (mt MonitoringType) String() string { switch mt { case None: return "none" case MemoryOnly: return "memoryOnly" case All: return "all" } return "" } func toMonitoringType(s string) (MonitoringType, error) { switch strings.ToLower(s) { case "none": return None, nil case "memoryonly": return MemoryOnly, nil case "all": return All, nil } return None, fmt.Errorf("invalid monitoring type %v", s) } // String returns LaunchPolicy details. func (p policy) String() string { switch p { case debugOnly: return "debugonly" case always: return "always" case never: return "never" default: return "unspecified launch policy" } } func toPolicy(policy, s string) (policy, error) { s = strings.ToLower(s) s = strings.TrimSpace(s) if s == "always" { return always, nil } if s == "never" { return never, nil } if s == "debugonly" { return debugOnly, nil } return 0, fmt.Errorf("not a valid %s %s (must be one of [always, never, debugonly])", policy, s) } const ( envOverride = "tee.launch_policy.allow_env_override" cmdOverride = "tee.launch_policy.allow_cmd_override" logRedirect = "tee.launch_policy.log_redirect" memoryMonitoring = "tee.launch_policy.monitoring_memory_allow" hardenedMonitoring = "tee.launch_policy.hardened_monitoring" debugMonitoring = "tee.launch_policy.debug_monitoring" // Values look like a PATH list, with ':' as a separator. // Empty paths will be ignored and relative paths will be interpreted as // relative to "/". // Paths will be cleaned using filepath.Clean. mountDestinations = "tee.launch_policy.allow_mount_destinations" privilegedCaps = "tee.launch_policy.allow_capabilities" allowCgroups = "tee.launch_policy.allow_cgroups" ) func configureMonitoringPolicy(imageLabels map[string]string, launchPolicy *LaunchPolicy, logger logging.Logger) error { // Old policy. memVal, memOk := imageLabels[memoryMonitoring] // New policies. hardenedVal, hardenedOk := imageLabels[hardenedMonitoring] debugVal, debugOk := imageLabels[debugMonitoring] var err error // Return an error if old/new policies are both defined if memOk && (hardenedOk || debugOk) { return fmt.Errorf("use either %s or %s/%s in image labels,- not both", memoryMonitoring, hardenedMonitoring, debugMonitoring) } else if memOk { policy, err := toPolicy(memoryMonitoring, memVal) if err != nil { return fmt.Errorf("invalid image LABEL '%s'", memoryMonitoring) } logger.Info(fmt.Sprintf("%s will be deprecated, use %s and %s instead", memoryMonitoring, hardenedMonitoring, debugMonitoring)) switch policy { case always: logger.Info(fmt.Sprintf("%s=always will be treated as %s=memory_only and %s=memory_only", memoryMonitoring, hardenedMonitoring, debugMonitoring)) launchPolicy.HardenedImageMonitoring = MemoryOnly launchPolicy.DebugImageMonitoring = MemoryOnly case never: logger.Info(fmt.Sprintf("%s=never will be treated as %s=none and %s=none", memoryMonitoring, hardenedMonitoring, debugMonitoring)) logger.Info("memory monitoring not allowed by image") launchPolicy.HardenedImageMonitoring = None launchPolicy.DebugImageMonitoring = None case debugOnly: logger.Info(fmt.Sprintf("%s=debug_only will be treated as %s=none and %s=memory", memoryMonitoring, hardenedMonitoring, debugMonitoring)) logger.Info("memory monitoring only allowed on debug environment by image") launchPolicy.HardenedImageMonitoring = None launchPolicy.DebugImageMonitoring = MemoryOnly } return nil } if hardenedOk { launchPolicy.HardenedImageMonitoring, err = toMonitoringType(hardenedVal) if err != nil { return fmt.Errorf("invalid monitoring type for hardened image: %v", err) } logger.Info(fmt.Sprintf("'%s' monitoring allowed on hardened environment", launchPolicy.HardenedImageMonitoring)) } else { launchPolicy.HardenedImageMonitoring = None } if debugOk { launchPolicy.DebugImageMonitoring, err = toMonitoringType(debugVal) if err != nil { return fmt.Errorf("invalid monitoring type for debug image: %v", err) } logger.Info(fmt.Sprintf("'%s' monitoring allowed on debug environment", launchPolicy.DebugImageMonitoring)) } else { launchPolicy.DebugImageMonitoring = MemoryOnly } return nil } // GetLaunchPolicy takes in a map[string] string which should come from image labels, // and will try to parse it into a LaunchPolicy. Extra fields will be ignored. func GetLaunchPolicy(imageLabels map[string]string, logger logging.Logger) (LaunchPolicy, error) { var err error launchPolicy := LaunchPolicy{} if v, ok := imageLabels[envOverride]; ok { envs := strings.Split(v, ",") for _, env := range envs { // strip out empty env name if env != "" { launchPolicy.AllowedEnvOverride = append(launchPolicy.AllowedEnvOverride, env) } } } if v, ok := imageLabels[cmdOverride]; ok { if launchPolicy.AllowedCmdOverride, err = strconv.ParseBool(v); err != nil { return LaunchPolicy{}, fmt.Errorf("invalid image LABEL '%s' (not a boolean)", cmdOverride) } } // default is debug only for logRedirect if v, ok := imageLabels[logRedirect]; ok { launchPolicy.AllowedLogRedirect, err = toPolicy(logRedirect, v) if err != nil { return LaunchPolicy{}, fmt.Errorf("invalid image LABEL '%s'", logRedirect) } } if err := configureMonitoringPolicy(imageLabels, &launchPolicy, logger); err != nil { return LaunchPolicy{}, err } if v, ok := imageLabels[mountDestinations]; ok { paths := filepath.SplitList(v) for _, path := range paths { // Strip out empty path name. if path != "" { path = filepath.Clean(path) launchPolicy.AllowedMountDestinations = append(launchPolicy.AllowedMountDestinations, path) } } } if v, ok := imageLabels[privilegedCaps]; ok { if launchPolicy.PrivilegedCaps, err = strconv.ParseBool(v); err != nil { return LaunchPolicy{}, fmt.Errorf("invalid image LABEL '%s' (not a boolean)", privilegedCaps) } } if v, ok := imageLabels[allowCgroups]; ok { if launchPolicy.AllowCgroups, err = strconv.ParseBool(v); err != nil { return LaunchPolicy{}, fmt.Errorf("invalid image LABEL '%s' (not a boolean)", allowCgroups) } } return launchPolicy, nil } func verifyMonitoringConfig(policy MonitoringType, spec MonitoringType) error { switch policy { case All: // If policy is 'All', spec can be anything. return nil case MemoryOnly: // If policy is 'MemoryOnly', spec must be 'None' or 'MemoryOnly'. if spec == All { return fmt.Errorf("spec configured for all monitoring, policy only allows memory") } case None: // If policy is 'None', spec must also be 'None'. if spec != None { return fmt.Errorf("spec configured for %v but policy is none", spec) } } return nil } // Verify will use the LaunchPolicy to verify the given LaunchSpec. If the verification passed, will return nil. // If there are multiple violations, the function will return the first error. func (p LaunchPolicy) Verify(ls LaunchSpec) error { for _, e := range ls.Envs { if !contains(p.AllowedEnvOverride, e.Name) { return fmt.Errorf("env var %s is not allowed to be overridden on this image; allowed envs to be overridden: %v", e, p.AllowedEnvOverride) } } if !p.AllowedCmdOverride && len(ls.Cmd) > 0 { return fmt.Errorf("CMD is not allowed to be overridden on this image") } if p.AllowedLogRedirect == never && ls.LogRedirect.enabled() { return fmt.Errorf("logging redirection not allowed by image") } if p.AllowedLogRedirect == debugOnly && ls.LogRedirect.enabled() && ls.Hardened { return fmt.Errorf("logging redirection only allowed on debug environment by image") } monitoringPolicy := p.DebugImageMonitoring if ls.Hardened { monitoringPolicy = p.HardenedImageMonitoring } if err := verifyMonitoringConfig(monitoringPolicy, ls.MonitoringEnabled); err != nil { return fmt.Errorf("error verifying monitoring config: %v", err) } var err error for _, mnt := range ls.Mounts { err = errors.Join(err, p.verifyMountDestination(mnt.Mountpoint())) } if err != nil { return fmt.Errorf("destination mount points are not allowed: %v", err) } if len(ls.AddedCapabilities) != 0 && !p.PrivilegedCaps { return errors.New("additional capabilities are not allowed") } if ls.CgroupNamespace && !p.AllowCgroups { return errors.New("cgroups usage is not allowed") } return nil } // verifyMountDestination assumes AllowedMountDestinations contains // `filepath.Clean`ed paths. func (p LaunchPolicy) verifyMountDestination(dstPath string) error { if !filepath.IsAbs(dstPath) { return fmt.Errorf("received a non-absolute destination path: %v", dstPath) } dstPath = filepath.Clean(dstPath) for _, allowDst := range p.AllowedMountDestinations { if !filepath.IsAbs(allowDst) { return fmt.Errorf("received a non-absolute allowed destination path: %v", allowDst) } rel, err := filepath.Rel(allowDst, dstPath) if err != nil { return err } // If dest is not the parent dir relative to the allowed mountpoint // or dest is not relative from the allowed's parent directory, then // dest must be a child (or the exact same directory). if rel != ".." && !strings.HasPrefix(rel, "../") { return nil } } return fmt.Errorf("destination mount point \"%v\" is invalid: policy only allows mounts in the following paths: %v", dstPath, p.AllowedMountDestinations) } func contains(strs []string, target string) bool { for _, s := range strs { if s == target { return true } } return false } go-tpm-tools-0.4.7/launcher/spec/launch_policy_test.go000066400000000000000000000553151510276467000230560ustar00rootroot00000000000000package spec import ( "testing" "github.com/google/go-cmp/cmp" "github.com/google/go-tpm-tools/launcher/internal/launchermount" "github.com/google/go-tpm-tools/launcher/internal/logging" ) func TestLaunchPolicy(t *testing.T) { testCases := []struct { testName string imageLabels map[string]string expectedPolicy LaunchPolicy }{ { "single ENV override, CMD override", map[string]string{ envOverride: "foo", cmdOverride: "true", }, LaunchPolicy{ AllowedEnvOverride: []string{"foo"}, AllowedCmdOverride: true, }, }, { "multiple ENV override, no CMD override", map[string]string{ envOverride: "foo,bar", }, LaunchPolicy{ AllowedEnvOverride: []string{"foo", "bar"}, AllowedCmdOverride: false, }, }, { "no ENV override, no CMD override", nil, LaunchPolicy{ AllowedEnvOverride: nil, AllowedCmdOverride: false, }, }, { "empty string in ENV override", map[string]string{ envOverride: ",,,foo", cmdOverride: "false", }, LaunchPolicy{ AllowedEnvOverride: []string{"foo"}, AllowedCmdOverride: false, }, }, } for _, testcase := range testCases { t.Run(testcase.testName, func(t *testing.T) { // Add default values for policy fields. Not relevant to tested behavior. testcase.expectedPolicy.HardenedImageMonitoring = None testcase.expectedPolicy.DebugImageMonitoring = MemoryOnly got, err := GetLaunchPolicy(testcase.imageLabels, logging.SimpleLogger()) if err != nil { t.Fatal(err) } if !cmp.Equal(got, testcase.expectedPolicy) { t.Errorf("Launchspec got %+v, want %+v", got, testcase.expectedPolicy) } }) } } func TestVerify(t *testing.T) { testCases := []struct { testName string policy LaunchPolicy spec LaunchSpec expectErr bool }{ { "allows everything", LaunchPolicy{ AllowedEnvOverride: []string{"foo"}, AllowedCmdOverride: true, AllowedLogRedirect: always, HardenedImageMonitoring: MemoryOnly, DebugImageMonitoring: MemoryOnly, }, LaunchSpec{ Envs: []EnvVar{{Name: "foo", Value: "foo"}}, Cmd: []string{"foo"}, LogRedirect: Everywhere, MonitoringEnabled: MemoryOnly, }, false, }, { "default case", LaunchPolicy{}, LaunchSpec{}, false, }, { "env override violation", LaunchPolicy{ AllowedEnvOverride: []string{"foo"}, }, LaunchSpec{ Envs: []EnvVar{{Name: "bar", Value: ""}}, }, true, }, { "cmd violation", LaunchPolicy{ AllowedCmdOverride: false, }, LaunchSpec{ Cmd: []string{"foo"}, }, true, }, { "log redirect (never, everywhere, hardened): err", LaunchPolicy{ AllowedLogRedirect: never, }, LaunchSpec{ LogRedirect: Everywhere, Hardened: true, }, true, }, { "log redirect (never, cloudlogging, hardened): err", LaunchPolicy{ AllowedLogRedirect: never, }, LaunchSpec{ LogRedirect: CloudLogging, Hardened: true, }, true, }, { "log redirect (never, serial, hardened): err", LaunchPolicy{ AllowedLogRedirect: never, }, LaunchSpec{ LogRedirect: Serial, Hardened: true, }, true, }, { "log redirect (never, nowhere, hardened): noerr", LaunchPolicy{ AllowedLogRedirect: never, }, LaunchSpec{ LogRedirect: Nowhere, Hardened: true, }, false, }, { "log redirect (never, everywhere, debug): err", LaunchPolicy{ AllowedLogRedirect: never, }, LaunchSpec{ LogRedirect: Everywhere, Hardened: false, }, true, }, { "log redirect (never, cloudlogging, debug): err", LaunchPolicy{ AllowedLogRedirect: never, }, LaunchSpec{ LogRedirect: CloudLogging, Hardened: false, }, true, }, { "log redirect (never, serial, debug): err", LaunchPolicy{ AllowedLogRedirect: never, }, LaunchSpec{ LogRedirect: Serial, Hardened: false, }, true, }, { "log redirect (never, nowhere, debug): noerr", LaunchPolicy{ AllowedLogRedirect: never, }, LaunchSpec{ LogRedirect: Nowhere, Hardened: false, }, false, }, { "log redirect (debugOnly, everywhere, hardened): err", LaunchPolicy{ AllowedLogRedirect: debugOnly, }, LaunchSpec{ LogRedirect: Everywhere, Hardened: true, }, true, }, { "log redirect (debugOnly, cloudlogging, hardened): err", LaunchPolicy{ AllowedLogRedirect: debugOnly, }, LaunchSpec{ LogRedirect: CloudLogging, Hardened: true, }, true, }, { "log redirect (debugOnly, serial, hardened): err", LaunchPolicy{ AllowedLogRedirect: debugOnly, }, LaunchSpec{ LogRedirect: Serial, Hardened: true, }, true, }, { "log redirect (debugOnly, nowhere, hardened): noerr", LaunchPolicy{ AllowedLogRedirect: debugOnly, }, LaunchSpec{ LogRedirect: Nowhere, Hardened: true, }, false, }, { "log redirect (debugOnly, everywhere, debug): noerr", LaunchPolicy{ AllowedLogRedirect: debugOnly, }, LaunchSpec{ LogRedirect: Everywhere, Hardened: false, }, false, }, { "log redirect (debugOnly, cloudlogging, debug): noerr", LaunchPolicy{ AllowedLogRedirect: debugOnly, }, LaunchSpec{ LogRedirect: CloudLogging, Hardened: false, }, false, }, { "log redirect (debugOnly, serial, debug): noerr", LaunchPolicy{ AllowedLogRedirect: debugOnly, }, LaunchSpec{ LogRedirect: Serial, Hardened: false, }, false, }, { "log redirect (debugOnly, nowhere, debug): noerr", LaunchPolicy{ AllowedLogRedirect: debugOnly, }, LaunchSpec{ LogRedirect: Nowhere, Hardened: false, }, false, }, { "log redirect (always, everywhere, hardened): noerr", LaunchPolicy{ AllowedLogRedirect: always, }, LaunchSpec{ LogRedirect: Everywhere, Hardened: true, }, false, }, { "log redirect (always, cloudlogging, hardened): noerr", LaunchPolicy{ AllowedLogRedirect: always, }, LaunchSpec{ LogRedirect: CloudLogging, Hardened: true, }, false, }, { "log redirect (always, serial, hardened): noerr", LaunchPolicy{ AllowedLogRedirect: always, }, LaunchSpec{ LogRedirect: Serial, Hardened: true, }, false, }, { "log redirect (always, nowhere, hardened): noerr", LaunchPolicy{ AllowedLogRedirect: always, }, LaunchSpec{ LogRedirect: Nowhere, Hardened: true, }, false, }, { "log redirect (always, everywhere, debug): noerr", LaunchPolicy{ AllowedLogRedirect: always, }, LaunchSpec{ LogRedirect: Everywhere, Hardened: false, }, false, }, { "log redirect (always, cloudlogging, debug): noerr", LaunchPolicy{ AllowedLogRedirect: always, }, LaunchSpec{ LogRedirect: CloudLogging, Hardened: false, }, false, }, { "log redirect (always, serial, debug): noerr", LaunchPolicy{ AllowedLogRedirect: always, }, LaunchSpec{ LogRedirect: Serial, Hardened: false, }, false, }, { "log redirect (always, nowhere, debug): noerr", LaunchPolicy{ AllowedLogRedirect: always, }, LaunchSpec{ LogRedirect: Nowhere, Hardened: false, }, false, }, { "allowed mount dest", LaunchPolicy{ AllowedMountDestinations: []string{"/a"}, }, LaunchSpec{ Mounts: []launchermount.Mount{ launchermount.TmpfsMount{Destination: "/a/b"}, }, }, false, }, { "allowed mount dest same dir", LaunchPolicy{ AllowedMountDestinations: []string{"/a"}, }, LaunchSpec{ Mounts: []launchermount.Mount{ launchermount.TmpfsMount{Destination: "/a"}, }, }, false, }, { "allowed mount dest multiple", LaunchPolicy{ AllowedMountDestinations: []string{"/a", "/b", "/c/d"}, }, LaunchSpec{ Mounts: []launchermount.Mount{ launchermount.TmpfsMount{Destination: "/a"}, launchermount.TmpfsMount{Destination: "/b"}, launchermount.TmpfsMount{Destination: "/c/d"}, launchermount.TmpfsMount{Destination: "/a/b"}, launchermount.TmpfsMount{Destination: "/a/b/c"}, launchermount.TmpfsMount{Destination: "/c/d/e"}, launchermount.TmpfsMount{Destination: "/c/d/f"}, launchermount.TmpfsMount{Destination: "/c/d/e/f/g/../b"}, launchermount.TmpfsMount{Destination: "/c/d/e/f/./../b"}, launchermount.TmpfsMount{Destination: "/c/d/e/f/./../../b"}, }, }, false, }, { "mount dest relative", LaunchPolicy{ AllowedMountDestinations: []string{"/b"}, }, LaunchSpec{ Mounts: []launchermount.Mount{ launchermount.TmpfsMount{Destination: "/a/../b"}, }, }, false, }, { "mount dest not abs", LaunchPolicy{ AllowedMountDestinations: []string{"/as"}, }, LaunchSpec{ Mounts: []launchermount.Mount{ launchermount.TmpfsMount{Destination: "asd"}, }, }, true, }, { "allowed mount dest not abs", LaunchPolicy{ AllowedMountDestinations: []string{"as"}, }, LaunchSpec{ Mounts: []launchermount.Mount{ launchermount.TmpfsMount{Destination: "/asd"}, }, }, true, }, { "mount dest prefix but not subdir", LaunchPolicy{ AllowedMountDestinations: []string{"/a"}, }, LaunchSpec{ Mounts: []launchermount.Mount{ launchermount.TmpfsMount{Destination: "/abcd"}, }, }, true, }, { "mount dest parent of allowed", LaunchPolicy{ AllowedMountDestinations: []string{"/a/b"}, }, LaunchSpec{ Mounts: []launchermount.Mount{ launchermount.TmpfsMount{Destination: "/a"}, }, }, true, }, { "caps allowed unused", LaunchPolicy{ PrivilegedCaps: true, }, LaunchSpec{}, false, }, { "caps allowed and used", LaunchPolicy{ PrivilegedCaps: true, }, LaunchSpec{ AddedCapabilities: []string{"new", "no", "cap"}, }, false, }, { "caps not allowed but used", LaunchPolicy{ PrivilegedCaps: false, }, LaunchSpec{ AddedCapabilities: []string{"new", "no", "cap"}, }, true, }, { "caps allowed unset but used", LaunchPolicy{}, LaunchSpec{ AddedCapabilities: []string{"new", "no", "cap"}, }, true, }, { "caps allowed unused", LaunchPolicy{ AllowCgroups: true, }, LaunchSpec{}, false, }, { "cgroups allowed and used", LaunchPolicy{ AllowCgroups: true, }, LaunchSpec{ CgroupNamespace: true, }, false, }, { "cgroups not allowed but used", LaunchPolicy{ AllowCgroups: false, }, LaunchSpec{ CgroupNamespace: true, }, true, }, { "caps allowed unset but used", LaunchPolicy{}, LaunchSpec{ CgroupNamespace: true, }, true, }, } for _, testCase := range testCases { t.Run(testCase.testName, func(t *testing.T) { err := testCase.policy.Verify(testCase.spec) if testCase.expectErr { if err == nil { t.Errorf("expected error, but got nil") } } else { if err != nil { t.Errorf("expected no error, but got %v", err) } } }) } } func TestVerifyMonitoringSettings(t *testing.T) { testCases := []struct { testName string monitoring MonitoringType spec LaunchSpec }{ { "none policy, disabled by spec", None, LaunchSpec{ MonitoringEnabled: None, LogRedirect: Nowhere, }, }, { "memory-only policy, all disabled by spec", MemoryOnly, LaunchSpec{ MonitoringEnabled: None, LogRedirect: Nowhere, }, }, { "memory-only policy, memory enabled by spec", MemoryOnly, LaunchSpec{ MonitoringEnabled: MemoryOnly, LogRedirect: Nowhere, }, }, { "all enabled by policy, all enabled by spec", All, LaunchSpec{ MonitoringEnabled: All, LogRedirect: Nowhere, }, }, { "all enabled by policy, disabled by spec", All, LaunchSpec{ MonitoringEnabled: None, LogRedirect: Nowhere, }, }, { "all enabled by policy, memory enabled by spec", All, LaunchSpec{ MonitoringEnabled: MemoryOnly, LogRedirect: Nowhere, }, }, } for _, testCase := range testCases { // Debug. t.Run("[Debug] "+testCase.testName, func(t *testing.T) { policy := LaunchPolicy{ DebugImageMonitoring: testCase.monitoring, } if err := policy.Verify(testCase.spec); err != nil { t.Errorf("expected no error, but got %v", err) } }) // Hardened. t.Run("[Hardened] "+testCase.testName, func(t *testing.T) { policy := LaunchPolicy{ HardenedImageMonitoring: testCase.monitoring, } // Copy the spec and set Hardened=true. spec := testCase.spec spec.Hardened = true if err := policy.Verify(spec); err != nil { t.Errorf("expected no error, but got %v", err) } }) } } func TestVerifyMonitoringSettingsErrors(t *testing.T) { testCases := []struct { testName string monitoring MonitoringType spec LaunchSpec }{ { "[Hardened] disabled policy, all enabled by spec", None, LaunchSpec{ MonitoringEnabled: All, Hardened: true, LogRedirect: Nowhere, }, }, { "[Hardened] disabled policy, memory enabled by spec", None, LaunchSpec{ MonitoringEnabled: MemoryOnly, Hardened: true, LogRedirect: Nowhere, }, }, { "[Hardened] memory-only policy, all enabled by spec", MemoryOnly, LaunchSpec{ MonitoringEnabled: All, Hardened: true, LogRedirect: Nowhere, }, }, } for _, testCase := range testCases { t.Run(testCase.testName, func(t *testing.T) { // Debug. t.Run("[Debug] "+testCase.testName, func(t *testing.T) { policy := LaunchPolicy{ DebugImageMonitoring: testCase.monitoring, } if err := policy.Verify(testCase.spec); err == nil { t.Errorf("expected error, but got nil") } }) // Hardened. t.Run("[Hardened] "+testCase.testName, func(t *testing.T) { policy := LaunchPolicy{ HardenedImageMonitoring: testCase.monitoring, } // Copy the spec and set Hardened=true. spec := testCase.spec spec.Hardened = true if err := policy.Verify(spec); err == nil { t.Errorf("expected error, but got nil") } }) }) } } func TestIsHardened(t *testing.T) { testCases := []struct { testName string kernelCmd string expectHardened bool }{ { "empty kernel cmd", "", false, }, { "no confidential-space.hardened arg", "BOOT_IMAGE=/syslinux/vmlinuz.B init=/usr/lib/systemd/systemd boot=local rootwait ro noresume loglevel=7 console=tty1 console=ttyS0 security=apparmor virtio_net.napi_tx=1 nmi_watchdog=0 csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi cos.protected_stateful_partition=e systemd.mask=update-engine.service ds=nocloud;s=/usr/share/oem/ cros_debug root=/dev/dm-0 \"dm=2 vroot none ro 1,0 4077568 verity payload=PARTUUID=DC7DB0DC-DDCC-AA45-BAE3-A41CA1698E83 hashtree=PARTUUID=DC7DB0DC-DDCC-AA45-BAE3-A41CA1698E83 hashstart=4077568 alg=sha256 root_hexdigest=6d5887660805db1b366319bd1c2161600d11b9e53f059b0e44b760a7277e1b0a salt=f4a41993832655a00d48f5769351370bebafd7de906df068bc1b1929b175ee43,oemroot none ro 1, 0 1024000 verity payload=PARTUUID=fd5af56a-7b25-c448-a616-19eb240b3260 hashtree=PARTUUID=fd5af56a-7b25-c448-a616-19eb240b3260 hashstart=1024000 alg=sha256 root_hexdigest=50c406c129054649a432fa144eeff56aa8b707d4c86f3ab44edde589356e8b23 salt=2a3461269a26ad6247f4b64cacd84f64e5a3311cd4b2f742bab6442291bf4977\"", false, }, { "has kernel arg confidential-space.hardened=true", "BOOT_IMAGE=/syslinux/vmlinuz.B init=/usr/lib/systemd/systemd boot=local rootwait ro noresume loglevel=7 console=tty1 console=ttyS0 security=apparmor virtio_net.napi_tx=1 nmi_watchdog=0 csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi confidential-space.hardened=true cos.protected_stateful_partition=e systemd.mask=update-engine.service ds=nocloud;s=/usr/share/oem/ cros_debug root=/dev/dm-0 \"dm=2 vroot none ro 1,0 4077568 verity payload=PARTUUID=DC7DB0DC-DDCC-AA45-BAE3-A41CA1698E83 hashtree=PARTUUID=DC7DB0DC-DDCC-AA45-BAE3-A41CA1698E83 hashstart=4077568 alg=sha256 root_hexdigest=6d5887660805db1b366319bd1c2161600d11b9e53f059b0e44b760a7277e1b0a salt=f4a41993832655a00d48f5769351370bebafd7de906df068bc1b1929b175ee43,oemroot none ro 1, 0 1024000 verity payload=PARTUUID=fd5af56a-7b25-c448-a616-19eb240b3260 hashtree=PARTUUID=fd5af56a-7b25-c448-a616-19eb240b3260 hashstart=1024000 alg=sha256 root_hexdigest=50c406c129054649a432fa144eeff56aa8b707d4c86f3ab44edde589356e8b23 salt=2a3461269a26ad6247f4b64cacd84f64e5a3311cd4b2f742bab6442291bf4977\"", true, }, { "has kernel arg confidential-space.hardened=false", "BOOT_IMAGE=/syslinux/vmlinuz.B init=/usr/lib/systemd/systemd boot=local rootwait ro noresume loglevel=7 console=tty1 console=ttyS0 security=apparmor virtio_net.napi_tx=1 nmi_watchdog=0 csm.disabled=1 loadpin.exclude=kernel-module modules-load=loadpin_trigger module.sig_enforce=1 dm_verity.error_behavior=3 dm_verity.max_bios=-1 dm_verity.dev_wait=1 i915.modeset=1 cros_efi confidential-space.hardened=false cos.protected_stateful_partition=e systemd.mask=update-engine.service ds=nocloud;s=/usr/share/oem/ cros_debug root=/dev/dm-0 \"dm=2 vroot none ro 1,0 4077568 verity payload=PARTUUID=DC7DB0DC-DDCC-AA45-BAE3-A41CA1698E83 hashtree=PARTUUID=DC7DB0DC-DDCC-AA45-BAE3-A41CA1698E83 hashstart=4077568 alg=sha256 root_hexdigest=6d5887660805db1b366319bd1c2161600d11b9e53f059b0e44b760a7277e1b0a salt=f4a41993832655a00d48f5769351370bebafd7de906df068bc1b1929b175ee43,oemroot none ro 1, 0 1024000 verity payload=PARTUUID=fd5af56a-7b25-c448-a616-19eb240b3260 hashtree=PARTUUID=fd5af56a-7b25-c448-a616-19eb240b3260 hashstart=1024000 alg=sha256 root_hexdigest=50c406c129054649a432fa144eeff56aa8b707d4c86f3ab44edde589356e8b23 salt=2a3461269a26ad6247f4b64cacd84f64e5a3311cd4b2f742bab6442291bf4977\"", false, }, } for _, testCase := range testCases { t.Run(testCase.testName, func(t *testing.T) { hardened := isHardened(testCase.kernelCmd) if testCase.expectHardened != hardened { t.Errorf("expected %t, but got %t", testCase.expectHardened, hardened) } }) } } func TestGetMonitoringPolicy(t *testing.T) { testcases := []struct { name string labels map[string]string expectedPolicy *LaunchPolicy }{ { name: "memory_monitoring_allow=always", labels: map[string]string{ memoryMonitoring: "always", }, expectedPolicy: &LaunchPolicy{ HardenedImageMonitoring: MemoryOnly, DebugImageMonitoring: MemoryOnly, }, }, { name: "memory_monitoring_allow=never", labels: map[string]string{ memoryMonitoring: "never", }, expectedPolicy: &LaunchPolicy{ HardenedImageMonitoring: None, DebugImageMonitoring: None, }, }, { name: "memory_monitoring_allow=debugonly", labels: map[string]string{ memoryMonitoring: "debugonly", }, expectedPolicy: &LaunchPolicy{ HardenedImageMonitoring: None, DebugImageMonitoring: MemoryOnly, }, }, { name: "HardenedImageMonitoring=none", labels: map[string]string{ hardenedMonitoring: "none", }, expectedPolicy: &LaunchPolicy{ HardenedImageMonitoring: None, DebugImageMonitoring: MemoryOnly, }, }, { name: "HardenedImageMonitoring=memoryonly", labels: map[string]string{ hardenedMonitoring: "memoryonly", }, expectedPolicy: &LaunchPolicy{ HardenedImageMonitoring: MemoryOnly, DebugImageMonitoring: MemoryOnly, }, }, { name: "HardenedImageMonitoring=all", labels: map[string]string{ hardenedMonitoring: "all", }, expectedPolicy: &LaunchPolicy{ HardenedImageMonitoring: All, DebugImageMonitoring: MemoryOnly, }, }, { name: "DebugImageMonitoring=none", labels: map[string]string{ debugMonitoring: "none", }, expectedPolicy: &LaunchPolicy{ HardenedImageMonitoring: None, DebugImageMonitoring: None, }, }, { name: "DebugImageMonitoring=memoryonly", labels: map[string]string{ debugMonitoring: "memoryonly", }, expectedPolicy: &LaunchPolicy{ HardenedImageMonitoring: None, DebugImageMonitoring: MemoryOnly, }, }, { name: "DebugImageMonitoring=all", labels: map[string]string{ debugMonitoring: "all", }, expectedPolicy: &LaunchPolicy{ HardenedImageMonitoring: None, DebugImageMonitoring: All, }, }, // Set both fields to non-default values. { name: "HardenedImageMonitoring=all, DebugImageMonitoring=none", labels: map[string]string{ hardenedMonitoring: "all", debugMonitoring: "none", }, expectedPolicy: &LaunchPolicy{ HardenedImageMonitoring: All, DebugImageMonitoring: None, }, }, } for _, tc := range testcases { t.Run(tc.name, func(t *testing.T) { policy := &LaunchPolicy{} if err := configureMonitoringPolicy(tc.labels, policy, logging.SimpleLogger()); err != nil { t.Errorf("getMonitoringPolicy returned error: %v", err) return } if !cmp.Equal(policy, tc.expectedPolicy) { t.Errorf("getMonitoringPolicy did not return expected policy: got %v, want %v", policy, tc.expectedPolicy) } }) } } func TestGetMonitoringPolicyErrors(t *testing.T) { testcases := []struct { name string labels map[string]string }{ { name: "memory_monitoring_allow and hardened_monitoring specified", labels: map[string]string{ memoryMonitoring: "always", hardenedMonitoring: "all", }, }, { name: "memory_monitoring_allow and debug_monitoring specified", labels: map[string]string{ memoryMonitoring: "always", debugMonitoring: "all", }, }, { name: "memory_monitoring_allow, hardened_monitoring, and debug_monitoring specified", labels: map[string]string{ memoryMonitoring: "always", hardenedMonitoring: "all", debugMonitoring: "memoryOnly", }, }, { name: "invalid value for memory_monitoring_allow", labels: map[string]string{ memoryMonitoring: "this is not valid", }, }, { name: "invalid value for hardened_monitoring", labels: map[string]string{ hardenedMonitoring: "this is not valid", }, }, { name: "invalid value for debug_monitoring", labels: map[string]string{ debugMonitoring: "this is not valid", }, }, } for _, tc := range testcases { t.Run(tc.name, func(t *testing.T) { policy := &LaunchPolicy{} if err := configureMonitoringPolicy(tc.labels, policy, logging.SimpleLogger()); err == nil { t.Errorf("Expected getMonitoringPolicy to return error, returned successfully with policy %v", policy) } }) } } go-tpm-tools-0.4.7/launcher/spec/launch_spec.go000066400000000000000000000347001510276467000214450ustar00rootroot00000000000000// Package spec contains definition of some basic container launch specs needed to // launch a container, provided by the operator. package spec import ( "context" "encoding/json" "errors" "fmt" "os" "os/exec" "path" "strconv" "strings" "cloud.google.com/go/compute/metadata" "github.com/containerd/containerd/v2/pkg/cap" "github.com/google/go-tpm-tools/cel" "github.com/google/go-tpm-tools/launcher/internal/experiments" "github.com/google/go-tpm-tools/launcher/internal/launchermount" "github.com/google/go-tpm-tools/launcher/internal/logging" "github.com/google/go-tpm-tools/launcher/launcherfile" "github.com/google/go-tpm-tools/verifier" "github.com/google/go-tpm-tools/verifier/util" ) // MaxInt64 is the maximum value of a signed int64. const MaxInt64 = 9223372036854775807 // RestartPolicy is the enum for the container restart policy. type RestartPolicy string func (p RestartPolicy) isValid() error { switch p { case Always, OnFailure, Never: return nil } return fmt.Errorf("invalid restart policy: %s", p) } // Restart Policy enum values. const ( Always RestartPolicy = "Always" OnFailure RestartPolicy = "OnFailure" Never RestartPolicy = "Never" // experimentDataFile defines where the experiment sync output data is expected to be. experimentDataFile = "experiment_data" // binaryPath contains the path to the experiments binary. binaryPath = "/usr/share/oem/confidential_space/confidential_space_experiments" ) // LogRedirectLocation specifies the workload logging redirect location. type LogRedirectLocation string func (l LogRedirectLocation) isValid() error { switch l { case Everywhere, CloudLogging, Serial, Nowhere: return nil } return fmt.Errorf("invalid logging redirect location %s, expect one of %s", l, []LogRedirectLocation{Everywhere, CloudLogging, Serial, Nowhere}) } func (l LogRedirectLocation) enabled() bool { return l != Nowhere } // LogRedirectLocation acceptable values. const ( Everywhere LogRedirectLocation = "true" CloudLogging LogRedirectLocation = "cloud_logging" Serial LogRedirectLocation = "serial" Nowhere LogRedirectLocation = "false" ) // Metadata variable names. const ( fakeVerifierKey = "test-fake-verifier" imageRefKey = "tee-image-reference" signedImageRepos = "tee-signed-image-repos" restartPolicyKey = "tee-restart-policy" cmdKey = "tee-cmd" envKeyPrefix = "tee-env-" impersonateServiceAccounts = "tee-impersonate-service-accounts" attestationServiceAddrKey = "tee-attestation-service-endpoint" logRedirectKey = "tee-container-log-redirect" memoryMonitoringEnable = "tee-monitoring-memory-enable" monitoringEnable = "tee-monitoring-enable" devShmSizeKey = "tee-dev-shm-size-kb" mountKey = "tee-mount" itaRegion = "ita-region" itaKey = "ita-api-key" addedCaps = "tee-added-capabilities" cgroupNS = "tee-cgroup-ns" ) const ( instanceAttributesQuery = "instance/attributes/?recursive=true" ) var errImageRefNotSpecified = fmt.Errorf("%s is not specified in the custom metadata", imageRefKey) // EnvVar represent a single environment variable key/value pair. type EnvVar struct { Name string Value string } // LaunchSpec contains specification set by the operator who wants to // launch a container. type LaunchSpec struct { Experiments experiments.Experiments FakeVerifierEnabled bool // MDS-based values. ImageRef string SignedImageRepos []string RestartPolicy RestartPolicy Cmd []string Envs []EnvVar AttestationServiceAddr string ImpersonateServiceAccounts []string ProjectID string Region string Hardened bool MonitoringEnabled MonitoringType LogRedirect LogRedirectLocation Mounts []launchermount.Mount ITAConfig verifier.ITAConfig // DevShmSize is specified in kiB. DevShmSize int64 AddedCapabilities []string CgroupNamespace bool } // UnmarshalJSON unmarshals an instance attributes list in JSON format from the metadata // server set by an operator to a LaunchSpec. // This method expects experiments to be set on the LaunchSpec before being called. func (s *LaunchSpec) UnmarshalJSON(b []byte) error { var unmarshaledMap map[string]string if err := json.Unmarshal(b, &unmarshaledMap); err != nil { return err } if val, ok := unmarshaledMap[fakeVerifierKey]; ok && val != "" { var err error if s.FakeVerifierEnabled, err = strconv.ParseBool(val); err != nil { return fmt.Errorf("invalid value for %v (not a boolean): %w", fakeVerifierKey, err) } } s.ImageRef = unmarshaledMap[imageRefKey] if s.ImageRef == "" { return errImageRefNotSpecified } s.RestartPolicy = RestartPolicy(unmarshaledMap[restartPolicyKey]) // Set the default restart policy to "Never" for now. if s.RestartPolicy == "" { s.RestartPolicy = Never } if err := s.RestartPolicy.isValid(); err != nil { return err } if val, ok := unmarshaledMap[impersonateServiceAccounts]; ok && val != "" { impersonateAccounts := strings.Split(val, ",") s.ImpersonateServiceAccounts = append(s.ImpersonateServiceAccounts, impersonateAccounts...) } if val, ok := unmarshaledMap[signedImageRepos]; ok && val != "" { imageRepos := strings.Split(val, ",") s.SignedImageRepos = append(s.SignedImageRepos, imageRepos...) } memVal, memOk := unmarshaledMap[memoryMonitoringEnable] monVal, monOk := unmarshaledMap[monitoringEnable] if memOk && monOk { return fmt.Errorf("both %v and %v are specified, only one is permitted", memoryMonitoringEnable, monitoringEnable) } else if memOk { // If value is empty, treat as the default. if memVal == "" { s.MonitoringEnabled = None } else { boolValue, err := strconv.ParseBool(memVal) if err != nil { return fmt.Errorf("invalid value for %v (not a boolean): %v", memoryMonitoringEnable, err) } if boolValue { s.MonitoringEnabled = MemoryOnly } else { s.MonitoringEnabled = None } } } else if monOk { // If value is empty, treat as the default. if monVal == "" { s.MonitoringEnabled = None } else { var err error s.MonitoringEnabled, err = toMonitoringType(monVal) if err != nil { return err } } } // Populate cmd override. if val, ok := unmarshaledMap[cmdKey]; ok && val != "" { if err := json.Unmarshal([]byte(val), &s.Cmd); err != nil { return err } } // Populate all env vars. for k, v := range unmarshaledMap { if strings.HasPrefix(k, envKeyPrefix) { s.Envs = append(s.Envs, EnvVar{strings.TrimPrefix(k, envKeyPrefix), v}) } } s.LogRedirect = LogRedirectLocation(unmarshaledMap[logRedirectKey]) // Default log redirect location is Nowhere ("false"). if s.LogRedirect == "" { s.LogRedirect = Nowhere } if err := s.LogRedirect.isValid(); err != nil { return err } s.AttestationServiceAddr = unmarshaledMap[attestationServiceAddrKey] // Populate /dev/shm size override. if val, ok := unmarshaledMap[devShmSizeKey]; ok && val != "" { size, err := strconv.ParseUint(val, 10, 64) if err != nil { return fmt.Errorf("failed to convert %v into uint64, got: %v", devShmSizeKey, val) } s.DevShmSize = int64(size) } // Populate mount override. // https://cloud.google.com/compute/docs/disks/set-persistent-device-name-in-linux-vm // https://cloud.google.com/compute/docs/disks/add-local-ssd if val, ok := unmarshaledMap[mountKey]; ok && val != "" { mounts := strings.Split(val, ";") for _, mount := range mounts { specMnt, err := processMount(mount) if err != nil { return err } s.Mounts = append(s.Mounts, specMnt) } } if s.Experiments.EnableItaVerifier { itaRegionVal, itaRegionOK := unmarshaledMap[itaRegion] itaKeyVal, itaKeyOK := unmarshaledMap[itaKey] // If key and region are both not in the map, do not set up ITA config. if itaRegionOK != itaKeyOK { return fmt.Errorf("ITA fields %s and %s must both be provided and non-empty", itaRegion, itaKey) } s.ITAConfig = verifier.ITAConfig{ ITARegion: itaRegionVal, ITAKey: itaKeyVal, } } // Populate capabilities override. if val, ok := unmarshaledMap[addedCaps]; ok && val != "" { if err := json.Unmarshal([]byte(val), &s.AddedCapabilities); err != nil { return err } } // Populate cgroup ns. cgroupSetting, ok := unmarshaledMap[cgroupNS] if ok { cgroupOn, err := strconv.ParseBool(cgroupSetting) if err != nil { return fmt.Errorf("invalid value for %v (not a boolean): %v", cgroupNS, err) } if cgroupOn { s.CgroupNamespace = true } } return nil } // LogFriendly creates a copy of the spec that is safe to log by censoring func (s *LaunchSpec) LogFriendly() LaunchSpec { safeSpec := *s safeSpec.ITAConfig.ITAKey = strings.Repeat("*", len(s.ITAConfig.ITAKey)) return safeSpec } // GetLaunchSpec takes in a metadata server client, reads and parse operator's // input to the GCE instance custom metadata and return a LaunchSpec. // ImageRef (tee-image-reference) is required, will return an error if // ImageRef is not presented in the metadata. func GetLaunchSpec(ctx context.Context, logger logging.Logger, client *metadata.Client) (LaunchSpec, error) { data, err := client.GetWithContext(ctx, instanceAttributesQuery) if err != nil { return LaunchSpec{}, err } spec := &LaunchSpec{} spec.Experiments = fetchExperiments(logger) if err := spec.UnmarshalJSON([]byte(data)); err != nil { return LaunchSpec{}, err } var errs []error for _, mnt := range spec.Mounts { if err := validateMount(mnt); err != nil { errs = append(errs, err) } } if len(errs) != 0 { return LaunchSpec{}, fmt.Errorf("failed to validate mounts: %v", errors.Join(errs...)) } if err := validateMemorySizeKb(uint64(spec.DevShmSize)); err != nil { return LaunchSpec{}, fmt.Errorf("failed to validate /dev/shm size: %v", err) } if err := validateAddedCapsAllowed(spec.AddedCapabilities); err != nil { return LaunchSpec{}, fmt.Errorf("failed to validate added capabilities: %v", err) } spec.ProjectID, err = client.ProjectIDWithContext(ctx) if err != nil { return LaunchSpec{}, fmt.Errorf("failed to retrieve projectID from MDS: %v", err) } spec.Region, err = util.GetRegion(client) if err != nil { return LaunchSpec{}, err } kernelCmd, err := readCmdline() if err != nil { return LaunchSpec{}, err } spec.Hardened = isHardened(kernelCmd) return *spec, nil } func isHardened(kernelCmd string) bool { for _, arg := range strings.Fields(kernelCmd) { if arg == "confidential-space.hardened=true" { return true } } return false } func fetchExperiments(logger logging.Logger) experiments.Experiments { experimentsFile := path.Join(launcherfile.HostTmpPath, experimentDataFile) args := fmt.Sprintf("-output=%s", experimentsFile) err := exec.Command(binaryPath, args).Run() if err != nil { logger.Error(fmt.Sprintf("failure during experiment sync: %v\n", err)) } e, err := experiments.New(experimentsFile) if err != nil { logger.Error(fmt.Sprintf("failed to read experiment file: %v\n", err)) // do not fail if experiment retrieval fails } return e } func processMount(singleMount string) (launchermount.Mount, error) { mntConfig := make(map[string]string) var mntType string mountOpts := strings.Split(singleMount, ",") for _, mountOpt := range mountOpts { name, val, err := cel.ParseEnvVar(mountOpt) if err != nil { return nil, fmt.Errorf("failed to parse mount option: %w", err) } switch name { case launchermount.TypeKey: mntType = val case launchermount.SourceKey: case launchermount.DestinationKey: case launchermount.SizeKey: default: return nil, fmt.Errorf("found unknown mount option: %v, expect keys of %v", mountOpt, launchermount.AllMountKeys) } mntConfig[name] = val } switch mntType { case launchermount.TypeTmpfs: return launchermount.CreateTmpfsMount(mntConfig) default: return nil, fmt.Errorf("found unknown or unspecified mount type: %v, expect one of types [%v]", mountOpts, launchermount.TypeTmpfs) } } func validateMount(mnt launchermount.Mount) error { switch v := mnt.(type) { case launchermount.TmpfsMount: return validateMemorySizeKb(v.Size / 1024) default: return fmt.Errorf("got unknown mount type: %T", v) } } // Ensures that system free memory is larger than the specified memory size. func validateMemorySizeKb(memSize uint64) error { freeMem, err := getLinuxFreeMem() if err != nil { return fmt.Errorf("failed to get free memory: %v", err) } if memSize > freeMem { return fmt.Errorf("got a /dev/shm size (%v) larger than free memory (%v) kB", memSize, freeMem) } if memSize > MaxInt64 { return fmt.Errorf("got a size greater than max int64: %v", memSize) } return nil } func getLinuxFreeMem() (uint64, error) { meminfo, err := os.ReadFile("/proc/meminfo") if err != nil { return 0, fmt.Errorf("failed to read /proc/meminfo: %w", err) } for _, memtype := range strings.Split(string(meminfo), "\n") { if !strings.Contains(memtype, "MemFree") { continue } split := strings.Fields(memtype) if len(split) != 3 { return 0, fmt.Errorf("found invalid MemInfo entry: got: %v, expected format: MemFree: kB", memtype) } if split[2] != "kB" { return 0, fmt.Errorf("found invalid MemInfo entry: got: %v, expected format: MemFree: kB", memtype) } freeMem, err := strconv.ParseUint(split[1], 10, 64) if err != nil { return 0, fmt.Errorf("failed to convert MemFree to uint64: %v", memtype) } return freeMem, nil } return 0, fmt.Errorf("failed to find MemFree in /proc/meminfo: %v", string(meminfo)) } func readCmdline() (string, error) { kernelCmd, err := os.ReadFile("/proc/cmdline") if err != nil { return "", err } return string(kernelCmd), nil } func validateAddedCapsAllowed(addedCaps []string) error { caps, err := getCurrCaps() if err != nil { return fmt.Errorf("failed to fetch current capabilities: %v", err) } var notInCurr []string for _, addedCap := range addedCaps { if _, ok := caps[addedCap]; !ok { notInCurr = append(notInCurr, addedCap) } } if len(notInCurr) != 0 { return fmt.Errorf("received added capabilities (%v) not allowed by current capabilities", notInCurr) } return nil } func getCurrCaps() (map[string]bool, error) { caps, err := cap.Current() if err != nil { return nil, err } capsMap := make(map[string]bool, len(caps)) for _, cap := range caps { capsMap[cap] = true } return capsMap, nil } go-tpm-tools-0.4.7/launcher/spec/launch_spec_test.go000066400000000000000000000177451510276467000225160ustar00rootroot00000000000000package spec import ( "regexp" "testing" "github.com/google/go-cmp/cmp" "github.com/google/go-tpm-tools/launcher/internal/experiments" "github.com/google/go-tpm-tools/launcher/internal/launchermount" "github.com/google/go-tpm-tools/verifier" ) func TestLaunchSpecUnmarshalJSONHappyCases(t *testing.T) { var testCases = []struct { testName string mdsJSON string }{ { "HappyCase", `{ "tee-cmd":"[\"--foo\",\"--bar\",\"--baz\"]", "tee-env-foo":"bar", "tee-image-reference":"docker.io/library/hello-world:latest", "tee-signed-image-repos":"docker.io/library/hello-world,gcr.io/cloudrun/hello", "tee-restart-policy":"Always", "tee-impersonate-service-accounts":"sv1@developer.gserviceaccount.com,sv2@developer.gserviceaccount.com", "tee-container-log-redirect":"true", "tee-monitoring-memory-enable":"true", "tee-dev-shm-size-kb":"234234", "tee-mount":"type=tmpfs,source=tmpfs,destination=/tmpmount;type=tmpfs,source=tmpfs,destination=/sized,size=222", "ita-region":"US", "ita-api-key":"test-api-key" }`, }, { "HappyCaseWithExtraUnknownFields", `{ "tee-cmd":"[\"--foo\",\"--bar\",\"--baz\"]", "tee-env-foo":"bar", "tee-unknown":"unknown", "unknown":"unknown", "tee-image-reference":"docker.io/library/hello-world:latest", "tee-signed-image-repos":"docker.io/library/hello-world,gcr.io/cloudrun/hello", "tee-restart-policy":"Always", "tee-impersonate-service-accounts":"sv1@developer.gserviceaccount.com,sv2@developer.gserviceaccount.com", "tee-container-log-redirect":"true", "tee-monitoring-memory-enable":"TRUE", "tee-dev-shm-size-kb":"234234", "tee-mount":"type=tmpfs,source=tmpfs,destination=/tmpmount;type=tmpfs,source=tmpfs,destination=/sized,size=222", "ita-region":"US", "ita-api-key":"test-api-key" }`, }, } want := &LaunchSpec{ ImageRef: "docker.io/library/hello-world:latest", SignedImageRepos: []string{"docker.io/library/hello-world", "gcr.io/cloudrun/hello"}, RestartPolicy: Always, Cmd: []string{"--foo", "--bar", "--baz"}, Envs: []EnvVar{{"foo", "bar"}}, ImpersonateServiceAccounts: []string{"sv1@developer.gserviceaccount.com", "sv2@developer.gserviceaccount.com"}, LogRedirect: Everywhere, MonitoringEnabled: MemoryOnly, DevShmSize: 234234, Mounts: []launchermount.Mount{launchermount.TmpfsMount{Destination: "/tmpmount", Size: 0}, launchermount.TmpfsMount{Destination: "/sized", Size: 222}}, ITAConfig: verifier.ITAConfig{ ITARegion: "US", ITAKey: "test-api-key", }, Experiments: experiments.Experiments{ EnableItaVerifier: true, }, } for _, testcase := range testCases { t.Run(testcase.testName, func(t *testing.T) { spec := &LaunchSpec{} spec.Experiments = experiments.Experiments{ EnableItaVerifier: true, } if err := spec.UnmarshalJSON([]byte(testcase.mdsJSON)); err != nil { t.Fatal(err) } if !cmp.Equal(spec, want) { t.Errorf("LaunchSpec UnmarshalJSON got %+v, want %+v", spec, want) } }) } } func TestLaunchSpecUnmarshalJSONBadInput(t *testing.T) { var testCases = []struct { testName string mdsJSON string }{ // not likely to happen for MDS { "BadJSON", `{ BadJSONFormat }`, }, // when there is no MDS values { "EmptyJSON", `{}`, }, // not likely to happen, since MDS will always use string as the value { "JSONWithPrimitives", `{ "tee-env-bool":true, "tee-image-reference":"docker.io/library/hello-world:latest" }`, }, { "WrongRestartPolicy", `{ "tee-image-reference":"docker.io/library/hello-world:latest", "tee-restart-policy":"noway", }`, }, { "WrongLogRedirectLocation", `{ "tee-image-reference":"docker.io/library/hello-world:latest", "tee-container-log-redirect":"badideas", }`, }, { "Memory and Health Monitoring both specified", `{ "tee-monitoring-memory-enable":"false", "tee-monitoring-health-enable":"false", }`, }, } for _, testcase := range testCases { t.Run(testcase.testName, func(t *testing.T) { spec := &LaunchSpec{} if err := spec.UnmarshalJSON([]byte(testcase.mdsJSON)); err == nil { t.Fatal("expected JSON parsing err") } }) } } func TestLaunchSpecUnmarshalJSONWithDefaultValue(t *testing.T) { mdsJSON := `{ "tee-image-reference":"docker.io/library/hello-world:latest", "tee-impersonate-service-accounts":"", "tee-signed-image-repos":"", "tee-container-log-redirect":"", "tee-restart-policy":"", "tee-monitoring-memory-enable":"", "tee-mount":"" }` spec := &LaunchSpec{} if err := spec.UnmarshalJSON([]byte(mdsJSON)); err != nil { t.Fatal(err) } want := &LaunchSpec{ ImageRef: "docker.io/library/hello-world:latest", RestartPolicy: Never, LogRedirect: Nowhere, MonitoringEnabled: None, } if !cmp.Equal(spec, want) { t.Errorf("LaunchSpec UnmarshalJSON got %+v, want %+v", spec, want) } } func TestLaunchSpecUnmarshalJSONWithoutImageReference(t *testing.T) { mdsJSON := `{ "tee-cmd":"[\"--foo\",\"--bar\",\"--baz\"]", "tee-env-foo":"bar", "tee-restart-policy":"Never" }` spec := &LaunchSpec{} if err := spec.UnmarshalJSON([]byte(mdsJSON)); err == nil || err != errImageRefNotSpecified { t.Errorf("got %v error, but expected %v error", err, errImageRefNotSpecified) } } func TestLaunchSpecUnmarshalJSONWithTmpfsMounts(t *testing.T) { var testCases = []struct { testName string mdsJSON string wantDst string wantSz uint64 }{ { "Empty Mounts", `{ "tee-image-reference":"docker.io/library/hello-world:latest", "tee-mount":"" }`, "", 0, }, { "Tmpfs", `{ "tee-image-reference":"docker.io/library/hello-world:latest", "tee-mount":"type=tmpfs,source=tmpfs,destination=/tmpmount" }`, "/tmpmount", 0, }, { "Tmpfs Sized", `{ "tee-image-reference":"docker.io/library/hello-world:latest", "tee-mount":"type=tmpfs,source=tmpfs,destination=/tmpmount,size=78987" }`, "/tmpmount", 78987, }, } for _, testcase := range testCases { t.Run(testcase.testName, func(t *testing.T) { spec := &LaunchSpec{} if err := spec.UnmarshalJSON([]byte(testcase.mdsJSON)); err != nil { t.Errorf("got %v error, but expected nil error", err) } }) } } func TestLaunchSpecUnmarshalJSONWithBadMounts(t *testing.T) { var testCases = []struct { testName string mdsJSON string errMatch string }{ { "Unknown Type", `{ "tee-image-reference":"docker.io/library/hello-world:latest", "tee-mount":"type=hallo" }`, "found unknown or unspecified mount type", }, { "Not k=v", `{ "tee-image-reference":"docker.io/library/hello-world:latest", "tee-mount":"type=tmpfs,source" }`, "failed to parse mount option", }, { "Unknown Option", `{ "tee-image-reference":"docker.io/library/hello-world:latest", "tee-mount":"type=tmpfs,source=tmpfs,destination=/tmpmount,size=123,foo=bar" }`, "found unknown mount option", }, { "Tmpfs Bad Source", `{ "tee-image-reference":"docker.io/library/hello-world:latest", "tee-mount":"type=tmpfs,source=src,destination=/tmpmount" }`, "received wrong mount source", }, { "Tmpfs No Destination", `{ "tee-image-reference":"docker.io/library/hello-world:latest", "tee-mount":"type=tmpfs,source=tmpfs" }`, "mount type \"tmpfs\" must have destination specified", }, { "Tmpfs Size Not Int", `{ "tee-image-reference":"docker.io/library/hello-world:latest", "tee-mount":"type=tmpfs,source=tmpfs,destination=/tmpmount,size=foo" }`, "failed to convert size option", }, } for _, testcase := range testCases { t.Run(testcase.testName, func(t *testing.T) { spec := &LaunchSpec{} err := spec.UnmarshalJSON([]byte(testcase.mdsJSON)) if match, _ := regexp.MatchString(testcase.errMatch, err.Error()); !match { t.Errorf("got %v error, but expected %v error", err, testcase.errMatch) } }) } } go-tpm-tools-0.4.7/launcher/teeserver/000077500000000000000000000000001510276467000177005ustar00rootroot00000000000000go-tpm-tools-0.4.7/launcher/teeserver/tee_server.go000066400000000000000000000161611510276467000223770ustar00rootroot00000000000000// Package teeserver implements a server to be run in the launcher. // Used for communicate between the host/launcher and the container. package teeserver import ( "context" "encoding/json" "fmt" "net" "net/http" "github.com/google/go-tpm-tools/launcher/agent" "github.com/google/go-tpm-tools/launcher/internal/logging" "github.com/google/go-tpm-tools/launcher/spec" "github.com/google/go-tpm-tools/verifier" "github.com/google/go-tpm-tools/verifier/models" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" ) const ( gcaEndpoint = "/v1/token" itaEndpoint = "/v1/intel/token" ) var clientErrorCodes = map[codes.Code]struct{}{ codes.InvalidArgument: {}, codes.FailedPrecondition: {}, codes.PermissionDenied: {}, codes.Unauthenticated: {}, codes.NotFound: {}, codes.Aborted: {}, codes.OutOfRange: {}, codes.Canceled: {}, } // AttestClients contains clients for supported verifier services that can be used to // get attestation tokens. type AttestClients struct { GCA verifier.Client ITA verifier.Client } type attestHandler struct { ctx context.Context attestAgent agent.AttestationAgent // defaultTokenFile string logger logging.Logger launchSpec spec.LaunchSpec clients AttestClients } // TeeServer is a server that can be called from a container through a unix // socket file. type TeeServer struct { server *http.Server netListener net.Listener } // New takes in a socket and start to listen to it, and create a server func New(ctx context.Context, unixSock string, a agent.AttestationAgent, logger logging.Logger, launchSpec spec.LaunchSpec, clients AttestClients) (*TeeServer, error) { var err error nl, err := net.Listen("unix", unixSock) if err != nil { return nil, fmt.Errorf("cannot listen to the socket [%s]: %v", unixSock, err) } teeServer := TeeServer{ netListener: nl, server: &http.Server{ Handler: (&attestHandler{ ctx: ctx, attestAgent: a, logger: logger, launchSpec: launchSpec, clients: clients, }).Handler(), }, } return &teeServer, nil } // Handler creates a multiplexer for the server. func (a *attestHandler) Handler() http.Handler { mux := http.NewServeMux() // to test default token: curl --unix-socket http://localhost/v1/token // to test custom token: // curl -d '{"audience":"", "nonces":[""]}' -H "Content-Type: application/json" -X POST // --unix-socket /tmp/container_launcher/teeserver.sock http://localhost/v1/token mux.HandleFunc(gcaEndpoint, a.getToken) mux.HandleFunc(itaEndpoint, a.getITAToken) return mux } func (a *attestHandler) logAndWriteError(errStr string, status int, w http.ResponseWriter) { a.logger.Error(errStr) w.WriteHeader(status) w.Write([]byte(errStr)) } // getDefaultToken handles the request to get the default OIDC token. // For now this function will just read the content of the file and return. // Later, this function can use attestation agent to get a token directly. func (a *attestHandler) getToken(w http.ResponseWriter, r *http.Request) { w.Header().Set("Content-Type", "text/html") a.logger.Info(fmt.Sprintf("%s called", gcaEndpoint)) // If the handler does not have an GCA client, return error. if a.clients.GCA == nil { errStr := "no GCA verifier client present, please try rebooting your VM" a.logAndWriteError(errStr, http.StatusInternalServerError, w) return } a.attest(w, r, a.clients.GCA) } // getITAToken retrieves a attestation token signed by ITA. func (a *attestHandler) getITAToken(w http.ResponseWriter, r *http.Request) { w.Header().Set("Content-Type", "text/html") a.logger.Info(fmt.Sprintf("%s called", itaEndpoint)) // If the handler does not have an ITA client, return error. if a.clients.ITA == nil { errStr := "no ITA verifier client present - ensure ITA Region and Key are defined in metadata" a.logAndWriteError(errStr, http.StatusInternalServerError, w) return } a.attest(w, r, a.clients.ITA) } func (a *attestHandler) attest(w http.ResponseWriter, r *http.Request, client verifier.Client) { switch r.Method { case http.MethodGet: if err := a.attestAgent.Refresh(a.ctx); err != nil { a.logAndWriteHTTPError(w, http.StatusInternalServerError, fmt.Errorf("failed to refresh attestation agent: %w", err)) return } token, err := a.attestAgent.AttestWithClient(a.ctx, agent.AttestAgentOpts{}, client) if err != nil { a.handleAttestError(w, err, "failed to retrieve attestation service token") return } w.WriteHeader(http.StatusOK) w.Write(token) return case http.MethodPost: var tokenOptions models.TokenOptions decoder := json.NewDecoder(r.Body) decoder.DisallowUnknownFields() err := decoder.Decode(&tokenOptions) if err != nil { err = fmt.Errorf("failed to parse POST body as TokenOptions: %v", err) a.logAndWriteHTTPError(w, http.StatusBadRequest, err) return } if tokenOptions.Audience == "" { err := fmt.Errorf("use GET request for the default identity token") a.logAndWriteHTTPError(w, http.StatusBadRequest, err) return } if tokenOptions.TokenType == "" { err := fmt.Errorf("token_type is a required parameter") a.logAndWriteHTTPError(w, http.StatusBadRequest, err) return } // Do not check that TokenTypeOptions matches TokenType in the launcher. opts := agent.AttestAgentOpts{ TokenOptions: &tokenOptions, } tok, err := a.attestAgent.AttestWithClient(a.ctx, opts, client) if err != nil { a.handleAttestError(w, err, "failed to retrieve custom attestation service token") return } w.WriteHeader(http.StatusOK) w.Write(tok) return default: // TODO: add an url pointing to the REST API document err := fmt.Errorf("TEE server received an invalid HTTP method: %s", r.Method) a.logAndWriteHTTPError(w, http.StatusBadRequest, err) } } func (a *attestHandler) logAndWriteHTTPError(w http.ResponseWriter, statusCode int, err error) { a.logger.Error(err.Error()) w.WriteHeader(statusCode) w.Write([]byte(err.Error())) } // Serve starts the server, will block until the server shutdown. func (s *TeeServer) Serve() error { return s.server.Serve(s.netListener) } // Shutdown will terminate the server and the underlying listener. func (s *TeeServer) Shutdown(ctx context.Context) error { err := s.server.Shutdown(ctx) err2 := s.netListener.Close() if err != nil { return err } if err2 != nil { return err2 } return nil } func (a *attestHandler) handleAttestError(w http.ResponseWriter, err error, message string) { st, ok := status.FromError(err) if ok { if _, exists := clientErrorCodes[st.Code()]; exists { // User errors, like invalid arguments. Map user errors to 400 Bad Request. a.logAndWriteHTTPError(w, http.StatusBadRequest, fmt.Errorf("%s: %w", message, err)) return } // Server-side or transient errors. Map user errors 500 Internal Server Error. a.logAndWriteHTTPError(w, http.StatusInternalServerError, fmt.Errorf("%s: %w", message, err)) return } // If it's not a gRPC error, it's likely an internal error within the launcher. // Map user errors 500 Internal Server Error a.logAndWriteHTTPError(w, http.StatusInternalServerError, fmt.Errorf("%s: %w", message, err)) } go-tpm-tools-0.4.7/launcher/teeserver/tee_server_test.go000066400000000000000000000332371510276467000234410ustar00rootroot00000000000000package teeserver import ( "context" "errors" "fmt" "io" "net/http" "net/http/httptest" "strings" "testing" "github.com/google/go-cmp/cmp" "github.com/google/go-tpm-tools/cel" "github.com/google/go-tpm-tools/launcher/agent" "github.com/google/go-tpm-tools/launcher/internal/logging" "github.com/google/go-tpm-tools/verifier" "github.com/google/go-tpm-tools/verifier/models" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" ) // Implements verifier.Client interface so it can be used to initialize test attestHandlers type fakeVerifierClient struct{} func (f *fakeVerifierClient) CreateChallenge(_ context.Context) (*verifier.Challenge, error) { return nil, fmt.Errorf("unimplemented") } func (f *fakeVerifierClient) VerifyAttestation(_ context.Context, _ verifier.VerifyAttestationRequest) (*verifier.VerifyAttestationResponse, error) { return nil, fmt.Errorf("unimplemented") } func (f *fakeVerifierClient) VerifyConfidentialSpace(_ context.Context, _ verifier.VerifyAttestationRequest) (*verifier.VerifyAttestationResponse, error) { return nil, fmt.Errorf("unimplemented") } type fakeAttestationAgent struct { measureEventFunc func(cel.Content) error attestFunc func(context.Context, agent.AttestAgentOpts) ([]byte, error) attestWithClientFunc func(context.Context, agent.AttestAgentOpts, verifier.Client) ([]byte, error) } func (f fakeAttestationAgent) Attest(c context.Context, a agent.AttestAgentOpts) ([]byte, error) { return f.attestFunc(c, a) } func (f fakeAttestationAgent) AttestWithClient(c context.Context, a agent.AttestAgentOpts, v verifier.Client) ([]byte, error) { return f.attestWithClientFunc(c, a, v) } func (f fakeAttestationAgent) MeasureEvent(c cel.Content) error { return f.measureEventFunc(c) } func (f fakeAttestationAgent) Refresh(_ context.Context) error { return nil } func (f fakeAttestationAgent) Close() error { return nil } func TestGetDefaultToken(t *testing.T) { testTokenContent := "test token" ah := attestHandler{ logger: logging.SimpleLogger(), clients: AttestClients{ GCA: &fakeVerifierClient{}, }, attestAgent: fakeAttestationAgent{ attestWithClientFunc: func(context.Context, agent.AttestAgentOpts, verifier.Client) ([]byte, error) { return []byte(testTokenContent), nil }, }} req := httptest.NewRequest(http.MethodGet, "/v1/token", nil) w := httptest.NewRecorder() ah.getToken(w, req) data, err := io.ReadAll(w.Result().Body) if err != nil { t.Error(err) } if w.Code != http.StatusOK { t.Errorf("got return code: %d, want: %d", w.Code, http.StatusOK) } if diff := cmp.Diff(testTokenContent, string(data)); diff != "" { t.Errorf("getToken() response body mismatch (-want +got):\n%s", diff) } } func TestGetDefaultTokenServerError(t *testing.T) { ah := attestHandler{ logger: logging.SimpleLogger(), clients: AttestClients{ GCA: &fakeVerifierClient{}, }, attestAgent: fakeAttestationAgent{ attestWithClientFunc: func(context.Context, agent.AttestAgentOpts, verifier.Client) ([]byte, error) { return nil, errors.New("internal server error from agent") }, }} req := httptest.NewRequest(http.MethodGet, "/v1/token", nil) w := httptest.NewRecorder() ah.getToken(w, req) data, err := io.ReadAll(w.Result().Body) if err != nil { t.Error(err) } if w.Code != http.StatusInternalServerError { t.Errorf("got return code: %d, want: %d", w.Code, http.StatusInternalServerError) } expectedError := "failed to retrieve attestation service token: internal server error from agent" if diff := cmp.Diff(expectedError, string(data)); diff != "" { t.Errorf("getToken() response body mismatch (-want +got):\n%s", diff) } } func TestCustomToken(t *testing.T) { tests := []struct { testName string body string attestWithClientFunc func(context.Context, agent.AttestAgentOpts, verifier.Client) ([]byte, error) want int }{ { testName: "TestNoAudiencePostRequest", body: `{ "audience": "", "nonces": ["thisIsAcustomNonce"], "token_type": "OIDC" }`, attestWithClientFunc: func(context.Context, agent.AttestAgentOpts, verifier.Client) ([]byte, error) { t.Errorf("This method should not be called") return nil, nil }, want: http.StatusBadRequest, }, { testName: "TestRequestFailurePassedToCaller", body: `{ "audience": "audience", "nonces": ["thisIsAcustomNonce"], "token_type": "OIDC" }`, attestWithClientFunc: func(context.Context, agent.AttestAgentOpts, verifier.Client) ([]byte, error) { return nil, errors.New("Error") }, want: http.StatusInternalServerError, }, { testName: "TestTokenTypeRequired", body: `{ "audience": "audience", "nonces": ["thisIsAcustomNonce"], "token_type": "" }`, attestWithClientFunc: func(context.Context, agent.AttestAgentOpts, verifier.Client) ([]byte, error) { t.Errorf("This method should not be called") return nil, nil }, want: http.StatusBadRequest, }, { testName: "TestRequestSuccessPassedToCaller", body: `{ "audience": "audience", "nonces": ["thisIsAcustomNonce"], "token_type": "OIDC" }`, attestWithClientFunc: func(context.Context, agent.AttestAgentOpts, verifier.Client) ([]byte, error) { return []byte{}, nil }, want: http.StatusOK, }, { testName: "TestPrincipalTagOptionsSuccess", body: `{ "audience": "audience", "nonces": ["thisIsAcustomNonce"], "token_type": "OIDC", "aws_principal_tag_options" : { "allowed_principal_tags": { "container_image_signatures" : { "key_ids": ["test1", "test2"] } } } }`, attestWithClientFunc: func(context.Context, agent.AttestAgentOpts, verifier.Client) ([]byte, error) { return []byte{}, nil }, want: http.StatusOK, }, } verifiers := []struct { name string url string tokenMethod func(ah *attestHandler, w http.ResponseWriter, r *http.Request) }{ { name: "GCA Handler", url: "/v1/token", tokenMethod: (*attestHandler).getToken, }, { name: "ITA Handler", url: "/v1/intel/token", tokenMethod: (*attestHandler).getITAToken, }, } for _, vf := range verifiers { t.Run(vf.name, func(t *testing.T) { for _, test := range tests { ah := attestHandler{ logger: logging.SimpleLogger(), clients: AttestClients{ GCA: &fakeVerifierClient{}, ITA: &fakeVerifierClient{}, }, attestAgent: fakeAttestationAgent{ attestWithClientFunc: test.attestWithClientFunc, }} b := strings.NewReader(test.body) req := httptest.NewRequest(http.MethodPost, vf.url, b) w := httptest.NewRecorder() vf.tokenMethod(&ah, w, req) _, err := io.ReadAll(w.Result().Body) if err != nil { t.Error(err) } if w.Code != test.want { t.Errorf("testcase '%v': got return code: %d, want: %d", test.testName, w.Code, test.want) } } }) } } func TestHandleAttestError(t *testing.T) { body := `{ "audience": "audience", "nonces": ["thisIsAcustomNonce"], "token_type": "OIDC" }` errorCases := []struct { name string err error wantStatusCode int }{ { name: "FailedPrecondition error", err: status.New(codes.FailedPrecondition, "bad state").Err(), wantStatusCode: http.StatusBadRequest, }, { name: "PermissionDenied error", err: status.New(codes.PermissionDenied, "denied").Err(), wantStatusCode: http.StatusBadRequest, }, { name: "Internal error", err: status.New(codes.Internal, "internal server error").Err(), wantStatusCode: http.StatusInternalServerError, }, { name: "Unavailable error", err: status.New(codes.Unavailable, "service unavailable").Err(), wantStatusCode: http.StatusInternalServerError, }, { name: "non-gRPC error", err: errors.New("a generic error"), wantStatusCode: http.StatusInternalServerError, }, } verifiers := []struct { name string url string tokenMethod func(ah *attestHandler, w http.ResponseWriter, r *http.Request) }{ { name: "GCA Handler", url: "/v1/token", tokenMethod: (*attestHandler).getToken, }, { name: "ITA Handler", url: "/v1/intel/token", tokenMethod: (*attestHandler).getITAToken, }, } for _, vf := range verifiers { t.Run(vf.name, func(t *testing.T) { for _, tc := range errorCases { t.Run(tc.name, func(t *testing.T) { ah := attestHandler{ logger: logging.SimpleLogger(), clients: AttestClients{ GCA: &fakeVerifierClient{}, ITA: &fakeVerifierClient{}, }, attestAgent: fakeAttestationAgent{ attestWithClientFunc: func(context.Context, agent.AttestAgentOpts, verifier.Client) ([]byte, error) { return nil, tc.err }, }, } req := httptest.NewRequest(http.MethodPost, vf.url, strings.NewReader(body)) w := httptest.NewRecorder() vf.tokenMethod(&ah, w, req) if w.Code != tc.wantStatusCode { t.Errorf("got status code %d, want %d", w.Code, tc.wantStatusCode) } _, err := io.ReadAll(w.Result().Body) if err != nil { t.Errorf("failed to read response body: %v", err) } }) } }) } } func TestHandleAttestError_NilClient(t *testing.T) { verifiers := []struct { name string url string handler func(ah *attestHandler, w http.ResponseWriter, r *http.Request) }{ {name: "GCA Handler", url: "/v1/token", handler: (*attestHandler).getToken}, {name: "ITA Handler", url: "/v1/intel/token", handler: (*attestHandler).getITAToken}, } for _, vf := range verifiers { t.Run(vf.name, func(t *testing.T) { ah := attestHandler{ logger: logging.SimpleLogger(), clients: AttestClients{}, // No clients defined } req := httptest.NewRequest(http.MethodPost, vf.url, strings.NewReader("")) w := httptest.NewRecorder() vf.handler(&ah, w, req) const wantStatusCode = http.StatusInternalServerError if w.Code != wantStatusCode { t.Errorf("got status code %d, want %d", w.Code, wantStatusCode) } }) } } func TestCustomTokenDataParsedSuccessfully(t *testing.T) { tests := []struct { testName string body string attestFunc func(context.Context, agent.AttestAgentOpts) ([]byte, error) wantCode int wantOpts agent.AttestAgentOpts }{ { testName: "TestKeyIdsReadSuccessfullyEvenWithInvalidTokenTypeMatch", body: `{ "audience": "audience", "nonces": ["thisIsAcustomNonce"], "token_type": "OIDC", "aws_principal_tag_options" : { "allowed_principal_tags": { "container_image_signatures" : { "key_ids": ["test1", "test2"] } } } }`, wantCode: http.StatusOK, wantOpts: agent.AttestAgentOpts{ TokenOptions: &models.TokenOptions{ Audience: "audience", Nonces: []string{"thisIsAcustomNonce"}, TokenType: "OIDC", PrincipalTagOptions: &models.AWSPrincipalTagsOptions{ AllowedPrincipalTags: &models.AllowedPrincipalTags{ ContainerImageSignatures: &models.ContainerImageSignatures{ KeyIDs: []string{"test1", "test2"}, }, }, }, }, }, }, { testName: "PartialAwsPrincipalTagOptionsOK", body: `{ "audience": "audience", "nonces": ["thisIsAcustomNonce"], "token_type": "OIDC", "aws_principal_tag_options" : { } }`, wantCode: http.StatusOK, wantOpts: agent.AttestAgentOpts{ TokenOptions: &models.TokenOptions{ Audience: "audience", Nonces: []string{"thisIsAcustomNonce"}, TokenType: "OIDC", PrincipalTagOptions: &models.AWSPrincipalTagsOptions{}, }, }, }, { testName: "MorePartialAwsPrincipalTagOptionsOK", body: `{ "audience": "audience", "nonces": ["thisIsAcustomNonce"], "token_type": "OIDC", "aws_principal_tag_options" : { "allowed_principal_tags": { } } }`, wantCode: http.StatusOK, wantOpts: agent.AttestAgentOpts{ TokenOptions: &models.TokenOptions{ Audience: "audience", Nonces: []string{"thisIsAcustomNonce"}, TokenType: "OIDC", PrincipalTagOptions: &models.AWSPrincipalTagsOptions{ AllowedPrincipalTags: &models.AllowedPrincipalTags{}, }, }, }, }, { testName: "InvalidJSONNotOkay", body: `{ "audience": "audience", "nonces": ["thisIsAcustomNonce"], "token_type": "OIDC", "aws_principal_tag_options" : { "allowed_principal_tag": { } } }`, wantCode: http.StatusBadRequest, wantOpts: agent.AttestAgentOpts{ TokenOptions: &models.TokenOptions{ Audience: "audience", Nonces: []string{"thisIsAcustomNonce"}, TokenType: "OIDC", PrincipalTagOptions: &models.AWSPrincipalTagsOptions{ AllowedPrincipalTags: &models.AllowedPrincipalTags{}, }, }, }, }, } for i, test := range tests { ah := attestHandler{ logger: logging.SimpleLogger(), clients: AttestClients{ GCA: &fakeVerifierClient{}, }, attestAgent: fakeAttestationAgent{ attestWithClientFunc: func(_ context.Context, gotOpts agent.AttestAgentOpts, _ verifier.Client) ([]byte, error) { diff := cmp.Diff(test.wantOpts, gotOpts) if diff != "" { t.Errorf("%v: got unexpected agent.AttestAgentOpts. diff:\n%v", test.testName, diff) } return []byte{}, nil }, }} b := strings.NewReader(test.body) req := httptest.NewRequest(http.MethodPost, "/v1/token", b) w := httptest.NewRecorder() ah.getToken(w, req) _, err := io.ReadAll(w.Result().Body) if err != nil { t.Error(err) } if w.Code != test.wantCode { t.Errorf("testcase %d, '%v': got return code: %d, want: %d", i, test.testName, w.Code, test.wantCode) } } } go-tpm-tools-0.4.7/launcher/util.go000066400000000000000000000064251510276467000172070ustar00rootroot00000000000000package launcher import ( "context" "fmt" "io" "github.com/google/go-tpm/legacy/tpm2" "google.golang.org/api/impersonate" "google.golang.org/api/option" ) // TPMDAParams holds TPM Dictionary Attack parameters. type TPMDAParams struct { LockoutCounter uint32 MaxTries uint32 // aka "MaxAuthFail" in TPM Properties RecoveryTime uint32 // aka "LockoutInterval" in TPM Properties LockoutRecovery uint32 // aka "LockoutRecovery" in TPM Properties StartupClearOrderly bool } // FetchImpersonatedToken return an access token for the impersonated service account. func FetchImpersonatedToken(ctx context.Context, serviceAccount string, audience string, opts ...option.ClientOption) ([]byte, error) { config := impersonate.IDTokenConfig{ Audience: audience, TargetPrincipal: serviceAccount, IncludeEmail: true, } tokenSource, err := impersonate.IDTokenSource(ctx, config, opts...) if err != nil { return nil, fmt.Errorf("error creating token source: %v", err) } token, err := tokenSource.Token() if err != nil { return nil, fmt.Errorf("error retrieving token: %v", err) } return []byte(token.AccessToken), nil } // SetTPMDAParams takes in a TPM and updates its Dictionary Attack parameters // Only MaxAuthFail, LockoutInterval and LockoutRecovery of TPMDAParams are // used in this function. func SetTPMDAParams(tpm io.ReadWriter, daParams TPMDAParams) error { // empty auth auth := tpm2.AuthCommand{ Session: tpm2.HandlePasswordSession, Attributes: tpm2.AttrContinueSession, Auth: []byte(""), } return tpm2.DictionaryAttackParameters(tpm, auth, daParams.MaxTries, daParams.RecoveryTime, daParams.LockoutRecovery) } // GetTPMDAInfo takes in a TPM and read its Dictionary Attack parameters func GetTPMDAInfo(tpm io.ReadWriter) (*TPMDAParams, error) { var tpmDAParams TPMDAParams lockoutCounter, err := getCapabilityProperty(tpm, tpm2.LockoutCounter) // 526 if err != nil { return nil, err } tpmDAParams.LockoutCounter = lockoutCounter.Value maxAuthFail, err := getCapabilityProperty(tpm, tpm2.MaxAuthFail) // 527 if err != nil { return nil, err } tpmDAParams.MaxTries = maxAuthFail.Value lockoutInterval, err := getCapabilityProperty(tpm, tpm2.LockoutInterval) // 528 if err != nil { return nil, err } tpmDAParams.RecoveryTime = lockoutInterval.Value lockoutRecovery, err := getCapabilityProperty(tpm, tpm2.LockoutRecovery) // 529 if err != nil { return nil, err } tpmDAParams.LockoutRecovery = lockoutRecovery.Value startUpClear, err := getCapabilityProperty(tpm, tpm2.TPMAStartupClear) if err != nil { return nil, err } // get the 31st bit (TPM-Rev-2.0-Part-2-Structures-01.38.pdf, Page 73) tpmDAParams.StartupClearOrderly = (startUpClear.Value&(1<<31)>>31 == 1) return &tpmDAParams, nil } func getCapabilityProperty(tpm io.ReadWriter, property tpm2.TPMProp) (*tpm2.TaggedProperty, error) { vals, _, err := tpm2.GetCapability(tpm, tpm2.CapabilityTPMProperties, 1, uint32(property)) if err != nil { return nil, err } val, ok := vals[0].(tpm2.TaggedProperty) if !ok { return nil, fmt.Errorf("failed to cast returned value to tpm2.TaggedProperty: %v", val) } if val.Tag != property { return nil, fmt.Errorf("failed to get expected property from the TPM, want: %v, got: %v", property, val) } return &val, nil } go-tpm-tools-0.4.7/launcher/util_test.go000066400000000000000000000060531510276467000202430ustar00rootroot00000000000000package launcher import ( "bytes" "context" "encoding/json" "fmt" "io" "net/http" "strings" "testing" "github.com/google/go-cmp/cmp" "github.com/google/go-tpm-tools/client" "github.com/google/go-tpm-tools/internal/test" "google.golang.org/api/option" ) var expectedEmail = "test2@google.com" var expectedToken = []byte("test_token") var expectedURL = fmt.Sprintf(idTokenEndpoint, expectedEmail) var testClient = &http.Client{ Transport: &testRoundTripper{ roundTripFunc: func(req *http.Request) *http.Response { if req.URL.String() != expectedURL { return &http.Response{ StatusCode: http.StatusNotFound, } } resp := idTokenResp{ Token: string(expectedToken), } respBody, err := json.Marshal(resp) if err != nil { return &http.Response{ StatusCode: http.StatusInternalServerError, } } return &http.Response{ StatusCode: http.StatusOK, Header: make(http.Header), Body: io.NopCloser(bytes.NewBuffer(respBody)), } }, }, } func TestTPMDAOps(t *testing.T) { rwc := test.GetTPM(t) defer client.CheckedClose(t, rwc) daInfo, err := GetTPMDAInfo(rwc) if err != nil { t.Fatal(err) } // default simualator TPM params expectedDaInfo := TPMDAParams{0, 3, 1000, 1000, true} if !cmp.Equal(*daInfo, expectedDaInfo) { t.Errorf("expected default DA parameters, got %+v, want %+v", daInfo, expectedDaInfo) } err = SetTPMDAParams(rwc, TPMDAParams{MaxTries: 123, RecoveryTime: 456, LockoutRecovery: 789}) if err != nil { t.Fatal(err) } daInfo, err = GetTPMDAInfo(rwc) if err != nil { t.Fatal(err) } expectedDaInfo = TPMDAParams{0 /*LockoutCounter*/, 123 /*MaxTries*/, 456 /*RecoveryTime*/, 789 /*LockoutRecovery*/, true} if !cmp.Equal(*daInfo, expectedDaInfo) { t.Errorf("expected default DA parameters, got %+v, want %+v", daInfo, expectedDaInfo) } } func TestFetchImpersonatedToken(t *testing.T) { token, err := FetchImpersonatedToken(context.Background(), expectedEmail, "test_aud", option.WithHTTPClient(testClient)) if err != nil { t.Fatalf("fetchImpersonatedToken returned error: %v", err) } if !bytes.Equal(token, expectedToken) { t.Errorf("fetchImpersonatedToken did not return expected token: got %v, want %v", token, expectedToken) } } func TestFetchImpersonatedTokenNilAud(t *testing.T) { _, err := FetchImpersonatedToken(context.Background(), expectedEmail, "", option.WithHTTPClient(testClient)) if err == nil || !strings.Contains(err.Error(), "audience") { t.Fatalf("got %v error, want audience error", err) } } func TestFetchImpersonatedTokenBadEmail(t *testing.T) { _, err := FetchImpersonatedToken(context.Background(), "", "test_aud", option.WithHTTPClient(testClient)) if err == nil || strings.Contains(err.Error(), "audience") { t.Fatalf("got %v error, want creating token source error", err) } } type testRoundTripper struct { roundTripFunc func(*http.Request) *http.Response } func (t *testRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) { return t.roundTripFunc(req), nil } type idTokenResp struct { Token string `json:"token"` } go-tpm-tools-0.4.7/proto/000077500000000000000000000000001510276467000152365ustar00rootroot00000000000000go-tpm-tools-0.4.7/proto/attest.proto000066400000000000000000000266131510276467000176370ustar00rootroot00000000000000syntax = "proto3"; package attest; import "proto/sevsnp.proto"; import "proto/tdx.proto"; import "tpm.proto"; option go_package = "github.com/google/go-tpm-tools/proto/attest"; // Information uniquely identifying a GCE instance. Can be used to create an // instance URL, which can then be used with GCE APIs. Formatted like: // https://www.googleapis.com/compute/v1/projects/{project_id}/zones/{zone}/instances/{instance_name} message GCEInstanceInfo { string zone = 1; string project_id = 2; uint64 project_number = 3; string instance_name = 4; uint64 instance_id = 5; } message Attestation { // Attestation Key (AK) Public Area, encoded as a TPMT_PUBLIC bytes ak_pub = 1; // Quotes over all supported PCR banks repeated tpm.Quote quotes = 2; // TCG Event Log, encoded in the raw binary format. // Can be SHA-1 or crypto-agile. bytes event_log = 3; // Optional information about a GCE instance, unused outside of GCE GCEInstanceInfo instance_info = 4; // A COS event log using the TCG Canonical Event Log format bytes canonical_event_log = 5; // Attestation Key (AK) Certificate, encoded as ASN.1 DER. // Optional. bytes ak_cert = 6; // Intermediate Certificates for verifying the AK Certificate, encoded as // ASN.1 DER. Optional. repeated bytes intermediate_certs = 7; // Trusted execution environment attestation is a secondary platform // attestation that the machine is running within a particular confidential // environment. oneof tee_attestation { sevsnp.Attestation sev_snp_attestation = 8; tdx.QuoteV4 tdx_attestation = 9; } } // For VMs running SEV-SNP with an SVSM-based e-vTPM, this contains a TPM quote // and all the information needed to verify it. message SevSnpSvsmAttestation { Attestation attestation = 1; sevsnp.Attestation sev_snp_attestation = 2; // vTPM service manifest is retrieved from configfs-tsm-report via manifest blob // See https://github.com/torvalds/linux/blob/v6.16/Documentation/ABI/testing/configfs-tsm-report // The manifest format is defined by the SVSM spec at https://www.amd.com/en/developer/sev.html bytes vtpm_service_manifest = 3; string vtpm_service_manifest_version = 4; // This contains a launch endorsement for guest firmware that includes SVSM. bytes launch_endorsement = 5; } // Type of hardware technology used to protect this instance enum GCEConfidentialTechnology { NONE = 0; AMD_SEV = 1; AMD_SEV_ES = 2; INTEL_TDX = 3; AMD_SEV_SNP = 4; } // The platform/firmware state for this instance message PlatformState { oneof firmware { // Raw S-CRTM version identifier (EV_S_CRTM_VERSION) bytes scrtm_version_id = 1; // Virtual GCE firmware version (parsed from S-CRTM version id) uint32 gce_version = 2; } // Set to NONE on non-GCE instances or non-Confidential Shielded GCE instances GCEConfidentialTechnology technology = 3; // Only set for GCE instances GCEInstanceInfo instance_info = 4; } message GrubFile { // The digest of the file (pulled from the raw event digest). bytes digest = 1; // The event data. This is not measured, so it is untrusted. bytes untrusted_filename = 2; } message GrubState { // All GRUB-read and measured files, including grub.cfg. repeated GrubFile files = 1; // A list of executed GRUB commands and command lines passed to the kernel // and kernel modules. repeated string commands = 2; } // The state of the Linux kernel. // At the moment, parsing LinuxKernelState relies on parsing the GrubState. // To do so, use ParseOpts{Loader: GRUB} when calling ParseMachineState. message LinuxKernelState { // The kernel command line. string command_line = 1; } // A parsed event from the TCG event log message Event { // The Platform Control Register (PCR) this event was extended into. uint32 pcr_index = 1; // The type of this event. Note that this value is not verified, so it should // only be used as a hint during event parsing. uint32 untrusted_type = 2; // The raw data associated to this event. The meaning of this data is // specific to the type of the event. bytes data = 3; // The event digest actually extended into the TPM. This is often the hash of // the data field, but in some cases it may have a type-specific calculation. bytes digest = 4; // This is true if hash(data) == digest. bool digest_verified = 5; } // Common, publicly-listed certificates by different vendors. enum WellKnownCertificate { UNKNOWN = 0; // Microsoft certs: // https://go.microsoft.com/fwlink/p/?linkid=321192 MS_WINDOWS_PROD_PCA_2011 = 1; // https://go.microsoft.com/fwlink/p/?linkid=321194 MS_THIRD_PARTY_UEFI_CA_2011 = 2; // https://go.microsoft.com/fwlink/p/?linkid=321185 MS_THIRD_PARTY_KEK_CA_2011 = 3; // GCE certs: GCE_DEFAULT_PK = 4; } message Certificate { // The representation of the certificate. If the certificate matches a // well-known certificate above, representation should contain the value in // the enum. Otherwise, it will contain the raw DER. oneof representation { // DER representation of the certificate. bytes der = 1; WellKnownCertificate well_known = 2; } } // A Secure Boot database containing lists of hashes and certificates, // as defined by section 32.4.1 Signature Database in the UEFI spec. message Database { repeated Certificate certs = 1; repeated bytes hashes = 2; } // The Secure Boot state for this instance. message SecureBootState { // Whether Secure Boot is enabled. bool enabled = 1; // The Secure Boot signature (allowed) database. Database db = 2; // The Secure Boot revoked signature (forbidden) database. Database dbx = 3; // Authority events post-separator. Pre-separator authorities // are currently not supported. Database authority = 4; // The Secure Boot Platform key, used to sign key exchange keys. Database pk = 5; // The Secure Boot Key Exchange Keys, used to sign db and dbx updates. Database kek = 6; } // The container's restart policy. // See the following Kubernetes documentation for more details: // https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy // Note that these enum variants do not conform to the standard Protocol Buffers // Style Guide so that RestartPolicy_name, RestartPolicy_value, and // RestartPolicy.String() match the values used by Kubernetes and others. enum RestartPolicy { Always = 0; OnFailure = 1; Never = 2; } message ContainerState { string image_reference = 1; // Digest of the registry's image manifest, which contains a list of the // layers comprising the image. string image_digest = 2; RestartPolicy restart_policy = 3; // Digest of the local image configuration object, containing config items // such as local layer digests. string image_id = 4; repeated string args = 5; map env_vars = 6; // Record operator input Env Vars and Args, should be subsets of the above // Env Vars and Args. repeated string overridden_args = 7; map overridden_env_vars = 8; } message SemanticVersion { uint32 major = 1; uint32 minor = 2; uint32 patch = 3; } message HealthMonitoringState { // Whether memory monitoring is enabled. optional bool memory_enabled = 1; } // Confidential Computing mode for GPU device. Reference for these CC mode values: https://developer.nvidia.com/blog/confidential-computing-on-h100-gpus-for-secure-and-trustworthy-ai/#hardware_security_for_nvidia_h100_gpus enum GPUDeviceCCMode { UNSET = 0; // The NVIDIA H100 hardware, firmware, and software have fully activated all the confidential computing features. ON = 1; // None of the confidential computing-specific features are active. OFF = 2; // The GPU is in a partial CC mode that will match the workflows of CC mode ON, but with security protections disabled. DEVTOOLS = 3; } message GpuDeviceState { // Whether Confidential Computing mode is enabled for GPU. GPUDeviceCCMode cc_mode = 1; } message AttestedCosState { ContainerState container = 1; SemanticVersion cos_version = 2; SemanticVersion launcher_version = 3; HealthMonitoringState health_monitoring = 4; GpuDeviceState gpu_device_state = 5; } message EfiApp { // The PE/COFF digest of the EFI application (pulled from the raw event digest). bytes digest = 1; } // The verified state of EFI Applications. Policy usage on this machine state // should check the entire set of EFI App digests matches, not a subset. message EfiState { // UEFI's OS Loader code is required to measure attempts to load and execute // UEFI applications. // UEFI applications are typically bootloaders such as shim and GRUB. // These run and are measured using the UEFI LoadImage() service. repeated EfiApp apps = 1; } // The verified state of a booted machine, obtained from an Attestation message MachineState { PlatformState platform = 1; SecureBootState secure_boot = 2; // The complete parsed TCG Event Log, including those events used to // create the PlatformState. repeated Event raw_events = 3; // The hash algorithm used when verifying the Attestation. This indicates: // - which PCR bank was used for for quote validation and event log replay // - the hash algorithm used to calculate event digests tpm.HashAlgo hash = 4; GrubState grub = 5; LinuxKernelState linux_kernel = 6; AttestedCosState cos = 7; EfiState efi = 8; // Attestation/Quote representations from TEEs whose signatures are already // verified. oneof tee_attestation { sevsnp.Attestation sev_snp_attestation = 9; tdx.QuoteV4 tdx_attestation = 10; } } // A policy dictating which values of PlatformState to allow message PlatformPolicy { // If PlatformState.firmware contains a scrtm_version_id, it must appear // in this list. For use with a GCE VM, minimum_gce_firmware_version is // often a better alternative. repeated bytes allowed_scrtm_version_ids = 1; // If PlatformState.firmware contains a minimum_gce_firmware_version, it must // be greater than or equal to this value. Currently, the max version is 1. uint32 minimum_gce_firmware_version = 2; // The PlatformState's technology must be at least as secure as // the specified minimum_technology (i.e. AMD_SEV_ES > AMD_SEV > NONE). GCEConfidentialTechnology minimum_technology = 3; } // A policy about what parts of a RIM to compare against machine state as // reflected in a quote or (verified) event log. Reference measurements for // a component are expected to be addressable by the machine state's reported // digest, or otherwise presented as cached collateral with the attestation // itself. The method of delivery is vendor-specific. message RIMPolicy { // If true, the signed measurement must be available (by means that can be // vendor-specific), and the target measurement must be among the listed // signed measurements. If false, then only error if there is a problem // verifying the signed measurements when they are available. bool require_signed = 1; // x.509 certificates in ASN.1 DER format. repeated bytes root_certs = 2; } // Represent minimal decisions about attestation fields until necessary to // add for policy reasons. message SevSnpPolicy { // The policy for checking the signed reference values for the UEFI at launch. RIMPolicy uefi = 1; } // A policy dictating which type of MachineStates to allow message Policy { PlatformPolicy platform = 1; // SecureBootPolicy secure_boot = 2; // When the attestation is on SEV-SNP, this is the policy. Unset means no // constraints. SevSnpPolicy sev_snp = 3; }go-tpm-tools-0.4.7/proto/attest/000077500000000000000000000000001510276467000165425ustar00rootroot00000000000000go-tpm-tools-0.4.7/proto/attest/attest.pb.go000066400000000000000000003011311510276467000207740ustar00rootroot00000000000000// Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.0 // protoc v3.20.1 // source: attest.proto package attest import ( sevsnp "github.com/google/go-sev-guest/proto/sevsnp" tdx "github.com/google/go-tdx-guest/proto/tdx" tpm "github.com/google/go-tpm-tools/proto/tpm" protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" reflect "reflect" sync "sync" ) const ( // Verify that this generated code is sufficiently up-to-date. _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) // Verify that runtime/protoimpl is sufficiently up-to-date. _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) ) // Type of hardware technology used to protect this instance type GCEConfidentialTechnology int32 const ( GCEConfidentialTechnology_NONE GCEConfidentialTechnology = 0 GCEConfidentialTechnology_AMD_SEV GCEConfidentialTechnology = 1 GCEConfidentialTechnology_AMD_SEV_ES GCEConfidentialTechnology = 2 GCEConfidentialTechnology_INTEL_TDX GCEConfidentialTechnology = 3 GCEConfidentialTechnology_AMD_SEV_SNP GCEConfidentialTechnology = 4 ) // Enum value maps for GCEConfidentialTechnology. var ( GCEConfidentialTechnology_name = map[int32]string{ 0: "NONE", 1: "AMD_SEV", 2: "AMD_SEV_ES", 3: "INTEL_TDX", 4: "AMD_SEV_SNP", } GCEConfidentialTechnology_value = map[string]int32{ "NONE": 0, "AMD_SEV": 1, "AMD_SEV_ES": 2, "INTEL_TDX": 3, "AMD_SEV_SNP": 4, } ) func (x GCEConfidentialTechnology) Enum() *GCEConfidentialTechnology { p := new(GCEConfidentialTechnology) *p = x return p } func (x GCEConfidentialTechnology) String() string { return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) } func (GCEConfidentialTechnology) Descriptor() protoreflect.EnumDescriptor { return file_attest_proto_enumTypes[0].Descriptor() } func (GCEConfidentialTechnology) Type() protoreflect.EnumType { return &file_attest_proto_enumTypes[0] } func (x GCEConfidentialTechnology) Number() protoreflect.EnumNumber { return protoreflect.EnumNumber(x) } // Deprecated: Use GCEConfidentialTechnology.Descriptor instead. func (GCEConfidentialTechnology) EnumDescriptor() ([]byte, []int) { return file_attest_proto_rawDescGZIP(), []int{0} } // Common, publicly-listed certificates by different vendors. type WellKnownCertificate int32 const ( WellKnownCertificate_UNKNOWN WellKnownCertificate = 0 // Microsoft certs: // https://go.microsoft.com/fwlink/p/?linkid=321192 WellKnownCertificate_MS_WINDOWS_PROD_PCA_2011 WellKnownCertificate = 1 // https://go.microsoft.com/fwlink/p/?linkid=321194 WellKnownCertificate_MS_THIRD_PARTY_UEFI_CA_2011 WellKnownCertificate = 2 // https://go.microsoft.com/fwlink/p/?linkid=321185 WellKnownCertificate_MS_THIRD_PARTY_KEK_CA_2011 WellKnownCertificate = 3 // GCE certs: WellKnownCertificate_GCE_DEFAULT_PK WellKnownCertificate = 4 ) // Enum value maps for WellKnownCertificate. var ( WellKnownCertificate_name = map[int32]string{ 0: "UNKNOWN", 1: "MS_WINDOWS_PROD_PCA_2011", 2: "MS_THIRD_PARTY_UEFI_CA_2011", 3: "MS_THIRD_PARTY_KEK_CA_2011", 4: "GCE_DEFAULT_PK", } WellKnownCertificate_value = map[string]int32{ "UNKNOWN": 0, "MS_WINDOWS_PROD_PCA_2011": 1, "MS_THIRD_PARTY_UEFI_CA_2011": 2, "MS_THIRD_PARTY_KEK_CA_2011": 3, "GCE_DEFAULT_PK": 4, } ) func (x WellKnownCertificate) Enum() *WellKnownCertificate { p := new(WellKnownCertificate) *p = x return p } func (x WellKnownCertificate) String() string { return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) } func (WellKnownCertificate) Descriptor() protoreflect.EnumDescriptor { return file_attest_proto_enumTypes[1].Descriptor() } func (WellKnownCertificate) Type() protoreflect.EnumType { return &file_attest_proto_enumTypes[1] } func (x WellKnownCertificate) Number() protoreflect.EnumNumber { return protoreflect.EnumNumber(x) } // Deprecated: Use WellKnownCertificate.Descriptor instead. func (WellKnownCertificate) EnumDescriptor() ([]byte, []int) { return file_attest_proto_rawDescGZIP(), []int{1} } // The container's restart policy. // See the following Kubernetes documentation for more details: // https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy // Note that these enum variants do not conform to the standard Protocol Buffers // Style Guide so that RestartPolicy_name, RestartPolicy_value, and // RestartPolicy.String() match the values used by Kubernetes and others. type RestartPolicy int32 const ( RestartPolicy_Always RestartPolicy = 0 RestartPolicy_OnFailure RestartPolicy = 1 RestartPolicy_Never RestartPolicy = 2 ) // Enum value maps for RestartPolicy. var ( RestartPolicy_name = map[int32]string{ 0: "Always", 1: "OnFailure", 2: "Never", } RestartPolicy_value = map[string]int32{ "Always": 0, "OnFailure": 1, "Never": 2, } ) func (x RestartPolicy) Enum() *RestartPolicy { p := new(RestartPolicy) *p = x return p } func (x RestartPolicy) String() string { return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) } func (RestartPolicy) Descriptor() protoreflect.EnumDescriptor { return file_attest_proto_enumTypes[2].Descriptor() } func (RestartPolicy) Type() protoreflect.EnumType { return &file_attest_proto_enumTypes[2] } func (x RestartPolicy) Number() protoreflect.EnumNumber { return protoreflect.EnumNumber(x) } // Deprecated: Use RestartPolicy.Descriptor instead. func (RestartPolicy) EnumDescriptor() ([]byte, []int) { return file_attest_proto_rawDescGZIP(), []int{2} } // Confidential Computing mode for GPU device. Reference for these CC mode values: https://developer.nvidia.com/blog/confidential-computing-on-h100-gpus-for-secure-and-trustworthy-ai/#hardware_security_for_nvidia_h100_gpus type GPUDeviceCCMode int32 const ( GPUDeviceCCMode_UNSET GPUDeviceCCMode = 0 // The NVIDIA H100 hardware, firmware, and software have fully activated all the confidential computing features. GPUDeviceCCMode_ON GPUDeviceCCMode = 1 // None of the confidential computing-specific features are active. GPUDeviceCCMode_OFF GPUDeviceCCMode = 2 // The GPU is in a partial CC mode that will match the workflows of CC mode ON, but with security protections disabled. GPUDeviceCCMode_DEVTOOLS GPUDeviceCCMode = 3 ) // Enum value maps for GPUDeviceCCMode. var ( GPUDeviceCCMode_name = map[int32]string{ 0: "UNSET", 1: "ON", 2: "OFF", 3: "DEVTOOLS", } GPUDeviceCCMode_value = map[string]int32{ "UNSET": 0, "ON": 1, "OFF": 2, "DEVTOOLS": 3, } ) func (x GPUDeviceCCMode) Enum() *GPUDeviceCCMode { p := new(GPUDeviceCCMode) *p = x return p } func (x GPUDeviceCCMode) String() string { return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) } func (GPUDeviceCCMode) Descriptor() protoreflect.EnumDescriptor { return file_attest_proto_enumTypes[3].Descriptor() } func (GPUDeviceCCMode) Type() protoreflect.EnumType { return &file_attest_proto_enumTypes[3] } func (x GPUDeviceCCMode) Number() protoreflect.EnumNumber { return protoreflect.EnumNumber(x) } // Deprecated: Use GPUDeviceCCMode.Descriptor instead. func (GPUDeviceCCMode) EnumDescriptor() ([]byte, []int) { return file_attest_proto_rawDescGZIP(), []int{3} } // Information uniquely identifying a GCE instance. Can be used to create an // instance URL, which can then be used with GCE APIs. Formatted like: // // https://www.googleapis.com/compute/v1/projects/{project_id}/zones/{zone}/instances/{instance_name} type GCEInstanceInfo struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields Zone string `protobuf:"bytes,1,opt,name=zone,proto3" json:"zone,omitempty"` ProjectId string `protobuf:"bytes,2,opt,name=project_id,json=projectId,proto3" json:"project_id,omitempty"` ProjectNumber uint64 `protobuf:"varint,3,opt,name=project_number,json=projectNumber,proto3" json:"project_number,omitempty"` InstanceName string `protobuf:"bytes,4,opt,name=instance_name,json=instanceName,proto3" json:"instance_name,omitempty"` InstanceId uint64 `protobuf:"varint,5,opt,name=instance_id,json=instanceId,proto3" json:"instance_id,omitempty"` } func (x *GCEInstanceInfo) Reset() { *x = GCEInstanceInfo{} if protoimpl.UnsafeEnabled { mi := &file_attest_proto_msgTypes[0] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } } func (x *GCEInstanceInfo) String() string { return protoimpl.X.MessageStringOf(x) } func (*GCEInstanceInfo) ProtoMessage() {} func (x *GCEInstanceInfo) ProtoReflect() protoreflect.Message { mi := &file_attest_proto_msgTypes[0] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use GCEInstanceInfo.ProtoReflect.Descriptor instead. func (*GCEInstanceInfo) Descriptor() ([]byte, []int) { return file_attest_proto_rawDescGZIP(), []int{0} } func (x *GCEInstanceInfo) GetZone() string { if x != nil { return x.Zone } return "" } func (x *GCEInstanceInfo) GetProjectId() string { if x != nil { return x.ProjectId } return "" } func (x *GCEInstanceInfo) GetProjectNumber() uint64 { if x != nil { return x.ProjectNumber } return 0 } func (x *GCEInstanceInfo) GetInstanceName() string { if x != nil { return x.InstanceName } return "" } func (x *GCEInstanceInfo) GetInstanceId() uint64 { if x != nil { return x.InstanceId } return 0 } type Attestation struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields // Attestation Key (AK) Public Area, encoded as a TPMT_PUBLIC AkPub []byte `protobuf:"bytes,1,opt,name=ak_pub,json=akPub,proto3" json:"ak_pub,omitempty"` // Quotes over all supported PCR banks Quotes []*tpm.Quote `protobuf:"bytes,2,rep,name=quotes,proto3" json:"quotes,omitempty"` // TCG Event Log, encoded in the raw binary format. // Can be SHA-1 or crypto-agile. EventLog []byte `protobuf:"bytes,3,opt,name=event_log,json=eventLog,proto3" json:"event_log,omitempty"` // Optional information about a GCE instance, unused outside of GCE InstanceInfo *GCEInstanceInfo `protobuf:"bytes,4,opt,name=instance_info,json=instanceInfo,proto3" json:"instance_info,omitempty"` // A COS event log using the TCG Canonical Event Log format CanonicalEventLog []byte `protobuf:"bytes,5,opt,name=canonical_event_log,json=canonicalEventLog,proto3" json:"canonical_event_log,omitempty"` // Attestation Key (AK) Certificate, encoded as ASN.1 DER. // Optional. AkCert []byte `protobuf:"bytes,6,opt,name=ak_cert,json=akCert,proto3" json:"ak_cert,omitempty"` // Intermediate Certificates for verifying the AK Certificate, encoded as // ASN.1 DER. Optional. IntermediateCerts [][]byte `protobuf:"bytes,7,rep,name=intermediate_certs,json=intermediateCerts,proto3" json:"intermediate_certs,omitempty"` // Trusted execution environment attestation is a secondary platform // attestation that the machine is running within a particular confidential // environment. // // Types that are assignable to TeeAttestation: // // *Attestation_SevSnpAttestation // *Attestation_TdxAttestation TeeAttestation isAttestation_TeeAttestation `protobuf_oneof:"tee_attestation"` } func (x *Attestation) Reset() { *x = Attestation{} if protoimpl.UnsafeEnabled { mi := &file_attest_proto_msgTypes[1] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } } func (x *Attestation) String() string { return protoimpl.X.MessageStringOf(x) } func (*Attestation) ProtoMessage() {} func (x *Attestation) ProtoReflect() protoreflect.Message { mi := &file_attest_proto_msgTypes[1] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use Attestation.ProtoReflect.Descriptor instead. func (*Attestation) Descriptor() ([]byte, []int) { return file_attest_proto_rawDescGZIP(), []int{1} } func (x *Attestation) GetAkPub() []byte { if x != nil { return x.AkPub } return nil } func (x *Attestation) GetQuotes() []*tpm.Quote { if x != nil { return x.Quotes } return nil } func (x *Attestation) GetEventLog() []byte { if x != nil { return x.EventLog } return nil } func (x *Attestation) GetInstanceInfo() *GCEInstanceInfo { if x != nil { return x.InstanceInfo } return nil } func (x *Attestation) GetCanonicalEventLog() []byte { if x != nil { return x.CanonicalEventLog } return nil } func (x *Attestation) GetAkCert() []byte { if x != nil { return x.AkCert } return nil } func (x *Attestation) GetIntermediateCerts() [][]byte { if x != nil { return x.IntermediateCerts } return nil } func (m *Attestation) GetTeeAttestation() isAttestation_TeeAttestation { if m != nil { return m.TeeAttestation } return nil } func (x *Attestation) GetSevSnpAttestation() *sevsnp.Attestation { if x, ok := x.GetTeeAttestation().(*Attestation_SevSnpAttestation); ok { return x.SevSnpAttestation } return nil } func (x *Attestation) GetTdxAttestation() *tdx.QuoteV4 { if x, ok := x.GetTeeAttestation().(*Attestation_TdxAttestation); ok { return x.TdxAttestation } return nil } type isAttestation_TeeAttestation interface { isAttestation_TeeAttestation() } type Attestation_SevSnpAttestation struct { SevSnpAttestation *sevsnp.Attestation `protobuf:"bytes,8,opt,name=sev_snp_attestation,json=sevSnpAttestation,proto3,oneof"` } type Attestation_TdxAttestation struct { TdxAttestation *tdx.QuoteV4 `protobuf:"bytes,9,opt,name=tdx_attestation,json=tdxAttestation,proto3,oneof"` } func (*Attestation_SevSnpAttestation) isAttestation_TeeAttestation() {} func (*Attestation_TdxAttestation) isAttestation_TeeAttestation() {} // For VMs running SEV-SNP with an SVSM-based e-vTPM, this contains a TPM quote // and all the information needed to verify it. type SevSnpSvsmAttestation struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields Attestation *Attestation `protobuf:"bytes,1,opt,name=attestation,proto3" json:"attestation,omitempty"` SevSnpAttestation *sevsnp.Attestation `protobuf:"bytes,2,opt,name=sev_snp_attestation,json=sevSnpAttestation,proto3" json:"sev_snp_attestation,omitempty"` // vTPM service manifest is retrieved from configfs-tsm-report via manifest blob // See https://github.com/torvalds/linux/blob/v6.16/Documentation/ABI/testing/configfs-tsm-report // The manifest format is defined by the SVSM spec at https://www.amd.com/en/developer/sev.html VtpmServiceManifest []byte `protobuf:"bytes,3,opt,name=vtpm_service_manifest,json=vtpmServiceManifest,proto3" json:"vtpm_service_manifest,omitempty"` VtpmServiceManifestVersion string `protobuf:"bytes,4,opt,name=vtpm_service_manifest_version,json=vtpmServiceManifestVersion,proto3" json:"vtpm_service_manifest_version,omitempty"` // This contains a launch endorsement for guest firmware that includes SVSM. LaunchEndorsement []byte `protobuf:"bytes,5,opt,name=launch_endorsement,json=launchEndorsement,proto3" json:"launch_endorsement,omitempty"` } func (x *SevSnpSvsmAttestation) Reset() { *x = SevSnpSvsmAttestation{} if protoimpl.UnsafeEnabled { mi := &file_attest_proto_msgTypes[2] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } } func (x *SevSnpSvsmAttestation) String() string { return protoimpl.X.MessageStringOf(x) } func (*SevSnpSvsmAttestation) ProtoMessage() {} func (x *SevSnpSvsmAttestation) ProtoReflect() protoreflect.Message { mi := &file_attest_proto_msgTypes[2] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use SevSnpSvsmAttestation.ProtoReflect.Descriptor instead. func (*SevSnpSvsmAttestation) Descriptor() ([]byte, []int) { return file_attest_proto_rawDescGZIP(), []int{2} } func (x *SevSnpSvsmAttestation) GetAttestation() *Attestation { if x != nil { return x.Attestation } return nil } func (x *SevSnpSvsmAttestation) GetSevSnpAttestation() *sevsnp.Attestation { if x != nil { return x.SevSnpAttestation } return nil } func (x *SevSnpSvsmAttestation) GetVtpmServiceManifest() []byte { if x != nil { return x.VtpmServiceManifest } return nil } func (x *SevSnpSvsmAttestation) GetVtpmServiceManifestVersion() string { if x != nil { return x.VtpmServiceManifestVersion } return "" } func (x *SevSnpSvsmAttestation) GetLaunchEndorsement() []byte { if x != nil { return x.LaunchEndorsement } return nil } // The platform/firmware state for this instance type PlatformState struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields // Types that are assignable to Firmware: // // *PlatformState_ScrtmVersionId // *PlatformState_GceVersion Firmware isPlatformState_Firmware `protobuf_oneof:"firmware"` // Set to NONE on non-GCE instances or non-Confidential Shielded GCE instances Technology GCEConfidentialTechnology `protobuf:"varint,3,opt,name=technology,proto3,enum=attest.GCEConfidentialTechnology" json:"technology,omitempty"` // Only set for GCE instances InstanceInfo *GCEInstanceInfo `protobuf:"bytes,4,opt,name=instance_info,json=instanceInfo,proto3" json:"instance_info,omitempty"` } func (x *PlatformState) Reset() { *x = PlatformState{} if protoimpl.UnsafeEnabled { mi := &file_attest_proto_msgTypes[3] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } } func (x *PlatformState) String() string { return protoimpl.X.MessageStringOf(x) } func (*PlatformState) ProtoMessage() {} func (x *PlatformState) ProtoReflect() protoreflect.Message { mi := &file_attest_proto_msgTypes[3] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use PlatformState.ProtoReflect.Descriptor instead. func (*PlatformState) Descriptor() ([]byte, []int) { return file_attest_proto_rawDescGZIP(), []int{3} } func (m *PlatformState) GetFirmware() isPlatformState_Firmware { if m != nil { return m.Firmware } return nil } func (x *PlatformState) GetScrtmVersionId() []byte { if x, ok := x.GetFirmware().(*PlatformState_ScrtmVersionId); ok { return x.ScrtmVersionId } return nil } func (x *PlatformState) GetGceVersion() uint32 { if x, ok := x.GetFirmware().(*PlatformState_GceVersion); ok { return x.GceVersion } return 0 } func (x *PlatformState) GetTechnology() GCEConfidentialTechnology { if x != nil { return x.Technology } return GCEConfidentialTechnology_NONE } func (x *PlatformState) GetInstanceInfo() *GCEInstanceInfo { if x != nil { return x.InstanceInfo } return nil } type isPlatformState_Firmware interface { isPlatformState_Firmware() } type PlatformState_ScrtmVersionId struct { // Raw S-CRTM version identifier (EV_S_CRTM_VERSION) ScrtmVersionId []byte `protobuf:"bytes,1,opt,name=scrtm_version_id,json=scrtmVersionId,proto3,oneof"` } type PlatformState_GceVersion struct { // Virtual GCE firmware version (parsed from S-CRTM version id) GceVersion uint32 `protobuf:"varint,2,opt,name=gce_version,json=gceVersion,proto3,oneof"` } func (*PlatformState_ScrtmVersionId) isPlatformState_Firmware() {} func (*PlatformState_GceVersion) isPlatformState_Firmware() {} type GrubFile struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields // The digest of the file (pulled from the raw event digest). Digest []byte `protobuf:"bytes,1,opt,name=digest,proto3" json:"digest,omitempty"` // The event data. This is not measured, so it is untrusted. UntrustedFilename []byte `protobuf:"bytes,2,opt,name=untrusted_filename,json=untrustedFilename,proto3" json:"untrusted_filename,omitempty"` } func (x *GrubFile) Reset() { *x = GrubFile{} if protoimpl.UnsafeEnabled { mi := &file_attest_proto_msgTypes[4] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } } func (x *GrubFile) String() string { return protoimpl.X.MessageStringOf(x) } func (*GrubFile) ProtoMessage() {} func (x *GrubFile) ProtoReflect() protoreflect.Message { mi := &file_attest_proto_msgTypes[4] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use GrubFile.ProtoReflect.Descriptor instead. func (*GrubFile) Descriptor() ([]byte, []int) { return file_attest_proto_rawDescGZIP(), []int{4} } func (x *GrubFile) GetDigest() []byte { if x != nil { return x.Digest } return nil } func (x *GrubFile) GetUntrustedFilename() []byte { if x != nil { return x.UntrustedFilename } return nil } type GrubState struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields // All GRUB-read and measured files, including grub.cfg. Files []*GrubFile `protobuf:"bytes,1,rep,name=files,proto3" json:"files,omitempty"` // A list of executed GRUB commands and command lines passed to the kernel // and kernel modules. Commands []string `protobuf:"bytes,2,rep,name=commands,proto3" json:"commands,omitempty"` } func (x *GrubState) Reset() { *x = GrubState{} if protoimpl.UnsafeEnabled { mi := &file_attest_proto_msgTypes[5] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } } func (x *GrubState) String() string { return protoimpl.X.MessageStringOf(x) } func (*GrubState) ProtoMessage() {} func (x *GrubState) ProtoReflect() protoreflect.Message { mi := &file_attest_proto_msgTypes[5] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use GrubState.ProtoReflect.Descriptor instead. func (*GrubState) Descriptor() ([]byte, []int) { return file_attest_proto_rawDescGZIP(), []int{5} } func (x *GrubState) GetFiles() []*GrubFile { if x != nil { return x.Files } return nil } func (x *GrubState) GetCommands() []string { if x != nil { return x.Commands } return nil } // The state of the Linux kernel. // At the moment, parsing LinuxKernelState relies on parsing the GrubState. // To do so, use ParseOpts{Loader: GRUB} when calling ParseMachineState. type LinuxKernelState struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields // The kernel command line. CommandLine string `protobuf:"bytes,1,opt,name=command_line,json=commandLine,proto3" json:"command_line,omitempty"` } func (x *LinuxKernelState) Reset() { *x = LinuxKernelState{} if protoimpl.UnsafeEnabled { mi := &file_attest_proto_msgTypes[6] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } } func (x *LinuxKernelState) String() string { return protoimpl.X.MessageStringOf(x) } func (*LinuxKernelState) ProtoMessage() {} func (x *LinuxKernelState) ProtoReflect() protoreflect.Message { mi := &file_attest_proto_msgTypes[6] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use LinuxKernelState.ProtoReflect.Descriptor instead. func (*LinuxKernelState) Descriptor() ([]byte, []int) { return file_attest_proto_rawDescGZIP(), []int{6} } func (x *LinuxKernelState) GetCommandLine() string { if x != nil { return x.CommandLine } return "" } // A parsed event from the TCG event log type Event struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields // The Platform Control Register (PCR) this event was extended into. PcrIndex uint32 `protobuf:"varint,1,opt,name=pcr_index,json=pcrIndex,proto3" json:"pcr_index,omitempty"` // The type of this event. Note that this value is not verified, so it should // only be used as a hint during event parsing. UntrustedType uint32 `protobuf:"varint,2,opt,name=untrusted_type,json=untrustedType,proto3" json:"untrusted_type,omitempty"` // The raw data associated to this event. The meaning of this data is // specific to the type of the event. Data []byte `protobuf:"bytes,3,opt,name=data,proto3" json:"data,omitempty"` // The event digest actually extended into the TPM. This is often the hash of // the data field, but in some cases it may have a type-specific calculation. Digest []byte `protobuf:"bytes,4,opt,name=digest,proto3" json:"digest,omitempty"` // This is true if hash(data) == digest. DigestVerified bool `protobuf:"varint,5,opt,name=digest_verified,json=digestVerified,proto3" json:"digest_verified,omitempty"` } func (x *Event) Reset() { *x = Event{} if protoimpl.UnsafeEnabled { mi := &file_attest_proto_msgTypes[7] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } } func (x *Event) String() string { return protoimpl.X.MessageStringOf(x) } func (*Event) ProtoMessage() {} func (x *Event) ProtoReflect() protoreflect.Message { mi := &file_attest_proto_msgTypes[7] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use Event.ProtoReflect.Descriptor instead. func (*Event) Descriptor() ([]byte, []int) { return file_attest_proto_rawDescGZIP(), []int{7} } func (x *Event) GetPcrIndex() uint32 { if x != nil { return x.PcrIndex } return 0 } func (x *Event) GetUntrustedType() uint32 { if x != nil { return x.UntrustedType } return 0 } func (x *Event) GetData() []byte { if x != nil { return x.Data } return nil } func (x *Event) GetDigest() []byte { if x != nil { return x.Digest } return nil } func (x *Event) GetDigestVerified() bool { if x != nil { return x.DigestVerified } return false } type Certificate struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields // The representation of the certificate. If the certificate matches a // well-known certificate above, representation should contain the value in // the enum. Otherwise, it will contain the raw DER. // // Types that are assignable to Representation: // // *Certificate_Der // *Certificate_WellKnown Representation isCertificate_Representation `protobuf_oneof:"representation"` } func (x *Certificate) Reset() { *x = Certificate{} if protoimpl.UnsafeEnabled { mi := &file_attest_proto_msgTypes[8] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } } func (x *Certificate) String() string { return protoimpl.X.MessageStringOf(x) } func (*Certificate) ProtoMessage() {} func (x *Certificate) ProtoReflect() protoreflect.Message { mi := &file_attest_proto_msgTypes[8] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use Certificate.ProtoReflect.Descriptor instead. func (*Certificate) Descriptor() ([]byte, []int) { return file_attest_proto_rawDescGZIP(), []int{8} } func (m *Certificate) GetRepresentation() isCertificate_Representation { if m != nil { return m.Representation } return nil } func (x *Certificate) GetDer() []byte { if x, ok := x.GetRepresentation().(*Certificate_Der); ok { return x.Der } return nil } func (x *Certificate) GetWellKnown() WellKnownCertificate { if x, ok := x.GetRepresentation().(*Certificate_WellKnown); ok { return x.WellKnown } return WellKnownCertificate_UNKNOWN } type isCertificate_Representation interface { isCertificate_Representation() } type Certificate_Der struct { // DER representation of the certificate. Der []byte `protobuf:"bytes,1,opt,name=der,proto3,oneof"` } type Certificate_WellKnown struct { WellKnown WellKnownCertificate `protobuf:"varint,2,opt,name=well_known,json=wellKnown,proto3,enum=attest.WellKnownCertificate,oneof"` } func (*Certificate_Der) isCertificate_Representation() {} func (*Certificate_WellKnown) isCertificate_Representation() {} // A Secure Boot database containing lists of hashes and certificates, // as defined by section 32.4.1 Signature Database in the UEFI spec. type Database struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields Certs []*Certificate `protobuf:"bytes,1,rep,name=certs,proto3" json:"certs,omitempty"` Hashes [][]byte `protobuf:"bytes,2,rep,name=hashes,proto3" json:"hashes,omitempty"` } func (x *Database) Reset() { *x = Database{} if protoimpl.UnsafeEnabled { mi := &file_attest_proto_msgTypes[9] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } } func (x *Database) String() string { return protoimpl.X.MessageStringOf(x) } func (*Database) ProtoMessage() {} func (x *Database) ProtoReflect() protoreflect.Message { mi := &file_attest_proto_msgTypes[9] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use Database.ProtoReflect.Descriptor instead. func (*Database) Descriptor() ([]byte, []int) { return file_attest_proto_rawDescGZIP(), []int{9} } func (x *Database) GetCerts() []*Certificate { if x != nil { return x.Certs } return nil } func (x *Database) GetHashes() [][]byte { if x != nil { return x.Hashes } return nil } // The Secure Boot state for this instance. type SecureBootState struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields // Whether Secure Boot is enabled. Enabled bool `protobuf:"varint,1,opt,name=enabled,proto3" json:"enabled,omitempty"` // The Secure Boot signature (allowed) database. Db *Database `protobuf:"bytes,2,opt,name=db,proto3" json:"db,omitempty"` // The Secure Boot revoked signature (forbidden) database. Dbx *Database `protobuf:"bytes,3,opt,name=dbx,proto3" json:"dbx,omitempty"` // Authority events post-separator. Pre-separator authorities // are currently not supported. Authority *Database `protobuf:"bytes,4,opt,name=authority,proto3" json:"authority,omitempty"` // The Secure Boot Platform key, used to sign key exchange keys. Pk *Database `protobuf:"bytes,5,opt,name=pk,proto3" json:"pk,omitempty"` // The Secure Boot Key Exchange Keys, used to sign db and dbx updates. Kek *Database `protobuf:"bytes,6,opt,name=kek,proto3" json:"kek,omitempty"` } func (x *SecureBootState) Reset() { *x = SecureBootState{} if protoimpl.UnsafeEnabled { mi := &file_attest_proto_msgTypes[10] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } } func (x *SecureBootState) String() string { return protoimpl.X.MessageStringOf(x) } func (*SecureBootState) ProtoMessage() {} func (x *SecureBootState) ProtoReflect() protoreflect.Message { mi := &file_attest_proto_msgTypes[10] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use SecureBootState.ProtoReflect.Descriptor instead. func (*SecureBootState) Descriptor() ([]byte, []int) { return file_attest_proto_rawDescGZIP(), []int{10} } func (x *SecureBootState) GetEnabled() bool { if x != nil { return x.Enabled } return false } func (x *SecureBootState) GetDb() *Database { if x != nil { return x.Db } return nil } func (x *SecureBootState) GetDbx() *Database { if x != nil { return x.Dbx } return nil } func (x *SecureBootState) GetAuthority() *Database { if x != nil { return x.Authority } return nil } func (x *SecureBootState) GetPk() *Database { if x != nil { return x.Pk } return nil } func (x *SecureBootState) GetKek() *Database { if x != nil { return x.Kek } return nil } type ContainerState struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields ImageReference string `protobuf:"bytes,1,opt,name=image_reference,json=imageReference,proto3" json:"image_reference,omitempty"` // Digest of the registry's image manifest, which contains a list of the // layers comprising the image. ImageDigest string `protobuf:"bytes,2,opt,name=image_digest,json=imageDigest,proto3" json:"image_digest,omitempty"` RestartPolicy RestartPolicy `protobuf:"varint,3,opt,name=restart_policy,json=restartPolicy,proto3,enum=attest.RestartPolicy" json:"restart_policy,omitempty"` // Digest of the local image configuration object, containing config items // such as local layer digests. ImageId string `protobuf:"bytes,4,opt,name=image_id,json=imageId,proto3" json:"image_id,omitempty"` Args []string `protobuf:"bytes,5,rep,name=args,proto3" json:"args,omitempty"` EnvVars map[string]string `protobuf:"bytes,6,rep,name=env_vars,json=envVars,proto3" json:"env_vars,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` // Record operator input Env Vars and Args, should be subsets of the above // Env Vars and Args. OverriddenArgs []string `protobuf:"bytes,7,rep,name=overridden_args,json=overriddenArgs,proto3" json:"overridden_args,omitempty"` OverriddenEnvVars map[string]string `protobuf:"bytes,8,rep,name=overridden_env_vars,json=overriddenEnvVars,proto3" json:"overridden_env_vars,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` } func (x *ContainerState) Reset() { *x = ContainerState{} if protoimpl.UnsafeEnabled { mi := &file_attest_proto_msgTypes[11] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } } func (x *ContainerState) String() string { return protoimpl.X.MessageStringOf(x) } func (*ContainerState) ProtoMessage() {} func (x *ContainerState) ProtoReflect() protoreflect.Message { mi := &file_attest_proto_msgTypes[11] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use ContainerState.ProtoReflect.Descriptor instead. func (*ContainerState) Descriptor() ([]byte, []int) { return file_attest_proto_rawDescGZIP(), []int{11} } func (x *ContainerState) GetImageReference() string { if x != nil { return x.ImageReference } return "" } func (x *ContainerState) GetImageDigest() string { if x != nil { return x.ImageDigest } return "" } func (x *ContainerState) GetRestartPolicy() RestartPolicy { if x != nil { return x.RestartPolicy } return RestartPolicy_Always } func (x *ContainerState) GetImageId() string { if x != nil { return x.ImageId } return "" } func (x *ContainerState) GetArgs() []string { if x != nil { return x.Args } return nil } func (x *ContainerState) GetEnvVars() map[string]string { if x != nil { return x.EnvVars } return nil } func (x *ContainerState) GetOverriddenArgs() []string { if x != nil { return x.OverriddenArgs } return nil } func (x *ContainerState) GetOverriddenEnvVars() map[string]string { if x != nil { return x.OverriddenEnvVars } return nil } type SemanticVersion struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields Major uint32 `protobuf:"varint,1,opt,name=major,proto3" json:"major,omitempty"` Minor uint32 `protobuf:"varint,2,opt,name=minor,proto3" json:"minor,omitempty"` Patch uint32 `protobuf:"varint,3,opt,name=patch,proto3" json:"patch,omitempty"` } func (x *SemanticVersion) Reset() { *x = SemanticVersion{} if protoimpl.UnsafeEnabled { mi := &file_attest_proto_msgTypes[12] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } } func (x *SemanticVersion) String() string { return protoimpl.X.MessageStringOf(x) } func (*SemanticVersion) ProtoMessage() {} func (x *SemanticVersion) ProtoReflect() protoreflect.Message { mi := &file_attest_proto_msgTypes[12] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use SemanticVersion.ProtoReflect.Descriptor instead. func (*SemanticVersion) Descriptor() ([]byte, []int) { return file_attest_proto_rawDescGZIP(), []int{12} } func (x *SemanticVersion) GetMajor() uint32 { if x != nil { return x.Major } return 0 } func (x *SemanticVersion) GetMinor() uint32 { if x != nil { return x.Minor } return 0 } func (x *SemanticVersion) GetPatch() uint32 { if x != nil { return x.Patch } return 0 } type HealthMonitoringState struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields // Whether memory monitoring is enabled. MemoryEnabled *bool `protobuf:"varint,1,opt,name=memory_enabled,json=memoryEnabled,proto3,oneof" json:"memory_enabled,omitempty"` } func (x *HealthMonitoringState) Reset() { *x = HealthMonitoringState{} if protoimpl.UnsafeEnabled { mi := &file_attest_proto_msgTypes[13] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } } func (x *HealthMonitoringState) String() string { return protoimpl.X.MessageStringOf(x) } func (*HealthMonitoringState) ProtoMessage() {} func (x *HealthMonitoringState) ProtoReflect() protoreflect.Message { mi := &file_attest_proto_msgTypes[13] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use HealthMonitoringState.ProtoReflect.Descriptor instead. func (*HealthMonitoringState) Descriptor() ([]byte, []int) { return file_attest_proto_rawDescGZIP(), []int{13} } func (x *HealthMonitoringState) GetMemoryEnabled() bool { if x != nil && x.MemoryEnabled != nil { return *x.MemoryEnabled } return false } type GpuDeviceState struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields // Whether Confidential Computing mode is enabled for GPU. CcMode GPUDeviceCCMode `protobuf:"varint,1,opt,name=cc_mode,json=ccMode,proto3,enum=attest.GPUDeviceCCMode" json:"cc_mode,omitempty"` } func (x *GpuDeviceState) Reset() { *x = GpuDeviceState{} if protoimpl.UnsafeEnabled { mi := &file_attest_proto_msgTypes[14] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } } func (x *GpuDeviceState) String() string { return protoimpl.X.MessageStringOf(x) } func (*GpuDeviceState) ProtoMessage() {} func (x *GpuDeviceState) ProtoReflect() protoreflect.Message { mi := &file_attest_proto_msgTypes[14] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use GpuDeviceState.ProtoReflect.Descriptor instead. func (*GpuDeviceState) Descriptor() ([]byte, []int) { return file_attest_proto_rawDescGZIP(), []int{14} } func (x *GpuDeviceState) GetCcMode() GPUDeviceCCMode { if x != nil { return x.CcMode } return GPUDeviceCCMode_UNSET } type AttestedCosState struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields Container *ContainerState `protobuf:"bytes,1,opt,name=container,proto3" json:"container,omitempty"` CosVersion *SemanticVersion `protobuf:"bytes,2,opt,name=cos_version,json=cosVersion,proto3" json:"cos_version,omitempty"` LauncherVersion *SemanticVersion `protobuf:"bytes,3,opt,name=launcher_version,json=launcherVersion,proto3" json:"launcher_version,omitempty"` HealthMonitoring *HealthMonitoringState `protobuf:"bytes,4,opt,name=health_monitoring,json=healthMonitoring,proto3" json:"health_monitoring,omitempty"` GpuDeviceState *GpuDeviceState `protobuf:"bytes,5,opt,name=gpu_device_state,json=gpuDeviceState,proto3" json:"gpu_device_state,omitempty"` } func (x *AttestedCosState) Reset() { *x = AttestedCosState{} if protoimpl.UnsafeEnabled { mi := &file_attest_proto_msgTypes[15] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } } func (x *AttestedCosState) String() string { return protoimpl.X.MessageStringOf(x) } func (*AttestedCosState) ProtoMessage() {} func (x *AttestedCosState) ProtoReflect() protoreflect.Message { mi := &file_attest_proto_msgTypes[15] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use AttestedCosState.ProtoReflect.Descriptor instead. func (*AttestedCosState) Descriptor() ([]byte, []int) { return file_attest_proto_rawDescGZIP(), []int{15} } func (x *AttestedCosState) GetContainer() *ContainerState { if x != nil { return x.Container } return nil } func (x *AttestedCosState) GetCosVersion() *SemanticVersion { if x != nil { return x.CosVersion } return nil } func (x *AttestedCosState) GetLauncherVersion() *SemanticVersion { if x != nil { return x.LauncherVersion } return nil } func (x *AttestedCosState) GetHealthMonitoring() *HealthMonitoringState { if x != nil { return x.HealthMonitoring } return nil } func (x *AttestedCosState) GetGpuDeviceState() *GpuDeviceState { if x != nil { return x.GpuDeviceState } return nil } type EfiApp struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields // The PE/COFF digest of the EFI application (pulled from the raw event digest). Digest []byte `protobuf:"bytes,1,opt,name=digest,proto3" json:"digest,omitempty"` } func (x *EfiApp) Reset() { *x = EfiApp{} if protoimpl.UnsafeEnabled { mi := &file_attest_proto_msgTypes[16] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } } func (x *EfiApp) String() string { return protoimpl.X.MessageStringOf(x) } func (*EfiApp) ProtoMessage() {} func (x *EfiApp) ProtoReflect() protoreflect.Message { mi := &file_attest_proto_msgTypes[16] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use EfiApp.ProtoReflect.Descriptor instead. func (*EfiApp) Descriptor() ([]byte, []int) { return file_attest_proto_rawDescGZIP(), []int{16} } func (x *EfiApp) GetDigest() []byte { if x != nil { return x.Digest } return nil } // The verified state of EFI Applications. Policy usage on this machine state // should check the entire set of EFI App digests matches, not a subset. type EfiState struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields // UEFI's OS Loader code is required to measure attempts to load and execute // UEFI applications. // UEFI applications are typically bootloaders such as shim and GRUB. // These run and are measured using the UEFI LoadImage() service. Apps []*EfiApp `protobuf:"bytes,1,rep,name=apps,proto3" json:"apps,omitempty"` } func (x *EfiState) Reset() { *x = EfiState{} if protoimpl.UnsafeEnabled { mi := &file_attest_proto_msgTypes[17] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } } func (x *EfiState) String() string { return protoimpl.X.MessageStringOf(x) } func (*EfiState) ProtoMessage() {} func (x *EfiState) ProtoReflect() protoreflect.Message { mi := &file_attest_proto_msgTypes[17] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use EfiState.ProtoReflect.Descriptor instead. func (*EfiState) Descriptor() ([]byte, []int) { return file_attest_proto_rawDescGZIP(), []int{17} } func (x *EfiState) GetApps() []*EfiApp { if x != nil { return x.Apps } return nil } // The verified state of a booted machine, obtained from an Attestation type MachineState struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields Platform *PlatformState `protobuf:"bytes,1,opt,name=platform,proto3" json:"platform,omitempty"` SecureBoot *SecureBootState `protobuf:"bytes,2,opt,name=secure_boot,json=secureBoot,proto3" json:"secure_boot,omitempty"` // The complete parsed TCG Event Log, including those events used to // create the PlatformState. RawEvents []*Event `protobuf:"bytes,3,rep,name=raw_events,json=rawEvents,proto3" json:"raw_events,omitempty"` // The hash algorithm used when verifying the Attestation. This indicates: // - which PCR bank was used for for quote validation and event log replay // - the hash algorithm used to calculate event digests Hash tpm.HashAlgo `protobuf:"varint,4,opt,name=hash,proto3,enum=tpm.HashAlgo" json:"hash,omitempty"` Grub *GrubState `protobuf:"bytes,5,opt,name=grub,proto3" json:"grub,omitempty"` LinuxKernel *LinuxKernelState `protobuf:"bytes,6,opt,name=linux_kernel,json=linuxKernel,proto3" json:"linux_kernel,omitempty"` Cos *AttestedCosState `protobuf:"bytes,7,opt,name=cos,proto3" json:"cos,omitempty"` Efi *EfiState `protobuf:"bytes,8,opt,name=efi,proto3" json:"efi,omitempty"` // Attestation/Quote representations from TEEs whose signatures are already // verified. // // Types that are assignable to TeeAttestation: // // *MachineState_SevSnpAttestation // *MachineState_TdxAttestation TeeAttestation isMachineState_TeeAttestation `protobuf_oneof:"tee_attestation"` } func (x *MachineState) Reset() { *x = MachineState{} if protoimpl.UnsafeEnabled { mi := &file_attest_proto_msgTypes[18] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } } func (x *MachineState) String() string { return protoimpl.X.MessageStringOf(x) } func (*MachineState) ProtoMessage() {} func (x *MachineState) ProtoReflect() protoreflect.Message { mi := &file_attest_proto_msgTypes[18] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use MachineState.ProtoReflect.Descriptor instead. func (*MachineState) Descriptor() ([]byte, []int) { return file_attest_proto_rawDescGZIP(), []int{18} } func (x *MachineState) GetPlatform() *PlatformState { if x != nil { return x.Platform } return nil } func (x *MachineState) GetSecureBoot() *SecureBootState { if x != nil { return x.SecureBoot } return nil } func (x *MachineState) GetRawEvents() []*Event { if x != nil { return x.RawEvents } return nil } func (x *MachineState) GetHash() tpm.HashAlgo { if x != nil { return x.Hash } return tpm.HashAlgo(0) } func (x *MachineState) GetGrub() *GrubState { if x != nil { return x.Grub } return nil } func (x *MachineState) GetLinuxKernel() *LinuxKernelState { if x != nil { return x.LinuxKernel } return nil } func (x *MachineState) GetCos() *AttestedCosState { if x != nil { return x.Cos } return nil } func (x *MachineState) GetEfi() *EfiState { if x != nil { return x.Efi } return nil } func (m *MachineState) GetTeeAttestation() isMachineState_TeeAttestation { if m != nil { return m.TeeAttestation } return nil } func (x *MachineState) GetSevSnpAttestation() *sevsnp.Attestation { if x, ok := x.GetTeeAttestation().(*MachineState_SevSnpAttestation); ok { return x.SevSnpAttestation } return nil } func (x *MachineState) GetTdxAttestation() *tdx.QuoteV4 { if x, ok := x.GetTeeAttestation().(*MachineState_TdxAttestation); ok { return x.TdxAttestation } return nil } type isMachineState_TeeAttestation interface { isMachineState_TeeAttestation() } type MachineState_SevSnpAttestation struct { SevSnpAttestation *sevsnp.Attestation `protobuf:"bytes,9,opt,name=sev_snp_attestation,json=sevSnpAttestation,proto3,oneof"` } type MachineState_TdxAttestation struct { TdxAttestation *tdx.QuoteV4 `protobuf:"bytes,10,opt,name=tdx_attestation,json=tdxAttestation,proto3,oneof"` } func (*MachineState_SevSnpAttestation) isMachineState_TeeAttestation() {} func (*MachineState_TdxAttestation) isMachineState_TeeAttestation() {} // A policy dictating which values of PlatformState to allow type PlatformPolicy struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields // If PlatformState.firmware contains a scrtm_version_id, it must appear // in this list. For use with a GCE VM, minimum_gce_firmware_version is // often a better alternative. AllowedScrtmVersionIds [][]byte `protobuf:"bytes,1,rep,name=allowed_scrtm_version_ids,json=allowedScrtmVersionIds,proto3" json:"allowed_scrtm_version_ids,omitempty"` // If PlatformState.firmware contains a minimum_gce_firmware_version, it must // be greater than or equal to this value. Currently, the max version is 1. MinimumGceFirmwareVersion uint32 `protobuf:"varint,2,opt,name=minimum_gce_firmware_version,json=minimumGceFirmwareVersion,proto3" json:"minimum_gce_firmware_version,omitempty"` // The PlatformState's technology must be at least as secure as // the specified minimum_technology (i.e. AMD_SEV_ES > AMD_SEV > NONE). MinimumTechnology GCEConfidentialTechnology `protobuf:"varint,3,opt,name=minimum_technology,json=minimumTechnology,proto3,enum=attest.GCEConfidentialTechnology" json:"minimum_technology,omitempty"` } func (x *PlatformPolicy) Reset() { *x = PlatformPolicy{} if protoimpl.UnsafeEnabled { mi := &file_attest_proto_msgTypes[19] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } } func (x *PlatformPolicy) String() string { return protoimpl.X.MessageStringOf(x) } func (*PlatformPolicy) ProtoMessage() {} func (x *PlatformPolicy) ProtoReflect() protoreflect.Message { mi := &file_attest_proto_msgTypes[19] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use PlatformPolicy.ProtoReflect.Descriptor instead. func (*PlatformPolicy) Descriptor() ([]byte, []int) { return file_attest_proto_rawDescGZIP(), []int{19} } func (x *PlatformPolicy) GetAllowedScrtmVersionIds() [][]byte { if x != nil { return x.AllowedScrtmVersionIds } return nil } func (x *PlatformPolicy) GetMinimumGceFirmwareVersion() uint32 { if x != nil { return x.MinimumGceFirmwareVersion } return 0 } func (x *PlatformPolicy) GetMinimumTechnology() GCEConfidentialTechnology { if x != nil { return x.MinimumTechnology } return GCEConfidentialTechnology_NONE } // A policy about what parts of a RIM to compare against machine state as // reflected in a quote or (verified) event log. Reference measurements for // a component are expected to be addressable by the machine state's reported // digest, or otherwise presented as cached collateral with the attestation // itself. The method of delivery is vendor-specific. type RIMPolicy struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields // If true, the signed measurement must be available (by means that can be // vendor-specific), and the target measurement must be among the listed // signed measurements. If false, then only error if there is a problem // verifying the signed measurements when they are available. RequireSigned bool `protobuf:"varint,1,opt,name=require_signed,json=requireSigned,proto3" json:"require_signed,omitempty"` // x.509 certificates in ASN.1 DER format. RootCerts [][]byte `protobuf:"bytes,2,rep,name=root_certs,json=rootCerts,proto3" json:"root_certs,omitempty"` } func (x *RIMPolicy) Reset() { *x = RIMPolicy{} if protoimpl.UnsafeEnabled { mi := &file_attest_proto_msgTypes[20] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } } func (x *RIMPolicy) String() string { return protoimpl.X.MessageStringOf(x) } func (*RIMPolicy) ProtoMessage() {} func (x *RIMPolicy) ProtoReflect() protoreflect.Message { mi := &file_attest_proto_msgTypes[20] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use RIMPolicy.ProtoReflect.Descriptor instead. func (*RIMPolicy) Descriptor() ([]byte, []int) { return file_attest_proto_rawDescGZIP(), []int{20} } func (x *RIMPolicy) GetRequireSigned() bool { if x != nil { return x.RequireSigned } return false } func (x *RIMPolicy) GetRootCerts() [][]byte { if x != nil { return x.RootCerts } return nil } // Represent minimal decisions about attestation fields until necessary to // add for policy reasons. type SevSnpPolicy struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields // The policy for checking the signed reference values for the UEFI at launch. Uefi *RIMPolicy `protobuf:"bytes,1,opt,name=uefi,proto3" json:"uefi,omitempty"` } func (x *SevSnpPolicy) Reset() { *x = SevSnpPolicy{} if protoimpl.UnsafeEnabled { mi := &file_attest_proto_msgTypes[21] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } } func (x *SevSnpPolicy) String() string { return protoimpl.X.MessageStringOf(x) } func (*SevSnpPolicy) ProtoMessage() {} func (x *SevSnpPolicy) ProtoReflect() protoreflect.Message { mi := &file_attest_proto_msgTypes[21] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use SevSnpPolicy.ProtoReflect.Descriptor instead. func (*SevSnpPolicy) Descriptor() ([]byte, []int) { return file_attest_proto_rawDescGZIP(), []int{21} } func (x *SevSnpPolicy) GetUefi() *RIMPolicy { if x != nil { return x.Uefi } return nil } // A policy dictating which type of MachineStates to allow type Policy struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields Platform *PlatformPolicy `protobuf:"bytes,1,opt,name=platform,proto3" json:"platform,omitempty"` // When the attestation is on SEV-SNP, this is the policy. Unset means no // constraints. SevSnp *SevSnpPolicy `protobuf:"bytes,3,opt,name=sev_snp,json=sevSnp,proto3" json:"sev_snp,omitempty"` } func (x *Policy) Reset() { *x = Policy{} if protoimpl.UnsafeEnabled { mi := &file_attest_proto_msgTypes[22] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } } func (x *Policy) String() string { return protoimpl.X.MessageStringOf(x) } func (*Policy) ProtoMessage() {} func (x *Policy) ProtoReflect() protoreflect.Message { mi := &file_attest_proto_msgTypes[22] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use Policy.ProtoReflect.Descriptor instead. func (*Policy) Descriptor() ([]byte, []int) { return file_attest_proto_rawDescGZIP(), []int{22} } func (x *Policy) GetPlatform() *PlatformPolicy { if x != nil { return x.Platform } return nil } func (x *Policy) GetSevSnp() *SevSnpPolicy { if x != nil { return x.SevSnp } return nil } var File_attest_proto protoreflect.FileDescriptor var file_attest_proto_rawDesc = []byte{ 0x0a, 0x0c, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x06, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x1a, 0x12, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x73, 0x65, 0x76, 0x73, 0x6e, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x0f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x74, 0x64, 0x78, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x09, 0x74, 0x70, 0x6d, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xb1, 0x01, 0x0a, 0x0f, 0x47, 0x43, 0x45, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x12, 0x0a, 0x04, 0x7a, 0x6f, 0x6e, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x7a, 0x6f, 0x6e, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x49, 0x64, 0x12, 0x25, 0x0a, 0x0e, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0d, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x4e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x23, 0x0a, 0x0d, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0a, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x49, 0x64, 0x22, 0xae, 0x03, 0x0a, 0x0b, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x15, 0x0a, 0x06, 0x61, 0x6b, 0x5f, 0x70, 0x75, 0x62, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x05, 0x61, 0x6b, 0x50, 0x75, 0x62, 0x12, 0x22, 0x0a, 0x06, 0x71, 0x75, 0x6f, 0x74, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0a, 0x2e, 0x74, 0x70, 0x6d, 0x2e, 0x51, 0x75, 0x6f, 0x74, 0x65, 0x52, 0x06, 0x71, 0x75, 0x6f, 0x74, 0x65, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x5f, 0x6c, 0x6f, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x08, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x4c, 0x6f, 0x67, 0x12, 0x3c, 0x0a, 0x0d, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x47, 0x43, 0x45, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x0c, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x2e, 0x0a, 0x13, 0x63, 0x61, 0x6e, 0x6f, 0x6e, 0x69, 0x63, 0x61, 0x6c, 0x5f, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x5f, 0x6c, 0x6f, 0x67, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x11, 0x63, 0x61, 0x6e, 0x6f, 0x6e, 0x69, 0x63, 0x61, 0x6c, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x4c, 0x6f, 0x67, 0x12, 0x17, 0x0a, 0x07, 0x61, 0x6b, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x61, 0x6b, 0x43, 0x65, 0x72, 0x74, 0x12, 0x2d, 0x0a, 0x12, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6d, 0x65, 0x64, 0x69, 0x61, 0x74, 0x65, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x73, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0c, 0x52, 0x11, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6d, 0x65, 0x64, 0x69, 0x61, 0x74, 0x65, 0x43, 0x65, 0x72, 0x74, 0x73, 0x12, 0x45, 0x0a, 0x13, 0x73, 0x65, 0x76, 0x5f, 0x73, 0x6e, 0x70, 0x5f, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x73, 0x65, 0x76, 0x73, 0x6e, 0x70, 0x2e, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x00, 0x52, 0x11, 0x73, 0x65, 0x76, 0x53, 0x6e, 0x70, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x37, 0x0a, 0x0f, 0x74, 0x64, 0x78, 0x5f, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0c, 0x2e, 0x74, 0x64, 0x78, 0x2e, 0x51, 0x75, 0x6f, 0x74, 0x65, 0x56, 0x34, 0x48, 0x00, 0x52, 0x0e, 0x74, 0x64, 0x78, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x11, 0x0a, 0x0f, 0x74, 0x65, 0x65, 0x5f, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0xb9, 0x02, 0x0a, 0x15, 0x53, 0x65, 0x76, 0x53, 0x6e, 0x70, 0x53, 0x76, 0x73, 0x6d, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x35, 0x0a, 0x0b, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0b, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x43, 0x0a, 0x13, 0x73, 0x65, 0x76, 0x5f, 0x73, 0x6e, 0x70, 0x5f, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x73, 0x65, 0x76, 0x73, 0x6e, 0x70, 0x2e, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x11, 0x73, 0x65, 0x76, 0x53, 0x6e, 0x70, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x32, 0x0a, 0x15, 0x76, 0x74, 0x70, 0x6d, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x6d, 0x61, 0x6e, 0x69, 0x66, 0x65, 0x73, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x13, 0x76, 0x74, 0x70, 0x6d, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4d, 0x61, 0x6e, 0x69, 0x66, 0x65, 0x73, 0x74, 0x12, 0x41, 0x0a, 0x1d, 0x76, 0x74, 0x70, 0x6d, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x6d, 0x61, 0x6e, 0x69, 0x66, 0x65, 0x73, 0x74, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x1a, 0x76, 0x74, 0x70, 0x6d, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4d, 0x61, 0x6e, 0x69, 0x66, 0x65, 0x73, 0x74, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x2d, 0x0a, 0x12, 0x6c, 0x61, 0x75, 0x6e, 0x63, 0x68, 0x5f, 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x73, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x11, 0x6c, 0x61, 0x75, 0x6e, 0x63, 0x68, 0x45, 0x6e, 0x64, 0x6f, 0x72, 0x73, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x22, 0xeb, 0x01, 0x0a, 0x0d, 0x50, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x2a, 0x0a, 0x10, 0x73, 0x63, 0x72, 0x74, 0x6d, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x48, 0x00, 0x52, 0x0e, 0x73, 0x63, 0x72, 0x74, 0x6d, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x49, 0x64, 0x12, 0x21, 0x0a, 0x0b, 0x67, 0x63, 0x65, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x48, 0x00, 0x52, 0x0a, 0x67, 0x63, 0x65, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x41, 0x0a, 0x0a, 0x74, 0x65, 0x63, 0x68, 0x6e, 0x6f, 0x6c, 0x6f, 0x67, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x21, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x47, 0x43, 0x45, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x54, 0x65, 0x63, 0x68, 0x6e, 0x6f, 0x6c, 0x6f, 0x67, 0x79, 0x52, 0x0a, 0x74, 0x65, 0x63, 0x68, 0x6e, 0x6f, 0x6c, 0x6f, 0x67, 0x79, 0x12, 0x3c, 0x0a, 0x0d, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x47, 0x43, 0x45, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x0c, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x42, 0x0a, 0x0a, 0x08, 0x66, 0x69, 0x72, 0x6d, 0x77, 0x61, 0x72, 0x65, 0x22, 0x51, 0x0a, 0x08, 0x47, 0x72, 0x75, 0x62, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x12, 0x2d, 0x0a, 0x12, 0x75, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x11, 0x75, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x46, 0x69, 0x6c, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x22, 0x4f, 0x0a, 0x09, 0x47, 0x72, 0x75, 0x62, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x26, 0x0a, 0x05, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x47, 0x72, 0x75, 0x62, 0x46, 0x69, 0x6c, 0x65, 0x52, 0x05, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x63, 0x6f, 0x6d, 0x6d, 0x61, 0x6e, 0x64, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x63, 0x6f, 0x6d, 0x6d, 0x61, 0x6e, 0x64, 0x73, 0x22, 0x35, 0x0a, 0x10, 0x4c, 0x69, 0x6e, 0x75, 0x78, 0x4b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x63, 0x6f, 0x6d, 0x6d, 0x61, 0x6e, 0x64, 0x5f, 0x6c, 0x69, 0x6e, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x63, 0x6f, 0x6d, 0x6d, 0x61, 0x6e, 0x64, 0x4c, 0x69, 0x6e, 0x65, 0x22, 0xa0, 0x01, 0x0a, 0x05, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x12, 0x1b, 0x0a, 0x09, 0x70, 0x63, 0x72, 0x5f, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x08, 0x70, 0x63, 0x72, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x25, 0x0a, 0x0e, 0x75, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0d, 0x75, 0x6e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x54, 0x79, 0x70, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x64, 0x61, 0x74, 0x61, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x04, 0x64, 0x61, 0x74, 0x61, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x12, 0x27, 0x0a, 0x0f, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x5f, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x65, 0x64, 0x22, 0x72, 0x0a, 0x0b, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x12, 0x0a, 0x03, 0x64, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x48, 0x00, 0x52, 0x03, 0x64, 0x65, 0x72, 0x12, 0x3d, 0x0a, 0x0a, 0x77, 0x65, 0x6c, 0x6c, 0x5f, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1c, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x57, 0x65, 0x6c, 0x6c, 0x4b, 0x6e, 0x6f, 0x77, 0x6e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x48, 0x00, 0x52, 0x09, 0x77, 0x65, 0x6c, 0x6c, 0x4b, 0x6e, 0x6f, 0x77, 0x6e, 0x42, 0x10, 0x0a, 0x0e, 0x72, 0x65, 0x70, 0x72, 0x65, 0x73, 0x65, 0x6e, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x4d, 0x0a, 0x08, 0x44, 0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65, 0x12, 0x29, 0x0a, 0x05, 0x63, 0x65, 0x72, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x05, 0x63, 0x65, 0x72, 0x74, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x68, 0x61, 0x73, 0x68, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0c, 0x52, 0x06, 0x68, 0x61, 0x73, 0x68, 0x65, 0x73, 0x22, 0xe7, 0x01, 0x0a, 0x0f, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x42, 0x6f, 0x6f, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x12, 0x20, 0x0a, 0x02, 0x64, 0x62, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x44, 0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65, 0x52, 0x02, 0x64, 0x62, 0x12, 0x22, 0x0a, 0x03, 0x64, 0x62, 0x78, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x44, 0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65, 0x52, 0x03, 0x64, 0x62, 0x78, 0x12, 0x2e, 0x0a, 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x44, 0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65, 0x52, 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x20, 0x0a, 0x02, 0x70, 0x6b, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x44, 0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65, 0x52, 0x02, 0x70, 0x6b, 0x12, 0x22, 0x0a, 0x03, 0x6b, 0x65, 0x6b, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x44, 0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65, 0x52, 0x03, 0x6b, 0x65, 0x6b, 0x22, 0x93, 0x04, 0x0a, 0x0e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x27, 0x0a, 0x0f, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x5f, 0x72, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x5f, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x44, 0x69, 0x67, 0x65, 0x73, 0x74, 0x12, 0x3c, 0x0a, 0x0e, 0x72, 0x65, 0x73, 0x74, 0x61, 0x72, 0x74, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x15, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x52, 0x65, 0x73, 0x74, 0x61, 0x72, 0x74, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x0d, 0x72, 0x65, 0x73, 0x74, 0x61, 0x72, 0x74, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x19, 0x0a, 0x08, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x49, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x61, 0x72, 0x67, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x04, 0x61, 0x72, 0x67, 0x73, 0x12, 0x3e, 0x0a, 0x08, 0x65, 0x6e, 0x76, 0x5f, 0x76, 0x61, 0x72, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x45, 0x6e, 0x76, 0x56, 0x61, 0x72, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x65, 0x6e, 0x76, 0x56, 0x61, 0x72, 0x73, 0x12, 0x27, 0x0a, 0x0f, 0x6f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x64, 0x65, 0x6e, 0x5f, 0x61, 0x72, 0x67, 0x73, 0x18, 0x07, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0e, 0x6f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x64, 0x65, 0x6e, 0x41, 0x72, 0x67, 0x73, 0x12, 0x5d, 0x0a, 0x13, 0x6f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x64, 0x65, 0x6e, 0x5f, 0x65, 0x6e, 0x76, 0x5f, 0x76, 0x61, 0x72, 0x73, 0x18, 0x08, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x2e, 0x4f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x64, 0x65, 0x6e, 0x45, 0x6e, 0x76, 0x56, 0x61, 0x72, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x11, 0x6f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x64, 0x65, 0x6e, 0x45, 0x6e, 0x76, 0x56, 0x61, 0x72, 0x73, 0x1a, 0x3a, 0x0a, 0x0c, 0x45, 0x6e, 0x76, 0x56, 0x61, 0x72, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x44, 0x0a, 0x16, 0x4f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x64, 0x65, 0x6e, 0x45, 0x6e, 0x76, 0x56, 0x61, 0x72, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x53, 0x0a, 0x0f, 0x53, 0x65, 0x6d, 0x61, 0x6e, 0x74, 0x69, 0x63, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x14, 0x0a, 0x05, 0x6d, 0x61, 0x6a, 0x6f, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x05, 0x6d, 0x61, 0x6a, 0x6f, 0x72, 0x12, 0x14, 0x0a, 0x05, 0x6d, 0x69, 0x6e, 0x6f, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x05, 0x6d, 0x69, 0x6e, 0x6f, 0x72, 0x12, 0x14, 0x0a, 0x05, 0x70, 0x61, 0x74, 0x63, 0x68, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x05, 0x70, 0x61, 0x74, 0x63, 0x68, 0x22, 0x56, 0x0a, 0x15, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x4d, 0x6f, 0x6e, 0x69, 0x74, 0x6f, 0x72, 0x69, 0x6e, 0x67, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x2a, 0x0a, 0x0e, 0x6d, 0x65, 0x6d, 0x6f, 0x72, 0x79, 0x5f, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x48, 0x00, 0x52, 0x0d, 0x6d, 0x65, 0x6d, 0x6f, 0x72, 0x79, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x88, 0x01, 0x01, 0x42, 0x11, 0x0a, 0x0f, 0x5f, 0x6d, 0x65, 0x6d, 0x6f, 0x72, 0x79, 0x5f, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x22, 0x42, 0x0a, 0x0e, 0x47, 0x70, 0x75, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x30, 0x0a, 0x07, 0x63, 0x63, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x17, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x47, 0x50, 0x55, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x43, 0x43, 0x4d, 0x6f, 0x64, 0x65, 0x52, 0x06, 0x63, 0x63, 0x4d, 0x6f, 0x64, 0x65, 0x22, 0xd4, 0x02, 0x0a, 0x10, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x65, 0x64, 0x43, 0x6f, 0x73, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x34, 0x0a, 0x09, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x43, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x09, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x12, 0x38, 0x0a, 0x0b, 0x63, 0x6f, 0x73, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x53, 0x65, 0x6d, 0x61, 0x6e, 0x74, 0x69, 0x63, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x0a, 0x63, 0x6f, 0x73, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x42, 0x0a, 0x10, 0x6c, 0x61, 0x75, 0x6e, 0x63, 0x68, 0x65, 0x72, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x53, 0x65, 0x6d, 0x61, 0x6e, 0x74, 0x69, 0x63, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x0f, 0x6c, 0x61, 0x75, 0x6e, 0x63, 0x68, 0x65, 0x72, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x4a, 0x0a, 0x11, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x5f, 0x6d, 0x6f, 0x6e, 0x69, 0x74, 0x6f, 0x72, 0x69, 0x6e, 0x67, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x4d, 0x6f, 0x6e, 0x69, 0x74, 0x6f, 0x72, 0x69, 0x6e, 0x67, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x10, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x4d, 0x6f, 0x6e, 0x69, 0x74, 0x6f, 0x72, 0x69, 0x6e, 0x67, 0x12, 0x40, 0x0a, 0x10, 0x67, 0x70, 0x75, 0x5f, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x47, 0x70, 0x75, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x0e, 0x67, 0x70, 0x75, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x53, 0x74, 0x61, 0x74, 0x65, 0x22, 0x20, 0x0a, 0x06, 0x45, 0x66, 0x69, 0x41, 0x70, 0x70, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x22, 0x2e, 0x0a, 0x08, 0x45, 0x66, 0x69, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x22, 0x0a, 0x04, 0x61, 0x70, 0x70, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x45, 0x66, 0x69, 0x41, 0x70, 0x70, 0x52, 0x04, 0x61, 0x70, 0x70, 0x73, 0x22, 0x93, 0x04, 0x0a, 0x0c, 0x4d, 0x61, 0x63, 0x68, 0x69, 0x6e, 0x65, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x31, 0x0a, 0x08, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x50, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x08, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x12, 0x38, 0x0a, 0x0b, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x5f, 0x62, 0x6f, 0x6f, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x53, 0x65, 0x63, 0x75, 0x72, 0x65, 0x42, 0x6f, 0x6f, 0x74, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x0a, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x42, 0x6f, 0x6f, 0x74, 0x12, 0x2c, 0x0a, 0x0a, 0x72, 0x61, 0x77, 0x5f, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0d, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x52, 0x09, 0x72, 0x61, 0x77, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x21, 0x0a, 0x04, 0x68, 0x61, 0x73, 0x68, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x0d, 0x2e, 0x74, 0x70, 0x6d, 0x2e, 0x48, 0x61, 0x73, 0x68, 0x41, 0x6c, 0x67, 0x6f, 0x52, 0x04, 0x68, 0x61, 0x73, 0x68, 0x12, 0x25, 0x0a, 0x04, 0x67, 0x72, 0x75, 0x62, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x47, 0x72, 0x75, 0x62, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x04, 0x67, 0x72, 0x75, 0x62, 0x12, 0x3b, 0x0a, 0x0c, 0x6c, 0x69, 0x6e, 0x75, 0x78, 0x5f, 0x6b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x4c, 0x69, 0x6e, 0x75, 0x78, 0x4b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x0b, 0x6c, 0x69, 0x6e, 0x75, 0x78, 0x4b, 0x65, 0x72, 0x6e, 0x65, 0x6c, 0x12, 0x2a, 0x0a, 0x03, 0x63, 0x6f, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x65, 0x64, 0x43, 0x6f, 0x73, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x03, 0x63, 0x6f, 0x73, 0x12, 0x22, 0x0a, 0x03, 0x65, 0x66, 0x69, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x45, 0x66, 0x69, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x03, 0x65, 0x66, 0x69, 0x12, 0x45, 0x0a, 0x13, 0x73, 0x65, 0x76, 0x5f, 0x73, 0x6e, 0x70, 0x5f, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x73, 0x65, 0x76, 0x73, 0x6e, 0x70, 0x2e, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x00, 0x52, 0x11, 0x73, 0x65, 0x76, 0x53, 0x6e, 0x70, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x37, 0x0a, 0x0f, 0x74, 0x64, 0x78, 0x5f, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0c, 0x2e, 0x74, 0x64, 0x78, 0x2e, 0x51, 0x75, 0x6f, 0x74, 0x65, 0x56, 0x34, 0x48, 0x00, 0x52, 0x0e, 0x74, 0x64, 0x78, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x11, 0x0a, 0x0f, 0x74, 0x65, 0x65, 0x5f, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0xde, 0x01, 0x0a, 0x0e, 0x50, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x39, 0x0a, 0x19, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x5f, 0x73, 0x63, 0x72, 0x74, 0x6d, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x64, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0c, 0x52, 0x16, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x65, 0x64, 0x53, 0x63, 0x72, 0x74, 0x6d, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x49, 0x64, 0x73, 0x12, 0x3f, 0x0a, 0x1c, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x5f, 0x67, 0x63, 0x65, 0x5f, 0x66, 0x69, 0x72, 0x6d, 0x77, 0x61, 0x72, 0x65, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x19, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x47, 0x63, 0x65, 0x46, 0x69, 0x72, 0x6d, 0x77, 0x61, 0x72, 0x65, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x50, 0x0a, 0x12, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x5f, 0x74, 0x65, 0x63, 0x68, 0x6e, 0x6f, 0x6c, 0x6f, 0x67, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x21, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x47, 0x43, 0x45, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x54, 0x65, 0x63, 0x68, 0x6e, 0x6f, 0x6c, 0x6f, 0x67, 0x79, 0x52, 0x11, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x54, 0x65, 0x63, 0x68, 0x6e, 0x6f, 0x6c, 0x6f, 0x67, 0x79, 0x22, 0x51, 0x0a, 0x09, 0x52, 0x49, 0x4d, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x25, 0x0a, 0x0e, 0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x5f, 0x73, 0x69, 0x67, 0x6e, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0d, 0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x53, 0x69, 0x67, 0x6e, 0x65, 0x64, 0x12, 0x1d, 0x0a, 0x0a, 0x72, 0x6f, 0x6f, 0x74, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0c, 0x52, 0x09, 0x72, 0x6f, 0x6f, 0x74, 0x43, 0x65, 0x72, 0x74, 0x73, 0x22, 0x35, 0x0a, 0x0c, 0x53, 0x65, 0x76, 0x53, 0x6e, 0x70, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x25, 0x0a, 0x04, 0x75, 0x65, 0x66, 0x69, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x52, 0x49, 0x4d, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x04, 0x75, 0x65, 0x66, 0x69, 0x22, 0x6b, 0x0a, 0x06, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x32, 0x0a, 0x08, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x50, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x08, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x12, 0x2d, 0x0a, 0x07, 0x73, 0x65, 0x76, 0x5f, 0x73, 0x6e, 0x70, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x53, 0x65, 0x76, 0x53, 0x6e, 0x70, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x06, 0x73, 0x65, 0x76, 0x53, 0x6e, 0x70, 0x2a, 0x62, 0x0a, 0x19, 0x47, 0x43, 0x45, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x54, 0x65, 0x63, 0x68, 0x6e, 0x6f, 0x6c, 0x6f, 0x67, 0x79, 0x12, 0x08, 0x0a, 0x04, 0x4e, 0x4f, 0x4e, 0x45, 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07, 0x41, 0x4d, 0x44, 0x5f, 0x53, 0x45, 0x56, 0x10, 0x01, 0x12, 0x0e, 0x0a, 0x0a, 0x41, 0x4d, 0x44, 0x5f, 0x53, 0x45, 0x56, 0x5f, 0x45, 0x53, 0x10, 0x02, 0x12, 0x0d, 0x0a, 0x09, 0x49, 0x4e, 0x54, 0x45, 0x4c, 0x5f, 0x54, 0x44, 0x58, 0x10, 0x03, 0x12, 0x0f, 0x0a, 0x0b, 0x41, 0x4d, 0x44, 0x5f, 0x53, 0x45, 0x56, 0x5f, 0x53, 0x4e, 0x50, 0x10, 0x04, 0x2a, 0x96, 0x01, 0x0a, 0x14, 0x57, 0x65, 0x6c, 0x6c, 0x4b, 0x6e, 0x6f, 0x77, 0x6e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x1c, 0x0a, 0x18, 0x4d, 0x53, 0x5f, 0x57, 0x49, 0x4e, 0x44, 0x4f, 0x57, 0x53, 0x5f, 0x50, 0x52, 0x4f, 0x44, 0x5f, 0x50, 0x43, 0x41, 0x5f, 0x32, 0x30, 0x31, 0x31, 0x10, 0x01, 0x12, 0x1f, 0x0a, 0x1b, 0x4d, 0x53, 0x5f, 0x54, 0x48, 0x49, 0x52, 0x44, 0x5f, 0x50, 0x41, 0x52, 0x54, 0x59, 0x5f, 0x55, 0x45, 0x46, 0x49, 0x5f, 0x43, 0x41, 0x5f, 0x32, 0x30, 0x31, 0x31, 0x10, 0x02, 0x12, 0x1e, 0x0a, 0x1a, 0x4d, 0x53, 0x5f, 0x54, 0x48, 0x49, 0x52, 0x44, 0x5f, 0x50, 0x41, 0x52, 0x54, 0x59, 0x5f, 0x4b, 0x45, 0x4b, 0x5f, 0x43, 0x41, 0x5f, 0x32, 0x30, 0x31, 0x31, 0x10, 0x03, 0x12, 0x12, 0x0a, 0x0e, 0x47, 0x43, 0x45, 0x5f, 0x44, 0x45, 0x46, 0x41, 0x55, 0x4c, 0x54, 0x5f, 0x50, 0x4b, 0x10, 0x04, 0x2a, 0x35, 0x0a, 0x0d, 0x52, 0x65, 0x73, 0x74, 0x61, 0x72, 0x74, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x0a, 0x0a, 0x06, 0x41, 0x6c, 0x77, 0x61, 0x79, 0x73, 0x10, 0x00, 0x12, 0x0d, 0x0a, 0x09, 0x4f, 0x6e, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x10, 0x01, 0x12, 0x09, 0x0a, 0x05, 0x4e, 0x65, 0x76, 0x65, 0x72, 0x10, 0x02, 0x2a, 0x3b, 0x0a, 0x0f, 0x47, 0x50, 0x55, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, 0x43, 0x43, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x09, 0x0a, 0x05, 0x55, 0x4e, 0x53, 0x45, 0x54, 0x10, 0x00, 0x12, 0x06, 0x0a, 0x02, 0x4f, 0x4e, 0x10, 0x01, 0x12, 0x07, 0x0a, 0x03, 0x4f, 0x46, 0x46, 0x10, 0x02, 0x12, 0x0c, 0x0a, 0x08, 0x44, 0x45, 0x56, 0x54, 0x4f, 0x4f, 0x4c, 0x53, 0x10, 0x03, 0x42, 0x2d, 0x5a, 0x2b, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x67, 0x6f, 0x2d, 0x74, 0x70, 0x6d, 0x2d, 0x74, 0x6f, 0x6f, 0x6c, 0x73, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( file_attest_proto_rawDescOnce sync.Once file_attest_proto_rawDescData = file_attest_proto_rawDesc ) func file_attest_proto_rawDescGZIP() []byte { file_attest_proto_rawDescOnce.Do(func() { file_attest_proto_rawDescData = protoimpl.X.CompressGZIP(file_attest_proto_rawDescData) }) return file_attest_proto_rawDescData } var file_attest_proto_enumTypes = make([]protoimpl.EnumInfo, 4) var file_attest_proto_msgTypes = make([]protoimpl.MessageInfo, 25) var file_attest_proto_goTypes = []interface{}{ (GCEConfidentialTechnology)(0), // 0: attest.GCEConfidentialTechnology (WellKnownCertificate)(0), // 1: attest.WellKnownCertificate (RestartPolicy)(0), // 2: attest.RestartPolicy (GPUDeviceCCMode)(0), // 3: attest.GPUDeviceCCMode (*GCEInstanceInfo)(nil), // 4: attest.GCEInstanceInfo (*Attestation)(nil), // 5: attest.Attestation (*SevSnpSvsmAttestation)(nil), // 6: attest.SevSnpSvsmAttestation (*PlatformState)(nil), // 7: attest.PlatformState (*GrubFile)(nil), // 8: attest.GrubFile (*GrubState)(nil), // 9: attest.GrubState (*LinuxKernelState)(nil), // 10: attest.LinuxKernelState (*Event)(nil), // 11: attest.Event (*Certificate)(nil), // 12: attest.Certificate (*Database)(nil), // 13: attest.Database (*SecureBootState)(nil), // 14: attest.SecureBootState (*ContainerState)(nil), // 15: attest.ContainerState (*SemanticVersion)(nil), // 16: attest.SemanticVersion (*HealthMonitoringState)(nil), // 17: attest.HealthMonitoringState (*GpuDeviceState)(nil), // 18: attest.GpuDeviceState (*AttestedCosState)(nil), // 19: attest.AttestedCosState (*EfiApp)(nil), // 20: attest.EfiApp (*EfiState)(nil), // 21: attest.EfiState (*MachineState)(nil), // 22: attest.MachineState (*PlatformPolicy)(nil), // 23: attest.PlatformPolicy (*RIMPolicy)(nil), // 24: attest.RIMPolicy (*SevSnpPolicy)(nil), // 25: attest.SevSnpPolicy (*Policy)(nil), // 26: attest.Policy nil, // 27: attest.ContainerState.EnvVarsEntry nil, // 28: attest.ContainerState.OverriddenEnvVarsEntry (*tpm.Quote)(nil), // 29: tpm.Quote (*sevsnp.Attestation)(nil), // 30: sevsnp.Attestation (*tdx.QuoteV4)(nil), // 31: tdx.QuoteV4 (tpm.HashAlgo)(0), // 32: tpm.HashAlgo } var file_attest_proto_depIdxs = []int32{ 29, // 0: attest.Attestation.quotes:type_name -> tpm.Quote 4, // 1: attest.Attestation.instance_info:type_name -> attest.GCEInstanceInfo 30, // 2: attest.Attestation.sev_snp_attestation:type_name -> sevsnp.Attestation 31, // 3: attest.Attestation.tdx_attestation:type_name -> tdx.QuoteV4 5, // 4: attest.SevSnpSvsmAttestation.attestation:type_name -> attest.Attestation 30, // 5: attest.SevSnpSvsmAttestation.sev_snp_attestation:type_name -> sevsnp.Attestation 0, // 6: attest.PlatformState.technology:type_name -> attest.GCEConfidentialTechnology 4, // 7: attest.PlatformState.instance_info:type_name -> attest.GCEInstanceInfo 8, // 8: attest.GrubState.files:type_name -> attest.GrubFile 1, // 9: attest.Certificate.well_known:type_name -> attest.WellKnownCertificate 12, // 10: attest.Database.certs:type_name -> attest.Certificate 13, // 11: attest.SecureBootState.db:type_name -> attest.Database 13, // 12: attest.SecureBootState.dbx:type_name -> attest.Database 13, // 13: attest.SecureBootState.authority:type_name -> attest.Database 13, // 14: attest.SecureBootState.pk:type_name -> attest.Database 13, // 15: attest.SecureBootState.kek:type_name -> attest.Database 2, // 16: attest.ContainerState.restart_policy:type_name -> attest.RestartPolicy 27, // 17: attest.ContainerState.env_vars:type_name -> attest.ContainerState.EnvVarsEntry 28, // 18: attest.ContainerState.overridden_env_vars:type_name -> attest.ContainerState.OverriddenEnvVarsEntry 3, // 19: attest.GpuDeviceState.cc_mode:type_name -> attest.GPUDeviceCCMode 15, // 20: attest.AttestedCosState.container:type_name -> attest.ContainerState 16, // 21: attest.AttestedCosState.cos_version:type_name -> attest.SemanticVersion 16, // 22: attest.AttestedCosState.launcher_version:type_name -> attest.SemanticVersion 17, // 23: attest.AttestedCosState.health_monitoring:type_name -> attest.HealthMonitoringState 18, // 24: attest.AttestedCosState.gpu_device_state:type_name -> attest.GpuDeviceState 20, // 25: attest.EfiState.apps:type_name -> attest.EfiApp 7, // 26: attest.MachineState.platform:type_name -> attest.PlatformState 14, // 27: attest.MachineState.secure_boot:type_name -> attest.SecureBootState 11, // 28: attest.MachineState.raw_events:type_name -> attest.Event 32, // 29: attest.MachineState.hash:type_name -> tpm.HashAlgo 9, // 30: attest.MachineState.grub:type_name -> attest.GrubState 10, // 31: attest.MachineState.linux_kernel:type_name -> attest.LinuxKernelState 19, // 32: attest.MachineState.cos:type_name -> attest.AttestedCosState 21, // 33: attest.MachineState.efi:type_name -> attest.EfiState 30, // 34: attest.MachineState.sev_snp_attestation:type_name -> sevsnp.Attestation 31, // 35: attest.MachineState.tdx_attestation:type_name -> tdx.QuoteV4 0, // 36: attest.PlatformPolicy.minimum_technology:type_name -> attest.GCEConfidentialTechnology 24, // 37: attest.SevSnpPolicy.uefi:type_name -> attest.RIMPolicy 23, // 38: attest.Policy.platform:type_name -> attest.PlatformPolicy 25, // 39: attest.Policy.sev_snp:type_name -> attest.SevSnpPolicy 40, // [40:40] is the sub-list for method output_type 40, // [40:40] is the sub-list for method input_type 40, // [40:40] is the sub-list for extension type_name 40, // [40:40] is the sub-list for extension extendee 0, // [0:40] is the sub-list for field type_name } func init() { file_attest_proto_init() } func file_attest_proto_init() { if File_attest_proto != nil { return } if !protoimpl.UnsafeEnabled { file_attest_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*GCEInstanceInfo); i { case 0: return &v.state case 1: return &v.sizeCache case 2: return &v.unknownFields default: return nil } } file_attest_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*Attestation); i { case 0: return &v.state case 1: return &v.sizeCache case 2: return &v.unknownFields default: return nil } } file_attest_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*SevSnpSvsmAttestation); i { case 0: return &v.state case 1: return &v.sizeCache case 2: return &v.unknownFields default: return nil } } file_attest_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*PlatformState); i { case 0: return &v.state case 1: return &v.sizeCache case 2: return &v.unknownFields default: return nil } } file_attest_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*GrubFile); i { case 0: return &v.state case 1: return &v.sizeCache case 2: return &v.unknownFields default: return nil } } file_attest_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*GrubState); i { case 0: return &v.state case 1: return &v.sizeCache case 2: return &v.unknownFields default: return nil } } file_attest_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*LinuxKernelState); i { case 0: return &v.state case 1: return &v.sizeCache case 2: return &v.unknownFields default: return nil } } file_attest_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*Event); i { case 0: return &v.state case 1: return &v.sizeCache case 2: return &v.unknownFields default: return nil } } file_attest_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*Certificate); i { case 0: return &v.state case 1: return &v.sizeCache case 2: return &v.unknownFields default: return nil } } file_attest_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*Database); i { case 0: return &v.state case 1: return &v.sizeCache case 2: return &v.unknownFields default: return nil } } file_attest_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*SecureBootState); i { case 0: return &v.state case 1: return &v.sizeCache case 2: return &v.unknownFields default: return nil } } file_attest_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*ContainerState); i { case 0: return &v.state case 1: return &v.sizeCache case 2: return &v.unknownFields default: return nil } } file_attest_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*SemanticVersion); i { case 0: return &v.state case 1: return &v.sizeCache case 2: return &v.unknownFields default: return nil } } file_attest_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*HealthMonitoringState); i { case 0: return &v.state case 1: return &v.sizeCache case 2: return &v.unknownFields default: return nil } } file_attest_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*GpuDeviceState); i { case 0: return &v.state case 1: return &v.sizeCache case 2: return &v.unknownFields default: return nil } } file_attest_proto_msgTypes[15].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*AttestedCosState); i { case 0: return &v.state case 1: return &v.sizeCache case 2: return &v.unknownFields default: return nil } } file_attest_proto_msgTypes[16].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*EfiApp); i { case 0: return &v.state case 1: return &v.sizeCache case 2: return &v.unknownFields default: return nil } } file_attest_proto_msgTypes[17].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*EfiState); i { case 0: return &v.state case 1: return &v.sizeCache case 2: return &v.unknownFields default: return nil } } file_attest_proto_msgTypes[18].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*MachineState); i { case 0: return &v.state case 1: return &v.sizeCache case 2: return &v.unknownFields default: return nil } } file_attest_proto_msgTypes[19].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*PlatformPolicy); i { case 0: return &v.state case 1: return &v.sizeCache case 2: return &v.unknownFields default: return nil } } file_attest_proto_msgTypes[20].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*RIMPolicy); i { case 0: return &v.state case 1: return &v.sizeCache case 2: return &v.unknownFields default: return nil } } file_attest_proto_msgTypes[21].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*SevSnpPolicy); i { case 0: return &v.state case 1: return &v.sizeCache case 2: return &v.unknownFields default: return nil } } file_attest_proto_msgTypes[22].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*Policy); i { case 0: return &v.state case 1: return &v.sizeCache case 2: return &v.unknownFields default: return nil } } } file_attest_proto_msgTypes[1].OneofWrappers = []interface{}{ (*Attestation_SevSnpAttestation)(nil), (*Attestation_TdxAttestation)(nil), } file_attest_proto_msgTypes[3].OneofWrappers = []interface{}{ (*PlatformState_ScrtmVersionId)(nil), (*PlatformState_GceVersion)(nil), } file_attest_proto_msgTypes[8].OneofWrappers = []interface{}{ (*Certificate_Der)(nil), (*Certificate_WellKnown)(nil), } file_attest_proto_msgTypes[13].OneofWrappers = []interface{}{} file_attest_proto_msgTypes[18].OneofWrappers = []interface{}{ (*MachineState_SevSnpAttestation)(nil), (*MachineState_TdxAttestation)(nil), } type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_attest_proto_rawDesc, NumEnums: 4, NumMessages: 25, NumExtensions: 0, NumServices: 0, }, GoTypes: file_attest_proto_goTypes, DependencyIndexes: file_attest_proto_depIdxs, EnumInfos: file_attest_proto_enumTypes, MessageInfos: file_attest_proto_msgTypes, }.Build() File_attest_proto = out.File file_attest_proto_rawDesc = nil file_attest_proto_goTypes = nil file_attest_proto_depIdxs = nil } go-tpm-tools-0.4.7/proto/doc.go000066400000000000000000000021171510276467000163330ustar00rootroot00000000000000// Package proto contains protocol buffers that are exchanged between the client // and server. // // # Generating Protocol Buffer Code // // Anytime the Protocol Buffer definitions change, the generated Go code must be // regenerated. This can be done with "go generate". Just run: // // go generate ./... // // Upstream documentation: // https://developers.google.com/protocol-buffers/docs/reference/go-generated // // # Code Generation Dependencies // // To generate the Go code, your system must have "protoc" installed. See: // https://github.com/protocolbuffers/protobuf#protocol-compiler-installation // // The "protoc-gen-go" tool must also be installed. To install it, run: // // go install google.golang.org/protobuf/cmd/protoc-gen-go // // If you see a 'protoc-gen-go: program not found or is not executable' error // for the 'go generate' command, run the following: // // echo 'export PATH=$PATH:$GOPATH/bin' >> $HOME/.bashrc // source $HOME/.bashrc package proto //go:generate ./gen_attest.sh //go:generate protoc --go_out=. --go_opt=module=github.com/google/go-tpm-tools/proto tpm.proto go-tpm-tools-0.4.7/proto/gen_attest.sh000077500000000000000000000004031510276467000177270ustar00rootroot00000000000000#!/bin/bash protoc -I. -I`go list -m -f "{{.Dir}}" github.com/google/go-sev-guest` -I`go list -m -f "{{.Dir}}" github.com/google/go-tdx-guest` --go_out=. --go_opt=module=github.com/google/go-tpm-tools/proto --experimental_allow_proto3_optional attest.proto go-tpm-tools-0.4.7/proto/tpm.proto000066400000000000000000000027041510276467000171260ustar00rootroot00000000000000syntax = "proto3"; package tpm; option go_package = "github.com/google/go-tpm-tools/proto/tpm"; // Enum values come from TCG Algorithm Registry - v1.27 - Table 3 enum ObjectType { OBJECT_INVALID = 0x0000; RSA = 0x0001; ECC = 0x0023; } enum HashAlgo { HASH_INVALID = 0x0000; SHA1 = 0x0004; SHA256 = 0x000B; SHA384 = 0x000C; SHA512 = 0x000D; } // SealedBytes stores the result of a TPM2_Seal. The private portion (priv) has // already been encrypted and is no longer sensitive. The hash algorithm is // assumed to be SHA256. message SealedBytes { bytes priv = 1; bytes pub = 2; repeated uint32 pcrs = 3; HashAlgo hash = 4; ObjectType srk = 5; PCRs certified_pcrs = 6; bytes creation_data = 7; bytes ticket = 8; } message ImportBlob { bytes duplicate = 1; bytes encrypted_seed = 2; bytes public_area = 3; PCRs pcrs = 4; } message Quote { // TPM2 quote, encoded as a TPMS_ATTEST bytes quote = 1; // TPM2 signature, encoded as a TPMT_SIGNATURE bytes raw_sig = 2; // PCR values of the bank being quoted PCRs pcrs = 3; } message PCRs { HashAlgo hash = 1; map pcrs = 2; } // Contains information corresponding an object certified with TPM2_Certify. message CertifiedBlob { // Public area of certified object, encoded as a TPMT_PUBLIC bytes pub_area = 1; // TPM2 certification, encoded as a TPMS_ATTEST bytes certify_info = 2; // TPM2 signature, encoded as a TPMT_Signature bytes raw_sig = 3; }go-tpm-tools-0.4.7/proto/tpm/000077500000000000000000000000001510276467000160365ustar00rootroot00000000000000go-tpm-tools-0.4.7/proto/tpm/tpm.pb.go000066400000000000000000000514631510276467000175760ustar00rootroot00000000000000// Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.0 // protoc v3.20.1 // source: tpm.proto package tpm import ( protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" reflect "reflect" sync "sync" ) const ( // Verify that this generated code is sufficiently up-to-date. _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) // Verify that runtime/protoimpl is sufficiently up-to-date. _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) ) // Enum values come from TCG Algorithm Registry - v1.27 - Table 3 type ObjectType int32 const ( ObjectType_OBJECT_INVALID ObjectType = 0 ObjectType_RSA ObjectType = 1 ObjectType_ECC ObjectType = 35 ) // Enum value maps for ObjectType. var ( ObjectType_name = map[int32]string{ 0: "OBJECT_INVALID", 1: "RSA", 35: "ECC", } ObjectType_value = map[string]int32{ "OBJECT_INVALID": 0, "RSA": 1, "ECC": 35, } ) func (x ObjectType) Enum() *ObjectType { p := new(ObjectType) *p = x return p } func (x ObjectType) String() string { return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) } func (ObjectType) Descriptor() protoreflect.EnumDescriptor { return file_tpm_proto_enumTypes[0].Descriptor() } func (ObjectType) Type() protoreflect.EnumType { return &file_tpm_proto_enumTypes[0] } func (x ObjectType) Number() protoreflect.EnumNumber { return protoreflect.EnumNumber(x) } // Deprecated: Use ObjectType.Descriptor instead. func (ObjectType) EnumDescriptor() ([]byte, []int) { return file_tpm_proto_rawDescGZIP(), []int{0} } type HashAlgo int32 const ( HashAlgo_HASH_INVALID HashAlgo = 0 HashAlgo_SHA1 HashAlgo = 4 HashAlgo_SHA256 HashAlgo = 11 HashAlgo_SHA384 HashAlgo = 12 HashAlgo_SHA512 HashAlgo = 13 ) // Enum value maps for HashAlgo. var ( HashAlgo_name = map[int32]string{ 0: "HASH_INVALID", 4: "SHA1", 11: "SHA256", 12: "SHA384", 13: "SHA512", } HashAlgo_value = map[string]int32{ "HASH_INVALID": 0, "SHA1": 4, "SHA256": 11, "SHA384": 12, "SHA512": 13, } ) func (x HashAlgo) Enum() *HashAlgo { p := new(HashAlgo) *p = x return p } func (x HashAlgo) String() string { return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) } func (HashAlgo) Descriptor() protoreflect.EnumDescriptor { return file_tpm_proto_enumTypes[1].Descriptor() } func (HashAlgo) Type() protoreflect.EnumType { return &file_tpm_proto_enumTypes[1] } func (x HashAlgo) Number() protoreflect.EnumNumber { return protoreflect.EnumNumber(x) } // Deprecated: Use HashAlgo.Descriptor instead. func (HashAlgo) EnumDescriptor() ([]byte, []int) { return file_tpm_proto_rawDescGZIP(), []int{1} } // SealedBytes stores the result of a TPM2_Seal. The private portion (priv) has // already been encrypted and is no longer sensitive. The hash algorithm is // assumed to be SHA256. type SealedBytes struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields Priv []byte `protobuf:"bytes,1,opt,name=priv,proto3" json:"priv,omitempty"` Pub []byte `protobuf:"bytes,2,opt,name=pub,proto3" json:"pub,omitempty"` Pcrs []uint32 `protobuf:"varint,3,rep,packed,name=pcrs,proto3" json:"pcrs,omitempty"` Hash HashAlgo `protobuf:"varint,4,opt,name=hash,proto3,enum=tpm.HashAlgo" json:"hash,omitempty"` Srk ObjectType `protobuf:"varint,5,opt,name=srk,proto3,enum=tpm.ObjectType" json:"srk,omitempty"` CertifiedPcrs *PCRs `protobuf:"bytes,6,opt,name=certified_pcrs,json=certifiedPcrs,proto3" json:"certified_pcrs,omitempty"` CreationData []byte `protobuf:"bytes,7,opt,name=creation_data,json=creationData,proto3" json:"creation_data,omitempty"` Ticket []byte `protobuf:"bytes,8,opt,name=ticket,proto3" json:"ticket,omitempty"` } func (x *SealedBytes) Reset() { *x = SealedBytes{} if protoimpl.UnsafeEnabled { mi := &file_tpm_proto_msgTypes[0] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } } func (x *SealedBytes) String() string { return protoimpl.X.MessageStringOf(x) } func (*SealedBytes) ProtoMessage() {} func (x *SealedBytes) ProtoReflect() protoreflect.Message { mi := &file_tpm_proto_msgTypes[0] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use SealedBytes.ProtoReflect.Descriptor instead. func (*SealedBytes) Descriptor() ([]byte, []int) { return file_tpm_proto_rawDescGZIP(), []int{0} } func (x *SealedBytes) GetPriv() []byte { if x != nil { return x.Priv } return nil } func (x *SealedBytes) GetPub() []byte { if x != nil { return x.Pub } return nil } func (x *SealedBytes) GetPcrs() []uint32 { if x != nil { return x.Pcrs } return nil } func (x *SealedBytes) GetHash() HashAlgo { if x != nil { return x.Hash } return HashAlgo_HASH_INVALID } func (x *SealedBytes) GetSrk() ObjectType { if x != nil { return x.Srk } return ObjectType_OBJECT_INVALID } func (x *SealedBytes) GetCertifiedPcrs() *PCRs { if x != nil { return x.CertifiedPcrs } return nil } func (x *SealedBytes) GetCreationData() []byte { if x != nil { return x.CreationData } return nil } func (x *SealedBytes) GetTicket() []byte { if x != nil { return x.Ticket } return nil } type ImportBlob struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields Duplicate []byte `protobuf:"bytes,1,opt,name=duplicate,proto3" json:"duplicate,omitempty"` EncryptedSeed []byte `protobuf:"bytes,2,opt,name=encrypted_seed,json=encryptedSeed,proto3" json:"encrypted_seed,omitempty"` PublicArea []byte `protobuf:"bytes,3,opt,name=public_area,json=publicArea,proto3" json:"public_area,omitempty"` Pcrs *PCRs `protobuf:"bytes,4,opt,name=pcrs,proto3" json:"pcrs,omitempty"` } func (x *ImportBlob) Reset() { *x = ImportBlob{} if protoimpl.UnsafeEnabled { mi := &file_tpm_proto_msgTypes[1] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } } func (x *ImportBlob) String() string { return protoimpl.X.MessageStringOf(x) } func (*ImportBlob) ProtoMessage() {} func (x *ImportBlob) ProtoReflect() protoreflect.Message { mi := &file_tpm_proto_msgTypes[1] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use ImportBlob.ProtoReflect.Descriptor instead. func (*ImportBlob) Descriptor() ([]byte, []int) { return file_tpm_proto_rawDescGZIP(), []int{1} } func (x *ImportBlob) GetDuplicate() []byte { if x != nil { return x.Duplicate } return nil } func (x *ImportBlob) GetEncryptedSeed() []byte { if x != nil { return x.EncryptedSeed } return nil } func (x *ImportBlob) GetPublicArea() []byte { if x != nil { return x.PublicArea } return nil } func (x *ImportBlob) GetPcrs() *PCRs { if x != nil { return x.Pcrs } return nil } type Quote struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields // TPM2 quote, encoded as a TPMS_ATTEST Quote []byte `protobuf:"bytes,1,opt,name=quote,proto3" json:"quote,omitempty"` // TPM2 signature, encoded as a TPMT_SIGNATURE RawSig []byte `protobuf:"bytes,2,opt,name=raw_sig,json=rawSig,proto3" json:"raw_sig,omitempty"` // PCR values of the bank being quoted Pcrs *PCRs `protobuf:"bytes,3,opt,name=pcrs,proto3" json:"pcrs,omitempty"` } func (x *Quote) Reset() { *x = Quote{} if protoimpl.UnsafeEnabled { mi := &file_tpm_proto_msgTypes[2] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } } func (x *Quote) String() string { return protoimpl.X.MessageStringOf(x) } func (*Quote) ProtoMessage() {} func (x *Quote) ProtoReflect() protoreflect.Message { mi := &file_tpm_proto_msgTypes[2] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use Quote.ProtoReflect.Descriptor instead. func (*Quote) Descriptor() ([]byte, []int) { return file_tpm_proto_rawDescGZIP(), []int{2} } func (x *Quote) GetQuote() []byte { if x != nil { return x.Quote } return nil } func (x *Quote) GetRawSig() []byte { if x != nil { return x.RawSig } return nil } func (x *Quote) GetPcrs() *PCRs { if x != nil { return x.Pcrs } return nil } type PCRs struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields Hash HashAlgo `protobuf:"varint,1,opt,name=hash,proto3,enum=tpm.HashAlgo" json:"hash,omitempty"` Pcrs map[uint32][]byte `protobuf:"bytes,2,rep,name=pcrs,proto3" json:"pcrs,omitempty" protobuf_key:"varint,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` } func (x *PCRs) Reset() { *x = PCRs{} if protoimpl.UnsafeEnabled { mi := &file_tpm_proto_msgTypes[3] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } } func (x *PCRs) String() string { return protoimpl.X.MessageStringOf(x) } func (*PCRs) ProtoMessage() {} func (x *PCRs) ProtoReflect() protoreflect.Message { mi := &file_tpm_proto_msgTypes[3] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use PCRs.ProtoReflect.Descriptor instead. func (*PCRs) Descriptor() ([]byte, []int) { return file_tpm_proto_rawDescGZIP(), []int{3} } func (x *PCRs) GetHash() HashAlgo { if x != nil { return x.Hash } return HashAlgo_HASH_INVALID } func (x *PCRs) GetPcrs() map[uint32][]byte { if x != nil { return x.Pcrs } return nil } // Contains information corresponding an object certified with TPM2_Certify. type CertifiedBlob struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields // Public area of certified object, encoded as a TPMT_PUBLIC PubArea []byte `protobuf:"bytes,1,opt,name=pub_area,json=pubArea,proto3" json:"pub_area,omitempty"` // TPM2 certification, encoded as a TPMS_ATTEST CertifyInfo []byte `protobuf:"bytes,2,opt,name=certify_info,json=certifyInfo,proto3" json:"certify_info,omitempty"` // TPM2 signature, encoded as a TPMT_Signature RawSig []byte `protobuf:"bytes,3,opt,name=raw_sig,json=rawSig,proto3" json:"raw_sig,omitempty"` } func (x *CertifiedBlob) Reset() { *x = CertifiedBlob{} if protoimpl.UnsafeEnabled { mi := &file_tpm_proto_msgTypes[4] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } } func (x *CertifiedBlob) String() string { return protoimpl.X.MessageStringOf(x) } func (*CertifiedBlob) ProtoMessage() {} func (x *CertifiedBlob) ProtoReflect() protoreflect.Message { mi := &file_tpm_proto_msgTypes[4] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) } return ms } return mi.MessageOf(x) } // Deprecated: Use CertifiedBlob.ProtoReflect.Descriptor instead. func (*CertifiedBlob) Descriptor() ([]byte, []int) { return file_tpm_proto_rawDescGZIP(), []int{4} } func (x *CertifiedBlob) GetPubArea() []byte { if x != nil { return x.PubArea } return nil } func (x *CertifiedBlob) GetCertifyInfo() []byte { if x != nil { return x.CertifyInfo } return nil } func (x *CertifiedBlob) GetRawSig() []byte { if x != nil { return x.RawSig } return nil } var File_tpm_proto protoreflect.FileDescriptor var file_tpm_proto_rawDesc = []byte{ 0x0a, 0x09, 0x74, 0x70, 0x6d, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x03, 0x74, 0x70, 0x6d, 0x22, 0xfc, 0x01, 0x0a, 0x0b, 0x53, 0x65, 0x61, 0x6c, 0x65, 0x64, 0x42, 0x79, 0x74, 0x65, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x72, 0x69, 0x76, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x04, 0x70, 0x72, 0x69, 0x76, 0x12, 0x10, 0x0a, 0x03, 0x70, 0x75, 0x62, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x03, 0x70, 0x75, 0x62, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x63, 0x72, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0d, 0x52, 0x04, 0x70, 0x63, 0x72, 0x73, 0x12, 0x21, 0x0a, 0x04, 0x68, 0x61, 0x73, 0x68, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x0d, 0x2e, 0x74, 0x70, 0x6d, 0x2e, 0x48, 0x61, 0x73, 0x68, 0x41, 0x6c, 0x67, 0x6f, 0x52, 0x04, 0x68, 0x61, 0x73, 0x68, 0x12, 0x21, 0x0a, 0x03, 0x73, 0x72, 0x6b, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x0f, 0x2e, 0x74, 0x70, 0x6d, 0x2e, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x54, 0x79, 0x70, 0x65, 0x52, 0x03, 0x73, 0x72, 0x6b, 0x12, 0x30, 0x0a, 0x0e, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x65, 0x64, 0x5f, 0x70, 0x63, 0x72, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x09, 0x2e, 0x74, 0x70, 0x6d, 0x2e, 0x50, 0x43, 0x52, 0x73, 0x52, 0x0d, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x65, 0x64, 0x50, 0x63, 0x72, 0x73, 0x12, 0x23, 0x0a, 0x0d, 0x63, 0x72, 0x65, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x64, 0x61, 0x74, 0x61, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0c, 0x63, 0x72, 0x65, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x44, 0x61, 0x74, 0x61, 0x12, 0x16, 0x0a, 0x06, 0x74, 0x69, 0x63, 0x6b, 0x65, 0x74, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x74, 0x69, 0x63, 0x6b, 0x65, 0x74, 0x22, 0x91, 0x01, 0x0a, 0x0a, 0x49, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x42, 0x6c, 0x6f, 0x62, 0x12, 0x1c, 0x0a, 0x09, 0x64, 0x75, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x09, 0x64, 0x75, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x25, 0x0a, 0x0e, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x64, 0x5f, 0x73, 0x65, 0x65, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0d, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x64, 0x53, 0x65, 0x65, 0x64, 0x12, 0x1f, 0x0a, 0x0b, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x5f, 0x61, 0x72, 0x65, 0x61, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0a, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x41, 0x72, 0x65, 0x61, 0x12, 0x1d, 0x0a, 0x04, 0x70, 0x63, 0x72, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x09, 0x2e, 0x74, 0x70, 0x6d, 0x2e, 0x50, 0x43, 0x52, 0x73, 0x52, 0x04, 0x70, 0x63, 0x72, 0x73, 0x22, 0x55, 0x0a, 0x05, 0x51, 0x75, 0x6f, 0x74, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x71, 0x75, 0x6f, 0x74, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x05, 0x71, 0x75, 0x6f, 0x74, 0x65, 0x12, 0x17, 0x0a, 0x07, 0x72, 0x61, 0x77, 0x5f, 0x73, 0x69, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x72, 0x61, 0x77, 0x53, 0x69, 0x67, 0x12, 0x1d, 0x0a, 0x04, 0x70, 0x63, 0x72, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x09, 0x2e, 0x74, 0x70, 0x6d, 0x2e, 0x50, 0x43, 0x52, 0x73, 0x52, 0x04, 0x70, 0x63, 0x72, 0x73, 0x22, 0x8b, 0x01, 0x0a, 0x04, 0x50, 0x43, 0x52, 0x73, 0x12, 0x21, 0x0a, 0x04, 0x68, 0x61, 0x73, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x0d, 0x2e, 0x74, 0x70, 0x6d, 0x2e, 0x48, 0x61, 0x73, 0x68, 0x41, 0x6c, 0x67, 0x6f, 0x52, 0x04, 0x68, 0x61, 0x73, 0x68, 0x12, 0x27, 0x0a, 0x04, 0x70, 0x63, 0x72, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x74, 0x70, 0x6d, 0x2e, 0x50, 0x43, 0x52, 0x73, 0x2e, 0x50, 0x63, 0x72, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x70, 0x63, 0x72, 0x73, 0x1a, 0x37, 0x0a, 0x09, 0x50, 0x63, 0x72, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x66, 0x0a, 0x0d, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x65, 0x64, 0x42, 0x6c, 0x6f, 0x62, 0x12, 0x19, 0x0a, 0x08, 0x70, 0x75, 0x62, 0x5f, 0x61, 0x72, 0x65, 0x61, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x07, 0x70, 0x75, 0x62, 0x41, 0x72, 0x65, 0x61, 0x12, 0x21, 0x0a, 0x0c, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x79, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0b, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x79, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x17, 0x0a, 0x07, 0x72, 0x61, 0x77, 0x5f, 0x73, 0x69, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x72, 0x61, 0x77, 0x53, 0x69, 0x67, 0x2a, 0x32, 0x0a, 0x0a, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x54, 0x79, 0x70, 0x65, 0x12, 0x12, 0x0a, 0x0e, 0x4f, 0x42, 0x4a, 0x45, 0x43, 0x54, 0x5f, 0x49, 0x4e, 0x56, 0x41, 0x4c, 0x49, 0x44, 0x10, 0x00, 0x12, 0x07, 0x0a, 0x03, 0x52, 0x53, 0x41, 0x10, 0x01, 0x12, 0x07, 0x0a, 0x03, 0x45, 0x43, 0x43, 0x10, 0x23, 0x2a, 0x4a, 0x0a, 0x08, 0x48, 0x61, 0x73, 0x68, 0x41, 0x6c, 0x67, 0x6f, 0x12, 0x10, 0x0a, 0x0c, 0x48, 0x41, 0x53, 0x48, 0x5f, 0x49, 0x4e, 0x56, 0x41, 0x4c, 0x49, 0x44, 0x10, 0x00, 0x12, 0x08, 0x0a, 0x04, 0x53, 0x48, 0x41, 0x31, 0x10, 0x04, 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x0b, 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x48, 0x41, 0x33, 0x38, 0x34, 0x10, 0x0c, 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x48, 0x41, 0x35, 0x31, 0x32, 0x10, 0x0d, 0x42, 0x2a, 0x5a, 0x28, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x67, 0x6f, 0x2d, 0x74, 0x70, 0x6d, 0x2d, 0x74, 0x6f, 0x6f, 0x6c, 0x73, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x74, 0x70, 0x6d, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( file_tpm_proto_rawDescOnce sync.Once file_tpm_proto_rawDescData = file_tpm_proto_rawDesc ) func file_tpm_proto_rawDescGZIP() []byte { file_tpm_proto_rawDescOnce.Do(func() { file_tpm_proto_rawDescData = protoimpl.X.CompressGZIP(file_tpm_proto_rawDescData) }) return file_tpm_proto_rawDescData } var file_tpm_proto_enumTypes = make([]protoimpl.EnumInfo, 2) var file_tpm_proto_msgTypes = make([]protoimpl.MessageInfo, 6) var file_tpm_proto_goTypes = []interface{}{ (ObjectType)(0), // 0: tpm.ObjectType (HashAlgo)(0), // 1: tpm.HashAlgo (*SealedBytes)(nil), // 2: tpm.SealedBytes (*ImportBlob)(nil), // 3: tpm.ImportBlob (*Quote)(nil), // 4: tpm.Quote (*PCRs)(nil), // 5: tpm.PCRs (*CertifiedBlob)(nil), // 6: tpm.CertifiedBlob nil, // 7: tpm.PCRs.PcrsEntry } var file_tpm_proto_depIdxs = []int32{ 1, // 0: tpm.SealedBytes.hash:type_name -> tpm.HashAlgo 0, // 1: tpm.SealedBytes.srk:type_name -> tpm.ObjectType 5, // 2: tpm.SealedBytes.certified_pcrs:type_name -> tpm.PCRs 5, // 3: tpm.ImportBlob.pcrs:type_name -> tpm.PCRs 5, // 4: tpm.Quote.pcrs:type_name -> tpm.PCRs 1, // 5: tpm.PCRs.hash:type_name -> tpm.HashAlgo 7, // 6: tpm.PCRs.pcrs:type_name -> tpm.PCRs.PcrsEntry 7, // [7:7] is the sub-list for method output_type 7, // [7:7] is the sub-list for method input_type 7, // [7:7] is the sub-list for extension type_name 7, // [7:7] is the sub-list for extension extendee 0, // [0:7] is the sub-list for field type_name } func init() { file_tpm_proto_init() } func file_tpm_proto_init() { if File_tpm_proto != nil { return } if !protoimpl.UnsafeEnabled { file_tpm_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*SealedBytes); i { case 0: return &v.state case 1: return &v.sizeCache case 2: return &v.unknownFields default: return nil } } file_tpm_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*ImportBlob); i { case 0: return &v.state case 1: return &v.sizeCache case 2: return &v.unknownFields default: return nil } } file_tpm_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*Quote); i { case 0: return &v.state case 1: return &v.sizeCache case 2: return &v.unknownFields default: return nil } } file_tpm_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*PCRs); i { case 0: return &v.state case 1: return &v.sizeCache case 2: return &v.unknownFields default: return nil } } file_tpm_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*CertifiedBlob); i { case 0: return &v.state case 1: return &v.sizeCache case 2: return &v.unknownFields default: return nil } } } type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_tpm_proto_rawDesc, NumEnums: 2, NumMessages: 6, NumExtensions: 0, NumServices: 0, }, GoTypes: file_tpm_proto_goTypes, DependencyIndexes: file_tpm_proto_depIdxs, EnumInfos: file_tpm_proto_enumTypes, MessageInfos: file_tpm_proto_msgTypes, }.Build() File_tpm_proto = out.File file_tpm_proto_rawDesc = nil file_tpm_proto_goTypes = nil file_tpm_proto_depIdxs = nil } go-tpm-tools-0.4.7/run_cloudbuild.sh000077500000000000000000000017621510276467000174520ustar00rootroot00000000000000#!/bin/bash # Run the script: ./run_cloudbuild.sh set -euxo pipefail # Append a timestamp, as there is a check in finish-image-build that checks if # the image already exists. IMAGE_SUFFIX="$USER-test-image-`date +%s`" DIR=$(dirname -- "${BASH_SOURCE[0]}") echo "Running Cloud Build on directory $DIR" # If you get the error: # googleapi: Error 403: Required 'compute.images.get' permission for 'foo', forbidden # # Ensure you grant Cloud Build access to Compute Images: # https://pantheon.corp.google.com/compute/images?referrer=search&tab=exports&project=$PROJECT_ID gcloud beta builds submit --config=${DIR}/cloudbuild.yaml \ --substitutions=_OUTPUT_IMAGE_SUFFIX="${IMAGE_SUFFIX}" echo "Image creation successful." echo "Create a VM using the debug image confidential-space-debug-${IMAGE_SUFFIX}" echo "gcloud compute instances create confidential-space-test --image=confidential-space-debug-${IMAGE_SUFFIX} --metadata ..." echo "Or use the hardened image confidential-space-hardened-${IMAGE_SUFFIX}" go-tpm-tools-0.4.7/server/000077500000000000000000000000001510276467000154015ustar00rootroot00000000000000go-tpm-tools-0.4.7/server/ca-certs/000077500000000000000000000000001510276467000171025ustar00rootroot00000000000000go-tpm-tools-0.4.7/server/ca-certs/gcp_ek_ak_ca_intermediate_v3.crt000066400000000000000000000034461510276467000253330ustar00rootroot000000000000000‚"0‚  gkâ.ê3ŸR`hm ˆ¯zd^\?0  *†H†÷  0~1 0 UUS10U California10U Mountain View10U  Google LLC10U  Google Cloud10U EK/AK CA Root0  220823222629Z21220708055723Z0†1 0 UUS10U California10U Mountain View10U  Google LLC10U  Google Cloud10UEK/AK CA Intermediate0‚"0  *†H†÷ ‚0‚ ‚ c×€aªdZqÖÑYê6_ˆjG½)@ NµÛ?¼Pºœˆ‹Ã¢,4{45|ÿéÀ¨MGÀþ~&É&[™ÃYnÖåy¶²ìç ?¿B}Q—ð$Õ0{eûúþΌoíá=óªÝkZ ç˜I\Kt/poYõi>&Á–‰-Jª›I\ëšíHX½?áá’îæmÕ?üÿ>ŽUÓ<Ñ!lûB\fÃ,Ê}½ðYM˜ŒÙw¸yÞ•ty­U$½âdA&·FL/³tI–×íë6dŠþÝ–®¶dœýë³…–Kþ(ÐÒzmÌè½7Éç 7 é…ʪW;‹ÝP™üê2G<½¬ô –GõPk[àú™I¡Ð\|7ûYK$8ñ=/ùªý …Uƒ•÷uI}wIY-¬ul Î]î)uKå¶ÀEqø­ÖQÿöõ aD¶w Ù2ôÚð|a1z]9ÈtEáØn(ýf× oB—o£¹ é˜+åFó­Lž·] á³REùÞÍÑÖʼǙÿ6ÓÇÞÓ¯“:?¤ìÇ'æ¦5^à Ì¡fT}„l5¦2„!@ŠL–ß/âö@7Oìä¶)ͦTp»½>f†û㙡TåR±ÿ Á|¤Ä°ßšÊÕ¨  *ï$Mf2hÈW€õ Œ©çÐ0¬…"cWºe£‚Œ0‚ˆ0Uÿ0U% 0g0Uÿ0ÿ0UéfsTgfïÝe¿åè\ã‘ ›R0U#0€IçJ[V)õy·¦0<²çÝL0+€0~0|+0†phttp://privateca-content-62d71773-0000-21da-852e-f4f5e80d7778.storage.googleapis.com/032bf9d39db4fa06aade/ca.crt0‚U{0y0w u s†qhttp://privateca-content-62d71773-0000-21da-852e-f4f5e80d7778.storage.googleapis.com/032bf9d39db4fa06aade/crl.crl0  *†H†÷  ‚“®PE!ÄiÍU¡¤Ÿ´.æÂûò³êzfe)m€n;Åþjçhè}-U ô2î=Ì"ôªþ£ù dÄåöö¬/ÒJ*®‹QÂ$Ö‹´rÙs.¸ÚË‚Š´Ëèïâaçz¿"_Ó¸²°Â´£FÄx(D‡uÏ@Úåø7­÷ø}AºHa ÇBX‘Ãöª”óÞkap²^ù­Ž¸Ø/=qlèvð~$6çYÜ¥} úPê™ã;®®ý¯˜žÕwé mm&KfÄ“õ…Nµjµ"E.=9jú© z`êÙ¬ê¸Þà‘EþóAéöÊûØ‹°+H¼¨Û=|¼V4H•Ó}Hë]v¡Î¥ñ·×SèÛdbü§~rŸÑÒ`;Þ^ó÷m" z®yúÜ´³£Y~U«œžµœœz0þA¨í?Ë„›4å¾åwyÿ®#Ê&£aû¦ôØ뺶6ZÅk¡hö÷ó a&3Öÿ=îXd¾‚sMaWvÅr¦M¬ËÕÈ]lsŒâ<Ã6Àmn˜6ƯȨޤ‡þðºÖ™y×go-tpm-tools-0.4.7/server/ca-certs/gcp_ek_ak_ca_root.crt000066400000000000000000000030051510276467000232230ustar00rootroot000000000000000‚0‚é ¦]¤ùã(ó€5ç=OrC+ßÜ0  *†H†÷  0~1 0 UUS10U California10U Mountain View10U  Google LLC10U  Google Cloud10U EK/AK CA Root0  220708004034Z21220708055723Z0~1 0 UUS10U California10U Mountain View10U  Google LLC10U  Google Cloud10U EK/AK CA Root0‚"0  *†H†÷ ‚0‚ ‚%õP¨È–KJ‰|+(M¥´»¤î‰Á:¦ÚÝ·!“œ¼RƒE‰Ý®ÚÄ+¹Ç¨ŠlkÓG ªóÞÃ?7ñ<˜SGˆ.ÉW÷¤úf’Ée j{̇’‘’³r£ÞÎXakDyÀ•3làËJ¼gÀùbãÐ:6ˆ¼GÔu‰Ë Þ°Iu÷ýbmô4hªàEîG y ÙêÇðFõHiZ!³•¨9Ío(Ÿ“,}¡Fq]Rlªýªë]Vݪ[? zÿ3ä•ÐQºëC±;D­+Pì) .àþ`¼c¬PáGˆ7•‡§¡´¾":›G›¦ g˜ïäTÂÑÎɵûxÓ…zG ¤cJªdæn.wN*ºnŸÒcÞ!?=†Õ„¸}"Ð.œ„†@ð=u |êZ*þ¥NËWza¤·††éeðoóbd!x^ƒFî!ôi«óOÈ‹ ñTÃQd‘3 þÚ¼b$÷ûq!Ī«¡€8®W Í"ÅÂßà®H‘äfçKs¥V3tÀC¡}|¬×âÞ æ=ƒ¬ò•$Ô@C†“Déºò?Õ¨SCE·µÛ ü|…P]åbÖ²/7ÓNrýkŒÏÏà§4<¿…øË› Âu83ÓFÇ÷t%KŒÄ2a $³çávB$NªŽÆ¦Ós´“)ñœ¯ß©k­çk·÷£-ldõw|·sÞX!ˆó÷’Ô1ÿ"¿Ô\Ö1$qrÿehkŽ]QLü„žšY§ÍŠŠ =hñÖµ¥fÛòë]}Ÿ½?b3ù4 ‹Í?+ÎÑñ±A(LI#‰4ú^ôô]ŽÄãïû·^î¡@³M‰ÐG€Çrh»ÓÌ1ß÷Éž6àã«K}²–—”Ö‡Z˨X_í´Ána §v­8,´ú-Jù.”岘=¥«¸PjýzSgo-tpm-tools-0.4.7/server/ca-certs/tpm_ek_intermediate_2.crt000066400000000000000000000030301510276467000240420ustar00rootroot000000000000000‚0‚ü (anw‰~Nf¿ÞÇùñ¬0  *†H†÷  0¾1 0 UUS10U California10U Mountain View10U  Google LLC10 U Cloud1]0[U Ttpm_ek_v1_cloud_host_root-signer-0-2018-04-06T10:58:26-07:00 K:1, 1:Pw003HsFYO4:0:180  201022210208Z21201022210208Z0¹1 0 UUS10U California10U Mountain View10U  Google LLC10 U Cloud1X0VU Otpm_ek_v1_cloud_host-signer-0-2020-10-22T14:02:08-07:00 K:1, 2:HBNpA3TPAbM:0:180‚"0  *†H†÷ ‚0‚ ‚´à2,A)+mãþÄW`CvsTT6…ÿ+ƒÏÝ0Û±‘Ó[÷l¦Òs #î ,‰ÿ©7ì¬ÖßJø…Û1` æEân0¯²yó}'àé§Ý´ýúñˆÕ¾T{V¯º_xuÙ<õ`‡åUåž‹M1>á" ºl|cŸ n+ûx?Í7½õà ÄÜÒ€íh æ5ÃÝ?Q¶èÀ±J;ܽâ«ßC‘˜(;ï£~nßù„CqX^ž 1¼»€O“Ú™uÈ~¤ wå©­a-Ö—o@U¢'€7hqJ ÷Ÿh+ÚëÛÀ5<¦€o^®Z’A¬‡ÒUÛ£‚ 0‚ 0Uÿ0U% 0g0Uÿ0ÿ0UÍqºX² Q£(e¹–ž» “0U#0€eôäæªöýZÒˆœ¨SU÷Ž÷¥0M+A0?0=+0†1http://pki.goog/cloud_integrity/tpm_ek_root_1.crt0BU;0907 5 3†1http://pki.goog/cloud_integrity/tpm_ek_root_1.crl0  *†H†÷  ‚óÖŒÛß¡¡6G—>û¨ÕÖüŽ“¨{UC ËœÕ_1,pÚÉN¦$h³®$$Àæf<üÕ ®…Ê#%Àv°Ò8Ô§/’q„F*ᤈ»Ò±Iã²È7ª¦£ºÂ/“„n3Ç2•Z9é‚•2躕©r—¤Úx 2”‡{µq˜Í‹ÿž®q弉šÓ@ £@‹ä쨪¹™…xãÓéÛ#¹[#§û\=}üž®f÷‰€\ã*ïP^ ÙE%|A/K#q½êèt9Às ÄA~ÆQâ·àlBF¯ËgC@"ýÓ¤‰tÿ¤ò@Z’·¾ïðO°Úl3Æ)þ0»²òÍ1ÆOL 2ObF…QNëêÂ\©øn›èð~{“ïtn›¸ÿ9aP ®“¼KöEígÇ‹éÏŒîŽLÇy‚Ψ㧗Ä{ò¹½‡7ßTÓÔsÿk{xS#?\¥°Ð—HsAï*Ö…Xª:žè­PüKŽ(¯§/„Ãì$´i0” ïÉ6T^貸»Þ]Cm„.E³êÛïo£ºßX'Š?½wÿ‰Fþ']0<½RµÄòùš/¡ÉÏÜíž¹vb®çbôŒmkZdš‚^nìRëÛQ®“êɲ*•Ü/ˆ—þüv¿¶&ë°go-tpm-tools-0.4.7/server/ca-certs/tpm_ek_intermediate_3.crt000066400000000000000000000030301510276467000240430ustar00rootroot000000000000000‚0‚ü tú÷|ñ÷@È•‘ïSsyw0  *†H†÷  0¾1 0 UUS10U California10U Mountain View10U  Google LLC10 U Cloud1]0[U Ttpm_ek_v1_cloud_host_root-signer-0-2018-04-06T10:58:26-07:00 K:1, 1:Pw003HsFYO4:0:180  211012112211Z21211012112211Z0¹1 0 UUS10U California10U Mountain View10U  Google LLC10 U Cloud1X0VU Otpm_ek_v1_cloud_host-signer-0-2021-10-12T04:22:11-07:00 K:1, 3:nbvaGZFLcuc:0:180‚"0  *†H†÷ ‚0‚ ‚ï3Ý!Îô¿S͋ødXKÒë}®{Óh¡Í+T¢úÌ3´ð`NÿF÷GENªäÖaþ9Æ×yÐþ×1îNŽzD;k¥×´ÝÂ^Ÿ°’ MÖ`nyøŽpЉ¼2.Íóþò4|­Ê@K“ÆÂœ«çB#€tão!¬êõ†GƳcÛwªq!‚ž"mžq$˜ÜbŒà*¼ jqV.jD€Ú‹©%è…!U2„ºVØŠð¸æöôDÙ3JŒÄxÂî¦=žv †ðxÈMªËû–OÍ‚ÏQ0îÈ??Gp"fW:TäÌ­Z¾sÔƒ€ùI|€Ê¯™žg®àÜ{'Ôó£‚ 0‚ 0Uÿ0U% 0g0Uÿ0ÿ0UgÄwýÕ‡„Ó,kM—ƒ`„%€0U#0€eôäæªöýZÒˆœ¨SU÷Ž÷¥0M+A0?0=+0†1http://pki.goog/cloud_integrity/tpm_ek_root_1.crt0BU;0907 5 3†1http://pki.goog/cloud_integrity/tpm_ek_root_1.crl0  *†H†÷  ‚Ü÷°Úÿ´ .¢ý­ÿ¾­H½%æKÒ†ºö]Ý4ÔIdqGÕ0R(=BÞë?1)yQd[5<íç’‹Ì–@ƒ(”rà ¿U`<y03ݶhI2Ö×g»ç76–)ì • •}‡£èÁÅÜȺÆݼ^RÀ½Î´þ¸ôÃe€œ¯¼Ïfðƒ›ÏS¤,‚ªåè‰ÎttÝ”rló&Äjd¬CÑÝÞ'C ˆêAÆø—_˜1‘½õQE”ˆcdå| ï‹3¥·57ªâ,`¤«^®«UéÑ®—Ü6ÈÃ÷ž,‰'Â5®±çd|rŠ³€[ˆç1ŽnG³­‰ˆYoxYÓ)þ‚áKJîŠK5QóùOìO]q±ÜçÑ×5x¯-çÞQE®ÓüZ|Ð?I$ÇÒÀ[G‘²—9âøàšd­NÇ7ŒEDz]=a!C7ø–Z±:«ö£´X€.VV9ÜJëåNÁ·?Þ7tzR°ìˆ‹å§*í $ºÙódÙš3²©¯ùï¼¥ØÇgªeßf[C¾H9Ž òÛ~Ú€ÑÆÀ’ìõ^„Z¶·)›æ9÷¤¡2ÚG¢É/â`µ„ìX£» ]Ú/è„ê-z,Y(ie—‹.Ì%ű•©Û•Ôg íJç²uun×&zí³ðÚ€nO¡Ýgo-tpm-tools-0.4.7/server/ca-certs/tpm_ek_root_1.cer000066400000000000000000000032031510276467000223350ustar00rootroot000000000000000‚0‚g o$±¾NSŒO–è&ZÁ0  *†H†÷  0¾1 0 UUS10U California10U Mountain View10U  Google LLC10 U Cloud1]0[U Ttpm_ek_v1_cloud_host_root-signer-0-2018-04-06T10:58:26-07:00 K:1, 1:Pw003HsFYO4:0:180  180406175826Z21180406185826Z0¾1 0 UUS10U California10U Mountain View10U  Google LLC10 U Cloud1]0[U Ttpm_ek_v1_cloud_host_root-signer-0-2018-04-06T10:58:26-07:00 K:1, 1:Pw003HsFYO4:0:180‚"0  *†H†÷ ‚0‚ ‚ûÂ;¤îWøé'†®aZ>ô2­vÀ»þi^Ü—Âöç =¤Oï ºÝ#ç TPÙWt&çN-ü4þ¼* ­ý‚ízÈDÆ<‰sE­4½‰Z-¿‹" ¡ÛÑMý‡±{Êé¼ß‘hP·.¬ëN0>޷ѽð®®P°—VæXUæ×xE´CÏ‹C1íE=Iï=hP'u¢¼‡ˆ¿X°è8'À|›åo9`ØŸû¨þ°)âqX; ب eM1ÔÎ.Mwj{ÍÅmº˜S¾tÔí °y7Gþ,-ðD­q¼hE'g%é%„Õltí4L9&Wd¯¨ìø£Ù+6˽¹ù‚z,û0‰l@{ÒïÀ—Á¯ƒ ¶»zð0rú¤FðI~[ :ì-ëQ*¹ªZ“k½ E1Z(Z 4|ÃJÖëÑwÖر¸Bð…j=ÖW*DW0b ßð™Á“½Éƒ³¿ûÜÀlÅî^—÷òÿJ² /|Òì²ÓɶÐܲNçݯÏ듯Ïüƒ™HcÒ‡“KT´³ŒwÔ¸ÄzÒ|Ìj7áÉþfé¡ß“¡£u0s0Uÿ†0U% 0g0Uÿ0ÿ0UeôäæªöýZÒˆœ¨SU÷Ž÷¥0U#0€eôäæªöýZÒˆœ¨SU÷Ž÷¥0  *†H†÷  ‚%Ž¸Óˆ7H^´óÿÁÙ‹ñû¥•ß®ÉÕw×S–AD‘ÒÓàaƒàk·bwЕ¦À!™NVËÀ«u¹v/F»*.sj­ÕZ|JÝ3Œ°{>Ö1º¸“.R|Éd˜ÎW¼MA¢/}?¢¸B-©%Õ5$2b.š‰<ú¸†í×ûëÕhàõC‚ÈqÀù0µ2³êm¹÷ÑíUš×¬v ­…)yÕO0hÛNt„ =;†Dpd0=û*ãèÚ/á‹Ÿ(ô’[·>Òñv6Lku;a߀Ãe‰&øÆ턘~y๤—ÛIãÊ/-\Üd…éWÄ-󖺆æpL ´43HìÏF›PxØjùG±TñÀóVÅAN4þ´7rõ•—ÂFÂû>ȽÊÎö'‚‰í­e_Z&¡õ¸Ó«>pùÇÇù×zL‚W rW²å¼íÕy+SûžÜ>⥻uÜ{S¼©ùÆ„¤Ð³f%¨º9ñTÿž=ö[Ïufð KÁ¤Å»ý‡³ôêáµï‹ÙÇ“E’!ϹK$TU>6…켺½iÙÅw|°7XÙˆˆD’4Ntv‡ü/"zDï{i €‘mz¨ûÅòöùNª”$ 6ž I°^ƒ++pcY+?âi– Ûâsf¤ô*rïëB/Fé±o/çë^èþ5go-tpm-tools-0.4.7/server/certificate_test.go000066400000000000000000000032251510276467000212530ustar00rootroot00000000000000package server import ( "crypto/x509" "encoding/pem" "testing" "github.com/google/go-tpm-tools/internal/test" ) func TestGetGCEInstanceInfoWithNilFails(t *testing.T) { _, err := GetGCEInstanceInfo(nil) if err == nil { t.Error("GetGCEInstanceInfo(nil) got nil error, want an error") } } func TestGetGCEInstanceInfo(t *testing.T) { zone := "us-central1-a" projectID := "google.com:wuale-gcp-testing" var projectNumber uint64 = 117478743145 for _, certPEM := range test.GCECertPEMs { cert := parseCertificatePEM(t, certPEM) info, err := GetGCEInstanceInfo(cert) if err != nil { t.Errorf("GetGCEInstanceInfo failed: %v", err) } if info.Zone != zone { t.Errorf("GetGCEInstanceInfo().Zone = %v, want %v", info.Zone, zone) } if info.ProjectId != projectID { t.Errorf("GetGCEInstanceInfo().ProjectID = %v, want %v", info.ProjectId, projectID) } if info.ProjectNumber != projectNumber { t.Errorf("GetGCEInstanceInfo().ProjectNumber = %v, want %v", info.ProjectNumber, projectNumber) } if info.InstanceId == 0 { t.Error("GetGCEInstanceInfo().InstanceID got 0, want real instance ID") } } } func parseCertificatePEM(t *testing.T, certPEM []byte) *x509.Certificate { block, rest := pem.Decode(certPEM) if block == nil { t.Fatalf("pem.Decode not able to decode cert: %s", certPEM) } if block.Type != "CERTIFICATE" { t.Fatalf("pem.Decode found unexpected PEM type: %s", block.Type) } if len(rest) > 0 { t.Fatalf("pem.Decode found unexpected trailing data in certificate file: %s", certPEM) } cert, err := x509.ParseCertificate(block.Bytes) if err != nil { t.Fatalf("x509.ParseCertificate failed: %v", err) } return cert } go-tpm-tools-0.4.7/server/ecc_utils.go000066400000000000000000000025421510276467000177050ustar00rootroot00000000000000package server import ( "crypto/elliptic" "fmt" "math/big" "github.com/google/go-tpm/legacy/tpm2" ) // ECC coordinates need to maintain a specific size based on the curve, so we pad the front with zeros. // This is particularly an issue for NIST-P521 coordinates, as they are frequently missing their first byte. func eccIntToBytes(curve elliptic.Curve, i *big.Int) []byte { bytes := i.Bytes() curveBytes := (curve.Params().BitSize + 7) / 8 return append(make([]byte, curveBytes-len(bytes)), bytes...) } func curveIDToGoCurve(curve tpm2.EllipticCurve) (elliptic.Curve, error) { switch curve { case tpm2.CurveNISTP224: return elliptic.P224(), nil case tpm2.CurveNISTP256: return elliptic.P256(), nil case tpm2.CurveNISTP384: return elliptic.P384(), nil case tpm2.CurveNISTP521: return elliptic.P521(), nil default: return nil, fmt.Errorf("unsupported TPM2 curve: %v", curve) } } func goCurveToCurveID(curve elliptic.Curve) (tpm2.EllipticCurve, error) { switch curve.Params().Name { case elliptic.P224().Params().Name: return tpm2.CurveNISTP224, nil case elliptic.P256().Params().Name: return tpm2.CurveNISTP256, nil case elliptic.P384().Params().Name: return tpm2.CurveNISTP384, nil case elliptic.P521().Params().Name: return tpm2.CurveNISTP521, nil default: return 0, fmt.Errorf("unsupported Go curve: %v", curve.Params().Name) } } go-tpm-tools-0.4.7/server/eventlog.go000066400000000000000000000542231510276467000175610ustar00rootroot00000000000000package server import ( "bytes" "crypto" "crypto/x509" "encoding/hex" "errors" "fmt" "hash" "github.com/google/go-attestation/attest" "github.com/google/go-eventlog/register" "github.com/google/go-tpm-tools/cel" pb "github.com/google/go-tpm-tools/proto/attest" tpmpb "github.com/google/go-tpm-tools/proto/tpm" "github.com/google/go-tpm/legacy/tpm2" ) var ( newGrubKernelCmdlinePrefix = []byte("kernel_cmdline: ") oldGrubKernelCmdlinePrefix = []byte("grub_kernel_cmdline ") // See https://www.gnu.org/software/grub/manual/grub/grub.html#Measured-Boot. validPrefixes = [][]byte{[]byte("grub_cmd: "), newGrubKernelCmdlinePrefix, []byte("module_cmdline: "), // Older style prefixes: // https://src.fedoraproject.org/rpms/grub2/blob/c789522f7cfa19a10cd716a1db24dab5499c6e5c/f/0224-Rework-TPM-measurements.patch oldGrubKernelCmdlinePrefix, []byte("grub_cmd ")} ) // parsePCClientEventLog parses a raw event log and replays the parsed event // log against the given PCR values. It returns the corresponding MachineState // containing the events verified by particular PCR indexes/digests. It returns // an error if the replay for any PCR index does not match the provided value. // // The returned MachineState may be a partial MachineState where fields can be // the zero value. In this case, an error of type MachineStateError will be // returned. Callers can inspect individual parsing errors by examining // `MachineStateError.Errors`. // // It is the caller's responsibility to ensure that the passed PCR values can be // trusted. Users can establish trust in PCR values by either calling // client.ReadPCRs() themselves or by verifying the values via a PCR quote. func parsePCClientEventLog(rawEventLog []byte, pcrs *tpmpb.PCRs, opts VerifyOpts) (*pb.MachineState, error) { var errors []error events, err := parseReplayHelper(rawEventLog, pcrs) if err != nil { return nil, createGroupedError("", []error{err}) } // error is already checked in convertToAttestPcrs cryptoHash, _ := tpm2.Algorithm(pcrs.GetHash()).Hash() rawEvents := convertToPbEvents(cryptoHash, events) platform, err := getPlatformState(cryptoHash, rawEvents) if err != nil { errors = append(errors, err) } sbState, err := getSecureBootState(events) if err != nil { errors = append(errors, err) } efiState, err := getEfiState(cryptoHash, rawEvents, opts) if err != nil { errors = append(errors, err) } var grub *pb.GrubState var kernel *pb.LinuxKernelState if opts.Loader == GRUB { grub, err = getGrubState(cryptoHash, rawEvents) if err != nil { errors = append(errors, err) } kernel, err = getLinuxKernelStateFromGRUB(grub) if err != nil { errors = append(errors, err) } } return &pb.MachineState{ Platform: platform, SecureBoot: sbState, Efi: efiState, RawEvents: rawEvents, Hash: pcrs.GetHash(), Grub: grub, LinuxKernel: kernel, }, createGroupedError("failed to fully parse MachineState:", errors) } // ParseCosCELPCR takes an encoded COS CEL and PCR bank, replays the CEL against the PCRs, // and returns the AttestedCosState func ParseCosCELPCR(cosEventLog []byte, p register.PCRBank) (*pb.AttestedCosState, error) { return getCosStateFromCEL(cosEventLog, p, cel.PCRTypeValue) } // ParseCosCELRTMR takes in a raw COS CEL and a RTMR bank, validates and returns it's // COS states as parts of the MachineState. func ParseCosCELRTMR(cosEventLog []byte, r register.RTMRBank) (*pb.AttestedCosState, error) { return getCosStateFromCEL(cosEventLog, r, cel.CCMRTypeValue) } func getCosStateFromCEL(rawCanonicalEventLog []byte, register register.MRBank, trustingRegisterType uint8) (*pb.AttestedCosState, error) { decodedCEL, err := cel.DecodeToCEL(bytes.NewBuffer(rawCanonicalEventLog)) if err != nil { return nil, err } // Validate the COS event log first. if err := decodedCEL.Replay(register); err != nil { return nil, err } cosState, err := getVerifiedCosState(decodedCEL, trustingRegisterType) if err != nil { return nil, err } return cosState, err } func contains(set [][]byte, value []byte) bool { for _, setItem := range set { if bytes.Equal(value, setItem) { return true } } return false } // getVerifiedCosState takes in CEL and a register type (can be PCR or CCELMR), and returns the state // in the CEL. It will only include events using the correct registerType. func getVerifiedCosState(coscel cel.CEL, registerType uint8) (*pb.AttestedCosState, error) { cosState := &pb.AttestedCosState{} cosState.Container = &pb.ContainerState{} cosState.HealthMonitoring = &pb.HealthMonitoringState{} cosState.GpuDeviceState = &pb.GpuDeviceState{} cosState.Container.Args = make([]string, 0) cosState.Container.EnvVars = make(map[string]string) cosState.Container.OverriddenEnvVars = make(map[string]string) seenSeparator := false for _, record := range coscel.Records { if record.IndexType != registerType { return nil, fmt.Errorf("expect registerType: %d, but get %d in a CEL record", registerType, record.IndexType) } switch record.IndexType { case cel.PCRTypeValue: if record.Index != cel.CosEventPCR { return nil, fmt.Errorf("found unexpected PCR %d in COS CEL log", record.Index) } case cel.CCMRTypeValue: if record.Index != cel.CosCCELMRIndex { return nil, fmt.Errorf("found unexpected CCELMR %d in COS CEL log", record.Index) } default: return nil, fmt.Errorf("unknown COS CEL log index type %d", record.IndexType) } // The Content.Type is not verified at this point, so we have to fail // if we see any events that we do not understand. This ensures that // we either verify the digest of event event in this PCR, or we fail // to replay the event log. // TODO: See if we can fix this to have the Content Type be verified. cosTlv, err := record.Content.ParseToCosTlv() if err != nil { return nil, err } // verify digests for the cos cel content if err := cel.VerifyDigests(cosTlv, record.Digests); err != nil { return nil, err } // TODO: Add support for post-separator container data if seenSeparator { return nil, fmt.Errorf("found COS Event Type %v after LaunchSeparator event", cosTlv.EventType) } switch cosTlv.EventType { case cel.ImageRefType: if cosState.Container.GetImageReference() != "" { return nil, fmt.Errorf("found more than one ImageRef event") } cosState.Container.ImageReference = string(cosTlv.EventContent) case cel.ImageDigestType: if cosState.Container.GetImageDigest() != "" { return nil, fmt.Errorf("found more than one ImageDigest event") } cosState.Container.ImageDigest = string(cosTlv.EventContent) case cel.RestartPolicyType: restartPolicy, ok := pb.RestartPolicy_value[string(cosTlv.EventContent)] if !ok { return nil, fmt.Errorf("unknown restart policy in COS eventlog: %s", string(cosTlv.EventContent)) } cosState.Container.RestartPolicy = pb.RestartPolicy(restartPolicy) case cel.ImageIDType: if cosState.Container.GetImageId() != "" { return nil, fmt.Errorf("found more than one ImageId event") } cosState.Container.ImageId = string(cosTlv.EventContent) case cel.EnvVarType: envName, envVal, err := cel.ParseEnvVar(string(cosTlv.EventContent)) if err != nil { return nil, err } cosState.Container.EnvVars[envName] = envVal case cel.ArgType: cosState.Container.Args = append(cosState.Container.Args, string(cosTlv.EventContent)) case cel.OverrideArgType: cosState.Container.OverriddenArgs = append(cosState.Container.OverriddenArgs, string(cosTlv.EventContent)) case cel.OverrideEnvType: envName, envVal, err := cel.ParseEnvVar(string(cosTlv.EventContent)) if err != nil { return nil, err } cosState.Container.OverriddenEnvVars[envName] = envVal case cel.LaunchSeparatorType: seenSeparator = true case cel.MemoryMonitorType: enabled := false if len(cosTlv.EventContent) == 1 && cosTlv.EventContent[0] == uint8(1) { enabled = true } cosState.HealthMonitoring.MemoryEnabled = &enabled case cel.GpuCCModeType: ccMode, ok := pb.GPUDeviceCCMode_value[string(cosTlv.EventContent)] if !ok { return nil, fmt.Errorf("unknown GPU device CC mode in COS eventlog: %s", string(cosTlv.EventContent)) } cosState.GpuDeviceState.CcMode = pb.GPUDeviceCCMode(ccMode) default: return nil, fmt.Errorf("found unknown COS Event Type %v", cosTlv.EventType) } } return cosState, nil } type separatorInfo struct { separatorData [][]byte separatorDigests [][]byte } // getSeparatorInfo is used to return the valid event data and their corresponding // digests. This is useful for events like separators, where the data is known // ahead of time. func getSeparatorInfo(hash crypto.Hash) *separatorInfo { hasher := hash.New() // From the PC Client Firmware Profile spec, on the separator event: // The event field MUST contain the hex value 00000000h or FFFFFFFFh. sepData := [][]byte{{0, 0, 0, 0}, {0xff, 0xff, 0xff, 0xff}} sepDigests := make([][]byte, 0, len(sepData)) for _, value := range sepData { hasher.Write(value) sepDigests = append(sepDigests, hasher.Sum(nil)) } return &separatorInfo{separatorData: sepData, separatorDigests: sepDigests} } // checkIfValidSeparator returns true if both the separator event's type and // digest match the expected event data. // If the event type is Separator, but the data is invalid, it returns false // and an error. // checkIfValidSeparator returns false and a nil error on other event types. func checkIfValidSeparator(event *pb.Event, sepInfo *separatorInfo) (bool, error) { evtType := event.GetUntrustedType() index := event.GetPcrIndex() if (evtType != Separator) && !contains(sepInfo.separatorDigests, event.GetDigest()) { return false, nil } // To make sure we have a valid event, we check any event (e.g., separator) // that claims to be of the event type or "looks like" the event to prevent // certain vulnerabilities in event parsing. For more info see: // https://github.com/google/go-attestation/blob/master/docs/event-log-disclosure.md if evtType != Separator { return false, fmt.Errorf("PCR%d event contains separator data but non-separator type %d", index, evtType) } if !event.GetDigestVerified() { return false, fmt.Errorf("unverified separator digest for PCR%d", index) } if !contains(sepInfo.separatorData, event.GetData()) { return false, fmt.Errorf("invalid separator data for PCR%d", index) } return true, nil } func getPlatformState(hash crypto.Hash, events []*pb.Event) (*pb.PlatformState, error) { // We pre-compute the separator and EFI Action event hash. // We check if these events have been modified, since the event type is // untrusted. sepInfo := getSeparatorInfo(hash) var versionString []byte var nonHostInfo []byte for _, event := range events { index := event.GetPcrIndex() if index != 0 { continue } evtType := event.GetUntrustedType() isSeparator, err := checkIfValidSeparator(event, sepInfo) if err != nil { return nil, err } if isSeparator { // Don't trust any PCR0 events after the separator break } if evtType == SCRTMVersion { if !event.GetDigestVerified() { return nil, fmt.Errorf("invalid SCRTM version event for PCR%d", index) } versionString = event.GetData() } if evtType == NonhostInfo { if !event.GetDigestVerified() { return nil, fmt.Errorf("invalid Non-Host info event for PCR%d", index) } nonHostInfo = event.GetData() } } state := &pb.PlatformState{} if gceVersion, err := ConvertSCRTMVersionToGCEFirmwareVersion(versionString); err == nil { state.Firmware = &pb.PlatformState_GceVersion{GceVersion: gceVersion} } else { state.Firmware = &pb.PlatformState_ScrtmVersionId{ScrtmVersionId: versionString} } if tech, err := ParseGCENonHostInfo(nonHostInfo); err == nil { state.Technology = tech } return state, nil } // Separate helper function so we can use attest.ParseSecurebootState without // needing to reparse the entire event log. func parseReplayHelper(rawEventLog []byte, pcrs *tpmpb.PCRs) ([]attest.Event, error) { // Similar to ParseCosCanonicalEventLogPCR, just return an empty array of events for an empty log if len(rawEventLog) == 0 { return nil, nil } attestPcrs, err := convertToAttestPcrs(pcrs) if err != nil { return nil, fmt.Errorf("received bad PCR proto: %v", err) } eventLog, err := attest.ParseEventLog(rawEventLog) if err != nil { return nil, fmt.Errorf("failed to parse event log: %v", err) } events, err := eventLog.Verify(attestPcrs) if err != nil { return nil, fmt.Errorf("failed to replay event log: %v", err) } return events, nil } func convertToAttestPcrs(pcrProto *tpmpb.PCRs) ([]attest.PCR, error) { hash := tpm2.Algorithm(pcrProto.GetHash()) cryptoHash, err := hash.Hash() if err != nil { return nil, err } attestPcrs := make([]attest.PCR, 0, len(pcrProto.GetPcrs())) for index, digest := range pcrProto.GetPcrs() { attestPcrs = append(attestPcrs, attest.PCR{ Index: int(index), Digest: digest, DigestAlg: cryptoHash, }) } return attestPcrs, nil } func convertToPbEvents(hash crypto.Hash, events []attest.Event) []*pb.Event { pbEvents := make([]*pb.Event, len(events)) for i, event := range events { hasher := hash.New() hasher.Write(event.Data) digest := hasher.Sum(nil) pbEvents[i] = &pb.Event{ PcrIndex: uint32(event.Index), UntrustedType: uint32(event.Type), Data: event.Data, Digest: event.Digest, DigestVerified: bytes.Equal(digest, event.Digest), } } return pbEvents } func convertToPbDatabase(certs []x509.Certificate, hashes [][]byte) *pb.Database { protoCerts := make([]*pb.Certificate, 0, len(certs)) for _, cert := range certs { wkEnum, err := matchWellKnown(cert) var pbCert pb.Certificate if err == nil { pbCert.Representation = &pb.Certificate_WellKnown{WellKnown: wkEnum} } else { pbCert.Representation = &pb.Certificate_Der{Der: cert.Raw} } protoCerts = append(protoCerts, &pbCert) } return &pb.Database{ Certs: protoCerts, Hashes: hashes, } } func matchWellKnown(cert x509.Certificate) (pb.WellKnownCertificate, error) { if bytes.Equal(WindowsProductionPCA2011Cert, cert.Raw) { return pb.WellKnownCertificate_MS_WINDOWS_PROD_PCA_2011, nil } if bytes.Equal(MicrosoftUEFICA2011Cert, cert.Raw) { return pb.WellKnownCertificate_MS_THIRD_PARTY_UEFI_CA_2011, nil } if bytes.Equal(MicrosoftKEKCA2011Cert, cert.Raw) { return pb.WellKnownCertificate_MS_THIRD_PARTY_KEK_CA_2011, nil } if bytes.Equal(GceDefaultPKCert, cert.Raw) { return pb.WellKnownCertificate_GCE_DEFAULT_PK, nil } return pb.WellKnownCertificate_UNKNOWN, errors.New("failed to find matching well known certificate") } func getSecureBootState(attestEvents []attest.Event) (*pb.SecureBootState, error) { attestSbState, err := attest.ParseSecurebootState(attestEvents) if err != nil { return nil, fmt.Errorf("failed to parse SecureBootState: %v", err) } if len(attestSbState.PreSeparatorAuthority) != 0 { return nil, fmt.Errorf("event log contained %v pre-separator authorities, which are not expected or supported", len(attestSbState.PreSeparatorAuthority)) } return &pb.SecureBootState{ Enabled: attestSbState.Enabled, Db: convertToPbDatabase(attestSbState.PermittedKeys, attestSbState.PermittedHashes), Dbx: convertToPbDatabase(attestSbState.ForbiddenKeys, attestSbState.ForbiddenHashes), Authority: convertToPbDatabase(attestSbState.PostSeparatorAuthority, nil), Pk: convertToPbDatabase(attestSbState.PlatformKeys, attestSbState.PlatformKeyHashes), Kek: convertToPbDatabase(attestSbState.ExchangeKeys, attestSbState.ExchangeKeyHashes), }, nil } func getGrubState(hash crypto.Hash, events []*pb.Event) (*pb.GrubState, error) { var files []*pb.GrubFile var commands []string for idx, event := range events { hasher := hash.New() index := event.GetPcrIndex() if index != 8 && index != 9 { continue } // Skip parsing EV_EVENT_TAG event since it likely comes from Linux. if event.GetUntrustedType() == EventTag { continue } if event.GetUntrustedType() != IPL { return nil, fmt.Errorf("invalid event type for PCR%d, expected EV_IPL", index) } if index == 9 { files = append(files, &pb.GrubFile{Digest: event.GetDigest(), UntrustedFilename: event.GetData()}) } else if index == 8 { suffixAt := -1 rawData := event.GetData() for _, prefix := range validPrefixes { if bytes.HasPrefix(rawData, prefix) { suffixAt = len(prefix) break } } if suffixAt == -1 { return nil, fmt.Errorf("invalid prefix seen for PCR%d event: %s", index, rawData) } // Check the slice is not empty after the suffix, which ensures rawData[len(rawData)-1] is not part // of the suffix. if len(rawData[suffixAt:]) > 0 && rawData[len(rawData)-1] == '\x00' { if err := verifyNullTerminatedDataDigest(hasher, rawData[suffixAt:], event.Digest); err != nil { return nil, fmt.Errorf("invalid GRUB event (null-terminated) #%d: %v", idx, err) } } else { if err := verifyDataDigest(hasher, rawData[suffixAt:], event.Digest); err != nil { return nil, fmt.Errorf("invalid GRUB event #%d: %v", idx, err) } } hasher.Reset() commands = append(commands, string(rawData)) } } if len(files) == 0 && len(commands) == 0 { return nil, errors.New("no GRUB measurements found") } return &pb.GrubState{Files: files, Commands: commands}, nil } // verifyNullTerminatedRawData checks the digest of the data. // Returns nil if digest match the hash of the data or the data without the last bytes (\x00). // The caller needs to make sure len(data) is at least 1, and data is ended with '\x00', // otherwise this function will return an error. func verifyNullTerminatedDataDigest(hasher hash.Hash, data []byte, digest []byte) error { if len(data) == 0 || data[len(data)-1] != '\x00' { return errors.New("given data is not null-terminated") } if err := verifyDataDigest(hasher, data, digest); err != nil { if err := verifyDataDigest(hasher, data[:len(data)-1], digest); err != nil { return err } } return nil } // verifyDataDigest checks the digest of the data. func verifyDataDigest(hasher hash.Hash, data []byte, digest []byte) error { hasher.Reset() hasher.Write(data) defer hasher.Reset() if !bytes.Equal(digest, hasher.Sum(nil)) { return fmt.Errorf("invalid digest: %s", hex.EncodeToString(digest)) } return nil } func getEfiState(hash crypto.Hash, events []*pb.Event, opts VerifyOpts) (*pb.EfiState, error) { // We pre-compute various event digests, and check if those event type have // been modified. We only trust events that come before the // ExitBootServices() request. separatorInfo := getSeparatorInfo(hash) hasher := hash.New() hasher.Write([]byte(CallingEFIApplication)) callingEFIAppDigest := hasher.Sum(nil) hasher.Reset() hasher.Write([]byte(ExitBootServicesInvocation)) exitBootSvcDigest := hasher.Sum(nil) var efiAppStates []*pb.EfiApp var seenSeparator4 bool var seenSeparator5 bool var seenCallingEfiApp bool var seenExitBootServices bool for _, event := range events { index := event.GetPcrIndex() // getEfiState should only ever process PCRs 4 and 5. if index != 4 && index != 5 { continue } evtType := event.GetUntrustedType() switch index { case 4: // Process Calling EFI Application event. if bytes.Equal(callingEFIAppDigest, event.GetDigest()) { if evtType != EFIAction { return nil, fmt.Errorf("PCR%d contains CallingEFIApp event but non EFIAction type: %d", index, evtType) } if !event.GetDigestVerified() { return nil, fmt.Errorf("unverified CallingEFIApp digest for PCR%d", index) } // We don't support calling more than one boot device. if seenCallingEfiApp { return nil, fmt.Errorf("found duplicate CallingEFIApp event in PCR%d", index) } if seenSeparator4 { return nil, fmt.Errorf("found CallingEFIApp event in PCR%d after separator event", index) } seenCallingEfiApp = true } if evtType == EFIBootServicesApplication { if !opts.AllowEFIAppBeforeCallingEvent && !seenCallingEfiApp { return nil, fmt.Errorf("found EFIBootServicesApplication in PCR%d before CallingEFIApp event", index) } efiAppStates = append(efiAppStates, &pb.EfiApp{Digest: event.GetDigest()}) } isSeparator, err := checkIfValidSeparator(event, separatorInfo) if err != nil { return nil, err } if !isSeparator { continue } if seenSeparator4 { return nil, errors.New("found duplicate Separator event in PCR4") } seenSeparator4 = true case 5: // Process ExitBootServices event. if bytes.Equal(exitBootSvcDigest, event.GetDigest()) { if evtType != EFIAction { return nil, fmt.Errorf("PCR%d contains ExitBootServices event but non EFIAction type: %d", index, evtType) } if !event.GetDigestVerified() { return nil, fmt.Errorf("unverified ExitBootServices digest for PCR%d", index) } // Don't process any PCR4 or PCR5 events after Boot Manager has // requested ExitBootServices(). seenExitBootServices = true break } isSeparator, err := checkIfValidSeparator(event, separatorInfo) if err != nil { return nil, err } if !isSeparator { continue } if seenSeparator5 { return nil, errors.New("found duplicate Separator event in PCR5") } seenSeparator5 = true } } // Only write EFI digests if we see an ExitBootServices invocation. // Otherwise, software further down the bootchain could extend bad // PCR4 measurements. if seenExitBootServices { return &pb.EfiState{Apps: efiAppStates}, nil } return nil, nil } func getLinuxKernelStateFromGRUB(grub *pb.GrubState) (*pb.LinuxKernelState, error) { var cmdline string seen := false for _, command := range grub.GetCommands() { // GRUB config is always in UTF-8: https://www.gnu.org/software/grub/manual/grub/html_node/Internationalisation.html. cmdBytes := []byte(command) suffixAt := getGrubKernelCmdlineSuffix(cmdBytes) if suffixAt == -1 { continue } if seen { return nil, fmt.Errorf("more than one kernel commandline in GRUB commands") } seen = true cmdline = command[suffixAt:] } return &pb.LinuxKernelState{CommandLine: cmdline}, nil } func getGrubKernelCmdlineSuffix(grubCmd []byte) int { for _, prefix := range [][]byte{oldGrubKernelCmdlinePrefix, newGrubKernelCmdlinePrefix} { if bytes.HasPrefix(grubCmd, prefix) { return len(prefix) } } return -1 } go-tpm-tools-0.4.7/server/eventlog_test.go000066400000000000000000001566601510276467000206300ustar00rootroot00000000000000package server import ( "bytes" "crypto" "crypto/rand" "encoding/hex" "fmt" "strings" "testing" "github.com/google/go-cmp/cmp" "github.com/google/go-configfs-tsm/configfs/fakertmr" configfstsmrtmr "github.com/google/go-configfs-tsm/rtmr" "github.com/google/go-eventlog/proto/state" "github.com/google/go-eventlog/register" "github.com/google/go-tpm-tools/cel" "github.com/google/go-tpm-tools/client" "github.com/google/go-tpm-tools/internal/test" attestpb "github.com/google/go-tpm-tools/proto/attest" pb "github.com/google/go-tpm-tools/proto/tpm" "github.com/google/go-tpm/legacy/tpm2" "github.com/google/go-tpm/tpmutil" "google.golang.org/protobuf/testing/protocmp" ) type eventLog struct { RawLog []byte Banks []*pb.PCRs ExpectedEFIAppDigests map[pb.HashAlgo][]string } // The Arch Linux event log has two known failures due to our parser's strict checks. var archLinuxKnownParsingFailures = []string{ "SecureBoot data len is 0, expected 1", } // Agile Event Log from a RHEL 8 GCE instance with Secure Boot enabled var Rhel8GCE = eventLog{ RawLog: test.Rhel8EventLog, Banks: []*pb.PCRs{{ Hash: pb.HashAlgo_SHA1, Pcrs: map[uint32][]byte{ 0: decodeHex("0f2d3a2a1adaa479aeeca8f5df76aadc41b862ea"), 1: decodeHex("5cc549378bafaa92e965c7e9c287925cfff33abd"), 2: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 3: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 4: decodeHex("7fbe2df30156ca4934109f48d850ab327110f8fa"), 5: decodeHex("3258daa13f4cccf245c170481c76e2a4602e5a7b"), 6: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 7: decodeHex("d7a632f8990b2171e987041b0a3c69fc1b2a4f27"), 8: decodeHex("15aab2077008f8325e7c61ee39fedd7118aad5d7"), 9: decodeHex("25de9455ef4e8180b76bbb9bb54a82f9a73abb0a"), 14: decodeHex("1f5149668c40524e01be9cbc3ad527645943f148"), }, }, { Hash: pb.HashAlgo_SHA256, Pcrs: map[uint32][]byte{ 0: decodeHex("24af52a4f429b71a3184a6d64cddad17e54ea030e2aa6576bf3a5a3d8bd3328f"), 1: decodeHex("454220afaa80c83c3839f6cccd8b3c88bf4f562316a9dda1121c578c9e005a53"), 2: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 3: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 4: decodeHex("758a3d35f1b0ff5b135dacd07db0c8132c0ac665d944090d4bf96e66447a245c"), 5: decodeHex("53d0ee36163219201e686167bbb71ec505b3ba2917b9d9183ed84aad26cfeb89"), 6: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 7: decodeHex("5fd54361d580eb7592adb8deb236ff35444ceeac7148f24b3de63c041f12b3da"), 8: decodeHex("25c3874041ebd4e9a21b6ed71b624a7bfa99907a8dcea7f129a4c64cbaf5829a"), 9: decodeHex("d43b2f61eb18b4791812ff5f20ab20e4ef621ba683370bedf5dbdf518b3a8078"), 14: decodeHex("d8f57ebcc1a23cc46832696e1a657f720e1be8f5b405bb7204682114e363b455"), }, }}, ExpectedEFIAppDigests: map[pb.HashAlgo][]string{ pb.HashAlgo_SHA1: { "95f400d9003b4e8c0cb4734efcf547e36fc4100c", "4f60d11ad6ac9a76837834f1371bc9521d018779", "075f3bc8c7363c35a87ce56c604fa9201a97f79d", }, pb.HashAlgo_SHA256: { "40d6cae02973789080cf4c3a9ad11b5a0a4d8bba4438ab96e276cc784454dee7", "e8a268c431da72caaae407f729f602b9dbf5d1d43492d4a51cc2b688a08586e3", "e4c0382f98feaebfd43923a85fd6da9a20e1a48524a4d5928c31850ca1a96a6e", }, pb.HashAlgo_SHA384: { "66de9a210659294720af06838309fc1f4d0de82c646a62c1dd9f068cd331d2e05fd666377dbc11e84a796ce00108ab19", "c1d031b07446588fa50f4eec3d8520d99ed01f21350b9c581e13f4c5a8c712cb5e3cbecc41ccab74465543439f7eb1e6", "d844e63b32a73aadde4f78dda7cb7df73d75114f3a5964401847eb716142a06607ea95efee20f51283e85afca8da3afd", }, }, } // Agile Event Log from a Ubuntu 18.04 GCE instance with Secure Boot and // Confidential Computing enabled. var UbuntuAmdSevGCE = eventLog{ RawLog: test.Ubuntu1804AmdSevEventLog, Banks: []*pb.PCRs{{ Hash: pb.HashAlgo_SHA1, Pcrs: map[uint32][]byte{ 0: decodeHex("c032c3b51dbb6f96b047421512fd4b4dfde496f3"), 1: decodeHex("35f38e5ce90728b02a0f66d836eef53d287e69bf"), 2: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 3: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 4: decodeHex("41c68947aeee8a59110c7989a9b7a55df547f003"), 5: decodeHex("baee22b5cce9029300f909add54d75d5d7475cfd"), 6: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 7: decodeHex("6530ed2dcba68801c78ca08753f239118bead7c8"), 8: decodeHex("4e5533d878287970f3ef8d374fb140d93bcb2c37"), 9: decodeHex("1b79f2140a84462cb13d1a0c1904daefd24d7938"), }, }, { Hash: pb.HashAlgo_SHA256, Pcrs: map[uint32][]byte{ 0: decodeHex("0f35c214608d93c7a6e68ae7359b4a8be5a0e99eea9107ece427c4dea4e439cf"), 1: decodeHex("add81cbc06b154716ac7bd5999c84cbc520184d57c58102657d270274508d9ce"), 2: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 3: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 4: decodeHex("b4b94e840fc9352e20bdb5b456b4c242af0fb146755b6935d8eda000ea368a31"), 5: decodeHex("0b75168095fd6464ff1f9943b762ec009a3ae84c5e76cf67361e16b9db30d28e"), 6: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 7: decodeHex("61af3f499f1a86be54458fd30d193fa913a7e23ca3103fa3d0abaefd3cd4f9b8"), 8: decodeHex("c324da9d0c54252c37af697cdd58b066f2bb0f4a69752d27623bc738d02e9486"), 9: decodeHex("2d334f1eeb9a16dabaccaa746ff1c0dce2e9aeb3f3a4a314e5e1e61b01e940d0"), }, }}, ExpectedEFIAppDigests: map[pb.HashAlgo][]string{ pb.HashAlgo_SHA1: { "21e79438580ec89df674dfe12653d77d132c3936", "9a4c7c895a5d40c3906121ff59c6fe267a4c32e0", }, pb.HashAlgo_SHA256: { "2ea4cb6a1f1eb1d3dce82d54fde26ded243ba3e18de7c6d211902a594fe56788", "835f940e97bac2f7c171819b1fcc4bebe72a1c4ea7d7245088ef32d253085bb3", }, pb.HashAlgo_SHA384: { "9b2baf7073fd9b7df3091b69ae7e48453450ae7b5311b37de11b79da75f175b8b2ed69f7d39406501653b35cbe90a030", "b0a19b24395a4690eea97916483dc291a38c6023df20aa296d85064194cebe9097f6b5e8490fd57a4e6b01167a8c9c7c", }, }, } // Agile Event Log from a Ubuntu 21.04 GCE instance without a DBX and with Secure Boot disabled var Ubuntu2104NoDbxGCE = eventLog{ RawLog: test.Ubuntu2104NoDbxEventLog, Banks: []*pb.PCRs{{ Hash: pb.HashAlgo_SHA1, Pcrs: map[uint32][]byte{ 0: decodeHex("0f2d3a2a1adaa479aeeca8f5df76aadc41b862ea"), 1: decodeHex("36c6b7436c37243c5f6744b73ced4df1287cd16a"), 2: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 3: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 4: decodeHex("8d9868b66afcf4039eaf8ef5228556d9f313659f"), 5: decodeHex("b0eaa45a496e0d933f63e97fd2362192dd48e369"), 6: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 7: decodeHex("777795cbdeca679f7749d8d09fc12941dcc9912a"), 8: decodeHex("5dfae5320ea06ddd1c62d296844a9b4b32b49972"), 9: decodeHex("f53869ab9015b5ad736e5f00e44fdfee2fdfde27"), 14: decodeHex("cd3734d2bdfcfba9e443ac02c03c812ffcceb255"), }, }, { Hash: pb.HashAlgo_SHA256, Pcrs: map[uint32][]byte{ 0: decodeHex("24af52a4f429b71a3184a6d64cddad17e54ea030e2aa6576bf3a5a3d8bd3328f"), 1: decodeHex("f7dab5fda6b082e0ec1a12c43dd996ee409111422cda752a784620313039db19"), 2: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 3: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 4: decodeHex("295aeaeacad1d507930bab18418f905eeda633ea67b2ab94c5e5fd3a4d47ac58"), 5: decodeHex("e4f1359accfe48b19af7d38e98a3f373116b55b7f7a6f58f826f409a91d9fd28"), 6: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 7: decodeHex("ca37324eeffabd318d30a20f15bf27ce25dc33e2c9856279ff6c2ced58b02efa"), 8: decodeHex("2f2559cae74bb441d75afea5edb78d9a645db9f4bf8dea84bab0861ce6032e18"), 9: decodeHex("9f27883322aaaf043662c27542d9685790c687ea554e4e2ae30f0e099a2e4889"), 14: decodeHex("8351c65483c5419079e8c96758dd2130bee075d71fea226f68ec4eb5bfc71983"), }, }}, ExpectedEFIAppDigests: map[pb.HashAlgo][]string{ pb.HashAlgo_SHA1: { "92e6ec17937f600b9ec7f23adf4ea5553b4e2364", "4f9604e61091095594c206c8a404afe187a92586", }, pb.HashAlgo_SHA256: { "d99c93fcb042dbe52707bbde371c75fcf081dd5b0c88a195d44cc57536f6f521", "b0a836fec2faf4a9bea0e1a5f1945bc86ddc03ac98ce0ae172ed9b1e536d7595", }, pb.HashAlgo_SHA384: { "d8811e9c08119168b156255c6d695614d1593422bc5044186d29c1aaaa86fff0a633f324ac1ac1122e547479ce50a75a", "bbcdda8a6d872385b10802434eb8de1ac7b92dbaddf18bc1d7ea24fcc71b45291db5cc7b930a29c93405d6aecdb70683", }, }, } // Agile Event Log from a Ubuntu 21.04 GCE instance with Secure Boot disabled var Ubuntu2104NoSecureBootGCE = eventLog{ RawLog: test.Ubuntu2104NoSecureBootEventLog, Banks: []*pb.PCRs{{ Hash: pb.HashAlgo_SHA1, Pcrs: map[uint32][]byte{ 0: decodeHex("0f2d3a2a1adaa479aeeca8f5df76aadc41b862ea"), 1: decodeHex("f5310dfcfcec5571cbf730064d526906c9cea2f0"), 2: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 3: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 4: decodeHex("e53d909941dcbc699b273fc4c0d817a41c6ab975"), 5: decodeHex("9e2af4bac1432830594b1ae90c68c52a20a9700e"), 6: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 7: decodeHex("ede7204673f41ac2592b0d3b4cd429b43f39dc61"), 8: decodeHex("bda59abe1c7d18e0b85edfcb4381f10d4dcc88f7"), 9: decodeHex("39fd49224476f4d7eea26a53e264c9c33e47649c"), 14: decodeHex("cd3734d2bdfcfba9e443ac02c03c812ffcceb255"), }, }, { Hash: pb.HashAlgo_SHA256, Pcrs: map[uint32][]byte{ 0: decodeHex("24af52a4f429b71a3184a6d64cddad17e54ea030e2aa6576bf3a5a3d8bd3328f"), 1: decodeHex("45ed8540f34db53220ef197e5fb8a3835b2095454349e445f397f13d91c509a5"), 2: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 3: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 4: decodeHex("ebc7ae25d0347868250995c9a8fff16bf79e048453262d0ef2756e213c76181c"), 5: decodeHex("47715f9f2c10769da6ee23be5633fd88e247caf162f4eeb0b6f8482ccfeadfb5"), 6: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 7: decodeHex("0d8847bc5eca06452df10e2f214363845c7ac11d47525a5474e225e72ce25dfe"), 8: decodeHex("b9a324947de94ec2fd4b04483ecfcb37dfdd520a7c0ecf73c77bf2595549c84f"), 9: decodeHex("adb87be3efd96cc3a2f66b8aa7564f9727563ef494a95d571a3f38ff4afb25dd"), 14: decodeHex("8351c65483c5419079e8c96758dd2130bee075d71fea226f68ec4eb5bfc71983"), }, }}, ExpectedEFIAppDigests: map[pb.HashAlgo][]string{ pb.HashAlgo_SHA1: { "22df40d6e32d4721f1b2406b2b4a3bb0ca10ead5", "4f9604e61091095594c206c8a404afe187a92586", }, pb.HashAlgo_SHA256: { "6265b732b005b3f330bcd1843374e5ec6ec5aef27cdb97a23daeb8580abbf526", "b0a836fec2faf4a9bea0e1a5f1945bc86ddc03ac98ce0ae172ed9b1e536d7595", }, pb.HashAlgo_SHA384: { "4f491210da8f59f09cd16523b44db22e83d8b611c3b14656d3b078dd451347ab195177fc78cf8d5578376f1f5f9bb821", "bbcdda8a6d872385b10802434eb8de1ac7b92dbaddf18bc1d7ea24fcc71b45291db5cc7b930a29c93405d6aecdb70683", }, }, } // Agile Event Log from a Ubuntu 24.04 GCE AMD_SEVSNP instance with Secure Boot disabled var Ubuntu2404AmdSevSnp = eventLog{ RawLog: test.Ubuntu2404AmdSevSnpEventLog, Banks: []*pb.PCRs{{ Hash: pb.HashAlgo_SHA1, Pcrs: map[uint32][]byte{ 0: decodeHex("8124f09f069c7d2d9acf5ce4eab928a7103a0bb2"), 1: decodeHex("f00d6bbdea9ba55996f237a7f95f2b328a44e3f2"), 2: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 3: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 4: decodeHex("175f4319fd7ac683bf49f2e7b837630e4fa8603f"), 5: decodeHex("f65b39c7aec83294f796c1ea4acc987f80914efe"), 6: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 7: decodeHex("7067b17aa6b3de0d22d17a59dce1e17e649cb56a"), 8: decodeHex("5f4a1177c33521b0e48d855cf770520f8ab744de"), 9: decodeHex("c6ee69063ab752df6c4ab99a80b12f3e5c432535"), 14: decodeHex("a482a15e112717d6a915b989a0ea6140a507e3e6"), }, }, { Hash: pb.HashAlgo_SHA256, Pcrs: map[uint32][]byte{ 0: decodeHex("50597a27846e91d025eef597abbc89f72bff9af849094db97b0684d8bc4c515e"), 1: decodeHex("57344e1cc8c6619413df33013a7cd67915459f967395af41db21c1fa7ca9c307"), 2: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 3: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 4: decodeHex("abe8b3fa6aecb36c2fd93c6f6edde661c21b353d007410a2739d69bfa7e1b9be"), 5: decodeHex("0b0e1903aeb1bff649b82dba2cdcf5c4ffb75027e54f151ab00b3b989f16a300"), 6: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 7: decodeHex("33ad69850fb2c7f30b4f8b4bc10ed93fc954dc07fa726e84f50f3d192dc1c140"), 8: decodeHex("6932a3f71dc55ad3c1a6ac2196eeac26a1b7164b6bbfa106625d94088ec3ecc3"), 9: decodeHex("ce08798b283c7a0ddc5e9ad1d602304b945b741fc60c20e254eafa0f4782512b"), 14: decodeHex("306f9d8b94f17d93dc6e7cf8f5c79d652eb4c6c4d13de2dddc24af416e13ecaf"), }, }}, ExpectedEFIAppDigests: map[pb.HashAlgo][]string{ pb.HashAlgo_SHA1: { "7eac7a5171a01cf975bb6ac1b0eb6eb79a391d5e", "ec49599026c979912d8f18cfd4b260516a4d4ac1", }, pb.HashAlgo_SHA256: { "724de6844dd0fe618ba5776c7bca0728be38a6544e24e44ef259b987b7abce80", "5e8cb75acdf8e09e5fc14cc2d6ce0c2288af208976d97309851c661e91ec1e03", }, pb.HashAlgo_SHA384: { "4637fb5cd30847e5f09ae24f8a50ce1611c4d21afd0ecb69c8ec40bc82dc11bc48abda1f8044fe340bfb70b29606eb47", "c051991523ea083f466f13c2a2d11d77254f6110bc8ae3714f345cef8f33cde26082b49dda0f56ef324a62a10b556d1e", }, }, } // Agile Event Log from Alex's gLinux laptop with secure boot disabled var GlinuxNoSecureBootLaptop = eventLog{ RawLog: test.GlinuxAlexEventLog, Banks: []*pb.PCRs{{ Hash: pb.HashAlgo_SHA1, Pcrs: map[uint32][]byte{ 0: decodeHex("29d236609a5f9cc6912af44ba5f57b13a17c8a84"), 1: decodeHex("db16852a369b2503d6cc6c0007501c837dbe1170"), 2: decodeHex("0c8ef58d40b8cd1fe15f6b45fc1b385dd251eec0"), 3: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 4: decodeHex("c56cddf3dcf59a473a239efd17b130391e24b0df"), 5: decodeHex("23606963a2813421f5b6e76e32a337ff8940e413"), 6: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 7: decodeHex("9221b8fc57b60cb7de507dc016f88d4600cde9c5"), }, }, { Hash: pb.HashAlgo_SHA256, Pcrs: map[uint32][]byte{ 0: decodeHex("0e5ea849d7647a1ac1becc096fee4df98f00f8015f934afadaab0b8aa20b38a5"), 1: decodeHex("9750400838980c9419764b9cf19c975c0e159c18ebe21cb897c6e834a8d8d433"), 2: decodeHex("970096d49105b0404999173e49c3f6b8597b9c4c5ff6a9e364b55ce01037578e"), 3: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 4: decodeHex("ddb124ca9013f1e42f98537f7f381e47c5e6caa988cf2b4088f452c5a8dd912d"), 5: decodeHex("fb58603615cfec59c0428e71913d30d45f38e4280380cc814135a7659c246b13"), 6: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 7: decodeHex("9d1be46302bc4f5055c90a0376d9142e397ca8744f387c9824170f1bc855fde5"), }, }}, } // Agile Event Log from an Arch Linux worksation with systemd-boot and Secure Boot Disabled var ArchLinuxWorkstation = eventLog{ RawLog: test.ArchLinuxWorkstationEventLog, Banks: []*pb.PCRs{{ Hash: pb.HashAlgo_SHA1, Pcrs: map[uint32][]byte{ 0: decodeHex("a0487b0d95387d4a30560edf5f041307bf4a1dcc"), 1: decodeHex("56b71c334a5b67d3b7b3343e3241dff5a1ad87bf"), 2: decodeHex("01098a68e44e4fbd0af3b9a836b1b79e78c4f6f5"), 3: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 4: decodeHex("4c8b6f359b5e5cb9d09e825009a98e1281165b01"), 5: decodeHex("0dfa5ca60508ac5214515b20ed3e66289514fcb6"), 6: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 7: decodeHex("029c700c2fa2bc83cbf3ce4ee501ad4d984ec5ae"), 8: decodeHex("aa99fc93faa0777f42da6e1ae77a0653b5005619"), }, }, { Hash: pb.HashAlgo_SHA256, Pcrs: map[uint32][]byte{ 0: decodeHex("758b773d94feabf52ef5a4c00a7ad2c80d8d6e6d9d58756150be9bc973da9087"), 1: decodeHex("bfda688a5d320123fddb3fc70b746bc17647e2e7f2f96e130d429542bf4622d5"), 2: decodeHex("65dee4a48cde677aa89fa83c5c35e883fda658f743853e3ebad504ca6702f7c5"), 3: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 4: decodeHex("925d453d3dfef4ac0c72c957402163d45fa95d05e6d53f047263a3a60b598325"), 5: decodeHex("202522f005ef625588bb7c9e21335ba96a63c5086306138885b3bb2c381730ca"), 6: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 7: decodeHex("3b4a4db44b7a872524055364e62e897ae678e0d47ab0809f65c3a4ed77f66ab9"), 8: decodeHex("47591b43af431963eaeb5238a5c42eda1eb0014c27f7de7ae483066a2d2a2e61"), }, }}, } // Legacy Event Log from a Debian 10 GCE instance with Secure Boot enabled var Debian10GCE = eventLog{ RawLog: test.Debian10EventLog, Banks: []*pb.PCRs{{ Hash: pb.HashAlgo_SHA1, Pcrs: map[uint32][]byte{ 0: decodeHex("0f2d3a2a1adaa479aeeca8f5df76aadc41b862ea"), 1: decodeHex("b1676439cac1531683990fefe2218a43239d6fe8"), 2: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 3: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 4: decodeHex("1eb30816474a3f144e99b24e4ad480b2e51fd9e1"), 5: decodeHex("019079179dbc0eb5992c500dcf8a095910ac590d"), 6: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 7: decodeHex("9e6c57e850f371c2a7fe02bca552149363952318"), }, }}, // We shouldn't use these digests, as this Debian firmware does not measure // ExitBootService events, which means an attacker could extend additional // events after UEFI hands off the event log. ExpectedEFIAppDigests: map[pb.HashAlgo][]string{ pb.HashAlgo_SHA1: { "47263679db883d7ad9adbc93d6a1fbf8095f0133", "3fae23b18d72350207661af3875f2c492e97621c", "89b08941b47dcfbd4c8b3f2bc0fad984cd836b21", }, }, } // Agile Event Log from a Ubuntu 21.04 GCE instance with Secure Boot disabled var COS85AmdSev = eventLog{ RawLog: test.Cos85AmdSevEventLog, Banks: []*pb.PCRs{{ Hash: pb.HashAlgo_SHA1, Pcrs: map[uint32][]byte{ 0: decodeHex("c032c3b51dbb6f96b047421512fd4b4dfde496f3"), 1: decodeHex("e3e9e1d9deacd95b289bbbd3a1717a57af7d211b"), 2: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 3: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 4: decodeHex("6168c9ce88a8658920f2cf2f9012d3c6bbfab79b"), 5: decodeHex("fb6b3a15b220a74b0c4f73416919476702e930e2"), 6: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 7: decodeHex("42e669233f0e826df5093abfd6998c020df2de88"), 8: decodeHex("72778b0ba3c491db25eb7c8368cb1fb51f0ce458"), 9: decodeHex("08bd04f0dbadf591510340d94a0019c0ddcb779f"), }, }, { Hash: pb.HashAlgo_SHA256, Pcrs: map[uint32][]byte{ 0: decodeHex("0f35c214608d93c7a6e68ae7359b4a8be5a0e99eea9107ece427c4dea4e439cf"), 1: decodeHex("6eb40f5b6bfafcb9914d486ce59404acd24bc13a6a3c45cda3b44c9d7053d638"), 2: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 3: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 4: decodeHex("d690bdac2aa8b73a1d718cb91990df07d0747b07ea57b3b2d0f0d511f0d90491"), 5: decodeHex("e9e0b32564b6f8215b1bd43954d9f910682d39c3b18abd4737ac3b797cf269e0"), 6: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 7: decodeHex("3365d7fa2b024c852913c06e04ffbfa6ea5289f743bbf1a76f7ffdf21ed84793"), 8: decodeHex("9e9b6511ae6ad443aae4c7bf998ffffbcd271c874f1efab9d692f129eb6e6c18"), 9: decodeHex("f4f2d92d6d54f6c41f2706fd98091317642e0680a7902c72893d41e3464a93b7"), }, }}, ExpectedEFIAppDigests: map[pb.HashAlgo][]string{ pb.HashAlgo_SHA1: { "bfeec15d9359fe0aa8b5fb6451d1f73e5144c6d3", "860848ad3f129051f1e252749011cf7f7df837ee", "91cd5aa9c3e407237e8aeb122d4ab94494034a90", }, pb.HashAlgo_SHA256: { "dba8d69ffb244496ac8ab2950695d3da539d6ac5ec660fc6b4bdde245284cf23", "f7bad83f87940312e4642530a9a6242e88529dc37a497d7d4e7c1c070566d542", "6f6afb3caed004e727200a0c310731bd8ab4cd391b2d95cedf67d08e1e8e5e7e", }, pb.HashAlgo_SHA384: { "778bd7d6385d8ca0da5e504e3e554b67d98d9a712d957cb4cbb4d9b2e66ca96e31ddc18680af02b03a3a8a1b08da6aca", "d014c8c69b17ceb0f46be22b928f52684e717f40288246a61dadba00b1368c883cdde4e98762cc6788d94d0bcbd3f7ca", "ff8ff1db8fc98d02d944a90c58103b1b2ad3ba893ba4f302a006a572951491622341bb9387de20dd072cb8b6b3583cd0", }, }, } var COS93AmdSev = eventLog{ RawLog: test.Cos93AmdSevEventLog, Banks: []*pb.PCRs{{ Hash: pb.HashAlgo_SHA1, Pcrs: map[uint32][]byte{ 0: decodeHex("c032c3b51dbb6f96b047421512fd4b4dfde496f3"), 1: decodeHex("e3e9e1d9deacd95b289bbbd3a1717a57af7d211b"), 2: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 3: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 4: decodeHex("1e4b998edfb4d62fb88337a66b3af8be26159498"), 5: decodeHex("3421f02e05d71fe4bd002cbe22e68c230397821d"), 6: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 7: decodeHex("42e669233f0e826df5093abfd6998c020df2de88"), 8: decodeHex("ec84952e0c5c96cd4404122131b8f86d5ac7df7d"), 9: decodeHex("7a406f847075a86a55aa184cfe3fcef7eaff40a7"), }, }, { Hash: pb.HashAlgo_SHA256, Pcrs: map[uint32][]byte{ 0: decodeHex("0f35c214608d93c7a6e68ae7359b4a8be5a0e99eea9107ece427c4dea4e439cf"), 1: decodeHex("6eb40f5b6bfafcb9914d486ce59404acd24bc13a6a3c45cda3b44c9d7053d638"), 2: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 3: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 4: decodeHex("871e8343044ae4c87b402dcb94b5e49715b1b8dc1b19c43ba0801422fabb39d4"), 5: decodeHex("74be59dc8066011eade913db9a3db7978f93852c04816cba9427dd59b87042cc"), 6: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 7: decodeHex("3365d7fa2b024c852913c06e04ffbfa6ea5289f743bbf1a76f7ffdf21ed84793"), 8: decodeHex("ba18b7028111f1f193967cad3c23b5050f73061c0f119182ac0f42efd6a9159e"), 9: decodeHex("0b1e4f9ca7bc8535c4c33f0025969d7abea008aa51dcd7f7c2d1068470e4bce4"), }, }}, ExpectedEFIAppDigests: map[pb.HashAlgo][]string{ pb.HashAlgo_SHA1: { "d582c2803fd716f09e50c82967079ff593e1bc6b", "e3de6a97421ba8f329d4ba55e39df80013415a23", "03221584436f78e488cdaec3c691b7a18ff2f621", }, pb.HashAlgo_SHA256: { "27cce48e55b3bfb6eb6206a4cc2b53a497846496a6264495006ab28dffa5623e", "e3e226fb8c8e3b3fdb56c706a0fbfda080f34068aef5a1889c1bfa95f04c2e72", "dc0aca594caee03705bcfa817e7f666692d89b713815f4793b7abbc2a0e00b6c", }, pb.HashAlgo_SHA384: { "da419d9c92eb55b6e14f5665d81644fa163b908b1b1e317740f7a605f1734994dd90f4ea3373400c59fd7683751e30ef", "794e6206fe520d3b0bcbfd3e14b0dc8e41f6a8c3b131faef69442a11625fde690a1b77c46dcddcb443a8d3c1e3ea669c", "64b218ab263625b49da1172a9ab37cedbcd20d668beac1c3baac4cae640a1a7f77a07c05682b4147ec649c51243f6bbf", }, }, } var COS101AmdSev = eventLog{ RawLog: test.Cos101AmdSevEventLog, Banks: []*pb.PCRs{{ Hash: pb.HashAlgo_SHA1, Pcrs: map[uint32][]byte{ 0: decodeHex("c032c3b51dbb6f96b047421512fd4b4dfde496f3"), 1: decodeHex("e3e9e1d9deacd95b289bbbd3a1717a57af7d211b"), 2: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 3: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 4: decodeHex("1ebe08ea6c45e0dfbd2aad903d2e0d3ab69fd7ad"), 5: decodeHex("1c7ca47e5c09a78a747b0e0f051cc8cad6431400"), 6: decodeHex("b2a83b0ebf2f8374299a5b2bdfc31ea955ad7236"), 7: decodeHex("6847f752ad1795c279f289e1eecf0040cd53c1d4"), 8: decodeHex("a243d82bd1fa01ae487b7ba77dd73ebb7a17800a"), 9: decodeHex("fbbb8a8f120369810e7e161504556f0080afadac"), 14: decodeHex("1ba610b2d80967338649a8f88f45810448814bfc"), }, }, { Hash: pb.HashAlgo_SHA256, Pcrs: map[uint32][]byte{ 0: decodeHex("0f35c214608d93c7a6e68ae7359b4a8be5a0e99eea9107ece427c4dea4e439cf"), 1: decodeHex("6eb40f5b6bfafcb9914d486ce59404acd24bc13a6a3c45cda3b44c9d7053d638"), 2: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 3: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 4: decodeHex("6d9f1a1d461cf77517e8d4c488c53f338a71c5a8e2b81ab7011c14f72cbc9a80"), 5: decodeHex("d1a1ab23a5c3d98fbacff3891bad42d8e9257d61e1f683f42c6c9fa949bf96c5"), 6: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 7: decodeHex("2bc6edaa921f953cec0ffb28dad4f87114886603d6a782036502d28e69d97a48"), 8: decodeHex("ebb7c847c4ade99849bcffca236d32331224a530087a7ae4cb9f7db4c2e571b5"), 9: decodeHex("b5ad662e5eb9165825ee39ad66e851a67a193e0b87b27858f25ac58afa72ac57"), 14: decodeHex("d0d95459205afae879514db7b85630f5d6b8272ed8c731bf92933dbc9fe99969"), }, }}, ExpectedEFIAppDigests: map[pb.HashAlgo][]string{ pb.HashAlgo_SHA1: { "dc41c297c4ed857e9b6354cad8b448995c3052ea", "06ae09413b5107bb26aa68602ba4fe787d22f82e", "f894ac3a351baa3a5ce4dd8d6f497eb616723461", "f894ac3a351baa3a5ce4dd8d6f497eb616723461", }, pb.HashAlgo_SHA256: { "c7ac5d44444affd8d4a7c5d3dea0ce20a71e05812fc18777a428d092f78ae3ff", "c5d3b47de11a9a2a4a15ef5cb7202d7800a10609c0dcecc46e3e963d476b76ce", "af4161084115c9d5c1872f4473fe974b535e3a9a767688293720ac2cc6f7f9a3", "af4161084115c9d5c1872f4473fe974b535e3a9a767688293720ac2cc6f7f9a3", }, pb.HashAlgo_SHA384: { "72bf185794a865eb14fcdf93a2daa8ed281c932e2a7009d8489c38056389b3f3776d755ec703c95fb9c396f79dbd52c7", "5b38df39c7beec3bfd9c4cbd40c217bcbee190d1fa099a64c5f063d20efc3def26e48cbbd86d730c8eb4696a29759490", "968f2f6cb5bae537adfca30942803ddcda773bae368c042258e8818788265cd0e119936c9fcdb782785154a6705c5143", "968f2f6cb5bae537adfca30942803ddcda773bae368c042258e8818788265cd0e119936c9fcdb782785154a6705c5143", }, }, } var GdcHost = eventLog{ RawLog: test.GdcHost, Banks: []*pb.PCRs{{ Hash: pb.HashAlgo_SHA256, Pcrs: map[uint32][]byte{ 0: decodeHex("dab77c454bd12c27ff6b6ce1f9adca90b7a330c1cef0b5cd01cb89fb3bd0dffa"), 1: decodeHex("e9c706539943b2d9770715914f9b3946fab0265327bace4c479913acb9014051"), 2: decodeHex("7fde57284c6a0eabdc9b829db4e2ab0bb565c4189410de2474dd116bc18bafcc"), 3: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 4: decodeHex("ded8b5d91a09c328b9859d8c9db5a346f1065224616b0ba66d6c83dba2b465e8"), 5: decodeHex("163ee251955b844012f1493aa962b2a18acbec194ea4856cdc45cd54c8540058"), 6: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 7: decodeHex("2c9252609eda09899d96abe16b947d0e736c43271997c1fa5189e9bcd37ba516"), 8: decodeHex("8edecd4daa5194ea70a2a9f2c71c7c816bd3b1e0a1ca6f4abea7306250191eba"), 9: decodeHex("731d336f9f3255e80b429de54fb77b2ad5e485829eb386d661c668245f30f44b"), 14: decodeHex("306f9d8b94f17d93dc6e7cf8f5c79d652eb4c6c4d13de2dddc24af416e13ecaf"), }, }}, ExpectedEFIAppDigests: map[pb.HashAlgo][]string{ pb.HashAlgo_SHA256: { "c7ac5d44444affd8d4a7c5d3dea0ce20a71e05812fc18777a428d092f78ae3ff", "c5d3b47de11a9a2a4a15ef5cb7202d7800a10609c0dcecc46e3e963d476b76ce", "af4161084115c9d5c1872f4473fe974b535e3a9a767688293720ac2cc6f7f9a3", "af4161084115c9d5c1872f4473fe974b535e3a9a767688293720ac2cc6f7f9a3", }, }, } var SP800155EventLog = eventLog{ RawLog: test.SP800155EventLog, Banks: []*pb.PCRs{{ Hash: pb.HashAlgo_SHA256, Pcrs: map[uint32][]byte{ 0: decodeHex("d0c70a9310cd0b55767084333022ce53f42befbb69c059ee6c0a32766f160783"), 1: decodeHex("f28e7dc5d058b98ba6f635c1de061a507426983b7ec370d3ba7ce90bdfd1a7c1"), 2: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 3: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 4: decodeHex("18314f0c33adea45e461155e190199716256ca532cd89e9aa3b7d2f6407fa4c8"), 5: decodeHex("7da8fcc5689af6d0f2a089b19bbe146702372ccfdc3d5758bf6b49ba50c7366e"), 6: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 7: decodeHex("8c5dc451764d0db9c1e17da03564bcae3a09fa3d7f8e467d9c381dc8698377d6"), 8: decodeHex("98effecabbbdc67dd7627d0c50f24bbce548ca6e6fcca30ad284afde91a042a4"), 9: decodeHex("06f41037a0f42d7308ff2d955ef6c0a5d2fe0a70f7c81ce288d3a158f4978b2f"), 14: decodeHex("6eb05e8a8a6272a8e4b925a67c650daa13c12b1a80cc797d40fd345e29660161"), }, }}, } var CGKE251000 = eventLog{ RawLog: test.CGKE251000, Banks: []*pb.PCRs{{ Hash: pb.HashAlgo_SHA256, Pcrs: map[uint32][]byte{ 0: decodeHex("d0c70a9310cd0b55767084333022ce53f42befbb69c059ee6c0a32766f160783"), 1: decodeHex("f28e7dc5d058b98ba6f635c1de061a507426983b7ec370d3ba7ce90bdfd1a7c1"), 2: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 3: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 4: decodeHex("18314f0c33adea45e461155e190199716256ca532cd89e9aa3b7d2f6407fa4c8"), 5: decodeHex("7da8fcc5689af6d0f2a089b19bbe146702372ccfdc3d5758bf6b49ba50c7366e"), 6: decodeHex("3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969"), 7: decodeHex("8c5dc451764d0db9c1e17da03564bcae3a09fa3d7f8e467d9c381dc8698377d6"), 8: decodeHex("98effecabbbdc67dd7627d0c50f24bbce548ca6e6fcca30ad284afde91a042a4"), 9: decodeHex("4df4604236d15333b1a07acdb3c4655f3da5c0843b62e7a9df2f62844a9d92f1"), 14: decodeHex("6eb05e8a8a6272a8e4b925a67c650daa13c12b1a80cc797d40fd345e29660161"), }, }}, } func TestParseEventLogs(t *testing.T) { sbatErrorStr := "asn1: structure error: tags don't match (16 vs {class:0 tag:24 length:10 isCompound:true})" logs := []struct { eventLog name string opts VerifyOpts // This field handles known issues with event log parsing or bad event // logs. // Set to nil when the event log has no known issues. errorSubstrs []string }{ {Debian10GCE, "Debian10GCE", VerifyOpts{Loader: UnsupportedLoader}, nil}, {Rhel8GCE, "Rhel8GCE", VerifyOpts{Loader: GRUB}, nil}, {UbuntuAmdSevGCE, "UbuntuAmdSevGCE", VerifyOpts{Loader: GRUB}, nil}, // TODO: remove once the fix is pulled in // https://github.com/google/go-attestation/pull/222 {Ubuntu2104NoDbxGCE, "Ubuntu2104NoDbxGCE", VerifyOpts{Loader: GRUB}, []string{sbatErrorStr}}, {Ubuntu2104NoSecureBootGCE, "Ubuntu2104NoSecureBootGCE", VerifyOpts{Loader: GRUB}, []string{sbatErrorStr}}, // This event log has a SecureBoot variable length of 0. {ArchLinuxWorkstation, "ArchLinuxWorkstation", VerifyOpts{Loader: UnsupportedLoader, AllowEFIAppBeforeCallingEvent: true}, archLinuxKnownParsingFailures}, {COS85AmdSev, "COS85AmdSev", VerifyOpts{Loader: GRUB}, nil}, {COS93AmdSev, "COS93AmdSev", VerifyOpts{Loader: GRUB}, nil}, {COS101AmdSev, "COS101AmdSev", VerifyOpts{Loader: GRUB}, nil}, {Ubuntu2404AmdSevSnp, "Ubuntu2404AmdSevSnp", VerifyOpts{Loader: GRUB}, nil}, {GdcHost, "GdcHost", VerifyOpts{Loader: GRUB, AllowEFIAppBeforeCallingEvent: true}, []string{"invalid SCRTM version event for PCR0"}}, {SP800155EventLog, "SP800155EventLog", VerifyOpts{Loader: GRUB}, nil}, {CGKE251000, "CGKE251000", VerifyOpts{Loader: GRUB}, nil}, } for _, log := range logs { rawLog := log.RawLog for _, bank := range log.Banks { hashName := pb.HashAlgo_name[int32(bank.Hash)] subtestName := fmt.Sprintf("%s-%s", log.name, hashName) t.Run(subtestName, func(t *testing.T) { if _, err := parsePCClientEventLog(rawLog, bank, log.opts); err != nil { gErr, ok := err.(*GroupedError) if !ok { t.Errorf("ParseMachineState should return a GroupedError") } if len(log.errorSubstrs) == 0 { t.Errorf("expected no errors in GroupedError, received (%v)", err) } if !gErr.containsKnownSubstrings(log.errorSubstrs) { t.Errorf("failed to parse and replay log: %v", err) } } }) } } } func TestParseMachineStateReplayFail(t *testing.T) { badPcrs := pb.PCRs{Hash: pb.HashAlgo_SHA1} pcrMap := make(map[uint32][]byte) pcrMap[0] = []byte{0, 0, 0, 0} badPcrs.Pcrs = pcrMap _, err := parsePCClientEventLog(Debian10GCE.RawLog, &badPcrs, VerifyOpts{Loader: UnsupportedLoader}) if err == nil { t.Errorf("ParseMachineState should fail to replay the event log") } _, ok := err.(*GroupedError) if !ok { t.Errorf("ParseMachineState should return a GroupedError") } } func TestSystemParseEventLog(t *testing.T) { rwc := test.GetTPM(t) defer client.CheckedClose(t, rwc) evtLog, err := client.GetEventLog(rwc) if err != nil { t.Fatalf("failed to retrieve Event Log: %v", err) } sel := client.FullPcrSel(tpm2.AlgSHA1) pcrs, err := client.ReadPCRs(rwc, sel) if err != nil { t.Fatalf("failed to read PCRs: %v", err) } if _, err = parsePCClientEventLog(evtLog, pcrs, VerifyOpts{Loader: UnsupportedLoader}); err != nil { t.Errorf("failed to parse MachineState: %v", err) } } func TestEmptyEventlog(t *testing.T) { emptyLog := []byte{} emptyState := &attestpb.MachineState{ Hash: pb.HashAlgo_SHA1, Platform: &attestpb.PlatformState{Firmware: &attestpb.PlatformState_ScrtmVersionId{}}, SecureBoot: &attestpb.SecureBootState{}, } // SHA-1 PCR data consisting of all zero digests (i.e. the reset state) zeroDigest := make([]byte, crypto.SHA1.Size()) zeroPCRs := &pb.PCRs{Hash: pb.HashAlgo_SHA1, Pcrs: make(map[uint32][]byte)} for i := uint32(0); i < 24; i++ { zeroPCRs.Pcrs[i] = zeroDigest } // For our "Real" PCR data, use the simulated TPM (which has extended events) rwc := test.GetTPM(t) defer client.CheckedClose(t, rwc) realPCRs, err := client.ReadPCRs(rwc, client.FullPcrSel(tpm2.AlgSHA1)) if err != nil { t.Fatalf("failed to read PCRs: %v", err) } cases := []struct { name string pcrs *pb.PCRs }{ {"Empty", &pb.PCRs{Hash: pb.HashAlgo_SHA1}}, {"AllZero", zeroPCRs}, {"Real", realPCRs}, } for _, c := range cases { t.Run(c.name, func(t *testing.T) { state, err := parsePCClientEventLog(emptyLog, c.pcrs, VerifyOpts{Loader: UnsupportedLoader}) if err != nil { t.Errorf("parsing empty eventlog: %v", err) } if diff := cmp.Diff(state, emptyState, protocmp.Transform(), protocmp.IgnoreEmptyMessages()); diff != "" { t.Errorf("unexpected non-empty MachineState:\n%v", diff) } }) } } func TestParseSecureBootState(t *testing.T) { for _, bank := range UbuntuAmdSevGCE.Banks { msState, err := parsePCClientEventLog(UbuntuAmdSevGCE.RawLog, bank, VerifyOpts{Loader: UnsupportedLoader}) if err != nil { t.Errorf("failed to parse and replay log: %v", err) } containsWinProdPCA := false contains3PUEFI := false if len(msState.GetSecureBoot().GetDb().GetHashes()) != 0 { t.Error("found hashes in db") } for _, cert := range msState.GetSecureBoot().GetDb().GetCerts() { switch c := cert.GetRepresentation().(type) { case *attestpb.Certificate_WellKnown: if c.WellKnown == attestpb.WellKnownCertificate_UNKNOWN { t.Error(("found WellKnownCertificate_UNKNOWN in db")) } if c.WellKnown == attestpb.WellKnownCertificate_MS_THIRD_PARTY_UEFI_CA_2011 { contains3PUEFI = true } else if c.WellKnown == attestpb.WellKnownCertificate_MS_WINDOWS_PROD_PCA_2011 { containsWinProdPCA = true } } } if !contains3PUEFI || !containsWinProdPCA { t.Error("expected to see both WinProdPCA and ThirdPartyUEFI certs") } if len(msState.GetSecureBoot().GetPk().GetHashes()) != 0 { t.Error("found hashes in pk") } pkCerts := msState.GetSecureBoot().GetPk().GetCerts() if len(pkCerts) != 1 { t.Errorf("expected to see exactly one cert in pk, but found %d", len(pkCerts)) } else { switch c := pkCerts[0].GetRepresentation().(type) { case *attestpb.Certificate_WellKnown: if c.WellKnown != attestpb.WellKnownCertificate_GCE_DEFAULT_PK { t.Error("expected to see WellKnownCertificate_GCE_DEFAULT_PK in pk got a different well known cert") } default: t.Error("expected to see WellKnownCertificate_GCE_DEFAULT_PK in pk") } } if len(msState.GetSecureBoot().GetKek().GetHashes()) != 0 { t.Error("found hashes in kek") } kekCerts := msState.GetSecureBoot().GetKek().GetCerts() if len(kekCerts) != 1 { t.Errorf("expected to see exactly one cert in kek, but found %d", len(kekCerts)) } else { switch c := kekCerts[0].GetRepresentation().(type) { case *attestpb.Certificate_WellKnown: if c.WellKnown != attestpb.WellKnownCertificate_MS_THIRD_PARTY_KEK_CA_2011 { t.Error("expected to see WellKnownCertificate_MS_THIRD_PARTY_KEK_CA_2011 in kek got a different well known cert") } default: t.Error("expected to see WellKnownCertificate_MS_THIRD_PARTY_KEK_CA_2011 in kek") } } } } func convertToPCRBank(t *testing.T, pcrs *pb.PCRs) register.PCRBank { pcrBank := register.PCRBank{TCGHashAlgo: state.HashAlgo(pcrs.Hash)} digestAlg, err := pcrBank.TCGHashAlgo.CryptoHash() if err != nil { t.Fatal(err) } for ind, dgst := range pcrs.GetPcrs() { pcrBank.PCRs = append(pcrBank.PCRs, register.PCR{ Index: int(ind), Digest: dgst, DigestAlg: digestAlg}, ) } return pcrBank } func getRTMRBank(t *testing.T, fakeRTMR *fakertmr.RtmrSubsystem) register.RTMRBank { rtmrBank := register.RTMRBank{} // RTMR 0 to 3 for i := 0; i < 4; i++ { digest, err := configfstsmrtmr.GetDigest(fakeRTMR, i) if err != nil { t.Fatal(err) } rtmrBank.RTMRs = append(rtmrBank.RTMRs, register.RTMR{Index: i, Digest: digest.Digest}) } return rtmrBank } func TestParsingRTMREventlog(t *testing.T) { coscel := &cel.CEL{} emptyCosState := attestpb.ContainerState{} emptyHealthMonitoringState := attestpb.HealthMonitoringState{} emptyGpuDeviceState := attestpb.GpuDeviceState{} var buf bytes.Buffer // First, encode an empty CEL and try to parse it. if err := coscel.EncodeCEL(&buf); err != nil { t.Fatal(err) } fakeRTMR := fakertmr.CreateRtmrSubsystem(t.TempDir()) rtmrBank := getRTMRBank(t, fakeRTMR) acosState, err := ParseCosCELRTMR(buf.Bytes(), rtmrBank) if err != nil { t.Errorf("expecting no error from ParseCosCELRTMR(), but get %v", err) } if diff := cmp.Diff(acosState.Container, &emptyCosState, protocmp.Transform()); diff != "" { t.Errorf("unexpected container state difference:\n%v", diff) } if diff := cmp.Diff(acosState.HealthMonitoring, &emptyHealthMonitoringState, protocmp.Transform()); diff != "" { t.Errorf("unexpected health monitoring difference:\n%v", diff) } if acosState.HealthMonitoring.MemoryEnabled != nil { t.Errorf("unexpected MemoryEnabled state, want nil, but got %v", *acosState.HealthMonitoring.MemoryEnabled) } if diff := cmp.Diff(acosState.GpuDeviceState, &emptyGpuDeviceState, protocmp.Transform()); diff != "" { t.Errorf("unexpected GPU device state difference:\n%v", diff) } // add events testCELEvents := []struct { cosNestedEventType cel.CosType register int eventPayload []byte }{ {cel.ImageRefType, cel.CosRTMR, []byte("docker.io/bazel/experimental/test:latest")}, {cel.ImageDigestType, cel.CosRTMR, []byte("sha256:781d8dfdd92118436bd914442c8339e653b83f6bf3c1a7a98efcfb7c4fed7483")}, {cel.RestartPolicyType, cel.CosRTMR, []byte(attestpb.RestartPolicy_Always.String())}, {cel.ImageIDType, cel.CosRTMR, []byte("sha256:5DF4A1AC347DCF8CF5E9D0ABC04B04DB847D1B88D3B1CC1006F0ACB68E5A1F4B")}, {cel.EnvVarType, cel.CosRTMR, []byte("foo=bar")}, {cel.EnvVarType, cel.CosRTMR, []byte("bar=baz")}, {cel.EnvVarType, cel.CosRTMR, []byte("baz=foo=bar")}, {cel.EnvVarType, cel.CosRTMR, []byte("empty=")}, {cel.ArgType, cel.CosRTMR, []byte("--x")}, {cel.ArgType, cel.CosRTMR, []byte("--y")}, {cel.ArgType, cel.CosRTMR, []byte("")}, {cel.MemoryMonitorType, cel.CosRTMR, []byte{1}}, {cel.GpuCCModeType, cel.CosRTMR, []byte(attestpb.GPUDeviceCCMode_ON.String())}, } expectedEnvVars := make(map[string]string) expectedEnvVars["foo"] = "bar" expectedEnvVars["bar"] = "baz" expectedEnvVars["baz"] = "foo=bar" expectedEnvVars["empty"] = "" wantContainerState := attestpb.ContainerState{ ImageReference: string(testCELEvents[0].eventPayload), ImageDigest: string(testCELEvents[1].eventPayload), RestartPolicy: attestpb.RestartPolicy_Always, ImageId: string(testCELEvents[3].eventPayload), EnvVars: expectedEnvVars, Args: []string{string(testCELEvents[8].eventPayload), string(testCELEvents[9].eventPayload), string(testCELEvents[10].eventPayload)}, } enabled := true wantHealthMonitoringState := attestpb.HealthMonitoringState{ MemoryEnabled: &enabled, } wantGpuDeviceState := attestpb.GpuDeviceState{ CcMode: attestpb.GPUDeviceCCMode_ON, } for _, testEvent := range testCELEvents { cosEvent := cel.CosTlv{EventType: testEvent.cosNestedEventType, EventContent: testEvent.eventPayload} if err := coscel.AppendEventRTMR(fakeRTMR, testEvent.register, cosEvent); err != nil { t.Fatal(err) } } buf = bytes.Buffer{} if err := coscel.EncodeCEL(&buf); err != nil { t.Fatal(err) } rtmrBank = getRTMRBank(t, fakeRTMR) if acosState, err := ParseCosCELRTMR(buf.Bytes(), rtmrBank); err != nil { t.Errorf("expecting no error from ParseCosCELRTMR(), but get %v", err) } else { if diff := cmp.Diff(acosState.Container, &wantContainerState, protocmp.Transform()); diff != "" { t.Errorf("unexpected container state difference:\n%v", diff) } if diff := cmp.Diff(acosState.HealthMonitoring, &wantHealthMonitoringState, protocmp.Transform()); diff != "" { t.Errorf("unexpected health monitoring state difference:\n%v", diff) } if diff := cmp.Diff(acosState.GpuDeviceState, &wantGpuDeviceState, protocmp.Transform()); diff != "" { t.Errorf("unexpected GPU device state difference:\n%v", diff) } } // Faking PCR with RTMR should fail imposterPcrBank := map[uint32][]byte{} imposterPcrBank[1] = rtmrBank.RTMRs[0].Digest imposterPcrBank[2] = rtmrBank.RTMRs[1].Digest imposterPcrBank[3] = rtmrBank.RTMRs[2].Digest imposterPcrBank[4] = rtmrBank.RTMRs[3].Digest imposterPcrs := &pb.PCRs{Hash: pb.HashAlgo_SHA384, Pcrs: imposterPcrBank} hackedPCRBank := convertToPCRBank(t, imposterPcrs) if _, err = ParseCosCELPCR(buf.Bytes(), hackedPCRBank); err == nil { t.Errorf("expecting error from ParseCosCELPCR() when using RTMR CEL Log, but get nil") } } func TestParsingCELEventLog(t *testing.T) { test.SkipForRealTPM(t) tpm := test.GetTPM(t) defer client.CheckedClose(t, tpm) coscel := &cel.CEL{} emptyCosState := attestpb.ContainerState{} emptyHealthMonitoringState := attestpb.HealthMonitoringState{} emptyGpuDeviceState := attestpb.GpuDeviceState{} var buf bytes.Buffer // First, encode an empty CEL and try to parse it. if err := coscel.EncodeCEL(&buf); err != nil { t.Fatal(err) } banks, err := client.ReadAllPCRs(tpm) if err != nil { t.Fatal(err) } implementedHashes := []crypto.Hash{} // get all implmented hash algo in the TPM for _, h := range banks { hsh, err := tpm2.Algorithm(h.Hash).Hash() if err != nil { t.Fatal(err) } implementedHashes = append(implementedHashes, crypto.Hash(hsh)) } for _, bank := range banks { pcrBank := convertToPCRBank(t, bank) // pcrs can have any value here, since the coscel has no records, the replay should always success. acosState, err := ParseCosCELPCR(buf.Bytes(), pcrBank) if err != nil { t.Errorf("expecting no error from ParseCosCELPCR(), but get %v", err) } if diff := cmp.Diff(acosState.Container, &emptyCosState, protocmp.Transform()); diff != "" { t.Errorf("unexpected container state difference:\n%v", diff) } if diff := cmp.Diff(acosState.HealthMonitoring, &emptyHealthMonitoringState, protocmp.Transform()); diff != "" { t.Errorf("unexpected health monitoring difference:\n%v", diff) } if acosState.HealthMonitoring.MemoryEnabled != nil { t.Errorf("unexpected MemoryEnabled state, want nil, but got %v", *acosState.HealthMonitoring.MemoryEnabled) } if diff := cmp.Diff(acosState.GpuDeviceState, &emptyGpuDeviceState, protocmp.Transform()); diff != "" { t.Errorf("unexpected GPU device state difference:\n%v", diff) } } // Secondly, append some real COS events to the CEL. This time we should get content in the CosState. testCELEvents := []struct { cosNestedEventType cel.CosType pcr int eventPayload []byte }{ {cel.ImageRefType, cel.CosEventPCR, []byte("docker.io/bazel/experimental/test:latest")}, {cel.ImageDigestType, cel.CosEventPCR, []byte("sha256:781d8dfdd92118436bd914442c8339e653b83f6bf3c1a7a98efcfb7c4fed7483")}, {cel.RestartPolicyType, cel.CosEventPCR, []byte(attestpb.RestartPolicy_Always.String())}, {cel.ImageIDType, cel.CosEventPCR, []byte("sha256:5DF4A1AC347DCF8CF5E9D0ABC04B04DB847D1B88D3B1CC1006F0ACB68E5A1F4B")}, {cel.EnvVarType, cel.CosEventPCR, []byte("foo=bar")}, {cel.EnvVarType, cel.CosEventPCR, []byte("bar=baz")}, {cel.EnvVarType, cel.CosEventPCR, []byte("baz=foo=bar")}, {cel.EnvVarType, cel.CosEventPCR, []byte("empty=")}, {cel.ArgType, cel.CosEventPCR, []byte("--x")}, {cel.ArgType, cel.CosEventPCR, []byte("--y")}, {cel.ArgType, cel.CosEventPCR, []byte("")}, {cel.MemoryMonitorType, cel.CosEventPCR, []byte{1}}, {cel.GpuCCModeType, cel.CosEventPCR, []byte(attestpb.GPUDeviceCCMode_OFF.String())}, } expectedEnvVars := make(map[string]string) expectedEnvVars["foo"] = "bar" expectedEnvVars["bar"] = "baz" expectedEnvVars["baz"] = "foo=bar" expectedEnvVars["empty"] = "" wantContainerState := attestpb.ContainerState{ ImageReference: string(testCELEvents[0].eventPayload), ImageDigest: string(testCELEvents[1].eventPayload), RestartPolicy: attestpb.RestartPolicy_Always, ImageId: string(testCELEvents[3].eventPayload), EnvVars: expectedEnvVars, Args: []string{string(testCELEvents[8].eventPayload), string(testCELEvents[9].eventPayload), string(testCELEvents[10].eventPayload)}, } enabled := true wantHealthMonitoringState := attestpb.HealthMonitoringState{ MemoryEnabled: &enabled, } wantGpuDeviceState := attestpb.GpuDeviceState{ CcMode: attestpb.GPUDeviceCCMode_OFF, } for _, testEvent := range testCELEvents { cosEvent := cel.CosTlv{EventType: testEvent.cosNestedEventType, EventContent: testEvent.eventPayload} if err := coscel.AppendEventPCR(tpm, testEvent.pcr, cosEvent); err != nil { t.Fatal(err) } } buf = bytes.Buffer{} if err := coscel.EncodeCEL(&buf); err != nil { t.Fatal(err) } banks, err = client.ReadAllPCRs(tpm) if err != nil { t.Fatal(err) } for _, bank := range banks { pcrBank := convertToPCRBank(t, bank) if acosState, err := ParseCosCELPCR(buf.Bytes(), pcrBank); err != nil { t.Errorf("expecting no error from ParseCosCELPCR(), but get %v", err) } else { if diff := cmp.Diff(acosState.Container, &wantContainerState, protocmp.Transform()); diff != "" { t.Errorf("unexpected container state difference:\n%v", diff) } if diff := cmp.Diff(acosState.HealthMonitoring, &wantHealthMonitoringState, protocmp.Transform()); diff != "" { t.Errorf("unexpected health monitoring state difference:\n%v", diff) } if diff := cmp.Diff(acosState.GpuDeviceState, &wantGpuDeviceState, protocmp.Transform()); diff != "" { t.Errorf("unexpected GPU device state difference:\n%v", diff) } } } // Thirdly, append a random non-COS event, encode and try to parse it. // Because there is no COS TLV event, attestation should fail as we do not // understand the content type. event, err := generateNonCosCelEvent(implementedHashes) if err != nil { t.Fatal(err) } coscel.Records = append(coscel.Records, event) buf = bytes.Buffer{} if err := coscel.EncodeCEL(&buf); err != nil { t.Fatal(err) } // extend digests to the PCR for _, hash := range implementedHashes { algo, err := tpm2.HashToAlgorithm(hash) if err != nil { t.Fatal(err) } if err := tpm2.PCRExtend(tpm, tpmutil.Handle(cel.CosEventPCR), algo, event.Digests[hash], ""); err != nil { t.Fatal(err) } } banks, err = client.ReadAllPCRs(tpm) if err != nil { t.Fatal(err) } for _, bank := range banks { pcrBank := convertToPCRBank(t, bank) _, err := ParseCosCELPCR(buf.Bytes(), pcrBank) if err == nil { t.Errorf("expected error when parsing event log with unknown content type") } } } func generateNonCosCelEvent(hashAlgoList []crypto.Hash) (cel.Record, error) { randRecord := cel.Record{} randRecord.RecNum = 0 randRecord.Index = cel.CosEventPCR contentValue := make([]byte, 10) rand.Read(contentValue) randRecord.Content = cel.TLV{Type: 250, Value: contentValue} contentBytes, err := randRecord.Content.MarshalBinary() if err != nil { return cel.Record{}, err } digestMap := make(map[crypto.Hash][]byte) for _, hash := range hashAlgoList { h := hash.New() h.Write(contentBytes) digestMap[hash] = h.Sum(nil) } randRecord.Digests = digestMap return randRecord, nil } func TestParseLinuxKernelState(t *testing.T) { logs := []struct { eventLog name string expectedCmdline string }{ {COS85AmdSev, "COS85AmdSev", test.Cos85AmdSevCmdline}, {COS93AmdSev, "COS93AmdSev", test.Cos93AmdSevCmdline}, {COS101AmdSev, "COS101AmdSev", test.Cos101AmdSevCmdline}, {Ubuntu2404AmdSevSnp, "Ubuntu2404AmdSevSnp", test.Ubuntu2404AmdSevSnpCmdline}, } for _, log := range logs { for _, bank := range log.Banks { hashName := pb.HashAlgo_name[int32(bank.Hash)] subtestName := fmt.Sprintf("%s-%s", log.name, hashName) t.Run(subtestName, func(t *testing.T) { msState, err := parsePCClientEventLog(log.RawLog, bank, VerifyOpts{Loader: GRUB}) if err != nil { t.Errorf("failed to parse and replay log: %v", err) } if msState.LinuxKernel == nil || len(msState.LinuxKernel.CommandLine) == 0 { t.Errorf("expected %s to have a LinuxKernelState", log.name) } if msState.LinuxKernel.CommandLine != log.expectedCmdline { t.Errorf("kernel command line for log %s:\n'%s'\n did not match expected cmdline:\n'%s'", log.name, msState.LinuxKernel.CommandLine, log.expectedCmdline) } }) } } } func TestNullTerminatedDataDigest(t *testing.T) { rawdata := []byte("123456") rawdataNullTerminated := []byte("123456\x00") rawdataModifyLastByte := []byte("123456\xff") hash := crypto.SHA256 hasher := hash.New() hasher.Write(rawdata) rawDigest := hasher.Sum(nil) hasher.Reset() hasher.Write(rawdataNullTerminated) nullTerminatedDigest := hasher.Sum(nil) hasher.Reset() if err := verifyDataDigest(hasher, rawdata, rawDigest); err != nil { t.Error(err) } if err := verifyDataDigest(hasher, rawdata, nullTerminatedDigest); err == nil { t.Errorf("non null-terminated data should not match the null-terminated digest") } // "rawdata + '\x00'" can be verified with digest("rawdata") as well as digest("rawdata + '\x00'") if err := verifyNullTerminatedDataDigest(hasher, rawdataNullTerminated, nullTerminatedDigest); err != nil { t.Error(err) } if err := verifyNullTerminatedDataDigest(hasher, rawdataNullTerminated, rawDigest); err != nil { t.Error(err) } if err := verifyNullTerminatedDataDigest(hasher, rawdata, nullTerminatedDigest); err == nil { t.Errorf("non null-terminated data should always fail") } if err := verifyNullTerminatedDataDigest(hasher, rawdataModifyLastByte, nullTerminatedDigest); err == nil { t.Errorf("manipulated null terminated data should fail") } if err := verifyNullTerminatedDataDigest(hasher, []byte{}, []byte{}); err == nil { t.Errorf("len() == 0 should always fail") } } func TestParseGrubState(t *testing.T) { logs := []struct { eventLog name string }{ {COS85AmdSev, "COS85AmdSev"}, {COS93AmdSev, "COS93AmdSev"}, {COS101AmdSev, "COS101AmdSev"}, {Ubuntu2404AmdSevSnp, "Ubuntu2404AmdSevSnp"}, } for _, log := range logs { for _, bank := range log.Banks { hashName := pb.HashAlgo_name[int32(bank.Hash)] subtestName := fmt.Sprintf("%s-%s", log.name, hashName) t.Run(subtestName, func(t *testing.T) { msState, err := parsePCClientEventLog(log.RawLog, bank, VerifyOpts{Loader: GRUB}) if err != nil { t.Errorf("failed to parse and replay log: %v", err) } if len(msState.Grub.GetCommands()) == 0 { t.Errorf("expected COS85 to run GRUB commands!") } if strings.HasPrefix(subtestName, "COS") && len(msState.Grub.GetFiles()) != 2 { t.Errorf("expected COS85 to read two files (grub.cfg and kernel)!") } // check the absence of EV_EVENT_TAG in the GRUB files. for _, f := range msState.Grub.GetFiles() { if bytes.Equal(f.GetUntrustedFilename(), decodeHex(EventTagLoadedImageHex)) { t.Error("EV_EVENT_TAG should not be in the GRUB files") } } }) } } } func TestParseGrubStateFail(t *testing.T) { // No GRUB measurements for this event log. eventlog := GlinuxNoSecureBootLaptop for _, bank := range eventlog.Banks { hashName := pb.HashAlgo_name[int32(bank.Hash)] subtestName := fmt.Sprintf("GlinuxNoSecureBootLaptop-%s", hashName) t.Run(subtestName, func(t *testing.T) { _, err := parsePCClientEventLog(eventlog.RawLog, bank, VerifyOpts{Loader: GRUB}) if err == nil { t.Error("expected error when parsing GRUB state") } gErr, ok := err.(*GroupedError) if !ok { t.Errorf("ParseMachineState should return a GroupedError") } if !gErr.containsSubstring("no GRUB measurements found") { t.Errorf("expected GroupedError (%s) to contain no GRUB measurements error", err) } }) } } func TestParseEfiState(t *testing.T) { logs := []struct { eventLog name string }{ {Rhel8GCE, "Rhel8GCE"}, {UbuntuAmdSevGCE, "UbuntuAmdSevGCE"}, {Ubuntu2104NoSecureBootGCE, "Ubuntu2104NoSecureBootGCE"}, {COS85AmdSev, "COS85AmdSev"}, {COS93AmdSev, "COS93AmdSev"}, {COS101AmdSev, "COS101AmdSev"}, } for _, log := range logs { for _, bank := range log.Banks { hashName := pb.HashAlgo_name[int32(bank.Hash)] subtestName := fmt.Sprintf("%s-%s", log.name, hashName) t.Run(subtestName, func(t *testing.T) { msState, err := parsePCClientEventLog(log.RawLog, bank, VerifyOpts{Loader: UnsupportedLoader}) if err != nil { t.Errorf("parsePCClientEventLog(%v, %v) got err = %v, want nil", log.name, bank.GetHash().String(), err) } if msState.GetEfi() == nil { t.Error("msState.GetEfi() returned nil, want EFI state") } efiApps := msState.GetEfi().GetApps() if len(efiApps) == 0 { t.Error("msState.GetEfi().GetApps() returned empty, want non-zero length") } expectedDigestStrs := log.ExpectedEFIAppDigests[bank.Hash] if len(expectedDigestStrs) == 0 { t.Fatalf("%v log used to test EFIState, but it has no expected EFI App digests", log.name) } expectedDigests := make([][]byte, 0, len(expectedDigestStrs)) for _, digestStr := range log.ExpectedEFIAppDigests[bank.Hash] { expectedDigests = append(expectedDigests, decodeHex(digestStr)) } gotDigests := make([][]byte, 0, len(efiApps)) for _, app := range efiApps { gotDigests = append(gotDigests, app.GetDigest()) } if !cmp.Equal(gotDigests, expectedDigests) { t.Errorf("msState.GetEfi().GetApps() digests got %v, want %v", gotDigests, expectedDigests) } }) } } } func TestGetGrubStateWithModifiedNullTerminator(t *testing.T) { // Choose an eventlog with GRUB. eventlog := UbuntuAmdSevGCE // Just use the SHA256 bank. events, err := parseReplayHelper(eventlog.RawLog, eventlog.Banks[1]) if err != nil { t.Fatal(err) } cryptoHash, _ := tpm2.Algorithm(eventlog.Banks[1].Hash).Hash() // Make sure the original events can parse successfully. pbEvents := convertToPbEvents(cryptoHash, events) if _, err := getGrubState(cryptoHash, pbEvents); err != nil { t.Fatal(err) } // Change the null terminator. for _, e := range events { if e.Index == 8 { if e.Data[len(e.Data)-1] == '\x00' { e.Data[len(e.Data)-1] = '\xff' } } } // Parse again, make sure it will fail. pbEvents = convertToPbEvents(cryptoHash, events) if _, err := getGrubState(cryptoHash, pbEvents); err == nil { t.Error("Expected getGrubState to fail after modifying the null terminator") } } func TestParseEventLogCallingEFIAppError(t *testing.T) { tests := []struct { eventLog name string }{ {ArchLinuxWorkstation, "ArchLinuxWorkstation"}, {GdcHost, "GdcHost"}, } for _, test := range tests { t.Run(test.name, func(t *testing.T) { for _, bank := range test.Banks { if _, err := parsePCClientEventLog(test.RawLog, bank, VerifyOpts{AllowEFIAppBeforeCallingEvent: false}); err == nil || !strings.Contains(err.Error(), "before CallingEFIApp event") { t.Errorf("parsePCClientEventLog(%s): expected Calling EFI App error, received %v", test.name, err) } } }) } } func decodeHex(hexStr string) []byte { bytes, err := hex.DecodeString(hexStr) if err != nil { panic(err) } return bytes } go-tpm-tools-0.4.7/server/example_test.go000066400000000000000000000017621510276467000204300ustar00rootroot00000000000000package server import ( "crypto" "fmt" "log" "github.com/google/go-tpm-tools/client" "github.com/google/go-tpm-tools/simulator" ) func ExampleVerifyAttestation() { // On client machine, generate the TPM quote. // TODO: use real TPM. simulator, err := simulator.Get() if err != nil { log.Fatalf("failed to initialize simulator: %v", err) } defer simulator.Close() ak, err := client.AttestationKeyRSA(simulator) if err != nil { log.Fatalf("failed to generate AK: %v", err) } defer ak.Close() nonce := []byte("super secret nonce") attestation, err := ak.Attest(client.AttestOpts{Nonce: nonce}) if err != nil { log.Fatalf("failed to attest: %v", err) } // TODO: send Attestation proto to verifier // verify the attesation proto opts := VerifyOpts{ Nonce: nonce, TrustedAKs: []crypto.PublicKey{ak.PublicKey()}, AllowSHA1: true, } state, err := VerifyAttestation(attestation, opts) if err != nil { log.Fatalf("failed to verify: %v", err) } fmt.Println(state) } go-tpm-tools-0.4.7/server/grouped_error.go000066400000000000000000000035221510276467000206100ustar00rootroot00000000000000package server import "strings" var fatalError = "fatal: invalid GroupedError" // GroupedError collects related errors and exposes them as a single error. // Users can inspect the `Errors` field for details on the suberrors. type GroupedError struct { // The prefix string returned by `Error()`, followed by the grouped errors. Prefix string Errors []error } func (gErr *GroupedError) Error() string { if len(gErr.Errors) == 0 { return fatalError } var sb strings.Builder for _, err := range gErr.Errors { sb.WriteString("\n") sb.WriteString(err.Error()) } return gErr.Prefix + sb.String() } func createGroupedError(prefix string, errors []error) error { if len(errors) == 0 { return nil } return &GroupedError{Prefix: prefix, Errors: errors} } func (gErr *GroupedError) containsSubstring(substr string) bool { for _, err := range gErr.Errors { if strings.Contains(err.Error(), substr) { return true } } return false } // containsKnownSubstrings is used to match a set of known errors. // Each substring must only match error in the GroupedError. // In other words, there must not be overlap in the substring matches. func (gErr *GroupedError) containsKnownSubstrings(substrs []string) bool { if len(gErr.Errors) != len(substrs) { return false } matchedGErr := make(map[string]bool) for _, err := range gErr.Errors { matchedGErr[err.Error()] = false for _, substr := range substrs { if strings.Contains(err.Error(), substr) { if matchedGErr[err.Error()] { // Duplicated match for the error. return false } matchedGErr[err.Error()] = true } } } for _, matched := range matchedGErr { if !matched { return false } } return true } func (gErr *GroupedError) containsOnlySubstring(substr string) bool { if len(gErr.Errors) != 1 { return false } return gErr.containsSubstring(substr) } go-tpm-tools-0.4.7/server/grouped_error_test.go000066400000000000000000000070531510276467000216520ustar00rootroot00000000000000package server import ( "errors" "fmt" "testing" ) func TestGroupedError(t *testing.T) { var gErr GroupedError gErr.Errors = append(gErr.Errors, errors.New("error1")) gErr.Errors = append(gErr.Errors, errors.New("error2")) gErr.Errors = append(gErr.Errors, fmt.Errorf("fmted error")) gErr.Errors = append(gErr.Errors, fmt.Errorf("wrapped: %w", errors.New("error3"))) gErr.Prefix = "failed action:" expected := `failed action: error1 error2 fmted error wrapped: error3` if gErr.Error() != expected { t.Errorf("error string output (%s) did not match expected (%s)", gErr.Error(), expected) } } func TestEmptyGroupedError(t *testing.T) { outErr := GroupedError{Prefix: "foo:", Errors: []error{}} if outErr.Error() != fatalError { t.Errorf("error string output (%s) did not match fatal error (%s)", outErr.Error(), fatalError) } } func TestCreateGroupedErrorFail(t *testing.T) { outErr := createGroupedError("foo:", []error{}) if outErr != nil { t.Errorf("expected nil error!") } } func TestContainsOnlySubstring(t *testing.T) { wholeString := "err error errorz" err := errors.New(wholeString) outErr := GroupedError{Prefix: "foo:", Errors: []error{err}} if !outErr.containsOnlySubstring("error") { t.Errorf("expected a match for substring") } if !outErr.containsOnlySubstring("err") { t.Errorf("expected a match for substring") } if !outErr.containsOnlySubstring("") { t.Errorf("expected a match for substring") } if !outErr.containsOnlySubstring(wholeString) { t.Errorf("expected a match for substring") } } func TestContainsOnlySubstringsFalse(t *testing.T) { wholeString := "err error errorz" err := errors.New(wholeString) outErr := GroupedError{Prefix: "foo:", Errors: []error{err}} tests := []struct { name string substring string }{ {"AdditionalCharacterStart", "." + wholeString}, {"AdditionalCharacterEnd", wholeString + "."}, {"RemovedCharacter", wholeString[:5] + wholeString[6:]}, {"ReplacedCharacter", wholeString[:5] + "." + wholeString[6:]}, } for _, test := range tests { t.Run(test.name, func(t *testing.T) { if outErr.containsOnlySubstring(test.substring) { t.Errorf("expected failed matching for substring") } }) } } func TestContainsKnownSubstrings(t *testing.T) { err := errors.New("err error errorz") err2 := errors.New("new newww newzz") err3 := errors.New("iss issue issues") outErr := GroupedError{Prefix: "foo:", Errors: []error{err, err2, err3}} if !outErr.containsKnownSubstrings([]string{"error", " newzz", " issue "}) { t.Errorf("expected a match for known substrings") } } func TestContainsKnownSubstringsFalse(t *testing.T) { err := errors.New("err error errorz") err2 := errors.New("new newww newzz") err3 := errors.New("iss issue issues") outErr := GroupedError{Prefix: "foo:", Errors: []error{err, err2, err3}} tests := []struct { name string substrings []string }{ {"NoSubstrings", []string{}}, {"OneEmptySubstring", []string{""}}, // Should fail, since there is overlap between substrings. {"AllEmptySubstrings", []string{"", "", ""}}, {"FewerSubstrings", []string{"err"}}, {"FewerSubstrings2", []string{"error", " issue "}}, {"MoreSubstrings", []string{"error", " newzz", " issue ", " issues"}}, {"MoreSubstrings5", []string{"error", " newzz", " issue ", " issues", "err"}}, {"OverlappingSubstrings", []string{"error", " err", " issue "}}, } for _, test := range tests { t.Run(test.name, func(t *testing.T) { if outErr.containsKnownSubstrings(test.substrings) { t.Errorf("expected failed matching for known substrings") } }) } } go-tpm-tools-0.4.7/server/import.go000066400000000000000000000154111510276467000172440ustar00rootroot00000000000000// Package server contains functions to be ran on a server (no TPM needed), as oppose to a client (with TPM). package server import ( "crypto" "crypto/aes" "crypto/cipher" "crypto/elliptic" "crypto/hmac" "crypto/rand" "crypto/rsa" "fmt" "hash" "io" "github.com/google/go-tpm/legacy/tpm2" "github.com/google/go-tpm/tpmutil" "github.com/google/go-tpm-tools/client" "github.com/google/go-tpm-tools/internal" pb "github.com/google/go-tpm-tools/proto/tpm" ) // CreateImportBlob uses the provided public EK to encrypt the sensitive data. // The returned ImportBlob can then be decrypted and imported using the // client Key.Import() method. A non-nil pcrs parameter adds a requirement // that the TPM must have specific PCR values for Import() to succeed. func CreateImportBlob(ekPub crypto.PublicKey, sensitive []byte, pcrs *pb.PCRs) (*pb.ImportBlob, error) { ek, err := CreateEKPublicAreaFromKey(ekPub) if err != nil { return nil, err } private := createPrivate(sensitive) public := createPublic(private) return createImportBlobHelper(ek, public, private, pcrs) } // CreateSigningKeyImportBlob uses the provided public EK to encrypt the signing // key into import blob format. The returned import blob can be used to import // the signing key into the TPM associated with the provided EK without exposing // the private area to the TPM's OS using the client Key.ImportSigningKey() // method. A non-nil pcrs parameter adds a requirement that the TPM must have // specific PCR values to use the signing key. func CreateSigningKeyImportBlob(ekPub crypto.PublicKey, signingKey crypto.PrivateKey, pcrs *pb.PCRs) (*pb.ImportBlob, error) { ek, err := CreateEKPublicAreaFromKey(ekPub) if err != nil { return nil, err } public, private, err := createPublicPrivateSign(signingKey) if err != nil { return nil, err } return createImportBlobHelper(ek, public, private, pcrs) } func createImportBlobHelper(ek, public tpm2.Public, private tpm2.Private, pcrs *pb.PCRs) (*pb.ImportBlob, error) { setPublicAuth(&public, pcrs) var seed, encryptedSeed []byte var err error switch ek.Type { case tpm2.AlgRSA: seed, encryptedSeed, err = createRSASeed(ek) if err != nil { return nil, err } case tpm2.AlgECC: seed, encryptedSeed, err = createECCSeed(ek) if err != nil { return nil, err } default: return nil, fmt.Errorf("unsupported EK type: %v", ek.Type) } duplicate, err := createDuplicate(private, seed, public, ek) if err != nil { return nil, err } pubEncoded, err := public.Encode() if err != nil { return nil, err } return &pb.ImportBlob{ Duplicate: duplicate, EncryptedSeed: encryptedSeed, PublicArea: pubEncoded, Pcrs: pcrs, }, nil } func setPublicAuth(public *tpm2.Public, pcrs *pb.PCRs) { if len(pcrs.GetPcrs()) == 0 { // Allow password authorization so we can use a nil AuthPolicy. public.AuthPolicy = nil public.Attributes |= tpm2.FlagUserWithAuth } else { public.AuthPolicy = internal.PCRSessionAuth(pcrs, client.SessionHashAlg) public.Attributes |= tpm2.FlagAdminWithPolicy } } func createRSASeed(ek tpm2.Public) (seed, encryptedSeed []byte, err error) { seedSize := ek.RSAParameters.Symmetric.KeyBits / 8 seed = make([]byte, seedSize) if _, err := io.ReadFull(rand.Reader, seed); err != nil { panic(err) } ekPub, err := ek.Key() if err != nil { return nil, nil, err } encryptedSeed, err = rsa.EncryptOAEP( getHash(ek.NameAlg), rand.Reader, ekPub.(*rsa.PublicKey), seed, []byte("DUPLICATE\x00")) if err != nil { return nil, nil, err } encryptedSeed, err = tpmutil.Pack(encryptedSeed) return seed, encryptedSeed, err } func createECCSeed(ek tpm2.Public) (seed, encryptedSeed []byte, err error) { curve, err := curveIDToGoCurve(ek.ECCParameters.CurveID) if err != nil { return nil, nil, err } //nolint:staticcheck // crypto/ecdh does not support P-224, while GCP vTPM supports P224. We should keep the deprecated library till P224 is supported by crypto/ecdh. priv, x, y, err := elliptic.GenerateKey(curve, rand.Reader) if err != nil { return nil, nil, err } ekPoint := ek.ECCParameters.Point //nolint:staticcheck // crypto/ecdh does not support P-224, while GCP vTPM supports P224. We should keep the deprecated library till P224 is supported by crypto/ecdh. z, _ := curve.ScalarMult(ekPoint.X(), ekPoint.Y(), priv) xBytes := eccIntToBytes(curve, x) seed, err = tpm2.KDFe( ek.NameAlg, eccIntToBytes(curve, z), "DUPLICATE", xBytes, eccIntToBytes(curve, ekPoint.X()), getHash(ek.NameAlg).Size()*8) if err != nil { return nil, nil, err } encryptedSeed, err = tpmutil.Pack(tpmutil.U16Bytes(xBytes), tpmutil.U16Bytes(eccIntToBytes(curve, y))) return seed, encryptedSeed, err } func createDuplicate(private tpm2.Private, seed []byte, public, ek tpm2.Public) ([]byte, error) { nameEncoded, err := getEncodedName(public) if err != nil { return nil, err } secret, err := private.Encode() if err != nil { return nil, err } packedSecret, err := tpmutil.Pack(tpmutil.U16Bytes(secret)) if err != nil { return nil, err } encryptedSecret, err := encryptSecret(packedSecret, seed, nameEncoded, ek) if err != nil { return nil, err } macSum, err := createHMAC(encryptedSecret, nameEncoded, seed, ek.NameAlg) if err != nil { return nil, err } return tpmutil.Pack(tpm2.IDObject{ IntegrityHMAC: macSum, EncIdentity: encryptedSecret, }) } func getEncodedName(public tpm2.Public) ([]byte, error) { name, err := public.Name() if err != nil { return nil, err } return name.Digest.Encode() } func encryptSecret(secret, seed, nameEncoded []byte, ek tpm2.Public) ([]byte, error) { var symSize int switch ek.Type { case tpm2.AlgRSA: symSize = int(ek.RSAParameters.Symmetric.KeyBits) case tpm2.AlgECC: symSize = int(ek.ECCParameters.Symmetric.KeyBits) default: return nil, fmt.Errorf("unsupported EK type: %v", ek.Type) } symmetricKey, err := tpm2.KDFa( ek.NameAlg, seed, "STORAGE", nameEncoded, /*contextV=*/ nil, symSize) if err != nil { return nil, err } c, err := aes.NewCipher(symmetricKey) if err != nil { return nil, err } encSecret := make([]byte, len(secret)) // The TPM spec requires an all-zero IV. iv := make([]byte, len(symmetricKey)) cipher.NewCFBEncrypter(c, iv).XORKeyStream(encSecret, secret) return encSecret, nil } func createHMAC(encryptedSecret, nameEncoded, seed []byte, hashAlg tpm2.Algorithm) ([]byte, error) { macKey, err := tpm2.KDFa( hashAlg, seed, "INTEGRITY", /*contextU=*/ nil, /*contextV=*/ nil, getHash(hashAlg).Size()*8) if err != nil { return nil, err } mac := hmac.New(func() hash.Hash { return getHash(hashAlg) }, macKey) mac.Write(encryptedSecret) mac.Write(nameEncoded) return mac.Sum(nil), nil } func getHash(hashAlg tpm2.Algorithm) hash.Hash { create, err := hashAlg.Hash() if err != nil { panic(err) } return create.New() } go-tpm-tools-0.4.7/server/import_certify.go000066400000000000000000000124531510276467000207740ustar00rootroot00000000000000package server import ( "bytes" "crypto/hmac" "crypto/rand" "crypto/sha256" "crypto/subtle" "errors" "fmt" tpb "github.com/google/go-tpm-tools/proto/tpm" "github.com/google/go-tpm/tpm2" ) // This file aims to implement the verifier side of https://trustedcomputinggroup.org/wp-content/uploads/EK-Based-Key-Attestation-with-TPM-Firmware-Version-V1-RC1_9July2025.pdf#page=8 // For reference: https://github.com/TrustedComputingGroup/tpm-fw-attestation-reference-code var ( errCertifiedWrongName = errors.New("incorrect name") errWrongHashAlg = errors.New("wrong hash algorithm") errInvalidHMAC = errors.New("invalid HMAC") errInvalidAttestation = errors.New("attestation statement was invalid") ) // CreateRestrictedHMACBlob generates a new HMAC key and wraps it to the given EK. func CreateRestrictedHMACBlob(tPublic *tpm2.TPMTPublic) (*tpb.ImportBlob, []byte, error) { encap, err := tpm2.ImportEncapsulationKey(tPublic) if err != nil { return nil, nil, err } hmacKey := make([]byte, 32) pub, sensitive := generateRestrictedHMACKey(hmacKey) name, err := tpm2.ObjectName(pub) if err != nil { return nil, nil, err } duplicate, inSymSeed, err := tpm2.CreateDuplicate(rand.Reader, encap, name.Buffer, tpm2.Marshal(sensitive)) if err != nil { return nil, nil, err } return &tpb.ImportBlob{ PublicArea: tpm2.Marshal(pub), Duplicate: duplicate, EncryptedSeed: inSymSeed, }, hmacKey, nil } // VerifyCertifiedAKBlob verifies the blob against a secret HMAC. func VerifyCertifiedAKBlob(req *tpb.CertifiedBlob, secret []byte) error { akPub, err := tpm2.Unmarshal[tpm2.TPMTPublic](req.GetPubArea()) if err != nil { return err } akName, err := tpm2.ObjectName(akPub) if err != nil { return err } signature, err := tpm2.Unmarshal[tpm2.TPMTSignature](req.GetRawSig()) if err != nil { return err } hmac, err := signature.Signature.HMAC() if err != nil { return err } if err := verifyHMAC(secret, req.GetCertifyInfo(), hmac); err != nil { return err } attest, err := tpm2.Unmarshal[tpm2.TPMSAttest](req.GetCertifyInfo()) if err != nil { return err } if err := verifyAttestCertify(attest); err != nil { return err } certify, err := attest.Attested.Certify() if err != nil { return err } if err := verifyCertifyInfo(akName, certify); err != nil { return err } return nil } // generateRestrictedHMACKey writes a new hmac to the input parameter and produces the pub/priv tpm2 structures func generateRestrictedHMACKey(hmacKey []byte) (*tpm2.TPMTPublic, *tpm2.TPMTSensitive) { // Generate the random obfuscation value and key obfuscate := make([]byte, 32) rand.Read(obfuscate) rand.Read(hmacKey[:]) // Unique for a KEYEDHASH object is H_nameAlg(obfuscate | key) // See Part 1, "Public Area Creation" h := sha256.New() h.Write(obfuscate) h.Write(hmacKey[:]) pub := &tpm2.TPMTPublic{ Type: tpm2.TPMAlgKeyedHash, NameAlg: tpm2.TPMAlgSHA256, ObjectAttributes: tpm2.TPMAObject{ UserWithAuth: true, NoDA: true, Restricted: true, SignEncrypt: true, }, Parameters: tpm2.NewTPMUPublicParms(tpm2.TPMAlgKeyedHash, &tpm2.TPMSKeyedHashParms{ Scheme: tpm2.TPMTKeyedHashScheme{ Scheme: tpm2.TPMAlgHMAC, Details: tpm2.NewTPMUSchemeKeyedHash(tpm2.TPMAlgHMAC, &tpm2.TPMSSchemeHMAC{ HashAlg: tpm2.TPMAlgSHA256, }), }, }), Unique: tpm2.NewTPMUPublicID(tpm2.TPMAlgKeyedHash, &tpm2.TPM2BDigest{ Buffer: h.Sum(nil), }), } priv := &tpm2.TPMTSensitive{ SensitiveType: tpm2.TPMAlgKeyedHash, SeedValue: tpm2.TPM2BDigest{ Buffer: obfuscate, }, Sensitive: tpm2.NewTPMUSensitiveComposite(tpm2.TPMAlgKeyedHash, &tpm2.TPM2BSensitiveData{ Buffer: hmacKey[:], }), } return pub, priv } // verifyHMAC checks the MAC on the given message. func verifyHMAC(hmacKey []byte, message []byte, ha *tpm2.TPMTHA) error { if ha.HashAlg != tpm2.TPMAlgSHA256 { return fmt.Errorf("%w %v (expected SHA256)", errWrongHashAlg, ha.HashAlg) } digest := sha256.Sum256(message) h := hmac.New(sha256.New, hmacKey[:]) h.Write(digest[:]) if subtle.ConstantTimeCompare(ha.Digest, h.Sum(nil)) != 1 { return errInvalidHMAC } return nil } // verifyAttestCertify checks that the attestation structure has valid data func verifyAttestCertify(attest *tpm2.TPMSAttest) error { if attest.Type != tpm2.TPMSTAttestCertify { return fmt.Errorf("expected attest type TPMSTAttestCertify, got %v", attest.Type) } if attest.Magic != tpm2.TPMGeneratedValue { return fmt.Errorf("%w: unexpected prefix %0x", errInvalidAttestation, attest.Magic) } return nil } // verifyCertifyInfo checks the certifyInfo against the given name. func verifyCertifyInfo(name *tpm2.TPM2BName, certifyInfo *tpm2.TPMSCertifyInfo) error { // Check that the certified Name is the same as we expected. if !bytes.Equal(name.Buffer, certifyInfo.Name.Buffer) { return fmt.Errorf("%w: expected Name %x, certified Name was %x", errCertifiedWrongName, name.Buffer, certifyInfo.Name.Buffer) } // We can't really check the QualifiedName here, since we don't have any // information about the object's parent. As a paranoid consistency check, // just make sure that QualifiedName doesn't match Name for some reason. if bytes.Equal(certifyInfo.QualifiedName.Buffer, certifyInfo.Name.Buffer) { return fmt.Errorf("%w: QualifiedName unexpectedly matched Name", errCertifiedWrongName) } return nil } go-tpm-tools-0.4.7/server/import_test.go000066400000000000000000000151011510276467000202770ustar00rootroot00000000000000package server import ( "bytes" "crypto" "crypto/rand" "crypto/rsa" "errors" "testing" "github.com/google/go-tpm-tools/client" "github.com/google/go-tpm-tools/internal/test" pb "github.com/google/go-tpm-tools/proto/tpm" "github.com/google/go-tpm/legacy/tpm2" ) func TestImport(t *testing.T) { rwc := test.GetTPM(t) defer client.CheckedClose(t, rwc) keys := []struct { name string template tpm2.Public }{ {"RSA", client.DefaultEKTemplateRSA()}, {"ECC", client.DefaultEKTemplateECC()}, {"SRK-RSA", client.SRKTemplateRSA()}, {"SRK-ECC", client.SRKTemplateECC()}, {"ECC-P224", getECCTemplate(tpm2.CurveNISTP224)}, {"ECC-P256", getECCTemplate(tpm2.CurveNISTP256)}, {"ECC-P384", getECCTemplate(tpm2.CurveNISTP384)}, {"ECC-P521", getECCTemplate(tpm2.CurveNISTP521)}, } for _, k := range keys { t.Run(k.name, func(t *testing.T) { ek, err := client.NewKey(rwc, tpm2.HandleEndorsement, k.template) if err != nil { t.Fatal(err) } defer ek.Close() pub := ek.PublicKey() secret := []byte("super secret code") blob, err := CreateImportBlob(pub, secret, nil) if err != nil { t.Fatalf("creating import blob failed: %v", err) } output, err := ek.Import(blob) if err != nil { t.Fatalf("import failed: %v", err) } if !bytes.Equal(output, secret) { t.Errorf("got %X, expected %X", output, secret) } }) } } func isExpectedError(err error, expected []error) bool { for _, candidate := range expected { if errors.Is(err, candidate) { return true } } return false } func TestBadImport(t *testing.T) { rwc := test.GetTPM(t) defer client.CheckedClose(t, rwc) valueErr := tpm2.ParameterError{ Code: tpm2.RCValue, Parameter: tpm2.RC4, } // RSA keys lengths are not consistent, so we could also get RCSize rsaWrongKeyErrs := []error{valueErr, tpm2.ParameterError{ Code: tpm2.RCSize, Parameter: tpm2.RC4, }} integrityErr := tpm2.ParameterError{ Code: tpm2.RCIntegrity, Parameter: tpm2.RC3, } pointErr := tpm2.ParameterError{ Code: tpm2.RCECCPoint, Parameter: tpm2.RC4, } keys := []struct { name string template tpm2.Public wrongKeyErrs []error corruptedErrs []error }{ {"RSA", client.DefaultEKTemplateRSA(), rsaWrongKeyErrs, []error{valueErr}}, {"ECC", client.DefaultEKTemplateECC(), []error{integrityErr}, []error{pointErr}}, {"SRK-RSA", client.SRKTemplateRSA(), rsaWrongKeyErrs, []error{valueErr}}, {"SRK-ECC", client.SRKTemplateECC(), []error{integrityErr}, []error{pointErr}}, } for _, k := range keys { t.Run(k.name, func(t *testing.T) { ek, err := client.NewKey(rwc, tpm2.HandleEndorsement, k.template) if err != nil { t.Fatal(err) } defer ek.Close() pub := ek.PublicKey() // Create a second, different key template2 := k.template template2.Attributes ^= tpm2.FlagNoDA ek2, err := client.NewKey(rwc, tpm2.HandleEndorsement, template2) if err != nil { t.Fatal(err) } defer ek2.Close() secret := []byte("super secret code") blob, err := CreateImportBlob(pub, secret, nil) if err != nil { t.Fatalf("creating import blob failed: %v", err) } // Try to import this blob under the wrong key if _, err = ek2.Import(blob); !isExpectedError(err, k.wrongKeyErrs) { t.Errorf("got error: %v, expected: %v", err, k.wrongKeyErrs) } // Try to import a corrupted blob blob.EncryptedSeed[10] ^= 0xFF if _, err = ek.Import(blob); !isExpectedError(err, k.corruptedErrs) { t.Errorf("got error: %v, expected: %v", err, k.corruptedErrs) } }) } } func TestImportPCRs(t *testing.T) { rwc := test.GetTPM(t) defer client.CheckedClose(t, rwc) ek, err := client.EndorsementKeyRSA(rwc) if err != nil { t.Fatal(err) } defer ek.Close() pcr0, err := tpm2.ReadPCR(rwc, 0, tpm2.AlgSHA256) if err != nil { t.Fatal(err) } badPCR := append([]byte(nil), pcr0...) // badPCR increments first value so it doesn't match. badPCR[0]++ subtests := []struct { name string pcrs *pb.PCRs expectSuccess bool }{ {"No-PCR-nil", nil, true}, {"No-PCR-empty", &pb.PCRs{Hash: pb.HashAlgo_SHA256}, true}, {"Good-PCR", &pb.PCRs{Hash: pb.HashAlgo_SHA256, Pcrs: map[uint32][]byte{0: pcr0}}, true}, {"Bad-PCR", &pb.PCRs{Hash: pb.HashAlgo_SHA256, Pcrs: map[uint32][]byte{0: badPCR}}, false}, } for _, subtest := range subtests { t.Run(subtest.name, func(t *testing.T) { secret := []byte("super secret code") blob, err := CreateImportBlob(ek.PublicKey(), secret, subtest.pcrs) if err != nil { t.Fatalf("creating import blob failed: %v", err) } output, err := ek.Import(blob) if subtest.expectSuccess { if err != nil { t.Fatalf("import failed: %v", err) } if !bytes.Equal(output, secret) { t.Errorf("got %X, expected %X", output, secret) } } else if err == nil { t.Error("expected Import to fail but it did not") } }) } } func TestSigningKeyImport(t *testing.T) { rwc := test.GetTPM(t) defer client.CheckedClose(t, rwc) ek, err := client.EndorsementKeyRSA(rwc) if err != nil { t.Fatal(err) } defer ek.Close() signingKey, err := rsa.GenerateKey(rand.Reader, 2048) if err != nil { t.Fatal(err) } pcr0, err := tpm2.ReadPCR(rwc, 0, tpm2.AlgSHA256) if err != nil { t.Fatal(err) } badPCR := append(make([]byte, 0), pcr0...) // badPCR increments first value so it doesn't match. badPCR[0]++ subtests := []struct { name string pcrs *pb.PCRs expectSuccess bool }{ {"No-PCR-nil", nil, true}, {"No-PCR-empty", &pb.PCRs{Hash: pb.HashAlgo_SHA256}, true}, {"Good-PCR", &pb.PCRs{Hash: pb.HashAlgo_SHA256, Pcrs: map[uint32][]byte{0: pcr0}}, true}, {"Bad-PCR", &pb.PCRs{Hash: pb.HashAlgo_SHA256, Pcrs: map[uint32][]byte{0: badPCR}}, false}, } for _, subtest := range subtests { t.Run(subtest.name, func(t *testing.T) { blob, err := CreateSigningKeyImportBlob(ek.PublicKey(), signingKey, subtest.pcrs) if err != nil { t.Fatalf("creating import blob failed: %v", err) } importedKey, err := ek.ImportSigningKey(blob) if err != nil { t.Fatalf("import failed: %v", err) } defer importedKey.Close() signer, err := importedKey.GetSigner() if err != nil { t.Fatalf("could not create signer: %v", err) } var digest [32]byte sig, err := signer.Sign(nil, digest[:], crypto.SHA256) if subtest.expectSuccess { if err != nil { t.Fatalf("import failed: %v", err) } if err = rsa.VerifyPKCS1v15(&signingKey.PublicKey, crypto.SHA256, digest[:], sig); err != nil { t.Error(err) } return } else if err == nil { t.Error("expected Import to fail but it did not") } }) } } go-tpm-tools-0.4.7/server/instance_info.go000066400000000000000000000010071510276467000205450ustar00rootroot00000000000000package server import ( "fmt" "net/url" pb "github.com/google/go-tpm-tools/proto/attest" ) // GCEInstanceURL returns a Google API URL to the specified instance. This URL // can then be used with GCE instance APIs. func GCEInstanceURL(i *pb.GCEInstanceInfo) string { return fmt.Sprintf( "https://www.googleapis.com/compute/v1/projects/%s/zones/%s/instances/%s", url.PathEscape(i.GetProjectId()), url.PathEscape(i.GetZone()), url.PathEscape(i.GetInstanceName()), // Can use either the name or id here ) } go-tpm-tools-0.4.7/server/key_conversion.go000066400000000000000000000057151510276467000207750ustar00rootroot00000000000000package server import ( "crypto" "crypto/ecdsa" "crypto/rand" "crypto/rsa" "fmt" "io" "github.com/google/go-tpm-tools/client" "github.com/google/go-tpm/legacy/tpm2" ) var defaultNameAlg = client.DefaultEKTemplateRSA().NameAlg // CreateEKPublicAreaFromKey creates a public area from a go interface PublicKey. // Supports RSA and ECC keys. func CreateEKPublicAreaFromKey(k crypto.PublicKey) (tpm2.Public, error) { switch key := k.(type) { case *rsa.PublicKey: return createEKPublicRSA(key) case *ecdsa.PublicKey: return createEKPublicECC(key) default: return tpm2.Public{}, fmt.Errorf("unsupported public key type: %T", k) } } func createEKPublicRSA(rsaKey *rsa.PublicKey) (tpm2.Public, error) { public := client.DefaultEKTemplateRSA() if rsaKey.N.BitLen() != int(public.RSAParameters.KeyBits) { return tpm2.Public{}, fmt.Errorf("unexpected RSA modulus size: %d bits", rsaKey.N.BitLen()) } if rsaKey.E != int(public.RSAParameters.Exponent()) { return tpm2.Public{}, fmt.Errorf("unexpected RSA exponent: %d", rsaKey.E) } public.RSAParameters.ModulusRaw = rsaKey.N.Bytes() return public, nil } func createEKPublicECC(eccKey *ecdsa.PublicKey) (public tpm2.Public, err error) { public = client.DefaultEKTemplateECC() public.ECCParameters.Point = tpm2.ECPoint{ XRaw: eccIntToBytes(eccKey.Curve, eccKey.X), YRaw: eccIntToBytes(eccKey.Curve, eccKey.Y), } public.ECCParameters.CurveID, err = goCurveToCurveID(eccKey.Curve) return public, err } func createPublic(private tpm2.Private) tpm2.Public { publicHash := getHash(defaultNameAlg) publicHash.Write(private.SeedValue) publicHash.Write(private.Sensitive) return tpm2.Public{ Type: tpm2.AlgKeyedHash, NameAlg: defaultNameAlg, KeyedHashParameters: &tpm2.KeyedHashParams{ Alg: tpm2.AlgNull, Unique: publicHash.Sum(nil), }, } } func createPrivate(sensitive []byte) tpm2.Private { private := tpm2.Private{ Type: tpm2.AlgKeyedHash, AuthValue: nil, SeedValue: make([]byte, getHash(defaultNameAlg).Size()), Sensitive: sensitive, } if _, err := io.ReadFull(rand.Reader, private.SeedValue); err != nil { panic(err) } return private } func createPublicPrivateSign(signingKey crypto.PrivateKey) (tpm2.Public, tpm2.Private, error) { rsaPriv, ok := signingKey.(*rsa.PrivateKey) if !ok { return tpm2.Public{}, tpm2.Private{}, fmt.Errorf("unsupported signing key type: %T", signingKey) } rsaPub := rsaPriv.PublicKey public := tpm2.Public{ Type: tpm2.AlgRSA, NameAlg: defaultNameAlg, Attributes: tpm2.FlagSign, RSAParameters: &tpm2.RSAParams{ KeyBits: uint16(rsaPub.N.BitLen()), ExponentRaw: uint32(rsaPub.E), ModulusRaw: rsaPub.N.Bytes(), Sign: &tpm2.SigScheme{ Alg: tpm2.AlgRSASSA, Hash: tpm2.AlgSHA256, }, }, } private := tpm2.Private{ Type: tpm2.AlgRSA, AuthValue: nil, SeedValue: nil, // Only Storage Keys need a seed value. See part 3 TPM2_CREATE b.3. Sensitive: rsaPriv.Primes[0].Bytes(), } return public, private, nil } go-tpm-tools-0.4.7/server/key_conversion_test.go000066400000000000000000000061141510276467000220260ustar00rootroot00000000000000package server import ( "crypto" "crypto/ecdsa" "crypto/elliptic" "crypto/rand" "crypto/rsa" "testing" "github.com/google/go-tpm-tools/client" "github.com/google/go-tpm-tools/internal/test" "github.com/google/go-tpm/legacy/tpm2" ) func getECCTemplate(curve tpm2.EllipticCurve) tpm2.Public { public := client.DefaultEKTemplateECC() public.ECCParameters.CurveID = curve public.ECCParameters.Point.XRaw = nil public.ECCParameters.Point.YRaw = nil return public } func TestCreateEKPublicAreaFromKeyGeneratedKey(t *testing.T) { keys := []struct { name string template tpm2.Public generateKey func() (crypto.PublicKey, error) }{ {"RSA", client.DefaultEKTemplateRSA(), func() (crypto.PublicKey, error) { priv, err := rsa.GenerateKey(rand.Reader, 2048) return priv.Public(), err }}, {"ECC", client.DefaultEKTemplateECC(), func() (crypto.PublicKey, error) { priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) return priv.Public(), err }}, {"ECC-P224", getECCTemplate(tpm2.CurveNISTP224), func() (crypto.PublicKey, error) { priv, err := ecdsa.GenerateKey(elliptic.P224(), rand.Reader) return priv.Public(), err }}, {"ECC-P256", getECCTemplate(tpm2.CurveNISTP256), func() (crypto.PublicKey, error) { priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) return priv.Public(), err }}, {"ECC-P384", getECCTemplate(tpm2.CurveNISTP384), func() (crypto.PublicKey, error) { priv, err := ecdsa.GenerateKey(elliptic.P384(), rand.Reader) return priv.Public(), err }}, {"ECC-P521", getECCTemplate(tpm2.CurveNISTP521), func() (crypto.PublicKey, error) { priv, err := ecdsa.GenerateKey(elliptic.P521(), rand.Reader) return priv.Public(), err }}, } for _, k := range keys { t.Run(k.name, func(t *testing.T) { key, err := k.generateKey() if err != nil { t.Fatal(err) } newArea, err := CreateEKPublicAreaFromKey(key) if err != nil { t.Fatalf("failed to create public area from public key: %v", err) } if !newArea.MatchesTemplate(k.template) { t.Errorf("public areas did not match. got: %+v want: %+v", newArea, k.template) } }) } } func TestCreateEKPublicAreaFromKeyTPMKey(t *testing.T) { rwc := test.GetTPM(t) defer client.CheckedClose(t, rwc) keys := []struct { name string template tpm2.Public }{ {"RSA", client.DefaultEKTemplateRSA()}, {"ECC", client.DefaultEKTemplateECC()}, {"ECC-P224", getECCTemplate(tpm2.CurveNISTP224)}, {"ECC-P256", getECCTemplate(tpm2.CurveNISTP256)}, {"ECC-P384", getECCTemplate(tpm2.CurveNISTP384)}, {"ECC-P521", getECCTemplate(tpm2.CurveNISTP521)}, } for _, k := range keys { t.Run(k.name, func(t *testing.T) { ek, err := client.NewKey(rwc, tpm2.HandleEndorsement, k.template) if err != nil { t.Fatal(err) } defer ek.Close() newArea, err := CreateEKPublicAreaFromKey(ek.PublicKey()) if err != nil { t.Fatalf("failed to create public area from public key: %v", err) } if matches, err := ek.Name().MatchesPublic(newArea); err != nil || !matches { t.Error("public areas did not match or match check failed.") } }) } } go-tpm-tools-0.4.7/server/policy.go000066400000000000000000000047121510276467000172330ustar00rootroot00000000000000package server import ( "bytes" "errors" "fmt" "time" "github.com/google/go-sev-guest/verify/trust" pb "github.com/google/go-tpm-tools/proto/attest" ) // EvaluatePolicy succeeds if the provided MachineState complies with the // provided policy. If the state does not pass the policy, the returned error // will describe in what way the state failed. See the Policy documentation for // more information about the specifics of different policies. func EvaluatePolicy(state *pb.MachineState, policy *pb.Policy) error { if err := evaluatePlatformPolicy(state.GetPlatform(), policy.GetPlatform()); err != nil { return err } return nil } // PolicyOptions provides extra options for evaluating policy. type PolicyOptions struct { // Getter allows the policy evaluator to download reference materials if needed. Getter trust.HTTPSGetter // Now is the time to evaluate time-based constraints against. Now time.Time } // DefaultPolicyOptions returns a useful default for PolicyOptions. func DefaultPolicyOptions() *PolicyOptions { return &PolicyOptions{ Getter: trust.DefaultHTTPSGetter(), Now: time.Now(), } } func evaluatePlatformPolicy(state *pb.PlatformState, policy *pb.PlatformPolicy) error { allowedVersions := policy.GetAllowedScrtmVersionIds() if len(allowedVersions) > 0 { if err := hasAllowedVersion(state, allowedVersions); err != nil { return err } } minGceVersion := policy.GetMinimumGceFirmwareVersion() gceVersion := state.GetGceVersion() if minGceVersion > gceVersion { return fmt.Errorf("expected GCE Version %d or later, got %d", minGceVersion, gceVersion) } minTech := policy.GetMinimumTechnology() tech := state.GetTechnology() if minTech > tech { return fmt.Errorf("expected a GCE Confidential Technology of %d or later, got %d", minTech, tech) } return nil } func hasAllowedVersion(state *pb.PlatformState, allowedVersions [][]byte) error { firmware := state.GetFirmware() // We want the version check to work even for a GCE VM. var version []byte if scrtm, ok := firmware.(*pb.PlatformState_ScrtmVersionId); ok { version = scrtm.ScrtmVersionId } else if gce, ok := firmware.(*pb.PlatformState_GceVersion); ok { version = ConvertGCEFirmwareVersionToSCRTMVersion(gce.GceVersion) } else { return errors.New("missing SCRTM version in PlatformState") } for _, allowed := range allowedVersions { if bytes.Equal(version, allowed) { return nil } } return fmt.Errorf("provided SCRTM version (%x) not allowed", version) } go-tpm-tools-0.4.7/server/policy_constants.go000066400000000000000000000154711510276467000213330ustar00rootroot00000000000000package server import ( "bytes" "crypto/x509" _ "embed" // Necessary to use go:embed "errors" "fmt" "strconv" pb "github.com/google/go-tpm-tools/proto/attest" ) // Expected TCG Event Log Event Types. // // Taken from TCG PC Client Platform Firmware Profile Specification, // Table 14 Events. const ( NoAction uint32 = 0x00000003 Separator uint32 = 0x00000004 EventTag uint32 = 0x00000006 SCRTMVersion uint32 = 0x00000008 IPL uint32 = 0x0000000D NonhostInfo uint32 = 0x00000011 EFIBootServicesApplication uint32 = 0x80000003 EFIAction uint32 = 0x80000007 ) // EventTagLoadedImageHex used with type "EV_EVENT_TAG". // This corresponds to a TLV struct of type LOAD_OPTIONS_EVENT_TAG_ID (0x8F3B22ED, reversed endian), length 0x1a (26), value `LOADED_IMAGE::LoadOptions\n`. const EventTagLoadedImageHex = "ed223b8f1a0000004c4f414445445f494d4147453a3a4c6f61644f7074696f6e7300" // Constant events used with type "EV_EFI_ACTION". // Taken from TCG PC Client Platform Firmware Profile Specification, // Table 17 EV_EFI_ACTION Strings. const ( // Measured when Boot Manager attempts to execute code from a Boot Option. CallingEFIApplication string = "Calling EFI Application from Boot Option" ExitBootServicesInvocation string = "Exit Boot Services Invocation" ) var ( // GCENonHostInfoSignature identifies the GCE Non-Host info event, which // indicates if memory encryption is enabled. This event is 32-bytes consisting // of the below signature (16 bytes), followed by a byte indicating whether // it is confidential, followed by 15 reserved bytes. GCENonHostInfoSignature = []byte("GCE NonHostInfo\x00") // GceVirtualFirmwarePrefix is the little-endian UCS-2 encoded string // "GCE Virtual Firmware v" without a null terminator. All GCE firmware // versions are UCS-2 encoded, start with this prefix, contain the firmware // version encoded as an integer, and end with a null terminator. GceVirtualFirmwarePrefix = []byte{0x47, 0x00, 0x43, 0x00, 0x45, 0x00, 0x20, 0x00, 0x56, 0x00, 0x69, 0x00, 0x72, 0x00, 0x74, 0x00, 0x75, 0x00, 0x61, 0x00, 0x6c, 0x00, 0x20, 0x00, 0x46, 0x00, 0x69, 0x00, 0x72, 0x00, 0x6d, 0x00, 0x77, 0x00, 0x61, 0x00, 0x72, 0x00, 0x65, 0x00, 0x20, 0x00, 0x76, 0x00} ) // Standard Secure Boot certificates (DER encoded) var ( //go:embed secure-boot/GcePk.crt GceDefaultPKCert []byte //go:embed secure-boot/MicCorKEKCA2011_2011-06-24.crt MicrosoftKEKCA2011Cert []byte //go:embed secure-boot/MicWinProPCA2011_2011-10-19.crt WindowsProductionPCA2011Cert []byte //go:embed secure-boot/MicCorUEFCA2011_2011-06-27.crt MicrosoftUEFICA2011Cert []byte ) // Revoked Signing certificates (DER encoded) var ( //go:embed secure-boot/canonical-boothole.crt RevokedCanonicalBootholeCert []byte //go:embed secure-boot/debian-boothole.crt RevokedDebianBootholeCert []byte //go:embed secure-boot/cisco-boothole.crt RevokedCiscoCert []byte ) // Known GCE EK CA certs. var ( //go:embed ca-certs/tpm_ek_root_1.cer gceEKRootCA []byte //go:embed ca-certs/tpm_ek_intermediate_2.crt gceEKIntermediateCA2 []byte //go:embed ca-certs/tpm_ek_intermediate_3.crt gceEKIntermediateCA3 []byte //go:embed ca-certs/gcp_ek_ak_ca_root.crt gcpCASEKRootCA []byte //go:embed ca-certs/gcp_ek_ak_ca_intermediate_v3.crt gcpCASEKIntermediateCA3 []byte ) // Certificates corresponding to the known CA certs for GCE. var ( GceEKRoots []*x509.Certificate GceEKIntermediates []*x509.Certificate ) func init() { var err error GceEKRoots, err = parseCerts([][]byte{gceEKRootCA}) if err != nil { panic(fmt.Sprintf("failed to create the root cert pool: %v", err)) } GceEKIntermediates, err = parseCerts([][]byte{gceEKIntermediateCA2}) if err != nil { panic(fmt.Sprintf("failed to create the intermediate cert pool: %v", err)) } } func parseCerts(rawCerts [][]byte) ([]*x509.Certificate, error) { certs := make([]*x509.Certificate, len(rawCerts)) for i, certBytes := range rawCerts { cert, err := x509.ParseCertificate(certBytes) if err != nil { return nil, fmt.Errorf("failed to parse cert: %w", err) } certs[i] = cert } return certs, nil } // ConvertSCRTMVersionToGCEFirmwareVersion attempts to parse the Firmware // Version of a GCE VM from the bytes of the version string of the SCRTM. This // data should come from a valid and verified EV_S_CRTM_VERSION event. func ConvertSCRTMVersionToGCEFirmwareVersion(version []byte) (uint32, error) { prefixLen := len(GceVirtualFirmwarePrefix) if (len(version) <= prefixLen) || (len(version)%2 != 0) { return 0, fmt.Errorf("length of GCE version (%d) is invalid", len(version)) } if !bytes.Equal(version[:prefixLen], GceVirtualFirmwarePrefix) { return 0, errors.New("prefix for GCE version is missing") } asciiVersion := []byte{} for i, b := range version[prefixLen:] { // Skip the UCS-2 null bytes and the null terminator if b == '\x00' { continue } // All odd bytes in our UCS-2 string should be Null if i%2 != 0 { return 0, errors.New("invalid UCS-2 in the version string") } asciiVersion = append(asciiVersion, b) } versionNum, err := strconv.ParseUint(string(asciiVersion), 10, 32) if err != nil { return 0, fmt.Errorf("when parsing GCE firmware version: %w", err) } return uint32(versionNum), nil } // ConvertGCEFirmwareVersionToSCRTMVersion creates the corresponding SCRTM // version string from a numerical GCE firmware version. The returned string // is UCS2 encoded with a null terminator. A version of 0 corresponds to an // empty string (representing old GCE VMs that just used an empty string). func ConvertGCEFirmwareVersionToSCRTMVersion(version uint32) []byte { if version == 0 { return []byte{} } versionString := GceVirtualFirmwarePrefix for _, b := range []byte(strconv.Itoa(int(version))) { // Convert ACSII to little-endian UCS-2 versionString = append(versionString, b, 0) } // Add the null terminator return append(versionString, 0, 0) } // ParseGCENonHostInfo attempts to parse the Confidential VM // technology used by a GCE VM from the GCE Non-Host info event. This data // should come from a valid and verified EV_NONHOST_INFO event. func ParseGCENonHostInfo(nonHostInfo []byte) (pb.GCEConfidentialTechnology, error) { prefixLen := len(GCENonHostInfoSignature) if len(nonHostInfo) < (prefixLen + 1) { return pb.GCEConfidentialTechnology_NONE, fmt.Errorf("length of GCE Non-Host info (%d) is too short", len(nonHostInfo)) } if !bytes.Equal(nonHostInfo[:prefixLen], GCENonHostInfoSignature) { return pb.GCEConfidentialTechnology_NONE, errors.New("prefix for GCE Non-Host info is missing") } tech := nonHostInfo[prefixLen] if tech > byte(pb.GCEConfidentialTechnology_AMD_SEV_SNP) { return pb.GCEConfidentialTechnology_NONE, fmt.Errorf("unknown GCE Confidential Technology: %d", tech) } return pb.GCEConfidentialTechnology(tech), nil } go-tpm-tools-0.4.7/server/policy_constants_test.go000066400000000000000000000034341510276467000223660ustar00rootroot00000000000000package server import ( "testing" pb "github.com/google/go-tpm-tools/proto/attest" ) func getGceMemoryEncryptionNonhostEvent(memoryEncrypted bool) []byte { event := make([]byte, 32) copy(event[:], []byte(GCENonHostInfoSignature)) // event[15] is a null byte. if memoryEncrypted { event[16] = 0x01 } // Last 15 bytes are reserved. return event } func TestParseGCENonHostInfo(t *testing.T) { nonconfidentialEvent := getGceMemoryEncryptionNonhostEvent( /*memoryEncrypted=*/ false) // Empty events should return NONCONFIDENTIAL. confTech, err := ParseGCENonHostInfo([]byte{}) if err == nil { t.Error("expected error on incorrect size!") } if confTech != pb.GCEConfidentialTechnology_NONE { t.Errorf("expected ConfidentialTechnology %v, received %v", pb.GCEConfidentialTechnology_NONE, confTech) } confTech, err = ParseGCENonHostInfo(nonconfidentialEvent) if err != nil { t.Errorf("failed to parse GCE confidential tech: %v", err) } if confTech != pb.GCEConfidentialTechnology_NONE { t.Errorf("expected ConfidentialTechnology %v, received %v", pb.GCEConfidentialTechnology_NONE, confTech) } sevEvent := getGceMemoryEncryptionNonhostEvent( /*memoryEncrypted=*/ true) confTech, err = ParseGCENonHostInfo(sevEvent) if err != nil { t.Errorf("failed to parse GCE confidential tech: %v", err) } if confTech != pb.GCEConfidentialTechnology_AMD_SEV { t.Errorf("expected ConfidentialTechnology %v, received %v", pb.GCEConfidentialTechnology_AMD_SEV, confTech) } } func TestParseGCENonHostInfoUnknownType(t *testing.T) { nonconfidentialEvent := getGceMemoryEncryptionNonhostEvent( /*memoryEncrypted=*/ false) nonconfidentialEvent[16] = 0x99 if _, err := ParseGCENonHostInfo(nonconfidentialEvent); err == nil { t.Errorf("expected error parsing GCE confidential nonhost event") } } go-tpm-tools-0.4.7/server/policy_test.go000066400000000000000000000114701510276467000202710ustar00rootroot00000000000000package server import ( "testing" pb "github.com/google/go-tpm-tools/proto/attest" ) var defaultGcePolicy = pb.Policy{ Platform: &pb.PlatformPolicy{ MinimumGceFirmwareVersion: 1, MinimumTechnology: pb.GCEConfidentialTechnology_NONE, }, } func TestNilPolicyAlwaysPasses(t *testing.T) { subtests := []struct { name string state *pb.MachineState }{ {"NilState", nil}, {"PlatformState", &pb.MachineState{ Platform: &pb.PlatformState{ Firmware: &pb.PlatformState_GceVersion{GceVersion: 1}, Technology: pb.GCEConfidentialTechnology_AMD_SEV, }, }}, } for _, subtest := range subtests { t.Run(subtest.name, func(t *testing.T) { if err := EvaluatePolicy(subtest.state, nil); err != nil { t.Errorf("nil policy should always succeed: %v", err) } }) } } func TestGCEFirmwareVersionSimple(t *testing.T) { zero := ConvertGCEFirmwareVersionToSCRTMVersion(0) if len(zero) != 0 { t.Errorf("expected empty SCRTM version, got %x", zero) } ver, err := ConvertSCRTMVersionToGCEFirmwareVersion( ConvertGCEFirmwareVersionToSCRTMVersion(23), ) if ver != 23 { t.Errorf("convert functions aren't inverses, got %d: %v", ver, err) } } func TestEvaluatePolicy(t *testing.T) { tests := []struct { name string log eventLog policy *pb.Policy }{ {"Debian10-SHA1", Debian10GCE, &defaultGcePolicy}, {"RHEL8-CryptoAgile", Rhel8GCE, &defaultGcePolicy}, {"Ubuntu1804AmdSev-CryptoAgile", UbuntuAmdSevGCE, &defaultGcePolicy}, // TODO: add the tests below back once go-attestation has releases: // https://github.com/google/go-attestation/pull/222/ // {"Ubuntu2104NoDbx-CryptoAgile", Ubuntu2104NoDbxGCE, &defaultGcePolicy}, // {"Ubuntu2104NoSecureBoot-CryptoAgile", Ubuntu2104NoSecureBootGCE, &defaultGcePolicy}, } for _, test := range tests { t.Run(test.name, func(t *testing.T) { machineState, err := parsePCClientEventLog(test.log.RawLog, test.log.Banks[0], VerifyOpts{Loader: UnsupportedLoader}) if err != nil { t.Fatalf("failed to get machine state: %v", err) } if err := EvaluatePolicy(machineState, test.policy); err != nil { t.Errorf("failed to apply policy: %v", err) } }) } } func TestEvaluatePolicySCRTM(t *testing.T) { archLinuxWorkstationSCRTMPolicy := pb.Policy{ Platform: &pb.PlatformPolicy{ AllowedScrtmVersionIds: [][]byte{{0x1e, 0xfb, 0x6b, 0x54, 0x0c, 0x1d, 0x55, 0x40, 0xa4, 0xad, 0x4e, 0xf4, 0xbf, 0x17, 0xb8, 0x3a}}, }, } machineState, err := parsePCClientEventLog(ArchLinuxWorkstation.RawLog, ArchLinuxWorkstation.Banks[0], VerifyOpts{Loader: UnsupportedLoader, AllowEFIAppBeforeCallingEvent: true}) if err != nil { gErr := err.(*GroupedError) if !gErr.containsKnownSubstrings(archLinuxKnownParsingFailures) { t.Fatalf("failed to get machine state: %v", err) } } if err := EvaluatePolicy(machineState, &archLinuxWorkstationSCRTMPolicy); err != nil { t.Errorf("failed to apply policy: %v", err) } } func TestEvaluatePolicyFailure(t *testing.T) { badGcePolicyVersion := pb.Policy{ Platform: &pb.PlatformPolicy{ MinimumGceFirmwareVersion: 2, MinimumTechnology: pb.GCEConfidentialTechnology_NONE, }, } badGcePolicySEVES := pb.Policy{ Platform: &pb.PlatformPolicy{ MinimumGceFirmwareVersion: 0, MinimumTechnology: pb.GCEConfidentialTechnology_AMD_SEV_ES, }, } badGcePolicySEV := pb.Policy{ Platform: &pb.PlatformPolicy{ MinimumGceFirmwareVersion: 0, MinimumTechnology: pb.GCEConfidentialTechnology_AMD_SEV_ES, }, } badPhysicalPolicy := pb.Policy{ Platform: &pb.PlatformPolicy{ AllowedScrtmVersionIds: [][]byte{{0x00}}, }, } tests := []struct { name string log eventLog policy *pb.Policy opts VerifyOpts // This field handles known issues with event log parsing or bad event // logs. // Set to nil when the event log has no known issues. errorSubstrs []string }{ {"Debian10-SHA1", Debian10GCE, &badGcePolicyVersion, VerifyOpts{Loader: UnsupportedLoader}, nil}, {"Debian10-SHA1", Debian10GCE, &badGcePolicySEV, VerifyOpts{Loader: UnsupportedLoader}, nil}, {"Ubuntu1804AmdSev-CryptoAgile", UbuntuAmdSevGCE, &badGcePolicySEVES, VerifyOpts{Loader: UnsupportedLoader}, nil}, {"ArchLinuxWorkstation-CryptoAgile", ArchLinuxWorkstation, &badPhysicalPolicy, VerifyOpts{Loader: UnsupportedLoader, AllowEFIAppBeforeCallingEvent: true}, archLinuxKnownParsingFailures}, } for _, test := range tests { t.Run(test.name, func(t *testing.T) { machineState, err := parsePCClientEventLog(test.log.RawLog, test.log.Banks[0], test.opts) if err != nil { gErr := err.(*GroupedError) if len(test.errorSubstrs) == 0 || !gErr.containsKnownSubstrings(test.errorSubstrs) { t.Fatalf("failed to get machine state: %v", err) } } if err := EvaluatePolicy(machineState, test.policy); err == nil { t.Errorf("expected policy failure; got success") } }) } } go-tpm-tools-0.4.7/server/secure-boot/000077500000000000000000000000001510276467000176305ustar00rootroot00000000000000go-tpm-tools-0.4.7/server/secure-boot/GcePk.crt000066400000000000000000000013721510276467000213360ustar00rootroot000000000000000‚ö0‚Þ  ÕJègƒ]ê0  *†H†÷  010 U newpk0 180821215115Z 180920215115Z010 U newpk0‚"0  *†H†÷ ‚0‚ ‚̹Õ|ømkcêÉbô “Éþã|,EÎ…RRH|ûC&¿ ¥‰°òÝÇ6èi•ªŒoТ#o4ÂO±žkÆú¸”ÁœŽp‡‘BÎi!“}ÚuŸ¿1 PÁï€#û¾;Vã ×Gê0¯Ô]©c‰¢ü9á–¡‡Ã=&²Ó¢lìÈ—×ÎÚ겕<³ÎŠÏÚ:Qˆ?%°K>ÌÝùÚÛQÕ‘š¡½ˆâñ´ñ³’·ãgæ­ŒjÜ'?ÜÔNlÁ½ïÞV*ÚY` yÓ©|WýQa7}ä·n•ðR›CžÜH<ͼ9Ÿ£èG F¸6Ü’³•¨ÎJãF#XK£S0Q0U˜P„Bó/Û—‚'(—t1F^`ËÅ0U#0€˜P„Bó/Û—‚'(—t1F^`ËÅ0Uÿ0ÿ0  *†H†÷  ‚Š¡R?ªç½°$«‹­2°Iý{4Ë;€v`=ŽÜÊkiÂ[”踜Œ,×¼¬}‚YõÄ.¢l¥ì˜ð1#6øË0ƒg::+b!`,ºõ.ù(nÊfpX(†gi„l'X%œPép¸`nT…J¯mE¦[4ü&M<á»$.yàÑȬ|Ù8GCk3PWãsž¦‡ÝÃâJüs{K ‡Çƒ 6Zêi‡@„ ,”€/=®=ËpÄ5¹>q²£Æ­Ø$?}`«o îzšÏuŸèL«ÍQ‡hX3²Ù¼8%*˜KEûg3›%œ?¬¤CDÌÍÓÈ nágo-tpm-tools-0.4.7/server/secure-boot/MicCorKEKCA2011_2011-06-24.crt000066400000000000000000000027541510276467000237020ustar00rootroot000000000000000‚è0‚Р a ш0  *†H†÷  0‘1 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110624204129Z 260624205129Z0€1 0 UUS10U Washington10URedmond10U Microsoft Corporation1*0(U!Microsoft Corporation KEK CA 20110‚"0  *†H†÷ ‚0‚ ‚Ä赊¿­W&°&ÃêçûWzD] ÚJåt*æ°ìmëì¹ãZc2|Oã §8“ŽÆõà„±š›,çõ·‘Ö áâÀ¨¬0ßHóPšd§QÈ…O †Îþ/áŸÿ‚ÀíéÍÎôSjb: C¹â%ýþùÔÄ«â#‰p·¤Mì®åœúÂ×ÁËÔèÄ/å™î$‹ìò‹êÃJûC ~µG’lÜæ‰ëõ3ë*qåùƒ<ÿ% /hvFÿºO¾Ü­q*XªûÒy=ä›e;Ì)*ŸürY¢ë®’ïö5€Æìä_ÌvÍïc’Á¯y@„y‡ãR¨è{i£‚O0‚K0 +‚70UbüCÍ >¤ËgÒ[ÙU¬{̶Š_0 +‚7  SubCA0 U†0Uÿ0ÿ0U#0€EfRCá~X¿ÖNž#U;:"j¨0\UU0S0Q O M†Khttp://crl.microsoft.com/pki/crl/products/MicCorThiParMarRoo_2010-10-05.crl0`+T0R0P+0†Dhttp://www.microsoft.com/pki/certs/MicCorThiParMarRoo_2010-10-05.crt0  *†H†÷  ‚Ô„ˆõ”Ê*<û*’ × ÑñèRf¨î¢µuzª-¤vZêy·¹7jQ{döádòg¾÷¨x½ºÎˆXd ÖWÈ£_ÖÛÆÐiÎHK2·ë]Ò0õÀõ¸ºx£+þ›Û4V„ì‚Ê®A%pœkéþ×–å甲* Kÿ(){÷×|¥Ñv¹Èyí’œÂþßo~l{ÔÁEÝ4Q–9å^VØ–ô¦B³ wýòqVÌŸ†#¤‡Ë¦ýX~Ôig‘~òå ‹Š<‡„ëãνCå­-„“Žj+Z|DúRªÈ-»àRßøš=Á`°á3µ£ˆÑe ç¬|¤Á‚‡N8±/ Ňoý.¼9¶çæÃàäÍ'„ï”Bï)‹FA;gØùCYeË ¼ý’Oôu;§©$üPA@yà-O j'vnRí–i{¯÷‡ÐE­Sû0ª76aÚJi4ØhíÖÏl” ÓÏl"y­±ð¼¢F`©ÄÂ!‚ñýòèy2`¿Ø¬¥"KÊÁØKë}?W5²æOu´°`"S®‘yÖ›A†Tp²Þ 5|°4rº—`;ðy뢲]¢¸‡Åéöµ—%o8Ÿã‘úŠy˜Ãi·£ —øÊ®×ÄóÀuk4 µ™`ó\°ÅWN6Ò2„¿žgo-tpm-tools-0.4.7/server/secure-boot/MicCorUEFCA2011_2011-06-27.crt000066400000000000000000000030241510276467000237010ustar00rootroot000000000000000‚0‚ø  aÓÄ0  *†H†÷  0‘1 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110627212245Z 260627213245Z01 0 UUS10U Washington10URedmond10U Microsoft Corporation1+0)U"Microsoft Corporation UEFI CA 20110‚"0  *†H†÷ ‚0‚ ‚¥lLÇE jK ¤À‡u CTdàí’} ²s¿ ÆJEa Å-–Óõ+ ûMI›A€<¹Týæ¼ÑĤŠAŠ\Yƒh2»ŒGÉîq¼!OšŠ|ÿD?2²&H®uµîÉLJ~ä‚šxwM °½öÓÓ¼ú+¥Q8]õûºÛxÛÿì –Õƒ¸é¶À{@{á('ÉúïV^æ~”~ÀðD²y9åÚ²b‹M¿8pâh$É3¤7ÕXi^Ó|íÁSçN°*‡caocYê²+y× agŠ[ý^­‡º†gOqX"""΋ïTqÎP5Xv•îj±¢Õ£‚v0‚r0 +‚70# +‚7øÁk·wSJó%7N¡&{ p€0U­¿C ½‚pœŒÕO1nÕ"˜ŠÔ0 +‚7  SubCA0 U†0Uÿ0ÿ0U#0€EfRCá~X¿ÖNž#U;:"j¨0\UU0S0Q O M†Khttp://crl.microsoft.com/pki/crl/products/MicCorThiParMarRoo_2010-10-05.crl0`+T0R0P+0†Dhttp://www.microsoft.com/pki/certs/MicCorThiParMarRoo_2010-10-05.crt0  *†H†÷  ‚5Bÿ0ÌÎ÷v ­hX5)F2v'|ïA'BJªm8HYUóéX4¦ ‚ª]­‚Ú€ƒA´ò¹ó]ñPù³U„B( ½²®QÅÀ¬—•!Ûüwž•s‘ˆÊ½½R¹P ßWž aí åm%Ù@@ÈΣJÂM¯šT½Ç¼¹+=I+2üj!iO›È~B4ü6‹ @À³š%u'ÍÉ£ö]Ñç6Tz¹PµÓÑ¿»tßÜ€Õíô/k/ÞfŒ°#åÇ„ØíêÁ3‚­VK-ñh•ÍÏðrð®»Ý†…˜,!L3+ðJðh‡µ’U2u¡j‚j<£%¤í­×®ËØ@Y „Ñ•Lb‘"tŒ=GD¦ä°›45±ú¶S¨,ì¤qȸºèDfäGTŽV³Ÿ˜²†Ðh>#µ/^P…Æ‚_A¡ô. à™Òluä¶iµ!†úÑöâMÑÚ­,wS%27ÇlRr•†°ñ5ajõ²;PV¦2-þ¢‰ùB†'U¡‚ÊZ›ø0˜T¦G–%/È&äA”\?å–ã…[<>?»GrUâ%"±Ù{ç*£÷Fà Ö‰ã5'bq¦ïÐ'  Y7`ø8”¸àxpøºL†‡”öà®Eîe¶£~iu’›õ¦¼YƒXgo-tpm-tools-0.4.7/server/secure-boot/MicWinProPCA2011_2011-10-19.crt000066400000000000000000000027331510276467000241560ustar00rootroot000000000000000‚×0‚¿  avV0  *†H†÷  0ˆ1 0 UUS10U Washington10URedmond10U Microsoft Corporation1200U)Microsoft Root Certificate Authority 20100 111019184142Z 261019185142Z0„1 0 UUS10U Washington10URedmond10U Microsoft Corporation1.0,U%Microsoft Windows Production PCA 20110‚"0  *†H†÷ ‚0‚ ‚Ý »¢ä. ãçÅ÷–i¼!½i33ï­ËT€îƒ»Å „Ù÷Ò‹ó8°«¤­-|byÿãJ?5 pãÄçkàœÀ6uéŠ1ÝpåÜ7µtF–([‡`#,¿ÜG¥g÷Q'žrë¦É¹;S5|åÓì'¹‡þ¹É# o¨F‘Án–http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0  *†H†÷  ‚ü|qQ¥yÂn²ï9>¼«\`ìß¨Ó éôö–…¶QˆfG¢°=*hw»‘Lb{¶ÁǺz‡4Kbz™éÊüÎJ7É-¤W|þ=ܸZúÖij…:ê³Ùnäi!7ÞÑöugÓ“W^)9Èî-áÍäEs[ÐÒÎz«‚FXÐ^³g¯l5ò¼å?$â5¢ uöV™Ôx,ÑëЈªñߺ~,c·›#!ÄùxlâX6+‘̤Ùò-ºù”@íEñΊ\k>«Óp* jà_GÑÕc 2ò¯×6*pZåBYqKWº~ƒð!<ôÁŹ“ˆE“†é± ™¾˜ËÅ•¤]bÖ c ½uw}=óE¹Ÿ—ŸËW€o3©Ïw¤bY~go-tpm-tools-0.4.7/server/secure-boot/canonical-boothole.crt000066400000000000000000000020441510276467000241020ustar00rootroot000000000000000‚ 0‚ 0  *†H†÷  0„1 0 UGB10U Isle of Man10U Douglas10U Canonical Ltd.1402U +Canonical Ltd. Master Certificate Authority0 120412113908Z 420411113908Z01 0 UGB10U Isle of Man10U Canonical Ltd.10U Secure Boot1+0)U "Canonical Ltd. Secure Boot Signing0‚"0  *†H†÷ ‚0‚ ‚É_›b °d‚¬¾ÉâbãKÒŸŠÕa+]8ô·Î¹š¸C¸C—w«O pF ümÆmê€^Ò·f‡Þ mÐA—¨¥¯ cO÷|ÂRÌ 1©»‰]™FoUs¹viì×Áü!ÖÆçO½"Þä¨[-Û•4—Ö(K!LÊ»y¦Zùgæ\xE=m°Y&ÅWãN‚ºö,NÈ7Mÿ…„Gàí;|¼¯é§ oÃé£Î¾¦ãÍ<µX,žÂ`"79ÿAÁ)¤eQÿ34ªBù•xü-õÚŠ…|‚û7,k¥¨ß|U €.<°cáÍ8H‰è ‚¼ýÔh>ÙÝ”£ 00 Uÿ00U%0+ +‚7 0, `†H†øB OpenSSL Generated Certificate0UaH*¢ƒ ²­Zñ rPÚ3ÝÎð0U#0€­‘™ Â*±õŒ#¶eZ&Ž4Zc0  *†H†÷  ‚Š¡)· JÕÅý«%êÀ}âüj– y“gî%%äZöªñó‡^ñZ\Ë#se¹Þ"kÖIgÉ£Æ×bN\µùƒ@܇œaB"Ä*\NÅ£âàR²ëô‹+Ü89]ûˆ¡Ve_+O&ÿxëŒ]2ãÆE¯%› ÿŽïG £é‹7’’iv~4;’gN°%í¼^_´ÖÊ@ÿäâ1# …%® UìåG^ß[¼3ãÆõ¶Ù÷ݳ´¡1ÓZ\]}>¿ ääè´Y};´Œ£µ £¹>„oŒ!Ã9go-tpm-tools-0.4.7/server/secure-boot/cisco-boothole.crt000066400000000000000000000022141510276467000232520ustar00rootroot000000000000000‚ˆ0‚p  9\§’zPÂ0  *†H†÷  0A10U Toliman10 U Cisco10UVirtual UEFI Root CA0  180403174734Z20990403161930Z0?10 U Cisco10U Antares10U Virtual UEFI SubCA0‚"0  *†H†÷ ‚0‚ ‚¸M†Ð!¢+Ÿ ¦w˜1\WÀë>“aòe~Ñæˆ"Í¥‹O/øKh‘ïLQÂ÷gôF§‰ýBá¤ÎKj)g@ÈgìéàÞüðâ­EðÒ¨W»‹ £ŠsUãWÓüÂÄêPú‚IHf±x+¢GUH¤ËgÒ[ÙU¬{̶Š_0SUL0J0H F D†Bhttp://www.microsoft.com/pkiops/crl/MicCorKEKCA2011_2011-06-24.crl0`+T0R0P+0†Dhttp://www.microsoft.com/pkiops/certs/MicCorKEKCA2011_2011-06-24.crt0 Uÿ00  *†H†÷  ‚‚R+›ð %N3¹bxŸlÊéñ‘ç(qcê›Õ€žÛÍ€s;²2³ÿù»ËxZCÿ±®ÚS§K1z²08Dù†*^uͶei'×d)&0Bj×7=lO Gá-Àq÷ê$ç{Ç~;îdÒô5ªäï~aÐ߬"ŒEb£rÂ3ö”~››\ ± ½ù³pï;9^Ú¦žÚñ=¨¹¿L³êªþw3óÁŸ¿­_­ U߸–:ʵ "ªçÖ'˜ã5âïQB[ûð‚y "zß ¾T„*2)œË«ö$_^-¤q•U±‚É6º!òµˆ‘) gÒŸ#0‚è0‚Р a ш0  *†H†÷  0‘1 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110624204129Z 260624205129Z0€1 0 UUS10U Washington10URedmond10U Microsoft Corporation1*0(U!Microsoft Corporation KEK CA 20110‚"0  *†H†÷ ‚0‚ ‚Ä赊¿­W&°&ÃêçûWzD] ÚJåt*æ°ìmëì¹ãZc2|Oã §8“ŽÆõà„±š›,çõ·‘Ö áâÀ¨¬0ßHóPšd§QÈ…O †Îþ/áŸÿ‚ÀíéÍÎôSjb: C¹â%ýþùÔÄ«â#‰p·¤Mì®åœúÂ×ÁËÔèÄ/å™î$‹ìò‹êÃJûC ~µG’lÜæ‰ëõ3ë*qåùƒ<ÿ% /hvFÿºO¾Ü­q*XªûÒy=ä›e;Ì)*ŸürY¢ë®’ïö5€Æìä_ÌvÍïc’Á¯y@„y‡ãR¨è{i£‚O0‚K0 +‚70UbüCÍ >¤ËgÒ[ÙU¬{̶Š_0 +‚7  SubCA0 U†0Uÿ0ÿ0U#0€EfRCá~X¿ÖNž#U;:"j¨0\UU0S0Q O M†Khttp://crl.microsoft.com/pki/crl/products/MicCorThiParMarRoo_2010-10-05.crl0`+T0R0P+0†Dhttp://www.microsoft.com/pki/certs/MicCorThiParMarRoo_2010-10-05.crt0  *†H†÷  ‚Ô„ˆõ”Ê*<û*’ × ÑñèRf¨î¢µuzª-¤vZêy·¹7jQ{döádòg¾÷¨x½ºÎˆXd ÖWÈ£_ÖÛÆÐiÎHK2·ë]Ò0õÀõ¸ºx£+þ›Û4V„ì‚Ê®A%pœkéþ×–å甲* Kÿ(){÷×|¥Ñv¹Èyí’œÂþßo~l{ÔÁEÝ4Q–9å^VØ–ô¦B³ wýòqVÌŸ†#¤‡Ë¦ýX~Ôig‘~òå ‹Š<‡„ëãνCå­-„“Žj+Z|DúRªÈ-»àRßøš=Á`°á3µ£ˆÑe ç¬|¤Á‚‡N8±/ Ňoý.¼9¶çæÃàäÍ'„ï”Bï)‹FA;gØùCYeË ¼ý’Oôu;§©$üPA@yà-O j'vnRí–i{¯÷‡ÐE­Sû0ª76aÚJi4ØhíÖÏl” ÓÏl"y­±ð¼¢F`©ÄÂ!‚ñýòèy2`¿Ø¬¥"KÊÁØKë}?W5²æOu´°`"S®‘yÖ›A†Tp²Þ 5|°4rº—`;ðy뢲]¢¸‡Åéöµ—%o8Ÿã‘úŠy˜Ãi·£ —øÊ®×ÄóÀuk4 µ™`ó\°ÅWN6Ò2„¿ž1‚Ä0‚À0˜0€1 0 UUS10U Washington10URedmond10U Microsoft Corporation1*0(U!Microsoft Corporation KEK CA 20113 öjɸ•×ëÎ 0  `†He0  *†H†÷ ‚XÂáÁ~„ÕLG%vät&ä”ÕÄr–¡ª80\h{+¿jË̽ø¡x.²ÔïtΊï4µÕFkù@^qQ÷/‡Cðç”`,lËÁ‰‘Çòè.±ü§#—4à! 0e¨, ß‘©ÂSž1#rs¹¬&ÿŸ™ m îÕÀ6ðò¨©l^èÑ…€þPC“†Ï¥)©aw`²±¼¡7òÙÖÞýñsÌF‘+ŸÖ/â²kj6ØÜÆ¡êe—»Ù£YT"{ë×&’/8°N.•BOùy*T’ TÊ †«8vQšZâód+¦Þ;B¢Ó#öjWk£õoJü*Ï­v&ÄÁLP’@¬©Aù6“C(Œ0½šúwY2M½`(ôçxK€´Ùi1¿ ý‘¦ÑO¤Ræm²@Œ¨`MA’eŸ ½šúwY2M½`(ôçxKõ/ƒ£úœûÖ’r($ÛäE4Ò[…$k;•}¬nÎz½šúwY2M½`(ôçxKÅÙØ¡†âÈ- ¯ª*o.s‡ >d÷,Nïgyj„½½šúwY2M½`(ôçxK63„ÑM. xbd„ÄY­W£ïC–&`HÐXÅ¡›¿v½šúwY2M½`(ôçxK세Kle¥ ©¾q–R0! bÖÓ h2Û²Ò à'%'߶=IÒ•r¦ôLgo-tpm-tools-0.4.7/server/secure-boot/dbxupdate_x64-2020-10-12.bin000066400000000000000000000356611510276467000240350ustar00rootroot00000000000000Ú ñÒ¯JßhîIŠ©4}7Ve§0‚ å10  `†He0  *†H†÷  ‚ ø0‚0‚ð 3 ‚.¥Ä‰— 0  *†H†÷  0€1 0 UUS10U Washington10URedmond10U Microsoft Corporation1*0(U!Microsoft Corporation KEK CA 20110 200304184048Z 210303184048Z0†1 0 UUS10U Washington10URedmond10U Microsoft Corporation100.U'Microsoft Windows UEFI Key Exchange Key0‚"0  *†H†÷ ‚0‚ ‚ÞÓ<%V;jÿò2£À¨§è,‘PÄA– ®ªTàƒØàWåÜ7pá¯5æm0î?¸Çë³ü+g$ò.Ûz#$˜ÁlG^]DÉÁ,=ÉRÊ[ˆ¦ªÒ>Œ¡ª>Ë \¸y3/¸T«BàLY] ÜT _÷í. ¢½…ˆ”ñ¦Ù.r,|¸>õdÛ;ÑTùMh5cµô.Î$Ì—äç ΢œ^Q¬ ¼šÂ-¬„¾Xj"¿º8^`!7 &•Âùcš_lH•#ÅblÍðLh3[D¬(jPóp'0ØÂ÷î~/|mGÊ$Ÿx]¦òáØ]¢¥ˆõ;>oûõg˜G©£‚q0‚m0U% 0  +‚7O0UšjY“B5·æ6Åi0øZq0PUI0G¤E0C1)0'U  Microsoft Operations Puerto Rico10U 229961+4583790U#0€büCÍ >¤ËgÒ[ÙU¬{̶Š_0SUL0J0H F D†Bhttp://www.microsoft.com/pkiops/crl/MicCorKEKCA2011_2011-06-24.crl0`+T0R0P+0†Dhttp://www.microsoft.com/pkiops/certs/MicCorKEKCA2011_2011-06-24.crt0 Uÿ00  *†H†÷  ‚{+/òÕ~˜~LKoEÂ{ ÿu8™/Seäs4 ¨àc) ˜º3 <ðå?•òLVi‹Á;V²iÑd ¡FJ†‰Ù^80>¶™¨ÇûQpÚ ª(£xw6¹iB‡ÒWžHS)2ßÎ5ØHàÌ+ÞýKëJ2¶r4Ö,Ù"‚xwaz¾/íB@¼-:ê›1ù*tŒ8}V?õõm»­Ù„g׉TvräB¶]‡RaEVTÿ:*;ÑÝÐJ±ÓÝè´~ˤ_2·³—Íß ³ÌîN¢÷s˜;®ÿgôšÑX¯\´ò|SÖ^™t,¾ÉÞÙº!\n&¸“Òí-°”*çC0‚è0‚Р a ш0  *†H†÷  0‘1 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110624204129Z 260624205129Z0€1 0 UUS10U Washington10URedmond10U Microsoft Corporation1*0(U!Microsoft Corporation KEK CA 20110‚"0  *†H†÷ ‚0‚ ‚Ä赊¿­W&°&ÃêçûWzD] ÚJåt*æ°ìmëì¹ãZc2|Oã §8“ŽÆõà„±š›,çõ·‘Ö áâÀ¨¬0ßHóPšd§QÈ…O †Îþ/áŸÿ‚ÀíéÍÎôSjb: C¹â%ýþùÔÄ«â#‰p·¤Mì®åœúÂ×ÁËÔèÄ/å™î$‹ìò‹êÃJûC ~µG’lÜæ‰ëõ3ë*qåùƒ<ÿ% /hvFÿºO¾Ü­q*XªûÒy=ä›e;Ì)*ŸürY¢ë®’ïö5€Æìä_ÌvÍïc’Á¯y@„y‡ãR¨è{i£‚O0‚K0 +‚70UbüCÍ >¤ËgÒ[ÙU¬{̶Š_0 +‚7  SubCA0 U†0Uÿ0ÿ0U#0€EfRCá~X¿ÖNž#U;:"j¨0\UU0S0Q O M†Khttp://crl.microsoft.com/pki/crl/products/MicCorThiParMarRoo_2010-10-05.crl0`+T0R0P+0†Dhttp://www.microsoft.com/pki/certs/MicCorThiParMarRoo_2010-10-05.crt0  *†H†÷  ‚Ô„ˆõ”Ê*<û*’ × ÑñèRf¨î¢µuzª-¤vZêy·¹7jQ{döádòg¾÷¨x½ºÎˆXd ÖWÈ£_ÖÛÆÐiÎHK2·ë]Ò0õÀõ¸ºx£+þ›Û4V„ì‚Ê®A%pœkéþ×–å甲* Kÿ(){÷×|¥Ñv¹Èyí’œÂþßo~l{ÔÁEÝ4Q–9å^VØ–ô¦B³ wýòqVÌŸ†#¤‡Ë¦ýX~Ôig‘~òå ‹Š<‡„ëãνCå­-„“Žj+Z|DúRªÈ-»àRßøš=Á`°á3µ£ˆÑe ç¬|¤Á‚‡N8±/ Ňoý.¼9¶çæÃàäÍ'„ï”Bï)‹FA;gØùCYeË ¼ý’Oôu;§©$üPA@yà-O j'vnRí–i{¯÷‡ÐE­Sû0ª76aÚJi4ØhíÖÏl” ÓÏl"y­±ð¼¢F`©ÄÂ!‚ñýòèy2`¿Ø¬¥"KÊÁØKë}?W5²æOu´°`"S®‘yÖ›A†Tp²Þ 5|°4rº—`;ðy뢲]¢¸‡Åéöµ—%o8Ÿã‘úŠy˜Ãi·£ —øÊ®×ÄóÀuk4 µ™`ó\°ÅWN6Ò2„¿ž1‚Ä0‚À0˜0€1 0 UUS10U Washington10URedmond10U Microsoft Corporation1*0(U!Microsoft Corporation KEK CA 20113 ‚.¥Ä‰— 0  `†He0  *†H†÷ ‚×4CÒ;º¾®ªíD€k5½Ïlw‡M÷)_/‡‹=A©M0s¤øo¾¤…‚œ v\gNÆžzi¼q,ó ü—¢Á'ÚQ¾!¯&ÚëG?× *f¸žý¥p^,ÙFØ“ŒËÒˆ/Ï‹2ùMŠº?8ßÙ<þe‹ëÛ"ž7£~°†»›v¸Ý@uS(]¶9¡ÑÄ·#îýoŽï¿\xz0»ŒÅeqÉJòŸ;Ôú÷ž@ 3öŒñ³o­Þ~,èOþá~S¿/­Ü5s} %/’G®ih:£µ•ÜZé-RÅнÓf”=›X ¬‡æ1A$}4¡†O•Æ°¤i¡YÀ¥ä”§J‡µ«\+ðrP4½šúwY2M½`(ôçxK0‚ 0‚ 0  *†H†÷  0„1 0 UGB10U Isle of Man10U Douglas10U Canonical Ltd.1402U +Canonical Ltd. Master Certificate Authority0 120412113908Z 420411113908Z01 0 UGB10U Isle of Man10U Canonical Ltd.10U Secure Boot1+0)U "Canonical Ltd. Secure Boot Signing0‚"0  *†H†÷ ‚0‚ ‚É_›b °d‚¬¾ÉâbãKÒŸŠÕa+]8ô·Î¹š¸C¸C—w«O pF ümÆmê€^Ò·f‡Þ mÐA—¨¥¯ cO÷|ÂRÌ 1©»‰]™FoUs¹viì×Áü!ÖÆçO½"Þä¨[-Û•4—Ö(K!LÊ»y¦Zùgæ\xE=m°Y&ÅWãN‚ºö,NÈ7Mÿ…„Gàí;|¼¯é§ oÃé£Î¾¦ãÍ<µX,žÂ`"79ÿAÁ)¤eQÿ34ªBù•xü-õÚŠ…|‚û7,k¥¨ß|U €.<°cáÍ8H‰è ‚¼ýÔh>ÙÝ”£ 00 Uÿ00U%0+ +‚7 0, `†H†øB OpenSSL Generated Certificate0UaH*¢ƒ ²­Zñ rPÚ3ÝÎð0U#0€­‘™ Â*±õŒ#¶eZ&Ž4Zc0  *†H†÷  ‚Š¡)· JÕÅý«%êÀ}âüj– y“gî%%äZöªñó‡^ñZ\Ë#se¹Þ"kÖIgÉ£Æ×bN\µùƒ@܇œaB"Ä*\NÅ£âàR²ëô‹+Ü89]ûˆ¡Ve_+O&ÿxëŒ]2ãÆE¯%› ÿŽïG £é‹7’’iv~4;’gN°%í¼^_´ÖÊ@ÿäâ1# …%® UìåG^ß[¼3ãÆõ¶Ù÷ݳ´¡1ÓZ\]}>¿ ääè´Y};´Œ£µ £¹>„oŒ!Ã9¡YÀ¥ä”§J‡µ«\+ðr¸œ½šúwY2M½`(ôçxK0‚ˆ0‚p  9\§’zPÂ0  *†H†÷  0A10U Toliman10 U Cisco10UVirtual UEFI Root CA0  180403174734Z20990403161930Z0?10 U Cisco10U Antares10U Virtual UEFI SubCA0‚"0  *†H†÷ ‚0‚ ‚¸M†Ð!¢+Ÿ ¦w˜1\WÀë>“aòe~Ñæˆ"Í¥‹O/øKh‘ïLQÂ÷gôF§‰ýBá¤ÎKj)g@ÈgìéàÞüðâ­EðÒ¨W»‹ £ŠsUãWÓüÂÄêPú‚IHf±x+¢GUH%Ìm".a—•¯›.MX¶~xùú²['Þ}¢¾ ¬sì—°^ííå¥u?xàqÎ/΃íS10˜Næù¢ˆˆ¦#| ·T:•í^y^Nþͪނüö–qNII¹Óé°«×*G·S0'|Üf˜ oÑ~õ=>Ô¢jˆY//=ÈÆ(ÞBþÙR=$Âü@˜öv¿Œ»e£9070 `†H†øB0U%0  +‚7 0 U€0  *†H†÷  ‚W¤`L)éò}k\“ÛÌlŸ?iHšuÞdóƒJ ©&!îéV]á>ÙuËÌ¿Mäè‰=~B‡@ÃÕàqyÜláqbǘÂË' /ŸÌìú‹²ó žóòÃÉŸÛ%“¤Í»åŽô×U¨´uA1ýN] Â¬ÅÞFçÜÏÕèG“Œ2ÍDÕtÇ0šW¥VÐ~Ï´ôó)ùÛ›SÒ½/­ju&Edºº(–‡Ž·ðyWúzd÷,Nïgyj„½½šúwY2M½`(ôçxK세Kle¥ ©¾q–R0! bÖÓ h2Û²Ò à'%'߶=IÒ•r¦ôL½šúwY2M½`(ôçxKo¬êÏìýN0;tô€ €˜âЀ+“oŽÇtÎ!ó†hœ½šúwY2M½`(ôçxKN: [CƦ»Ó@O4=Ï9bgΔøµ.#©Ú’ ½šúwY2M½`(ôçxK+™Ï&B.’þ6_¿Kà 'lžáKzoÿDû/ki™9½šúwY2M½`(ôçxK.p‘g†¦÷sQ§«pµWÆ2.©#²¨Ó¹+Q¯}½šúwY2M½`(ôçxK?ΛŸß>ðTR°ù^ä·ðmt:syqUŽpjÎ>s½šúwY2M½`(ôçxKGÌa'⚆à:kï,ÔøÅZmkÛ6!hÃ,ã*Zß½šúwY2M½`(ôçxKqòoÒ"I~T£Fb«$—üÈ wõhéãÙ¿Ëýcu½šúwY2M½`(ôçxK‚Û;δöCΗÃч͛YAÍ=èXo+ÚV7W_g½šúwY2M½`(ôçxKŠÖHYñ•µõ¯ª” jag¬ÖzˆnF“dr!ÅYE¹½šúwY2M½`(ôçxKŽ¢‰Ïç «seË(îQíÓ<òPmèˆû­Ö¿€H½šúwY2M½`(ôçxK®ë®1Q's핪.g9í1©…g0:3"˜ø7 ©ÕZ¡½šúwY2M½`(ôçxKÄ ½¬Gu­ØÛ’ª"µ·ûŒ”¡F,餹]Š3ˆÂü½šúwY2M½`(ôçxKÆÁ¨±î*(µ¨Lƒ×É‹[ '(aëæ’–½šúwY2M½`(ôçxKÉ3f¸çùƒ—TÉ—ñ së&Ø¡ ¹ã½¿Æg«Û‹½šúwY2M½`(ôçxKdW[Ùxš.­Vö4R¯kø ùDxYuéðN-d×E½šúwY2M½`(ôçxKEÇÈ®u Ï»Hü7R}dÝdM®Ø‘<ÍŠ$ÉM…igߎ½šúwY2M½`(ôçxKØûLž.z‚%ekK‚s·Ë¤°>òéë à )$졺†½šúwY2M½`(ôçxK¹*ò˜Ü›xÇt’ÖUq ×*­£×{åF ä2xïnM½šúwY2M½`(ôçxKᮃÀ.o(XÔëÑw#´õê5yÕD=ìÅù<½šúwY2M½`(ôçxK9ÛÂ(ŽôK_•3,·wãè@Û¦€cJ¨õɱ½šúwY2M½`(ôçxK2õ” ¢Ø¢ÁEæü‰df(ÿÌ|zBÊå3})Ä ½½šúwY2M½`(ôçxKÔ_Ë£–®ó>èöì®X¯èGj( &üqö!}ÏIº/½šúwY2M½`(ôçxKK†h¥Ôe¼ÝªüÿBOËЮÎ2üp¨>‘`èŸ ½šúwY2M½`(ôçxK‰óÑöä…Ã4Í •ãÍýÀq±„˜T„zDÜUHâÜû½šúwY2M½`(ôçxKÉì5ònUšÿ´ âëÞT5L5©˜`[Ï—-U½šúwY2M½`(ôçxK³å4¿kW†—3“Ÿ$¶k¤eã^‘°6**ÍépI½šúwY2M½`(ôçxKŸcíWÔ´.ñ f±D¦[¡¶WùKŽ²ðÄÍ`Á½šúwY2M½`(ôçxKÝY¯VDãŒcûà…0 ÍwF*!’Y°[ÂYæs½šúwY2M½`(ôçxKÛ¯žm=[8¶…S0J¼ˆ‚~¼ø ¹Çá—ͼX"Í1l½šúwY2M½`(ôçxKeóÀ „Ób¹r.˜÷^^™ln“O{+.kæÞÈ콚úwY2M½`(ôçxK[$Ž‘=q…==¥®ÝšKÅz‘q&W8û_Ë-†¢ñȆ½šúwY2M½`(ôçxK&yeãAòϨƒF 5Vª¯w§ kÄ„É0tl÷µ½šúwY2M½`(ôçxK»ÑmSco##§¨o=ÿ–Ÿ„ˆÀWKÂׇþÉ?½šúwY2M½`(ôçxK à!ö|~ø_Ní6¿p’8 <#Ê‘ýC ”° ½šúwY2M½`(ôçxK•ŸA7Ç°Òvq•åos€}:Üøöç¿-M™0_‰½šúwY2M½`(ôçxKæ!jÊïd@¥Uì¾Ù@±¥òVší’•a7®XH.ñ·½šúwY2M½`(ôçxKnþþ [G‹{”LÓ¨¬¢Ì¤ ˆˆâŸŠËX$׺°½šúwY2M½`(ôçxK®LÔzAǃÜHóBÀvÂÁo4ôÒßPÑÊ;µ­…½šúwY2M½`(ôçxKØÔæÝöä-t¦¥6êbýä) \ž\6•£Bïµõ¤½šúwY2M½`(ôçxKòw¯O›Ü‘ŠèŸ£\Á³N4˜L®—e2,<°IWM6Pœ½šúwY2M½`(ôçxK ÂLuëïV¹ñ:¹Þ`âì¡ÄQ4⻳lö T›#L½šúwY2M½`(ôçxKƒXò¥W-pYµÈcPU(’éEbo_Éʬ÷½èW¤½šúwY2M½`(ôçxKºßõäðþ§p¨û"äÄ8!ã! õ-OtÝPñÐ9¼½šúwY2M½`(ôçxKÄR«„`sßZÎ%̦Mkz Ù0ŠeëR@ãÄëÊ©Ì ½šúwY2M½`(ôçxKñ†>È·ô?”­û ‹JiIzŒeì¼*Uà»Bw+ŒÜ‘½šúwY2M½`(ôçxK{ÉËTcε^¸ºwѬ҃Ä?JW`<Áò,ëÅy½šúwY2M½`(ôçxKè9]¾WèQx´ºõ¢Wðn‘!¦|Y_jâ%ý½šúwY2M½`(ôçxK´ÜÊòÈϧ´“Žqþ+–‘ä!oÙT(g-l~s½šúwY2M½`(ôçxK>Î'˳ìD8Ìå#¹'Äð_Ü\Y:7fÛ˜L^Cz?ö¡k½šúwY2M½`(ôçxKhîF2ǾfÈ>‰Ý“ê¿E´ÂÇ-}ÇIš¢ C½šúwY2M½`(ôçxKâK1ZUqH=‹s³-áMáë.«!ý-œ1Ÿõ^нšúwY2M½`(ôçxKç :´ìˆUì¥)7ØKZÂOˆ&kRpçì´ª%8½šúwY2M½`(ôçxK~¬€©ÈLÔ¯ìc‰ÙN±h¨UyQ¤Õ9°q0(U+kŒ½šúwY2M½`(ôçxKçh1!êg÷K¼°ÍÅåp,ŒÅ_¶]p-û©Hµô½šúwY2M½`(ôçxKÜÌ<áÀä°±‡Ór úGõÂoW£Y¾{'€N¬ºÄ½šúwY2M½`(ôçxKWÿq*䉳t“Àv§Í©a)بýhÒ¶¯c91]½šúwY2M½`(ôçxK:‘ðùå(¢™L}“ ,^áLèáÈ0Jä•­ÅŒÄE< ½šúwY2M½`(ôçxKISyl›òQ «¥³Õ~+…××d4ìuº£…t彚úwY2M½`(ôçxK¨²Éu뫧ÛÞ^éiÀêî*1Ë‘¨gV¦·p½šúwY2M½`(ôçxKŽSïÜøRÎå¦é)1¼Bæ<ÓöI̧èrRäY– ½šúwY2M½`(ôçxKŸ¤Õ?Ô>ÊÿBº~CS%+~^rµ nÿ€'ÖmC½šúwY2M½`(ôçxKÓrÀÐôýÉõ.ž#üVîrAJóPÐΦÂj5¦Ã!z½šúwY2M½`(ôçxK\Xj…é7‰EpÔùëh(¹|AË›¦ÓÜÌ_RzU½šúwY2M½`(ôçxK€N5Lch»'©®ŽIŠW+)4%šœOS¢rTI½šúwY2M½`(ôçxKöJ)”Šˆ¾ÿÛ^ §7 Ï ÙÎkÏŽd !1«‡½šúwY2M½`(ôçxKØ~q4Tao[ׄšµÁq*¸O4”xì*8ùpÀ‰½šúwY2M½`(ôçxKë[­ÒnO®eù¤#XÞï|å,À_»Çgvæ˜*½šúwY2M½`(ôçxK»"‰ééM ÿ?bQj°~—›,lïâ«pÆßÁŸ¥½šúwY2M½`(ôçxK (ð@‹÷%ægØq8¨î¼R–-(Gñn5‡;A¶­½šúwY2M½`(ôçxK ùŠ©…Œ sø›§~‡ìoYlIPû‹º€¦/»‘K½šúwY2M½`(ôçxK uê pê¤Óót$mµOÇ´>Yj53 ¹ÃkOÙur^½šúwY2M½`(ôçxK Q×oÄ“Iv]¨†‚Bk,þžj¤òrSê´2㧽šúwY2M½`(ôçxK£¢šÐQ0×þ[ôÒYecÍí‡@–ªÌi“*.IQš½šúwY2M½`(ôçxKw0´/þI?é¶%—Í+o4Ójõ“0ñ¤/” ½šúwY2M½`(ôçxKáqZŸÏá¤DÎÿ…†ž´"3 ÀK1L)]m§ž½šúwY2M½`(ôçxK‘¨Ôså(¨x#½bæUß®Tú+úrýÀ)†Ö¸½šúwY2M½`(ôçxK‹XÁý¸Ú‹3Ìî_—:÷4Ùóã?]±W<+ ˆ¨ ½šúwY2M½`(ôçxK‘†ïß^òÞ‚Eº®4††º 5ÿ=˜eÁS|퓽šúwY2M½`(ôçxK' „²†ñc°jªäë¸ßøÞ} ‚[ˆ9ÿf'NÿG½šúwY2M½`(ôçxK)̤TN£0Ö‘Ç„i\œk"¬{[‰Ë×(Ñ@꽚úwY2M½`(ôçxK+"˜ê¢kĤUŠé.{°äø\óKøHýö6ÀÁ¾Ä˜—½šúwY2M½`(ôçxK-ÏŽp#ÑèáE=hÖì0Ù¾ÙL¼¸ÝÁ̬½šúwY2M½`(ôçxK1*Å[PÀ›0³Ì“¹”¡>î¬Tï‰/ÄG»½–¡½šúwY2M½`(ôçxK2­2–‚›ÄmϬ^ÝË¿,í\ø;"Ïœn`ǘԧ½šúwY2M½`(ôçxK4 £+X3Ž+V¯0 ©ßÖ¹Ò'àâ£IX±Æ%ž…½šúwY2M½`(ôçxK6.Ó ±à’(1©o ÏÞa‰Sæ•Éï.°ºÃuP½šúwY2M½`(ôçxK6z1僈1­,FGˆjlßò決‘ ÿ…Üz‡®›^˜½šúwY2M½`(ôçxK7e×iÀ[ù‹B{5;!7褛o… ñYíj†xj¦4½šúwY2M½`(ôçxK8mi\ß-EvàÊÌõäžxÚQ¯™UÀ¸úv7;y”³½šúwY2M½`(ôçxK:Ot¾¯®+“ƒ­‚Ò3¦Ï=³Çâè—¾ïBUúúwY2M½`(ôçxK:çlEÊpé Y˜Bb-ÒQ¼¡ûæ¹Å.Ás°5½šúwY2M½`(ôçxK;èçë45Á’Çi„gˆ™AÑöÏ QL¡i“OsY½šúwY2M½`(ôçxK>9&ð¸¡ZÕ¡Ag»dz„<=C!ã]¼DÜèÈ7A-(°½šúwY2M½`(ôçxK@ ÆmY·°”©ã ¦½:ÿ0WƒçY/B¾_ôº½šúwY2M½`(ôçxKA…‚m«[¨4{x¢+_š upÊ\“§MGŠy=ƒºÄ˜½šúwY2M½`(ôçxKAÑî±wÀ2NÝeWó„å2Þ õšDkï³Q¼%w½šúwY2M½`(ôçxKE‡kMØaÔ[:”€tz]´ZH²§)A ¶A/Š‡é]½šúwY2M½`(ôçxKFg¿% ×Á k„tÆͱßdŠXso¿WÐ]ou]«gô½šúwY2M½`(ôçxKGÿc±@¶üíy1æQÚ[./]®ô=ÂûÅ2±½šúwY2M½`(ôçxKWæ‘:úÌR"½vͯ1ø툉Td%Stï z‚×õšÓ•–½šúwY2M½`(ôçxKXú"q!ÇmížcÈ~:e3î öð¡¢?ÄE›Æ¼ß½šúwY2M½`(ôçxK]šË»J}KhRßYpâÎÖoö"îœÐíØAÌ­½šúwY2M½`(ôçxKaÎÄ£w¿YÀþ®ãp4¿—Õ¼nâ:ߺæãõû<ý½šúwY2M½`(ôçxKcW´E6,Ƙ KĶ(â=¾$¶élŠãÜ°Õ¬½šúwY2M½`(ôçxKe²çÌÙÃ1ßRßsÊ É2ÒŸ™tÅo0‡²Ý1G½šúwY2M½`(ôçxKfª íÂ8MœB]9'æíJ]@ÅçÍM¬ˆõwòñ½šúwY2M½`(ôçxKhsÒö)½RéTîÿYwªƒgC™—bÿ!,”3Æ—½šúwY2M½`(ôçxKm»êÒ>Œ† ø´tûü¥ Mã⋈»ÌÜGG“N½šúwY2M½`(ôçxKmêÑ2WßÃÌƤ³pº‘u_éàìAP0”.Z¼Gð|ˆ½šúwY2M½`(ôçxKp¡E ò­9Ui­ þ±ÙÁ%2Né ì9ÂXˆ4Ô‰-Q«½šúwY2M½`(ôçxKrÂo‚|ë’˜—˜–Æ®tÓë϶]A²fÉ ¾‚½šúwY2M½`(ôçxKxd!ˆ¨´±sÔ¨õì”Ø(dqV ™5zXbK7u ½šúwY2M½`(ôçxKxƒƒ¤Ç3»‡Ò¿Qg=Ç>’ß«}QÜqV'®whm#¼½šúwY2M½`(ôçxKx´íÊ«ÈÙ > â€,®´ðž#£9LJÌn‡èóS•1½šúwY2M½`(ôçxKI̳ 2;z±“ÉU¸ÇDð¢·\1I^`pP'½šúwY2M½`(ôçxK‚¬ºHÕ#lÏ÷ešüYMî+Ö.ñ£ ›P†(Ï4ô½šúwY2M½`(ôçxK‰Mx962˜Ì‘Zèt.ó0×¢f™ôYGŒò,+k²…f½šúwY2M½`(ôçxKŒI×Wåª!ÁcH#22—ØhòX‘e)ïÅ ïp½šúwY2M½`(ôçxK“Ö iYevåÜFKá*…úR€¶õ$Ô¡ÃüÉÐHÏ­½šúwY2M½`(ôçxKcõûÅåz¶Þl”ˆ` ár±vÕ«WÔÈŸ`þ-⽚úwY2M½`(ôçxK‘ej¤ïI;8$ ·&2HäâÖW¥ÈHˆ ¶[s 2ûS½šúwY2M½`(ôçxK‘——¿Ž[Æ„9¬Äcë¸ú«ývMËè/;©wÊÈÏj½šúwY2M½`(ôçxK”pxù|a––Œ:霚]Xf~†ˆ,öÈÉÕ‰g¤–»zô<½šúwY2M½`(ôçxK–äP”PÓ€ÚÃbÿŽ)U‰ŠåX…Ò ‰Â{¢©Ð ½šúwY2M½`(ôçxK—ƒµîD’éè‘ÆUñô€5•­E<b:ðþ{òÀ¥x…㽚úwY2M½`(ôçxK—¥ DDb óŒØÆQ,¬šuýCzáäÒ))€va#'½šúwY2M½`(ôçxK—¨ÅºÖï»]jÚNºG-ÄÆÍIrü]ã!4/佚úwY2M½`(ôçxK™( æìŒAÚ®KØ«Hõ‚héC¦pÓ\¥â½Í>|L” r½šúwY2M½`(ôçxK™-5š§¥÷‰Òh¹L¹HZkæCb°í´DÌ|9d{½šúwY2M½`(ôçxK™T¡©U豉«ÊAK‘ö l@¨ko>óh݆1½šúwY2M½`(ôçxK›¯Ov×kõÖ¨—¿½_B›¡Mà‹HÃîv“ ‚ÿ8‘½šúwY2M½`(ôçxKœ%ŸË0_Ç9~Õu™càïk6ä WýsnkЋŸu½šúwY2M½`(ôçxKÒÜ·/^t'òéà:±…£@<ö©¤y¤ÛÙ~"P©½šúwY2M½`(ôçxKžÓ?¼ À2øœ¢Ä«4íÃ:E¥ %!£µ‡j£ê,½šúwY2M½`(ôçxK¤Ùx·Ä½¡T5Õø¹Y.Â¥­ûê{­j5ìµ0”d/½šúwY2M½`(ôçxK©$ÓÊÖÚB·9›– • oö±«¥¸s°Õó î!s´‹l½šúwY2M½`(ôçxK­;å‰ÀGN—Þ[²¿3SIH·k¸vßÜX±þ×gµ¡[ü½šúwY2M½`(ôçxK¸Öµç…{Eƒ|{ãØV­ë—Ç)°fZ=G:KëQÜó½šúwY2M½`(ôçxK¹?™Y‹ ú ¬Á,üü%hy?nwžy^m|"Su½šúwY2M½`(ôçxK»Ú3»cœ~€m°VÉŠSò/ïû äm®Iš½šúwY2M½`(ôçxK¼uùÿ2\µ™žf»ÔOJå7¤/ßï5SHãf⽚úwY2M½`(ôçxK½Ð&éØWÓþu¯Áp*)ð´öýö¢²\—©ÎŽšúwY2M½`(ôçxK¾C]÷Í(ª*|´üsG[wå«ó’÷k|vú?iŒ·š½šúwY2M½`(ôçxK¾÷f;åêM¿Øhn$poLûÍg¦Åfí”Î ÄDp½šúwY2M½`(ôçxKÂF—YÁ”~ô¶_r©õ³¯‹onr{h» ‘8\¿BjŠ½šúwY2M½`(ôçxKÃP[ó쥬äÇk‹Ñ 9 eÑóNu¸£^ãÆ›–½šúwY2M½`(ôçxKÄ-Ç Ï^Œóû‘ýòˆ@!­ƒl¦Šß,»y•Á õˆÔ½šúwY2M½`(ôçxKÆd¥¸9ä¡gBR~jÎ<'oÒn4ÇÐã"½šúwY2M½`(ôçxKË4¯ë tÄ¥ˆ³nº¤A–èÒú€Ü¨Á8rÈPyk½šúwY2M½`(ôçxKÌŽìn¹!,¿‰zZÎ~Š¾ìáŸmï x•‘ËGñð„½šúwY2M½`(ôçxKÏ¢CÁÍ.<Œë~p‡ÎËûƒ%»ùз y­óèA(½šúwY2M½`(ôçxKØšÑlHÔû¼TKúøg f ”HåK¿òpNBˆ½šúwY2M½`(ôçxKÙfŠµ'…g†Á4µä½Û÷$R;is"š¹*¡¥M õ½šúwY2M½`(ôçxKÚ5`ý 2µLƒÔòÿ†Ò“i¬òÈ–ø¯§CkúFU½šúwY2M½`(ôçxKߪ´ƒ‡©áÔÆR(œ¶«á–Èô³–Çä»Ã•Þiwö½šúwY2M½`(ôçxKß‘¬…©OÍ ûU½|¾ú¬¸Åîs—þ,ÈY„Ež.¡N½šúwY2M½`(ôçxKàQ·ˆìºí¥0FÇjö•",aW¸ÄÁ¹ÂÏÆ_F彚úwY2M½`(ôçxKãmüq!Âãšêˆ„ž(E«2ooçNS›~TØ61½šúwY2M½`(ôçxK㘑ô‹¼Å“¸í†Î‚ÎfoÁ[ŸËý+ºÐ¨›ôÇ¿¿½šúwY2M½`(ôçxKæ…oy™-ÉO¢ô2—ì2ÒÙ§o{æaÆ¡>ü;ÍõȽšúwY2M½`(ôçxKêÿŒ…ºM[k€FõÖG×yºÚwhæIÐGÿ›f ½šúwY2M½`(ôçxKfIa §OjÆäß»)¢à®;Š#(Ž~.r½šúwY2M½`(ôçxKî×àïòíUž*yî6™b¯;™‘1ã ·ýTo® rg½šúwY2M½`(ôçxKñ´öQ; TJh­Â‘ï¨ÅŸB ¥Ü²> Zú~ =½šúwY2M½`(ôçxKò¡m5µTiA‡§ @Êh)Yôó\,àê¸ýd÷¬*¹õÂJ½šúwY2M½`(ôçxKóÔaÅé•@?É|¢Ø©ËâpY}2ºßÖkwI_”½šúwY2M½`(ôçxKôŽmØqŽ•;`¢O,¾¦ •!Þ®gÛ%B[}:Îô1³[ôÀæ‹Óµw¹«á©ÏñËßTgo-tpm-tools-0.4.7/server/secure-boot/dbxupdate_x64-2021-04-29.bin000066400000000000000000000322751510276467000240470ustar00rootroot00000000000000Ú ñÒ¯JßhîIŠ©4}7Ve§0‚ å10  `†He0  *†H†÷  ‚ ø0‚0‚ð 3#‹­껹#0  *†H†÷  0€1 0 UUS10U Washington10URedmond10U Microsoft Corporation1*0(U!Microsoft Corporation KEK CA 20110 201215212643Z 211202212643Z0†1 0 UUS10U Washington10URedmond10U Microsoft Corporation100.U'Microsoft Windows UEFI Key Exchange Key0‚"0  *†H†÷ ‚0‚ ‚¬¼ÓxB)”6 μ۠Áwøt9c`u…±º¾oîÔzÉ¢¸Û6áà‘(X@–µG â 3±²+ªäq„®g¨>f;æ(·Ê”wsðßó Ëûóן°„·)=§dpÅf„œ/cÌ;mR°´‹Š„Gˆ>åþ†N¦zÒŠ ç­¶?YEµËOb«P¼ýÍ*ç_Óþ îî<úƽ$?‰™R ƒÈÏÖ óÈ7§p\ƒv;ƒ„)ëmN$ºë6Ä‹o2±Ñ6\ší«Á`ýÏ=HËÅQLϺŽ– E]_÷ § þ'xó@âÊÑäWOËhBe\%P“èÞ\™ßæ|œl•ï£‚q0‚m0U% 0  +‚7O0U,GÝ:Ø-Oüõuwæ/ŽE‚d…0PUI0G¤E0C1)0'U  Microsoft Operations Puerto Rico10U 229961+4630030U#0€büCÍ >¤ËgÒ[ÙU¬{̶Š_0SUL0J0H F D†Bhttp://www.microsoft.com/pkiops/crl/MicCorKEKCA2011_2011-06-24.crl0`+T0R0P+0†Dhttp://www.microsoft.com/pkiops/certs/MicCorKEKCA2011_2011-06-24.crt0 Uÿ00  *†H†÷  ‚$MªbC¯D ÊwUŠwÔ¡¼Xxoî‚ÉP¹õyÑ®ïa{lCüíÅK6SíiJe¨®Æ–”ëöã¯òÆ÷¹sö1Èèà× E!"1-Æ% zéCÏÑ–•ü‰ÑñÒ˜æ4mÛ¾ÊI ëlµÓ×·ïÿÄ©ŒêÖ®eþ÷·aIy~Lúã¹?±`•ËŃ”aù3/÷Ó­Ç–Iõ†¡Œ9"íPBžÆô¿Ia^ÞÜ›n¾Ìb—Gõ¶>È,Z5¬÷ 8øyݼj}ô%Y¿D c({Cò×Y6œêTâ,v…µ’ŽÒµ+ó™·›ï© æ/Bes0‚è0‚Р a ш0  *†H†÷  0‘1 0 UUS10U Washington10URedmond10U Microsoft Corporation1;09U2Microsoft Corporation Third Party Marketplace Root0 110624204129Z 260624205129Z0€1 0 UUS10U Washington10URedmond10U Microsoft Corporation1*0(U!Microsoft Corporation KEK CA 20110‚"0  *†H†÷ ‚0‚ ‚Ä赊¿­W&°&ÃêçûWzD] ÚJåt*æ°ìmëì¹ãZc2|Oã §8“ŽÆõà„±š›,çõ·‘Ö áâÀ¨¬0ßHóPšd§QÈ…O †Îþ/áŸÿ‚ÀíéÍÎôSjb: C¹â%ýþùÔÄ«â#‰p·¤Mì®åœúÂ×ÁËÔèÄ/å™î$‹ìò‹êÃJûC ~µG’lÜæ‰ëõ3ë*qåùƒ<ÿ% /hvFÿºO¾Ü­q*XªûÒy=ä›e;Ì)*ŸürY¢ë®’ïö5€Æìä_ÌvÍïc’Á¯y@„y‡ãR¨è{i£‚O0‚K0 +‚70UbüCÍ >¤ËgÒ[ÙU¬{̶Š_0 +‚7  SubCA0 U†0Uÿ0ÿ0U#0€EfRCá~X¿ÖNž#U;:"j¨0\UU0S0Q O M†Khttp://crl.microsoft.com/pki/crl/products/MicCorThiParMarRoo_2010-10-05.crl0`+T0R0P+0†Dhttp://www.microsoft.com/pki/certs/MicCorThiParMarRoo_2010-10-05.crt0  *†H†÷  ‚Ô„ˆõ”Ê*<û*’ × ÑñèRf¨î¢µuzª-¤vZêy·¹7jQ{döádòg¾÷¨x½ºÎˆXd ÖWÈ£_ÖÛÆÐiÎHK2·ë]Ò0õÀõ¸ºx£+þ›Û4V„ì‚Ê®A%pœkéþ×–å甲* Kÿ(){÷×|¥Ñv¹Èyí’œÂþßo~l{ÔÁEÝ4Q–9å^VØ–ô¦B³ wýòqVÌŸ†#¤‡Ë¦ýX~Ôig‘~òå ‹Š<‡„ëãνCå­-„“Žj+Z|DúRªÈ-»àRßøš=Á`°á3µ£ˆÑe ç¬|¤Á‚‡N8±/ Ňoý.¼9¶çæÃàäÍ'„ï”Bï)‹FA;gØùCYeË ¼ý’Oôu;§©$üPA@yà-O j'vnRí–i{¯÷‡ÐE­Sû0ª76aÚJi4ØhíÖÏl” ÓÏl"y­±ð¼¢F`©ÄÂ!‚ñýòèy2`¿Ø¬¥"KÊÁØKë}?W5²æOu´°`"S®‘yÖ›A†Tp²Þ 5|°4rº—`;ðy뢲]¢¸‡Åéöµ—%o8Ÿã‘úŠy˜Ãi·£ —øÊ®×ÄóÀuk4 µ™`ó\°ÅWN6Ò2„¿ž1‚Ä0‚À0˜0€1 0 UUS10U Washington10URedmond10U Microsoft Corporation1*0(U!Microsoft Corporation KEK CA 20113#‹­껹#0  `†He0  *†H†÷ ‚}Ê“A?ú=±¼·¨µþ±ù&vn¯dâÕÀ0ʤ{ãpdžÿ^Ãx^>n0àâI Ë™Ÿ‚Ó›”hLNÛž]qSÎŽñz²)³a%²}t, 0xóBÄ©3i(Ÿñ—q²©{ÙJ¬JHGrL©Ú^þËVÝ6觜˜ Òƾ}šÔ_ýC¼Ò¿TšT(ë]˘oÛ1ç¸颥Ÿ Ÿ|º|&_Ûü×ø5 êîœcü'Š¦mÁ}<)•uÈÍé*˜¨ýñÒJè¤|¥ôÖ–×’*¨‘¸4ÍÌÀt ±íy—ék¼ÎÞÿÆI®¯þò{/Ôôý &ÄÁLP’@¬©Aù6“C(¬'0½šúwY2M½`(ôçxK€´Ùi1¿ ý‘¦ÑO¤Ræm²@Œ¨`MA’eŸ ½šúwY2M½`(ôçxKõ/ƒ£úœûÖ’r($ÛäE4Ò[…$k;•}¬nÎz½šúwY2M½`(ôçxKÅÙØ¡†âÈ- ¯ª*o.s‡ >d÷,Nïgyj„½½šúwY2M½`(ôçxK세Kle¥ ©¾q–R0! bÖÓ h2Û²Ò à'%'߶=IÒ•r¦ôL½šúwY2M½`(ôçxKo¬êÏìýN0;tô€ €˜âЀ+“oŽÇtÎ!ó†hœ½šúwY2M½`(ôçxKN: [CƦ»Ó@O4=Ï9bgΔøµ.#©Ú’ ½šúwY2M½`(ôçxK+™Ï&B.’þ6_¿Kà 'lžáKzoÿDû/ki™9½šúwY2M½`(ôçxK.p‘g†¦÷sQ§«pµWÆ2.©#²¨Ó¹+Q¯}½šúwY2M½`(ôçxK?ΛŸß>ðTR°ù^ä·ðmt:syqUŽpjÎ>s½šúwY2M½`(ôçxKGÌa'⚆à:kï,ÔøÅZmkÛ6!hÃ,ã*Zß½šúwY2M½`(ôçxKqòoÒ"I~T£Fb«$—üÈ wõhéãÙ¿Ëýcu½šúwY2M½`(ôçxK‚Û;δöCΗÃч͛YAÍ=èXo+ÚV7W_g½šúwY2M½`(ôçxKŠÖHYñ•µõ¯ª” jag¬ÖzˆnF“dr!ÅYE¹½šúwY2M½`(ôçxKŽ¢‰Ïç «seË(îQíÓ<òPmèˆû­Ö¿€H½šúwY2M½`(ôçxK®ë®1Q's핪.g9í1©…g0:3"˜ø7 ©ÕZ¡½šúwY2M½`(ôçxKÄ ½¬Gu­ØÛ’ª"µ·ûŒ”¡F,餹]Š3ˆÂü½šúwY2M½`(ôçxKÆÁ¨±î*(µ¨Lƒ×É‹[ '(aëæ’–½šúwY2M½`(ôçxKÉ3f¸çùƒ—TÉ—ñ së&Ø¡ ¹ã½¿Æg«Û‹½šúwY2M½`(ôçxKdW[Ùxš.­Vö4R¯kø ùDxYuéðN-d×E½šúwY2M½`(ôçxKEÇÈ®u Ï»Hü7R}dÝdM®Ø‘<ÍŠ$ÉM…igߎ½šúwY2M½`(ôçxKØûLž.z‚%ekK‚s·Ë¤°>òéë à )$졺†½šúwY2M½`(ôçxK¹*ò˜Ü›xÇt’ÖUq ×*­£×{åF ä2xïnM½šúwY2M½`(ôçxKᮃÀ.o(XÔëÑw#´õê5yÕD=ìÅù<½šúwY2M½`(ôçxK9ÛÂ(ŽôK_•3,·wãè@Û¦€cJ¨õɱ½šúwY2M½`(ôçxK2õ” ¢Ø¢ÁEæü‰df(ÿÌ|zBÊå3})Ä ½½šúwY2M½`(ôçxKÔ_Ë£–®ó>èöì®X¯èGj( &üqö!}ÏIº/½šúwY2M½`(ôçxKK†h¥Ôe¼ÝªüÿBOËЮÎ2üp¨>‘`èŸ ½šúwY2M½`(ôçxK‰óÑöä…Ã4Í •ãÍýÀq±„˜T„zDÜUHâÜû½šúwY2M½`(ôçxKÉì5ònUšÿ´ âëÞT5L5©˜`[Ï—-U½šúwY2M½`(ôçxK³å4¿kW†—3“Ÿ$¶k¤eã^‘°6**ÍépI½šúwY2M½`(ôçxKŸcíWÔ´.ñ f±D¦[¡¶WùKŽ²ðÄÍ`Á½šúwY2M½`(ôçxKÝY¯VDãŒcûà…0 ÍwF*!’Y°[ÂYæs½šúwY2M½`(ôçxKÛ¯žm=[8¶…S0J¼ˆ‚~¼ø ¹Çá—ͼX"Í1l½šúwY2M½`(ôçxKeóÀ „Ób¹r.˜÷^^™ln“O{+.kæÞÈ콚úwY2M½`(ôçxK[$Ž‘=q…==¥®ÝšKÅz‘q&W8û_Ë-†¢ñȆ½šúwY2M½`(ôçxK&yeãAòϨƒF 5Vª¯w§ kÄ„É0tl÷µ½šúwY2M½`(ôçxK»ÑmSco##§¨o=ÿ–Ÿ„ˆÀWKÂׇþÉ?½šúwY2M½`(ôçxK à!ö|~ø_Ní6¿p’8 <#Ê‘ýC ”° ½šúwY2M½`(ôçxK•ŸA7Ç°Òvq•åos€}:Üøöç¿-M™0_‰½šúwY2M½`(ôçxKæ!jÊïd@¥Uì¾Ù@±¥òVší’•a7®XH.ñ·½šúwY2M½`(ôçxKnþþ [G‹{”LÓ¨¬¢Ì¤ ˆˆâŸŠËX$׺°½šúwY2M½`(ôçxK®LÔzAǃÜHóBÀvÂÁo4ôÒßPÑÊ;µ­…½šúwY2M½`(ôçxKØÔæÝöä-t¦¥6êbýä) \ž\6•£Bïµõ¤½šúwY2M½`(ôçxKòw¯O›Ü‘ŠèŸ£\Á³N4˜L®—e2,<°IWM6Pœ½šúwY2M½`(ôçxK ÂLuëïV¹ñ:¹Þ`âì¡ÄQ4⻳lö T›#L½šúwY2M½`(ôçxKƒXò¥W-pYµÈcPU(’éEbo_Éʬ÷½èW¤½šúwY2M½`(ôçxKºßõäðþ§p¨û"äÄ8!ã! õ-OtÝPñÐ9¼½šúwY2M½`(ôçxKÄR«„`sßZÎ%̦Mkz Ù0ŠeëR@ãÄëÊ©Ì ½šúwY2M½`(ôçxKñ†>È·ô?”­û ‹JiIzŒeì¼*Uà»Bw+ŒÜ‘½šúwY2M½`(ôçxK{ÉËTcε^¸ºwѬ҃Ä?JW`<Áò,ëÅy½šúwY2M½`(ôçxKè9]¾WèQx´ºõ¢Wðn‘!¦|Y_jâ%ý½šúwY2M½`(ôçxK´ÜÊòÈϧ´“Žqþ+–‘ä!oÙT(g-l~s½šúwY2M½`(ôçxK>Î'˳ìD8Ìå#¹'Äð_Ü\Y:7fÛ˜L^Cz?ö¡k½šúwY2M½`(ôçxKhîF2ǾfÈ>‰Ý“ê¿E´ÂÇ-}ÇIš¢ C½šúwY2M½`(ôçxKâK1ZUqH=‹s³-áMáë.«!ý-œ1Ÿõ^нšúwY2M½`(ôçxKç :´ìˆUì¥)7ØKZÂOˆ&kRpçì´ª%8½šúwY2M½`(ôçxKÜÌ<áÀä°±‡Ór úGõÂoW£Y¾{'€N¬ºÄ½šúwY2M½`(ôçxKWÿq*䉳t“Àv§Í©a)بýhÒ¶¯c91]½šúwY2M½`(ôçxK:‘ðùå(¢™L}“ ,^áLèáÈ0Jä•­ÅŒÄE< ½šúwY2M½`(ôçxKISyl›òQ «¥³Õ~+…××d4ìuº£…t彚úwY2M½`(ôçxK¨²Éu뫧ÛÞ^éiÀêî*1Ë‘¨gV¦·p½šúwY2M½`(ôçxKŽSïÜøRÎå¦é)1¼Bæ<ÓöI̧èrRäY– ½šúwY2M½`(ôçxK™-5š§¥÷‰Òh¹L¹HZkæCb°í´DÌ|9d{½šúwY2M½`(ôçxKŸ¤Õ?Ô>ÊÿBº~CS%+~^rµ nÿ€'ÖmC½šúwY2M½`(ôçxKÓrÀÐôýÉõ.ž#üVîrAJóPÐΦÂj5¦Ã!z½šúwY2M½`(ôçxK\Xj…é7‰EpÔùëh(¹|AË›¦ÓÜÌ_RzU½šúwY2M½`(ôçxKöJ)”Šˆ¾ÿÛ^ §7 Ï ÙÎkÏŽd !1«‡½šúwY2M½`(ôçxKØ~q4Tao[ׄšµÁq*¸O4”xì*8ùpÀ‰½šúwY2M½`(ôçxKë[­ÒnO®eù¤#XÞï|å,À_»Çgvæ˜*½šúwY2M½`(ôçxK»"‰ééM ÿ?bQj°~—›,lïâ«pÆßÁŸ¥½šúwY2M½`(ôçxK (ð@‹÷%ægØq8¨î¼R–-(Gñn5‡;A¶­½šúwY2M½`(ôçxK ùŠ©…Œ sø›§~‡ìoYlIPû‹º€¦/»‘K½šúwY2M½`(ôçxK uê pê¤Óót$mµOÇ´>Yj53 ¹ÃkOÙur^½šúwY2M½`(ôçxK Q×oÄ“Iv]¨†‚Bk,þžj¤òrSê´2㧽šúwY2M½`(ôçxK£¢šÐQ0×þ[ôÒYecÍí‡@–ªÌi“*.IQš½šúwY2M½`(ôçxKw0´/þI?é¶%—Í+o4Ójõ“0ñ¤/” ½šúwY2M½`(ôçxKáqZŸÏá¤DÎÿ…†ž´"3 ÀK1L)]m§ž½šúwY2M½`(ôçxK‘¨Ôså(¨x#½bæUß®Tú+úrýÀ)†Ö¸½šúwY2M½`(ôçxK‹XÁý¸Ú‹3Ìî_—:÷4Ùóã?]±W<+ ˆ¨ ½šúwY2M½`(ôçxK‘†ïß^òÞ‚Eº®4††º 5ÿ=˜eÁS|퓽šúwY2M½`(ôçxK' „²†ñc°jªäë¸ßøÞ} ‚[ˆ9ÿf'NÿG½šúwY2M½`(ôçxK)̤TN£0Ö‘Ç„i\œk"¬{[‰Ë×(Ñ@꽚úwY2M½`(ôçxK+"˜ê¢kĤUŠé.{°äø\óKøHýö6ÀÁ¾Ä˜—½šúwY2M½`(ôçxK-ÏŽp#ÑèáE=hÖì0Ù¾ÙL¼¸ÝÁ̬½šúwY2M½`(ôçxK1*Å[PÀ›0³Ì“¹”¡>î¬Tï‰/ÄG»½–¡½šúwY2M½`(ôçxK2­2–‚›ÄmϬ^ÝË¿,í\ø;"Ïœn`ǘԧ½šúwY2M½`(ôçxK4 £+X3Ž+V¯0 ©ßÖ¹Ò'àâ£IX±Æ%ž…½šúwY2M½`(ôçxK6.Ó ±à’(1©o ÏÞa‰Sæ•Éï.°ºÃuP½šúwY2M½`(ôçxK6z1僈1­,FGˆjlßò決‘ ÿ…Üz‡®›^˜½šúwY2M½`(ôçxK7e×iÀ[ù‹B{5;!7褛o… ñYíj†xj¦4½šúwY2M½`(ôçxK8mi\ß-EvàÊÌõäžxÚQ¯™UÀ¸úv7;y”³½šúwY2M½`(ôçxK:Ot¾¯®+“ƒ­‚Ò3¦Ï=³Çâè—¾ïBUúúwY2M½`(ôçxK:çlEÊpé Y˜Bb-ÒQ¼¡ûæ¹Å.Ás°5½šúwY2M½`(ôçxK;èçë45Á’Çi„gˆ™AÑöÏ QL¡i“OsY½šúwY2M½`(ôçxK>9&ð¸¡ZÕ¡Ag»dz„<=C!ã]¼DÜèÈ7A-(°½šúwY2M½`(ôçxK@ ÆmY·°”©ã ¦½:ÿ0WƒçY/B¾_ôº½šúwY2M½`(ôçxKA…‚m«[¨4{x¢+_š upÊ\“§MGŠy=ƒºÄ˜½šúwY2M½`(ôçxKAÑî±wÀ2NÝeWó„å2Þ õšDkï³Q¼%w½šúwY2M½`(ôçxKE‡kMØaÔ[:”€tz]´ZH²§)A ¶A/Š‡é]½šúwY2M½`(ôçxKFg¿% ×Á k„tÆͱßdŠXso¿WÐ]ou]«gô½šúwY2M½`(ôçxKGÿc±@¶üíy1æQÚ[./]®ô=ÂûÅ2±½šúwY2M½`(ôçxKWæ‘:úÌR"½vͯ1ø툉Td%Stï z‚×õšÓ•–½šúwY2M½`(ôçxKXú"q!ÇmížcÈ~:e3î öð¡¢?ÄE›Æ¼ß½šúwY2M½`(ôçxK]šË»J}KhRßYpâÎÖoö"îœÐíØAÌ­½šúwY2M½`(ôçxKaÎÄ£w¿YÀþ®ãp4¿—Õ¼nâ:ߺæãõû<ý½šúwY2M½`(ôçxKcW´E6,Ƙ KĶ(â=¾$¶élŠãÜ°Õ¬½šúwY2M½`(ôçxKe²çÌÙÃ1ßRßsÊ É2ÒŸ™tÅo0‡²Ý1G½šúwY2M½`(ôçxKfª íÂ8MœB]9'æíJ]@ÅçÍM¬ˆõwòñ½šúwY2M½`(ôçxKhsÒö)½RéTîÿYwªƒgC™—bÿ!,”3Æ—½šúwY2M½`(ôçxKm»êÒ>Œ† ø´tûü¥ Mã⋈»ÌÜGG“N½šúwY2M½`(ôçxKmêÑ2WßÃÌƤ³pº‘u_éàìAP0”.Z¼Gð|ˆ½šúwY2M½`(ôçxKp¡E ò­9Ui­ þ±ÙÁ%2Né ì9ÂXˆ4Ô‰-Q«½šúwY2M½`(ôçxKrÂo‚|ë’˜—˜–Æ®tÓë϶]A²fÉ ¾‚½šúwY2M½`(ôçxKxd!ˆ¨´±sÔ¨õì”Ø(dqV ™5zXbK7u ½šúwY2M½`(ôçxKxƒƒ¤Ç3»‡Ò¿Qg=Ç>’ß«}QÜqV'®whm#¼½šúwY2M½`(ôçxKx´íÊ«ÈÙ > â€,®´ðž#£9LJÌn‡èóS•1½šúwY2M½`(ôçxKI̳ 2;z±“ÉU¸ÇDð¢·\1I^`pP'½šúwY2M½`(ôçxK‚¬ºHÕ#lÏ÷ešüYMî+Ö.ñ£ ›P†(Ï4ô½šúwY2M½`(ôçxK‰Mx962˜Ì‘Zèt.ó0×¢f™ôYGŒò,+k²…f½šúwY2M½`(ôçxKŒI×Wåª!ÁcH#22—ØhòX‘e)ïÅ ïp½šúwY2M½`(ôçxK“Ö iYevåÜFKá*…úR€¶õ$Ô¡ÃüÉÐHÏ­½šúwY2M½`(ôçxKcõûÅåz¶Þl”ˆ` ár±vÕ«WÔÈŸ`þ-⽚úwY2M½`(ôçxK‘ej¤ïI;8$ ·&2HäâÖW¥ÈHˆ ¶[s 2ûS½šúwY2M½`(ôçxK‘——¿Ž[Æ„9¬Äcë¸ú«ývMËè/;©wÊÈÏj½šúwY2M½`(ôçxK”pxù|a––Œ:霚]Xf~†ˆ,öÈÉÕ‰g¤–»zô<½šúwY2M½`(ôçxK–äP”PÓ€ÚÃbÿŽ)U‰ŠåX…Ò ‰Â{¢©Ð ½šúwY2M½`(ôçxK—ƒµîD’éè‘ÆUñô€5•­E<b:ðþ{òÀ¥x…㽚úwY2M½`(ôçxK—¥ DDb óŒØÆQ,¬šuýCzáäÒ))€va#'½šúwY2M½`(ôçxK—¨ÅºÖï»]jÚNºG-ÄÆÍIrü]ã!4/佚úwY2M½`(ôçxK™( æìŒAÚ®KØ«Hõ‚héC¦pÓ\¥â½Í>|L” r½šúwY2M½`(ôçxK™T¡©U豉«ÊAK‘ö l@¨ko>óh݆1½šúwY2M½`(ôçxK›¯Ov×kõÖ¨—¿½_B›¡Mà‹HÃîv“ ‚ÿ8‘½šúwY2M½`(ôçxKœ%ŸË0_Ç9~Õu™càïk6ä WýsnkЋŸu½šúwY2M½`(ôçxKÒÜ·/^t'òéà:±…£@<ö©¤y¤ÛÙ~"P©½šúwY2M½`(ôçxKžÓ?¼ À2øœ¢Ä«4íÃ:E¥ %!£µ‡j£ê,½šúwY2M½`(ôçxK¤Ùx·Ä½¡T5Õø¹Y.Â¥­ûê{­j5ìµ0”d/½šúwY2M½`(ôçxK©$ÓÊÖÚB·9›– • oö±«¥¸s°Õó î!s´‹l½šúwY2M½`(ôçxK­;å‰ÀGN—Þ[²¿3SIH·k¸vßÜX±þ×gµ¡[ü½šúwY2M½`(ôçxK¸Öµç…{Eƒ|{ãØV­ë—Ç)°fZ=G:KëQÜó½šúwY2M½`(ôçxK¹?™Y‹ ú ¬Á,üü%hy?nwžy^m|"Su½šúwY2M½`(ôçxK»Ú3»cœ~€m°VÉŠSò/ïû äm®Iš½šúwY2M½`(ôçxK¼uùÿ2\µ™žf»ÔOJå7¤/ßï5SHãf⽚úwY2M½`(ôçxK½Ð&éØWÓþu¯Áp*)ð´öýö¢²\—©ÎŽšúwY2M½`(ôçxK¾C]÷Í(ª*|´üsG[wå«ó’÷k|vú?iŒ·š½šúwY2M½`(ôçxK¾÷f;åêM¿Øhn$poLûÍg¦Åfí”Î ÄDp½šúwY2M½`(ôçxKÂF—YÁ”~ô¶_r©õ³¯‹onr{h» ‘8\¿BjŠ½šúwY2M½`(ôçxKÃP[ó쥬äÇk‹Ñ 9 eÑóNu¸£^ãÆ›–½šúwY2M½`(ôçxKÄ-Ç Ï^Œóû‘ýòˆ@!­ƒl¦Šß,»y•Á õˆÔ½šúwY2M½`(ôçxKÆd¥¸9ä¡gBR~jÎ<'oÒn4ÇÐã"½šúwY2M½`(ôçxKË4¯ë tÄ¥ˆ³nº¤A–èÒú€Ü¨Á8rÈPyk½šúwY2M½`(ôçxKÌŽìn¹!,¿‰zZÎ~Š¾ìáŸmï x•‘ËGñð„½šúwY2M½`(ôçxKÏ¢CÁÍ.<Œë~p‡ÎËûƒ%»ùз y­óèA(½šúwY2M½`(ôçxKØšÑlHÔû¼TKúøg f ”HåK¿òpNBˆ½šúwY2M½`(ôçxKÙfŠµ'…g†Á4µä½Û÷$R;is"š¹*¡¥M õ½šúwY2M½`(ôçxKÚ5`ý 2µLƒÔòÿ†Ò“i¬òÈ–ø¯§CkúFU½šúwY2M½`(ôçxKߪ´ƒ‡©áÔÆR(œ¶«á–Èô³–Çä»Ã•Þiwö½šúwY2M½`(ôçxKß‘¬…©OÍ ûU½|¾ú¬¸Åîs—þ,ÈY„Ež.¡N½šúwY2M½`(ôçxKàQ·ˆìºí¥0FÇjö•",aW¸ÄÁ¹ÂÏÆ_F彚úwY2M½`(ôçxKãmüq!Âãšêˆ„ž(E«2ooçNS›~TØ61½šúwY2M½`(ôçxK㘑ô‹¼Å“¸í†Î‚ÎfoÁ[ŸËý+ºÐ¨›ôÇ¿¿½šúwY2M½`(ôçxKæ…oy™-ÉO¢ô2—ì2ÒÙ§o{æaÆ¡>ü;ÍõȽšúwY2M½`(ôçxKêÿŒ…ºM[k€FõÖG×yºÚwhæIÐGÿ›f ½šúwY2M½`(ôçxKfIa §OjÆäß»)¢à®;Š#(Ž~.r½šúwY2M½`(ôçxKî×àïòíUž*yî6™b¯;™‘1ã ·ýTo® rg½šúwY2M½`(ôçxKñ´öQ; TJh­Â‘ï¨ÅŸB ¥Ü²> Zú~ =½šúwY2M½`(ôçxKò¡m5µTiA‡§ @Êh)Yôó\,àê¸ýd÷¬*¹õÂJ½šúwY2M½`(ôçxKóÔaÅé•@?É|¢Ø©ËâpY}2ºßÖkwI_”½šúwY2M½`(ôçxKôŽmØqŽ•;`¢O,¾¦ •!Þ®gÛ%B[}:Îô1³[ôÀæ‹Óµw¹«á©ÏñËßT½šúwY2M½`(ôçxK ;Ã9é¶ù¬Ø(¸4‚¥ÃöNg姺¨§S³Jö½šúwY2M½`(ôçxKB Ì|ßöLYHHMj~ÃQNo\¦½î× “” “̽šúwY2M½`(ôçxK(ˆxñ.‹œlËöÇ=_N˜\¬óü°ÂND‘+>¹½šúwY2M½`(ôçxK.¤Ëj±ÓÜè-Týâmí$;£áçÆÒ*YOågˆ½šúwY2M½`(ôçxK@ÖÊà)sx€ÏL:šÑZ M‹ºD8«–âvÌxDTÞ罚úwY2M½`(ôçxKOüäúˆ—ÐÈ FÖÚ´G&Ñ6ü$’ïÐþߣˆzœ½šúwY2M½`(ôçxK\*þ4½Šzë»Cœ%ûjBOå5¬MöÁ—E¶ñ‰:½šúwY2M½`(ôçxK™×­ Ö~R3½vp/K€‡ÏÄìeIMl¨«¨XþºÚ½šúwY2M½`(ôçxK¦¨Q½÷S+K€ú•êßßø°ËµŠ}99Éñç…½šúwY2M½`(ôçxK½ÔlŸ]8„SÆÙ4uÓšWerºÿua,2F£ZS)±½šúwY2M½`(ôçxKË™K@¶l¿Uüf5UÊðÔñÎ&tdÐE,#aà^áÍP½šúwY2M½`(ôçxKÖî·‚ãl¯ûMŸ‚‡Þ“ «Ìo¤Uûýo7'=½šúwY2M½`(ôçxKÝ Ï}±âb-ôTp7¬jó >Àk0'IˆÅk½šúwY2M½`(ôçxKä%r¯¬r]Jzªøð”Úζ‚ôé'ƒ²»? b¯½šúwY2M½`(ôçxKæ#mÁîL|z›9e”t0„{á%÷®·‘¡(:꽚úwY2M½`(ôçxK‰¤e}èr˜U,ùàóÁ÷Æ-úc¹ò[¼fèd”½šúwY2M½`(ôçxKõè’ÝnÄÂÞúJI\ !›by¶M£Ñ²ãJßK_½9½šúwY2M½`(ôçxKÔ$ÍZ6Œ4Lf$ó¸çO«3w“úv_û.½šúwY2M½`(ôçxK#.BO³ÿNüuÐ c†w'„ºPpî$ߊ·™½šúwY2M½`(ôçxK‘r§bfµ»/€ ñ…£nT¯Õn–s‡ê} Mx ‰½šúwY2M½`(ôçxKÜŠÿª£ã.￉›0Y˳¤‹‚úœ“Õ¶½šúwY2M½`(ôçxK™YíNåHµŸ!“¤Ucê…»"LÙmì–ÀçüͽšúwY2M½`(ôçxKG³xgdK.è ;-_¾!âwÁaz,/W¬à…Ÿ½šúwY2M½`(ôçxKú¼7ó•æõ$r´O¥/Ÿ ¤€ðQ˜Æh·[ôF½šúwY2M½`(ôçxKãóüÿ ¿ÁÀ`¤¿Vˆ^ýU¨éÎ<_HiDL¬ÿ­ ½šúwY2M½`(ôçxKLÚã’ Q,œ*‹Jº––› —¶Ld¥Ø˜Ë ¹½šúwY2M½`(ôçxK[‰ñª$5 =ٲѴû¤øõlñù¸ÖÙ¸&""5Á½šúwY2M½`(ôçxKL•W± >!f>-#ãÁ®œäµÞ X¢—3#6¢Ø½šúwY2M½`(ôçxKà`Ú Và ϱvnŽ„hh¡éšT±J¥ÐhŸ(@ÎÆß½šúwY2M½`(ôçxKHôXMáÅìe %æÆ#c\ὂaÄÔ î#U´Ê½šúwY2M½`(ôçxK¯y±@d`À˜}GG¯‘J"ŒÖ"ÎÚ·¤öpþçggo-tpm-tools-0.4.7/server/secure-boot/debian-boothole.crt000066400000000000000000000014001510276467000233700ustar00rootroot000000000000000‚ü0‚ä §Fï0  *†H†÷  0 10UDebian Secure Boot CA0 160816182250Z 260816182250Z0$1"0 UDebian Secure Boot Signer0‚"0  *†H†÷ ‚0‚ ‚ÓуÚe¢/Z`•ë÷dž| †Úe£¦ë[;ÎÈû?¡rKžßPÅ3¤ +_ÖA ¶Ï•H튲­Öå7N`ͲJ8³D€”¯ŸnTÛ¨<·K0Þ!o £fºj+–Öšaw Ôí<Ðq»­Œð"\>%Ìm".a—•¯›.MX¶~xùú²['Þ}¢¾ ¬sì—°^ííå¥u?xàqÎ/΃íS10˜Næù¢ˆˆ¦#| ·T:•í^y^Nþͪނüö–qNII¹Óé°«×*G·S0'|Üf˜ oÑ~õ=>Ô¢jˆY//=ÈÆ(ÞBþÙR=$Âü@˜öv¿Œ»e£9070 `†H†øB0U%0  +‚7 0 U€0  *†H†÷  ‚W¤`L)éò}k\“ÛÌlŸ?iHšuÞdóƒJ ©&!îéV]á>ÙuËÌ¿Mäè‰=~B‡@ÃÕàqyÜláqbǘÂË' /ŸÌìú‹²ó žóòÃÉŸÛ%“¤Í»åŽô×U¨´uA1ýN] Â¬ÅÞFçÜÏÕèG“Œ2ÍDÕtÇ0šW¥VÐ~Ï´ôó)ùÛ›SÒ½/­ju&Edºº(–‡Ž·ðyWúz 0 checkCert := len(opts.TrustedRootCerts) > 0 if !checkPub && !checkCert { return fmt.Errorf("no trust mechanism provided, either use TrustedAKs or TrustedRootCerts") } if checkPub && checkCert { return fmt.Errorf("multiple trust mechanisms provided, only use one of TrustedAKs or TrustedRootCerts") } return nil } func validateAKPub(ak crypto.PublicKey, opts VerifyOpts) error { for _, trusted := range opts.TrustedAKs { if internal.PubKeysEqual(ak, trusted) { return nil } } return fmt.Errorf("key not trusted") } // VerifyAKCert checks a given Attestation Key certificate against the provided // root and intermediate CAs. func VerifyAKCert(akCert *x509.Certificate, trustedRootCerts []*x509.Certificate, intermediateCerts []*x509.Certificate) error { if akCert == nil { return errors.New("failed to validate AK Cert: received nil cert") } if len(trustedRootCerts) == 0 { return errors.New("failed to validate AK Cert: received no trusted root certs") } // We manually handle the SAN extension because x509 marks it unhandled if // SAN does not parse any of DNSNames, EmailAddresses, IPAddresses, or URIs. // https://cs.opensource.google/go/go/+/master:src/crypto/x509/parser.go;l=668-678 var exts []asn1.ObjectIdentifier for _, ext := range akCert.UnhandledCriticalExtensions { if ext.Equal(oidExtensionSubjectAltName) { continue } exts = append(exts, ext) } akCert.UnhandledCriticalExtensions = exts x509Opts := x509.VerifyOptions{ Roots: makePool(trustedRootCerts), Intermediates: makePool(intermediateCerts), // The default key usage (ExtKeyUsageServerAuth) is not appropriate for // an Attestation Key: ExtKeyUsage of // - https://oidref.com/2.23.133.8.1 // - https://oidref.com/2.23.133.8.3 // https://pkg.go.dev/crypto/x509#VerifyOptions KeyUsages: []x509.ExtKeyUsage{x509.ExtKeyUsage(x509.ExtKeyUsageAny)}, } if _, err := akCert.Verify(x509Opts); err != nil { return fmt.Errorf("certificate did not chain to a trusted root: %v", err) } return nil } // Retrieve the supported quotes in order of hash preference. func supportedQuotes(quotes []*tpmpb.Quote) []*tpmpb.Quote { out := make([]*tpmpb.Quote, 0, len(quotes)) for _, alg := range pcrHashAlgs { for _, quote := range quotes { if tpm2.Algorithm(quote.GetPcrs().GetHash()) == alg { out = append(out, quote) break } } } return out } func makePool(certs []*x509.Certificate) *x509.CertPool { pool := x509.NewCertPool() for _, cert := range certs { pool.AddCert(cert) } return pool } // parseMachineStateFromTPM is a wrapper function around `parsePCClientEventLog` method to: // 1. parse partial machine state from TPM TCG event logs. // 2. verify GceTechnology since the GCE Technology event is directly related to the TPM. // 3. populate the machineState TeeAttestatation field with the verified TDX/SNP attestation data. func parseMachineStateFromTPM(attestation *pb.Attestation, pcrs *tpmpb.PCRs, opts VerifyOpts) (*pb.MachineState, error) { ms, err := parsePCClientEventLog(attestation.GetEventLog(), pcrs, opts) if err != nil { return nil, fmt.Errorf("failed to validate the PCClient event log: %w", err) } return ms, nil } go-tpm-tools-0.4.7/server/verify_test.go000066400000000000000000000533501510276467000203010ustar00rootroot00000000000000package server import ( "crypto" "crypto/rand" "crypto/rsa" "crypto/sha256" "crypto/x509" "crypto/x509/pkix" _ "embed" "encoding/asn1" "encoding/pem" "fmt" "io" "os" "testing" "github.com/google/go-tpm-tools/client" "github.com/google/go-tpm-tools/internal" "github.com/google/go-tpm-tools/internal/test" attestpb "github.com/google/go-tpm-tools/proto/attest" "github.com/google/go-tpm/legacy/tpm2" "github.com/google/go-tpm/tpmutil" "github.com/google/logger" "google.golang.org/protobuf/proto" ) func getDigestHash(input string) []byte { inputDigestHash := sha256.New() inputDigestHash.Write([]byte(input)) return inputDigestHash.Sum(nil) } func extendPCRsRandomly(rwc io.ReadWriteCloser, selpcr tpm2.PCRSelection) error { var pcrExtendValue []byte if selpcr.Hash == tpm2.AlgSHA256 { pcrExtendValue = make([]byte, 32) } else if selpcr.Hash == tpm2.AlgSHA1 { pcrExtendValue = make([]byte, 20) } for _, v := range selpcr.PCRs { _, err := rand.Read(pcrExtendValue) if err != nil { return fmt.Errorf("random bytes read fail %v", err) } err = tpm2.PCRExtend(rwc, tpmutil.Handle(v), selpcr.Hash, pcrExtendValue, "") if err != nil { return fmt.Errorf("PCR extend fail %v", err) } } return nil } func TestMain(m *testing.M) { logger.Init("TestLog", false, false, os.Stderr) os.Exit(m.Run()) } func TestVerifyHappyCases(t *testing.T) { rwc := test.GetTPM(t) defer client.CheckedClose(t, rwc) onePCR := []int{test.DebugPCR} twoPCR := append(onePCR, test.ApplicationPCR) dupePCR := append(twoPCR, twoPCR...) subtests := []struct { name string getKey func(io.ReadWriter) (*client.Key, error) pcrHashAlgo tpm2.Algorithm quotePCRList []int extraData []byte }{ {"AK-RSA_SHA1_2PCRs_nonce", client.AttestationKeyRSA, tpm2.AlgSHA1, twoPCR, getDigestHash("test")}, {"AK-RSA_SHA1_1PCR_nonce", client.AttestationKeyRSA, tpm2.AlgSHA1, onePCR, getDigestHash("t")}, {"AK-RSA_SHA1_1PCR_no-nonce", client.AttestationKeyRSA, tpm2.AlgSHA1, onePCR, nil}, {"AK-RSA_SHA256_2PCRs_nonce", client.AttestationKeyRSA, tpm2.AlgSHA256, twoPCR, getDigestHash("test")}, {"AK-RSA_SHA256_2PCR_empty-nonce", client.AttestationKeyRSA, tpm2.AlgSHA256, twoPCR, []byte{}}, {"AK-RSA_SHA256_dupePCrSel_nonce", client.AttestationKeyRSA, tpm2.AlgSHA256, dupePCR, getDigestHash("")}, {"AK-ECC_SHA1_2PCRs_nonce", client.AttestationKeyECC, tpm2.AlgSHA1, twoPCR, getDigestHash("test")}, {"AK-ECC_SHA1_1PCR_nonce", client.AttestationKeyECC, tpm2.AlgSHA1, onePCR, getDigestHash("t")}, {"AK-ECC_SHA1_1PCR_no-nonce", client.AttestationKeyECC, tpm2.AlgSHA1, onePCR, nil}, {"AK-ECC_SHA256_2PCRs_nonce", client.AttestationKeyECC, tpm2.AlgSHA256, twoPCR, getDigestHash("test")}, {"AK-ECC_SHA256_2PCR_empty-nonce", client.AttestationKeyECC, tpm2.AlgSHA256, twoPCR, []byte{}}, {"AK-ECC_SHA256_dupePCrSel_nonce", client.AttestationKeyECC, tpm2.AlgSHA256, dupePCR, getDigestHash("")}, } for _, subtest := range subtests { t.Run(subtest.name, func(t *testing.T) { ak, err := subtest.getKey(rwc) if err != nil { t.Errorf("failed to generate AK: %v", err) } defer ak.Close() selpcr := tpm2.PCRSelection{ Hash: subtest.pcrHashAlgo, PCRs: subtest.quotePCRList, } err = extendPCRsRandomly(rwc, selpcr) if err != nil { t.Fatalf("failed to extend test PCRs: %v", err) } quote, err := ak.Quote(selpcr, subtest.extraData) if err != nil { t.Fatalf("failed to quote: %v", err) } err = internal.VerifyQuote(quote, ak.PublicKey(), subtest.extraData) if err != nil { t.Fatalf("failed to verify: %v", err) } }) } } func TestVerifyPCRChanged(t *testing.T) { rwc := test.GetTPM(t) defer client.CheckedClose(t, rwc) ak, err := client.AttestationKeyRSA(rwc) if err != nil { t.Errorf("failed to generate AK: %v", err) } defer ak.Close() selpcr := tpm2.PCRSelection{ Hash: tpm2.AlgSHA256, PCRs: []int{test.DebugPCR}, } err = extendPCRsRandomly(rwc, selpcr) if err != nil { t.Errorf("failed to extend test PCRs: %v", err) } nonce := getDigestHash("test") quote, err := ak.Quote(selpcr, nonce) if err != nil { t.Error(err) } // change the PCR value err = extendPCRsRandomly(rwc, selpcr) if err != nil { t.Errorf("failed to extend test PCRs: %v", err) } quote.Pcrs, err = client.ReadPCRs(rwc, selpcr) if err != nil { t.Errorf("failed to read PCRs: %v", err) } err = internal.VerifyQuote(quote, ak.PublicKey(), nonce) if err == nil { t.Errorf("Verify should fail as Verify read a modified PCR") } } func TestVerifyUsingDifferentPCR(t *testing.T) { rwc := test.GetTPM(t) defer client.CheckedClose(t, rwc) ak, err := client.AttestationKeyRSA(rwc) if err != nil { t.Errorf("failed to generate AK: %v", err) } defer ak.Close() err = extendPCRsRandomly(rwc, tpm2.PCRSelection{ Hash: tpm2.AlgSHA256, PCRs: []int{test.DebugPCR, test.ApplicationPCR}, }) if err != nil { t.Errorf("failed to extend test PCRs: %v", err) } nonce := getDigestHash("test") quote, err := ak.Quote(tpm2.PCRSelection{ Hash: tpm2.AlgSHA256, PCRs: []int{test.DebugPCR}, }, nonce) if err != nil { t.Error(err) } quote.Pcrs, err = client.ReadPCRs(rwc, tpm2.PCRSelection{ Hash: tpm2.AlgSHA256, PCRs: []int{test.ApplicationPCR}, }) if err != nil { t.Errorf("failed to read PCRs: %v", err) } err = internal.VerifyQuote(quote, ak.PublicKey(), nonce) if err == nil { t.Errorf("Verify should fail as Verify read a different PCR") } } func TestVerifyWithTrustedAK(t *testing.T) { rwc := test.GetTPM(t) defer client.CheckedClose(t, rwc) ak, err := client.AttestationKeyRSA(rwc) if err != nil { t.Fatalf("failed to generate AK: %v", err) } defer ak.Close() nonce := []byte("super secret nonce") attestation, err := ak.Attest(client.AttestOpts{Nonce: nonce}) if err != nil { t.Fatalf("failed to attest: %v", err) } opts := VerifyOpts{ Nonce: nonce, TrustedAKs: []crypto.PublicKey{ak.PublicKey()}, } _, err = VerifyAttestation(attestation, opts) if err != nil { t.Errorf("failed to verify: %v", err) } } func TestVerifySHA1Attestation(t *testing.T) { rwc := test.GetTPM(t) defer client.CheckedClose(t, rwc) ak, err := client.AttestationKeyRSA(rwc) if err != nil { t.Fatalf("failed to generate AK: %v", err) } defer ak.Close() nonce := []byte("super secret nonce") attestation, err := ak.Attest(client.AttestOpts{Nonce: nonce}) if err != nil { t.Fatalf("failed to attest: %v", err) } // We should get a SHA-256 state, even if we allow SHA-1 opts := VerifyOpts{ Nonce: nonce, TrustedAKs: []crypto.PublicKey{ak.PublicKey()}, AllowSHA1: true, } state, err := VerifyAttestation(attestation, opts) if err != nil { t.Errorf("failed to verify: %v", err) } h := tpm2.Algorithm(state.GetHash()) if h != tpm2.AlgSHA256 { t.Errorf("expected SHA-256 state, got: %v", h) } // Now we mess up the SHA-256 state to force SHA-1 fallback for _, quote := range attestation.GetQuotes() { if tpm2.Algorithm(quote.GetPcrs().GetHash()) == tpm2.AlgSHA256 { quote.Quote = nil } } state, err = VerifyAttestation(attestation, opts) if err != nil { t.Errorf("failed to verify: %v", err) } h = tpm2.Algorithm(state.GetHash()) if h != tpm2.AlgSHA1 { t.Errorf("expected SHA-1 state, got: %v", h) } // SHA-1 fallback can then be disabled opts.AllowSHA1 = false if _, err = VerifyAttestation(attestation, opts); err == nil { t.Error("expected attestation to fail with only SHA-1") } } func TestVerifyAttestationWithCerts(t *testing.T) { tests := []struct { name string attestation []byte nonce []byte }{ { "no-nonce", test.COS85NoNonce, nil, }, { "nonce-9009", test.COS85Nonce9009, []byte{0x90, 0x09}, }, } for _, test := range tests { t.Run(test.name, func(t *testing.T) { attestBytes := test.attestation att := &attestpb.Attestation{} if err := proto.Unmarshal(attestBytes, att); err != nil { t.Fatalf("failed to unmarshal attestation: %v", err) } if _, err := VerifyAttestation(att, VerifyOpts{ Nonce: test.nonce, TrustedRootCerts: GceEKRoots, IntermediateCerts: GceEKIntermediates, }); err != nil { t.Errorf("failed to VerifyAttestation with AKCert: %v", err) } }) } } func TestVerifyAutomaticallyUsesIntermediatesInAttestation(t *testing.T) { attestBytes := test.COS85Nonce9009 att := &attestpb.Attestation{} if err := proto.Unmarshal(attestBytes, att); err != nil { t.Fatalf("failed to unmarshal attestation: %v", err) } att.IntermediateCerts = [][]byte{gceEKIntermediateCA2} if _, err := VerifyAttestation(att, VerifyOpts{ Nonce: []byte{0x90, 0x09}, TrustedRootCerts: GceEKRoots, }); err != nil { t.Errorf("failed to VerifyAttestation with intermediates provided in attestation: %v", err) } } func TestVerifySucceedsWithOverlappingIntermediatesInOptionsAndAttestation(t *testing.T) { attestBytes := test.COS85Nonce9009 att := &attestpb.Attestation{} if err := proto.Unmarshal(attestBytes, att); err != nil { t.Fatalf("failed to unmarshal attestation: %v", err) } att.IntermediateCerts = [][]byte{gceEKIntermediateCA2} if _, err := VerifyAttestation(att, VerifyOpts{ Nonce: []byte{0x90, 0x09}, TrustedRootCerts: GceEKRoots, IntermediateCerts: GceEKIntermediates, }); err != nil { t.Errorf("failed to VerifyAttestation with overlapping intermediates provided in attestation and options: %v", err) } } func TestValidateOptsFailWithCertsAndPubkey(t *testing.T) { priv, err := rsa.GenerateKey(rand.Reader, 2048) if err != nil { t.Fatal(err) } opts := VerifyOpts{ Nonce: nil, TrustedRootCerts: GceEKRoots, IntermediateCerts: GceEKIntermediates, TrustedAKs: []crypto.PublicKey{priv.Public()}, } if err := validateOpts(opts); err == nil { t.Error("Verified attestation even with multiple trust methods") } } func TestValidateAK(t *testing.T) { attestBytes := test.COS85NoNonce att := &attestpb.Attestation{} if err := proto.Unmarshal(attestBytes, att); err != nil { t.Fatalf("failed to unmarshal attestation: %v", err) } rwc := test.GetTPM(t) t.Cleanup(func() { client.CheckedClose(t, rwc) }) ak, err := client.AttestationKeyRSA(rwc) if err != nil { t.Fatalf("failed to generate AK: %v", err) } t.Cleanup(ak.Close) testCases := []struct { name string att func() *attestpb.Attestation opts VerifyOpts wantPass bool }{ { name: "success with validateAKCert", att: func() *attestpb.Attestation { return att }, opts: VerifyOpts{ TrustedRootCerts: GceEKRoots, IntermediateCerts: GceEKIntermediates, }, wantPass: true, }, { name: "success with validateAKPub", att: func() *attestpb.Attestation { nonce := []byte("super secret nonce") attestation, err := ak.Attest(client.AttestOpts{Nonce: nonce}) if err != nil { t.Fatalf("failed to attest: %v", err) } return attestation }, opts: VerifyOpts{TrustedAKs: []crypto.PublicKey{ak.PublicKey()}}, wantPass: true, }, { name: "failed with empty roots and intermediates", att: func() *attestpb.Attestation { return att }, opts: VerifyOpts{ TrustedRootCerts: nil, IntermediateCerts: nil, }, wantPass: false, }, { name: "failed with empty VerifyOpts", att: func() *attestpb.Attestation { return att }, opts: VerifyOpts{}, wantPass: false, }, { name: "failed with missing roots", att: func() *attestpb.Attestation { return att }, opts: VerifyOpts{IntermediateCerts: GceEKIntermediates}, wantPass: false, }, { name: "failed with missing intermediates", att: func() *attestpb.Attestation { return att }, opts: VerifyOpts{TrustedRootCerts: GceEKRoots}, wantPass: false, }, { name: "failed with wrong trusted AKs", att: func() *attestpb.Attestation { return att }, opts: VerifyOpts{TrustedAKs: []crypto.PublicKey{ak.PublicKey()}}, wantPass: false, }, } for _, tc := range testCases { t.Run(tc.name, func(t *testing.T) { _, _, err := validateAK(tc.att(), tc.opts) if gotPass := (err == nil); gotPass != tc.wantPass { t.Errorf("ValidateAK failed, got pass %v, but want %v", gotPass, tc.wantPass) } }) } } func TestVerifyIgnoreAKPubWithAKCert(t *testing.T) { // Make sure that we ignore the AKPub if the AKCert is presented rwc := test.GetTPM(t) defer client.CheckedClose(t, rwc) ak, err := client.AttestationKeyRSA(rwc) if err != nil { t.Fatalf("failed to generate AK: %v", err) } defer ak.Close() nonce := []byte{0x90, 0x09} badAtt, err := ak.Attest(client.AttestOpts{Nonce: nonce}) if err != nil { t.Fatalf("failed to attest: %v", err) } // Copy "good" certificate into "bad" attestation goodAtt := &attestpb.Attestation{} if err := proto.Unmarshal(test.COS85Nonce9009, goodAtt); err != nil { t.Fatalf("failed to unmarshal attestation: %v", err) } badAtt.AkCert = goodAtt.GetAkCert() opts := VerifyOpts{ Nonce: nonce, TrustedRootCerts: GceEKRoots, IntermediateCerts: GceEKIntermediates, } if _, err := VerifyAttestation(badAtt, opts); err == nil { t.Error("expected error when calling VerifyAttestation, because the cert is replaced") } } func TestVerifyFailsWithMalformedIntermediatesInAttestation(t *testing.T) { attestBytes := test.COS85Nonce9009 att := &attestpb.Attestation{} if err := proto.Unmarshal(attestBytes, att); err != nil { t.Fatalf("failed to unmarshal attestation: %v", err) } att.IntermediateCerts = [][]byte{[]byte("Not an intermediate cert.")} if _, err := VerifyAttestation(att, VerifyOpts{ Nonce: []byte{0x90, 0x09}, TrustedRootCerts: GceEKRoots, }); err == nil { t.Error("expected error when calling VerifyAttestation with malformed intermediate") } } func TestGetInstanceInfo(t *testing.T) { expectedInstanceInfo := &attestpb.GCEInstanceInfo{ Zone: "expected zone", ProjectId: "expected project id", ProjectNumber: 0, InstanceName: "expected instance name", InstanceId: 1, } extStruct := gceInstanceInfo{ Zone: expectedInstanceInfo.Zone, ProjectID: expectedInstanceInfo.ProjectId, ProjectNumber: int64(expectedInstanceInfo.ProjectNumber), InstanceName: expectedInstanceInfo.InstanceName, InstanceID: int64(expectedInstanceInfo.InstanceId), SecurityProperties: gceSecurityProperties{ SecurityVersion: 0, IsProduction: true, }, } marshaledExt, err := asn1.Marshal(extStruct) if err != nil { t.Fatalf("Error marshaling test extension: %v", err) } ext := []pkix.Extension{{ Id: cloudComputeInstanceIdentifierOID, Value: marshaledExt, }} instanceInfo, err := getInstanceInfoFromExtensions(ext) if err != nil { t.Fatalf("getInstanceInfo returned with error: %v", err) } if instanceInfo == nil { t.Fatal("getInstanceInfo returned nil instance info.") } if !proto.Equal(instanceInfo, expectedInstanceInfo) { t.Errorf("getInstanceInfo did not return expected instance info: got %v, want %v", instanceInfo, expectedInstanceInfo) } } func TestGetInstanceInfoReturnsNil(t *testing.T) { extStruct := gceInstanceInfo{ Zone: "zone", ProjectID: "project id", ProjectNumber: 0, InstanceName: "instance name", InstanceID: 1, SecurityProperties: gceSecurityProperties{IsProduction: false}, } marshaledExt, err := asn1.Marshal(extStruct) if err != nil { t.Fatalf("Error marshaling test extension: %v", err) } testcases := []struct { name string ext []pkix.Extension }{ { name: "No extension with expected OID", ext: []pkix.Extension{{ Id: asn1.ObjectIdentifier([]int{1, 2, 3, 4}), Value: []byte("fake extension"), }}, }, { name: "IsProduction is false", ext: []pkix.Extension{{ Id: cloudComputeInstanceIdentifierOID, Value: marshaledExt, }}, }, } for _, tc := range testcases { t.Run(tc.name, func(t *testing.T) { instanceInfo, err := getInstanceInfoFromExtensions(tc.ext) if err != nil { t.Fatalf("getInstanceInfo returned with error: %v", err) } if instanceInfo != nil { t.Error("getInstanceInfo returned instance information, expected nil") } }) } } func TestGetInstanceInfoError(t *testing.T) { testcases := []struct { name string instanceInfo *gceInstanceInfo }{ { name: "Extension value is not valid ASN1", instanceInfo: nil, }, { name: "Negative ProjectNumber", instanceInfo: &gceInstanceInfo{ Zone: "zone", ProjectID: "project id", ProjectNumber: -1, InstanceName: "instance name", InstanceID: 1, SecurityProperties: gceSecurityProperties{IsProduction: false}, }, }, { name: "Negative InstanceID", instanceInfo: &gceInstanceInfo{ Zone: "zone", ProjectID: "project id", ProjectNumber: 0, InstanceName: "instance name", InstanceID: -1, SecurityProperties: gceSecurityProperties{IsProduction: false}, }, }, { name: "Negative SecurityVersion", instanceInfo: &gceInstanceInfo{ Zone: "zone", ProjectID: "project id", ProjectNumber: 0, InstanceName: "instance name", InstanceID: 1, SecurityProperties: gceSecurityProperties{ SecurityVersion: -1, IsProduction: false, }, }, }, } for _, tc := range testcases { t.Run(tc.name, func(t *testing.T) { var extensionVal []byte var err error if tc.instanceInfo != nil { extensionVal, err = asn1.Marshal(*tc.instanceInfo) if err != nil { t.Fatalf("Error marshaling test extension: %v", err) } } else { extensionVal = []byte("Not a valid ASN1 extension.") } _, err = getInstanceInfoFromExtensions([]pkix.Extension{{ Id: cloudComputeInstanceIdentifierOID, Value: extensionVal, }}) if err == nil { t.Error("getInstanceInfo returned successfully, expected error") } }) } ext := []pkix.Extension{{ Id: cloudComputeInstanceIdentifierOID, Value: []byte("not valid ASN1"), }} _, err := getInstanceInfoFromExtensions(ext) if err == nil { t.Error("getInstanceInfo returned successfully, expected error") } } func TestGetInstanceInfoASN(t *testing.T) { expectedInstanceInfo := &attestpb.GCEInstanceInfo{ Zone: "us-west1-b", ProjectId: "jiankun-vm-test", ProjectNumber: 620438545889, InstanceName: "jkltest42102", InstanceId: 3560342035431930290, } // The payload is extract from a real AK cert, the ASN1 encoding requires gceSecurityProperties // to have explicit ASN tag. extPayload := []byte{48, 95, 12, 10, 117, 115, 45, 119, 101, 115, 116, 49, 45, 98, 2, 6, 0, 144, 117, 4, 229, 225, 12, 15, 106, 105, 97, 110, 107, 117, 110, 45, 118, 109, 45, 116, 101, 115, 116, 2, 8, 49, 104, 224, 55, 188, 207, 185, 178, 12, 12, 106, 107, 108, 116, 101, 115, 116, 52, 50, 49, 48, 50, 160, 32, 48, 30, 160, 3, 2, 1, 0, 161, 3, 1, 1, 255, 162, 3, 1, 1, 0, 163, 3, 1, 1, 0, 164, 3, 1, 1, 0, 165, 3, 1, 1, 0} ext := []pkix.Extension{{ Id: cloudComputeInstanceIdentifierOID, Value: extPayload, }} instanceInfo, err := getInstanceInfoFromExtensions(ext) if err != nil { t.Fatalf("getInstanceInfo returned with error: %v", err) } if instanceInfo == nil { t.Fatal("getInstanceInfo returned nil instance info.") } if !proto.Equal(instanceInfo, expectedInstanceInfo) { t.Errorf("getInstanceInfo did not return expected instance info: got %v, want %v", instanceInfo, expectedInstanceInfo) } } func TestValidateAKGCEAndGetGCEInstanceInfo(t *testing.T) { testCases := []struct { name string certPEM []byte rootCertDER []byte intermediateDER []byte }{ { name: "GCE UCA AK ECC", certPEM: test.GCESignECCCertUCA, rootCertDER: gceEKRootCA, intermediateDER: gceEKIntermediateCA3, }, { name: "GCE UCA AK RSA", certPEM: test.GCESignRSACertUCA, rootCertDER: gceEKRootCA, intermediateDER: gceEKIntermediateCA3, }, { name: "GCE UCA EK ECC", certPEM: test.GCEEncryptECCCertUCA, rootCertDER: gceEKRootCA, intermediateDER: gceEKIntermediateCA3, }, { name: "GCE UCA EK RSA", certPEM: test.GCEEncryptRSACertUCA, rootCertDER: gceEKRootCA, intermediateDER: gceEKIntermediateCA3, }, { name: "GCE CAS AK ECC", certPEM: test.GCESignECCCertPCA, rootCertDER: gcpCASEKRootCA, intermediateDER: gcpCASEKIntermediateCA3, }, { name: "GCE CAS AK RSA", certPEM: test.GCESignRSACertPCA, rootCertDER: gcpCASEKRootCA, intermediateDER: gcpCASEKIntermediateCA3, }, { name: "GCE CAS EK ECC", certPEM: test.GCEEncryptECCCertPCA, rootCertDER: gcpCASEKRootCA, intermediateDER: gcpCASEKIntermediateCA3, }, { name: "GCE CAS EK RSA", certPEM: test.GCEEncryptRSACertPCA, rootCertDER: gcpCASEKRootCA, intermediateDER: gcpCASEKIntermediateCA3, }, } for _, tc := range testCases { t.Run(tc.name, func(t *testing.T) { crtBlock, _ := pem.Decode(tc.certPEM) if crtBlock.Bytes == nil { t.Fatalf("failed to pem.Decode(tc.certPEM)") } akCrt, err := x509.ParseCertificate(crtBlock.Bytes) if err != nil { t.Fatalf("x509.ParseCertificate(crtBlock.Bytes): %v", err) } root, err := x509.ParseCertificate(tc.rootCertDER) if err != nil { t.Fatalf("x509.ParseCertificate(tc.rootCertDER): %v", err) } intermediate, err := x509.ParseCertificate(tc.intermediateDER) if err != nil { t.Fatalf("x509.ParseCertificate(tc.intermediateDER): %v", err) } if err := VerifyAKCert(akCrt, []*x509.Certificate{root}, []*x509.Certificate{intermediate}); err != nil { t.Errorf("ValidateAKCert(%v): %v)", tc.name, err) } if gceInfo, err := GetGCEInstanceInfo(akCrt); err != nil { t.Errorf("GetGCEInstanceInfo(akCrt): %v", err) } else { t.Log(gceInfo) fmt.Print(gceInfo) } }) } } go-tpm-tools-0.4.7/simulator/000077500000000000000000000000001510276467000161125ustar00rootroot00000000000000go-tpm-tools-0.4.7/simulator/README.md000066400000000000000000000066211510276467000173760ustar00rootroot00000000000000# Go bindings to the Microsoft TPM2 Simulator Microsoft maintains the reference implementation of the TPM2 spec at: https://github.com/Microsoft/ms-tpm-20-ref/. The Microsoft code used here is actually [a fork of the upstream source](https://github.com/josephlr/ms-tpm-20-ref/tree/google). It is vendored at `simulator/ms-tpm-20-ref` to maintain compatiblity with `go get`. Building the simulator requires the OpenSSL headers to be installed. This can be done with: - Debian based systems (including Ubuntu): `apt install libssl-dev` - Red Hat based systems: `yum install openssl-devel` - Arch Linux based systems: [`openssl`](https://www.archlinux.org/packages/core/x86_64/openssl/) is installed by default (as a dependancy of `base`) and includes the headers. ## Debugging The simulator provides a useful way to figure out what the TPM is actually doing when it executes a command. If you compile a test which runs against the simulator, you can step through the simulator C source to see the exact operations performed. To do this: 1. Compile a test as a standalone binary. For example, if you were using a `go-tpm-tools/client` test (which all run against the simulator), compile the test binary named `client.test` by running: ```bash go test -c github.com/google/go-tpm-tools/client ``` 1. Now you can debug the binary using GDB: ```bash # Load the binary into GDB (fixing any errors/warnings you get) gdb ./client.test # In GDB, set a breakpoint in the funciton you want to use. (gdb) break TPM2_CreatePrimary Breakpoint 1 at 0x5d3710: file ./TPMCmd/tpm/src/command/Hierarchy/CreatePrimary.c, line 72. # Now you can either run all the tests in the package, or just one. # As we want to depug TPM2_CreatePrimary we'll run TestSeal (gdb) run -test.run TestSeal Starting program: ./client.test -test.run TestSeal Thread 1 "client.test" hit Breakpoint 1, TPM2_CreatePrimary at ./TPMCmd/tpm/src/command/Hierarchy/CreatePrimary.c:72 72 { # Go to the next line (gdb) n 81 newObject = FindEmptyObjectSlot(&out->objectHandle); # Step into a function (gdb) s FindEmptyObjectSlot at ./TPMCmd/tpm/src/subsystem/Object.c:266 266 { # Continue until the next breakpoint (or exiting) (gdb) c Continuing. PASS [Inferior 1 (process 29395) exited normally] ``` ## IDE Support When examining the TPM2 C code, is is often useful to have IDE support for things like "Go to Definition". To get this working, all your IDE should need is knowing where the headers are and what `#define` statements to use. For example, when using [VS Code](https://code.visualstudio.com/) with the [C/C++ extension](https://marketplace.visualstudio.com/items?itemName=ms-vscode.cpptools), add the following file to your workplace root at `.vscode/c_cpp_properties.json`: ```json { "configurations": [ { "name": "Linux", "includePath": [ "${workspaceFolder}/**" ], "defines": [ "VTPM=NO", "SIMULATION=NO", "USE_DA_USED=NO", "HASH_LIB=Ossl", "SYM_LIB=Ossl", "MATH_LIB=Ossl" ], "compilerPath": "/bin/clang", "cStandard": "c11", "cppStandard": "c++17", "intelliSenseMode": "clang-x64" } ], "version": 4 } ``` go-tpm-tools-0.4.7/simulator/internal/000077500000000000000000000000001510276467000177265ustar00rootroot00000000000000go-tpm-tools-0.4.7/simulator/internal/doc.go000066400000000000000000000006311510276467000210220ustar00rootroot00000000000000// Package internal provides low-level bindings to the Microsoft TPM2 simulator. // // When using CGO, this package compiles the simulator's C code and links // against the system OpenSSL library. Without CGO, this package just provides // stubs which always return failure. This allows the simulator package to be // built when cross compiling go-tpm-tools (which is incompatible with CGO). package internal go-tpm-tools-0.4.7/simulator/internal/include.c000066400000000000000000000174771510276467000215350ustar00rootroot00000000000000// Go's CGO build system is very primitive (to put it politely). It can include // headers from any location, but can only compile sources in the same directory // as the Go code. Thus to allow us to use the Mircosoft code as a submodule, we // have to textually include all of the sources into this file. #define _CRYPT_HASH_C_ #define _X509_SPT_ // Google sources #include "Clock.c" #include "Entropy.c" #include "NVMem.c" #include "Run.c" // Most of the sources can be included in any order. However, this file has to // be included first as it instantiates all of the libraries global variables. #include "support/Global.c" #include "X509/TpmASN1.c" #include "X509/X509_ECC.c" #include "X509/X509_RSA.c" #include "X509/X509_spt.c" #include "command/Asymmetric/ECC_Parameters.c" #include "command/Asymmetric/ECDH_KeyGen.c" #include "command/Asymmetric/ECDH_ZGen.c" #include "command/Asymmetric/EC_Ephemeral.c" #include "command/Asymmetric/RSA_Decrypt.c" #include "command/Asymmetric/RSA_Encrypt.c" #include "command/Asymmetric/ZGen_2Phase.c" #include "command/AttachedComponent/AC_GetCapability.c" #include "command/AttachedComponent/AC_Send.c" #include "command/AttachedComponent/AC_spt.c" #include "command/AttachedComponent/Policy_AC_SendSelect.c" #include "command/Attestation/Attest_spt.c" #include "command/Attestation/Certify.c" #include "command/Attestation/CertifyCreation.c" #include "command/Attestation/CertifyX509.c" #include "command/Attestation/GetCommandAuditDigest.c" #include "command/Attestation/GetSessionAuditDigest.c" #include "command/Attestation/GetTime.c" #include "command/Attestation/Quote.c" #include "command/Capability/GetCapability.c" #include "command/Capability/TestParms.c" #include "command/ClockTimer/ClockRateAdjust.c" #include "command/ClockTimer/ClockSet.c" #include "command/ClockTimer/ReadClock.c" #include "command/CommandAudit/SetCommandCodeAuditStatus.c" #include "command/Context/ContextLoad.c" #include "command/Context/ContextSave.c" #include "command/Context/Context_spt.c" #include "command/Context/EvictControl.c" #include "command/Context/FlushContext.c" #include "command/DA/DictionaryAttackLockReset.c" #include "command/DA/DictionaryAttackParameters.c" #include "command/Duplication/Duplicate.c" #include "command/Duplication/Import.c" #include "command/Duplication/Rewrap.c" #include "command/EA/PolicyAuthValue.c" #include "command/EA/PolicyAuthorize.c" #include "command/EA/PolicyAuthorizeNV.c" #include "command/EA/PolicyCommandCode.c" #include "command/EA/PolicyCounterTimer.c" #include "command/EA/PolicyCpHash.c" #include "command/EA/PolicyDuplicationSelect.c" #include "command/EA/PolicyGetDigest.c" #include "command/EA/PolicyLocality.c" #include "command/EA/PolicyNV.c" #include "command/EA/PolicyNameHash.c" #include "command/EA/PolicyNvWritten.c" #include "command/EA/PolicyOR.c" #include "command/EA/PolicyPCR.c" #include "command/EA/PolicyPassword.c" #include "command/EA/PolicyPhysicalPresence.c" #include "command/EA/PolicySecret.c" #include "command/EA/PolicySigned.c" #include "command/EA/PolicyTemplate.c" #include "command/EA/PolicyTicket.c" #include "command/EA/Policy_spt.c" #include "command/Ecdaa/Commit.c" #include "command/FieldUpgrade/FieldUpgradeData.c" #include "command/FieldUpgrade/FieldUpgradeStart.c" #include "command/FieldUpgrade/FirmwareRead.c" #include "command/HashHMAC/EventSequenceComplete.c" #include "command/HashHMAC/HMAC_Start.c" #include "command/HashHMAC/HashSequenceStart.c" #include "command/HashHMAC/MAC_Start.c" #include "command/HashHMAC/SequenceComplete.c" #include "command/HashHMAC/SequenceUpdate.c" #include "command/Hierarchy/ChangeEPS.c" #include "command/Hierarchy/ChangePPS.c" #include "command/Hierarchy/Clear.c" #include "command/Hierarchy/ClearControl.c" #include "command/Hierarchy/CreatePrimary.c" #include "command/Hierarchy/HierarchyChangeAuth.c" #include "command/Hierarchy/HierarchyControl.c" #include "command/Hierarchy/SetPrimaryPolicy.c" #include "command/Misc/PP_Commands.c" #include "command/Misc/SetAlgorithmSet.c" #include "command/NVStorage/NV_Certify.c" #include "command/NVStorage/NV_ChangeAuth.c" #include "command/NVStorage/NV_DefineSpace.c" #include "command/NVStorage/NV_Extend.c" #include "command/NVStorage/NV_GlobalWriteLock.c" #include "command/NVStorage/NV_Increment.c" #include "command/NVStorage/NV_Read.c" #include "command/NVStorage/NV_ReadLock.c" #include "command/NVStorage/NV_ReadPublic.c" #include "command/NVStorage/NV_SetBits.c" #include "command/NVStorage/NV_UndefineSpace.c" #include "command/NVStorage/NV_UndefineSpaceSpecial.c" #include "command/NVStorage/NV_Write.c" #include "command/NVStorage/NV_WriteLock.c" #include "command/NVStorage/NV_spt.c" #include "command/Object/ActivateCredential.c" #include "command/Object/Create.c" #include "command/Object/CreateLoaded.c" #include "command/Object/Load.c" #include "command/Object/LoadExternal.c" #include "command/Object/MakeCredential.c" #include "command/Object/ObjectChangeAuth.c" #include "command/Object/Object_spt.c" #include "command/Object/ReadPublic.c" #include "command/Object/Unseal.c" #include "command/PCR/PCR_Allocate.c" #include "command/PCR/PCR_Event.c" #include "command/PCR/PCR_Extend.c" #include "command/PCR/PCR_Read.c" #include "command/PCR/PCR_Reset.c" #include "command/PCR/PCR_SetAuthPolicy.c" #include "command/PCR/PCR_SetAuthValue.c" #include "command/Random/GetRandom.c" #include "command/Random/StirRandom.c" #include "command/Session/PolicyRestart.c" #include "command/Session/StartAuthSession.c" #include "command/Signature/Sign.c" #include "command/Signature/VerifySignature.c" #include "command/Startup/Shutdown.c" #include "command/Startup/Startup.c" #include "command/Symmetric/EncryptDecrypt.c" #include "command/Symmetric/EncryptDecrypt2.c" #include "command/Symmetric/EncryptDecrypt_spt.c" #include "command/Symmetric/HMAC.c" #include "command/Symmetric/Hash.c" #include "command/Symmetric/MAC.c" #include "command/Testing/GetTestResult.c" #include "command/Testing/IncrementalSelfTest.c" #include "command/Testing/SelfTest.c" #include "command/Vendor/Vendor_TCG_Test.c" #include "crypt/AlgorithmTests.c" #include "crypt/BnConvert.c" #include "crypt/BnMath.c" #include "crypt/BnMemory.c" #include "crypt/CryptCmac.c" #include "crypt/CryptDes.c" #include "crypt/CryptEccData.c" #include "crypt/CryptEccKeyExchange.c" #include "crypt/CryptEccMain.c" #include "crypt/CryptEccSignature.c" #include "crypt/CryptHash.c" #include "crypt/CryptPrime.c" #include "crypt/CryptPrimeSieve.c" #include "crypt/CryptRand.c" #include "crypt/CryptRsa.c" #include "crypt/CryptSelfTest.c" #include "crypt/CryptSmac.c" #include "crypt/CryptSym.c" #include "crypt/CryptUtil.c" #include "crypt/PrimeData.c" #include "crypt/RsaKeyCache.c" #include "crypt/Ticket.c" #include "crypt/ossl/TpmToOsslDesSupport.c" #include "crypt/ossl/TpmToOsslMath.c" #include "crypt/ossl/TpmToOsslSupport.c" #include "events/_TPM_Hash_Data.c" #include "events/_TPM_Hash_End.c" #include "events/_TPM_Hash_Start.c" #include "events/_TPM_Init.c" #include "main/CommandDispatcher.c" #include "main/ExecCommand.c" #include "main/SessionProcess.c" #include "subsystem/CommandAudit.c" #include "subsystem/DA.c" #include "subsystem/Hierarchy.c" #include "subsystem/NvDynamic.c" #include "subsystem/NvReserved.c" #include "subsystem/Object.c" #include "subsystem/PCR.c" #include "subsystem/PP.c" #include "subsystem/Session.c" #include "subsystem/Time.c" #include "support/AlgorithmCap.c" #include "support/Bits.c" #include "support/CommandCodeAttributes.c" #include "support/Entity.c" #include "support/Handle.c" #include "support/IoBuffers.c" #include "support/Locality.c" #include "support/Manufacture.c" #include "support/Marshal.c" #include "support/MathOnByteBuffers.c" #include "support/Memory.c" #include "support/Power.c" #include "support/PropertyCap.c" #include "support/Response.c" #include "support/ResponseCodeProcessing.c" #include "support/TpmFail.c" #include "support/TpmSizeChecks.c" go-tpm-tools-0.4.7/simulator/internal/internal_cgo.go000066400000000000000000000074671510276467000227370ustar00rootroot00000000000000//go:build cgo // +build cgo package internal // // Directories containing .h files in the simulator source // #cgo CFLAGS: -I ../ms-tpm-20-ref/Samples/Google // #cgo CFLAGS: -I ../ms-tpm-20-ref/TPMCmd/tpm/include // #cgo CFLAGS: -I ../ms-tpm-20-ref/TPMCmd/tpm/include/prototypes // // Allows simulator.c to import files without repeating the source repo path. // #cgo CFLAGS: -I ../ms-tpm-20-ref/Samples/Google // #cgo CFLAGS: -I ../ms-tpm-20-ref/TPMCmd/tpm/src // // Store NVDATA in memory, and we don't care about updates to failedTries. // #cgo CFLAGS: -DVTPM=NO -DSIMULATION=NO -DUSE_DA_USED=NO // // Flags from ../ms-tpm-20-ref/TPMCmd/configure.ac // #cgo CFLAGS: -std=gnu11 -Wall -Wformat-security -fPIC // // Windows has linking errors when using stack protectors // #cgo !windows CFLAGS: -fstack-protector-all // // Silence known warnings from the reference code and CGO code. // #cgo CFLAGS: -Wno-missing-braces -Wno-empty-body -Wno-unused-variable -Wno-uninitialized // // Silence openssl deprecation warnings for ms-tpm-20-ref // #cgo CFLAGS: -Wno-deprecated-declarations // // Link against the system OpenSSL // #cgo CFLAGS: -DDEBUG=YES // #cgo CFLAGS: -DSIMULATION=NO // #cgo CFLAGS: -DCOMPILER_CHECKS=DEBUG // #cgo CFLAGS: -DRUNTIME_SIZE_CHECKS=DEBUG // #cgo CFLAGS: -DUSE_DA_USED=NO // #cgo CFLAGS: -DCERTIFYX509_DEBUG=NO // #cgo CFLAGS: -DECC_NIST_P224=YES // #cgo CFLAGS: -DECC_NIST_P521=YES // #cgo CFLAGS: -DALG_SHA512=ALG_YES // #cgo CFLAGS: -DMAX_CONTEXT_SIZE=1360 // // Flags to find OpenSSL installation on macOS (default Homebrew location) // #cgo darwin,amd64 CFLAGS: -I/usr/local/opt/openssl/include // #cgo darwin,amd64 LDFLAGS: -L/usr/local/opt/openssl/lib // #cgo darwin,arm64 CFLAGS: -I/opt/homebrew/opt/openssl/include // #cgo darwin,arm64 LDFLAGS: -L/opt/homebrew/opt/openssl/lib // // Flags to find OpenSSL installation on Windows (default install location) // #cgo windows CFLAGS: -I"C:/Program Files/OpenSSL-Win64/include" // #cgo windows LDFLAGS: -L"C:/Program Files/OpenSSL-Win64/lib" // // Link against OpenSSL // #cgo LDFLAGS: -lcrypto // // #include // #include "Platform.h" // #include "Tpm.h" // // void sync_seeds() { // NV_SYNC_PERSISTENT(EPSeed); // NV_SYNC_PERSISTENT(SPSeed); // NV_SYNC_PERSISTENT(PPSeed); // } import "C" import ( "errors" "io" "unsafe" ) // SetSeeds uses the output of r to reset the 3 TPM simulator seeds. func SetSeeds(r io.Reader) { // The first two bytes of the seed encode the size (so we don't overwrite) r.Read(C.gp.EPSeed[2:]) r.Read(C.gp.SPSeed[2:]) r.Read(C.gp.PPSeed[2:]) } // Reset simulates toggling the power the TPM. If forceManufacture is true, // the reset will be a manufacturer reset. func Reset(forceManufacture bool) { C._plat__Reset(C.bool(forceManufacture)) } // RunCommand passes cmd to the simulator and returns the simulator's response. func RunCommand(cmd []byte) ([]byte, error) { responseSize := C.uint32_t(C.MAX_RESPONSE_SIZE) // _plat__RunCommand takes the response buffer as a uint8_t** instead of as // a uint8_t*. As Cgo bans go pointers to go pointers, we must allocate the // response buffer with malloc(). response := C.malloc(C.size_t(responseSize)) defer C.free(response) // Make a copy of the response pointer, so we can be sure _plat__RunCommand // doesn't modify the pointer (it _is_ expected to modify the buffer). responsePtr := (*C.uint8_t)(response) C._plat__RunCommand(C.uint32_t(len(cmd)), (*C.uint8_t)(&cmd[0]), &responseSize, &responsePtr) // As long as NO_FAIL_TRACE is not defined, debug error information is // written to certain global variables on internal failure. if C.g_inFailureMode == C.TRUE { return nil, errors.New("unknown internal failure") } if response != unsafe.Pointer(responsePtr) { panic("Response pointer shouldn't be modified on success") } return C.GoBytes(response, C.int(responseSize)), nil } go-tpm-tools-0.4.7/simulator/internal/internal_cross.go000066400000000000000000000006101510276467000232770ustar00rootroot00000000000000//go:build !cgo // +build !cgo package internal import ( "errors" "io" ) // SetSeeds does nothing func SetSeeds(r io.Reader) {} // Reset does nothing func Reset(forceManufacture bool) {} // RunCommand always returns an error, as we need CGO to use the simulator. func RunCommand(cmd []byte) ([]byte, error) { return nil, errors.New("using the simulator requires building with CGO") } go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/000077500000000000000000000000001510276467000203205ustar00rootroot00000000000000go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/CONTRIBUTING.md000066400000000000000000000041201510276467000225460ustar00rootroot00000000000000# Guidelines for reporting bugs: Non-security-critical bugs can be filed on the Issues tracker: https://github.com/Microsoft/ms-tpm-20-ref/issues Security sensitive bugs should be reported to secure@microsoft.com # Guideline for submitting changes: This repository tracks official TPM Library Specification releases and errata from the Trusted Computing Group: https://trustedcomputinggroup.org/tpm-library-specification/ All changes to core TPM logic, particularly changes to files in TPMCmd/tpm and its subdirectories, must be approved by TCG voting members.  Github pull requests may be used to propose changes, but changes will not be incorporated without TCG member approval. Other changes (e.g. new files or changes to TPMCmd/Platform or TPMCmd/Simulator), particularly to support new platforms, scenarios, build environments or crypto-libraries, will be considered if they are expected to be widely useful. Contributors that wish to be involved in the future evolution of the TPM specification and reference implementation should consider joining the Trusted Computing Group.  Information about membership and liaison programs is available at https://trustedcomputinggroup.org/membership/ # Contributing This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com. When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repositories using our CLA. This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments. go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/LICENSE000066400000000000000000000031171510276467000213270ustar00rootroot00000000000000Microsoft Reference Implementation for TPM 2.0 The copyright in this software is being made available under the BSD License, included below. This software may be subject to other third party and contributor rights, including patent rights, and no such rights are granted under this license. Copyright (c) Microsoft Corporation All rights reserved. BSD License Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/README.md000066400000000000000000000057151510276467000216070ustar00rootroot00000000000000# MS TPM 2.0 Reference Implementation # [![Build Status](https://travis-ci.org/Microsoft/ms-tpm-20-ref.svg?branch=master)](https://travis-ci.org/Microsoft/ms-tpm-20-ref) This is the official TCG reference implementation of the [TPM 2.0 Specification](https://trustedcomputinggroup.org/tpm-library-specification). The project contains complete source code of the reference implementation with a Microsoft Visual Studio solution and Linux autotools build scripts. See the definition of the `SPEC_VERSION`, `SPEC_YEAR` and `SPEC_DAY_OF_YEAR` values in the [TpmTypes.h](TPMCmd/tpm/include/TpmTypes.h) header for the exact revision/date of the TPM 2.0 specification, which the given source tree snapshot corresponds to. ## Visual Studio build ## Before building the Visual Studio solution: 1. Uncomment and update the definitions of the following macros in the [VendorString.h](TPMCmd/tpm/include/VendorString.h) header: - MANUFACTURER - VENDOR_STRING_1 - FIRMWARE_V1 and FIRMWARE_V2 2. Setup the underlying cryptographic library: ### OpenSSL library ### 1. Create `TPMCmd/lib` folder and place a static OpenSSL library (`libeay32.lib` or `libcrypto.lib`) there. This may be either complete static library, or import library accompanying the corresponding DLL. In the latter case you'll need to copy the OpenSSL DLL into the standard Windows search path, so that it is available when you run the simulator executable (e.g. copy it into the same folder where simulator.exe is located). If you use `libcrypto.lib`, you'll need to either update `Linker|Input|Additional Dependencies` property of the Tpm project in the simulator solution or, alternatively, rename `libcrypto.lib` to `libeay32.lib`. Recommended version of OpenSSL is 1.0.2d or higher. 2. Create `TPMCmd/OsslInclude/openssl` folder and copy there the contents of the `openssl/include/openssl` folder of the OpenSSL source tree used to build the static library used on the step 2). 3. Build the solution with either Debug or Release as the active configuration. ### Wolfcrypt library (wolfSSL) ### 1. WolfSSL is included as a submodule. Initialize and update the submodule to fetch the project and checkout the appropriate commit. > git submodule init > git submodule update The current commit will point the minimum recommended version of wolfSSL. Moving to a more recent tag or commit should also be supported but might not be tested. 2. Build the solution with either WolfDebug or WolfRelease as the active configuration, either from inside the Visual Studio or with the following command line: > msbuild TPMCmd\simulator.sln /p:Configuration=WolfDebug ## Linux build Follows the common `./bootstrap && ./configure && make` convention. Note that autotools scripts require the following prerequisite packages: `autoconf-archive`, `pkg-config`. Their absence is not automatically detected. The build also requires `libssl-dev` package to be installed. go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/Samples/000077500000000000000000000000001510276467000217245ustar00rootroot00000000000000go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/Samples/Google/000077500000000000000000000000001510276467000231405ustar00rootroot00000000000000go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/Samples/Google/Clock.c000066400000000000000000000142631510276467000243450ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD * License, included below. This software may be subject to other third party * and contributor rights, including patent rights, and no such rights are * granted under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this * list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS * IS"" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Description // // This file contains the routines that are used by the simulator to mimic // a hardware clock on a TPM. // // In this implementation, all the time values are measured in millisecond. // However, the precision of the clock functions may be implementation // dependent. #ifdef _WIN32 #include #include #else #include #endif #include "PlatformData.h" #include "Platform_fp.h" unsigned int s_adjustRate; bool s_timerReset; clock64_t s_realTimePrevious; clock64_t s_tpmTime; clock64_t s_lastSystemTime; clock64_t s_lastReportedTime; void _plat__TimerReset() { s_lastSystemTime = 0; s_tpmTime = 0; s_adjustRate = CLOCK_NOMINAL; s_timerReset = true; return; } static clock64_t _plat__RealTime() { #ifdef _WIN32 // On Windows we might be using msvcrt, which only has _ftime. struct _timeb sysTime; _ftime_s(&sysTime); return (clock64_t)(sysTime.time) * 1000 + sysTime.millitm; #else struct timespec systime; clock_gettime(CLOCK_MONOTONIC, &systime); return (clock64_t)systime.tv_sec * 1000 + (systime.tv_nsec / 1000000); #endif } uint64_t _plat__TimerRead() { clock64_t timeDiff; clock64_t adjustedTimeDiff; clock64_t timeNow; clock64_t readjustedTimeDiff; // This produces a timeNow that is basically locked to the system clock. timeNow = _plat__RealTime(); // if this hasn't been initialized, initialize it if (s_lastSystemTime == 0) { s_lastSystemTime = timeNow; s_lastReportedTime = 0; s_realTimePrevious = 0; } // The system time can bounce around and that's OK as long as we don't allow // time to go backwards. When the time does appear to go backwards, set // lastSystemTime to be the new value and then update the reported time. if (timeNow < s_lastReportedTime) s_lastSystemTime = timeNow; s_lastReportedTime = s_lastReportedTime + timeNow - s_lastSystemTime; s_lastSystemTime = timeNow; timeNow = s_lastReportedTime; // The code above produces a timeNow that is similar to the value returned // by Clock(). The difference is that timeNow does not max out, and it is // at a ms. rate rather than at a CLOCKS_PER_SEC rate. The code below // uses that value and does the rate adjustment on the time value. // If there is no difference in time, then skip all the computations if (s_realTimePrevious >= timeNow) return s_tpmTime; // Compute the amount of time since the last update of the system clock timeDiff = timeNow - s_realTimePrevious; // Do the time rate adjustment and conversion from CLOCKS_PER_SEC to mSec adjustedTimeDiff = (timeDiff * CLOCK_NOMINAL) / ((uint64_t)s_adjustRate); // update the TPM time with the adjusted timeDiff s_tpmTime += (clock64_t)adjustedTimeDiff; // Might have some rounding error that would loose CLOCKS. See what is not // being used. As mentioned above, this could result in putting back more than // is taken out. Here, we are trying to recreate timeDiff. readjustedTimeDiff = (adjustedTimeDiff * (uint64_t)s_adjustRate) / CLOCK_NOMINAL; // adjusted is now converted back to being the amount we should advance the // previous sampled time. It should always be less than or equal to timeDiff. // That is, we could not have use more time than we started with. s_realTimePrevious = s_realTimePrevious + readjustedTimeDiff; return s_tpmTime; } bool _plat__TimerWasReset() { bool retVal = s_timerReset; s_timerReset = false; return retVal; } void _plat__ClockAdjustRate(int adjust) { // We expect the caller should only use a fixed set of constant values to // adjust the rate switch (adjust) { case CLOCK_ADJUST_COARSE: s_adjustRate += CLOCK_ADJUST_COARSE; break; case -CLOCK_ADJUST_COARSE: s_adjustRate -= CLOCK_ADJUST_COARSE; break; case CLOCK_ADJUST_MEDIUM: s_adjustRate += CLOCK_ADJUST_MEDIUM; break; case -CLOCK_ADJUST_MEDIUM: s_adjustRate -= CLOCK_ADJUST_MEDIUM; break; case CLOCK_ADJUST_FINE: s_adjustRate += CLOCK_ADJUST_FINE; break; case -CLOCK_ADJUST_FINE: s_adjustRate -= CLOCK_ADJUST_FINE; break; default: // ignore any other values; break; } if (s_adjustRate > (CLOCK_NOMINAL + CLOCK_ADJUST_LIMIT)) s_adjustRate = CLOCK_NOMINAL + CLOCK_ADJUST_LIMIT; if (s_adjustRate < (CLOCK_NOMINAL - CLOCK_ADJUST_LIMIT)) s_adjustRate = CLOCK_NOMINAL - CLOCK_ADJUST_LIMIT; return; } go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/Samples/Google/Entropy.c000066400000000000000000000004221510276467000247420ustar00rootroot00000000000000#include #include "Platform_fp.h" // We get entropy from OpenSSL which gets its entropy from the OS. int32_t _plat__GetEntropy(uint8_t *entropy, uint32_t amount) { if (RAND_bytes(entropy, amount) != 1) { return -1; } return amount; } go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/Samples/Google/NVMem.c000066400000000000000000000061321510276467000242700ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD * License, included below. This software may be subject to other third party * and contributor rights, including patent rights, and no such rights are * granted under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this * list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS * IS"" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Description // // This file contains the NV read and write access methods. This // implementation uses RAM/file and does not manage the RAM/file as NV // blocks. The implementation may become more sophisticated over time. // #include #include #include "PlatformData.h" #include "Platform_fp.h" unsigned char s_NV[NV_MEMORY_SIZE]; void _plat__NvMemoryRead(unsigned int start, unsigned int size, void *data) { assert(start + size <= NV_MEMORY_SIZE); memcpy(data, &s_NV[start], size); return; } int _plat__NvIsDifferent(unsigned int start, unsigned int size, void *data) { return (memcmp(&s_NV[start], data, size) != 0); } bool _plat__NvMemoryWrite(unsigned int start, unsigned int size, void *data) { if (start + size <= NV_MEMORY_SIZE) { memcpy(&s_NV[start], data, size); return true; } return false; } void _plat__NvMemoryClear(unsigned int start, unsigned int size) { assert(start + size <= NV_MEMORY_SIZE); // In this implementation, assume that the erase value for NV is all 1s memset(&s_NV[start], 0xff, size); } void _plat__NvMemoryMove(unsigned int sourceOffset, unsigned int destOffset, unsigned int size) { assert(sourceOffset + size <= NV_MEMORY_SIZE); assert(destOffset + size <= NV_MEMORY_SIZE); memmove(&s_NV[destOffset], &s_NV[sourceOffset], size); return; } go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/Samples/Google/Platform.h000066400000000000000000000057361510276467000251100ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD * License, included below. This software may be subject to other third party * and contributor rights, including patent rights, and no such rights are * granted under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this * list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS * IS"" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ // External interface to the vTPM #ifndef _PLATFORM_H_ #define _PLATFORM_H_ #ifdef __cplusplus extern "C" { #endif #include #include //***_plat__RunCommand() // This version of RunCommand will set up a jum_buf and call ExecuteCommand(). // If the command executes without failing, it will return and RunCommand will // return. If there is a failure in the command, then _plat__Fail() is called // and it will longjump back to RunCommand which will call ExecuteCommand again. // However, this time, the TPM will be in failure mode so ExecuteCommand will // simply build a failure response and return. void _plat__RunCommand(uint32_t requestSize, // IN: command buffer size unsigned char *request, // IN: command buffer uint32_t *responseSize, // IN/OUT: response buffer size unsigned char **response // IN/OUT: response buffer ); //*** _plat_Reset() // Reset the TPM. This should always be called before _plat__RunCommand. The // first time this function is called, the TPM will be manufactured. Pass true // for forceManufacture to perfrom a manufacturer reset. void _plat__Reset(bool forceManufacture); #ifdef __cplusplus } #endif #endif // _PLATFORM_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/Samples/Google/PlatformData.h000066400000000000000000000073501510276467000256740ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD * License, included below. This software may be subject to other third party * and contributor rights, including patent rights, and no such rights are * granted under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this * list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS * IS"" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ // This file contains the instance data for the Platform module. It is collected // in this file so that the state of the module is easier to manage. #ifndef _PLATFORM_DATA_H_ #define _PLATFORM_DATA_H_ #include #include #include "TpmProfile.h" // For NV_MEMORY_SIZE typedef uint64_t clock64_t; // This is the value returned the last time that the system clock was read. This // is only relevant for a simulator or virtual TPM. extern clock64_t s_realTimePrevious; // These values are used to try to synthesize a long lived version of clock(). extern clock64_t s_lastSystemTime; extern clock64_t s_lastReportedTime; // This is the rate adjusted value that is the equivalent of what would be read // from a hardware register that produced rate adjusted time. extern clock64_t s_tpmTime; // This value indicates that the timer was reset extern bool s_timerReset; // This variable records the timer adjustment factor. extern unsigned int s_adjustRate; // CLOCK_NOMINAL is the number of hardware ticks per mS. A value of 300000 means // that the nominal clock rate used to drive the hardware clock is 30 MHz. The // adjustment rates are used to determine the conversion of the hardware ticks // to internal hardware clock value. In practice, we would expect that there // would be a hardware register with accumulated mS. It would be incremented by // the output of a prescaler. The prescaler would divide the ticks from the // clock by some value that would compensate for the difference between clock // time and real time. The code in Clock does the emulation of this function. #define CLOCK_NOMINAL 30000 // A 1% change in rate is 300 counts #define CLOCK_ADJUST_COARSE 300 // A 0.1% change in rate is 30 counts #define CLOCK_ADJUST_MEDIUM 30 // A minimum change in rate is 1 count #define CLOCK_ADJUST_FINE 1 // The clock tolerance is +/-15% (4500 counts) // Allow some guard band (16.7%) #define CLOCK_ADJUST_LIMIT 5000 extern unsigned char s_NV[NV_MEMORY_SIZE]; #endif // _PLATFORM_DATA_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/Samples/Google/Platform_fp.h000066400000000000000000000203161510276467000255640ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD * License, included below. This software may be subject to other third party * and contributor rights, including patent rights, and no such rights are * granted under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this * list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS * IS"" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ // Platform functions used by libtpm #ifndef _PLATFORM_FP_H_ #define _PLATFORM_FP_H_ #include #include //***_plat__IsCanceled() // We opt to not support cancellation, so always return false. // Return values: // true(1) if cancel flag is set // false(0) if cancel flag is not set static inline int _plat__IsCanceled() { return false; } //***_plat__TimerReset() // This function sets current system clock time as t0 for counting TPM time. // This function is called at a power on event to reset the clock. When the // clock is reset, the indication that the clock was stopped is also set. void _plat__TimerReset(); //***_plat__TimerRead() // This function provides access to the tick timer of the platform. The TPM code // uses this value to drive the TPM Clock. // // The tick timer is supposed to run when power is applied to the device. This // timer should not be reset by time events including _TPM_Init. It should only // be reset when TPM power is re-applied. // // If the TPM is run in a protected environment, that environment may provide // the tick time to the TPM as long as the time provided by the environment is // not allowed to go backwards. If the time provided by the system can go // backwards during a power discontinuity, then the _plat__Signal_PowerOn should // call _plat__TimerReset(). uint64_t _plat__TimerRead(); //*** _plat__TimerWasReset() // This function is used to interrogate the flag indicating if the tick timer // has been reset. // // If the resetFlag parameter is SET, then the flag will be CLEAR before the // function returns. bool _plat__TimerWasReset(); //*** _plat__TimerWasStopped() // As we have CLOCK_STOPS=NO, we will only stop our timer on resets. static inline bool _plat__TimerWasStopped() { return _plat__TimerWasReset(); } //***_plat__ClockAdjustRate() // Adjust the clock rate // IN: the adjust number. It could be positive or negative void _plat__ClockAdjustRate(int adjust); //*** _plat__GetEntropy() // This function is used to get available hardware entropy. In a hardware // implementation of this function, there would be no call to the system // to get entropy. // Return values: // < 0 hardware failure of the entropy generator, this is sticky // >= 0 the returned amount of entropy (bytes) int32_t _plat__GetEntropy(uint8_t *entropy, // output buffer uint32_t amount // amount requested ); //***_plat__LocalityGet() // We do not support non-zero localities, so just always return 0. static inline uint8_t _plat__LocalityGet() { return 0; } //***_plat__NVEnable() // As we just hold the NV data in memory, always return success. // Return values: // 0 if success // > 0 if receive recoverable error // < 0 if unrecoverable error static inline int _plat__NVEnable(void *platParameter) { (void)(platParameter); return 0; }; //***_plat__IsNvAvailable() // Our NV Data is always available and has no write limits. // Return values: // 0 NV is available // 1 NV is not available due to write failure // 2 NV is not available due to rate limit static inline int _plat__IsNvAvailable() { return 0; } //***_plat__NvMemoryRead() // Function: Read a chunk of NV memory void _plat__NvMemoryRead(unsigned int startOffset, // IN: read start unsigned int size, // IN: size of bytes to read void *data // OUT: data buffer ); //*** _plat__NvIsDifferent() // This function checks to see if the NV is different from the test value. This // is so that NV will not be written if it has not changed. // Return Type: int // TRUE(1) the NV location is different from the test value // FALSE(0) the NV location is the same as the test value int _plat__NvIsDifferent(unsigned int startOffset, // IN: read start unsigned int size, // IN: size of bytes to read void *data // IN: data buffer ); //***_plat__NvMemoryWrite() // This function is used to update NV memory. The "write" is to a memory copy of // NV. At the end of the current command, any changes are written to // the actual NV memory. // NOTE: A useful optimization would be for this code to compare the current // contents of NV with the local copy and note the blocks that have changed. // Then only write those blocks when _plat__NvCommit() is called. bool _plat__NvMemoryWrite(unsigned int startOffset, // IN: write start unsigned int size, // IN: size of bytes to write void *data // OUT: data buffer ); //***_plat__NvMemoryClear() // Function is used to set a range of NV memory bytes to an implementation- // dependent value. The value represents the erase state of the memory. void _plat__NvMemoryClear(unsigned int start, // IN: clear start unsigned int size // IN: number of bytes to clear ); //***_plat__NvMemoryMove() // Function: Move a chunk of NV memory from source to destination // This function should ensure that if there overlap, the original data is // copied before it is written void _plat__NvMemoryMove(unsigned int sourceOffset, // IN: source offset unsigned int destOffset, // IN: destination offset unsigned int size // IN: size of data being moved ); //***_plat__NvCommit() // Our NV Data is just in memory, so "committing" it is a no-op. // Return values: // 0 NV write success // != 0 NV write fail static inline int _plat__NvCommit() { return 0; } //*** _plat__WasPowerLost() // Test whether power was lost before a _TPM_Init. As we use in-memory NV Data, // there's no reason to to not do the power-loss activities on every _TPM_Init. // Return values: // true(1) power was lost // false(0) power was not lost static inline int _plat__WasPowerLost() { return true; } //** From PPPlat.c //***_plat__PhysicalPresenceAsserted() // Our vTPM has no way to assert physical presence, so we always return true. // Return values: // true(1) if physical presence is signaled // false(0) if physical presence is not signaled static inline int _plat__PhysicalPresenceAsserted() { return true; } //***_plat__Fail() // This is the platform depended failure exit for the TPM. _Noreturn void _plat__Fail(); #endif // _PLATFORM_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/Samples/Google/Run.c000066400000000000000000000065131510276467000240550ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD * License, included below. This software may be subject to other third party * and contributor rights, including patent rights, and no such rights are * granted under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this * list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS * IS"" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //**Introduction // This module provides the platform specific entry and fail processing. The // _plat__RunCommand() function is used to call to ExecuteCommand() in the TPM // code. This function does whatever processing is necessary to set up the // platform in anticipation of the call to the TPM including settup for error // processing. // // The _plat__Fail() function is called when there is a failure in the TPM. The // TPM code will have set the flag to indicate that the TPM is in failure mode. // This call will then recursively call ExecuteCommand in order to build the // failure mode response. When ExecuteCommand() returns to _plat__Fail(), the // platform will do some platform specif operation to return to the environment // in which the TPM is executing. For a simulator, setjmp/longjmp is used. For // an OS, a system exit to the OS would be appropriate. #include #include "CompilerDependencies.h" #include "ExecCommand_fp.h" #include "Manufacture_fp.h" #include "Platform.h" #include "Platform_fp.h" #include "_TPM_Init_fp.h" jmp_buf s_jumpBuffer; void _plat__RunCommand(uint32_t requestSize, unsigned char *request, uint32_t *responseSize, unsigned char **response) { setjmp(s_jumpBuffer); ExecuteCommand(requestSize, request, responseSize, response); } _Noreturn void _plat__Fail(void) { longjmp(&s_jumpBuffer[0], 1); } void _plat__Reset(bool forceManufacture) { // We ignore errors, as we don't care if the TPM has been Manufactured before. if (forceManufacture) { TPM_TearDown(); } TPM_Manufacture(0); _plat__TimerReset(); _TPM_Init(); } go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/000077500000000000000000000000001510276467000214045ustar00rootroot00000000000000go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/Makefile.am000066400000000000000000000054771510276467000234550ustar00rootroot00000000000000## The copyright in this software is being made available under the BSD License, ## included below. This software may be subject to other third party and ## contributor rights, including patent rights, and no such rights are granted ## under this license. ## ## Copyright (c) Intel Corporation ## ## All rights reserved. ## ## BSD License ## ## Redistribution and use in source and binary forms, with or without modification, ## are permitted provided that the following conditions are met: ## ## Redistributions of source code must retain the above copyright notice, this list ## of conditions and the following disclaimer. ## ## Redistributions in binary form must reproduce the above copyright notice, this ## list of conditions and the following disclaimer in the documentation and/or ## other materials provided with the distribution. ## ## THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" ## AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ## IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE ## DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ## ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES ## (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; ## LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ## ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ## (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS ## SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. include src.mk PLATFORM_INC = -I $(srcdir)/Platform/include \ -I $(srcdir)/Platform/include/prototypes SIMULATOR_INC = -I $(srcdir)/Simulator/include \ -I $(srcdir)/Simulator/include/prototypes TPM_INC = -I $(srcdir)/tpm/include \ -I $(srcdir)/tpm/include/prototypes libplatform = Platform/src/libplatform.a libtpm = tpm/src/libtpm.a tpm2_simulator = Simulator/src/tpm2-simulator bin_PROGRAMS = $(tpm2_simulator) noinst_LIBRARIES = $(libplatform) $(libtpm) Platform_src_libplatform_a_CFLAGS = $(EXTRA_CFLAGS) $(PLATFORM_INC) $(TPM_INC) Platform_src_libplatform_a_SOURCES = $(PLATFORM_C) $(PLATFORM_H) Simulator_src_tpm2_simulator_CFLAGS = $(EXTRA_CFLAGS) $(PLATFORM_INC) \ $(TPM_INC) $(SIMULATOR_INC) $(LIBCRYPTO_CFLAGS) $(PTHREAD_CFLAGS) # the weird / duplicate static library is necessary for dealing with the # circular dependency beetween libplatform and libtpm Simulator_src_tpm2_simulator_LDADD = $(libplatform) $(libtpm) \ $(libplatform) $(LIBCRYPTO_LIBS) $(PTHREAD_LIBS) @ADDITIONAL_LIBS@ Simulator_src_tpm2_simulator_SOURCES = $(SIMULATOR_C) $(SIMULATOR_H) tpm_src_libtpm_a_CFLAGS = $(EXTRA_CFLAGS) $(PLATFORM_INC) $(TPM_INC) \ $(LIBCRYPTO_CFLAGS) tpm_src_libtpm_a_SOURCES = $(TPM_C) $(TPM_H) $(PLATFORM_H) go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/configure.ac000066400000000000000000000071101510276467000236710ustar00rootroot00000000000000dnl The copyright in this software is being made available under the BSD License, dnl included below. This software may be subject to other third party and dnl contributor rights, including patent rights, and no such rights are granted dnl under this license. dnl dnl Copyright (c) Intel Corporation dnl dnl All rights reserved. dnl dnl BSD License dnl dnl Redistribution and use in source and binary forms, with or without modification, dnl are permitted provided that the following conditions are met: dnl dnl Redistributions of source code must retain the above copyright notice, this list dnl of conditions and the following disclaimer. dnl dnl Redistributions in binary form must reproduce the above copyright notice, this dnl list of conditions and the following disclaimer in the documentation and/or dnl other materials provided with the distribution. dnl dnl THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" dnl AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE dnl IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE dnl DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR dnl ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES dnl (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; dnl LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON dnl ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT dnl (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS dnl SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. AC_INIT([ms-tpm-20-ref], [0.1], [https://github.com/microsoft/ms-tpm-20-ref/issues], [], [https://github.com/microsoft/ms-tpm-20-ref]) AC_CONFIG_MACRO_DIR([.]) AC_PROG_CC AC_PROG_LN_S AC_PROG_RANLIB AM_INIT_AUTOMAKE([foreign subdir-objects]) AC_CONFIG_FILES([Makefile]) AC_SUBST([DISTCHECK_CONFIGURE_FLAGS],[$ac_configure_args]) dnl By enabling this feature tpm simulator gets seeds derived from hardware parameters. dnl It is enabled only for linux devices. dnl Note that the seeds are not derived from secure hardware source. AC_ARG_ENABLE(usedeviceid, AS_HELP_STRING([--enable-usedeviceid], [tpm simulator get seeds derived from hardware parameters. Seeds are not derived from secure hardware source.])) PKG_CHECK_MODULES([LIBCRYPTO], [libcrypto]) AS_IF([test "x$enable_usedeviceid" = "xyes"], [ PKG_CHECK_MODULES([LIBUDEV], [libudev]) [ADDITIONAL_LIBS="-ludev"] ]) AX_PTHREAD([], [AC_MSG_ERROR([requires pthread])]) AC_DEFINE([HASH_LIB], [Ossl], [Crypto lib for hash algorithms]) AC_DEFINE([SYM_LIB], [Ossl], [Crypto lib for symmetric encryption algorithms]) AC_DEFINE([MATH_LIB], [Ossl], [Crypto lib for bignum operations]) ADD_COMPILER_FLAG([-std=gnu11]) ADD_COMPILER_FLAG([-Werror]) ADD_COMPILER_FLAG([-Wall]) ADD_COMPILER_FLAG([-Wformat-security]) ADD_COMPILER_FLAG([-fstack-protector-all]) ADD_COMPILER_FLAG([-fPIC]) ADD_COMPILER_FLAG([-Wno-error=empty-body]) ADD_COMPILER_FLAG([-Wno-error=expansion-to-defined]) ADD_COMPILER_FLAG([-Wno-error=parentheses]) ADD_COMPILER_FLAG([-Wno-error=pointer-to-int-cast]) ADD_COMPILER_FLAG([-Wno-error=missing-braces]) ADD_COMPILER_FLAG([-Wno-error=unused-result]) AS_IF([test "x$enable_usedeviceid" = "xyes"], [ ADD_COMPILER_FLAG([-DNDEBUG]) ADD_COMPILER_FLAG([-g]) ADD_COMPILER_FLAG([-DUSE_PLATFORM_EPS]) AC_SUBST(ADDITIONAL_LIBS) ]) ADD_LINK_FLAG([-Wl,--no-undefined]) ADD_LINK_FLAG([-Wl,-z,noexecstack]) ADD_LINK_FLAG([-Wl,-z,now]) ADD_LINK_FLAG([-Wl,-z,relro]) AC_OUTPUT go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/flags.m4000066400000000000000000000075751510276467000227600ustar00rootroot00000000000000dnl The copyright in this software is being made available under the BSD License, dnl included below. This software may be subject to other third party and dnl contributor rights, including patent rights, and no such rights are granted dnl under this license. dnl dnl Copyright (c) Intel Corporation dnl dnl All rights reserved. dnl dnl BSD License dnl dnl Redistribution and use in source and binary forms, with or without modification, dnl are permitted provided that the following conditions are met: dnl dnl Redistributions of source code must retain the above copyright notice, this list dnl of conditions and the following disclaimer. dnl dnl Redistributions in binary form must reproduce the above copyright notice, this dnl list of conditions and the following disclaimer in the documentation and/or dnl other materials provided with the distribution. dnl dnl THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" dnl AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE dnl IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE dnl DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR dnl ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES dnl (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; dnl LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON dnl ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT dnl (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS dnl SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. dnl ADD_COMPILER_FLAG: dnl A macro to add a CFLAG to the EXTRA_CFLAGS variable. This macro will dnl check to be sure the compiler supprts the flag. Flags can be made dnl mandatory (configure will fail). dnl $1: C compiler flag to add to EXTRA_CFLAGS. dnl $2: Set to "required" to cause configure failure if flag not supported.. AC_DEFUN([ADD_COMPILER_FLAG],[ AX_CHECK_COMPILE_FLAG([$1],[ EXTRA_CFLAGS="$EXTRA_CFLAGS $1" AC_SUBST([EXTRA_CFLAGS])],[ AS_IF([test x$2 != xrequired],[ AC_MSG_WARN([Optional CFLAG "$1" not supported by your compiler, continuing.])],[ AC_MSG_ERROR([Required CFLAG "$1" not supported by your compiler, aborting.])] )],[ -Wall -Werror] )] ) dnl ADD_PREPROC_FLAG: dnl Add the provided preprocessor flag to the EXTRA_CFLAGS variable. This dnl macro will check to be sure the preprocessor supports the flag. dnl The flag can be made mandatory by provideing the string 'required' as dnl the second parameter. dnl $1: Preprocessor flag to add to EXTRA_CFLAGS. dnl $2: Set to "required" t ocause configure failure if preprocesor flag dnl is not supported. AC_DEFUN([ADD_PREPROC_FLAG],[ AX_CHECK_PREPROC_FLAG([$1],[ EXTRA_CFLAGS="$EXTRA_CFLAGS $1" AC_SUBST([EXTRA_CFLAGS])],[ AS_IF([test x$2 != xrequired],[ AC_MSG_WARN([Optional preprocessor flag "$1" not supported by your compiler, continuing.])],[ AC_MSG_ERROR([Required preprocessor flag "$1" not supported by your compiler, aborting.])] )],[ -Wall -Werror] )] ) dnl ADD_LINK_FLAG: dnl A macro to add a LDLAG to the EXTRA_LDFLAGS variable. This macro will dnl check to be sure the linker supprts the flag. Flags can be made dnl mandatory (configure will fail). dnl $1: linker flag to add to EXTRA_LDFLAGS. dnl $2: Set to "required" to cause configure failure if flag not supported. AC_DEFUN([ADD_LINK_FLAG],[ AX_CHECK_LINK_FLAG([$1],[ EXTRA_LDFLAGS="$EXTRA_LDFLAGS $1" AC_SUBST([EXTRA_LDFLAGS])],[ AS_IF([test x$2 != xrequired],[ AC_MSG_WARN([Optional LDFLAG "$1" not supported by your linker, continuing.])],[ AC_MSG_ERROR([Required LDFLAG "$1" not supported by your linker, aborting.])] )] )] ) go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/000077500000000000000000000000001510276467000222045ustar00rootroot00000000000000go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/000077500000000000000000000000001510276467000236275ustar00rootroot00000000000000go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/BaseTypes.h000066400000000000000000000045301510276467000257010ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.2 Feb 22, 2019 * Date: Mar 20, 2019 Time: 08:27:26PM */ #ifndef _BASE_TYPES_H_ #define _BASE_TYPES_H_ // NULL definition #ifndef NULL #define NULL (0) #endif typedef uint8_t UINT8; typedef uint8_t BYTE; typedef int8_t INT8; typedef int BOOL; typedef uint16_t UINT16; typedef int16_t INT16; typedef uint32_t UINT32; typedef int32_t INT32; typedef uint64_t UINT64; typedef int64_t INT64; #endif // _BASE_TYPES_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/BnValues.h000066400000000000000000000333661510276467000255320ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Introduction // This file contains the definitions needed for defining the internal BIGNUM // structure. // A BIGNUM is a pointer to a structure. The structure has three fields. The // last field is and array (d) of crypt_uword_t. Each word is in machine format // (big- or little-endian) with the words in ascending significance (i.e. words // in little-endian order). This is the order that seems to be used in every // big number library in the worlds, so... // // The first field in the structure (allocated) is the number of words in 'd'. // This is the upper limit on the size of the number that can be held in the // structure. This differs from libraries like OpenSSL as this is not intended // to deal with numbers of arbitrary size; just numbers that are needed to deal // with the algorithms that are defined in the TPM implementation. // // The second field in the structure (size) is the number of significant words // in 'n'. When this number is zero, the number is zero. The word at used-1 should // never be zero. All words between d[size] and d[allocated-1] should be zero. //** Defines #ifndef _BN_NUMBERS_H #define _BN_NUMBERS_H #if RADIX_BITS == 64 # define RADIX_LOG2 6 #elif RADIX_BITS == 32 #define RADIX_LOG2 5 #else # error "Unsupported radix" #endif #define RADIX_MOD(x) ((x) & ((1 << RADIX_LOG2) - 1)) #define RADIX_DIV(x) ((x) >> RADIX_LOG2) #define RADIX_MASK ((((crypt_uword_t)1) << RADIX_LOG2) - 1) #define BITS_TO_CRYPT_WORDS(bits) RADIX_DIV((bits) + (RADIX_BITS - 1)) #define BYTES_TO_CRYPT_WORDS(bytes) BITS_TO_CRYPT_WORDS(bytes * 8) #define SIZE_IN_CRYPT_WORDS(thing) BYTES_TO_CRYPT_WORDS(sizeof(thing)) #if RADIX_BITS == 64 #define SWAP_CRYPT_WORD(x) REVERSE_ENDIAN_64(x) typedef uint64_t crypt_uword_t; typedef int64_t crypt_word_t; # define TO_CRYPT_WORD_64 BIG_ENDIAN_BYTES_TO_UINT64 # define TO_CRYPT_WORD_32(a, b, c, d) TO_CRYPT_WORD_64(0, 0, 0, 0, a, b, c, d) #elif RADIX_BITS == 32 # define SWAP_CRYPT_WORD(x) REVERSE_ENDIAN_32((x)) typedef uint32_t crypt_uword_t; typedef int32_t crypt_word_t; # define TO_CRYPT_WORD_64(a, b, c, d, e, f, g, h) \ BIG_ENDIAN_BYTES_TO_UINT32(e, f, g, h), \ BIG_ENDIAN_BYTES_TO_UINT32(a, b, c, d) #endif #define MAX_CRYPT_UWORD (~((crypt_uword_t)0)) #define MAX_CRYPT_WORD ((crypt_word_t)(MAX_CRYPT_UWORD >> 1)) #define MIN_CRYPT_WORD (~MAX_CRYPT_WORD) #define LARGEST_NUMBER (MAX((ALG_RSA * MAX_RSA_KEY_BYTES), \ MAX((ALG_ECC * MAX_ECC_KEY_BYTES), MAX_DIGEST_SIZE))) #define LARGEST_NUMBER_BITS (LARGEST_NUMBER * 8) #define MAX_ECC_PARAMETER_BYTES (MAX_ECC_KEY_BYTES * ALG_ECC) // These are the basic big number formats. This is convertible to the library- // specific format without to much difficulty. For the math performed using // these numbers, the value is always positive. #define BN_STRUCT_DEF(count) struct { \ crypt_uword_t allocated; \ crypt_uword_t size; \ crypt_uword_t d[count]; \ } typedef BN_STRUCT_DEF(1) bignum_t; #ifndef bigNum typedef bignum_t *bigNum; typedef const bignum_t *bigConst; #endif extern const bignum_t BnConstZero; // The Functions to access the properties of a big number. // Get number of allocated words #define BnGetAllocated(x) (unsigned)((x)->allocated) // Get number of words used #define BnGetSize(x) ((x)->size) // Get a pointer to the data array #define BnGetArray(x) ((crypt_uword_t *)&((x)->d[0])) // Get the nth word of a BIGNUM (zero-based) #define BnGetWord(x, i) (crypt_uword_t)((x)->d[i]) // Some things that are done often. // Test to see if a bignum_t is equal to zero #define BnEqualZero(bn) (BnGetSize(bn) == 0) // Test to see if a bignum_t is equal to a word type #define BnEqualWord(bn, word) \ ((BnGetSize(bn) == 1) && (BnGetWord(bn, 0) == (crypt_uword_t)word)) // Determine if a BIGNUM is even. A zero is even. Although the // indication that a number is zero is that it's size is zero, // all words of the number are 0 so this test works on zero. #define BnIsEven(n) ((BnGetWord(n, 0) & 1) == 0) // The macros below are used to define BIGNUM values of the required // size. The values are allocated on the stack so they can be // treated like simple local values. // This will call the initialization function for a defined bignum_t. // This sets the allocated and used fields and clears the words of 'n'. #define BN_INIT(name) \ (bigNum)BnInit((bigNum)&(name), \ BYTES_TO_CRYPT_WORDS(sizeof(name.d))) // In some cases, a function will need the address of the structure // associated with a variable. The structure for a BIGNUM variable // of 'name' is 'name_'. Generally, when the structure is created, it // is initialized and a parameter is created with a pointer to the // structure. The pointer has the 'name' and the structure it points // to is 'name_' #define BN_ADDRESS(name) (bigNum)&name##_ #define BN_STRUCT_ALLOCATION(bits) (BITS_TO_CRYPT_WORDS(bits) + 1) // Create a structure of the correct size. #define BN_STRUCT(bits) \ BN_STRUCT_DEF(BN_STRUCT_ALLOCATION(bits)) // Define a BIGNUM type with a specific allocation #define BN_TYPE(name, bits) \ typedef BN_STRUCT(bits) bn_##name##_t // This creates a local BIGNUM variable of a specific size and // initializes it from a TPM2B input parameter. #define BN_INITIALIZED(name, bits, initializer) \ BN_STRUCT(bits) name##_; \ bigNum name = BnFrom2B(BN_INIT(name##_), \ (const TPM2B *)initializer) // Create a local variable that can hold a number with 'bits' #define BN_VAR(name, bits) \ BN_STRUCT(bits) _##name; \ bigNum name = BN_INIT(_##name) // Create a type that can hold the largest number defined by the // implementation. #define BN_MAX(name) BN_VAR(name, LARGEST_NUMBER_BITS) #define BN_MAX_INITIALIZED(name, initializer) \ BN_INITIALIZED(name, LARGEST_NUMBER_BITS, initializer) // A word size value is useful #define BN_WORD(name) BN_VAR(name, RADIX_BITS) // This is used to created a word-size BIGNUM and initialize it with // an input parameter to a function. #define BN_WORD_INITIALIZED(name, initial) \ BN_STRUCT(RADIX_BITS) name##_; \ bigNum name = BnInitializeWord((bigNum)&name##_, \ BN_STRUCT_ALLOCATION(RADIX_BITS), initial) // ECC-Specific Values // This is the format for a point. It is always in affine format. The Z value is // carried as part of the point, primarily to simplify the interface to the support // library. Rather than have the interface layer have to create space for the // point each time it is used... // The x, y, and z values are pointers to bigNum values and not in-line versions of // the numbers. This is a relic of the days when there was no standard TPM format // for the numbers typedef struct _bn_point_t { bigNum x; bigNum y; bigNum z; } bn_point_t; typedef bn_point_t *bigPoint; typedef const bn_point_t *pointConst; typedef struct constant_point_t { bigConst x; bigConst y; bigConst z; } constant_point_t; #define ECC_BITS (MAX_ECC_KEY_BYTES * 8) BN_TYPE(ecc, ECC_BITS); #define ECC_NUM(name) BN_VAR(name, ECC_BITS) #define ECC_INITIALIZED(name, initializer) \ BN_INITIALIZED(name, ECC_BITS, initializer) #define POINT_INSTANCE(name, bits) \ BN_STRUCT (bits) name##_x = \ {BITS_TO_CRYPT_WORDS ( bits ), 0,{0}}; \ BN_STRUCT ( bits ) name##_y = \ {BITS_TO_CRYPT_WORDS ( bits ), 0,{0}}; \ BN_STRUCT ( bits ) name##_z = \ {BITS_TO_CRYPT_WORDS ( bits ), 0,{0}}; \ bn_point_t name##_ #define POINT_INITIALIZER(name) \ BnInitializePoint(&name##_, (bigNum)&name##_x, \ (bigNum)&name##_y, (bigNum)&name##_z) #define POINT_INITIALIZED(name, initValue) \ POINT_INSTANCE(name, MAX_ECC_KEY_BITS); \ bigPoint name = BnPointFrom2B( \ POINT_INITIALIZER(name), \ initValue) #define POINT_VAR(name, bits) \ POINT_INSTANCE (name, bits); \ bigPoint name = POINT_INITIALIZER(name) #define POINT(name) POINT_VAR(name, MAX_ECC_KEY_BITS) // Structure for the curve parameters. This is an analog to the // TPMS_ALGORITHM_DETAIL_ECC typedef struct { bigConst prime; // a prime number bigConst order; // the order of the curve bigConst h; // cofactor bigConst a; // linear coefficient bigConst b; // constant term constant_point_t base; // base point } ECC_CURVE_DATA; // Access macros for the ECC_CURVE structure. The parameter 'C' is a pointer // to an ECC_CURVE_DATA structure. In some libraries, the curve structure contains // a pointer to an ECC_CURVE_DATA structure as well as some other bits. For those // cases, the AccessCurveData macro is used in the code to first get the pointer // to the ECC_CURVE_DATA for access. In some cases, the macro does noting. #define CurveGetPrime(C) ((C)->prime) #define CurveGetOrder(C) ((C)->order) #define CurveGetCofactor(C) ((C)->h) #define CurveGet_a(C) ((C)->a) #define CurveGet_b(C) ((C)->b) #define CurveGetG(C) ((pointConst)&((C)->base)) #define CurveGetGx(C) ((C)->base.x) #define CurveGetGy(C) ((C)->base.y) // Convert bytes in initializers according to the endianess of the system. // This is used for CryptEccData.c. #define BIG_ENDIAN_BYTES_TO_UINT32(a, b, c, d) \ ( ((UINT32)(a) << 24) \ + ((UINT32)(b) << 16) \ + ((UINT32)(c) << 8) \ + ((UINT32)(d)) \ ) #define BIG_ENDIAN_BYTES_TO_UINT64(a, b, c, d, e, f, g, h) \ ( ((UINT64)(a) << 56) \ + ((UINT64)(b) << 48) \ + ((UINT64)(c) << 40) \ + ((UINT64)(d) << 32) \ + ((UINT64)(e) << 24) \ + ((UINT64)(f) << 16) \ + ((UINT64)(g) << 8) \ + ((UINT64)(h)) \ ) #ifndef RADIX_BYTES # if RADIX_BITS == 32 # define RADIX_BYTES 4 # elif RADIX_BITS == 64 # define RADIX_BYTES 8 # else # error "RADIX_BITS must either be 32 or 64" # endif #endif // Add implementation dependent definitions for other ECC Values and for linkages. #include LIB_INCLUDE(MATH_LIB, Math) #endif // _BN_NUMBERS_Hgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Capabilities.h000066400000000000000000000047011510276467000263730ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #ifndef _CAPABILITIES_H #define _CAPABILITIES_H #define MAX_CAP_DATA (MAX_CAP_BUFFER - sizeof(TPM_CAP)-sizeof(UINT32)) #define MAX_CAP_ALGS (MAX_CAP_DATA / sizeof(TPMS_ALG_PROPERTY)) #define MAX_CAP_HANDLES (MAX_CAP_DATA / sizeof(TPM_HANDLE)) #define MAX_CAP_CC (MAX_CAP_DATA / sizeof(TPM_CC)) #define MAX_TPM_PROPERTIES (MAX_CAP_DATA / sizeof(TPMS_TAGGED_PROPERTY)) #define MAX_PCR_PROPERTIES (MAX_CAP_DATA / sizeof(TPMS_TAGGED_PCR_SELECT)) #define MAX_ECC_CURVES (MAX_CAP_DATA / sizeof(TPM_ECC_CURVE)) #define MAX_TAGGED_POLICIES (MAX_CAP_DATA / sizeof(TPMS_TAGGED_POLICY)) #define MAX_AC_CAPABILITIES (MAX_CAP_DATA / sizeof(TPMS_AC_OUTPUT)) #endif go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CommandAttributeData.h000066400000000000000000001064471510276467000300500ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 3.0 June 16, 2017 * Date: Oct 9, 2018 Time: 07:25:18PM */ // This file should only be included by CommandCodeAttibutes.c #ifdef _COMMAND_CODE_ATTRIBUTES_ #include "CommandAttributes.h" #if COMPRESSED_LISTS # define PAD_LIST 0 #else # define PAD_LIST 1 #endif // This is the command code attribute array for GetCapability. // Both this array and s_commandAttributes provides command code attributes, // but tuned for different purpose const TPMA_CC s_ccAttr [] = { #if (PAD_LIST || CC_NV_UndefineSpaceSpecial) TPMA_CC_INITIALIZER(0x011F, 0, 1, 0, 0, 2, 0, 0, 0), #endif #if (PAD_LIST || CC_EvictControl) TPMA_CC_INITIALIZER(0x0120, 0, 1, 0, 0, 2, 0, 0, 0), #endif #if (PAD_LIST || CC_HierarchyControl) TPMA_CC_INITIALIZER(0x0121, 0, 1, 1, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_NV_UndefineSpace) TPMA_CC_INITIALIZER(0x0122, 0, 1, 0, 0, 2, 0, 0, 0), #endif #if (PAD_LIST ) TPMA_CC_INITIALIZER(0x0123, 0, 0, 0, 0, 0, 0, 0, 0), #endif #if (PAD_LIST || CC_ChangeEPS) TPMA_CC_INITIALIZER(0x0124, 0, 1, 1, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_ChangePPS) TPMA_CC_INITIALIZER(0x0125, 0, 1, 1, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_Clear) TPMA_CC_INITIALIZER(0x0126, 0, 1, 1, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_ClearControl) TPMA_CC_INITIALIZER(0x0127, 0, 1, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_ClockSet) TPMA_CC_INITIALIZER(0x0128, 0, 1, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_HierarchyChangeAuth) TPMA_CC_INITIALIZER(0x0129, 0, 1, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_NV_DefineSpace) TPMA_CC_INITIALIZER(0x012A, 0, 1, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_PCR_Allocate) TPMA_CC_INITIALIZER(0x012B, 0, 1, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_PCR_SetAuthPolicy) TPMA_CC_INITIALIZER(0x012C, 0, 1, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_PP_Commands) TPMA_CC_INITIALIZER(0x012D, 0, 1, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_SetPrimaryPolicy) TPMA_CC_INITIALIZER(0x012E, 0, 1, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_FieldUpgradeStart) TPMA_CC_INITIALIZER(0x012F, 0, 0, 0, 0, 2, 0, 0, 0), #endif #if (PAD_LIST || CC_ClockRateAdjust) TPMA_CC_INITIALIZER(0x0130, 0, 0, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_CreatePrimary) TPMA_CC_INITIALIZER(0x0131, 0, 0, 0, 0, 1, 1, 0, 0), #endif #if (PAD_LIST || CC_NV_GlobalWriteLock) TPMA_CC_INITIALIZER(0x0132, 0, 1, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_GetCommandAuditDigest) TPMA_CC_INITIALIZER(0x0133, 0, 1, 0, 0, 2, 0, 0, 0), #endif #if (PAD_LIST || CC_NV_Increment) TPMA_CC_INITIALIZER(0x0134, 0, 1, 0, 0, 2, 0, 0, 0), #endif #if (PAD_LIST || CC_NV_SetBits) TPMA_CC_INITIALIZER(0x0135, 0, 1, 0, 0, 2, 0, 0, 0), #endif #if (PAD_LIST || CC_NV_Extend) TPMA_CC_INITIALIZER(0x0136, 0, 1, 0, 0, 2, 0, 0, 0), #endif #if (PAD_LIST || CC_NV_Write) TPMA_CC_INITIALIZER(0x0137, 0, 1, 0, 0, 2, 0, 0, 0), #endif #if (PAD_LIST || CC_NV_WriteLock) TPMA_CC_INITIALIZER(0x0138, 0, 1, 0, 0, 2, 0, 0, 0), #endif #if (PAD_LIST || CC_DictionaryAttackLockReset) TPMA_CC_INITIALIZER(0x0139, 0, 1, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_DictionaryAttackParameters) TPMA_CC_INITIALIZER(0x013A, 0, 1, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_NV_ChangeAuth) TPMA_CC_INITIALIZER(0x013B, 0, 1, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_PCR_Event) TPMA_CC_INITIALIZER(0x013C, 0, 1, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_PCR_Reset) TPMA_CC_INITIALIZER(0x013D, 0, 1, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_SequenceComplete) TPMA_CC_INITIALIZER(0x013E, 0, 0, 0, 1, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_SetAlgorithmSet) TPMA_CC_INITIALIZER(0x013F, 0, 1, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_SetCommandCodeAuditStatus) TPMA_CC_INITIALIZER(0x0140, 0, 1, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_FieldUpgradeData) TPMA_CC_INITIALIZER(0x0141, 0, 1, 0, 0, 0, 0, 0, 0), #endif #if (PAD_LIST || CC_IncrementalSelfTest) TPMA_CC_INITIALIZER(0x0142, 0, 1, 0, 0, 0, 0, 0, 0), #endif #if (PAD_LIST || CC_SelfTest) TPMA_CC_INITIALIZER(0x0143, 0, 1, 0, 0, 0, 0, 0, 0), #endif #if (PAD_LIST || CC_Startup) TPMA_CC_INITIALIZER(0x0144, 0, 1, 0, 0, 0, 0, 0, 0), #endif #if (PAD_LIST || CC_Shutdown) TPMA_CC_INITIALIZER(0x0145, 0, 1, 0, 0, 0, 0, 0, 0), #endif #if (PAD_LIST || CC_StirRandom) TPMA_CC_INITIALIZER(0x0146, 0, 1, 0, 0, 0, 0, 0, 0), #endif #if (PAD_LIST || CC_ActivateCredential) TPMA_CC_INITIALIZER(0x0147, 0, 0, 0, 0, 2, 0, 0, 0), #endif #if (PAD_LIST || CC_Certify) TPMA_CC_INITIALIZER(0x0148, 0, 0, 0, 0, 2, 0, 0, 0), #endif #if (PAD_LIST || CC_PolicyNV) TPMA_CC_INITIALIZER(0x0149, 0, 0, 0, 0, 3, 0, 0, 0), #endif #if (PAD_LIST || CC_CertifyCreation) TPMA_CC_INITIALIZER(0x014A, 0, 0, 0, 0, 2, 0, 0, 0), #endif #if (PAD_LIST || CC_Duplicate) TPMA_CC_INITIALIZER(0x014B, 0, 0, 0, 0, 2, 0, 0, 0), #endif #if (PAD_LIST || CC_GetTime) TPMA_CC_INITIALIZER(0x014C, 0, 0, 0, 0, 2, 0, 0, 0), #endif #if (PAD_LIST || CC_GetSessionAuditDigest) TPMA_CC_INITIALIZER(0x014D, 0, 0, 0, 0, 3, 0, 0, 0), #endif #if (PAD_LIST || CC_NV_Read) TPMA_CC_INITIALIZER(0x014E, 0, 0, 0, 0, 2, 0, 0, 0), #endif #if (PAD_LIST || CC_NV_ReadLock) TPMA_CC_INITIALIZER(0x014F, 0, 1, 0, 0, 2, 0, 0, 0), #endif #if (PAD_LIST || CC_ObjectChangeAuth) TPMA_CC_INITIALIZER(0x0150, 0, 0, 0, 0, 2, 0, 0, 0), #endif #if (PAD_LIST || CC_PolicySecret) TPMA_CC_INITIALIZER(0x0151, 0, 0, 0, 0, 2, 0, 0, 0), #endif #if (PAD_LIST || CC_Rewrap) TPMA_CC_INITIALIZER(0x0152, 0, 0, 0, 0, 2, 0, 0, 0), #endif #if (PAD_LIST || CC_Create) TPMA_CC_INITIALIZER(0x0153, 0, 0, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_ECDH_ZGen) TPMA_CC_INITIALIZER(0x0154, 0, 0, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || (CC_HMAC || CC_MAC)) TPMA_CC_INITIALIZER(0x0155, 0, 0, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_Import) TPMA_CC_INITIALIZER(0x0156, 0, 0, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_Load) TPMA_CC_INITIALIZER(0x0157, 0, 0, 0, 0, 1, 1, 0, 0), #endif #if (PAD_LIST || CC_Quote) TPMA_CC_INITIALIZER(0x0158, 0, 0, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_RSA_Decrypt) TPMA_CC_INITIALIZER(0x0159, 0, 0, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST ) TPMA_CC_INITIALIZER(0x015A, 0, 0, 0, 0, 0, 0, 0, 0), #endif #if (PAD_LIST || (CC_HMAC_Start || CC_MAC_Start)) TPMA_CC_INITIALIZER(0x015B, 0, 0, 0, 0, 1, 1, 0, 0), #endif #if (PAD_LIST || CC_SequenceUpdate) TPMA_CC_INITIALIZER(0x015C, 0, 0, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_Sign) TPMA_CC_INITIALIZER(0x015D, 0, 0, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_Unseal) TPMA_CC_INITIALIZER(0x015E, 0, 0, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST ) TPMA_CC_INITIALIZER(0x015F, 0, 0, 0, 0, 0, 0, 0, 0), #endif #if (PAD_LIST || CC_PolicySigned) TPMA_CC_INITIALIZER(0x0160, 0, 0, 0, 0, 2, 0, 0, 0), #endif #if (PAD_LIST || CC_ContextLoad) TPMA_CC_INITIALIZER(0x0161, 0, 0, 0, 0, 0, 1, 0, 0), #endif #if (PAD_LIST || CC_ContextSave) TPMA_CC_INITIALIZER(0x0162, 0, 0, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_ECDH_KeyGen) TPMA_CC_INITIALIZER(0x0163, 0, 0, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_EncryptDecrypt) TPMA_CC_INITIALIZER(0x0164, 0, 0, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_FlushContext) TPMA_CC_INITIALIZER(0x0165, 0, 0, 0, 0, 0, 0, 0, 0), #endif #if (PAD_LIST ) TPMA_CC_INITIALIZER(0x0166, 0, 0, 0, 0, 0, 0, 0, 0), #endif #if (PAD_LIST || CC_LoadExternal) TPMA_CC_INITIALIZER(0x0167, 0, 0, 0, 0, 0, 1, 0, 0), #endif #if (PAD_LIST || CC_MakeCredential) TPMA_CC_INITIALIZER(0x0168, 0, 0, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_NV_ReadPublic) TPMA_CC_INITIALIZER(0x0169, 0, 0, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_PolicyAuthorize) TPMA_CC_INITIALIZER(0x016A, 0, 0, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_PolicyAuthValue) TPMA_CC_INITIALIZER(0x016B, 0, 0, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_PolicyCommandCode) TPMA_CC_INITIALIZER(0x016C, 0, 0, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_PolicyCounterTimer) TPMA_CC_INITIALIZER(0x016D, 0, 0, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_PolicyCpHash) TPMA_CC_INITIALIZER(0x016E, 0, 0, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_PolicyLocality) TPMA_CC_INITIALIZER(0x016F, 0, 0, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_PolicyNameHash) TPMA_CC_INITIALIZER(0x0170, 0, 0, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_PolicyOR) TPMA_CC_INITIALIZER(0x0171, 0, 0, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_PolicyTicket) TPMA_CC_INITIALIZER(0x0172, 0, 0, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_ReadPublic) TPMA_CC_INITIALIZER(0x0173, 0, 0, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_RSA_Encrypt) TPMA_CC_INITIALIZER(0x0174, 0, 0, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST ) TPMA_CC_INITIALIZER(0x0175, 0, 0, 0, 0, 0, 0, 0, 0), #endif #if (PAD_LIST || CC_StartAuthSession) TPMA_CC_INITIALIZER(0x0176, 0, 0, 0, 0, 2, 1, 0, 0), #endif #if (PAD_LIST || CC_VerifySignature) TPMA_CC_INITIALIZER(0x0177, 0, 0, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_ECC_Parameters) TPMA_CC_INITIALIZER(0x0178, 0, 0, 0, 0, 0, 0, 0, 0), #endif #if (PAD_LIST || CC_FirmwareRead) TPMA_CC_INITIALIZER(0x0179, 0, 0, 0, 0, 0, 0, 0, 0), #endif #if (PAD_LIST || CC_GetCapability) TPMA_CC_INITIALIZER(0x017A, 0, 0, 0, 0, 0, 0, 0, 0), #endif #if (PAD_LIST || CC_GetRandom) TPMA_CC_INITIALIZER(0x017B, 0, 0, 0, 0, 0, 0, 0, 0), #endif #if (PAD_LIST || CC_GetTestResult) TPMA_CC_INITIALIZER(0x017C, 0, 0, 0, 0, 0, 0, 0, 0), #endif #if (PAD_LIST || CC_Hash) TPMA_CC_INITIALIZER(0x017D, 0, 0, 0, 0, 0, 0, 0, 0), #endif #if (PAD_LIST || CC_PCR_Read) TPMA_CC_INITIALIZER(0x017E, 0, 0, 0, 0, 0, 0, 0, 0), #endif #if (PAD_LIST || CC_PolicyPCR) TPMA_CC_INITIALIZER(0x017F, 0, 0, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_PolicyRestart) TPMA_CC_INITIALIZER(0x0180, 0, 0, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_ReadClock) TPMA_CC_INITIALIZER(0x0181, 0, 0, 0, 0, 0, 0, 0, 0), #endif #if (PAD_LIST || CC_PCR_Extend) TPMA_CC_INITIALIZER(0x0182, 0, 1, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_PCR_SetAuthValue) TPMA_CC_INITIALIZER(0x0183, 0, 0, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_NV_Certify) TPMA_CC_INITIALIZER(0x0184, 0, 0, 0, 0, 3, 0, 0, 0), #endif #if (PAD_LIST || CC_EventSequenceComplete) TPMA_CC_INITIALIZER(0x0185, 0, 1, 0, 1, 2, 0, 0, 0), #endif #if (PAD_LIST || CC_HashSequenceStart) TPMA_CC_INITIALIZER(0x0186, 0, 0, 0, 0, 0, 1, 0, 0), #endif #if (PAD_LIST || CC_PolicyPhysicalPresence) TPMA_CC_INITIALIZER(0x0187, 0, 0, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_PolicyDuplicationSelect) TPMA_CC_INITIALIZER(0x0188, 0, 0, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_PolicyGetDigest) TPMA_CC_INITIALIZER(0x0189, 0, 0, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_TestParms) TPMA_CC_INITIALIZER(0x018A, 0, 0, 0, 0, 0, 0, 0, 0), #endif #if (PAD_LIST || CC_Commit) TPMA_CC_INITIALIZER(0x018B, 0, 0, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_PolicyPassword) TPMA_CC_INITIALIZER(0x018C, 0, 0, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_ZGen_2Phase) TPMA_CC_INITIALIZER(0x018D, 0, 0, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_EC_Ephemeral) TPMA_CC_INITIALIZER(0x018E, 0, 0, 0, 0, 0, 0, 0, 0), #endif #if (PAD_LIST || CC_PolicyNvWritten) TPMA_CC_INITIALIZER(0x018F, 0, 0, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_PolicyTemplate) TPMA_CC_INITIALIZER(0x0190, 0, 0, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_CreateLoaded) TPMA_CC_INITIALIZER(0x0191, 0, 0, 0, 0, 1, 1, 0, 0), #endif #if (PAD_LIST || CC_PolicyAuthorizeNV) TPMA_CC_INITIALIZER(0x0192, 0, 0, 0, 0, 3, 0, 0, 0), #endif #if (PAD_LIST || CC_EncryptDecrypt2) TPMA_CC_INITIALIZER(0x0193, 0, 0, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_AC_GetCapability) TPMA_CC_INITIALIZER(0x0194, 0, 0, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_AC_Send) TPMA_CC_INITIALIZER(0x0195, 0, 0, 0, 0, 3, 0, 0, 0), #endif #if (PAD_LIST || CC_Policy_AC_SendSelect) TPMA_CC_INITIALIZER(0x0196, 0, 0, 0, 0, 1, 0, 0, 0), #endif #if (PAD_LIST || CC_CertifyX509) TPMA_CC_INITIALIZER(0x0197, 0, 0, 0, 0, 2, 0, 0, 0), #endif #if (PAD_LIST || CC_Vendor_TCG_Test) TPMA_CC_INITIALIZER(0x0000, 0, 0, 0, 0, 0, 0, 1, 0), #endif TPMA_ZERO_INITIALIZER() }; // This is the command code attribute structure. const COMMAND_ATTRIBUTES s_commandAttributes [] = { #if (PAD_LIST || CC_NV_UndefineSpaceSpecial) (COMMAND_ATTRIBUTES)(CC_NV_UndefineSpaceSpecial * // 0x011F (IS_IMPLEMENTED+HANDLE_1_ADMIN+HANDLE_2_USER+PP_COMMAND)), #endif #if (PAD_LIST || CC_EvictControl) (COMMAND_ATTRIBUTES)(CC_EvictControl * // 0x0120 (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), #endif #if (PAD_LIST || CC_HierarchyControl) (COMMAND_ATTRIBUTES)(CC_HierarchyControl * // 0x0121 (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), #endif #if (PAD_LIST || CC_NV_UndefineSpace) (COMMAND_ATTRIBUTES)(CC_NV_UndefineSpace * // 0x0122 (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), #endif #if (PAD_LIST ) (COMMAND_ATTRIBUTES)(0), // 0x0123 #endif #if (PAD_LIST || CC_ChangeEPS) (COMMAND_ATTRIBUTES)(CC_ChangeEPS * // 0x0124 (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), #endif #if (PAD_LIST || CC_ChangePPS) (COMMAND_ATTRIBUTES)(CC_ChangePPS * // 0x0125 (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), #endif #if (PAD_LIST || CC_Clear) (COMMAND_ATTRIBUTES)(CC_Clear * // 0x0126 (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), #endif #if (PAD_LIST || CC_ClearControl) (COMMAND_ATTRIBUTES)(CC_ClearControl * // 0x0127 (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), #endif #if (PAD_LIST || CC_ClockSet) (COMMAND_ATTRIBUTES)(CC_ClockSet * // 0x0128 (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), #endif #if (PAD_LIST || CC_HierarchyChangeAuth) (COMMAND_ATTRIBUTES)(CC_HierarchyChangeAuth * // 0x0129 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND)), #endif #if (PAD_LIST || CC_NV_DefineSpace) (COMMAND_ATTRIBUTES)(CC_NV_DefineSpace * // 0x012A (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND)), #endif #if (PAD_LIST || CC_PCR_Allocate) (COMMAND_ATTRIBUTES)(CC_PCR_Allocate * // 0x012B (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), #endif #if (PAD_LIST || CC_PCR_SetAuthPolicy) (COMMAND_ATTRIBUTES)(CC_PCR_SetAuthPolicy * // 0x012C (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND)), #endif #if (PAD_LIST || CC_PP_Commands) (COMMAND_ATTRIBUTES)(CC_PP_Commands * // 0x012D (IS_IMPLEMENTED+HANDLE_1_USER+PP_REQUIRED)), #endif #if (PAD_LIST || CC_SetPrimaryPolicy) (COMMAND_ATTRIBUTES)(CC_SetPrimaryPolicy * // 0x012E (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND)), #endif #if (PAD_LIST || CC_FieldUpgradeStart) (COMMAND_ATTRIBUTES)(CC_FieldUpgradeStart * // 0x012F (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN+PP_COMMAND)), #endif #if (PAD_LIST || CC_ClockRateAdjust) (COMMAND_ATTRIBUTES)(CC_ClockRateAdjust * // 0x0130 (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), #endif #if (PAD_LIST || CC_CreatePrimary) (COMMAND_ATTRIBUTES)(CC_CreatePrimary * // 0x0131 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND+ENCRYPT_2+R_HANDLE)), #endif #if (PAD_LIST || CC_NV_GlobalWriteLock) (COMMAND_ATTRIBUTES)(CC_NV_GlobalWriteLock * // 0x0132 (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), #endif #if (PAD_LIST || CC_GetCommandAuditDigest) (COMMAND_ATTRIBUTES)(CC_GetCommandAuditDigest * // 0x0133 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+HANDLE_2_USER+ENCRYPT_2)), #endif #if (PAD_LIST || CC_NV_Increment) (COMMAND_ATTRIBUTES)(CC_NV_Increment * // 0x0134 (IS_IMPLEMENTED+HANDLE_1_USER)), #endif #if (PAD_LIST || CC_NV_SetBits) (COMMAND_ATTRIBUTES)(CC_NV_SetBits * // 0x0135 (IS_IMPLEMENTED+HANDLE_1_USER)), #endif #if (PAD_LIST || CC_NV_Extend) (COMMAND_ATTRIBUTES)(CC_NV_Extend * // 0x0136 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)), #endif #if (PAD_LIST || CC_NV_Write) (COMMAND_ATTRIBUTES)(CC_NV_Write * // 0x0137 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)), #endif #if (PAD_LIST || CC_NV_WriteLock) (COMMAND_ATTRIBUTES)(CC_NV_WriteLock * // 0x0138 (IS_IMPLEMENTED+HANDLE_1_USER)), #endif #if (PAD_LIST || CC_DictionaryAttackLockReset) (COMMAND_ATTRIBUTES)(CC_DictionaryAttackLockReset * // 0x0139 (IS_IMPLEMENTED+HANDLE_1_USER)), #endif #if (PAD_LIST || CC_DictionaryAttackParameters) (COMMAND_ATTRIBUTES)(CC_DictionaryAttackParameters * // 0x013A (IS_IMPLEMENTED+HANDLE_1_USER)), #endif #if (PAD_LIST || CC_NV_ChangeAuth) (COMMAND_ATTRIBUTES)(CC_NV_ChangeAuth * // 0x013B (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN)), #endif #if (PAD_LIST || CC_PCR_Event) (COMMAND_ATTRIBUTES)(CC_PCR_Event * // 0x013C (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)), #endif #if (PAD_LIST || CC_PCR_Reset) (COMMAND_ATTRIBUTES)(CC_PCR_Reset * // 0x013D (IS_IMPLEMENTED+HANDLE_1_USER)), #endif #if (PAD_LIST || CC_SequenceComplete) (COMMAND_ATTRIBUTES)(CC_SequenceComplete * // 0x013E (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), #endif #if (PAD_LIST || CC_SetAlgorithmSet) (COMMAND_ATTRIBUTES)(CC_SetAlgorithmSet * // 0x013F (IS_IMPLEMENTED+HANDLE_1_USER)), #endif #if (PAD_LIST || CC_SetCommandCodeAuditStatus) (COMMAND_ATTRIBUTES)(CC_SetCommandCodeAuditStatus * // 0x0140 (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), #endif #if (PAD_LIST || CC_FieldUpgradeData) (COMMAND_ATTRIBUTES)(CC_FieldUpgradeData * // 0x0141 (IS_IMPLEMENTED+DECRYPT_2)), #endif #if (PAD_LIST || CC_IncrementalSelfTest) (COMMAND_ATTRIBUTES)(CC_IncrementalSelfTest * // 0x0142 (IS_IMPLEMENTED)), #endif #if (PAD_LIST || CC_SelfTest) (COMMAND_ATTRIBUTES)(CC_SelfTest * // 0x0143 (IS_IMPLEMENTED)), #endif #if (PAD_LIST || CC_Startup) (COMMAND_ATTRIBUTES)(CC_Startup * // 0x0144 (IS_IMPLEMENTED+NO_SESSIONS)), #endif #if (PAD_LIST || CC_Shutdown) (COMMAND_ATTRIBUTES)(CC_Shutdown * // 0x0145 (IS_IMPLEMENTED)), #endif #if (PAD_LIST || CC_StirRandom) (COMMAND_ATTRIBUTES)(CC_StirRandom * // 0x0146 (IS_IMPLEMENTED+DECRYPT_2)), #endif #if (PAD_LIST || CC_ActivateCredential) (COMMAND_ATTRIBUTES)(CC_ActivateCredential * // 0x0147 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN+HANDLE_2_USER+ENCRYPT_2)), #endif #if (PAD_LIST || CC_Certify) (COMMAND_ATTRIBUTES)(CC_Certify * // 0x0148 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN+HANDLE_2_USER+ENCRYPT_2)), #endif #if (PAD_LIST || CC_PolicyNV) (COMMAND_ATTRIBUTES)(CC_PolicyNV * // 0x0149 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ALLOW_TRIAL)), #endif #if (PAD_LIST || CC_CertifyCreation) (COMMAND_ATTRIBUTES)(CC_CertifyCreation * // 0x014A (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), #endif #if (PAD_LIST || CC_Duplicate) (COMMAND_ATTRIBUTES)(CC_Duplicate * // 0x014B (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_DUP+ENCRYPT_2)), #endif #if (PAD_LIST || CC_GetTime) (COMMAND_ATTRIBUTES)(CC_GetTime * // 0x014C (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+HANDLE_2_USER+ENCRYPT_2)), #endif #if (PAD_LIST || CC_GetSessionAuditDigest) (COMMAND_ATTRIBUTES)(CC_GetSessionAuditDigest * // 0x014D (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+HANDLE_2_USER+ENCRYPT_2)), #endif #if (PAD_LIST || CC_NV_Read) (COMMAND_ATTRIBUTES)(CC_NV_Read * // 0x014E (IS_IMPLEMENTED+HANDLE_1_USER+ENCRYPT_2)), #endif #if (PAD_LIST || CC_NV_ReadLock) (COMMAND_ATTRIBUTES)(CC_NV_ReadLock * // 0x014F (IS_IMPLEMENTED+HANDLE_1_USER)), #endif #if (PAD_LIST || CC_ObjectChangeAuth) (COMMAND_ATTRIBUTES)(CC_ObjectChangeAuth * // 0x0150 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN+ENCRYPT_2)), #endif #if (PAD_LIST || CC_PolicySecret) (COMMAND_ATTRIBUTES)(CC_PolicySecret * // 0x0151 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ALLOW_TRIAL+ENCRYPT_2)), #endif #if (PAD_LIST || CC_Rewrap) (COMMAND_ATTRIBUTES)(CC_Rewrap * // 0x0152 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), #endif #if (PAD_LIST || CC_Create) (COMMAND_ATTRIBUTES)(CC_Create * // 0x0153 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), #endif #if (PAD_LIST || CC_ECDH_ZGen) (COMMAND_ATTRIBUTES)(CC_ECDH_ZGen * // 0x0154 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), #endif #if (PAD_LIST || (CC_HMAC || CC_MAC)) (COMMAND_ATTRIBUTES)((CC_HMAC || CC_MAC) * // 0x0155 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), #endif #if (PAD_LIST || CC_Import) (COMMAND_ATTRIBUTES)(CC_Import * // 0x0156 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), #endif #if (PAD_LIST || CC_Load) (COMMAND_ATTRIBUTES)(CC_Load * // 0x0157 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2+R_HANDLE)), #endif #if (PAD_LIST || CC_Quote) (COMMAND_ATTRIBUTES)(CC_Quote * // 0x0158 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), #endif #if (PAD_LIST || CC_RSA_Decrypt) (COMMAND_ATTRIBUTES)(CC_RSA_Decrypt * // 0x0159 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), #endif #if (PAD_LIST ) (COMMAND_ATTRIBUTES)(0), // 0x015A #endif #if (PAD_LIST || (CC_HMAC_Start || CC_MAC_Start)) (COMMAND_ATTRIBUTES)((CC_HMAC_Start || CC_MAC_Start) * // 0x015B (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+R_HANDLE)), #endif #if (PAD_LIST || CC_SequenceUpdate) (COMMAND_ATTRIBUTES)(CC_SequenceUpdate * // 0x015C (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)), #endif #if (PAD_LIST || CC_Sign) (COMMAND_ATTRIBUTES)(CC_Sign * // 0x015D (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)), #endif #if (PAD_LIST || CC_Unseal) (COMMAND_ATTRIBUTES)(CC_Unseal * // 0x015E (IS_IMPLEMENTED+HANDLE_1_USER+ENCRYPT_2)), #endif #if (PAD_LIST ) (COMMAND_ATTRIBUTES)(0), // 0x015F #endif #if (PAD_LIST || CC_PolicySigned) (COMMAND_ATTRIBUTES)(CC_PolicySigned * // 0x0160 (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL+ENCRYPT_2)), #endif #if (PAD_LIST || CC_ContextLoad) (COMMAND_ATTRIBUTES)(CC_ContextLoad * // 0x0161 (IS_IMPLEMENTED+NO_SESSIONS+R_HANDLE)), #endif #if (PAD_LIST || CC_ContextSave) (COMMAND_ATTRIBUTES)(CC_ContextSave * // 0x0162 (IS_IMPLEMENTED+NO_SESSIONS)), #endif #if (PAD_LIST || CC_ECDH_KeyGen) (COMMAND_ATTRIBUTES)(CC_ECDH_KeyGen * // 0x0163 (IS_IMPLEMENTED+ENCRYPT_2)), #endif #if (PAD_LIST || CC_EncryptDecrypt) (COMMAND_ATTRIBUTES)(CC_EncryptDecrypt * // 0x0164 (IS_IMPLEMENTED+HANDLE_1_USER+ENCRYPT_2)), #endif #if (PAD_LIST || CC_FlushContext) (COMMAND_ATTRIBUTES)(CC_FlushContext * // 0x0165 (IS_IMPLEMENTED+NO_SESSIONS)), #endif #if (PAD_LIST ) (COMMAND_ATTRIBUTES)(0), // 0x0166 #endif #if (PAD_LIST || CC_LoadExternal) (COMMAND_ATTRIBUTES)(CC_LoadExternal * // 0x0167 (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2+R_HANDLE)), #endif #if (PAD_LIST || CC_MakeCredential) (COMMAND_ATTRIBUTES)(CC_MakeCredential * // 0x0168 (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2)), #endif #if (PAD_LIST || CC_NV_ReadPublic) (COMMAND_ATTRIBUTES)(CC_NV_ReadPublic * // 0x0169 (IS_IMPLEMENTED+ENCRYPT_2)), #endif #if (PAD_LIST || CC_PolicyAuthorize) (COMMAND_ATTRIBUTES)(CC_PolicyAuthorize * // 0x016A (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), #endif #if (PAD_LIST || CC_PolicyAuthValue) (COMMAND_ATTRIBUTES)(CC_PolicyAuthValue * // 0x016B (IS_IMPLEMENTED+ALLOW_TRIAL)), #endif #if (PAD_LIST || CC_PolicyCommandCode) (COMMAND_ATTRIBUTES)(CC_PolicyCommandCode * // 0x016C (IS_IMPLEMENTED+ALLOW_TRIAL)), #endif #if (PAD_LIST || CC_PolicyCounterTimer) (COMMAND_ATTRIBUTES)(CC_PolicyCounterTimer * // 0x016D (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), #endif #if (PAD_LIST || CC_PolicyCpHash) (COMMAND_ATTRIBUTES)(CC_PolicyCpHash * // 0x016E (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), #endif #if (PAD_LIST || CC_PolicyLocality) (COMMAND_ATTRIBUTES)(CC_PolicyLocality * // 0x016F (IS_IMPLEMENTED+ALLOW_TRIAL)), #endif #if (PAD_LIST || CC_PolicyNameHash) (COMMAND_ATTRIBUTES)(CC_PolicyNameHash * // 0x0170 (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), #endif #if (PAD_LIST || CC_PolicyOR) (COMMAND_ATTRIBUTES)(CC_PolicyOR * // 0x0171 (IS_IMPLEMENTED+ALLOW_TRIAL)), #endif #if (PAD_LIST || CC_PolicyTicket) (COMMAND_ATTRIBUTES)(CC_PolicyTicket * // 0x0172 (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), #endif #if (PAD_LIST || CC_ReadPublic) (COMMAND_ATTRIBUTES)(CC_ReadPublic * // 0x0173 (IS_IMPLEMENTED+ENCRYPT_2)), #endif #if (PAD_LIST || CC_RSA_Encrypt) (COMMAND_ATTRIBUTES)(CC_RSA_Encrypt * // 0x0174 (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2)), #endif #if (PAD_LIST ) (COMMAND_ATTRIBUTES)(0), // 0x0175 #endif #if (PAD_LIST || CC_StartAuthSession) (COMMAND_ATTRIBUTES)(CC_StartAuthSession * // 0x0176 (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2+R_HANDLE)), #endif #if (PAD_LIST || CC_VerifySignature) (COMMAND_ATTRIBUTES)(CC_VerifySignature * // 0x0177 (IS_IMPLEMENTED+DECRYPT_2)), #endif #if (PAD_LIST || CC_ECC_Parameters) (COMMAND_ATTRIBUTES)(CC_ECC_Parameters * // 0x0178 (IS_IMPLEMENTED)), #endif #if (PAD_LIST || CC_FirmwareRead) (COMMAND_ATTRIBUTES)(CC_FirmwareRead * // 0x0179 (IS_IMPLEMENTED+ENCRYPT_2)), #endif #if (PAD_LIST || CC_GetCapability) (COMMAND_ATTRIBUTES)(CC_GetCapability * // 0x017A (IS_IMPLEMENTED)), #endif #if (PAD_LIST || CC_GetRandom) (COMMAND_ATTRIBUTES)(CC_GetRandom * // 0x017B (IS_IMPLEMENTED+ENCRYPT_2)), #endif #if (PAD_LIST || CC_GetTestResult) (COMMAND_ATTRIBUTES)(CC_GetTestResult * // 0x017C (IS_IMPLEMENTED+ENCRYPT_2)), #endif #if (PAD_LIST || CC_Hash) (COMMAND_ATTRIBUTES)(CC_Hash * // 0x017D (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2)), #endif #if (PAD_LIST || CC_PCR_Read) (COMMAND_ATTRIBUTES)(CC_PCR_Read * // 0x017E (IS_IMPLEMENTED)), #endif #if (PAD_LIST || CC_PolicyPCR) (COMMAND_ATTRIBUTES)(CC_PolicyPCR * // 0x017F (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), #endif #if (PAD_LIST || CC_PolicyRestart) (COMMAND_ATTRIBUTES)(CC_PolicyRestart * // 0x0180 (IS_IMPLEMENTED+ALLOW_TRIAL)), #endif #if (PAD_LIST || CC_ReadClock) (COMMAND_ATTRIBUTES)(CC_ReadClock * // 0x0181 (IS_IMPLEMENTED)), #endif #if (PAD_LIST || CC_PCR_Extend) (COMMAND_ATTRIBUTES)(CC_PCR_Extend * // 0x0182 (IS_IMPLEMENTED+HANDLE_1_USER)), #endif #if (PAD_LIST || CC_PCR_SetAuthValue) (COMMAND_ATTRIBUTES)(CC_PCR_SetAuthValue * // 0x0183 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)), #endif #if (PAD_LIST || CC_NV_Certify) (COMMAND_ATTRIBUTES)(CC_NV_Certify * // 0x0184 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+HANDLE_2_USER+ENCRYPT_2)), #endif #if (PAD_LIST || CC_EventSequenceComplete) (COMMAND_ATTRIBUTES)(CC_EventSequenceComplete * // 0x0185 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+HANDLE_2_USER)), #endif #if (PAD_LIST || CC_HashSequenceStart) (COMMAND_ATTRIBUTES)(CC_HashSequenceStart * // 0x0186 (IS_IMPLEMENTED+DECRYPT_2+R_HANDLE)), #endif #if (PAD_LIST || CC_PolicyPhysicalPresence) (COMMAND_ATTRIBUTES)(CC_PolicyPhysicalPresence * // 0x0187 (IS_IMPLEMENTED+ALLOW_TRIAL)), #endif #if (PAD_LIST || CC_PolicyDuplicationSelect) (COMMAND_ATTRIBUTES)(CC_PolicyDuplicationSelect * // 0x0188 (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), #endif #if (PAD_LIST || CC_PolicyGetDigest) (COMMAND_ATTRIBUTES)(CC_PolicyGetDigest * // 0x0189 (IS_IMPLEMENTED+ALLOW_TRIAL+ENCRYPT_2)), #endif #if (PAD_LIST || CC_TestParms) (COMMAND_ATTRIBUTES)(CC_TestParms * // 0x018A (IS_IMPLEMENTED)), #endif #if (PAD_LIST || CC_Commit) (COMMAND_ATTRIBUTES)(CC_Commit * // 0x018B (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), #endif #if (PAD_LIST || CC_PolicyPassword) (COMMAND_ATTRIBUTES)(CC_PolicyPassword * // 0x018C (IS_IMPLEMENTED+ALLOW_TRIAL)), #endif #if (PAD_LIST || CC_ZGen_2Phase) (COMMAND_ATTRIBUTES)(CC_ZGen_2Phase * // 0x018D (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), #endif #if (PAD_LIST || CC_EC_Ephemeral) (COMMAND_ATTRIBUTES)(CC_EC_Ephemeral * // 0x018E (IS_IMPLEMENTED+ENCRYPT_2)), #endif #if (PAD_LIST || CC_PolicyNvWritten) (COMMAND_ATTRIBUTES)(CC_PolicyNvWritten * // 0x018F (IS_IMPLEMENTED+ALLOW_TRIAL)), #endif #if (PAD_LIST || CC_PolicyTemplate) (COMMAND_ATTRIBUTES)(CC_PolicyTemplate * // 0x0190 (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), #endif #if (PAD_LIST || CC_CreateLoaded) (COMMAND_ATTRIBUTES)(CC_CreateLoaded * // 0x0191 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND+ENCRYPT_2+R_HANDLE)), #endif #if (PAD_LIST || CC_PolicyAuthorizeNV) (COMMAND_ATTRIBUTES)(CC_PolicyAuthorizeNV * // 0x0192 (IS_IMPLEMENTED+HANDLE_1_USER+ALLOW_TRIAL)), #endif #if (PAD_LIST || CC_EncryptDecrypt2) (COMMAND_ATTRIBUTES)(CC_EncryptDecrypt2 * // 0x0193 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), #endif #if (PAD_LIST || CC_AC_GetCapability) (COMMAND_ATTRIBUTES)(CC_AC_GetCapability * // 0x0194 (IS_IMPLEMENTED)), #endif #if (PAD_LIST || CC_AC_Send) (COMMAND_ATTRIBUTES)(CC_AC_Send * // 0x0195 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_DUP+HANDLE_2_USER)), #endif #if (PAD_LIST || CC_Policy_AC_SendSelect) (COMMAND_ATTRIBUTES)(CC_Policy_AC_SendSelect * // 0x0196 (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), #endif #if (PAD_LIST || CC_CertifyX509) (COMMAND_ATTRIBUTES)(CC_CertifyX509 * // 0x0197 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN+HANDLE_2_USER+ENCRYPT_2)), #endif #if (PAD_LIST || CC_Vendor_TCG_Test) (COMMAND_ATTRIBUTES)(CC_Vendor_TCG_Test * // 0x0000 (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2)), #endif 0 }; #endif // _COMMAND_CODE_ATTRIBUTES_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CommandAttributes.h000066400000000000000000000063641510276467000274360ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 3.0 June 16, 2017 * Date: Aug 14, 2017 Time: 02:53:08PM */ // The attributes defined in this file are produced by the parser that // creates the structure definitions from Part 3. The attributes are defined // in that parser and should track the attributes being tested in // CommandCodeAttributes.c. Generally, when an attribute is added to this list, // new code will be needed in CommandCodeAttributes.c to test it. #ifndef COMMAND_ATTRIBUTES_H #define COMMAND_ATTRIBUTES_H typedef UINT16 COMMAND_ATTRIBUTES; #define NOT_IMPLEMENTED (COMMAND_ATTRIBUTES)(0) #define ENCRYPT_2 ((COMMAND_ATTRIBUTES)1 << 0) #define ENCRYPT_4 ((COMMAND_ATTRIBUTES)1 << 1) #define DECRYPT_2 ((COMMAND_ATTRIBUTES)1 << 2) #define DECRYPT_4 ((COMMAND_ATTRIBUTES)1 << 3) #define HANDLE_1_USER ((COMMAND_ATTRIBUTES)1 << 4) #define HANDLE_1_ADMIN ((COMMAND_ATTRIBUTES)1 << 5) #define HANDLE_1_DUP ((COMMAND_ATTRIBUTES)1 << 6) #define HANDLE_2_USER ((COMMAND_ATTRIBUTES)1 << 7) #define PP_COMMAND ((COMMAND_ATTRIBUTES)1 << 8) #define IS_IMPLEMENTED ((COMMAND_ATTRIBUTES)1 << 9) #define NO_SESSIONS ((COMMAND_ATTRIBUTES)1 << 10) #define NV_COMMAND ((COMMAND_ATTRIBUTES)1 << 11) #define PP_REQUIRED ((COMMAND_ATTRIBUTES)1 << 12) #define R_HANDLE ((COMMAND_ATTRIBUTES)1 << 13) #define ALLOW_TRIAL ((COMMAND_ATTRIBUTES)1 << 14) #endif // COMMAND_ATTRIBUTES_H go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CommandDispatchData.h000066400000000000000000006075051510276467000276450ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Apr 2, 2019 Time: 11:00:48AM */ // This file should only be included by CommandCodeAttibutes.c #ifdef _COMMAND_TABLE_DISPATCH_ // Define the stop value #define END_OF_LIST 0xff #define ADD_FLAG 0x80 // These macros provide some variability in how the data is encoded. They also make // the lines a little sorter. ;-) # define UNMARSHAL_DISPATCH(name) (UNMARSHAL_t)name##_Unmarshal # define MARSHAL_DISPATCH(name) (MARSHAL_t)name##_Marshal # define _UNMARSHAL_T_ UNMARSHAL_t # define _MARSHAL_T_ MARSHAL_t // The UnmarshalArray contains the dispatch functions for the unmarshaling code. // The defines in this array are used to make it easier to cross reference the // unmarshaling values in the types array of each command const _UNMARSHAL_T_ UnmarshalArray[] = { #define TPMI_DH_CONTEXT_H_UNMARSHAL 0 UNMARSHAL_DISPATCH(TPMI_DH_CONTEXT), #define TPMI_RH_AC_H_UNMARSHAL (TPMI_DH_CONTEXT_H_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPMI_RH_AC), #define TPMI_RH_CLEAR_H_UNMARSHAL (TPMI_RH_AC_H_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPMI_RH_CLEAR), #define TPMI_RH_HIERARCHY_AUTH_H_UNMARSHAL (TPMI_RH_CLEAR_H_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPMI_RH_HIERARCHY_AUTH), #define TPMI_RH_LOCKOUT_H_UNMARSHAL (TPMI_RH_HIERARCHY_AUTH_H_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPMI_RH_LOCKOUT), #define TPMI_RH_NV_AUTH_H_UNMARSHAL (TPMI_RH_LOCKOUT_H_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPMI_RH_NV_AUTH), #define TPMI_RH_NV_INDEX_H_UNMARSHAL (TPMI_RH_NV_AUTH_H_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPMI_RH_NV_INDEX), #define TPMI_RH_PLATFORM_H_UNMARSHAL (TPMI_RH_NV_INDEX_H_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPMI_RH_PLATFORM), #define TPMI_RH_PROVISION_H_UNMARSHAL (TPMI_RH_PLATFORM_H_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPMI_RH_PROVISION), #define TPMI_SH_HMAC_H_UNMARSHAL (TPMI_RH_PROVISION_H_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPMI_SH_HMAC), #define TPMI_SH_POLICY_H_UNMARSHAL (TPMI_SH_HMAC_H_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPMI_SH_POLICY), // HANDLE_FIRST_FLAG_TYPE is the first handle that needs a flag when called. #define HANDLE_FIRST_FLAG_TYPE (TPMI_SH_POLICY_H_UNMARSHAL + 1) #define TPMI_DH_ENTITY_H_UNMARSHAL (TPMI_SH_POLICY_H_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPMI_DH_ENTITY), #define TPMI_DH_OBJECT_H_UNMARSHAL (TPMI_DH_ENTITY_H_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPMI_DH_OBJECT), #define TPMI_DH_PARENT_H_UNMARSHAL (TPMI_DH_OBJECT_H_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPMI_DH_PARENT), #define TPMI_DH_PCR_H_UNMARSHAL (TPMI_DH_PARENT_H_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPMI_DH_PCR), #define TPMI_RH_ENDORSEMENT_H_UNMARSHAL (TPMI_DH_PCR_H_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPMI_RH_ENDORSEMENT), #define TPMI_RH_HIERARCHY_H_UNMARSHAL (TPMI_RH_ENDORSEMENT_H_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPMI_RH_HIERARCHY), // PARAMETER_FIRST_TYPE marks the end of the handle list. #define PARAMETER_FIRST_TYPE (TPMI_RH_HIERARCHY_H_UNMARSHAL + 1) #define TPM2B_DATA_P_UNMARSHAL (TPMI_RH_HIERARCHY_H_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPM2B_DATA), #define TPM2B_DIGEST_P_UNMARSHAL (TPM2B_DATA_P_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPM2B_DIGEST), #define TPM2B_ECC_PARAMETER_P_UNMARSHAL (TPM2B_DIGEST_P_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPM2B_ECC_PARAMETER), #define TPM2B_ECC_POINT_P_UNMARSHAL (TPM2B_ECC_PARAMETER_P_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPM2B_ECC_POINT), #define TPM2B_ENCRYPTED_SECRET_P_UNMARSHAL (TPM2B_ECC_POINT_P_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPM2B_ENCRYPTED_SECRET), #define TPM2B_EVENT_P_UNMARSHAL (TPM2B_ENCRYPTED_SECRET_P_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPM2B_EVENT), #define TPM2B_ID_OBJECT_P_UNMARSHAL (TPM2B_EVENT_P_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPM2B_ID_OBJECT), #define TPM2B_IV_P_UNMARSHAL (TPM2B_ID_OBJECT_P_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPM2B_IV), #define TPM2B_MAX_BUFFER_P_UNMARSHAL (TPM2B_IV_P_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPM2B_MAX_BUFFER), #define TPM2B_MAX_NV_BUFFER_P_UNMARSHAL (TPM2B_MAX_BUFFER_P_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPM2B_MAX_NV_BUFFER), #define TPM2B_NAME_P_UNMARSHAL (TPM2B_MAX_NV_BUFFER_P_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPM2B_NAME), #define TPM2B_NV_PUBLIC_P_UNMARSHAL (TPM2B_NAME_P_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPM2B_NV_PUBLIC), #define TPM2B_PRIVATE_P_UNMARSHAL (TPM2B_NV_PUBLIC_P_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPM2B_PRIVATE), #define TPM2B_PUBLIC_KEY_RSA_P_UNMARSHAL (TPM2B_PRIVATE_P_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPM2B_PUBLIC_KEY_RSA), #define TPM2B_SENSITIVE_P_UNMARSHAL (TPM2B_PUBLIC_KEY_RSA_P_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPM2B_SENSITIVE), #define TPM2B_SENSITIVE_CREATE_P_UNMARSHAL (TPM2B_SENSITIVE_P_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPM2B_SENSITIVE_CREATE), #define TPM2B_SENSITIVE_DATA_P_UNMARSHAL (TPM2B_SENSITIVE_CREATE_P_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPM2B_SENSITIVE_DATA), #define TPM2B_TEMPLATE_P_UNMARSHAL (TPM2B_SENSITIVE_DATA_P_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPM2B_TEMPLATE), #define TPM2B_TIMEOUT_P_UNMARSHAL (TPM2B_TEMPLATE_P_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPM2B_TIMEOUT), #define TPMI_DH_CONTEXT_P_UNMARSHAL (TPM2B_TIMEOUT_P_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPMI_DH_CONTEXT), #define TPMI_DH_PERSISTENT_P_UNMARSHAL (TPMI_DH_CONTEXT_P_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPMI_DH_PERSISTENT), #define TPMI_ECC_CURVE_P_UNMARSHAL (TPMI_DH_PERSISTENT_P_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPMI_ECC_CURVE), #define TPMI_YES_NO_P_UNMARSHAL (TPMI_ECC_CURVE_P_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPMI_YES_NO), #define TPML_ALG_P_UNMARSHAL (TPMI_YES_NO_P_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPML_ALG), #define TPML_CC_P_UNMARSHAL (TPML_ALG_P_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPML_CC), #define TPML_DIGEST_P_UNMARSHAL (TPML_CC_P_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPML_DIGEST), #define TPML_DIGEST_VALUES_P_UNMARSHAL (TPML_DIGEST_P_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPML_DIGEST_VALUES), #define TPML_PCR_SELECTION_P_UNMARSHAL (TPML_DIGEST_VALUES_P_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPML_PCR_SELECTION), #define TPMS_CONTEXT_P_UNMARSHAL (TPML_PCR_SELECTION_P_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPMS_CONTEXT), #define TPMT_PUBLIC_PARMS_P_UNMARSHAL (TPMS_CONTEXT_P_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPMT_PUBLIC_PARMS), #define TPMT_TK_AUTH_P_UNMARSHAL (TPMT_PUBLIC_PARMS_P_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPMT_TK_AUTH), #define TPMT_TK_CREATION_P_UNMARSHAL (TPMT_TK_AUTH_P_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPMT_TK_CREATION), #define TPMT_TK_HASHCHECK_P_UNMARSHAL (TPMT_TK_CREATION_P_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPMT_TK_HASHCHECK), #define TPMT_TK_VERIFIED_P_UNMARSHAL (TPMT_TK_HASHCHECK_P_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPMT_TK_VERIFIED), #define TPM_AT_P_UNMARSHAL (TPMT_TK_VERIFIED_P_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPM_AT), #define TPM_CAP_P_UNMARSHAL (TPM_AT_P_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPM_CAP), #define TPM_CLOCK_ADJUST_P_UNMARSHAL (TPM_CAP_P_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPM_CLOCK_ADJUST), #define TPM_EO_P_UNMARSHAL (TPM_CLOCK_ADJUST_P_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPM_EO), #define TPM_SE_P_UNMARSHAL (TPM_EO_P_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPM_SE), #define TPM_SU_P_UNMARSHAL (TPM_SE_P_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPM_SU), #define UINT16_P_UNMARSHAL (TPM_SU_P_UNMARSHAL + 1) UNMARSHAL_DISPATCH(UINT16), #define UINT32_P_UNMARSHAL (UINT16_P_UNMARSHAL + 1) UNMARSHAL_DISPATCH(UINT32), #define UINT64_P_UNMARSHAL (UINT32_P_UNMARSHAL + 1) UNMARSHAL_DISPATCH(UINT64), #define UINT8_P_UNMARSHAL (UINT64_P_UNMARSHAL + 1) UNMARSHAL_DISPATCH(UINT8), // PARAMETER_FIRST_FLAG_TYPE is the first parameter to need a flag. #define PARAMETER_FIRST_FLAG_TYPE (UINT8_P_UNMARSHAL + 1) #define TPM2B_PUBLIC_P_UNMARSHAL (UINT8_P_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPM2B_PUBLIC), #define TPMI_ALG_CIPHER_MODE_P_UNMARSHAL (TPM2B_PUBLIC_P_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPMI_ALG_CIPHER_MODE), #define TPMI_ALG_HASH_P_UNMARSHAL (TPMI_ALG_CIPHER_MODE_P_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPMI_ALG_HASH), #define TPMI_ALG_MAC_SCHEME_P_UNMARSHAL (TPMI_ALG_HASH_P_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPMI_ALG_MAC_SCHEME), #define TPMI_DH_PCR_P_UNMARSHAL (TPMI_ALG_MAC_SCHEME_P_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPMI_DH_PCR), #define TPMI_ECC_KEY_EXCHANGE_P_UNMARSHAL (TPMI_DH_PCR_P_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPMI_ECC_KEY_EXCHANGE), #define TPMI_RH_ENABLES_P_UNMARSHAL (TPMI_ECC_KEY_EXCHANGE_P_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPMI_RH_ENABLES), #define TPMI_RH_HIERARCHY_P_UNMARSHAL (TPMI_RH_ENABLES_P_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPMI_RH_HIERARCHY), #define TPMT_RSA_DECRYPT_P_UNMARSHAL (TPMI_RH_HIERARCHY_P_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPMT_RSA_DECRYPT), #define TPMT_SIGNATURE_P_UNMARSHAL (TPMT_RSA_DECRYPT_P_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPMT_SIGNATURE), #define TPMT_SIG_SCHEME_P_UNMARSHAL (TPMT_SIGNATURE_P_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPMT_SIG_SCHEME), #define TPMT_SYM_DEF_P_UNMARSHAL (TPMT_SIG_SCHEME_P_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPMT_SYM_DEF), #define TPMT_SYM_DEF_OBJECT_P_UNMARSHAL (TPMT_SYM_DEF_P_UNMARSHAL + 1) UNMARSHAL_DISPATCH(TPMT_SYM_DEF_OBJECT) // PARAMETER_LAST_TYPE is the end of the command parameter list. #define PARAMETER_LAST_TYPE (TPMT_SYM_DEF_OBJECT_P_UNMARSHAL) }; // The MarshalArray contains the dispatch functions for the marshaling code. // The defines in this array are used to make it easier to cross reference the // marshaling values in the types array of each command const _MARSHAL_T_ MarshalArray[] = { #define UINT32_H_MARSHAL 0 MARSHAL_DISPATCH(UINT32), // RESPONSE_PARAMETER_FIRST_TYPE marks the end of the response handles. #define RESPONSE_PARAMETER_FIRST_TYPE (UINT32_H_MARSHAL + 1) #define TPM2B_ATTEST_P_MARSHAL (UINT32_H_MARSHAL + 1) MARSHAL_DISPATCH(TPM2B_ATTEST), #define TPM2B_CREATION_DATA_P_MARSHAL (TPM2B_ATTEST_P_MARSHAL + 1) MARSHAL_DISPATCH(TPM2B_CREATION_DATA), #define TPM2B_DATA_P_MARSHAL (TPM2B_CREATION_DATA_P_MARSHAL + 1) MARSHAL_DISPATCH(TPM2B_DATA), #define TPM2B_DIGEST_P_MARSHAL (TPM2B_DATA_P_MARSHAL + 1) MARSHAL_DISPATCH(TPM2B_DIGEST), #define TPM2B_ECC_POINT_P_MARSHAL (TPM2B_DIGEST_P_MARSHAL + 1) MARSHAL_DISPATCH(TPM2B_ECC_POINT), #define TPM2B_ENCRYPTED_SECRET_P_MARSHAL (TPM2B_ECC_POINT_P_MARSHAL + 1) MARSHAL_DISPATCH(TPM2B_ENCRYPTED_SECRET), #define TPM2B_ID_OBJECT_P_MARSHAL (TPM2B_ENCRYPTED_SECRET_P_MARSHAL + 1) MARSHAL_DISPATCH(TPM2B_ID_OBJECT), #define TPM2B_IV_P_MARSHAL (TPM2B_ID_OBJECT_P_MARSHAL + 1) MARSHAL_DISPATCH(TPM2B_IV), #define TPM2B_MAX_BUFFER_P_MARSHAL (TPM2B_IV_P_MARSHAL + 1) MARSHAL_DISPATCH(TPM2B_MAX_BUFFER), #define TPM2B_MAX_NV_BUFFER_P_MARSHAL (TPM2B_MAX_BUFFER_P_MARSHAL + 1) MARSHAL_DISPATCH(TPM2B_MAX_NV_BUFFER), #define TPM2B_NAME_P_MARSHAL (TPM2B_MAX_NV_BUFFER_P_MARSHAL + 1) MARSHAL_DISPATCH(TPM2B_NAME), #define TPM2B_NV_PUBLIC_P_MARSHAL (TPM2B_NAME_P_MARSHAL + 1) MARSHAL_DISPATCH(TPM2B_NV_PUBLIC), #define TPM2B_PRIVATE_P_MARSHAL (TPM2B_NV_PUBLIC_P_MARSHAL + 1) MARSHAL_DISPATCH(TPM2B_PRIVATE), #define TPM2B_PUBLIC_P_MARSHAL (TPM2B_PRIVATE_P_MARSHAL + 1) MARSHAL_DISPATCH(TPM2B_PUBLIC), #define TPM2B_PUBLIC_KEY_RSA_P_MARSHAL (TPM2B_PUBLIC_P_MARSHAL + 1) MARSHAL_DISPATCH(TPM2B_PUBLIC_KEY_RSA), #define TPM2B_SENSITIVE_DATA_P_MARSHAL (TPM2B_PUBLIC_KEY_RSA_P_MARSHAL + 1) MARSHAL_DISPATCH(TPM2B_SENSITIVE_DATA), #define TPM2B_TIMEOUT_P_MARSHAL (TPM2B_SENSITIVE_DATA_P_MARSHAL + 1) MARSHAL_DISPATCH(TPM2B_TIMEOUT), #define UINT8_P_MARSHAL (TPM2B_TIMEOUT_P_MARSHAL + 1) MARSHAL_DISPATCH(UINT8), #define TPML_AC_CAPABILITIES_P_MARSHAL (UINT8_P_MARSHAL + 1) MARSHAL_DISPATCH(TPML_AC_CAPABILITIES), #define TPML_ALG_P_MARSHAL (TPML_AC_CAPABILITIES_P_MARSHAL + 1) MARSHAL_DISPATCH(TPML_ALG), #define TPML_DIGEST_P_MARSHAL (TPML_ALG_P_MARSHAL + 1) MARSHAL_DISPATCH(TPML_DIGEST), #define TPML_DIGEST_VALUES_P_MARSHAL (TPML_DIGEST_P_MARSHAL + 1) MARSHAL_DISPATCH(TPML_DIGEST_VALUES), #define TPML_PCR_SELECTION_P_MARSHAL (TPML_DIGEST_VALUES_P_MARSHAL + 1) MARSHAL_DISPATCH(TPML_PCR_SELECTION), #define TPMS_AC_OUTPUT_P_MARSHAL (TPML_PCR_SELECTION_P_MARSHAL + 1) MARSHAL_DISPATCH(TPMS_AC_OUTPUT), #define TPMS_ALGORITHM_DETAIL_ECC_P_MARSHAL (TPMS_AC_OUTPUT_P_MARSHAL + 1) MARSHAL_DISPATCH(TPMS_ALGORITHM_DETAIL_ECC), #define TPMS_CAPABILITY_DATA_P_MARSHAL \ (TPMS_ALGORITHM_DETAIL_ECC_P_MARSHAL + 1) MARSHAL_DISPATCH(TPMS_CAPABILITY_DATA), #define TPMS_CONTEXT_P_MARSHAL (TPMS_CAPABILITY_DATA_P_MARSHAL + 1) MARSHAL_DISPATCH(TPMS_CONTEXT), #define TPMS_TIME_INFO_P_MARSHAL (TPMS_CONTEXT_P_MARSHAL + 1) MARSHAL_DISPATCH(TPMS_TIME_INFO), #define TPMT_HA_P_MARSHAL (TPMS_TIME_INFO_P_MARSHAL + 1) MARSHAL_DISPATCH(TPMT_HA), #define TPMT_SIGNATURE_P_MARSHAL (TPMT_HA_P_MARSHAL + 1) MARSHAL_DISPATCH(TPMT_SIGNATURE), #define TPMT_TK_AUTH_P_MARSHAL (TPMT_SIGNATURE_P_MARSHAL + 1) MARSHAL_DISPATCH(TPMT_TK_AUTH), #define TPMT_TK_CREATION_P_MARSHAL (TPMT_TK_AUTH_P_MARSHAL + 1) MARSHAL_DISPATCH(TPMT_TK_CREATION), #define TPMT_TK_HASHCHECK_P_MARSHAL (TPMT_TK_CREATION_P_MARSHAL + 1) MARSHAL_DISPATCH(TPMT_TK_HASHCHECK), #define TPMT_TK_VERIFIED_P_MARSHAL (TPMT_TK_HASHCHECK_P_MARSHAL + 1) MARSHAL_DISPATCH(TPMT_TK_VERIFIED), #define UINT32_P_MARSHAL (TPMT_TK_VERIFIED_P_MARSHAL + 1) MARSHAL_DISPATCH(UINT32), #define UINT16_P_MARSHAL (UINT32_P_MARSHAL + 1) MARSHAL_DISPATCH(UINT16) // RESPONSE_PARAMETER_LAST_TYPE is the end of the response parameter list. #define RESPONSE_PARAMETER_LAST_TYPE (UINT16_P_MARSHAL) }; // This list of aliases allows the types in the _COMMAND_DESCRIPTOR_T to match the // types in the command/response templates of part 3. #define INT32_P_UNMARSHAL UINT32_P_UNMARSHAL #define TPM2B_AUTH_P_UNMARSHAL TPM2B_DIGEST_P_UNMARSHAL #define TPM2B_NONCE_P_UNMARSHAL TPM2B_DIGEST_P_UNMARSHAL #define TPM2B_OPERAND_P_UNMARSHAL TPM2B_DIGEST_P_UNMARSHAL #define TPMA_LOCALITY_P_UNMARSHAL UINT8_P_UNMARSHAL #define TPM_CC_P_UNMARSHAL UINT32_P_UNMARSHAL #define TPMI_DH_CONTEXT_H_MARSHAL UINT32_H_MARSHAL #define TPMI_DH_OBJECT_H_MARSHAL UINT32_H_MARSHAL #define TPMI_SH_AUTH_SESSION_H_MARSHAL UINT32_H_MARSHAL #define TPM_HANDLE_H_MARSHAL UINT32_H_MARSHAL #define TPM2B_NONCE_P_MARSHAL TPM2B_DIGEST_P_MARSHAL #define TPMI_YES_NO_P_MARSHAL UINT8_P_MARSHAL #define TPM_RC_P_MARSHAL UINT32_P_MARSHAL #if CC_Startup #include "Startup_fp.h" typedef TPM_RC (Startup_Entry)( Startup_In *in ); typedef const struct { Startup_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; BYTE types[3]; } Startup_COMMAND_DESCRIPTOR_t; Startup_COMMAND_DESCRIPTOR_t _StartupData = { /* entry */ &TPM2_Startup, /* inSize */ (UINT16)(sizeof(Startup_In)), /* outSize */ 0, /* offsetOfTypes */ offsetof(Startup_COMMAND_DESCRIPTOR_t, types), /* offsets */ // No parameter offsets; /* types */ {TPM_SU_P_UNMARSHAL, END_OF_LIST, END_OF_LIST} }; #define _StartupDataAddress (&_StartupData) #else #define _StartupDataAddress 0 #endif // CC_Startup #if CC_Shutdown #include "Shutdown_fp.h" typedef TPM_RC (Shutdown_Entry)( Shutdown_In *in ); typedef const struct { Shutdown_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; BYTE types[3]; } Shutdown_COMMAND_DESCRIPTOR_t; Shutdown_COMMAND_DESCRIPTOR_t _ShutdownData = { /* entry */ &TPM2_Shutdown, /* inSize */ (UINT16)(sizeof(Shutdown_In)), /* outSize */ 0, /* offsetOfTypes */ offsetof(Shutdown_COMMAND_DESCRIPTOR_t, types), /* offsets */ // No parameter offsets; /* types */ {TPM_SU_P_UNMARSHAL, END_OF_LIST, END_OF_LIST} }; #define _ShutdownDataAddress (&_ShutdownData) #else #define _ShutdownDataAddress 0 #endif // CC_Shutdown #if CC_SelfTest #include "SelfTest_fp.h" typedef TPM_RC (SelfTest_Entry)( SelfTest_In *in ); typedef const struct { SelfTest_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; BYTE types[3]; } SelfTest_COMMAND_DESCRIPTOR_t; SelfTest_COMMAND_DESCRIPTOR_t _SelfTestData = { /* entry */ &TPM2_SelfTest, /* inSize */ (UINT16)(sizeof(SelfTest_In)), /* outSize */ 0, /* offsetOfTypes */ offsetof(SelfTest_COMMAND_DESCRIPTOR_t, types), /* offsets */ // No parameter offsets; /* types */ {TPMI_YES_NO_P_UNMARSHAL, END_OF_LIST, END_OF_LIST} }; #define _SelfTestDataAddress (&_SelfTestData) #else #define _SelfTestDataAddress 0 #endif // CC_SelfTest #if CC_IncrementalSelfTest #include "IncrementalSelfTest_fp.h" typedef TPM_RC (IncrementalSelfTest_Entry)( IncrementalSelfTest_In *in, IncrementalSelfTest_Out *out ); typedef const struct { IncrementalSelfTest_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; BYTE types[4]; } IncrementalSelfTest_COMMAND_DESCRIPTOR_t; IncrementalSelfTest_COMMAND_DESCRIPTOR_t _IncrementalSelfTestData = { /* entry */ &TPM2_IncrementalSelfTest, /* inSize */ (UINT16)(sizeof(IncrementalSelfTest_In)), /* outSize */ (UINT16)(sizeof(IncrementalSelfTest_Out)), /* offsetOfTypes */ offsetof(IncrementalSelfTest_COMMAND_DESCRIPTOR_t, types), /* offsets */ // No parameter offsets; /* types */ {TPML_ALG_P_UNMARSHAL, END_OF_LIST, TPML_ALG_P_MARSHAL, END_OF_LIST} }; #define _IncrementalSelfTestDataAddress (&_IncrementalSelfTestData) #else #define _IncrementalSelfTestDataAddress 0 #endif // CC_IncrementalSelfTest #if CC_GetTestResult #include "GetTestResult_fp.h" typedef TPM_RC (GetTestResult_Entry)( GetTestResult_Out *out ); typedef const struct { GetTestResult_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[1]; BYTE types[4]; } GetTestResult_COMMAND_DESCRIPTOR_t; GetTestResult_COMMAND_DESCRIPTOR_t _GetTestResultData = { /* entry */ &TPM2_GetTestResult, /* inSize */ 0, /* outSize */ (UINT16)(sizeof(GetTestResult_Out)), /* offsetOfTypes */ offsetof(GetTestResult_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(GetTestResult_Out, testResult))}, /* types */ {END_OF_LIST, TPM2B_MAX_BUFFER_P_MARSHAL, TPM_RC_P_MARSHAL, END_OF_LIST} }; #define _GetTestResultDataAddress (&_GetTestResultData) #else #define _GetTestResultDataAddress 0 #endif // CC_GetTestResult #if CC_StartAuthSession #include "StartAuthSession_fp.h" typedef TPM_RC (StartAuthSession_Entry)( StartAuthSession_In *in, StartAuthSession_Out *out ); typedef const struct { StartAuthSession_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[7]; BYTE types[11]; } StartAuthSession_COMMAND_DESCRIPTOR_t; StartAuthSession_COMMAND_DESCRIPTOR_t _StartAuthSessionData = { /* entry */ &TPM2_StartAuthSession, /* inSize */ (UINT16)(sizeof(StartAuthSession_In)), /* outSize */ (UINT16)(sizeof(StartAuthSession_Out)), /* offsetOfTypes */ offsetof(StartAuthSession_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(StartAuthSession_In, bind)), (UINT16)(offsetof(StartAuthSession_In, nonceCaller)), (UINT16)(offsetof(StartAuthSession_In, encryptedSalt)), (UINT16)(offsetof(StartAuthSession_In, sessionType)), (UINT16)(offsetof(StartAuthSession_In, symmetric)), (UINT16)(offsetof(StartAuthSession_In, authHash)), (UINT16)(offsetof(StartAuthSession_Out, nonceTPM))}, /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, TPMI_DH_ENTITY_H_UNMARSHAL + ADD_FLAG, TPM2B_NONCE_P_UNMARSHAL, TPM2B_ENCRYPTED_SECRET_P_UNMARSHAL, TPM_SE_P_UNMARSHAL, TPMT_SYM_DEF_P_UNMARSHAL + ADD_FLAG, TPMI_ALG_HASH_P_UNMARSHAL, END_OF_LIST, TPMI_SH_AUTH_SESSION_H_MARSHAL, TPM2B_NONCE_P_MARSHAL, END_OF_LIST} }; #define _StartAuthSessionDataAddress (&_StartAuthSessionData) #else #define _StartAuthSessionDataAddress 0 #endif // CC_StartAuthSession #if CC_PolicyRestart #include "PolicyRestart_fp.h" typedef TPM_RC (PolicyRestart_Entry)( PolicyRestart_In *in ); typedef const struct { PolicyRestart_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; BYTE types[3]; } PolicyRestart_COMMAND_DESCRIPTOR_t; PolicyRestart_COMMAND_DESCRIPTOR_t _PolicyRestartData = { /* entry */ &TPM2_PolicyRestart, /* inSize */ (UINT16)(sizeof(PolicyRestart_In)), /* outSize */ 0, /* offsetOfTypes */ offsetof(PolicyRestart_COMMAND_DESCRIPTOR_t, types), /* offsets */ // No parameter offsets; /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, END_OF_LIST, END_OF_LIST} }; #define _PolicyRestartDataAddress (&_PolicyRestartData) #else #define _PolicyRestartDataAddress 0 #endif // CC_PolicyRestart #if CC_Create #include "Create_fp.h" typedef TPM_RC (Create_Entry)( Create_In *in, Create_Out *out ); typedef const struct { Create_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[8]; BYTE types[12]; } Create_COMMAND_DESCRIPTOR_t; Create_COMMAND_DESCRIPTOR_t _CreateData = { /* entry */ &TPM2_Create, /* inSize */ (UINT16)(sizeof(Create_In)), /* outSize */ (UINT16)(sizeof(Create_Out)), /* offsetOfTypes */ offsetof(Create_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(Create_In, inSensitive)), (UINT16)(offsetof(Create_In, inPublic)), (UINT16)(offsetof(Create_In, outsideInfo)), (UINT16)(offsetof(Create_In, creationPCR)), (UINT16)(offsetof(Create_Out, outPublic)), (UINT16)(offsetof(Create_Out, creationData)), (UINT16)(offsetof(Create_Out, creationHash)), (UINT16)(offsetof(Create_Out, creationTicket))}, /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, TPM2B_SENSITIVE_CREATE_P_UNMARSHAL, TPM2B_PUBLIC_P_UNMARSHAL, TPM2B_DATA_P_UNMARSHAL, TPML_PCR_SELECTION_P_UNMARSHAL, END_OF_LIST, TPM2B_PRIVATE_P_MARSHAL, TPM2B_PUBLIC_P_MARSHAL, TPM2B_CREATION_DATA_P_MARSHAL, TPM2B_DIGEST_P_MARSHAL, TPMT_TK_CREATION_P_MARSHAL, END_OF_LIST} }; #define _CreateDataAddress (&_CreateData) #else #define _CreateDataAddress 0 #endif // CC_Create #if CC_Load #include "Load_fp.h" typedef TPM_RC (Load_Entry)( Load_In *in, Load_Out *out ); typedef const struct { Load_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[3]; BYTE types[7]; } Load_COMMAND_DESCRIPTOR_t; Load_COMMAND_DESCRIPTOR_t _LoadData = { /* entry */ &TPM2_Load, /* inSize */ (UINT16)(sizeof(Load_In)), /* outSize */ (UINT16)(sizeof(Load_Out)), /* offsetOfTypes */ offsetof(Load_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(Load_In, inPrivate)), (UINT16)(offsetof(Load_In, inPublic)), (UINT16)(offsetof(Load_Out, name))}, /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, TPM2B_PRIVATE_P_UNMARSHAL, TPM2B_PUBLIC_P_UNMARSHAL, END_OF_LIST, TPM_HANDLE_H_MARSHAL, TPM2B_NAME_P_MARSHAL, END_OF_LIST} }; #define _LoadDataAddress (&_LoadData) #else #define _LoadDataAddress 0 #endif // CC_Load #if CC_LoadExternal #include "LoadExternal_fp.h" typedef TPM_RC (LoadExternal_Entry)( LoadExternal_In *in, LoadExternal_Out *out ); typedef const struct { LoadExternal_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[3]; BYTE types[7]; } LoadExternal_COMMAND_DESCRIPTOR_t; LoadExternal_COMMAND_DESCRIPTOR_t _LoadExternalData = { /* entry */ &TPM2_LoadExternal, /* inSize */ (UINT16)(sizeof(LoadExternal_In)), /* outSize */ (UINT16)(sizeof(LoadExternal_Out)), /* offsetOfTypes */ offsetof(LoadExternal_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(LoadExternal_In, inPublic)), (UINT16)(offsetof(LoadExternal_In, hierarchy)), (UINT16)(offsetof(LoadExternal_Out, name))}, /* types */ {TPM2B_SENSITIVE_P_UNMARSHAL, TPM2B_PUBLIC_P_UNMARSHAL + ADD_FLAG, TPMI_RH_HIERARCHY_P_UNMARSHAL + ADD_FLAG, END_OF_LIST, TPM_HANDLE_H_MARSHAL, TPM2B_NAME_P_MARSHAL, END_OF_LIST} }; #define _LoadExternalDataAddress (&_LoadExternalData) #else #define _LoadExternalDataAddress 0 #endif // CC_LoadExternal #if CC_ReadPublic #include "ReadPublic_fp.h" typedef TPM_RC (ReadPublic_Entry)( ReadPublic_In *in, ReadPublic_Out *out ); typedef const struct { ReadPublic_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[2]; BYTE types[6]; } ReadPublic_COMMAND_DESCRIPTOR_t; ReadPublic_COMMAND_DESCRIPTOR_t _ReadPublicData = { /* entry */ &TPM2_ReadPublic, /* inSize */ (UINT16)(sizeof(ReadPublic_In)), /* outSize */ (UINT16)(sizeof(ReadPublic_Out)), /* offsetOfTypes */ offsetof(ReadPublic_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(ReadPublic_Out, name)), (UINT16)(offsetof(ReadPublic_Out, qualifiedName))}, /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, END_OF_LIST, TPM2B_PUBLIC_P_MARSHAL, TPM2B_NAME_P_MARSHAL, TPM2B_NAME_P_MARSHAL, END_OF_LIST} }; #define _ReadPublicDataAddress (&_ReadPublicData) #else #define _ReadPublicDataAddress 0 #endif // CC_ReadPublic #if CC_ActivateCredential #include "ActivateCredential_fp.h" typedef TPM_RC (ActivateCredential_Entry)( ActivateCredential_In *in, ActivateCredential_Out *out ); typedef const struct { ActivateCredential_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[3]; BYTE types[7]; } ActivateCredential_COMMAND_DESCRIPTOR_t; ActivateCredential_COMMAND_DESCRIPTOR_t _ActivateCredentialData = { /* entry */ &TPM2_ActivateCredential, /* inSize */ (UINT16)(sizeof(ActivateCredential_In)), /* outSize */ (UINT16)(sizeof(ActivateCredential_Out)), /* offsetOfTypes */ offsetof(ActivateCredential_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(ActivateCredential_In, keyHandle)), (UINT16)(offsetof(ActivateCredential_In, credentialBlob)), (UINT16)(offsetof(ActivateCredential_In, secret))}, /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, TPMI_DH_OBJECT_H_UNMARSHAL, TPM2B_ID_OBJECT_P_UNMARSHAL, TPM2B_ENCRYPTED_SECRET_P_UNMARSHAL, END_OF_LIST, TPM2B_DIGEST_P_MARSHAL, END_OF_LIST} }; #define _ActivateCredentialDataAddress (&_ActivateCredentialData) #else #define _ActivateCredentialDataAddress 0 #endif // CC_ActivateCredential #if CC_MakeCredential #include "MakeCredential_fp.h" typedef TPM_RC (MakeCredential_Entry)( MakeCredential_In *in, MakeCredential_Out *out ); typedef const struct { MakeCredential_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[3]; BYTE types[7]; } MakeCredential_COMMAND_DESCRIPTOR_t; MakeCredential_COMMAND_DESCRIPTOR_t _MakeCredentialData = { /* entry */ &TPM2_MakeCredential, /* inSize */ (UINT16)(sizeof(MakeCredential_In)), /* outSize */ (UINT16)(sizeof(MakeCredential_Out)), /* offsetOfTypes */ offsetof(MakeCredential_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(MakeCredential_In, credential)), (UINT16)(offsetof(MakeCredential_In, objectName)), (UINT16)(offsetof(MakeCredential_Out, secret))}, /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, TPM2B_DIGEST_P_UNMARSHAL, TPM2B_NAME_P_UNMARSHAL, END_OF_LIST, TPM2B_ID_OBJECT_P_MARSHAL, TPM2B_ENCRYPTED_SECRET_P_MARSHAL, END_OF_LIST} }; #define _MakeCredentialDataAddress (&_MakeCredentialData) #else #define _MakeCredentialDataAddress 0 #endif // CC_MakeCredential #if CC_Unseal #include "Unseal_fp.h" typedef TPM_RC (Unseal_Entry)( Unseal_In *in, Unseal_Out *out ); typedef const struct { Unseal_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; BYTE types[4]; } Unseal_COMMAND_DESCRIPTOR_t; Unseal_COMMAND_DESCRIPTOR_t _UnsealData = { /* entry */ &TPM2_Unseal, /* inSize */ (UINT16)(sizeof(Unseal_In)), /* outSize */ (UINT16)(sizeof(Unseal_Out)), /* offsetOfTypes */ offsetof(Unseal_COMMAND_DESCRIPTOR_t, types), /* offsets */ // No parameter offsets; /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, END_OF_LIST, TPM2B_SENSITIVE_DATA_P_MARSHAL, END_OF_LIST} }; #define _UnsealDataAddress (&_UnsealData) #else #define _UnsealDataAddress 0 #endif // CC_Unseal #if CC_ObjectChangeAuth #include "ObjectChangeAuth_fp.h" typedef TPM_RC (ObjectChangeAuth_Entry)( ObjectChangeAuth_In *in, ObjectChangeAuth_Out *out ); typedef const struct { ObjectChangeAuth_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[2]; BYTE types[6]; } ObjectChangeAuth_COMMAND_DESCRIPTOR_t; ObjectChangeAuth_COMMAND_DESCRIPTOR_t _ObjectChangeAuthData = { /* entry */ &TPM2_ObjectChangeAuth, /* inSize */ (UINT16)(sizeof(ObjectChangeAuth_In)), /* outSize */ (UINT16)(sizeof(ObjectChangeAuth_Out)), /* offsetOfTypes */ offsetof(ObjectChangeAuth_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(ObjectChangeAuth_In, parentHandle)), (UINT16)(offsetof(ObjectChangeAuth_In, newAuth))}, /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, TPMI_DH_OBJECT_H_UNMARSHAL, TPM2B_AUTH_P_UNMARSHAL, END_OF_LIST, TPM2B_PRIVATE_P_MARSHAL, END_OF_LIST} }; #define _ObjectChangeAuthDataAddress (&_ObjectChangeAuthData) #else #define _ObjectChangeAuthDataAddress 0 #endif // CC_ObjectChangeAuth #if CC_CreateLoaded #include "CreateLoaded_fp.h" typedef TPM_RC (CreateLoaded_Entry)( CreateLoaded_In *in, CreateLoaded_Out *out ); typedef const struct { CreateLoaded_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[5]; BYTE types[9]; } CreateLoaded_COMMAND_DESCRIPTOR_t; CreateLoaded_COMMAND_DESCRIPTOR_t _CreateLoadedData = { /* entry */ &TPM2_CreateLoaded, /* inSize */ (UINT16)(sizeof(CreateLoaded_In)), /* outSize */ (UINT16)(sizeof(CreateLoaded_Out)), /* offsetOfTypes */ offsetof(CreateLoaded_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(CreateLoaded_In, inSensitive)), (UINT16)(offsetof(CreateLoaded_In, inPublic)), (UINT16)(offsetof(CreateLoaded_Out, outPrivate)), (UINT16)(offsetof(CreateLoaded_Out, outPublic)), (UINT16)(offsetof(CreateLoaded_Out, name))}, /* types */ {TPMI_DH_PARENT_H_UNMARSHAL + ADD_FLAG, TPM2B_SENSITIVE_CREATE_P_UNMARSHAL, TPM2B_TEMPLATE_P_UNMARSHAL, END_OF_LIST, TPM_HANDLE_H_MARSHAL, TPM2B_PRIVATE_P_MARSHAL, TPM2B_PUBLIC_P_MARSHAL, TPM2B_NAME_P_MARSHAL, END_OF_LIST} }; #define _CreateLoadedDataAddress (&_CreateLoadedData) #else #define _CreateLoadedDataAddress 0 #endif // CC_CreateLoaded #if CC_Duplicate #include "Duplicate_fp.h" typedef TPM_RC (Duplicate_Entry)( Duplicate_In *in, Duplicate_Out *out ); typedef const struct { Duplicate_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[5]; BYTE types[9]; } Duplicate_COMMAND_DESCRIPTOR_t; Duplicate_COMMAND_DESCRIPTOR_t _DuplicateData = { /* entry */ &TPM2_Duplicate, /* inSize */ (UINT16)(sizeof(Duplicate_In)), /* outSize */ (UINT16)(sizeof(Duplicate_Out)), /* offsetOfTypes */ offsetof(Duplicate_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(Duplicate_In, newParentHandle)), (UINT16)(offsetof(Duplicate_In, encryptionKeyIn)), (UINT16)(offsetof(Duplicate_In, symmetricAlg)), (UINT16)(offsetof(Duplicate_Out, duplicate)), (UINT16)(offsetof(Duplicate_Out, outSymSeed))}, /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, TPM2B_DATA_P_UNMARSHAL, TPMT_SYM_DEF_OBJECT_P_UNMARSHAL + ADD_FLAG, END_OF_LIST, TPM2B_DATA_P_MARSHAL, TPM2B_PRIVATE_P_MARSHAL, TPM2B_ENCRYPTED_SECRET_P_MARSHAL, END_OF_LIST} }; #define _DuplicateDataAddress (&_DuplicateData) #else #define _DuplicateDataAddress 0 #endif // CC_Duplicate #if CC_Rewrap #include "Rewrap_fp.h" typedef TPM_RC (Rewrap_Entry)( Rewrap_In *in, Rewrap_Out *out ); typedef const struct { Rewrap_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[5]; BYTE types[9]; } Rewrap_COMMAND_DESCRIPTOR_t; Rewrap_COMMAND_DESCRIPTOR_t _RewrapData = { /* entry */ &TPM2_Rewrap, /* inSize */ (UINT16)(sizeof(Rewrap_In)), /* outSize */ (UINT16)(sizeof(Rewrap_Out)), /* offsetOfTypes */ offsetof(Rewrap_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(Rewrap_In, newParent)), (UINT16)(offsetof(Rewrap_In, inDuplicate)), (UINT16)(offsetof(Rewrap_In, name)), (UINT16)(offsetof(Rewrap_In, inSymSeed)), (UINT16)(offsetof(Rewrap_Out, outSymSeed))}, /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, TPM2B_PRIVATE_P_UNMARSHAL, TPM2B_NAME_P_UNMARSHAL, TPM2B_ENCRYPTED_SECRET_P_UNMARSHAL, END_OF_LIST, TPM2B_PRIVATE_P_MARSHAL, TPM2B_ENCRYPTED_SECRET_P_MARSHAL, END_OF_LIST} }; #define _RewrapDataAddress (&_RewrapData) #else #define _RewrapDataAddress 0 #endif // CC_Rewrap #if CC_Import #include "Import_fp.h" typedef TPM_RC (Import_Entry)( Import_In *in, Import_Out *out ); typedef const struct { Import_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[5]; BYTE types[9]; } Import_COMMAND_DESCRIPTOR_t; Import_COMMAND_DESCRIPTOR_t _ImportData = { /* entry */ &TPM2_Import, /* inSize */ (UINT16)(sizeof(Import_In)), /* outSize */ (UINT16)(sizeof(Import_Out)), /* offsetOfTypes */ offsetof(Import_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(Import_In, encryptionKey)), (UINT16)(offsetof(Import_In, objectPublic)), (UINT16)(offsetof(Import_In, duplicate)), (UINT16)(offsetof(Import_In, inSymSeed)), (UINT16)(offsetof(Import_In, symmetricAlg))}, /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, TPM2B_DATA_P_UNMARSHAL, TPM2B_PUBLIC_P_UNMARSHAL, TPM2B_PRIVATE_P_UNMARSHAL, TPM2B_ENCRYPTED_SECRET_P_UNMARSHAL, TPMT_SYM_DEF_OBJECT_P_UNMARSHAL + ADD_FLAG, END_OF_LIST, TPM2B_PRIVATE_P_MARSHAL, END_OF_LIST} }; #define _ImportDataAddress (&_ImportData) #else #define _ImportDataAddress 0 #endif // CC_Import #if CC_RSA_Encrypt #include "RSA_Encrypt_fp.h" typedef TPM_RC (RSA_Encrypt_Entry)( RSA_Encrypt_In *in, RSA_Encrypt_Out *out ); typedef const struct { RSA_Encrypt_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[3]; BYTE types[7]; } RSA_Encrypt_COMMAND_DESCRIPTOR_t; RSA_Encrypt_COMMAND_DESCRIPTOR_t _RSA_EncryptData = { /* entry */ &TPM2_RSA_Encrypt, /* inSize */ (UINT16)(sizeof(RSA_Encrypt_In)), /* outSize */ (UINT16)(sizeof(RSA_Encrypt_Out)), /* offsetOfTypes */ offsetof(RSA_Encrypt_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(RSA_Encrypt_In, message)), (UINT16)(offsetof(RSA_Encrypt_In, inScheme)), (UINT16)(offsetof(RSA_Encrypt_In, label))}, /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, TPM2B_PUBLIC_KEY_RSA_P_UNMARSHAL, TPMT_RSA_DECRYPT_P_UNMARSHAL + ADD_FLAG, TPM2B_DATA_P_UNMARSHAL, END_OF_LIST, TPM2B_PUBLIC_KEY_RSA_P_MARSHAL, END_OF_LIST} }; #define _RSA_EncryptDataAddress (&_RSA_EncryptData) #else #define _RSA_EncryptDataAddress 0 #endif // CC_RSA_Encrypt #if CC_RSA_Decrypt #include "RSA_Decrypt_fp.h" typedef TPM_RC (RSA_Decrypt_Entry)( RSA_Decrypt_In *in, RSA_Decrypt_Out *out ); typedef const struct { RSA_Decrypt_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[3]; BYTE types[7]; } RSA_Decrypt_COMMAND_DESCRIPTOR_t; RSA_Decrypt_COMMAND_DESCRIPTOR_t _RSA_DecryptData = { /* entry */ &TPM2_RSA_Decrypt, /* inSize */ (UINT16)(sizeof(RSA_Decrypt_In)), /* outSize */ (UINT16)(sizeof(RSA_Decrypt_Out)), /* offsetOfTypes */ offsetof(RSA_Decrypt_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(RSA_Decrypt_In, cipherText)), (UINT16)(offsetof(RSA_Decrypt_In, inScheme)), (UINT16)(offsetof(RSA_Decrypt_In, label))}, /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, TPM2B_PUBLIC_KEY_RSA_P_UNMARSHAL, TPMT_RSA_DECRYPT_P_UNMARSHAL + ADD_FLAG, TPM2B_DATA_P_UNMARSHAL, END_OF_LIST, TPM2B_PUBLIC_KEY_RSA_P_MARSHAL, END_OF_LIST} }; #define _RSA_DecryptDataAddress (&_RSA_DecryptData) #else #define _RSA_DecryptDataAddress 0 #endif // CC_RSA_Decrypt #if CC_ECDH_KeyGen #include "ECDH_KeyGen_fp.h" typedef TPM_RC (ECDH_KeyGen_Entry)( ECDH_KeyGen_In *in, ECDH_KeyGen_Out *out ); typedef const struct { ECDH_KeyGen_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[1]; BYTE types[5]; } ECDH_KeyGen_COMMAND_DESCRIPTOR_t; ECDH_KeyGen_COMMAND_DESCRIPTOR_t _ECDH_KeyGenData = { /* entry */ &TPM2_ECDH_KeyGen, /* inSize */ (UINT16)(sizeof(ECDH_KeyGen_In)), /* outSize */ (UINT16)(sizeof(ECDH_KeyGen_Out)), /* offsetOfTypes */ offsetof(ECDH_KeyGen_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(ECDH_KeyGen_Out, pubPoint))}, /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, END_OF_LIST, TPM2B_ECC_POINT_P_MARSHAL, TPM2B_ECC_POINT_P_MARSHAL, END_OF_LIST} }; #define _ECDH_KeyGenDataAddress (&_ECDH_KeyGenData) #else #define _ECDH_KeyGenDataAddress 0 #endif // CC_ECDH_KeyGen #if CC_ECDH_ZGen #include "ECDH_ZGen_fp.h" typedef TPM_RC (ECDH_ZGen_Entry)( ECDH_ZGen_In *in, ECDH_ZGen_Out *out ); typedef const struct { ECDH_ZGen_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[1]; BYTE types[5]; } ECDH_ZGen_COMMAND_DESCRIPTOR_t; ECDH_ZGen_COMMAND_DESCRIPTOR_t _ECDH_ZGenData = { /* entry */ &TPM2_ECDH_ZGen, /* inSize */ (UINT16)(sizeof(ECDH_ZGen_In)), /* outSize */ (UINT16)(sizeof(ECDH_ZGen_Out)), /* offsetOfTypes */ offsetof(ECDH_ZGen_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(ECDH_ZGen_In, inPoint))}, /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, TPM2B_ECC_POINT_P_UNMARSHAL, END_OF_LIST, TPM2B_ECC_POINT_P_MARSHAL, END_OF_LIST} }; #define _ECDH_ZGenDataAddress (&_ECDH_ZGenData) #else #define _ECDH_ZGenDataAddress 0 #endif // CC_ECDH_ZGen #if CC_ECC_Parameters #include "ECC_Parameters_fp.h" typedef TPM_RC (ECC_Parameters_Entry)( ECC_Parameters_In *in, ECC_Parameters_Out *out ); typedef const struct { ECC_Parameters_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; BYTE types[4]; } ECC_Parameters_COMMAND_DESCRIPTOR_t; ECC_Parameters_COMMAND_DESCRIPTOR_t _ECC_ParametersData = { /* entry */ &TPM2_ECC_Parameters, /* inSize */ (UINT16)(sizeof(ECC_Parameters_In)), /* outSize */ (UINT16)(sizeof(ECC_Parameters_Out)), /* offsetOfTypes */ offsetof(ECC_Parameters_COMMAND_DESCRIPTOR_t, types), /* offsets */ // No parameter offsets; /* types */ {TPMI_ECC_CURVE_P_UNMARSHAL, END_OF_LIST, TPMS_ALGORITHM_DETAIL_ECC_P_MARSHAL, END_OF_LIST} }; #define _ECC_ParametersDataAddress (&_ECC_ParametersData) #else #define _ECC_ParametersDataAddress 0 #endif // CC_ECC_Parameters #if CC_ZGen_2Phase #include "ZGen_2Phase_fp.h" typedef TPM_RC (ZGen_2Phase_Entry)( ZGen_2Phase_In *in, ZGen_2Phase_Out *out ); typedef const struct { ZGen_2Phase_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[5]; BYTE types[9]; } ZGen_2Phase_COMMAND_DESCRIPTOR_t; ZGen_2Phase_COMMAND_DESCRIPTOR_t _ZGen_2PhaseData = { /* entry */ &TPM2_ZGen_2Phase, /* inSize */ (UINT16)(sizeof(ZGen_2Phase_In)), /* outSize */ (UINT16)(sizeof(ZGen_2Phase_Out)), /* offsetOfTypes */ offsetof(ZGen_2Phase_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(ZGen_2Phase_In, inQsB)), (UINT16)(offsetof(ZGen_2Phase_In, inQeB)), (UINT16)(offsetof(ZGen_2Phase_In, inScheme)), (UINT16)(offsetof(ZGen_2Phase_In, counter)), (UINT16)(offsetof(ZGen_2Phase_Out, outZ2))}, /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, TPM2B_ECC_POINT_P_UNMARSHAL, TPM2B_ECC_POINT_P_UNMARSHAL, TPMI_ECC_KEY_EXCHANGE_P_UNMARSHAL, UINT16_P_UNMARSHAL, END_OF_LIST, TPM2B_ECC_POINT_P_MARSHAL, TPM2B_ECC_POINT_P_MARSHAL, END_OF_LIST} }; #define _ZGen_2PhaseDataAddress (&_ZGen_2PhaseData) #else #define _ZGen_2PhaseDataAddress 0 #endif // CC_ZGen_2Phase #if CC_EncryptDecrypt #include "EncryptDecrypt_fp.h" typedef TPM_RC (EncryptDecrypt_Entry)( EncryptDecrypt_In *in, EncryptDecrypt_Out *out ); typedef const struct { EncryptDecrypt_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[5]; BYTE types[9]; } EncryptDecrypt_COMMAND_DESCRIPTOR_t; EncryptDecrypt_COMMAND_DESCRIPTOR_t _EncryptDecryptData = { /* entry */ &TPM2_EncryptDecrypt, /* inSize */ (UINT16)(sizeof(EncryptDecrypt_In)), /* outSize */ (UINT16)(sizeof(EncryptDecrypt_Out)), /* offsetOfTypes */ offsetof(EncryptDecrypt_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(EncryptDecrypt_In, decrypt)), (UINT16)(offsetof(EncryptDecrypt_In, mode)), (UINT16)(offsetof(EncryptDecrypt_In, ivIn)), (UINT16)(offsetof(EncryptDecrypt_In, inData)), (UINT16)(offsetof(EncryptDecrypt_Out, ivOut))}, /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, TPMI_YES_NO_P_UNMARSHAL, TPMI_ALG_CIPHER_MODE_P_UNMARSHAL + ADD_FLAG, TPM2B_IV_P_UNMARSHAL, TPM2B_MAX_BUFFER_P_UNMARSHAL, END_OF_LIST, TPM2B_MAX_BUFFER_P_MARSHAL, TPM2B_IV_P_MARSHAL, END_OF_LIST} }; #define _EncryptDecryptDataAddress (&_EncryptDecryptData) #else #define _EncryptDecryptDataAddress 0 #endif // CC_EncryptDecrypt #if CC_EncryptDecrypt2 #include "EncryptDecrypt2_fp.h" typedef TPM_RC (EncryptDecrypt2_Entry)( EncryptDecrypt2_In *in, EncryptDecrypt2_Out *out ); typedef const struct { EncryptDecrypt2_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[5]; BYTE types[9]; } EncryptDecrypt2_COMMAND_DESCRIPTOR_t; EncryptDecrypt2_COMMAND_DESCRIPTOR_t _EncryptDecrypt2Data = { /* entry */ &TPM2_EncryptDecrypt2, /* inSize */ (UINT16)(sizeof(EncryptDecrypt2_In)), /* outSize */ (UINT16)(sizeof(EncryptDecrypt2_Out)), /* offsetOfTypes */ offsetof(EncryptDecrypt2_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(EncryptDecrypt2_In, inData)), (UINT16)(offsetof(EncryptDecrypt2_In, decrypt)), (UINT16)(offsetof(EncryptDecrypt2_In, mode)), (UINT16)(offsetof(EncryptDecrypt2_In, ivIn)), (UINT16)(offsetof(EncryptDecrypt2_Out, ivOut))}, /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, TPM2B_MAX_BUFFER_P_UNMARSHAL, TPMI_YES_NO_P_UNMARSHAL, TPMI_ALG_CIPHER_MODE_P_UNMARSHAL + ADD_FLAG, TPM2B_IV_P_UNMARSHAL, END_OF_LIST, TPM2B_MAX_BUFFER_P_MARSHAL, TPM2B_IV_P_MARSHAL, END_OF_LIST} }; #define _EncryptDecrypt2DataAddress (&_EncryptDecrypt2Data) #else #define _EncryptDecrypt2DataAddress 0 #endif // CC_EncryptDecrypt2 #if CC_Hash #include "Hash_fp.h" typedef TPM_RC (Hash_Entry)( Hash_In *in, Hash_Out *out ); typedef const struct { Hash_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[3]; BYTE types[7]; } Hash_COMMAND_DESCRIPTOR_t; Hash_COMMAND_DESCRIPTOR_t _HashData = { /* entry */ &TPM2_Hash, /* inSize */ (UINT16)(sizeof(Hash_In)), /* outSize */ (UINT16)(sizeof(Hash_Out)), /* offsetOfTypes */ offsetof(Hash_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(Hash_In, hashAlg)), (UINT16)(offsetof(Hash_In, hierarchy)), (UINT16)(offsetof(Hash_Out, validation))}, /* types */ {TPM2B_MAX_BUFFER_P_UNMARSHAL, TPMI_ALG_HASH_P_UNMARSHAL, TPMI_RH_HIERARCHY_P_UNMARSHAL + ADD_FLAG, END_OF_LIST, TPM2B_DIGEST_P_MARSHAL, TPMT_TK_HASHCHECK_P_MARSHAL, END_OF_LIST} }; #define _HashDataAddress (&_HashData) #else #define _HashDataAddress 0 #endif // CC_Hash #if CC_HMAC #include "HMAC_fp.h" typedef TPM_RC (HMAC_Entry)( HMAC_In *in, HMAC_Out *out ); typedef const struct { HMAC_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[2]; BYTE types[6]; } HMAC_COMMAND_DESCRIPTOR_t; HMAC_COMMAND_DESCRIPTOR_t _HMACData = { /* entry */ &TPM2_HMAC, /* inSize */ (UINT16)(sizeof(HMAC_In)), /* outSize */ (UINT16)(sizeof(HMAC_Out)), /* offsetOfTypes */ offsetof(HMAC_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(HMAC_In, buffer)), (UINT16)(offsetof(HMAC_In, hashAlg))}, /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, TPM2B_MAX_BUFFER_P_UNMARSHAL, TPMI_ALG_HASH_P_UNMARSHAL + ADD_FLAG, END_OF_LIST, TPM2B_DIGEST_P_MARSHAL, END_OF_LIST} }; #define _HMACDataAddress (&_HMACData) #else #define _HMACDataAddress 0 #endif // CC_HMAC #if CC_MAC #include "MAC_fp.h" typedef TPM_RC (MAC_Entry)( MAC_In *in, MAC_Out *out ); typedef const struct { MAC_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[2]; BYTE types[6]; } MAC_COMMAND_DESCRIPTOR_t; MAC_COMMAND_DESCRIPTOR_t _MACData = { /* entry */ &TPM2_MAC, /* inSize */ (UINT16)(sizeof(MAC_In)), /* outSize */ (UINT16)(sizeof(MAC_Out)), /* offsetOfTypes */ offsetof(MAC_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(MAC_In, buffer)), (UINT16)(offsetof(MAC_In, inScheme))}, /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, TPM2B_MAX_BUFFER_P_UNMARSHAL, TPMI_ALG_MAC_SCHEME_P_UNMARSHAL + ADD_FLAG, END_OF_LIST, TPM2B_DIGEST_P_MARSHAL, END_OF_LIST} }; #define _MACDataAddress (&_MACData) #else #define _MACDataAddress 0 #endif // CC_MAC #if CC_GetRandom #include "GetRandom_fp.h" typedef TPM_RC (GetRandom_Entry)( GetRandom_In *in, GetRandom_Out *out ); typedef const struct { GetRandom_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; BYTE types[4]; } GetRandom_COMMAND_DESCRIPTOR_t; GetRandom_COMMAND_DESCRIPTOR_t _GetRandomData = { /* entry */ &TPM2_GetRandom, /* inSize */ (UINT16)(sizeof(GetRandom_In)), /* outSize */ (UINT16)(sizeof(GetRandom_Out)), /* offsetOfTypes */ offsetof(GetRandom_COMMAND_DESCRIPTOR_t, types), /* offsets */ // No parameter offsets; /* types */ {UINT16_P_UNMARSHAL, END_OF_LIST, TPM2B_DIGEST_P_MARSHAL, END_OF_LIST} }; #define _GetRandomDataAddress (&_GetRandomData) #else #define _GetRandomDataAddress 0 #endif // CC_GetRandom #if CC_StirRandom #include "StirRandom_fp.h" typedef TPM_RC (StirRandom_Entry)( StirRandom_In *in ); typedef const struct { StirRandom_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; BYTE types[3]; } StirRandom_COMMAND_DESCRIPTOR_t; StirRandom_COMMAND_DESCRIPTOR_t _StirRandomData = { /* entry */ &TPM2_StirRandom, /* inSize */ (UINT16)(sizeof(StirRandom_In)), /* outSize */ 0, /* offsetOfTypes */ offsetof(StirRandom_COMMAND_DESCRIPTOR_t, types), /* offsets */ // No parameter offsets; /* types */ {TPM2B_SENSITIVE_DATA_P_UNMARSHAL, END_OF_LIST, END_OF_LIST} }; #define _StirRandomDataAddress (&_StirRandomData) #else #define _StirRandomDataAddress 0 #endif // CC_StirRandom #if CC_HMAC_Start #include "HMAC_Start_fp.h" typedef TPM_RC (HMAC_Start_Entry)( HMAC_Start_In *in, HMAC_Start_Out *out ); typedef const struct { HMAC_Start_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[2]; BYTE types[6]; } HMAC_Start_COMMAND_DESCRIPTOR_t; HMAC_Start_COMMAND_DESCRIPTOR_t _HMAC_StartData = { /* entry */ &TPM2_HMAC_Start, /* inSize */ (UINT16)(sizeof(HMAC_Start_In)), /* outSize */ (UINT16)(sizeof(HMAC_Start_Out)), /* offsetOfTypes */ offsetof(HMAC_Start_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(HMAC_Start_In, auth)), (UINT16)(offsetof(HMAC_Start_In, hashAlg))}, /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, TPM2B_AUTH_P_UNMARSHAL, TPMI_ALG_HASH_P_UNMARSHAL + ADD_FLAG, END_OF_LIST, TPMI_DH_OBJECT_H_MARSHAL, END_OF_LIST} }; #define _HMAC_StartDataAddress (&_HMAC_StartData) #else #define _HMAC_StartDataAddress 0 #endif // CC_HMAC_Start #if CC_MAC_Start #include "MAC_Start_fp.h" typedef TPM_RC (MAC_Start_Entry)( MAC_Start_In *in, MAC_Start_Out *out ); typedef const struct { MAC_Start_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[2]; BYTE types[6]; } MAC_Start_COMMAND_DESCRIPTOR_t; MAC_Start_COMMAND_DESCRIPTOR_t _MAC_StartData = { /* entry */ &TPM2_MAC_Start, /* inSize */ (UINT16)(sizeof(MAC_Start_In)), /* outSize */ (UINT16)(sizeof(MAC_Start_Out)), /* offsetOfTypes */ offsetof(MAC_Start_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(MAC_Start_In, auth)), (UINT16)(offsetof(MAC_Start_In, inScheme))}, /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, TPM2B_AUTH_P_UNMARSHAL, TPMI_ALG_MAC_SCHEME_P_UNMARSHAL + ADD_FLAG, END_OF_LIST, TPMI_DH_OBJECT_H_MARSHAL, END_OF_LIST} }; #define _MAC_StartDataAddress (&_MAC_StartData) #else #define _MAC_StartDataAddress 0 #endif // CC_MAC_Start #if CC_HashSequenceStart #include "HashSequenceStart_fp.h" typedef TPM_RC (HashSequenceStart_Entry)( HashSequenceStart_In *in, HashSequenceStart_Out *out ); typedef const struct { HashSequenceStart_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[1]; BYTE types[5]; } HashSequenceStart_COMMAND_DESCRIPTOR_t; HashSequenceStart_COMMAND_DESCRIPTOR_t _HashSequenceStartData = { /* entry */ &TPM2_HashSequenceStart, /* inSize */ (UINT16)(sizeof(HashSequenceStart_In)), /* outSize */ (UINT16)(sizeof(HashSequenceStart_Out)), /* offsetOfTypes */ offsetof(HashSequenceStart_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(HashSequenceStart_In, hashAlg))}, /* types */ {TPM2B_AUTH_P_UNMARSHAL, TPMI_ALG_HASH_P_UNMARSHAL + ADD_FLAG, END_OF_LIST, TPMI_DH_OBJECT_H_MARSHAL, END_OF_LIST} }; #define _HashSequenceStartDataAddress (&_HashSequenceStartData) #else #define _HashSequenceStartDataAddress 0 #endif // CC_HashSequenceStart #if CC_SequenceUpdate #include "SequenceUpdate_fp.h" typedef TPM_RC (SequenceUpdate_Entry)( SequenceUpdate_In *in ); typedef const struct { SequenceUpdate_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[1]; BYTE types[4]; } SequenceUpdate_COMMAND_DESCRIPTOR_t; SequenceUpdate_COMMAND_DESCRIPTOR_t _SequenceUpdateData = { /* entry */ &TPM2_SequenceUpdate, /* inSize */ (UINT16)(sizeof(SequenceUpdate_In)), /* outSize */ 0, /* offsetOfTypes */ offsetof(SequenceUpdate_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(SequenceUpdate_In, buffer))}, /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, TPM2B_MAX_BUFFER_P_UNMARSHAL, END_OF_LIST, END_OF_LIST} }; #define _SequenceUpdateDataAddress (&_SequenceUpdateData) #else #define _SequenceUpdateDataAddress 0 #endif // CC_SequenceUpdate #if CC_SequenceComplete #include "SequenceComplete_fp.h" typedef TPM_RC (SequenceComplete_Entry)( SequenceComplete_In *in, SequenceComplete_Out *out ); typedef const struct { SequenceComplete_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[3]; BYTE types[7]; } SequenceComplete_COMMAND_DESCRIPTOR_t; SequenceComplete_COMMAND_DESCRIPTOR_t _SequenceCompleteData = { /* entry */ &TPM2_SequenceComplete, /* inSize */ (UINT16)(sizeof(SequenceComplete_In)), /* outSize */ (UINT16)(sizeof(SequenceComplete_Out)), /* offsetOfTypes */ offsetof(SequenceComplete_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(SequenceComplete_In, buffer)), (UINT16)(offsetof(SequenceComplete_In, hierarchy)), (UINT16)(offsetof(SequenceComplete_Out, validation))}, /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, TPM2B_MAX_BUFFER_P_UNMARSHAL, TPMI_RH_HIERARCHY_P_UNMARSHAL + ADD_FLAG, END_OF_LIST, TPM2B_DIGEST_P_MARSHAL, TPMT_TK_HASHCHECK_P_MARSHAL, END_OF_LIST} }; #define _SequenceCompleteDataAddress (&_SequenceCompleteData) #else #define _SequenceCompleteDataAddress 0 #endif // CC_SequenceComplete #if CC_EventSequenceComplete #include "EventSequenceComplete_fp.h" typedef TPM_RC (EventSequenceComplete_Entry)( EventSequenceComplete_In *in, EventSequenceComplete_Out *out ); typedef const struct { EventSequenceComplete_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[2]; BYTE types[6]; } EventSequenceComplete_COMMAND_DESCRIPTOR_t; EventSequenceComplete_COMMAND_DESCRIPTOR_t _EventSequenceCompleteData = { /* entry */ &TPM2_EventSequenceComplete, /* inSize */ (UINT16)(sizeof(EventSequenceComplete_In)), /* outSize */ (UINT16)(sizeof(EventSequenceComplete_Out)), /* offsetOfTypes */ offsetof(EventSequenceComplete_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(EventSequenceComplete_In, sequenceHandle)), (UINT16)(offsetof(EventSequenceComplete_In, buffer))}, /* types */ {TPMI_DH_PCR_H_UNMARSHAL + ADD_FLAG, TPMI_DH_OBJECT_H_UNMARSHAL, TPM2B_MAX_BUFFER_P_UNMARSHAL, END_OF_LIST, TPML_DIGEST_VALUES_P_MARSHAL, END_OF_LIST} }; #define _EventSequenceCompleteDataAddress (&_EventSequenceCompleteData) #else #define _EventSequenceCompleteDataAddress 0 #endif // CC_EventSequenceComplete #if CC_Certify #include "Certify_fp.h" typedef TPM_RC (Certify_Entry)( Certify_In *in, Certify_Out *out ); typedef const struct { Certify_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[4]; BYTE types[8]; } Certify_COMMAND_DESCRIPTOR_t; Certify_COMMAND_DESCRIPTOR_t _CertifyData = { /* entry */ &TPM2_Certify, /* inSize */ (UINT16)(sizeof(Certify_In)), /* outSize */ (UINT16)(sizeof(Certify_Out)), /* offsetOfTypes */ offsetof(Certify_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(Certify_In, signHandle)), (UINT16)(offsetof(Certify_In, qualifyingData)), (UINT16)(offsetof(Certify_In, inScheme)), (UINT16)(offsetof(Certify_Out, signature))}, /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, TPM2B_DATA_P_UNMARSHAL, TPMT_SIG_SCHEME_P_UNMARSHAL + ADD_FLAG, END_OF_LIST, TPM2B_ATTEST_P_MARSHAL, TPMT_SIGNATURE_P_MARSHAL, END_OF_LIST} }; #define _CertifyDataAddress (&_CertifyData) #else #define _CertifyDataAddress 0 #endif // CC_Certify #if CC_CertifyCreation #include "CertifyCreation_fp.h" typedef TPM_RC (CertifyCreation_Entry)( CertifyCreation_In *in, CertifyCreation_Out *out ); typedef const struct { CertifyCreation_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[6]; BYTE types[10]; } CertifyCreation_COMMAND_DESCRIPTOR_t; CertifyCreation_COMMAND_DESCRIPTOR_t _CertifyCreationData = { /* entry */ &TPM2_CertifyCreation, /* inSize */ (UINT16)(sizeof(CertifyCreation_In)), /* outSize */ (UINT16)(sizeof(CertifyCreation_Out)), /* offsetOfTypes */ offsetof(CertifyCreation_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(CertifyCreation_In, objectHandle)), (UINT16)(offsetof(CertifyCreation_In, qualifyingData)), (UINT16)(offsetof(CertifyCreation_In, creationHash)), (UINT16)(offsetof(CertifyCreation_In, inScheme)), (UINT16)(offsetof(CertifyCreation_In, creationTicket)), (UINT16)(offsetof(CertifyCreation_Out, signature))}, /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, TPMI_DH_OBJECT_H_UNMARSHAL, TPM2B_DATA_P_UNMARSHAL, TPM2B_DIGEST_P_UNMARSHAL, TPMT_SIG_SCHEME_P_UNMARSHAL + ADD_FLAG, TPMT_TK_CREATION_P_UNMARSHAL, END_OF_LIST, TPM2B_ATTEST_P_MARSHAL, TPMT_SIGNATURE_P_MARSHAL, END_OF_LIST} }; #define _CertifyCreationDataAddress (&_CertifyCreationData) #else #define _CertifyCreationDataAddress 0 #endif // CC_CertifyCreation #if CC_Quote #include "Quote_fp.h" typedef TPM_RC (Quote_Entry)( Quote_In *in, Quote_Out *out ); typedef const struct { Quote_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[4]; BYTE types[8]; } Quote_COMMAND_DESCRIPTOR_t; Quote_COMMAND_DESCRIPTOR_t _QuoteData = { /* entry */ &TPM2_Quote, /* inSize */ (UINT16)(sizeof(Quote_In)), /* outSize */ (UINT16)(sizeof(Quote_Out)), /* offsetOfTypes */ offsetof(Quote_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(Quote_In, qualifyingData)), (UINT16)(offsetof(Quote_In, inScheme)), (UINT16)(offsetof(Quote_In, PCRselect)), (UINT16)(offsetof(Quote_Out, signature))}, /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, TPM2B_DATA_P_UNMARSHAL, TPMT_SIG_SCHEME_P_UNMARSHAL + ADD_FLAG, TPML_PCR_SELECTION_P_UNMARSHAL, END_OF_LIST, TPM2B_ATTEST_P_MARSHAL, TPMT_SIGNATURE_P_MARSHAL, END_OF_LIST} }; #define _QuoteDataAddress (&_QuoteData) #else #define _QuoteDataAddress 0 #endif // CC_Quote #if CC_GetSessionAuditDigest #include "GetSessionAuditDigest_fp.h" typedef TPM_RC (GetSessionAuditDigest_Entry)( GetSessionAuditDigest_In *in, GetSessionAuditDigest_Out *out ); typedef const struct { GetSessionAuditDigest_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[5]; BYTE types[9]; } GetSessionAuditDigest_COMMAND_DESCRIPTOR_t; GetSessionAuditDigest_COMMAND_DESCRIPTOR_t _GetSessionAuditDigestData = { /* entry */ &TPM2_GetSessionAuditDigest, /* inSize */ (UINT16)(sizeof(GetSessionAuditDigest_In)), /* outSize */ (UINT16)(sizeof(GetSessionAuditDigest_Out)), /* offsetOfTypes */ offsetof(GetSessionAuditDigest_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(GetSessionAuditDigest_In, signHandle)), (UINT16)(offsetof(GetSessionAuditDigest_In, sessionHandle)), (UINT16)(offsetof(GetSessionAuditDigest_In, qualifyingData)), (UINT16)(offsetof(GetSessionAuditDigest_In, inScheme)), (UINT16)(offsetof(GetSessionAuditDigest_Out, signature))}, /* types */ {TPMI_RH_ENDORSEMENT_H_UNMARSHAL, TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, TPMI_SH_HMAC_H_UNMARSHAL, TPM2B_DATA_P_UNMARSHAL, TPMT_SIG_SCHEME_P_UNMARSHAL + ADD_FLAG, END_OF_LIST, TPM2B_ATTEST_P_MARSHAL, TPMT_SIGNATURE_P_MARSHAL, END_OF_LIST} }; #define _GetSessionAuditDigestDataAddress (&_GetSessionAuditDigestData) #else #define _GetSessionAuditDigestDataAddress 0 #endif // CC_GetSessionAuditDigest #if CC_GetCommandAuditDigest #include "GetCommandAuditDigest_fp.h" typedef TPM_RC (GetCommandAuditDigest_Entry)( GetCommandAuditDigest_In *in, GetCommandAuditDigest_Out *out ); typedef const struct { GetCommandAuditDigest_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[4]; BYTE types[8]; } GetCommandAuditDigest_COMMAND_DESCRIPTOR_t; GetCommandAuditDigest_COMMAND_DESCRIPTOR_t _GetCommandAuditDigestData = { /* entry */ &TPM2_GetCommandAuditDigest, /* inSize */ (UINT16)(sizeof(GetCommandAuditDigest_In)), /* outSize */ (UINT16)(sizeof(GetCommandAuditDigest_Out)), /* offsetOfTypes */ offsetof(GetCommandAuditDigest_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(GetCommandAuditDigest_In, signHandle)), (UINT16)(offsetof(GetCommandAuditDigest_In, qualifyingData)), (UINT16)(offsetof(GetCommandAuditDigest_In, inScheme)), (UINT16)(offsetof(GetCommandAuditDigest_Out, signature))}, /* types */ {TPMI_RH_ENDORSEMENT_H_UNMARSHAL, TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, TPM2B_DATA_P_UNMARSHAL, TPMT_SIG_SCHEME_P_UNMARSHAL + ADD_FLAG, END_OF_LIST, TPM2B_ATTEST_P_MARSHAL, TPMT_SIGNATURE_P_MARSHAL, END_OF_LIST} }; #define _GetCommandAuditDigestDataAddress (&_GetCommandAuditDigestData) #else #define _GetCommandAuditDigestDataAddress 0 #endif // CC_GetCommandAuditDigest #if CC_GetTime #include "GetTime_fp.h" typedef TPM_RC (GetTime_Entry)( GetTime_In *in, GetTime_Out *out ); typedef const struct { GetTime_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[4]; BYTE types[8]; } GetTime_COMMAND_DESCRIPTOR_t; GetTime_COMMAND_DESCRIPTOR_t _GetTimeData = { /* entry */ &TPM2_GetTime, /* inSize */ (UINT16)(sizeof(GetTime_In)), /* outSize */ (UINT16)(sizeof(GetTime_Out)), /* offsetOfTypes */ offsetof(GetTime_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(GetTime_In, signHandle)), (UINT16)(offsetof(GetTime_In, qualifyingData)), (UINT16)(offsetof(GetTime_In, inScheme)), (UINT16)(offsetof(GetTime_Out, signature))}, /* types */ {TPMI_RH_ENDORSEMENT_H_UNMARSHAL, TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, TPM2B_DATA_P_UNMARSHAL, TPMT_SIG_SCHEME_P_UNMARSHAL + ADD_FLAG, END_OF_LIST, TPM2B_ATTEST_P_MARSHAL, TPMT_SIGNATURE_P_MARSHAL, END_OF_LIST} }; #define _GetTimeDataAddress (&_GetTimeData) #else #define _GetTimeDataAddress 0 #endif // CC_GetTime #if CC_CertifyX509 #include "CertifyX509_fp.h" typedef TPM_RC (CertifyX509_Entry)( CertifyX509_In *in, CertifyX509_Out *out ); typedef const struct { CertifyX509_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[6]; BYTE types[10]; } CertifyX509_COMMAND_DESCRIPTOR_t; CertifyX509_COMMAND_DESCRIPTOR_t _CertifyX509Data = { /* entry */ &TPM2_CertifyX509, /* inSize */ (UINT16)(sizeof(CertifyX509_In)), /* outSize */ (UINT16)(sizeof(CertifyX509_Out)), /* offsetOfTypes */ offsetof(CertifyX509_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(CertifyX509_In, signHandle)), (UINT16)(offsetof(CertifyX509_In, qualifyingData)), (UINT16)(offsetof(CertifyX509_In, inScheme)), (UINT16)(offsetof(CertifyX509_In, partialCertificate)), (UINT16)(offsetof(CertifyX509_Out, tbsDigest)), (UINT16)(offsetof(CertifyX509_Out, signature))}, /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, TPM2B_DATA_P_UNMARSHAL, TPMT_SIG_SCHEME_P_UNMARSHAL + ADD_FLAG, TPM2B_MAX_BUFFER_P_UNMARSHAL, END_OF_LIST, TPM2B_MAX_BUFFER_P_MARSHAL, TPM2B_DIGEST_P_MARSHAL, TPMT_SIGNATURE_P_MARSHAL, END_OF_LIST} }; #define _CertifyX509DataAddress (&_CertifyX509Data) #else #define _CertifyX509DataAddress 0 #endif // CC_CertifyX509 #if CC_Commit #include "Commit_fp.h" typedef TPM_RC (Commit_Entry)( Commit_In *in, Commit_Out *out ); typedef const struct { Commit_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[6]; BYTE types[10]; } Commit_COMMAND_DESCRIPTOR_t; Commit_COMMAND_DESCRIPTOR_t _CommitData = { /* entry */ &TPM2_Commit, /* inSize */ (UINT16)(sizeof(Commit_In)), /* outSize */ (UINT16)(sizeof(Commit_Out)), /* offsetOfTypes */ offsetof(Commit_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(Commit_In, P1)), (UINT16)(offsetof(Commit_In, s2)), (UINT16)(offsetof(Commit_In, y2)), (UINT16)(offsetof(Commit_Out, L)), (UINT16)(offsetof(Commit_Out, E)), (UINT16)(offsetof(Commit_Out, counter))}, /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, TPM2B_ECC_POINT_P_UNMARSHAL, TPM2B_SENSITIVE_DATA_P_UNMARSHAL, TPM2B_ECC_PARAMETER_P_UNMARSHAL, END_OF_LIST, TPM2B_ECC_POINT_P_MARSHAL, TPM2B_ECC_POINT_P_MARSHAL, TPM2B_ECC_POINT_P_MARSHAL, UINT16_P_MARSHAL, END_OF_LIST} }; #define _CommitDataAddress (&_CommitData) #else #define _CommitDataAddress 0 #endif // CC_Commit #if CC_EC_Ephemeral #include "EC_Ephemeral_fp.h" typedef TPM_RC (EC_Ephemeral_Entry)( EC_Ephemeral_In *in, EC_Ephemeral_Out *out ); typedef const struct { EC_Ephemeral_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[1]; BYTE types[5]; } EC_Ephemeral_COMMAND_DESCRIPTOR_t; EC_Ephemeral_COMMAND_DESCRIPTOR_t _EC_EphemeralData = { /* entry */ &TPM2_EC_Ephemeral, /* inSize */ (UINT16)(sizeof(EC_Ephemeral_In)), /* outSize */ (UINT16)(sizeof(EC_Ephemeral_Out)), /* offsetOfTypes */ offsetof(EC_Ephemeral_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(EC_Ephemeral_Out, counter))}, /* types */ {TPMI_ECC_CURVE_P_UNMARSHAL, END_OF_LIST, TPM2B_ECC_POINT_P_MARSHAL, UINT16_P_MARSHAL, END_OF_LIST} }; #define _EC_EphemeralDataAddress (&_EC_EphemeralData) #else #define _EC_EphemeralDataAddress 0 #endif // CC_EC_Ephemeral #if CC_VerifySignature #include "VerifySignature_fp.h" typedef TPM_RC (VerifySignature_Entry)( VerifySignature_In *in, VerifySignature_Out *out ); typedef const struct { VerifySignature_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[2]; BYTE types[6]; } VerifySignature_COMMAND_DESCRIPTOR_t; VerifySignature_COMMAND_DESCRIPTOR_t _VerifySignatureData = { /* entry */ &TPM2_VerifySignature, /* inSize */ (UINT16)(sizeof(VerifySignature_In)), /* outSize */ (UINT16)(sizeof(VerifySignature_Out)), /* offsetOfTypes */ offsetof(VerifySignature_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(VerifySignature_In, digest)), (UINT16)(offsetof(VerifySignature_In, signature))}, /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, TPM2B_DIGEST_P_UNMARSHAL, TPMT_SIGNATURE_P_UNMARSHAL, END_OF_LIST, TPMT_TK_VERIFIED_P_MARSHAL, END_OF_LIST} }; #define _VerifySignatureDataAddress (&_VerifySignatureData) #else #define _VerifySignatureDataAddress 0 #endif // CC_VerifySignature #if CC_Sign #include "Sign_fp.h" typedef TPM_RC (Sign_Entry)( Sign_In *in, Sign_Out *out ); typedef const struct { Sign_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[3]; BYTE types[7]; } Sign_COMMAND_DESCRIPTOR_t; Sign_COMMAND_DESCRIPTOR_t _SignData = { /* entry */ &TPM2_Sign, /* inSize */ (UINT16)(sizeof(Sign_In)), /* outSize */ (UINT16)(sizeof(Sign_Out)), /* offsetOfTypes */ offsetof(Sign_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(Sign_In, digest)), (UINT16)(offsetof(Sign_In, inScheme)), (UINT16)(offsetof(Sign_In, validation))}, /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, TPM2B_DIGEST_P_UNMARSHAL, TPMT_SIG_SCHEME_P_UNMARSHAL + ADD_FLAG, TPMT_TK_HASHCHECK_P_UNMARSHAL, END_OF_LIST, TPMT_SIGNATURE_P_MARSHAL, END_OF_LIST} }; #define _SignDataAddress (&_SignData) #else #define _SignDataAddress 0 #endif // CC_Sign #if CC_SetCommandCodeAuditStatus #include "SetCommandCodeAuditStatus_fp.h" typedef TPM_RC (SetCommandCodeAuditStatus_Entry)( SetCommandCodeAuditStatus_In *in ); typedef const struct { SetCommandCodeAuditStatus_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[3]; BYTE types[6]; } SetCommandCodeAuditStatus_COMMAND_DESCRIPTOR_t; SetCommandCodeAuditStatus_COMMAND_DESCRIPTOR_t _SetCommandCodeAuditStatusData = { /* entry */ &TPM2_SetCommandCodeAuditStatus, /* inSize */ (UINT16)(sizeof(SetCommandCodeAuditStatus_In)), /* outSize */ 0, /* offsetOfTypes */ offsetof(SetCommandCodeAuditStatus_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(SetCommandCodeAuditStatus_In, auditAlg)), (UINT16)(offsetof(SetCommandCodeAuditStatus_In, setList)), (UINT16)(offsetof(SetCommandCodeAuditStatus_In, clearList))}, /* types */ {TPMI_RH_PROVISION_H_UNMARSHAL, TPMI_ALG_HASH_P_UNMARSHAL + ADD_FLAG, TPML_CC_P_UNMARSHAL, TPML_CC_P_UNMARSHAL, END_OF_LIST, END_OF_LIST} }; #define _SetCommandCodeAuditStatusDataAddress (&_SetCommandCodeAuditStatusData) #else #define _SetCommandCodeAuditStatusDataAddress 0 #endif // CC_SetCommandCodeAuditStatus #if CC_PCR_Extend #include "PCR_Extend_fp.h" typedef TPM_RC (PCR_Extend_Entry)( PCR_Extend_In *in ); typedef const struct { PCR_Extend_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[1]; BYTE types[4]; } PCR_Extend_COMMAND_DESCRIPTOR_t; PCR_Extend_COMMAND_DESCRIPTOR_t _PCR_ExtendData = { /* entry */ &TPM2_PCR_Extend, /* inSize */ (UINT16)(sizeof(PCR_Extend_In)), /* outSize */ 0, /* offsetOfTypes */ offsetof(PCR_Extend_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(PCR_Extend_In, digests))}, /* types */ {TPMI_DH_PCR_H_UNMARSHAL + ADD_FLAG, TPML_DIGEST_VALUES_P_UNMARSHAL, END_OF_LIST, END_OF_LIST} }; #define _PCR_ExtendDataAddress (&_PCR_ExtendData) #else #define _PCR_ExtendDataAddress 0 #endif // CC_PCR_Extend #if CC_PCR_Event #include "PCR_Event_fp.h" typedef TPM_RC (PCR_Event_Entry)( PCR_Event_In *in, PCR_Event_Out *out ); typedef const struct { PCR_Event_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[1]; BYTE types[5]; } PCR_Event_COMMAND_DESCRIPTOR_t; PCR_Event_COMMAND_DESCRIPTOR_t _PCR_EventData = { /* entry */ &TPM2_PCR_Event, /* inSize */ (UINT16)(sizeof(PCR_Event_In)), /* outSize */ (UINT16)(sizeof(PCR_Event_Out)), /* offsetOfTypes */ offsetof(PCR_Event_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(PCR_Event_In, eventData))}, /* types */ {TPMI_DH_PCR_H_UNMARSHAL + ADD_FLAG, TPM2B_EVENT_P_UNMARSHAL, END_OF_LIST, TPML_DIGEST_VALUES_P_MARSHAL, END_OF_LIST} }; #define _PCR_EventDataAddress (&_PCR_EventData) #else #define _PCR_EventDataAddress 0 #endif // CC_PCR_Event #if CC_PCR_Read #include "PCR_Read_fp.h" typedef TPM_RC (PCR_Read_Entry)( PCR_Read_In *in, PCR_Read_Out *out ); typedef const struct { PCR_Read_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[2]; BYTE types[6]; } PCR_Read_COMMAND_DESCRIPTOR_t; PCR_Read_COMMAND_DESCRIPTOR_t _PCR_ReadData = { /* entry */ &TPM2_PCR_Read, /* inSize */ (UINT16)(sizeof(PCR_Read_In)), /* outSize */ (UINT16)(sizeof(PCR_Read_Out)), /* offsetOfTypes */ offsetof(PCR_Read_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(PCR_Read_Out, pcrSelectionOut)), (UINT16)(offsetof(PCR_Read_Out, pcrValues))}, /* types */ {TPML_PCR_SELECTION_P_UNMARSHAL, END_OF_LIST, UINT32_P_MARSHAL, TPML_PCR_SELECTION_P_MARSHAL, TPML_DIGEST_P_MARSHAL, END_OF_LIST} }; #define _PCR_ReadDataAddress (&_PCR_ReadData) #else #define _PCR_ReadDataAddress 0 #endif // CC_PCR_Read #if CC_PCR_Allocate #include "PCR_Allocate_fp.h" typedef TPM_RC (PCR_Allocate_Entry)( PCR_Allocate_In *in, PCR_Allocate_Out *out ); typedef const struct { PCR_Allocate_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[4]; BYTE types[8]; } PCR_Allocate_COMMAND_DESCRIPTOR_t; PCR_Allocate_COMMAND_DESCRIPTOR_t _PCR_AllocateData = { /* entry */ &TPM2_PCR_Allocate, /* inSize */ (UINT16)(sizeof(PCR_Allocate_In)), /* outSize */ (UINT16)(sizeof(PCR_Allocate_Out)), /* offsetOfTypes */ offsetof(PCR_Allocate_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(PCR_Allocate_In, pcrAllocation)), (UINT16)(offsetof(PCR_Allocate_Out, maxPCR)), (UINT16)(offsetof(PCR_Allocate_Out, sizeNeeded)), (UINT16)(offsetof(PCR_Allocate_Out, sizeAvailable))}, /* types */ {TPMI_RH_PLATFORM_H_UNMARSHAL, TPML_PCR_SELECTION_P_UNMARSHAL, END_OF_LIST, TPMI_YES_NO_P_MARSHAL, UINT32_P_MARSHAL, UINT32_P_MARSHAL, UINT32_P_MARSHAL, END_OF_LIST} }; #define _PCR_AllocateDataAddress (&_PCR_AllocateData) #else #define _PCR_AllocateDataAddress 0 #endif // CC_PCR_Allocate #if CC_PCR_SetAuthPolicy #include "PCR_SetAuthPolicy_fp.h" typedef TPM_RC (PCR_SetAuthPolicy_Entry)( PCR_SetAuthPolicy_In *in ); typedef const struct { PCR_SetAuthPolicy_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[3]; BYTE types[6]; } PCR_SetAuthPolicy_COMMAND_DESCRIPTOR_t; PCR_SetAuthPolicy_COMMAND_DESCRIPTOR_t _PCR_SetAuthPolicyData = { /* entry */ &TPM2_PCR_SetAuthPolicy, /* inSize */ (UINT16)(sizeof(PCR_SetAuthPolicy_In)), /* outSize */ 0, /* offsetOfTypes */ offsetof(PCR_SetAuthPolicy_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(PCR_SetAuthPolicy_In, authPolicy)), (UINT16)(offsetof(PCR_SetAuthPolicy_In, hashAlg)), (UINT16)(offsetof(PCR_SetAuthPolicy_In, pcrNum))}, /* types */ {TPMI_RH_PLATFORM_H_UNMARSHAL, TPM2B_DIGEST_P_UNMARSHAL, TPMI_ALG_HASH_P_UNMARSHAL + ADD_FLAG, TPMI_DH_PCR_P_UNMARSHAL, END_OF_LIST, END_OF_LIST} }; #define _PCR_SetAuthPolicyDataAddress (&_PCR_SetAuthPolicyData) #else #define _PCR_SetAuthPolicyDataAddress 0 #endif // CC_PCR_SetAuthPolicy #if CC_PCR_SetAuthValue #include "PCR_SetAuthValue_fp.h" typedef TPM_RC (PCR_SetAuthValue_Entry)( PCR_SetAuthValue_In *in ); typedef const struct { PCR_SetAuthValue_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[1]; BYTE types[4]; } PCR_SetAuthValue_COMMAND_DESCRIPTOR_t; PCR_SetAuthValue_COMMAND_DESCRIPTOR_t _PCR_SetAuthValueData = { /* entry */ &TPM2_PCR_SetAuthValue, /* inSize */ (UINT16)(sizeof(PCR_SetAuthValue_In)), /* outSize */ 0, /* offsetOfTypes */ offsetof(PCR_SetAuthValue_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(PCR_SetAuthValue_In, auth))}, /* types */ {TPMI_DH_PCR_H_UNMARSHAL, TPM2B_DIGEST_P_UNMARSHAL, END_OF_LIST, END_OF_LIST} }; #define _PCR_SetAuthValueDataAddress (&_PCR_SetAuthValueData) #else #define _PCR_SetAuthValueDataAddress 0 #endif // CC_PCR_SetAuthValue #if CC_PCR_Reset #include "PCR_Reset_fp.h" typedef TPM_RC (PCR_Reset_Entry)( PCR_Reset_In *in ); typedef const struct { PCR_Reset_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; BYTE types[3]; } PCR_Reset_COMMAND_DESCRIPTOR_t; PCR_Reset_COMMAND_DESCRIPTOR_t _PCR_ResetData = { /* entry */ &TPM2_PCR_Reset, /* inSize */ (UINT16)(sizeof(PCR_Reset_In)), /* outSize */ 0, /* offsetOfTypes */ offsetof(PCR_Reset_COMMAND_DESCRIPTOR_t, types), /* offsets */ // No parameter offsets; /* types */ {TPMI_DH_PCR_H_UNMARSHAL, END_OF_LIST, END_OF_LIST} }; #define _PCR_ResetDataAddress (&_PCR_ResetData) #else #define _PCR_ResetDataAddress 0 #endif // CC_PCR_Reset #if CC_PolicySigned #include "PolicySigned_fp.h" typedef TPM_RC (PolicySigned_Entry)( PolicySigned_In *in, PolicySigned_Out *out ); typedef const struct { PolicySigned_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[7]; BYTE types[11]; } PolicySigned_COMMAND_DESCRIPTOR_t; PolicySigned_COMMAND_DESCRIPTOR_t _PolicySignedData = { /* entry */ &TPM2_PolicySigned, /* inSize */ (UINT16)(sizeof(PolicySigned_In)), /* outSize */ (UINT16)(sizeof(PolicySigned_Out)), /* offsetOfTypes */ offsetof(PolicySigned_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(PolicySigned_In, policySession)), (UINT16)(offsetof(PolicySigned_In, nonceTPM)), (UINT16)(offsetof(PolicySigned_In, cpHashA)), (UINT16)(offsetof(PolicySigned_In, policyRef)), (UINT16)(offsetof(PolicySigned_In, expiration)), (UINT16)(offsetof(PolicySigned_In, auth)), (UINT16)(offsetof(PolicySigned_Out, policyTicket))}, /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, TPMI_SH_POLICY_H_UNMARSHAL, TPM2B_NONCE_P_UNMARSHAL, TPM2B_DIGEST_P_UNMARSHAL, TPM2B_NONCE_P_UNMARSHAL, INT32_P_UNMARSHAL, TPMT_SIGNATURE_P_UNMARSHAL, END_OF_LIST, TPM2B_TIMEOUT_P_MARSHAL, TPMT_TK_AUTH_P_MARSHAL, END_OF_LIST} }; #define _PolicySignedDataAddress (&_PolicySignedData) #else #define _PolicySignedDataAddress 0 #endif // CC_PolicySigned #if CC_PolicySecret #include "PolicySecret_fp.h" typedef TPM_RC (PolicySecret_Entry)( PolicySecret_In *in, PolicySecret_Out *out ); typedef const struct { PolicySecret_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[6]; BYTE types[10]; } PolicySecret_COMMAND_DESCRIPTOR_t; PolicySecret_COMMAND_DESCRIPTOR_t _PolicySecretData = { /* entry */ &TPM2_PolicySecret, /* inSize */ (UINT16)(sizeof(PolicySecret_In)), /* outSize */ (UINT16)(sizeof(PolicySecret_Out)), /* offsetOfTypes */ offsetof(PolicySecret_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(PolicySecret_In, policySession)), (UINT16)(offsetof(PolicySecret_In, nonceTPM)), (UINT16)(offsetof(PolicySecret_In, cpHashA)), (UINT16)(offsetof(PolicySecret_In, policyRef)), (UINT16)(offsetof(PolicySecret_In, expiration)), (UINT16)(offsetof(PolicySecret_Out, policyTicket))}, /* types */ {TPMI_DH_ENTITY_H_UNMARSHAL, TPMI_SH_POLICY_H_UNMARSHAL, TPM2B_NONCE_P_UNMARSHAL, TPM2B_DIGEST_P_UNMARSHAL, TPM2B_NONCE_P_UNMARSHAL, INT32_P_UNMARSHAL, END_OF_LIST, TPM2B_TIMEOUT_P_MARSHAL, TPMT_TK_AUTH_P_MARSHAL, END_OF_LIST} }; #define _PolicySecretDataAddress (&_PolicySecretData) #else #define _PolicySecretDataAddress 0 #endif // CC_PolicySecret #if CC_PolicyTicket #include "PolicyTicket_fp.h" typedef TPM_RC (PolicyTicket_Entry)( PolicyTicket_In *in ); typedef const struct { PolicyTicket_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[5]; BYTE types[8]; } PolicyTicket_COMMAND_DESCRIPTOR_t; PolicyTicket_COMMAND_DESCRIPTOR_t _PolicyTicketData = { /* entry */ &TPM2_PolicyTicket, /* inSize */ (UINT16)(sizeof(PolicyTicket_In)), /* outSize */ 0, /* offsetOfTypes */ offsetof(PolicyTicket_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(PolicyTicket_In, timeout)), (UINT16)(offsetof(PolicyTicket_In, cpHashA)), (UINT16)(offsetof(PolicyTicket_In, policyRef)), (UINT16)(offsetof(PolicyTicket_In, authName)), (UINT16)(offsetof(PolicyTicket_In, ticket))}, /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, TPM2B_TIMEOUT_P_UNMARSHAL, TPM2B_DIGEST_P_UNMARSHAL, TPM2B_NONCE_P_UNMARSHAL, TPM2B_NAME_P_UNMARSHAL, TPMT_TK_AUTH_P_UNMARSHAL, END_OF_LIST, END_OF_LIST} }; #define _PolicyTicketDataAddress (&_PolicyTicketData) #else #define _PolicyTicketDataAddress 0 #endif // CC_PolicyTicket #if CC_PolicyOR #include "PolicyOR_fp.h" typedef TPM_RC (PolicyOR_Entry)( PolicyOR_In *in ); typedef const struct { PolicyOR_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[1]; BYTE types[4]; } PolicyOR_COMMAND_DESCRIPTOR_t; PolicyOR_COMMAND_DESCRIPTOR_t _PolicyORData = { /* entry */ &TPM2_PolicyOR, /* inSize */ (UINT16)(sizeof(PolicyOR_In)), /* outSize */ 0, /* offsetOfTypes */ offsetof(PolicyOR_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(PolicyOR_In, pHashList))}, /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, TPML_DIGEST_P_UNMARSHAL, END_OF_LIST, END_OF_LIST} }; #define _PolicyORDataAddress (&_PolicyORData) #else #define _PolicyORDataAddress 0 #endif // CC_PolicyOR #if CC_PolicyPCR #include "PolicyPCR_fp.h" typedef TPM_RC (PolicyPCR_Entry)( PolicyPCR_In *in ); typedef const struct { PolicyPCR_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[2]; BYTE types[5]; } PolicyPCR_COMMAND_DESCRIPTOR_t; PolicyPCR_COMMAND_DESCRIPTOR_t _PolicyPCRData = { /* entry */ &TPM2_PolicyPCR, /* inSize */ (UINT16)(sizeof(PolicyPCR_In)), /* outSize */ 0, /* offsetOfTypes */ offsetof(PolicyPCR_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(PolicyPCR_In, pcrDigest)), (UINT16)(offsetof(PolicyPCR_In, pcrs))}, /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, TPM2B_DIGEST_P_UNMARSHAL, TPML_PCR_SELECTION_P_UNMARSHAL, END_OF_LIST, END_OF_LIST} }; #define _PolicyPCRDataAddress (&_PolicyPCRData) #else #define _PolicyPCRDataAddress 0 #endif // CC_PolicyPCR #if CC_PolicyLocality #include "PolicyLocality_fp.h" typedef TPM_RC (PolicyLocality_Entry)( PolicyLocality_In *in ); typedef const struct { PolicyLocality_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[1]; BYTE types[4]; } PolicyLocality_COMMAND_DESCRIPTOR_t; PolicyLocality_COMMAND_DESCRIPTOR_t _PolicyLocalityData = { /* entry */ &TPM2_PolicyLocality, /* inSize */ (UINT16)(sizeof(PolicyLocality_In)), /* outSize */ 0, /* offsetOfTypes */ offsetof(PolicyLocality_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(PolicyLocality_In, locality))}, /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, TPMA_LOCALITY_P_UNMARSHAL, END_OF_LIST, END_OF_LIST} }; #define _PolicyLocalityDataAddress (&_PolicyLocalityData) #else #define _PolicyLocalityDataAddress 0 #endif // CC_PolicyLocality #if CC_PolicyNV #include "PolicyNV_fp.h" typedef TPM_RC (PolicyNV_Entry)( PolicyNV_In *in ); typedef const struct { PolicyNV_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[5]; BYTE types[8]; } PolicyNV_COMMAND_DESCRIPTOR_t; PolicyNV_COMMAND_DESCRIPTOR_t _PolicyNVData = { /* entry */ &TPM2_PolicyNV, /* inSize */ (UINT16)(sizeof(PolicyNV_In)), /* outSize */ 0, /* offsetOfTypes */ offsetof(PolicyNV_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(PolicyNV_In, nvIndex)), (UINT16)(offsetof(PolicyNV_In, policySession)), (UINT16)(offsetof(PolicyNV_In, operandB)), (UINT16)(offsetof(PolicyNV_In, offset)), (UINT16)(offsetof(PolicyNV_In, operation))}, /* types */ {TPMI_RH_NV_AUTH_H_UNMARSHAL, TPMI_RH_NV_INDEX_H_UNMARSHAL, TPMI_SH_POLICY_H_UNMARSHAL, TPM2B_OPERAND_P_UNMARSHAL, UINT16_P_UNMARSHAL, TPM_EO_P_UNMARSHAL, END_OF_LIST, END_OF_LIST} }; #define _PolicyNVDataAddress (&_PolicyNVData) #else #define _PolicyNVDataAddress 0 #endif // CC_PolicyNV #if CC_PolicyCounterTimer #include "PolicyCounterTimer_fp.h" typedef TPM_RC (PolicyCounterTimer_Entry)( PolicyCounterTimer_In *in ); typedef const struct { PolicyCounterTimer_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[3]; BYTE types[6]; } PolicyCounterTimer_COMMAND_DESCRIPTOR_t; PolicyCounterTimer_COMMAND_DESCRIPTOR_t _PolicyCounterTimerData = { /* entry */ &TPM2_PolicyCounterTimer, /* inSize */ (UINT16)(sizeof(PolicyCounterTimer_In)), /* outSize */ 0, /* offsetOfTypes */ offsetof(PolicyCounterTimer_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(PolicyCounterTimer_In, operandB)), (UINT16)(offsetof(PolicyCounterTimer_In, offset)), (UINT16)(offsetof(PolicyCounterTimer_In, operation))}, /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, TPM2B_OPERAND_P_UNMARSHAL, UINT16_P_UNMARSHAL, TPM_EO_P_UNMARSHAL, END_OF_LIST, END_OF_LIST} }; #define _PolicyCounterTimerDataAddress (&_PolicyCounterTimerData) #else #define _PolicyCounterTimerDataAddress 0 #endif // CC_PolicyCounterTimer #if CC_PolicyCommandCode #include "PolicyCommandCode_fp.h" typedef TPM_RC (PolicyCommandCode_Entry)( PolicyCommandCode_In *in ); typedef const struct { PolicyCommandCode_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[1]; BYTE types[4]; } PolicyCommandCode_COMMAND_DESCRIPTOR_t; PolicyCommandCode_COMMAND_DESCRIPTOR_t _PolicyCommandCodeData = { /* entry */ &TPM2_PolicyCommandCode, /* inSize */ (UINT16)(sizeof(PolicyCommandCode_In)), /* outSize */ 0, /* offsetOfTypes */ offsetof(PolicyCommandCode_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(PolicyCommandCode_In, code))}, /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, TPM_CC_P_UNMARSHAL, END_OF_LIST, END_OF_LIST} }; #define _PolicyCommandCodeDataAddress (&_PolicyCommandCodeData) #else #define _PolicyCommandCodeDataAddress 0 #endif // CC_PolicyCommandCode #if CC_PolicyPhysicalPresence #include "PolicyPhysicalPresence_fp.h" typedef TPM_RC (PolicyPhysicalPresence_Entry)( PolicyPhysicalPresence_In *in ); typedef const struct { PolicyPhysicalPresence_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; BYTE types[3]; } PolicyPhysicalPresence_COMMAND_DESCRIPTOR_t; PolicyPhysicalPresence_COMMAND_DESCRIPTOR_t _PolicyPhysicalPresenceData = { /* entry */ &TPM2_PolicyPhysicalPresence, /* inSize */ (UINT16)(sizeof(PolicyPhysicalPresence_In)), /* outSize */ 0, /* offsetOfTypes */ offsetof(PolicyPhysicalPresence_COMMAND_DESCRIPTOR_t, types), /* offsets */ // No parameter offsets; /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, END_OF_LIST, END_OF_LIST} }; #define _PolicyPhysicalPresenceDataAddress (&_PolicyPhysicalPresenceData) #else #define _PolicyPhysicalPresenceDataAddress 0 #endif // CC_PolicyPhysicalPresence #if CC_PolicyCpHash #include "PolicyCpHash_fp.h" typedef TPM_RC (PolicyCpHash_Entry)( PolicyCpHash_In *in ); typedef const struct { PolicyCpHash_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[1]; BYTE types[4]; } PolicyCpHash_COMMAND_DESCRIPTOR_t; PolicyCpHash_COMMAND_DESCRIPTOR_t _PolicyCpHashData = { /* entry */ &TPM2_PolicyCpHash, /* inSize */ (UINT16)(sizeof(PolicyCpHash_In)), /* outSize */ 0, /* offsetOfTypes */ offsetof(PolicyCpHash_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(PolicyCpHash_In, cpHashA))}, /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, TPM2B_DIGEST_P_UNMARSHAL, END_OF_LIST, END_OF_LIST} }; #define _PolicyCpHashDataAddress (&_PolicyCpHashData) #else #define _PolicyCpHashDataAddress 0 #endif // CC_PolicyCpHash #if CC_PolicyNameHash #include "PolicyNameHash_fp.h" typedef TPM_RC (PolicyNameHash_Entry)( PolicyNameHash_In *in ); typedef const struct { PolicyNameHash_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[1]; BYTE types[4]; } PolicyNameHash_COMMAND_DESCRIPTOR_t; PolicyNameHash_COMMAND_DESCRIPTOR_t _PolicyNameHashData = { /* entry */ &TPM2_PolicyNameHash, /* inSize */ (UINT16)(sizeof(PolicyNameHash_In)), /* outSize */ 0, /* offsetOfTypes */ offsetof(PolicyNameHash_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(PolicyNameHash_In, nameHash))}, /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, TPM2B_DIGEST_P_UNMARSHAL, END_OF_LIST, END_OF_LIST} }; #define _PolicyNameHashDataAddress (&_PolicyNameHashData) #else #define _PolicyNameHashDataAddress 0 #endif // CC_PolicyNameHash #if CC_PolicyDuplicationSelect #include "PolicyDuplicationSelect_fp.h" typedef TPM_RC (PolicyDuplicationSelect_Entry)( PolicyDuplicationSelect_In *in ); typedef const struct { PolicyDuplicationSelect_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[3]; BYTE types[6]; } PolicyDuplicationSelect_COMMAND_DESCRIPTOR_t; PolicyDuplicationSelect_COMMAND_DESCRIPTOR_t _PolicyDuplicationSelectData = { /* entry */ &TPM2_PolicyDuplicationSelect, /* inSize */ (UINT16)(sizeof(PolicyDuplicationSelect_In)), /* outSize */ 0, /* offsetOfTypes */ offsetof(PolicyDuplicationSelect_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(PolicyDuplicationSelect_In, objectName)), (UINT16)(offsetof(PolicyDuplicationSelect_In, newParentName)), (UINT16)(offsetof(PolicyDuplicationSelect_In, includeObject))}, /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, TPM2B_NAME_P_UNMARSHAL, TPM2B_NAME_P_UNMARSHAL, TPMI_YES_NO_P_UNMARSHAL, END_OF_LIST, END_OF_LIST} }; #define _PolicyDuplicationSelectDataAddress (&_PolicyDuplicationSelectData) #else #define _PolicyDuplicationSelectDataAddress 0 #endif // CC_PolicyDuplicationSelect #if CC_PolicyAuthorize #include "PolicyAuthorize_fp.h" typedef TPM_RC (PolicyAuthorize_Entry)( PolicyAuthorize_In *in ); typedef const struct { PolicyAuthorize_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[4]; BYTE types[7]; } PolicyAuthorize_COMMAND_DESCRIPTOR_t; PolicyAuthorize_COMMAND_DESCRIPTOR_t _PolicyAuthorizeData = { /* entry */ &TPM2_PolicyAuthorize, /* inSize */ (UINT16)(sizeof(PolicyAuthorize_In)), /* outSize */ 0, /* offsetOfTypes */ offsetof(PolicyAuthorize_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(PolicyAuthorize_In, approvedPolicy)), (UINT16)(offsetof(PolicyAuthorize_In, policyRef)), (UINT16)(offsetof(PolicyAuthorize_In, keySign)), (UINT16)(offsetof(PolicyAuthorize_In, checkTicket))}, /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, TPM2B_DIGEST_P_UNMARSHAL, TPM2B_NONCE_P_UNMARSHAL, TPM2B_NAME_P_UNMARSHAL, TPMT_TK_VERIFIED_P_UNMARSHAL, END_OF_LIST, END_OF_LIST} }; #define _PolicyAuthorizeDataAddress (&_PolicyAuthorizeData) #else #define _PolicyAuthorizeDataAddress 0 #endif // CC_PolicyAuthorize #if CC_PolicyAuthValue #include "PolicyAuthValue_fp.h" typedef TPM_RC (PolicyAuthValue_Entry)( PolicyAuthValue_In *in ); typedef const struct { PolicyAuthValue_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; BYTE types[3]; } PolicyAuthValue_COMMAND_DESCRIPTOR_t; PolicyAuthValue_COMMAND_DESCRIPTOR_t _PolicyAuthValueData = { /* entry */ &TPM2_PolicyAuthValue, /* inSize */ (UINT16)(sizeof(PolicyAuthValue_In)), /* outSize */ 0, /* offsetOfTypes */ offsetof(PolicyAuthValue_COMMAND_DESCRIPTOR_t, types), /* offsets */ // No parameter offsets; /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, END_OF_LIST, END_OF_LIST} }; #define _PolicyAuthValueDataAddress (&_PolicyAuthValueData) #else #define _PolicyAuthValueDataAddress 0 #endif // CC_PolicyAuthValue #if CC_PolicyPassword #include "PolicyPassword_fp.h" typedef TPM_RC (PolicyPassword_Entry)( PolicyPassword_In *in ); typedef const struct { PolicyPassword_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; BYTE types[3]; } PolicyPassword_COMMAND_DESCRIPTOR_t; PolicyPassword_COMMAND_DESCRIPTOR_t _PolicyPasswordData = { /* entry */ &TPM2_PolicyPassword, /* inSize */ (UINT16)(sizeof(PolicyPassword_In)), /* outSize */ 0, /* offsetOfTypes */ offsetof(PolicyPassword_COMMAND_DESCRIPTOR_t, types), /* offsets */ // No parameter offsets; /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, END_OF_LIST, END_OF_LIST} }; #define _PolicyPasswordDataAddress (&_PolicyPasswordData) #else #define _PolicyPasswordDataAddress 0 #endif // CC_PolicyPassword #if CC_PolicyGetDigest #include "PolicyGetDigest_fp.h" typedef TPM_RC (PolicyGetDigest_Entry)( PolicyGetDigest_In *in, PolicyGetDigest_Out *out ); typedef const struct { PolicyGetDigest_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; BYTE types[4]; } PolicyGetDigest_COMMAND_DESCRIPTOR_t; PolicyGetDigest_COMMAND_DESCRIPTOR_t _PolicyGetDigestData = { /* entry */ &TPM2_PolicyGetDigest, /* inSize */ (UINT16)(sizeof(PolicyGetDigest_In)), /* outSize */ (UINT16)(sizeof(PolicyGetDigest_Out)), /* offsetOfTypes */ offsetof(PolicyGetDigest_COMMAND_DESCRIPTOR_t, types), /* offsets */ // No parameter offsets; /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, END_OF_LIST, TPM2B_DIGEST_P_MARSHAL, END_OF_LIST} }; #define _PolicyGetDigestDataAddress (&_PolicyGetDigestData) #else #define _PolicyGetDigestDataAddress 0 #endif // CC_PolicyGetDigest #if CC_PolicyNvWritten #include "PolicyNvWritten_fp.h" typedef TPM_RC (PolicyNvWritten_Entry)( PolicyNvWritten_In *in ); typedef const struct { PolicyNvWritten_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[1]; BYTE types[4]; } PolicyNvWritten_COMMAND_DESCRIPTOR_t; PolicyNvWritten_COMMAND_DESCRIPTOR_t _PolicyNvWrittenData = { /* entry */ &TPM2_PolicyNvWritten, /* inSize */ (UINT16)(sizeof(PolicyNvWritten_In)), /* outSize */ 0, /* offsetOfTypes */ offsetof(PolicyNvWritten_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(PolicyNvWritten_In, writtenSet))}, /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, TPMI_YES_NO_P_UNMARSHAL, END_OF_LIST, END_OF_LIST} }; #define _PolicyNvWrittenDataAddress (&_PolicyNvWrittenData) #else #define _PolicyNvWrittenDataAddress 0 #endif // CC_PolicyNvWritten #if CC_PolicyTemplate #include "PolicyTemplate_fp.h" typedef TPM_RC (PolicyTemplate_Entry)( PolicyTemplate_In *in ); typedef const struct { PolicyTemplate_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[1]; BYTE types[4]; } PolicyTemplate_COMMAND_DESCRIPTOR_t; PolicyTemplate_COMMAND_DESCRIPTOR_t _PolicyTemplateData = { /* entry */ &TPM2_PolicyTemplate, /* inSize */ (UINT16)(sizeof(PolicyTemplate_In)), /* outSize */ 0, /* offsetOfTypes */ offsetof(PolicyTemplate_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(PolicyTemplate_In, templateHash))}, /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, TPM2B_DIGEST_P_UNMARSHAL, END_OF_LIST, END_OF_LIST} }; #define _PolicyTemplateDataAddress (&_PolicyTemplateData) #else #define _PolicyTemplateDataAddress 0 #endif // CC_PolicyTemplate #if CC_PolicyAuthorizeNV #include "PolicyAuthorizeNV_fp.h" typedef TPM_RC (PolicyAuthorizeNV_Entry)( PolicyAuthorizeNV_In *in ); typedef const struct { PolicyAuthorizeNV_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[2]; BYTE types[5]; } PolicyAuthorizeNV_COMMAND_DESCRIPTOR_t; PolicyAuthorizeNV_COMMAND_DESCRIPTOR_t _PolicyAuthorizeNVData = { /* entry */ &TPM2_PolicyAuthorizeNV, /* inSize */ (UINT16)(sizeof(PolicyAuthorizeNV_In)), /* outSize */ 0, /* offsetOfTypes */ offsetof(PolicyAuthorizeNV_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(PolicyAuthorizeNV_In, nvIndex)), (UINT16)(offsetof(PolicyAuthorizeNV_In, policySession))}, /* types */ {TPMI_RH_NV_AUTH_H_UNMARSHAL, TPMI_RH_NV_INDEX_H_UNMARSHAL, TPMI_SH_POLICY_H_UNMARSHAL, END_OF_LIST, END_OF_LIST} }; #define _PolicyAuthorizeNVDataAddress (&_PolicyAuthorizeNVData) #else #define _PolicyAuthorizeNVDataAddress 0 #endif // CC_PolicyAuthorizeNV #if CC_CreatePrimary #include "CreatePrimary_fp.h" typedef TPM_RC (CreatePrimary_Entry)( CreatePrimary_In *in, CreatePrimary_Out *out ); typedef const struct { CreatePrimary_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[9]; BYTE types[13]; } CreatePrimary_COMMAND_DESCRIPTOR_t; CreatePrimary_COMMAND_DESCRIPTOR_t _CreatePrimaryData = { /* entry */ &TPM2_CreatePrimary, /* inSize */ (UINT16)(sizeof(CreatePrimary_In)), /* outSize */ (UINT16)(sizeof(CreatePrimary_Out)), /* offsetOfTypes */ offsetof(CreatePrimary_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(CreatePrimary_In, inSensitive)), (UINT16)(offsetof(CreatePrimary_In, inPublic)), (UINT16)(offsetof(CreatePrimary_In, outsideInfo)), (UINT16)(offsetof(CreatePrimary_In, creationPCR)), (UINT16)(offsetof(CreatePrimary_Out, outPublic)), (UINT16)(offsetof(CreatePrimary_Out, creationData)), (UINT16)(offsetof(CreatePrimary_Out, creationHash)), (UINT16)(offsetof(CreatePrimary_Out, creationTicket)), (UINT16)(offsetof(CreatePrimary_Out, name))}, /* types */ {TPMI_RH_HIERARCHY_H_UNMARSHAL + ADD_FLAG, TPM2B_SENSITIVE_CREATE_P_UNMARSHAL, TPM2B_PUBLIC_P_UNMARSHAL, TPM2B_DATA_P_UNMARSHAL, TPML_PCR_SELECTION_P_UNMARSHAL, END_OF_LIST, TPM_HANDLE_H_MARSHAL, TPM2B_PUBLIC_P_MARSHAL, TPM2B_CREATION_DATA_P_MARSHAL, TPM2B_DIGEST_P_MARSHAL, TPMT_TK_CREATION_P_MARSHAL, TPM2B_NAME_P_MARSHAL, END_OF_LIST} }; #define _CreatePrimaryDataAddress (&_CreatePrimaryData) #else #define _CreatePrimaryDataAddress 0 #endif // CC_CreatePrimary #if CC_HierarchyControl #include "HierarchyControl_fp.h" typedef TPM_RC (HierarchyControl_Entry)( HierarchyControl_In *in ); typedef const struct { HierarchyControl_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[2]; BYTE types[5]; } HierarchyControl_COMMAND_DESCRIPTOR_t; HierarchyControl_COMMAND_DESCRIPTOR_t _HierarchyControlData = { /* entry */ &TPM2_HierarchyControl, /* inSize */ (UINT16)(sizeof(HierarchyControl_In)), /* outSize */ 0, /* offsetOfTypes */ offsetof(HierarchyControl_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(HierarchyControl_In, enable)), (UINT16)(offsetof(HierarchyControl_In, state))}, /* types */ {TPMI_RH_HIERARCHY_H_UNMARSHAL, TPMI_RH_ENABLES_P_UNMARSHAL, TPMI_YES_NO_P_UNMARSHAL, END_OF_LIST, END_OF_LIST} }; #define _HierarchyControlDataAddress (&_HierarchyControlData) #else #define _HierarchyControlDataAddress 0 #endif // CC_HierarchyControl #if CC_SetPrimaryPolicy #include "SetPrimaryPolicy_fp.h" typedef TPM_RC (SetPrimaryPolicy_Entry)( SetPrimaryPolicy_In *in ); typedef const struct { SetPrimaryPolicy_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[2]; BYTE types[5]; } SetPrimaryPolicy_COMMAND_DESCRIPTOR_t; SetPrimaryPolicy_COMMAND_DESCRIPTOR_t _SetPrimaryPolicyData = { /* entry */ &TPM2_SetPrimaryPolicy, /* inSize */ (UINT16)(sizeof(SetPrimaryPolicy_In)), /* outSize */ 0, /* offsetOfTypes */ offsetof(SetPrimaryPolicy_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(SetPrimaryPolicy_In, authPolicy)), (UINT16)(offsetof(SetPrimaryPolicy_In, hashAlg))}, /* types */ {TPMI_RH_HIERARCHY_AUTH_H_UNMARSHAL, TPM2B_DIGEST_P_UNMARSHAL, TPMI_ALG_HASH_P_UNMARSHAL + ADD_FLAG, END_OF_LIST, END_OF_LIST} }; #define _SetPrimaryPolicyDataAddress (&_SetPrimaryPolicyData) #else #define _SetPrimaryPolicyDataAddress 0 #endif // CC_SetPrimaryPolicy #if CC_ChangePPS #include "ChangePPS_fp.h" typedef TPM_RC (ChangePPS_Entry)( ChangePPS_In *in ); typedef const struct { ChangePPS_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; BYTE types[3]; } ChangePPS_COMMAND_DESCRIPTOR_t; ChangePPS_COMMAND_DESCRIPTOR_t _ChangePPSData = { /* entry */ &TPM2_ChangePPS, /* inSize */ (UINT16)(sizeof(ChangePPS_In)), /* outSize */ 0, /* offsetOfTypes */ offsetof(ChangePPS_COMMAND_DESCRIPTOR_t, types), /* offsets */ // No parameter offsets; /* types */ {TPMI_RH_PLATFORM_H_UNMARSHAL, END_OF_LIST, END_OF_LIST} }; #define _ChangePPSDataAddress (&_ChangePPSData) #else #define _ChangePPSDataAddress 0 #endif // CC_ChangePPS #if CC_ChangeEPS #include "ChangeEPS_fp.h" typedef TPM_RC (ChangeEPS_Entry)( ChangeEPS_In *in ); typedef const struct { ChangeEPS_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; BYTE types[3]; } ChangeEPS_COMMAND_DESCRIPTOR_t; ChangeEPS_COMMAND_DESCRIPTOR_t _ChangeEPSData = { /* entry */ &TPM2_ChangeEPS, /* inSize */ (UINT16)(sizeof(ChangeEPS_In)), /* outSize */ 0, /* offsetOfTypes */ offsetof(ChangeEPS_COMMAND_DESCRIPTOR_t, types), /* offsets */ // No parameter offsets; /* types */ {TPMI_RH_PLATFORM_H_UNMARSHAL, END_OF_LIST, END_OF_LIST} }; #define _ChangeEPSDataAddress (&_ChangeEPSData) #else #define _ChangeEPSDataAddress 0 #endif // CC_ChangeEPS #if CC_Clear #include "Clear_fp.h" typedef TPM_RC (Clear_Entry)( Clear_In *in ); typedef const struct { Clear_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; BYTE types[3]; } Clear_COMMAND_DESCRIPTOR_t; Clear_COMMAND_DESCRIPTOR_t _ClearData = { /* entry */ &TPM2_Clear, /* inSize */ (UINT16)(sizeof(Clear_In)), /* outSize */ 0, /* offsetOfTypes */ offsetof(Clear_COMMAND_DESCRIPTOR_t, types), /* offsets */ // No parameter offsets; /* types */ {TPMI_RH_CLEAR_H_UNMARSHAL, END_OF_LIST, END_OF_LIST} }; #define _ClearDataAddress (&_ClearData) #else #define _ClearDataAddress 0 #endif // CC_Clear #if CC_ClearControl #include "ClearControl_fp.h" typedef TPM_RC (ClearControl_Entry)( ClearControl_In *in ); typedef const struct { ClearControl_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[1]; BYTE types[4]; } ClearControl_COMMAND_DESCRIPTOR_t; ClearControl_COMMAND_DESCRIPTOR_t _ClearControlData = { /* entry */ &TPM2_ClearControl, /* inSize */ (UINT16)(sizeof(ClearControl_In)), /* outSize */ 0, /* offsetOfTypes */ offsetof(ClearControl_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(ClearControl_In, disable))}, /* types */ {TPMI_RH_CLEAR_H_UNMARSHAL, TPMI_YES_NO_P_UNMARSHAL, END_OF_LIST, END_OF_LIST} }; #define _ClearControlDataAddress (&_ClearControlData) #else #define _ClearControlDataAddress 0 #endif // CC_ClearControl #if CC_HierarchyChangeAuth #include "HierarchyChangeAuth_fp.h" typedef TPM_RC (HierarchyChangeAuth_Entry)( HierarchyChangeAuth_In *in ); typedef const struct { HierarchyChangeAuth_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[1]; BYTE types[4]; } HierarchyChangeAuth_COMMAND_DESCRIPTOR_t; HierarchyChangeAuth_COMMAND_DESCRIPTOR_t _HierarchyChangeAuthData = { /* entry */ &TPM2_HierarchyChangeAuth, /* inSize */ (UINT16)(sizeof(HierarchyChangeAuth_In)), /* outSize */ 0, /* offsetOfTypes */ offsetof(HierarchyChangeAuth_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(HierarchyChangeAuth_In, newAuth))}, /* types */ {TPMI_RH_HIERARCHY_AUTH_H_UNMARSHAL, TPM2B_AUTH_P_UNMARSHAL, END_OF_LIST, END_OF_LIST} }; #define _HierarchyChangeAuthDataAddress (&_HierarchyChangeAuthData) #else #define _HierarchyChangeAuthDataAddress 0 #endif // CC_HierarchyChangeAuth #if CC_DictionaryAttackLockReset #include "DictionaryAttackLockReset_fp.h" typedef TPM_RC (DictionaryAttackLockReset_Entry)( DictionaryAttackLockReset_In *in ); typedef const struct { DictionaryAttackLockReset_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; BYTE types[3]; } DictionaryAttackLockReset_COMMAND_DESCRIPTOR_t; DictionaryAttackLockReset_COMMAND_DESCRIPTOR_t _DictionaryAttackLockResetData = { /* entry */ &TPM2_DictionaryAttackLockReset, /* inSize */ (UINT16)(sizeof(DictionaryAttackLockReset_In)), /* outSize */ 0, /* offsetOfTypes */ offsetof(DictionaryAttackLockReset_COMMAND_DESCRIPTOR_t, types), /* offsets */ // No parameter offsets; /* types */ {TPMI_RH_LOCKOUT_H_UNMARSHAL, END_OF_LIST, END_OF_LIST} }; #define _DictionaryAttackLockResetDataAddress (&_DictionaryAttackLockResetData) #else #define _DictionaryAttackLockResetDataAddress 0 #endif // CC_DictionaryAttackLockReset #if CC_DictionaryAttackParameters #include "DictionaryAttackParameters_fp.h" typedef TPM_RC (DictionaryAttackParameters_Entry)( DictionaryAttackParameters_In *in ); typedef const struct { DictionaryAttackParameters_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[3]; BYTE types[6]; } DictionaryAttackParameters_COMMAND_DESCRIPTOR_t; DictionaryAttackParameters_COMMAND_DESCRIPTOR_t _DictionaryAttackParametersData = { /* entry */ &TPM2_DictionaryAttackParameters, /* inSize */ (UINT16)(sizeof(DictionaryAttackParameters_In)), /* outSize */ 0, /* offsetOfTypes */ offsetof(DictionaryAttackParameters_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(DictionaryAttackParameters_In, newMaxTries)), (UINT16)(offsetof(DictionaryAttackParameters_In, newRecoveryTime)), (UINT16)(offsetof(DictionaryAttackParameters_In, lockoutRecovery))}, /* types */ {TPMI_RH_LOCKOUT_H_UNMARSHAL, UINT32_P_UNMARSHAL, UINT32_P_UNMARSHAL, UINT32_P_UNMARSHAL, END_OF_LIST, END_OF_LIST} }; #define _DictionaryAttackParametersDataAddress (&_DictionaryAttackParametersData) #else #define _DictionaryAttackParametersDataAddress 0 #endif // CC_DictionaryAttackParameters #if CC_PP_Commands #include "PP_Commands_fp.h" typedef TPM_RC (PP_Commands_Entry)( PP_Commands_In *in ); typedef const struct { PP_Commands_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[2]; BYTE types[5]; } PP_Commands_COMMAND_DESCRIPTOR_t; PP_Commands_COMMAND_DESCRIPTOR_t _PP_CommandsData = { /* entry */ &TPM2_PP_Commands, /* inSize */ (UINT16)(sizeof(PP_Commands_In)), /* outSize */ 0, /* offsetOfTypes */ offsetof(PP_Commands_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(PP_Commands_In, setList)), (UINT16)(offsetof(PP_Commands_In, clearList))}, /* types */ {TPMI_RH_PLATFORM_H_UNMARSHAL, TPML_CC_P_UNMARSHAL, TPML_CC_P_UNMARSHAL, END_OF_LIST, END_OF_LIST} }; #define _PP_CommandsDataAddress (&_PP_CommandsData) #else #define _PP_CommandsDataAddress 0 #endif // CC_PP_Commands #if CC_SetAlgorithmSet #include "SetAlgorithmSet_fp.h" typedef TPM_RC (SetAlgorithmSet_Entry)( SetAlgorithmSet_In *in ); typedef const struct { SetAlgorithmSet_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[1]; BYTE types[4]; } SetAlgorithmSet_COMMAND_DESCRIPTOR_t; SetAlgorithmSet_COMMAND_DESCRIPTOR_t _SetAlgorithmSetData = { /* entry */ &TPM2_SetAlgorithmSet, /* inSize */ (UINT16)(sizeof(SetAlgorithmSet_In)), /* outSize */ 0, /* offsetOfTypes */ offsetof(SetAlgorithmSet_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(SetAlgorithmSet_In, algorithmSet))}, /* types */ {TPMI_RH_PLATFORM_H_UNMARSHAL, UINT32_P_UNMARSHAL, END_OF_LIST, END_OF_LIST} }; #define _SetAlgorithmSetDataAddress (&_SetAlgorithmSetData) #else #define _SetAlgorithmSetDataAddress 0 #endif // CC_SetAlgorithmSet #if CC_FieldUpgradeStart #include "FieldUpgradeStart_fp.h" typedef TPM_RC (FieldUpgradeStart_Entry)( FieldUpgradeStart_In *in ); typedef const struct { FieldUpgradeStart_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[3]; BYTE types[6]; } FieldUpgradeStart_COMMAND_DESCRIPTOR_t; FieldUpgradeStart_COMMAND_DESCRIPTOR_t _FieldUpgradeStartData = { /* entry */ &TPM2_FieldUpgradeStart, /* inSize */ (UINT16)(sizeof(FieldUpgradeStart_In)), /* outSize */ 0, /* offsetOfTypes */ offsetof(FieldUpgradeStart_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(FieldUpgradeStart_In, keyHandle)), (UINT16)(offsetof(FieldUpgradeStart_In, fuDigest)), (UINT16)(offsetof(FieldUpgradeStart_In, manifestSignature))}, /* types */ {TPMI_RH_PLATFORM_H_UNMARSHAL, TPMI_DH_OBJECT_H_UNMARSHAL, TPM2B_DIGEST_P_UNMARSHAL, TPMT_SIGNATURE_P_UNMARSHAL, END_OF_LIST, END_OF_LIST} }; #define _FieldUpgradeStartDataAddress (&_FieldUpgradeStartData) #else #define _FieldUpgradeStartDataAddress 0 #endif // CC_FieldUpgradeStart #if CC_FieldUpgradeData #include "FieldUpgradeData_fp.h" typedef TPM_RC (FieldUpgradeData_Entry)( FieldUpgradeData_In *in, FieldUpgradeData_Out *out ); typedef const struct { FieldUpgradeData_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[1]; BYTE types[5]; } FieldUpgradeData_COMMAND_DESCRIPTOR_t; FieldUpgradeData_COMMAND_DESCRIPTOR_t _FieldUpgradeDataData = { /* entry */ &TPM2_FieldUpgradeData, /* inSize */ (UINT16)(sizeof(FieldUpgradeData_In)), /* outSize */ (UINT16)(sizeof(FieldUpgradeData_Out)), /* offsetOfTypes */ offsetof(FieldUpgradeData_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(FieldUpgradeData_Out, firstDigest))}, /* types */ {TPM2B_MAX_BUFFER_P_UNMARSHAL, END_OF_LIST, TPMT_HA_P_MARSHAL, TPMT_HA_P_MARSHAL, END_OF_LIST} }; #define _FieldUpgradeDataDataAddress (&_FieldUpgradeDataData) #else #define _FieldUpgradeDataDataAddress 0 #endif // CC_FieldUpgradeData #if CC_FirmwareRead #include "FirmwareRead_fp.h" typedef TPM_RC (FirmwareRead_Entry)( FirmwareRead_In *in, FirmwareRead_Out *out ); typedef const struct { FirmwareRead_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; BYTE types[4]; } FirmwareRead_COMMAND_DESCRIPTOR_t; FirmwareRead_COMMAND_DESCRIPTOR_t _FirmwareReadData = { /* entry */ &TPM2_FirmwareRead, /* inSize */ (UINT16)(sizeof(FirmwareRead_In)), /* outSize */ (UINT16)(sizeof(FirmwareRead_Out)), /* offsetOfTypes */ offsetof(FirmwareRead_COMMAND_DESCRIPTOR_t, types), /* offsets */ // No parameter offsets; /* types */ {UINT32_P_UNMARSHAL, END_OF_LIST, TPM2B_MAX_BUFFER_P_MARSHAL, END_OF_LIST} }; #define _FirmwareReadDataAddress (&_FirmwareReadData) #else #define _FirmwareReadDataAddress 0 #endif // CC_FirmwareRead #if CC_ContextSave #include "ContextSave_fp.h" typedef TPM_RC (ContextSave_Entry)( ContextSave_In *in, ContextSave_Out *out ); typedef const struct { ContextSave_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; BYTE types[4]; } ContextSave_COMMAND_DESCRIPTOR_t; ContextSave_COMMAND_DESCRIPTOR_t _ContextSaveData = { /* entry */ &TPM2_ContextSave, /* inSize */ (UINT16)(sizeof(ContextSave_In)), /* outSize */ (UINT16)(sizeof(ContextSave_Out)), /* offsetOfTypes */ offsetof(ContextSave_COMMAND_DESCRIPTOR_t, types), /* offsets */ // No parameter offsets; /* types */ {TPMI_DH_CONTEXT_H_UNMARSHAL, END_OF_LIST, TPMS_CONTEXT_P_MARSHAL, END_OF_LIST} }; #define _ContextSaveDataAddress (&_ContextSaveData) #else #define _ContextSaveDataAddress 0 #endif // CC_ContextSave #if CC_ContextLoad #include "ContextLoad_fp.h" typedef TPM_RC (ContextLoad_Entry)( ContextLoad_In *in, ContextLoad_Out *out ); typedef const struct { ContextLoad_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; BYTE types[4]; } ContextLoad_COMMAND_DESCRIPTOR_t; ContextLoad_COMMAND_DESCRIPTOR_t _ContextLoadData = { /* entry */ &TPM2_ContextLoad, /* inSize */ (UINT16)(sizeof(ContextLoad_In)), /* outSize */ (UINT16)(sizeof(ContextLoad_Out)), /* offsetOfTypes */ offsetof(ContextLoad_COMMAND_DESCRIPTOR_t, types), /* offsets */ // No parameter offsets; /* types */ {TPMS_CONTEXT_P_UNMARSHAL, END_OF_LIST, TPMI_DH_CONTEXT_H_MARSHAL, END_OF_LIST} }; #define _ContextLoadDataAddress (&_ContextLoadData) #else #define _ContextLoadDataAddress 0 #endif // CC_ContextLoad #if CC_FlushContext #include "FlushContext_fp.h" typedef TPM_RC (FlushContext_Entry)( FlushContext_In *in ); typedef const struct { FlushContext_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; BYTE types[3]; } FlushContext_COMMAND_DESCRIPTOR_t; FlushContext_COMMAND_DESCRIPTOR_t _FlushContextData = { /* entry */ &TPM2_FlushContext, /* inSize */ (UINT16)(sizeof(FlushContext_In)), /* outSize */ 0, /* offsetOfTypes */ offsetof(FlushContext_COMMAND_DESCRIPTOR_t, types), /* offsets */ // No parameter offsets; /* types */ {TPMI_DH_CONTEXT_P_UNMARSHAL, END_OF_LIST, END_OF_LIST} }; #define _FlushContextDataAddress (&_FlushContextData) #else #define _FlushContextDataAddress 0 #endif // CC_FlushContext #if CC_EvictControl #include "EvictControl_fp.h" typedef TPM_RC (EvictControl_Entry)( EvictControl_In *in ); typedef const struct { EvictControl_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[2]; BYTE types[5]; } EvictControl_COMMAND_DESCRIPTOR_t; EvictControl_COMMAND_DESCRIPTOR_t _EvictControlData = { /* entry */ &TPM2_EvictControl, /* inSize */ (UINT16)(sizeof(EvictControl_In)), /* outSize */ 0, /* offsetOfTypes */ offsetof(EvictControl_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(EvictControl_In, objectHandle)), (UINT16)(offsetof(EvictControl_In, persistentHandle))}, /* types */ {TPMI_RH_PROVISION_H_UNMARSHAL, TPMI_DH_OBJECT_H_UNMARSHAL, TPMI_DH_PERSISTENT_P_UNMARSHAL, END_OF_LIST, END_OF_LIST} }; #define _EvictControlDataAddress (&_EvictControlData) #else #define _EvictControlDataAddress 0 #endif // CC_EvictControl #if CC_ReadClock #include "ReadClock_fp.h" typedef TPM_RC (ReadClock_Entry)( ReadClock_Out *out ); typedef const struct { ReadClock_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; BYTE types[3]; } ReadClock_COMMAND_DESCRIPTOR_t; ReadClock_COMMAND_DESCRIPTOR_t _ReadClockData = { /* entry */ &TPM2_ReadClock, /* inSize */ 0, /* outSize */ (UINT16)(sizeof(ReadClock_Out)), /* offsetOfTypes */ offsetof(ReadClock_COMMAND_DESCRIPTOR_t, types), /* offsets */ // No parameter offsets; /* types */ {END_OF_LIST, TPMS_TIME_INFO_P_MARSHAL, END_OF_LIST} }; #define _ReadClockDataAddress (&_ReadClockData) #else #define _ReadClockDataAddress 0 #endif // CC_ReadClock #if CC_ClockSet #include "ClockSet_fp.h" typedef TPM_RC (ClockSet_Entry)( ClockSet_In *in ); typedef const struct { ClockSet_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[1]; BYTE types[4]; } ClockSet_COMMAND_DESCRIPTOR_t; ClockSet_COMMAND_DESCRIPTOR_t _ClockSetData = { /* entry */ &TPM2_ClockSet, /* inSize */ (UINT16)(sizeof(ClockSet_In)), /* outSize */ 0, /* offsetOfTypes */ offsetof(ClockSet_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(ClockSet_In, newTime))}, /* types */ {TPMI_RH_PROVISION_H_UNMARSHAL, UINT64_P_UNMARSHAL, END_OF_LIST, END_OF_LIST} }; #define _ClockSetDataAddress (&_ClockSetData) #else #define _ClockSetDataAddress 0 #endif // CC_ClockSet #if CC_ClockRateAdjust #include "ClockRateAdjust_fp.h" typedef TPM_RC (ClockRateAdjust_Entry)( ClockRateAdjust_In *in ); typedef const struct { ClockRateAdjust_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[1]; BYTE types[4]; } ClockRateAdjust_COMMAND_DESCRIPTOR_t; ClockRateAdjust_COMMAND_DESCRIPTOR_t _ClockRateAdjustData = { /* entry */ &TPM2_ClockRateAdjust, /* inSize */ (UINT16)(sizeof(ClockRateAdjust_In)), /* outSize */ 0, /* offsetOfTypes */ offsetof(ClockRateAdjust_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(ClockRateAdjust_In, rateAdjust))}, /* types */ {TPMI_RH_PROVISION_H_UNMARSHAL, TPM_CLOCK_ADJUST_P_UNMARSHAL, END_OF_LIST, END_OF_LIST} }; #define _ClockRateAdjustDataAddress (&_ClockRateAdjustData) #else #define _ClockRateAdjustDataAddress 0 #endif // CC_ClockRateAdjust #if CC_GetCapability #include "GetCapability_fp.h" typedef TPM_RC (GetCapability_Entry)( GetCapability_In *in, GetCapability_Out *out ); typedef const struct { GetCapability_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[3]; BYTE types[7]; } GetCapability_COMMAND_DESCRIPTOR_t; GetCapability_COMMAND_DESCRIPTOR_t _GetCapabilityData = { /* entry */ &TPM2_GetCapability, /* inSize */ (UINT16)(sizeof(GetCapability_In)), /* outSize */ (UINT16)(sizeof(GetCapability_Out)), /* offsetOfTypes */ offsetof(GetCapability_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(GetCapability_In, property)), (UINT16)(offsetof(GetCapability_In, propertyCount)), (UINT16)(offsetof(GetCapability_Out, capabilityData))}, /* types */ {TPM_CAP_P_UNMARSHAL, UINT32_P_UNMARSHAL, UINT32_P_UNMARSHAL, END_OF_LIST, TPMI_YES_NO_P_MARSHAL, TPMS_CAPABILITY_DATA_P_MARSHAL, END_OF_LIST} }; #define _GetCapabilityDataAddress (&_GetCapabilityData) #else #define _GetCapabilityDataAddress 0 #endif // CC_GetCapability #if CC_TestParms #include "TestParms_fp.h" typedef TPM_RC (TestParms_Entry)( TestParms_In *in ); typedef const struct { TestParms_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; BYTE types[3]; } TestParms_COMMAND_DESCRIPTOR_t; TestParms_COMMAND_DESCRIPTOR_t _TestParmsData = { /* entry */ &TPM2_TestParms, /* inSize */ (UINT16)(sizeof(TestParms_In)), /* outSize */ 0, /* offsetOfTypes */ offsetof(TestParms_COMMAND_DESCRIPTOR_t, types), /* offsets */ // No parameter offsets; /* types */ {TPMT_PUBLIC_PARMS_P_UNMARSHAL, END_OF_LIST, END_OF_LIST} }; #define _TestParmsDataAddress (&_TestParmsData) #else #define _TestParmsDataAddress 0 #endif // CC_TestParms #if CC_NV_DefineSpace #include "NV_DefineSpace_fp.h" typedef TPM_RC (NV_DefineSpace_Entry)( NV_DefineSpace_In *in ); typedef const struct { NV_DefineSpace_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[2]; BYTE types[5]; } NV_DefineSpace_COMMAND_DESCRIPTOR_t; NV_DefineSpace_COMMAND_DESCRIPTOR_t _NV_DefineSpaceData = { /* entry */ &TPM2_NV_DefineSpace, /* inSize */ (UINT16)(sizeof(NV_DefineSpace_In)), /* outSize */ 0, /* offsetOfTypes */ offsetof(NV_DefineSpace_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(NV_DefineSpace_In, auth)), (UINT16)(offsetof(NV_DefineSpace_In, publicInfo))}, /* types */ {TPMI_RH_PROVISION_H_UNMARSHAL, TPM2B_AUTH_P_UNMARSHAL, TPM2B_NV_PUBLIC_P_UNMARSHAL, END_OF_LIST, END_OF_LIST} }; #define _NV_DefineSpaceDataAddress (&_NV_DefineSpaceData) #else #define _NV_DefineSpaceDataAddress 0 #endif // CC_NV_DefineSpace #if CC_NV_UndefineSpace #include "NV_UndefineSpace_fp.h" typedef TPM_RC (NV_UndefineSpace_Entry)( NV_UndefineSpace_In *in ); typedef const struct { NV_UndefineSpace_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[1]; BYTE types[4]; } NV_UndefineSpace_COMMAND_DESCRIPTOR_t; NV_UndefineSpace_COMMAND_DESCRIPTOR_t _NV_UndefineSpaceData = { /* entry */ &TPM2_NV_UndefineSpace, /* inSize */ (UINT16)(sizeof(NV_UndefineSpace_In)), /* outSize */ 0, /* offsetOfTypes */ offsetof(NV_UndefineSpace_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(NV_UndefineSpace_In, nvIndex))}, /* types */ {TPMI_RH_PROVISION_H_UNMARSHAL, TPMI_RH_NV_INDEX_H_UNMARSHAL, END_OF_LIST, END_OF_LIST} }; #define _NV_UndefineSpaceDataAddress (&_NV_UndefineSpaceData) #else #define _NV_UndefineSpaceDataAddress 0 #endif // CC_NV_UndefineSpace #if CC_NV_UndefineSpaceSpecial #include "NV_UndefineSpaceSpecial_fp.h" typedef TPM_RC (NV_UndefineSpaceSpecial_Entry)( NV_UndefineSpaceSpecial_In *in ); typedef const struct { NV_UndefineSpaceSpecial_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[1]; BYTE types[4]; } NV_UndefineSpaceSpecial_COMMAND_DESCRIPTOR_t; NV_UndefineSpaceSpecial_COMMAND_DESCRIPTOR_t _NV_UndefineSpaceSpecialData = { /* entry */ &TPM2_NV_UndefineSpaceSpecial, /* inSize */ (UINT16)(sizeof(NV_UndefineSpaceSpecial_In)), /* outSize */ 0, /* offsetOfTypes */ offsetof(NV_UndefineSpaceSpecial_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(NV_UndefineSpaceSpecial_In, platform))}, /* types */ {TPMI_RH_NV_INDEX_H_UNMARSHAL, TPMI_RH_PLATFORM_H_UNMARSHAL, END_OF_LIST, END_OF_LIST} }; #define _NV_UndefineSpaceSpecialDataAddress (&_NV_UndefineSpaceSpecialData) #else #define _NV_UndefineSpaceSpecialDataAddress 0 #endif // CC_NV_UndefineSpaceSpecial #if CC_NV_ReadPublic #include "NV_ReadPublic_fp.h" typedef TPM_RC (NV_ReadPublic_Entry)( NV_ReadPublic_In *in, NV_ReadPublic_Out *out ); typedef const struct { NV_ReadPublic_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[1]; BYTE types[5]; } NV_ReadPublic_COMMAND_DESCRIPTOR_t; NV_ReadPublic_COMMAND_DESCRIPTOR_t _NV_ReadPublicData = { /* entry */ &TPM2_NV_ReadPublic, /* inSize */ (UINT16)(sizeof(NV_ReadPublic_In)), /* outSize */ (UINT16)(sizeof(NV_ReadPublic_Out)), /* offsetOfTypes */ offsetof(NV_ReadPublic_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(NV_ReadPublic_Out, nvName))}, /* types */ {TPMI_RH_NV_INDEX_H_UNMARSHAL, END_OF_LIST, TPM2B_NV_PUBLIC_P_MARSHAL, TPM2B_NAME_P_MARSHAL, END_OF_LIST} }; #define _NV_ReadPublicDataAddress (&_NV_ReadPublicData) #else #define _NV_ReadPublicDataAddress 0 #endif // CC_NV_ReadPublic #if CC_NV_Write #include "NV_Write_fp.h" typedef TPM_RC (NV_Write_Entry)( NV_Write_In *in ); typedef const struct { NV_Write_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[3]; BYTE types[6]; } NV_Write_COMMAND_DESCRIPTOR_t; NV_Write_COMMAND_DESCRIPTOR_t _NV_WriteData = { /* entry */ &TPM2_NV_Write, /* inSize */ (UINT16)(sizeof(NV_Write_In)), /* outSize */ 0, /* offsetOfTypes */ offsetof(NV_Write_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(NV_Write_In, nvIndex)), (UINT16)(offsetof(NV_Write_In, data)), (UINT16)(offsetof(NV_Write_In, offset))}, /* types */ {TPMI_RH_NV_AUTH_H_UNMARSHAL, TPMI_RH_NV_INDEX_H_UNMARSHAL, TPM2B_MAX_NV_BUFFER_P_UNMARSHAL, UINT16_P_UNMARSHAL, END_OF_LIST, END_OF_LIST} }; #define _NV_WriteDataAddress (&_NV_WriteData) #else #define _NV_WriteDataAddress 0 #endif // CC_NV_Write #if CC_NV_Increment #include "NV_Increment_fp.h" typedef TPM_RC (NV_Increment_Entry)( NV_Increment_In *in ); typedef const struct { NV_Increment_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[1]; BYTE types[4]; } NV_Increment_COMMAND_DESCRIPTOR_t; NV_Increment_COMMAND_DESCRIPTOR_t _NV_IncrementData = { /* entry */ &TPM2_NV_Increment, /* inSize */ (UINT16)(sizeof(NV_Increment_In)), /* outSize */ 0, /* offsetOfTypes */ offsetof(NV_Increment_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(NV_Increment_In, nvIndex))}, /* types */ {TPMI_RH_NV_AUTH_H_UNMARSHAL, TPMI_RH_NV_INDEX_H_UNMARSHAL, END_OF_LIST, END_OF_LIST} }; #define _NV_IncrementDataAddress (&_NV_IncrementData) #else #define _NV_IncrementDataAddress 0 #endif // CC_NV_Increment #if CC_NV_Extend #include "NV_Extend_fp.h" typedef TPM_RC (NV_Extend_Entry)( NV_Extend_In *in ); typedef const struct { NV_Extend_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[2]; BYTE types[5]; } NV_Extend_COMMAND_DESCRIPTOR_t; NV_Extend_COMMAND_DESCRIPTOR_t _NV_ExtendData = { /* entry */ &TPM2_NV_Extend, /* inSize */ (UINT16)(sizeof(NV_Extend_In)), /* outSize */ 0, /* offsetOfTypes */ offsetof(NV_Extend_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(NV_Extend_In, nvIndex)), (UINT16)(offsetof(NV_Extend_In, data))}, /* types */ {TPMI_RH_NV_AUTH_H_UNMARSHAL, TPMI_RH_NV_INDEX_H_UNMARSHAL, TPM2B_MAX_NV_BUFFER_P_UNMARSHAL, END_OF_LIST, END_OF_LIST} }; #define _NV_ExtendDataAddress (&_NV_ExtendData) #else #define _NV_ExtendDataAddress 0 #endif // CC_NV_Extend #if CC_NV_SetBits #include "NV_SetBits_fp.h" typedef TPM_RC (NV_SetBits_Entry)( NV_SetBits_In *in ); typedef const struct { NV_SetBits_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[2]; BYTE types[5]; } NV_SetBits_COMMAND_DESCRIPTOR_t; NV_SetBits_COMMAND_DESCRIPTOR_t _NV_SetBitsData = { /* entry */ &TPM2_NV_SetBits, /* inSize */ (UINT16)(sizeof(NV_SetBits_In)), /* outSize */ 0, /* offsetOfTypes */ offsetof(NV_SetBits_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(NV_SetBits_In, nvIndex)), (UINT16)(offsetof(NV_SetBits_In, bits))}, /* types */ {TPMI_RH_NV_AUTH_H_UNMARSHAL, TPMI_RH_NV_INDEX_H_UNMARSHAL, UINT64_P_UNMARSHAL, END_OF_LIST, END_OF_LIST} }; #define _NV_SetBitsDataAddress (&_NV_SetBitsData) #else #define _NV_SetBitsDataAddress 0 #endif // CC_NV_SetBits #if CC_NV_WriteLock #include "NV_WriteLock_fp.h" typedef TPM_RC (NV_WriteLock_Entry)( NV_WriteLock_In *in ); typedef const struct { NV_WriteLock_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[1]; BYTE types[4]; } NV_WriteLock_COMMAND_DESCRIPTOR_t; NV_WriteLock_COMMAND_DESCRIPTOR_t _NV_WriteLockData = { /* entry */ &TPM2_NV_WriteLock, /* inSize */ (UINT16)(sizeof(NV_WriteLock_In)), /* outSize */ 0, /* offsetOfTypes */ offsetof(NV_WriteLock_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(NV_WriteLock_In, nvIndex))}, /* types */ {TPMI_RH_NV_AUTH_H_UNMARSHAL, TPMI_RH_NV_INDEX_H_UNMARSHAL, END_OF_LIST, END_OF_LIST} }; #define _NV_WriteLockDataAddress (&_NV_WriteLockData) #else #define _NV_WriteLockDataAddress 0 #endif // CC_NV_WriteLock #if CC_NV_GlobalWriteLock #include "NV_GlobalWriteLock_fp.h" typedef TPM_RC (NV_GlobalWriteLock_Entry)( NV_GlobalWriteLock_In *in ); typedef const struct { NV_GlobalWriteLock_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; BYTE types[3]; } NV_GlobalWriteLock_COMMAND_DESCRIPTOR_t; NV_GlobalWriteLock_COMMAND_DESCRIPTOR_t _NV_GlobalWriteLockData = { /* entry */ &TPM2_NV_GlobalWriteLock, /* inSize */ (UINT16)(sizeof(NV_GlobalWriteLock_In)), /* outSize */ 0, /* offsetOfTypes */ offsetof(NV_GlobalWriteLock_COMMAND_DESCRIPTOR_t, types), /* offsets */ // No parameter offsets; /* types */ {TPMI_RH_PROVISION_H_UNMARSHAL, END_OF_LIST, END_OF_LIST} }; #define _NV_GlobalWriteLockDataAddress (&_NV_GlobalWriteLockData) #else #define _NV_GlobalWriteLockDataAddress 0 #endif // CC_NV_GlobalWriteLock #if CC_NV_Read #include "NV_Read_fp.h" typedef TPM_RC (NV_Read_Entry)( NV_Read_In *in, NV_Read_Out *out ); typedef const struct { NV_Read_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[3]; BYTE types[7]; } NV_Read_COMMAND_DESCRIPTOR_t; NV_Read_COMMAND_DESCRIPTOR_t _NV_ReadData = { /* entry */ &TPM2_NV_Read, /* inSize */ (UINT16)(sizeof(NV_Read_In)), /* outSize */ (UINT16)(sizeof(NV_Read_Out)), /* offsetOfTypes */ offsetof(NV_Read_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(NV_Read_In, nvIndex)), (UINT16)(offsetof(NV_Read_In, size)), (UINT16)(offsetof(NV_Read_In, offset))}, /* types */ {TPMI_RH_NV_AUTH_H_UNMARSHAL, TPMI_RH_NV_INDEX_H_UNMARSHAL, UINT16_P_UNMARSHAL, UINT16_P_UNMARSHAL, END_OF_LIST, TPM2B_MAX_NV_BUFFER_P_MARSHAL, END_OF_LIST} }; #define _NV_ReadDataAddress (&_NV_ReadData) #else #define _NV_ReadDataAddress 0 #endif // CC_NV_Read #if CC_NV_ReadLock #include "NV_ReadLock_fp.h" typedef TPM_RC (NV_ReadLock_Entry)( NV_ReadLock_In *in ); typedef const struct { NV_ReadLock_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[1]; BYTE types[4]; } NV_ReadLock_COMMAND_DESCRIPTOR_t; NV_ReadLock_COMMAND_DESCRIPTOR_t _NV_ReadLockData = { /* entry */ &TPM2_NV_ReadLock, /* inSize */ (UINT16)(sizeof(NV_ReadLock_In)), /* outSize */ 0, /* offsetOfTypes */ offsetof(NV_ReadLock_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(NV_ReadLock_In, nvIndex))}, /* types */ {TPMI_RH_NV_AUTH_H_UNMARSHAL, TPMI_RH_NV_INDEX_H_UNMARSHAL, END_OF_LIST, END_OF_LIST} }; #define _NV_ReadLockDataAddress (&_NV_ReadLockData) #else #define _NV_ReadLockDataAddress 0 #endif // CC_NV_ReadLock #if CC_NV_ChangeAuth #include "NV_ChangeAuth_fp.h" typedef TPM_RC (NV_ChangeAuth_Entry)( NV_ChangeAuth_In *in ); typedef const struct { NV_ChangeAuth_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[1]; BYTE types[4]; } NV_ChangeAuth_COMMAND_DESCRIPTOR_t; NV_ChangeAuth_COMMAND_DESCRIPTOR_t _NV_ChangeAuthData = { /* entry */ &TPM2_NV_ChangeAuth, /* inSize */ (UINT16)(sizeof(NV_ChangeAuth_In)), /* outSize */ 0, /* offsetOfTypes */ offsetof(NV_ChangeAuth_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(NV_ChangeAuth_In, newAuth))}, /* types */ {TPMI_RH_NV_INDEX_H_UNMARSHAL, TPM2B_AUTH_P_UNMARSHAL, END_OF_LIST, END_OF_LIST} }; #define _NV_ChangeAuthDataAddress (&_NV_ChangeAuthData) #else #define _NV_ChangeAuthDataAddress 0 #endif // CC_NV_ChangeAuth #if CC_NV_Certify #include "NV_Certify_fp.h" typedef TPM_RC (NV_Certify_Entry)( NV_Certify_In *in, NV_Certify_Out *out ); typedef const struct { NV_Certify_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[7]; BYTE types[11]; } NV_Certify_COMMAND_DESCRIPTOR_t; NV_Certify_COMMAND_DESCRIPTOR_t _NV_CertifyData = { /* entry */ &TPM2_NV_Certify, /* inSize */ (UINT16)(sizeof(NV_Certify_In)), /* outSize */ (UINT16)(sizeof(NV_Certify_Out)), /* offsetOfTypes */ offsetof(NV_Certify_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(NV_Certify_In, authHandle)), (UINT16)(offsetof(NV_Certify_In, nvIndex)), (UINT16)(offsetof(NV_Certify_In, qualifyingData)), (UINT16)(offsetof(NV_Certify_In, inScheme)), (UINT16)(offsetof(NV_Certify_In, size)), (UINT16)(offsetof(NV_Certify_In, offset)), (UINT16)(offsetof(NV_Certify_Out, signature))}, /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL + ADD_FLAG, TPMI_RH_NV_AUTH_H_UNMARSHAL, TPMI_RH_NV_INDEX_H_UNMARSHAL, TPM2B_DATA_P_UNMARSHAL, TPMT_SIG_SCHEME_P_UNMARSHAL + ADD_FLAG, UINT16_P_UNMARSHAL, UINT16_P_UNMARSHAL, END_OF_LIST, TPM2B_ATTEST_P_MARSHAL, TPMT_SIGNATURE_P_MARSHAL, END_OF_LIST} }; #define _NV_CertifyDataAddress (&_NV_CertifyData) #else #define _NV_CertifyDataAddress 0 #endif // CC_NV_Certify #if CC_AC_GetCapability #include "AC_GetCapability_fp.h" typedef TPM_RC (AC_GetCapability_Entry)( AC_GetCapability_In *in, AC_GetCapability_Out *out ); typedef const struct { AC_GetCapability_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[3]; BYTE types[7]; } AC_GetCapability_COMMAND_DESCRIPTOR_t; AC_GetCapability_COMMAND_DESCRIPTOR_t _AC_GetCapabilityData = { /* entry */ &TPM2_AC_GetCapability, /* inSize */ (UINT16)(sizeof(AC_GetCapability_In)), /* outSize */ (UINT16)(sizeof(AC_GetCapability_Out)), /* offsetOfTypes */ offsetof(AC_GetCapability_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(AC_GetCapability_In, capability)), (UINT16)(offsetof(AC_GetCapability_In, count)), (UINT16)(offsetof(AC_GetCapability_Out, capabilitiesData))}, /* types */ {TPMI_RH_AC_H_UNMARSHAL, TPM_AT_P_UNMARSHAL, UINT32_P_UNMARSHAL, END_OF_LIST, TPMI_YES_NO_P_MARSHAL, TPML_AC_CAPABILITIES_P_MARSHAL, END_OF_LIST} }; #define _AC_GetCapabilityDataAddress (&_AC_GetCapabilityData) #else #define _AC_GetCapabilityDataAddress 0 #endif // CC_AC_GetCapability #if CC_AC_Send #include "AC_Send_fp.h" typedef TPM_RC (AC_Send_Entry)( AC_Send_In *in, AC_Send_Out *out ); typedef const struct { AC_Send_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[3]; BYTE types[7]; } AC_Send_COMMAND_DESCRIPTOR_t; AC_Send_COMMAND_DESCRIPTOR_t _AC_SendData = { /* entry */ &TPM2_AC_Send, /* inSize */ (UINT16)(sizeof(AC_Send_In)), /* outSize */ (UINT16)(sizeof(AC_Send_Out)), /* offsetOfTypes */ offsetof(AC_Send_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(AC_Send_In, authHandle)), (UINT16)(offsetof(AC_Send_In, ac)), (UINT16)(offsetof(AC_Send_In, acDataIn))}, /* types */ {TPMI_DH_OBJECT_H_UNMARSHAL, TPMI_RH_NV_AUTH_H_UNMARSHAL, TPMI_RH_AC_H_UNMARSHAL, TPM2B_MAX_BUFFER_P_UNMARSHAL, END_OF_LIST, TPMS_AC_OUTPUT_P_MARSHAL, END_OF_LIST} }; #define _AC_SendDataAddress (&_AC_SendData) #else #define _AC_SendDataAddress 0 #endif // CC_AC_Send #if CC_Policy_AC_SendSelect #include "Policy_AC_SendSelect_fp.h" typedef TPM_RC (Policy_AC_SendSelect_Entry)( Policy_AC_SendSelect_In *in ); typedef const struct { Policy_AC_SendSelect_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; UINT16 paramOffsets[4]; BYTE types[7]; } Policy_AC_SendSelect_COMMAND_DESCRIPTOR_t; Policy_AC_SendSelect_COMMAND_DESCRIPTOR_t _Policy_AC_SendSelectData = { /* entry */ &TPM2_Policy_AC_SendSelect, /* inSize */ (UINT16)(sizeof(Policy_AC_SendSelect_In)), /* outSize */ 0, /* offsetOfTypes */ offsetof(Policy_AC_SendSelect_COMMAND_DESCRIPTOR_t, types), /* offsets */ {(UINT16)(offsetof(Policy_AC_SendSelect_In, objectName)), (UINT16)(offsetof(Policy_AC_SendSelect_In, authHandleName)), (UINT16)(offsetof(Policy_AC_SendSelect_In, acName)), (UINT16)(offsetof(Policy_AC_SendSelect_In, includeObject))}, /* types */ {TPMI_SH_POLICY_H_UNMARSHAL, TPM2B_NAME_P_UNMARSHAL, TPM2B_NAME_P_UNMARSHAL, TPM2B_NAME_P_UNMARSHAL, TPMI_YES_NO_P_UNMARSHAL, END_OF_LIST, END_OF_LIST} }; #define _Policy_AC_SendSelectDataAddress (&_Policy_AC_SendSelectData) #else #define _Policy_AC_SendSelectDataAddress 0 #endif // CC_Policy_AC_SendSelect #if CC_Vendor_TCG_Test #include "Vendor_TCG_Test_fp.h" typedef TPM_RC (Vendor_TCG_Test_Entry)( Vendor_TCG_Test_In *in, Vendor_TCG_Test_Out *out ); typedef const struct { Vendor_TCG_Test_Entry *entry; UINT16 inSize; UINT16 outSize; UINT16 offsetOfTypes; BYTE types[4]; } Vendor_TCG_Test_COMMAND_DESCRIPTOR_t; Vendor_TCG_Test_COMMAND_DESCRIPTOR_t _Vendor_TCG_TestData = { /* entry */ &TPM2_Vendor_TCG_Test, /* inSize */ (UINT16)(sizeof(Vendor_TCG_Test_In)), /* outSize */ (UINT16)(sizeof(Vendor_TCG_Test_Out)), /* offsetOfTypes */ offsetof(Vendor_TCG_Test_COMMAND_DESCRIPTOR_t, types), /* offsets */ // No parameter offsets; /* types */ {TPM2B_DATA_P_UNMARSHAL, END_OF_LIST, TPM2B_DATA_P_MARSHAL, END_OF_LIST} }; #define _Vendor_TCG_TestDataAddress (&_Vendor_TCG_TestData) #else #define _Vendor_TCG_TestDataAddress 0 #endif // CC_Vendor_TCG_Test COMMAND_DESCRIPTOR_t *s_CommandDataArray[] = { #if (PAD_LIST || CC_NV_UndefineSpaceSpecial) (COMMAND_DESCRIPTOR_t *)_NV_UndefineSpaceSpecialDataAddress, #endif // CC_NV_UndefineSpaceSpecial #if (PAD_LIST || CC_EvictControl) (COMMAND_DESCRIPTOR_t *)_EvictControlDataAddress, #endif // CC_EvictControl #if (PAD_LIST || CC_HierarchyControl) (COMMAND_DESCRIPTOR_t *)_HierarchyControlDataAddress, #endif // CC_HierarchyControl #if (PAD_LIST || CC_NV_UndefineSpace) (COMMAND_DESCRIPTOR_t *)_NV_UndefineSpaceDataAddress, #endif // CC_NV_UndefineSpace #if (PAD_LIST) (COMMAND_DESCRIPTOR_t *)0, #endif // #if (PAD_LIST || CC_ChangeEPS) (COMMAND_DESCRIPTOR_t *)_ChangeEPSDataAddress, #endif // CC_ChangeEPS #if (PAD_LIST || CC_ChangePPS) (COMMAND_DESCRIPTOR_t *)_ChangePPSDataAddress, #endif // CC_ChangePPS #if (PAD_LIST || CC_Clear) (COMMAND_DESCRIPTOR_t *)_ClearDataAddress, #endif // CC_Clear #if (PAD_LIST || CC_ClearControl) (COMMAND_DESCRIPTOR_t *)_ClearControlDataAddress, #endif // CC_ClearControl #if (PAD_LIST || CC_ClockSet) (COMMAND_DESCRIPTOR_t *)_ClockSetDataAddress, #endif // CC_ClockSet #if (PAD_LIST || CC_HierarchyChangeAuth) (COMMAND_DESCRIPTOR_t *)_HierarchyChangeAuthDataAddress, #endif // CC_HierarchyChangeAuth #if (PAD_LIST || CC_NV_DefineSpace) (COMMAND_DESCRIPTOR_t *)_NV_DefineSpaceDataAddress, #endif // CC_NV_DefineSpace #if (PAD_LIST || CC_PCR_Allocate) (COMMAND_DESCRIPTOR_t *)_PCR_AllocateDataAddress, #endif // CC_PCR_Allocate #if (PAD_LIST || CC_PCR_SetAuthPolicy) (COMMAND_DESCRIPTOR_t *)_PCR_SetAuthPolicyDataAddress, #endif // CC_PCR_SetAuthPolicy #if (PAD_LIST || CC_PP_Commands) (COMMAND_DESCRIPTOR_t *)_PP_CommandsDataAddress, #endif // CC_PP_Commands #if (PAD_LIST || CC_SetPrimaryPolicy) (COMMAND_DESCRIPTOR_t *)_SetPrimaryPolicyDataAddress, #endif // CC_SetPrimaryPolicy #if (PAD_LIST || CC_FieldUpgradeStart) (COMMAND_DESCRIPTOR_t *)_FieldUpgradeStartDataAddress, #endif // CC_FieldUpgradeStart #if (PAD_LIST || CC_ClockRateAdjust) (COMMAND_DESCRIPTOR_t *)_ClockRateAdjustDataAddress, #endif // CC_ClockRateAdjust #if (PAD_LIST || CC_CreatePrimary) (COMMAND_DESCRIPTOR_t *)_CreatePrimaryDataAddress, #endif // CC_CreatePrimary #if (PAD_LIST || CC_NV_GlobalWriteLock) (COMMAND_DESCRIPTOR_t *)_NV_GlobalWriteLockDataAddress, #endif // CC_NV_GlobalWriteLock #if (PAD_LIST || CC_GetCommandAuditDigest) (COMMAND_DESCRIPTOR_t *)_GetCommandAuditDigestDataAddress, #endif // CC_GetCommandAuditDigest #if (PAD_LIST || CC_NV_Increment) (COMMAND_DESCRIPTOR_t *)_NV_IncrementDataAddress, #endif // CC_NV_Increment #if (PAD_LIST || CC_NV_SetBits) (COMMAND_DESCRIPTOR_t *)_NV_SetBitsDataAddress, #endif // CC_NV_SetBits #if (PAD_LIST || CC_NV_Extend) (COMMAND_DESCRIPTOR_t *)_NV_ExtendDataAddress, #endif // CC_NV_Extend #if (PAD_LIST || CC_NV_Write) (COMMAND_DESCRIPTOR_t *)_NV_WriteDataAddress, #endif // CC_NV_Write #if (PAD_LIST || CC_NV_WriteLock) (COMMAND_DESCRIPTOR_t *)_NV_WriteLockDataAddress, #endif // CC_NV_WriteLock #if (PAD_LIST || CC_DictionaryAttackLockReset) (COMMAND_DESCRIPTOR_t *)_DictionaryAttackLockResetDataAddress, #endif // CC_DictionaryAttackLockReset #if (PAD_LIST || CC_DictionaryAttackParameters) (COMMAND_DESCRIPTOR_t *)_DictionaryAttackParametersDataAddress, #endif // CC_DictionaryAttackParameters #if (PAD_LIST || CC_NV_ChangeAuth) (COMMAND_DESCRIPTOR_t *)_NV_ChangeAuthDataAddress, #endif // CC_NV_ChangeAuth #if (PAD_LIST || CC_PCR_Event) (COMMAND_DESCRIPTOR_t *)_PCR_EventDataAddress, #endif // CC_PCR_Event #if (PAD_LIST || CC_PCR_Reset) (COMMAND_DESCRIPTOR_t *)_PCR_ResetDataAddress, #endif // CC_PCR_Reset #if (PAD_LIST || CC_SequenceComplete) (COMMAND_DESCRIPTOR_t *)_SequenceCompleteDataAddress, #endif // CC_SequenceComplete #if (PAD_LIST || CC_SetAlgorithmSet) (COMMAND_DESCRIPTOR_t *)_SetAlgorithmSetDataAddress, #endif // CC_SetAlgorithmSet #if (PAD_LIST || CC_SetCommandCodeAuditStatus) (COMMAND_DESCRIPTOR_t *)_SetCommandCodeAuditStatusDataAddress, #endif // CC_SetCommandCodeAuditStatus #if (PAD_LIST || CC_FieldUpgradeData) (COMMAND_DESCRIPTOR_t *)_FieldUpgradeDataDataAddress, #endif // CC_FieldUpgradeData #if (PAD_LIST || CC_IncrementalSelfTest) (COMMAND_DESCRIPTOR_t *)_IncrementalSelfTestDataAddress, #endif // CC_IncrementalSelfTest #if (PAD_LIST || CC_SelfTest) (COMMAND_DESCRIPTOR_t *)_SelfTestDataAddress, #endif // CC_SelfTest #if (PAD_LIST || CC_Startup) (COMMAND_DESCRIPTOR_t *)_StartupDataAddress, #endif // CC_Startup #if (PAD_LIST || CC_Shutdown) (COMMAND_DESCRIPTOR_t *)_ShutdownDataAddress, #endif // CC_Shutdown #if (PAD_LIST || CC_StirRandom) (COMMAND_DESCRIPTOR_t *)_StirRandomDataAddress, #endif // CC_StirRandom #if (PAD_LIST || CC_ActivateCredential) (COMMAND_DESCRIPTOR_t *)_ActivateCredentialDataAddress, #endif // CC_ActivateCredential #if (PAD_LIST || CC_Certify) (COMMAND_DESCRIPTOR_t *)_CertifyDataAddress, #endif // CC_Certify #if (PAD_LIST || CC_PolicyNV) (COMMAND_DESCRIPTOR_t *)_PolicyNVDataAddress, #endif // CC_PolicyNV #if (PAD_LIST || CC_CertifyCreation) (COMMAND_DESCRIPTOR_t *)_CertifyCreationDataAddress, #endif // CC_CertifyCreation #if (PAD_LIST || CC_Duplicate) (COMMAND_DESCRIPTOR_t *)_DuplicateDataAddress, #endif // CC_Duplicate #if (PAD_LIST || CC_GetTime) (COMMAND_DESCRIPTOR_t *)_GetTimeDataAddress, #endif // CC_GetTime #if (PAD_LIST || CC_GetSessionAuditDigest) (COMMAND_DESCRIPTOR_t *)_GetSessionAuditDigestDataAddress, #endif // CC_GetSessionAuditDigest #if (PAD_LIST || CC_NV_Read) (COMMAND_DESCRIPTOR_t *)_NV_ReadDataAddress, #endif // CC_NV_Read #if (PAD_LIST || CC_NV_ReadLock) (COMMAND_DESCRIPTOR_t *)_NV_ReadLockDataAddress, #endif // CC_NV_ReadLock #if (PAD_LIST || CC_ObjectChangeAuth) (COMMAND_DESCRIPTOR_t *)_ObjectChangeAuthDataAddress, #endif // CC_ObjectChangeAuth #if (PAD_LIST || CC_PolicySecret) (COMMAND_DESCRIPTOR_t *)_PolicySecretDataAddress, #endif // CC_PolicySecret #if (PAD_LIST || CC_Rewrap) (COMMAND_DESCRIPTOR_t *)_RewrapDataAddress, #endif // CC_Rewrap #if (PAD_LIST || CC_Create) (COMMAND_DESCRIPTOR_t *)_CreateDataAddress, #endif // CC_Create #if (PAD_LIST || CC_ECDH_ZGen) (COMMAND_DESCRIPTOR_t *)_ECDH_ZGenDataAddress, #endif // CC_ECDH_ZGen #if (PAD_LIST || (CC_HMAC || CC_MAC)) # if CC_HMAC (COMMAND_DESCRIPTOR_t *)_HMACDataAddress, # endif # if CC_MAC (COMMAND_DESCRIPTOR_t *)_MACDataAddress, # endif # if (CC_HMAC || CC_MAC) > 1 # error "More than one aliased command defined" # endif #endif // CC_HMAC CC_MAC #if (PAD_LIST || CC_Import) (COMMAND_DESCRIPTOR_t *)_ImportDataAddress, #endif // CC_Import #if (PAD_LIST || CC_Load) (COMMAND_DESCRIPTOR_t *)_LoadDataAddress, #endif // CC_Load #if (PAD_LIST || CC_Quote) (COMMAND_DESCRIPTOR_t *)_QuoteDataAddress, #endif // CC_Quote #if (PAD_LIST || CC_RSA_Decrypt) (COMMAND_DESCRIPTOR_t *)_RSA_DecryptDataAddress, #endif // CC_RSA_Decrypt #if (PAD_LIST) (COMMAND_DESCRIPTOR_t *)0, #endif // #if (PAD_LIST || (CC_HMAC_Start || CC_MAC_Start)) # if CC_HMAC_Start (COMMAND_DESCRIPTOR_t *)_HMAC_StartDataAddress, # endif # if CC_MAC_Start (COMMAND_DESCRIPTOR_t *)_MAC_StartDataAddress, # endif # if (CC_HMAC_Start || CC_MAC_Start) > 1 # error "More than one aliased command defined" # endif #endif // CC_HMAC_Start CC_MAC_Start #if (PAD_LIST || CC_SequenceUpdate) (COMMAND_DESCRIPTOR_t *)_SequenceUpdateDataAddress, #endif // CC_SequenceUpdate #if (PAD_LIST || CC_Sign) (COMMAND_DESCRIPTOR_t *)_SignDataAddress, #endif // CC_Sign #if (PAD_LIST || CC_Unseal) (COMMAND_DESCRIPTOR_t *)_UnsealDataAddress, #endif // CC_Unseal #if (PAD_LIST) (COMMAND_DESCRIPTOR_t *)0, #endif // #if (PAD_LIST || CC_PolicySigned) (COMMAND_DESCRIPTOR_t *)_PolicySignedDataAddress, #endif // CC_PolicySigned #if (PAD_LIST || CC_ContextLoad) (COMMAND_DESCRIPTOR_t *)_ContextLoadDataAddress, #endif // CC_ContextLoad #if (PAD_LIST || CC_ContextSave) (COMMAND_DESCRIPTOR_t *)_ContextSaveDataAddress, #endif // CC_ContextSave #if (PAD_LIST || CC_ECDH_KeyGen) (COMMAND_DESCRIPTOR_t *)_ECDH_KeyGenDataAddress, #endif // CC_ECDH_KeyGen #if (PAD_LIST || CC_EncryptDecrypt) (COMMAND_DESCRIPTOR_t *)_EncryptDecryptDataAddress, #endif // CC_EncryptDecrypt #if (PAD_LIST || CC_FlushContext) (COMMAND_DESCRIPTOR_t *)_FlushContextDataAddress, #endif // CC_FlushContext #if (PAD_LIST) (COMMAND_DESCRIPTOR_t *)0, #endif // #if (PAD_LIST || CC_LoadExternal) (COMMAND_DESCRIPTOR_t *)_LoadExternalDataAddress, #endif // CC_LoadExternal #if (PAD_LIST || CC_MakeCredential) (COMMAND_DESCRIPTOR_t *)_MakeCredentialDataAddress, #endif // CC_MakeCredential #if (PAD_LIST || CC_NV_ReadPublic) (COMMAND_DESCRIPTOR_t *)_NV_ReadPublicDataAddress, #endif // CC_NV_ReadPublic #if (PAD_LIST || CC_PolicyAuthorize) (COMMAND_DESCRIPTOR_t *)_PolicyAuthorizeDataAddress, #endif // CC_PolicyAuthorize #if (PAD_LIST || CC_PolicyAuthValue) (COMMAND_DESCRIPTOR_t *)_PolicyAuthValueDataAddress, #endif // CC_PolicyAuthValue #if (PAD_LIST || CC_PolicyCommandCode) (COMMAND_DESCRIPTOR_t *)_PolicyCommandCodeDataAddress, #endif // CC_PolicyCommandCode #if (PAD_LIST || CC_PolicyCounterTimer) (COMMAND_DESCRIPTOR_t *)_PolicyCounterTimerDataAddress, #endif // CC_PolicyCounterTimer #if (PAD_LIST || CC_PolicyCpHash) (COMMAND_DESCRIPTOR_t *)_PolicyCpHashDataAddress, #endif // CC_PolicyCpHash #if (PAD_LIST || CC_PolicyLocality) (COMMAND_DESCRIPTOR_t *)_PolicyLocalityDataAddress, #endif // CC_PolicyLocality #if (PAD_LIST || CC_PolicyNameHash) (COMMAND_DESCRIPTOR_t *)_PolicyNameHashDataAddress, #endif // CC_PolicyNameHash #if (PAD_LIST || CC_PolicyOR) (COMMAND_DESCRIPTOR_t *)_PolicyORDataAddress, #endif // CC_PolicyOR #if (PAD_LIST || CC_PolicyTicket) (COMMAND_DESCRIPTOR_t *)_PolicyTicketDataAddress, #endif // CC_PolicyTicket #if (PAD_LIST || CC_ReadPublic) (COMMAND_DESCRIPTOR_t *)_ReadPublicDataAddress, #endif // CC_ReadPublic #if (PAD_LIST || CC_RSA_Encrypt) (COMMAND_DESCRIPTOR_t *)_RSA_EncryptDataAddress, #endif // CC_RSA_Encrypt #if (PAD_LIST) (COMMAND_DESCRIPTOR_t *)0, #endif // #if (PAD_LIST || CC_StartAuthSession) (COMMAND_DESCRIPTOR_t *)_StartAuthSessionDataAddress, #endif // CC_StartAuthSession #if (PAD_LIST || CC_VerifySignature) (COMMAND_DESCRIPTOR_t *)_VerifySignatureDataAddress, #endif // CC_VerifySignature #if (PAD_LIST || CC_ECC_Parameters) (COMMAND_DESCRIPTOR_t *)_ECC_ParametersDataAddress, #endif // CC_ECC_Parameters #if (PAD_LIST || CC_FirmwareRead) (COMMAND_DESCRIPTOR_t *)_FirmwareReadDataAddress, #endif // CC_FirmwareRead #if (PAD_LIST || CC_GetCapability) (COMMAND_DESCRIPTOR_t *)_GetCapabilityDataAddress, #endif // CC_GetCapability #if (PAD_LIST || CC_GetRandom) (COMMAND_DESCRIPTOR_t *)_GetRandomDataAddress, #endif // CC_GetRandom #if (PAD_LIST || CC_GetTestResult) (COMMAND_DESCRIPTOR_t *)_GetTestResultDataAddress, #endif // CC_GetTestResult #if (PAD_LIST || CC_Hash) (COMMAND_DESCRIPTOR_t *)_HashDataAddress, #endif // CC_Hash #if (PAD_LIST || CC_PCR_Read) (COMMAND_DESCRIPTOR_t *)_PCR_ReadDataAddress, #endif // CC_PCR_Read #if (PAD_LIST || CC_PolicyPCR) (COMMAND_DESCRIPTOR_t *)_PolicyPCRDataAddress, #endif // CC_PolicyPCR #if (PAD_LIST || CC_PolicyRestart) (COMMAND_DESCRIPTOR_t *)_PolicyRestartDataAddress, #endif // CC_PolicyRestart #if (PAD_LIST || CC_ReadClock) (COMMAND_DESCRIPTOR_t *)_ReadClockDataAddress, #endif // CC_ReadClock #if (PAD_LIST || CC_PCR_Extend) (COMMAND_DESCRIPTOR_t *)_PCR_ExtendDataAddress, #endif // CC_PCR_Extend #if (PAD_LIST || CC_PCR_SetAuthValue) (COMMAND_DESCRIPTOR_t *)_PCR_SetAuthValueDataAddress, #endif // CC_PCR_SetAuthValue #if (PAD_LIST || CC_NV_Certify) (COMMAND_DESCRIPTOR_t *)_NV_CertifyDataAddress, #endif // CC_NV_Certify #if (PAD_LIST || CC_EventSequenceComplete) (COMMAND_DESCRIPTOR_t *)_EventSequenceCompleteDataAddress, #endif // CC_EventSequenceComplete #if (PAD_LIST || CC_HashSequenceStart) (COMMAND_DESCRIPTOR_t *)_HashSequenceStartDataAddress, #endif // CC_HashSequenceStart #if (PAD_LIST || CC_PolicyPhysicalPresence) (COMMAND_DESCRIPTOR_t *)_PolicyPhysicalPresenceDataAddress, #endif // CC_PolicyPhysicalPresence #if (PAD_LIST || CC_PolicyDuplicationSelect) (COMMAND_DESCRIPTOR_t *)_PolicyDuplicationSelectDataAddress, #endif // CC_PolicyDuplicationSelect #if (PAD_LIST || CC_PolicyGetDigest) (COMMAND_DESCRIPTOR_t *)_PolicyGetDigestDataAddress, #endif // CC_PolicyGetDigest #if (PAD_LIST || CC_TestParms) (COMMAND_DESCRIPTOR_t *)_TestParmsDataAddress, #endif // CC_TestParms #if (PAD_LIST || CC_Commit) (COMMAND_DESCRIPTOR_t *)_CommitDataAddress, #endif // CC_Commit #if (PAD_LIST || CC_PolicyPassword) (COMMAND_DESCRIPTOR_t *)_PolicyPasswordDataAddress, #endif // CC_PolicyPassword #if (PAD_LIST || CC_ZGen_2Phase) (COMMAND_DESCRIPTOR_t *)_ZGen_2PhaseDataAddress, #endif // CC_ZGen_2Phase #if (PAD_LIST || CC_EC_Ephemeral) (COMMAND_DESCRIPTOR_t *)_EC_EphemeralDataAddress, #endif // CC_EC_Ephemeral #if (PAD_LIST || CC_PolicyNvWritten) (COMMAND_DESCRIPTOR_t *)_PolicyNvWrittenDataAddress, #endif // CC_PolicyNvWritten #if (PAD_LIST || CC_PolicyTemplate) (COMMAND_DESCRIPTOR_t *)_PolicyTemplateDataAddress, #endif // CC_PolicyTemplate #if (PAD_LIST || CC_CreateLoaded) (COMMAND_DESCRIPTOR_t *)_CreateLoadedDataAddress, #endif // CC_CreateLoaded #if (PAD_LIST || CC_PolicyAuthorizeNV) (COMMAND_DESCRIPTOR_t *)_PolicyAuthorizeNVDataAddress, #endif // CC_PolicyAuthorizeNV #if (PAD_LIST || CC_EncryptDecrypt2) (COMMAND_DESCRIPTOR_t *)_EncryptDecrypt2DataAddress, #endif // CC_EncryptDecrypt2 #if (PAD_LIST || CC_AC_GetCapability) (COMMAND_DESCRIPTOR_t *)_AC_GetCapabilityDataAddress, #endif // CC_AC_GetCapability #if (PAD_LIST || CC_AC_Send) (COMMAND_DESCRIPTOR_t *)_AC_SendDataAddress, #endif // CC_AC_Send #if (PAD_LIST || CC_Policy_AC_SendSelect) (COMMAND_DESCRIPTOR_t *)_Policy_AC_SendSelectDataAddress, #endif // CC_Policy_AC_SendSelect #if (PAD_LIST || CC_CertifyX509) (COMMAND_DESCRIPTOR_t *)_CertifyX509DataAddress, #endif // CC_CertifyX509 #if (PAD_LIST || CC_Vendor_TCG_Test) (COMMAND_DESCRIPTOR_t *)_Vendor_TCG_TestDataAddress, #endif // CC_Vendor_TCG_Test 0 }; #endif // _COMMAND_TABLE_DISPATCH_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CommandDispatcher.h000066400000000000000000002700161510276467000273730ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmDispatch; Version 4.0 July 8,2017 * Date: Oct 27, 2018 Time: 06:49:39PM */ // This macro is added just so that the code is only excessively long. #define EXIT_IF_ERROR_PLUS(x) \ if(TPM_RC_SUCCESS != result) { result += (x); goto Exit; } #if CC_Startup case TPM_CC_Startup: { Startup_In *in = (Startup_In *) MemoryGetInBuffer(sizeof(Startup_In)); result = TPM_SU_Unmarshal(&in->startupType, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_Startup_startupType); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_Startup (in); break; } #endif // CC_Startup #if CC_Shutdown case TPM_CC_Shutdown: { Shutdown_In *in = (Shutdown_In *) MemoryGetInBuffer(sizeof(Shutdown_In)); result = TPM_SU_Unmarshal(&in->shutdownType, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_Shutdown_shutdownType); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_Shutdown (in); break; } #endif // CC_Shutdown #if CC_SelfTest case TPM_CC_SelfTest: { SelfTest_In *in = (SelfTest_In *) MemoryGetInBuffer(sizeof(SelfTest_In)); result = TPMI_YES_NO_Unmarshal(&in->fullTest, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_SelfTest_fullTest); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_SelfTest (in); break; } #endif // CC_SelfTest #if CC_IncrementalSelfTest case TPM_CC_IncrementalSelfTest: { IncrementalSelfTest_In *in = (IncrementalSelfTest_In *) MemoryGetInBuffer(sizeof(IncrementalSelfTest_In)); IncrementalSelfTest_Out *out = (IncrementalSelfTest_Out *) MemoryGetOutBuffer(sizeof(IncrementalSelfTest_Out)); result = TPML_ALG_Unmarshal(&in->toTest, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_IncrementalSelfTest_toTest); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_IncrementalSelfTest (in, out); rSize = sizeof(IncrementalSelfTest_Out); *respParmSize += TPML_ALG_Marshal(&out->toDoList, responseBuffer, &rSize); break; } #endif // CC_IncrementalSelfTest #if CC_GetTestResult case TPM_CC_GetTestResult: { GetTestResult_Out *out = (GetTestResult_Out *) MemoryGetOutBuffer(sizeof(GetTestResult_Out)); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_GetTestResult (out); rSize = sizeof(GetTestResult_Out); *respParmSize += TPM2B_MAX_BUFFER_Marshal(&out->outData, responseBuffer, &rSize); *respParmSize += TPM_RC_Marshal(&out->testResult, responseBuffer, &rSize); break; } #endif // CC_GetTestResult #if CC_StartAuthSession case TPM_CC_StartAuthSession: { StartAuthSession_In *in = (StartAuthSession_In *) MemoryGetInBuffer(sizeof(StartAuthSession_In)); StartAuthSession_Out *out = (StartAuthSession_Out *) MemoryGetOutBuffer(sizeof(StartAuthSession_Out)); in->tpmKey = handles[0]; in->bind = handles[1]; result = TPM2B_NONCE_Unmarshal(&in->nonceCaller, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_StartAuthSession_nonceCaller); result = TPM2B_ENCRYPTED_SECRET_Unmarshal(&in->encryptedSalt, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_StartAuthSession_encryptedSalt); result = TPM_SE_Unmarshal(&in->sessionType, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_StartAuthSession_sessionType); result = TPMT_SYM_DEF_Unmarshal(&in->symmetric, paramBuffer, paramBufferSize, TRUE); ERROR_IF_EXIT_PLUS(RC_StartAuthSession_symmetric); result = TPMI_ALG_HASH_Unmarshal(&in->authHash, paramBuffer, paramBufferSize, FALSE); ERROR_IF_EXIT_PLUS(RC_StartAuthSession_authHash); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_StartAuthSession (in, out); rSize = sizeof(StartAuthSession_Out); if(TPM_RC_SUCCESS != result) goto Exit; ; command->handles[command->handleNum++] = out->sessionHandle; *respParmSize += TPM2B_NONCE_Marshal(&out->nonceTPM, responseBuffer, &rSize); break; } #endif // CC_StartAuthSession #if CC_PolicyRestart case TPM_CC_PolicyRestart: { PolicyRestart_In *in = (PolicyRestart_In *) MemoryGetInBuffer(sizeof(PolicyRestart_In)); in->sessionHandle = handles[0]; if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_PolicyRestart (in); break; } #endif // CC_PolicyRestart #if CC_Create case TPM_CC_Create: { Create_In *in = (Create_In *) MemoryGetInBuffer(sizeof(Create_In)); Create_Out *out = (Create_Out *) MemoryGetOutBuffer(sizeof(Create_Out)); in->parentHandle = handles[0]; result = TPM2B_SENSITIVE_CREATE_Unmarshal(&in->inSensitive, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_Create_inSensitive); result = TPM2B_PUBLIC_Unmarshal(&in->inPublic, paramBuffer, paramBufferSize, FALSE); ERROR_IF_EXIT_PLUS(RC_Create_inPublic); result = TPM2B_DATA_Unmarshal(&in->outsideInfo, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_Create_outsideInfo); result = TPML_PCR_SELECTION_Unmarshal(&in->creationPCR, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_Create_creationPCR); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_Create (in, out); rSize = sizeof(Create_Out); *respParmSize += TPM2B_PRIVATE_Marshal(&out->outPrivate, responseBuffer, &rSize); *respParmSize += TPM2B_PUBLIC_Marshal(&out->outPublic, responseBuffer, &rSize); *respParmSize += TPM2B_CREATION_DATA_Marshal(&out->creationData, responseBuffer, &rSize); *respParmSize += TPM2B_DIGEST_Marshal(&out->creationHash, responseBuffer, &rSize); *respParmSize += TPMT_TK_CREATION_Marshal(&out->creationTicket, responseBuffer, &rSize); break; } #endif // CC_Create #if CC_Load case TPM_CC_Load: { Load_In *in = (Load_In *) MemoryGetInBuffer(sizeof(Load_In)); Load_Out *out = (Load_Out *) MemoryGetOutBuffer(sizeof(Load_Out)); in->parentHandle = handles[0]; result = TPM2B_PRIVATE_Unmarshal(&in->inPrivate, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_Load_inPrivate); result = TPM2B_PUBLIC_Unmarshal(&in->inPublic, paramBuffer, paramBufferSize, FALSE); ERROR_IF_EXIT_PLUS(RC_Load_inPublic); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_Load (in, out); rSize = sizeof(Load_Out); if(TPM_RC_SUCCESS != result) goto Exit; ; command->handles[command->handleNum++] = out->objectHandle; *respParmSize += TPM2B_NAME_Marshal(&out->name, responseBuffer, &rSize); break; } #endif // CC_Load #if CC_LoadExternal case TPM_CC_LoadExternal: { LoadExternal_In *in = (LoadExternal_In *) MemoryGetInBuffer(sizeof(LoadExternal_In)); LoadExternal_Out *out = (LoadExternal_Out *) MemoryGetOutBuffer(sizeof(LoadExternal_Out)); result = TPM2B_SENSITIVE_Unmarshal(&in->inPrivate, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_LoadExternal_inPrivate); result = TPM2B_PUBLIC_Unmarshal(&in->inPublic, paramBuffer, paramBufferSize, TRUE); ERROR_IF_EXIT_PLUS(RC_LoadExternal_inPublic); result = TPMI_RH_HIERARCHY_Unmarshal(&in->hierarchy, paramBuffer, paramBufferSize, TRUE); ERROR_IF_EXIT_PLUS(RC_LoadExternal_hierarchy); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_LoadExternal (in, out); rSize = sizeof(LoadExternal_Out); if(TPM_RC_SUCCESS != result) goto Exit; ; command->handles[command->handleNum++] = out->objectHandle; *respParmSize += TPM2B_NAME_Marshal(&out->name, responseBuffer, &rSize); break; } #endif // CC_LoadExternal #if CC_ReadPublic case TPM_CC_ReadPublic: { ReadPublic_In *in = (ReadPublic_In *) MemoryGetInBuffer(sizeof(ReadPublic_In)); ReadPublic_Out *out = (ReadPublic_Out *) MemoryGetOutBuffer(sizeof(ReadPublic_Out)); in->objectHandle = handles[0]; if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_ReadPublic (in, out); rSize = sizeof(ReadPublic_Out); *respParmSize += TPM2B_PUBLIC_Marshal(&out->outPublic, responseBuffer, &rSize); *respParmSize += TPM2B_NAME_Marshal(&out->name, responseBuffer, &rSize); *respParmSize += TPM2B_NAME_Marshal(&out->qualifiedName, responseBuffer, &rSize); break; } #endif // CC_ReadPublic #if CC_ActivateCredential case TPM_CC_ActivateCredential: { ActivateCredential_In *in = (ActivateCredential_In *) MemoryGetInBuffer(sizeof(ActivateCredential_In)); ActivateCredential_Out *out = (ActivateCredential_Out *) MemoryGetOutBuffer(sizeof(ActivateCredential_Out)); in->activateHandle = handles[0]; in->keyHandle = handles[1]; result = TPM2B_ID_OBJECT_Unmarshal(&in->credentialBlob, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_ActivateCredential_credentialBlob); result = TPM2B_ENCRYPTED_SECRET_Unmarshal(&in->secret, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_ActivateCredential_secret); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_ActivateCredential (in, out); rSize = sizeof(ActivateCredential_Out); *respParmSize += TPM2B_DIGEST_Marshal(&out->certInfo, responseBuffer, &rSize); break; } #endif // CC_ActivateCredential #if CC_MakeCredential case TPM_CC_MakeCredential: { MakeCredential_In *in = (MakeCredential_In *) MemoryGetInBuffer(sizeof(MakeCredential_In)); MakeCredential_Out *out = (MakeCredential_Out *) MemoryGetOutBuffer(sizeof(MakeCredential_Out)); in->handle = handles[0]; result = TPM2B_DIGEST_Unmarshal(&in->credential, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_MakeCredential_credential); result = TPM2B_NAME_Unmarshal(&in->objectName, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_MakeCredential_objectName); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_MakeCredential (in, out); rSize = sizeof(MakeCredential_Out); *respParmSize += TPM2B_ID_OBJECT_Marshal(&out->credentialBlob, responseBuffer, &rSize); *respParmSize += TPM2B_ENCRYPTED_SECRET_Marshal(&out->secret, responseBuffer, &rSize); break; } #endif // CC_MakeCredential #if CC_Unseal case TPM_CC_Unseal: { Unseal_In *in = (Unseal_In *) MemoryGetInBuffer(sizeof(Unseal_In)); Unseal_Out *out = (Unseal_Out *) MemoryGetOutBuffer(sizeof(Unseal_Out)); in->itemHandle = handles[0]; if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_Unseal (in, out); rSize = sizeof(Unseal_Out); *respParmSize += TPM2B_SENSITIVE_DATA_Marshal(&out->outData, responseBuffer, &rSize); break; } #endif // CC_Unseal #if CC_ObjectChangeAuth case TPM_CC_ObjectChangeAuth: { ObjectChangeAuth_In *in = (ObjectChangeAuth_In *) MemoryGetInBuffer(sizeof(ObjectChangeAuth_In)); ObjectChangeAuth_Out *out = (ObjectChangeAuth_Out *) MemoryGetOutBuffer(sizeof(ObjectChangeAuth_Out)); in->objectHandle = handles[0]; in->parentHandle = handles[1]; result = TPM2B_AUTH_Unmarshal(&in->newAuth, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_ObjectChangeAuth_newAuth); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_ObjectChangeAuth (in, out); rSize = sizeof(ObjectChangeAuth_Out); *respParmSize += TPM2B_PRIVATE_Marshal(&out->outPrivate, responseBuffer, &rSize); break; } #endif // CC_ObjectChangeAuth #if CC_CreateLoaded case TPM_CC_CreateLoaded: { CreateLoaded_In *in = (CreateLoaded_In *) MemoryGetInBuffer(sizeof(CreateLoaded_In)); CreateLoaded_Out *out = (CreateLoaded_Out *) MemoryGetOutBuffer(sizeof(CreateLoaded_Out)); in->parentHandle = handles[0]; result = TPM2B_SENSITIVE_CREATE_Unmarshal(&in->inSensitive, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_CreateLoaded_inSensitive); result = TPM2B_TEMPLATE_Unmarshal(&in->inPublic, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_CreateLoaded_inPublic); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_CreateLoaded (in, out); rSize = sizeof(CreateLoaded_Out); if(TPM_RC_SUCCESS != result) goto Exit; ; command->handles[command->handleNum++] = out->objectHandle; *respParmSize += TPM2B_PRIVATE_Marshal(&out->outPrivate, responseBuffer, &rSize); *respParmSize += TPM2B_PUBLIC_Marshal(&out->outPublic, responseBuffer, &rSize); *respParmSize += TPM2B_NAME_Marshal(&out->name, responseBuffer, &rSize); break; } #endif // CC_CreateLoaded #if CC_Duplicate case TPM_CC_Duplicate: { Duplicate_In *in = (Duplicate_In *) MemoryGetInBuffer(sizeof(Duplicate_In)); Duplicate_Out *out = (Duplicate_Out *) MemoryGetOutBuffer(sizeof(Duplicate_Out)); in->objectHandle = handles[0]; in->newParentHandle = handles[1]; result = TPM2B_DATA_Unmarshal(&in->encryptionKeyIn, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_Duplicate_encryptionKeyIn); result = TPMT_SYM_DEF_OBJECT_Unmarshal(&in->symmetricAlg, paramBuffer, paramBufferSize, TRUE); ERROR_IF_EXIT_PLUS(RC_Duplicate_symmetricAlg); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_Duplicate (in, out); rSize = sizeof(Duplicate_Out); *respParmSize += TPM2B_DATA_Marshal(&out->encryptionKeyOut, responseBuffer, &rSize); *respParmSize += TPM2B_PRIVATE_Marshal(&out->duplicate, responseBuffer, &rSize); *respParmSize += TPM2B_ENCRYPTED_SECRET_Marshal(&out->outSymSeed, responseBuffer, &rSize); break; } #endif // CC_Duplicate #if CC_Rewrap case TPM_CC_Rewrap: { Rewrap_In *in = (Rewrap_In *) MemoryGetInBuffer(sizeof(Rewrap_In)); Rewrap_Out *out = (Rewrap_Out *) MemoryGetOutBuffer(sizeof(Rewrap_Out)); in->oldParent = handles[0]; in->newParent = handles[1]; result = TPM2B_PRIVATE_Unmarshal(&in->inDuplicate, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_Rewrap_inDuplicate); result = TPM2B_NAME_Unmarshal(&in->name, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_Rewrap_name); result = TPM2B_ENCRYPTED_SECRET_Unmarshal(&in->inSymSeed, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_Rewrap_inSymSeed); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_Rewrap (in, out); rSize = sizeof(Rewrap_Out); *respParmSize += TPM2B_PRIVATE_Marshal(&out->outDuplicate, responseBuffer, &rSize); *respParmSize += TPM2B_ENCRYPTED_SECRET_Marshal(&out->outSymSeed, responseBuffer, &rSize); break; } #endif // CC_Rewrap #if CC_Import case TPM_CC_Import: { Import_In *in = (Import_In *) MemoryGetInBuffer(sizeof(Import_In)); Import_Out *out = (Import_Out *) MemoryGetOutBuffer(sizeof(Import_Out)); in->parentHandle = handles[0]; result = TPM2B_DATA_Unmarshal(&in->encryptionKey, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_Import_encryptionKey); result = TPM2B_PUBLIC_Unmarshal(&in->objectPublic, paramBuffer, paramBufferSize, FALSE); ERROR_IF_EXIT_PLUS(RC_Import_objectPublic); result = TPM2B_PRIVATE_Unmarshal(&in->duplicate, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_Import_duplicate); result = TPM2B_ENCRYPTED_SECRET_Unmarshal(&in->inSymSeed, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_Import_inSymSeed); result = TPMT_SYM_DEF_OBJECT_Unmarshal(&in->symmetricAlg, paramBuffer, paramBufferSize, TRUE); ERROR_IF_EXIT_PLUS(RC_Import_symmetricAlg); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_Import (in, out); rSize = sizeof(Import_Out); *respParmSize += TPM2B_PRIVATE_Marshal(&out->outPrivate, responseBuffer, &rSize); break; } #endif // CC_Import #if CC_RSA_Encrypt case TPM_CC_RSA_Encrypt: { RSA_Encrypt_In *in = (RSA_Encrypt_In *) MemoryGetInBuffer(sizeof(RSA_Encrypt_In)); RSA_Encrypt_Out *out = (RSA_Encrypt_Out *) MemoryGetOutBuffer(sizeof(RSA_Encrypt_Out)); in->keyHandle = handles[0]; result = TPM2B_PUBLIC_KEY_RSA_Unmarshal(&in->message, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_RSA_Encrypt_message); result = TPMT_RSA_DECRYPT_Unmarshal(&in->inScheme, paramBuffer, paramBufferSize, TRUE); ERROR_IF_EXIT_PLUS(RC_RSA_Encrypt_inScheme); result = TPM2B_DATA_Unmarshal(&in->label, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_RSA_Encrypt_label); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_RSA_Encrypt (in, out); rSize = sizeof(RSA_Encrypt_Out); *respParmSize += TPM2B_PUBLIC_KEY_RSA_Marshal(&out->outData, responseBuffer, &rSize); break; } #endif // CC_RSA_Encrypt #if CC_RSA_Decrypt case TPM_CC_RSA_Decrypt: { RSA_Decrypt_In *in = (RSA_Decrypt_In *) MemoryGetInBuffer(sizeof(RSA_Decrypt_In)); RSA_Decrypt_Out *out = (RSA_Decrypt_Out *) MemoryGetOutBuffer(sizeof(RSA_Decrypt_Out)); in->keyHandle = handles[0]; result = TPM2B_PUBLIC_KEY_RSA_Unmarshal(&in->cipherText, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_RSA_Decrypt_cipherText); result = TPMT_RSA_DECRYPT_Unmarshal(&in->inScheme, paramBuffer, paramBufferSize, TRUE); ERROR_IF_EXIT_PLUS(RC_RSA_Decrypt_inScheme); result = TPM2B_DATA_Unmarshal(&in->label, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_RSA_Decrypt_label); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_RSA_Decrypt (in, out); rSize = sizeof(RSA_Decrypt_Out); *respParmSize += TPM2B_PUBLIC_KEY_RSA_Marshal(&out->message, responseBuffer, &rSize); break; } #endif // CC_RSA_Decrypt #if CC_ECDH_KeyGen case TPM_CC_ECDH_KeyGen: { ECDH_KeyGen_In *in = (ECDH_KeyGen_In *) MemoryGetInBuffer(sizeof(ECDH_KeyGen_In)); ECDH_KeyGen_Out *out = (ECDH_KeyGen_Out *) MemoryGetOutBuffer(sizeof(ECDH_KeyGen_Out)); in->keyHandle = handles[0]; if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_ECDH_KeyGen (in, out); rSize = sizeof(ECDH_KeyGen_Out); *respParmSize += TPM2B_ECC_POINT_Marshal(&out->zPoint, responseBuffer, &rSize); *respParmSize += TPM2B_ECC_POINT_Marshal(&out->pubPoint, responseBuffer, &rSize); break; } #endif // CC_ECDH_KeyGen #if CC_ECDH_ZGen case TPM_CC_ECDH_ZGen: { ECDH_ZGen_In *in = (ECDH_ZGen_In *) MemoryGetInBuffer(sizeof(ECDH_ZGen_In)); ECDH_ZGen_Out *out = (ECDH_ZGen_Out *) MemoryGetOutBuffer(sizeof(ECDH_ZGen_Out)); in->keyHandle = handles[0]; result = TPM2B_ECC_POINT_Unmarshal(&in->inPoint, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_ECDH_ZGen_inPoint); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_ECDH_ZGen (in, out); rSize = sizeof(ECDH_ZGen_Out); *respParmSize += TPM2B_ECC_POINT_Marshal(&out->outPoint, responseBuffer, &rSize); break; } #endif // CC_ECDH_ZGen #if CC_ECC_Parameters case TPM_CC_ECC_Parameters: { ECC_Parameters_In *in = (ECC_Parameters_In *) MemoryGetInBuffer(sizeof(ECC_Parameters_In)); ECC_Parameters_Out *out = (ECC_Parameters_Out *) MemoryGetOutBuffer(sizeof(ECC_Parameters_Out)); result = TPMI_ECC_CURVE_Unmarshal(&in->curveID, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_ECC_Parameters_curveID); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_ECC_Parameters (in, out); rSize = sizeof(ECC_Parameters_Out); *respParmSize += TPMS_ALGORITHM_DETAIL_ECC_Marshal(&out->parameters, responseBuffer, &rSize); break; } #endif // CC_ECC_Parameters #if CC_ZGen_2Phase case TPM_CC_ZGen_2Phase: { ZGen_2Phase_In *in = (ZGen_2Phase_In *) MemoryGetInBuffer(sizeof(ZGen_2Phase_In)); ZGen_2Phase_Out *out = (ZGen_2Phase_Out *) MemoryGetOutBuffer(sizeof(ZGen_2Phase_Out)); in->keyA = handles[0]; result = TPM2B_ECC_POINT_Unmarshal(&in->inQsB, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_ZGen_2Phase_inQsB); result = TPM2B_ECC_POINT_Unmarshal(&in->inQeB, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_ZGen_2Phase_inQeB); result = TPMI_ECC_KEY_EXCHANGE_Unmarshal(&in->inScheme, paramBuffer, paramBufferSize, FALSE); ERROR_IF_EXIT_PLUS(RC_ZGen_2Phase_inScheme); result = UINT16_Unmarshal(&in->counter, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_ZGen_2Phase_counter); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_ZGen_2Phase (in, out); rSize = sizeof(ZGen_2Phase_Out); *respParmSize += TPM2B_ECC_POINT_Marshal(&out->outZ1, responseBuffer, &rSize); *respParmSize += TPM2B_ECC_POINT_Marshal(&out->outZ2, responseBuffer, &rSize); break; } #endif // CC_ZGen_2Phase #if CC_EncryptDecrypt case TPM_CC_EncryptDecrypt: { EncryptDecrypt_In *in = (EncryptDecrypt_In *) MemoryGetInBuffer(sizeof(EncryptDecrypt_In)); EncryptDecrypt_Out *out = (EncryptDecrypt_Out *) MemoryGetOutBuffer(sizeof(EncryptDecrypt_Out)); in->keyHandle = handles[0]; result = TPMI_YES_NO_Unmarshal(&in->decrypt, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_EncryptDecrypt_decrypt); result = TPMI_ALG_CIPHER_MODE_Unmarshal(&in->mode, paramBuffer, paramBufferSize, TRUE); ERROR_IF_EXIT_PLUS(RC_EncryptDecrypt_mode); result = TPM2B_IV_Unmarshal(&in->ivIn, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_EncryptDecrypt_ivIn); result = TPM2B_MAX_BUFFER_Unmarshal(&in->inData, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_EncryptDecrypt_inData); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_EncryptDecrypt (in, out); rSize = sizeof(EncryptDecrypt_Out); *respParmSize += TPM2B_MAX_BUFFER_Marshal(&out->outData, responseBuffer, &rSize); *respParmSize += TPM2B_IV_Marshal(&out->ivOut, responseBuffer, &rSize); break; } #endif // CC_EncryptDecrypt #if CC_EncryptDecrypt2 case TPM_CC_EncryptDecrypt2: { EncryptDecrypt2_In *in = (EncryptDecrypt2_In *) MemoryGetInBuffer(sizeof(EncryptDecrypt2_In)); EncryptDecrypt2_Out *out = (EncryptDecrypt2_Out *) MemoryGetOutBuffer(sizeof(EncryptDecrypt2_Out)); in->keyHandle = handles[0]; result = TPM2B_MAX_BUFFER_Unmarshal(&in->inData, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_EncryptDecrypt2_inData); result = TPMI_YES_NO_Unmarshal(&in->decrypt, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_EncryptDecrypt2_decrypt); result = TPMI_ALG_CIPHER_MODE_Unmarshal(&in->mode, paramBuffer, paramBufferSize, TRUE); ERROR_IF_EXIT_PLUS(RC_EncryptDecrypt2_mode); result = TPM2B_IV_Unmarshal(&in->ivIn, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_EncryptDecrypt2_ivIn); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_EncryptDecrypt2 (in, out); rSize = sizeof(EncryptDecrypt2_Out); *respParmSize += TPM2B_MAX_BUFFER_Marshal(&out->outData, responseBuffer, &rSize); *respParmSize += TPM2B_IV_Marshal(&out->ivOut, responseBuffer, &rSize); break; } #endif // CC_EncryptDecrypt2 #if CC_Hash case TPM_CC_Hash: { Hash_In *in = (Hash_In *) MemoryGetInBuffer(sizeof(Hash_In)); Hash_Out *out = (Hash_Out *) MemoryGetOutBuffer(sizeof(Hash_Out)); result = TPM2B_MAX_BUFFER_Unmarshal(&in->data, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_Hash_data); result = TPMI_ALG_HASH_Unmarshal(&in->hashAlg, paramBuffer, paramBufferSize, FALSE); ERROR_IF_EXIT_PLUS(RC_Hash_hashAlg); result = TPMI_RH_HIERARCHY_Unmarshal(&in->hierarchy, paramBuffer, paramBufferSize, TRUE); ERROR_IF_EXIT_PLUS(RC_Hash_hierarchy); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_Hash (in, out); rSize = sizeof(Hash_Out); *respParmSize += TPM2B_DIGEST_Marshal(&out->outHash, responseBuffer, &rSize); *respParmSize += TPMT_TK_HASHCHECK_Marshal(&out->validation, responseBuffer, &rSize); break; } #endif // CC_Hash #if CC_HMAC case TPM_CC_HMAC: { HMAC_In *in = (HMAC_In *) MemoryGetInBuffer(sizeof(HMAC_In)); HMAC_Out *out = (HMAC_Out *) MemoryGetOutBuffer(sizeof(HMAC_Out)); in->handle = handles[0]; result = TPM2B_MAX_BUFFER_Unmarshal(&in->buffer, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_HMAC_buffer); result = TPMI_ALG_HASH_Unmarshal(&in->hashAlg, paramBuffer, paramBufferSize, TRUE); ERROR_IF_EXIT_PLUS(RC_HMAC_hashAlg); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_HMAC (in, out); rSize = sizeof(HMAC_Out); *respParmSize += TPM2B_DIGEST_Marshal(&out->outHMAC, responseBuffer, &rSize); break; } #endif // CC_HMAC #if CC_MAC case TPM_CC_MAC: { MAC_In *in = (MAC_In *) MemoryGetInBuffer(sizeof(MAC_In)); MAC_Out *out = (MAC_Out *) MemoryGetOutBuffer(sizeof(MAC_Out)); in->handle = handles[0]; result = TPM2B_MAX_BUFFER_Unmarshal(&in->buffer, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_MAC_buffer); result = TPMI_ALG_MAC_SCHEME_Unmarshal(&in->inScheme, paramBuffer, paramBufferSize, TRUE); ERROR_IF_EXIT_PLUS(RC_MAC_inScheme); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_MAC (in, out); rSize = sizeof(MAC_Out); *respParmSize += TPM2B_DIGEST_Marshal(&out->outMAC, responseBuffer, &rSize); break; } #endif // CC_MAC #if CC_GetRandom case TPM_CC_GetRandom: { GetRandom_In *in = (GetRandom_In *) MemoryGetInBuffer(sizeof(GetRandom_In)); GetRandom_Out *out = (GetRandom_Out *) MemoryGetOutBuffer(sizeof(GetRandom_Out)); result = UINT16_Unmarshal(&in->bytesRequested, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_GetRandom_bytesRequested); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_GetRandom (in, out); rSize = sizeof(GetRandom_Out); *respParmSize += TPM2B_DIGEST_Marshal(&out->randomBytes, responseBuffer, &rSize); break; } #endif // CC_GetRandom #if CC_StirRandom case TPM_CC_StirRandom: { StirRandom_In *in = (StirRandom_In *) MemoryGetInBuffer(sizeof(StirRandom_In)); result = TPM2B_SENSITIVE_DATA_Unmarshal(&in->inData, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_StirRandom_inData); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_StirRandom (in); break; } #endif // CC_StirRandom #if CC_HMAC_Start case TPM_CC_HMAC_Start: { HMAC_Start_In *in = (HMAC_Start_In *) MemoryGetInBuffer(sizeof(HMAC_Start_In)); HMAC_Start_Out *out = (HMAC_Start_Out *) MemoryGetOutBuffer(sizeof(HMAC_Start_Out)); in->handle = handles[0]; result = TPM2B_AUTH_Unmarshal(&in->auth, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_HMAC_Start_auth); result = TPMI_ALG_HASH_Unmarshal(&in->hashAlg, paramBuffer, paramBufferSize, TRUE); ERROR_IF_EXIT_PLUS(RC_HMAC_Start_hashAlg); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_HMAC_Start (in, out); rSize = sizeof(HMAC_Start_Out); if(TPM_RC_SUCCESS != result) goto Exit; ; command->handles[command->handleNum++] = out->sequenceHandle; break; } #endif // CC_HMAC_Start #if CC_MAC_Start case TPM_CC_MAC_Start: { MAC_Start_In *in = (MAC_Start_In *) MemoryGetInBuffer(sizeof(MAC_Start_In)); MAC_Start_Out *out = (MAC_Start_Out *) MemoryGetOutBuffer(sizeof(MAC_Start_Out)); in->handle = handles[0]; result = TPM2B_AUTH_Unmarshal(&in->auth, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_MAC_Start_auth); result = TPMI_ALG_MAC_SCHEME_Unmarshal(&in->inScheme, paramBuffer, paramBufferSize, TRUE); ERROR_IF_EXIT_PLUS(RC_MAC_Start_inScheme); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_MAC_Start (in, out); rSize = sizeof(MAC_Start_Out); if(TPM_RC_SUCCESS != result) goto Exit; ; command->handles[command->handleNum++] = out->sequenceHandle; break; } #endif // CC_MAC_Start #if CC_HashSequenceStart case TPM_CC_HashSequenceStart: { HashSequenceStart_In *in = (HashSequenceStart_In *) MemoryGetInBuffer(sizeof(HashSequenceStart_In)); HashSequenceStart_Out *out = (HashSequenceStart_Out *) MemoryGetOutBuffer(sizeof(HashSequenceStart_Out)); result = TPM2B_AUTH_Unmarshal(&in->auth, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_HashSequenceStart_auth); result = TPMI_ALG_HASH_Unmarshal(&in->hashAlg, paramBuffer, paramBufferSize, TRUE); ERROR_IF_EXIT_PLUS(RC_HashSequenceStart_hashAlg); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_HashSequenceStart (in, out); rSize = sizeof(HashSequenceStart_Out); if(TPM_RC_SUCCESS != result) goto Exit; ; command->handles[command->handleNum++] = out->sequenceHandle; break; } #endif // CC_HashSequenceStart #if CC_SequenceUpdate case TPM_CC_SequenceUpdate: { SequenceUpdate_In *in = (SequenceUpdate_In *) MemoryGetInBuffer(sizeof(SequenceUpdate_In)); in->sequenceHandle = handles[0]; result = TPM2B_MAX_BUFFER_Unmarshal(&in->buffer, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_SequenceUpdate_buffer); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_SequenceUpdate (in); break; } #endif // CC_SequenceUpdate #if CC_SequenceComplete case TPM_CC_SequenceComplete: { SequenceComplete_In *in = (SequenceComplete_In *) MemoryGetInBuffer(sizeof(SequenceComplete_In)); SequenceComplete_Out *out = (SequenceComplete_Out *) MemoryGetOutBuffer(sizeof(SequenceComplete_Out)); in->sequenceHandle = handles[0]; result = TPM2B_MAX_BUFFER_Unmarshal(&in->buffer, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_SequenceComplete_buffer); result = TPMI_RH_HIERARCHY_Unmarshal(&in->hierarchy, paramBuffer, paramBufferSize, TRUE); ERROR_IF_EXIT_PLUS(RC_SequenceComplete_hierarchy); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_SequenceComplete (in, out); rSize = sizeof(SequenceComplete_Out); *respParmSize += TPM2B_DIGEST_Marshal(&out->result, responseBuffer, &rSize); *respParmSize += TPMT_TK_HASHCHECK_Marshal(&out->validation, responseBuffer, &rSize); break; } #endif // CC_SequenceComplete #if CC_EventSequenceComplete case TPM_CC_EventSequenceComplete: { EventSequenceComplete_In *in = (EventSequenceComplete_In *) MemoryGetInBuffer(sizeof(EventSequenceComplete_In)); EventSequenceComplete_Out *out = (EventSequenceComplete_Out *) MemoryGetOutBuffer(sizeof(EventSequenceComplete_Out)); in->pcrHandle = handles[0]; in->sequenceHandle = handles[1]; result = TPM2B_MAX_BUFFER_Unmarshal(&in->buffer, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_EventSequenceComplete_buffer); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_EventSequenceComplete (in, out); rSize = sizeof(EventSequenceComplete_Out); *respParmSize += TPML_DIGEST_VALUES_Marshal(&out->results, responseBuffer, &rSize); break; } #endif // CC_EventSequenceComplete #if CC_Certify case TPM_CC_Certify: { Certify_In *in = (Certify_In *) MemoryGetInBuffer(sizeof(Certify_In)); Certify_Out *out = (Certify_Out *) MemoryGetOutBuffer(sizeof(Certify_Out)); in->objectHandle = handles[0]; in->signHandle = handles[1]; result = TPM2B_DATA_Unmarshal(&in->qualifyingData, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_Certify_qualifyingData); result = TPMT_SIG_SCHEME_Unmarshal(&in->inScheme, paramBuffer, paramBufferSize, TRUE); ERROR_IF_EXIT_PLUS(RC_Certify_inScheme); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_Certify (in, out); rSize = sizeof(Certify_Out); *respParmSize += TPM2B_ATTEST_Marshal(&out->certifyInfo, responseBuffer, &rSize); *respParmSize += TPMT_SIGNATURE_Marshal(&out->signature, responseBuffer, &rSize); break; } #endif // CC_Certify #if CC_CertifyCreation case TPM_CC_CertifyCreation: { CertifyCreation_In *in = (CertifyCreation_In *) MemoryGetInBuffer(sizeof(CertifyCreation_In)); CertifyCreation_Out *out = (CertifyCreation_Out *) MemoryGetOutBuffer(sizeof(CertifyCreation_Out)); in->signHandle = handles[0]; in->objectHandle = handles[1]; result = TPM2B_DATA_Unmarshal(&in->qualifyingData, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_CertifyCreation_qualifyingData); result = TPM2B_DIGEST_Unmarshal(&in->creationHash, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_CertifyCreation_creationHash); result = TPMT_SIG_SCHEME_Unmarshal(&in->inScheme, paramBuffer, paramBufferSize, TRUE); ERROR_IF_EXIT_PLUS(RC_CertifyCreation_inScheme); result = TPMT_TK_CREATION_Unmarshal(&in->creationTicket, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_CertifyCreation_creationTicket); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_CertifyCreation (in, out); rSize = sizeof(CertifyCreation_Out); *respParmSize += TPM2B_ATTEST_Marshal(&out->certifyInfo, responseBuffer, &rSize); *respParmSize += TPMT_SIGNATURE_Marshal(&out->signature, responseBuffer, &rSize); break; } #endif // CC_CertifyCreation #if CC_Quote case TPM_CC_Quote: { Quote_In *in = (Quote_In *) MemoryGetInBuffer(sizeof(Quote_In)); Quote_Out *out = (Quote_Out *) MemoryGetOutBuffer(sizeof(Quote_Out)); in->signHandle = handles[0]; result = TPM2B_DATA_Unmarshal(&in->qualifyingData, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_Quote_qualifyingData); result = TPMT_SIG_SCHEME_Unmarshal(&in->inScheme, paramBuffer, paramBufferSize, TRUE); ERROR_IF_EXIT_PLUS(RC_Quote_inScheme); result = TPML_PCR_SELECTION_Unmarshal(&in->PCRselect, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_Quote_PCRselect); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_Quote (in, out); rSize = sizeof(Quote_Out); *respParmSize += TPM2B_ATTEST_Marshal(&out->quoted, responseBuffer, &rSize); *respParmSize += TPMT_SIGNATURE_Marshal(&out->signature, responseBuffer, &rSize); break; } #endif // CC_Quote #if CC_GetSessionAuditDigest case TPM_CC_GetSessionAuditDigest: { GetSessionAuditDigest_In *in = (GetSessionAuditDigest_In *) MemoryGetInBuffer(sizeof(GetSessionAuditDigest_In)); GetSessionAuditDigest_Out *out = (GetSessionAuditDigest_Out *) MemoryGetOutBuffer(sizeof(GetSessionAuditDigest_Out)); in->privacyAdminHandle = handles[0]; in->signHandle = handles[1]; in->sessionHandle = handles[2]; result = TPM2B_DATA_Unmarshal(&in->qualifyingData, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_GetSessionAuditDigest_qualifyingData); result = TPMT_SIG_SCHEME_Unmarshal(&in->inScheme, paramBuffer, paramBufferSize, TRUE); ERROR_IF_EXIT_PLUS(RC_GetSessionAuditDigest_inScheme); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_GetSessionAuditDigest (in, out); rSize = sizeof(GetSessionAuditDigest_Out); *respParmSize += TPM2B_ATTEST_Marshal(&out->auditInfo, responseBuffer, &rSize); *respParmSize += TPMT_SIGNATURE_Marshal(&out->signature, responseBuffer, &rSize); break; } #endif // CC_GetSessionAuditDigest #if CC_GetCommandAuditDigest case TPM_CC_GetCommandAuditDigest: { GetCommandAuditDigest_In *in = (GetCommandAuditDigest_In *) MemoryGetInBuffer(sizeof(GetCommandAuditDigest_In)); GetCommandAuditDigest_Out *out = (GetCommandAuditDigest_Out *) MemoryGetOutBuffer(sizeof(GetCommandAuditDigest_Out)); in->privacyHandle = handles[0]; in->signHandle = handles[1]; result = TPM2B_DATA_Unmarshal(&in->qualifyingData, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_GetCommandAuditDigest_qualifyingData); result = TPMT_SIG_SCHEME_Unmarshal(&in->inScheme, paramBuffer, paramBufferSize, TRUE); ERROR_IF_EXIT_PLUS(RC_GetCommandAuditDigest_inScheme); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_GetCommandAuditDigest (in, out); rSize = sizeof(GetCommandAuditDigest_Out); *respParmSize += TPM2B_ATTEST_Marshal(&out->auditInfo, responseBuffer, &rSize); *respParmSize += TPMT_SIGNATURE_Marshal(&out->signature, responseBuffer, &rSize); break; } #endif // CC_GetCommandAuditDigest #if CC_GetTime case TPM_CC_GetTime: { GetTime_In *in = (GetTime_In *) MemoryGetInBuffer(sizeof(GetTime_In)); GetTime_Out *out = (GetTime_Out *) MemoryGetOutBuffer(sizeof(GetTime_Out)); in->privacyAdminHandle = handles[0]; in->signHandle = handles[1]; result = TPM2B_DATA_Unmarshal(&in->qualifyingData, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_GetTime_qualifyingData); result = TPMT_SIG_SCHEME_Unmarshal(&in->inScheme, paramBuffer, paramBufferSize, TRUE); ERROR_IF_EXIT_PLUS(RC_GetTime_inScheme); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_GetTime (in, out); rSize = sizeof(GetTime_Out); *respParmSize += TPM2B_ATTEST_Marshal(&out->timeInfo, responseBuffer, &rSize); *respParmSize += TPMT_SIGNATURE_Marshal(&out->signature, responseBuffer, &rSize); break; } #endif // CC_GetTime #if CC_CertifyX509 case TPM_CC_CertifyX509: { CertifyX509_In *in = (CertifyX509_In *) MemoryGetInBuffer(sizeof(CertifyX509_In)); CertifyX509_Out *out = (CertifyX509_Out *) MemoryGetOutBuffer(sizeof(CertifyX509_Out)); in->objectHandle = handles[0]; in->signHandle = handles[1]; result = TPM2B_DATA_Unmarshal(&in->qualifyingData, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_CertifyX509_qualifyingData); result = TPMT_SIG_SCHEME_Unmarshal(&in->inScheme, paramBuffer, paramBufferSize, TRUE); ERROR_IF_EXIT_PLUS(RC_CertifyX509_inScheme); result = TPM2B_MAX_BUFFER_Unmarshal(&in->partialCertificate, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_CertifyX509_partialCertificate); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_CertifyX509 (in, out); rSize = sizeof(CertifyX509_Out); *respParmSize += TPM2B_MAX_BUFFER_Marshal(&out->addedToCertificate, responseBuffer, &rSize); *respParmSize += TPM2B_DIGEST_Marshal(&out->tbsDigest, responseBuffer, &rSize); *respParmSize += TPMT_SIGNATURE_Marshal(&out->signature, responseBuffer, &rSize); break; } #endif // CC_CertifyX509 #if CC_Commit case TPM_CC_Commit: { Commit_In *in = (Commit_In *) MemoryGetInBuffer(sizeof(Commit_In)); Commit_Out *out = (Commit_Out *) MemoryGetOutBuffer(sizeof(Commit_Out)); in->signHandle = handles[0]; result = TPM2B_ECC_POINT_Unmarshal(&in->P1, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_Commit_P1); result = TPM2B_SENSITIVE_DATA_Unmarshal(&in->s2, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_Commit_s2); result = TPM2B_ECC_PARAMETER_Unmarshal(&in->y2, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_Commit_y2); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_Commit (in, out); rSize = sizeof(Commit_Out); *respParmSize += TPM2B_ECC_POINT_Marshal(&out->K, responseBuffer, &rSize); *respParmSize += TPM2B_ECC_POINT_Marshal(&out->L, responseBuffer, &rSize); *respParmSize += TPM2B_ECC_POINT_Marshal(&out->E, responseBuffer, &rSize); *respParmSize += UINT16_Marshal(&out->counter, responseBuffer, &rSize); break; } #endif // CC_Commit #if CC_EC_Ephemeral case TPM_CC_EC_Ephemeral: { EC_Ephemeral_In *in = (EC_Ephemeral_In *) MemoryGetInBuffer(sizeof(EC_Ephemeral_In)); EC_Ephemeral_Out *out = (EC_Ephemeral_Out *) MemoryGetOutBuffer(sizeof(EC_Ephemeral_Out)); result = TPMI_ECC_CURVE_Unmarshal(&in->curveID, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_EC_Ephemeral_curveID); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_EC_Ephemeral (in, out); rSize = sizeof(EC_Ephemeral_Out); *respParmSize += TPM2B_ECC_POINT_Marshal(&out->Q, responseBuffer, &rSize); *respParmSize += UINT16_Marshal(&out->counter, responseBuffer, &rSize); break; } #endif // CC_EC_Ephemeral #if CC_VerifySignature case TPM_CC_VerifySignature: { VerifySignature_In *in = (VerifySignature_In *) MemoryGetInBuffer(sizeof(VerifySignature_In)); VerifySignature_Out *out = (VerifySignature_Out *) MemoryGetOutBuffer(sizeof(VerifySignature_Out)); in->keyHandle = handles[0]; result = TPM2B_DIGEST_Unmarshal(&in->digest, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_VerifySignature_digest); result = TPMT_SIGNATURE_Unmarshal(&in->signature, paramBuffer, paramBufferSize, FALSE); ERROR_IF_EXIT_PLUS(RC_VerifySignature_signature); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_VerifySignature (in, out); rSize = sizeof(VerifySignature_Out); *respParmSize += TPMT_TK_VERIFIED_Marshal(&out->validation, responseBuffer, &rSize); break; } #endif // CC_VerifySignature #if CC_Sign case TPM_CC_Sign: { Sign_In *in = (Sign_In *) MemoryGetInBuffer(sizeof(Sign_In)); Sign_Out *out = (Sign_Out *) MemoryGetOutBuffer(sizeof(Sign_Out)); in->keyHandle = handles[0]; result = TPM2B_DIGEST_Unmarshal(&in->digest, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_Sign_digest); result = TPMT_SIG_SCHEME_Unmarshal(&in->inScheme, paramBuffer, paramBufferSize, TRUE); ERROR_IF_EXIT_PLUS(RC_Sign_inScheme); result = TPMT_TK_HASHCHECK_Unmarshal(&in->validation, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_Sign_validation); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_Sign (in, out); rSize = sizeof(Sign_Out); *respParmSize += TPMT_SIGNATURE_Marshal(&out->signature, responseBuffer, &rSize); break; } #endif // CC_Sign #if CC_SetCommandCodeAuditStatus case TPM_CC_SetCommandCodeAuditStatus: { SetCommandCodeAuditStatus_In *in = (SetCommandCodeAuditStatus_In *) MemoryGetInBuffer(sizeof(SetCommandCodeAuditStatus_In)); in->auth = handles[0]; result = TPMI_ALG_HASH_Unmarshal(&in->auditAlg, paramBuffer, paramBufferSize, TRUE); ERROR_IF_EXIT_PLUS(RC_SetCommandCodeAuditStatus_auditAlg); result = TPML_CC_Unmarshal(&in->setList, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_SetCommandCodeAuditStatus_setList); result = TPML_CC_Unmarshal(&in->clearList, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_SetCommandCodeAuditStatus_clearList); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_SetCommandCodeAuditStatus (in); break; } #endif // CC_SetCommandCodeAuditStatus #if CC_PCR_Extend case TPM_CC_PCR_Extend: { PCR_Extend_In *in = (PCR_Extend_In *) MemoryGetInBuffer(sizeof(PCR_Extend_In)); in->pcrHandle = handles[0]; result = TPML_DIGEST_VALUES_Unmarshal(&in->digests, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_PCR_Extend_digests); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_PCR_Extend (in); break; } #endif // CC_PCR_Extend #if CC_PCR_Event case TPM_CC_PCR_Event: { PCR_Event_In *in = (PCR_Event_In *) MemoryGetInBuffer(sizeof(PCR_Event_In)); PCR_Event_Out *out = (PCR_Event_Out *) MemoryGetOutBuffer(sizeof(PCR_Event_Out)); in->pcrHandle = handles[0]; result = TPM2B_EVENT_Unmarshal(&in->eventData, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_PCR_Event_eventData); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_PCR_Event (in, out); rSize = sizeof(PCR_Event_Out); *respParmSize += TPML_DIGEST_VALUES_Marshal(&out->digests, responseBuffer, &rSize); break; } #endif // CC_PCR_Event #if CC_PCR_Read case TPM_CC_PCR_Read: { PCR_Read_In *in = (PCR_Read_In *) MemoryGetInBuffer(sizeof(PCR_Read_In)); PCR_Read_Out *out = (PCR_Read_Out *) MemoryGetOutBuffer(sizeof(PCR_Read_Out)); result = TPML_PCR_SELECTION_Unmarshal(&in->pcrSelectionIn, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_PCR_Read_pcrSelectionIn); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_PCR_Read (in, out); rSize = sizeof(PCR_Read_Out); *respParmSize += UINT32_Marshal(&out->pcrUpdateCounter, responseBuffer, &rSize); *respParmSize += TPML_PCR_SELECTION_Marshal(&out->pcrSelectionOut, responseBuffer, &rSize); *respParmSize += TPML_DIGEST_Marshal(&out->pcrValues, responseBuffer, &rSize); break; } #endif // CC_PCR_Read #if CC_PCR_Allocate case TPM_CC_PCR_Allocate: { PCR_Allocate_In *in = (PCR_Allocate_In *) MemoryGetInBuffer(sizeof(PCR_Allocate_In)); PCR_Allocate_Out *out = (PCR_Allocate_Out *) MemoryGetOutBuffer(sizeof(PCR_Allocate_Out)); in->authHandle = handles[0]; result = TPML_PCR_SELECTION_Unmarshal(&in->pcrAllocation, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_PCR_Allocate_pcrAllocation); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_PCR_Allocate (in, out); rSize = sizeof(PCR_Allocate_Out); *respParmSize += TPMI_YES_NO_Marshal(&out->allocationSuccess, responseBuffer, &rSize); *respParmSize += UINT32_Marshal(&out->maxPCR, responseBuffer, &rSize); *respParmSize += UINT32_Marshal(&out->sizeNeeded, responseBuffer, &rSize); *respParmSize += UINT32_Marshal(&out->sizeAvailable, responseBuffer, &rSize); break; } #endif // CC_PCR_Allocate #if CC_PCR_SetAuthPolicy case TPM_CC_PCR_SetAuthPolicy: { PCR_SetAuthPolicy_In *in = (PCR_SetAuthPolicy_In *) MemoryGetInBuffer(sizeof(PCR_SetAuthPolicy_In)); in->authHandle = handles[0]; result = TPM2B_DIGEST_Unmarshal(&in->authPolicy, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_PCR_SetAuthPolicy_authPolicy); result = TPMI_ALG_HASH_Unmarshal(&in->hashAlg, paramBuffer, paramBufferSize, TRUE); ERROR_IF_EXIT_PLUS(RC_PCR_SetAuthPolicy_hashAlg); result = TPMI_DH_PCR_Unmarshal(&in->pcrNum, paramBuffer, paramBufferSize, FALSE); ERROR_IF_EXIT_PLUS(RC_PCR_SetAuthPolicy_pcrNum); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_PCR_SetAuthPolicy (in); break; } #endif // CC_PCR_SetAuthPolicy #if CC_PCR_SetAuthValue case TPM_CC_PCR_SetAuthValue: { PCR_SetAuthValue_In *in = (PCR_SetAuthValue_In *) MemoryGetInBuffer(sizeof(PCR_SetAuthValue_In)); in->pcrHandle = handles[0]; result = TPM2B_DIGEST_Unmarshal(&in->auth, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_PCR_SetAuthValue_auth); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_PCR_SetAuthValue (in); break; } #endif // CC_PCR_SetAuthValue #if CC_PCR_Reset case TPM_CC_PCR_Reset: { PCR_Reset_In *in = (PCR_Reset_In *) MemoryGetInBuffer(sizeof(PCR_Reset_In)); in->pcrHandle = handles[0]; if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_PCR_Reset (in); break; } #endif // CC_PCR_Reset #if CC_PolicySigned case TPM_CC_PolicySigned: { PolicySigned_In *in = (PolicySigned_In *) MemoryGetInBuffer(sizeof(PolicySigned_In)); PolicySigned_Out *out = (PolicySigned_Out *) MemoryGetOutBuffer(sizeof(PolicySigned_Out)); in->authObject = handles[0]; in->policySession = handles[1]; result = TPM2B_NONCE_Unmarshal(&in->nonceTPM, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_PolicySigned_nonceTPM); result = TPM2B_DIGEST_Unmarshal(&in->cpHashA, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_PolicySigned_cpHashA); result = TPM2B_NONCE_Unmarshal(&in->policyRef, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_PolicySigned_policyRef); result = INT32_Unmarshal(&in->expiration, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_PolicySigned_expiration); result = TPMT_SIGNATURE_Unmarshal(&in->auth, paramBuffer, paramBufferSize, FALSE); ERROR_IF_EXIT_PLUS(RC_PolicySigned_auth); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_PolicySigned (in, out); rSize = sizeof(PolicySigned_Out); *respParmSize += TPM2B_TIMEOUT_Marshal(&out->timeout, responseBuffer, &rSize); *respParmSize += TPMT_TK_AUTH_Marshal(&out->policyTicket, responseBuffer, &rSize); break; } #endif // CC_PolicySigned #if CC_PolicySecret case TPM_CC_PolicySecret: { PolicySecret_In *in = (PolicySecret_In *) MemoryGetInBuffer(sizeof(PolicySecret_In)); PolicySecret_Out *out = (PolicySecret_Out *) MemoryGetOutBuffer(sizeof(PolicySecret_Out)); in->authHandle = handles[0]; in->policySession = handles[1]; result = TPM2B_NONCE_Unmarshal(&in->nonceTPM, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_PolicySecret_nonceTPM); result = TPM2B_DIGEST_Unmarshal(&in->cpHashA, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_PolicySecret_cpHashA); result = TPM2B_NONCE_Unmarshal(&in->policyRef, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_PolicySecret_policyRef); result = INT32_Unmarshal(&in->expiration, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_PolicySecret_expiration); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_PolicySecret (in, out); rSize = sizeof(PolicySecret_Out); *respParmSize += TPM2B_TIMEOUT_Marshal(&out->timeout, responseBuffer, &rSize); *respParmSize += TPMT_TK_AUTH_Marshal(&out->policyTicket, responseBuffer, &rSize); break; } #endif // CC_PolicySecret #if CC_PolicyTicket case TPM_CC_PolicyTicket: { PolicyTicket_In *in = (PolicyTicket_In *) MemoryGetInBuffer(sizeof(PolicyTicket_In)); in->policySession = handles[0]; result = TPM2B_TIMEOUT_Unmarshal(&in->timeout, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_PolicyTicket_timeout); result = TPM2B_DIGEST_Unmarshal(&in->cpHashA, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_PolicyTicket_cpHashA); result = TPM2B_NONCE_Unmarshal(&in->policyRef, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_PolicyTicket_policyRef); result = TPM2B_NAME_Unmarshal(&in->authName, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_PolicyTicket_authName); result = TPMT_TK_AUTH_Unmarshal(&in->ticket, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_PolicyTicket_ticket); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_PolicyTicket (in); break; } #endif // CC_PolicyTicket #if CC_PolicyOR case TPM_CC_PolicyOR: { PolicyOR_In *in = (PolicyOR_In *) MemoryGetInBuffer(sizeof(PolicyOR_In)); in->policySession = handles[0]; result = TPML_DIGEST_Unmarshal(&in->pHashList, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_PolicyOR_pHashList); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_PolicyOR (in); break; } #endif // CC_PolicyOR #if CC_PolicyPCR case TPM_CC_PolicyPCR: { PolicyPCR_In *in = (PolicyPCR_In *) MemoryGetInBuffer(sizeof(PolicyPCR_In)); in->policySession = handles[0]; result = TPM2B_DIGEST_Unmarshal(&in->pcrDigest, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_PolicyPCR_pcrDigest); result = TPML_PCR_SELECTION_Unmarshal(&in->pcrs, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_PolicyPCR_pcrs); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_PolicyPCR (in); break; } #endif // CC_PolicyPCR #if CC_PolicyLocality case TPM_CC_PolicyLocality: { PolicyLocality_In *in = (PolicyLocality_In *) MemoryGetInBuffer(sizeof(PolicyLocality_In)); in->policySession = handles[0]; result = TPMA_LOCALITY_Unmarshal(&in->locality, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_PolicyLocality_locality); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_PolicyLocality (in); break; } #endif // CC_PolicyLocality #if CC_PolicyNV case TPM_CC_PolicyNV: { PolicyNV_In *in = (PolicyNV_In *) MemoryGetInBuffer(sizeof(PolicyNV_In)); in->authHandle = handles[0]; in->nvIndex = handles[1]; in->policySession = handles[2]; result = TPM2B_OPERAND_Unmarshal(&in->operandB, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_PolicyNV_operandB); result = UINT16_Unmarshal(&in->offset, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_PolicyNV_offset); result = TPM_EO_Unmarshal(&in->operation, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_PolicyNV_operation); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_PolicyNV (in); break; } #endif // CC_PolicyNV #if CC_PolicyCounterTimer case TPM_CC_PolicyCounterTimer: { PolicyCounterTimer_In *in = (PolicyCounterTimer_In *) MemoryGetInBuffer(sizeof(PolicyCounterTimer_In)); in->policySession = handles[0]; result = TPM2B_OPERAND_Unmarshal(&in->operandB, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_PolicyCounterTimer_operandB); result = UINT16_Unmarshal(&in->offset, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_PolicyCounterTimer_offset); result = TPM_EO_Unmarshal(&in->operation, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_PolicyCounterTimer_operation); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_PolicyCounterTimer (in); break; } #endif // CC_PolicyCounterTimer #if CC_PolicyCommandCode case TPM_CC_PolicyCommandCode: { PolicyCommandCode_In *in = (PolicyCommandCode_In *) MemoryGetInBuffer(sizeof(PolicyCommandCode_In)); in->policySession = handles[0]; result = TPM_CC_Unmarshal(&in->code, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_PolicyCommandCode_code); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_PolicyCommandCode (in); break; } #endif // CC_PolicyCommandCode #if CC_PolicyPhysicalPresence case TPM_CC_PolicyPhysicalPresence: { PolicyPhysicalPresence_In *in = (PolicyPhysicalPresence_In *) MemoryGetInBuffer(sizeof(PolicyPhysicalPresence_In)); in->policySession = handles[0]; if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_PolicyPhysicalPresence (in); break; } #endif // CC_PolicyPhysicalPresence #if CC_PolicyCpHash case TPM_CC_PolicyCpHash: { PolicyCpHash_In *in = (PolicyCpHash_In *) MemoryGetInBuffer(sizeof(PolicyCpHash_In)); in->policySession = handles[0]; result = TPM2B_DIGEST_Unmarshal(&in->cpHashA, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_PolicyCpHash_cpHashA); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_PolicyCpHash (in); break; } #endif // CC_PolicyCpHash #if CC_PolicyNameHash case TPM_CC_PolicyNameHash: { PolicyNameHash_In *in = (PolicyNameHash_In *) MemoryGetInBuffer(sizeof(PolicyNameHash_In)); in->policySession = handles[0]; result = TPM2B_DIGEST_Unmarshal(&in->nameHash, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_PolicyNameHash_nameHash); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_PolicyNameHash (in); break; } #endif // CC_PolicyNameHash #if CC_PolicyDuplicationSelect case TPM_CC_PolicyDuplicationSelect: { PolicyDuplicationSelect_In *in = (PolicyDuplicationSelect_In *) MemoryGetInBuffer(sizeof(PolicyDuplicationSelect_In)); in->policySession = handles[0]; result = TPM2B_NAME_Unmarshal(&in->objectName, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_PolicyDuplicationSelect_objectName); result = TPM2B_NAME_Unmarshal(&in->newParentName, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_PolicyDuplicationSelect_newParentName); result = TPMI_YES_NO_Unmarshal(&in->includeObject, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_PolicyDuplicationSelect_includeObject); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_PolicyDuplicationSelect (in); break; } #endif // CC_PolicyDuplicationSelect #if CC_PolicyAuthorize case TPM_CC_PolicyAuthorize: { PolicyAuthorize_In *in = (PolicyAuthorize_In *) MemoryGetInBuffer(sizeof(PolicyAuthorize_In)); in->policySession = handles[0]; result = TPM2B_DIGEST_Unmarshal(&in->approvedPolicy, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_PolicyAuthorize_approvedPolicy); result = TPM2B_NONCE_Unmarshal(&in->policyRef, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_PolicyAuthorize_policyRef); result = TPM2B_NAME_Unmarshal(&in->keySign, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_PolicyAuthorize_keySign); result = TPMT_TK_VERIFIED_Unmarshal(&in->checkTicket, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_PolicyAuthorize_checkTicket); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_PolicyAuthorize (in); break; } #endif // CC_PolicyAuthorize #if CC_PolicyAuthValue case TPM_CC_PolicyAuthValue: { PolicyAuthValue_In *in = (PolicyAuthValue_In *) MemoryGetInBuffer(sizeof(PolicyAuthValue_In)); in->policySession = handles[0]; if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_PolicyAuthValue (in); break; } #endif // CC_PolicyAuthValue #if CC_PolicyPassword case TPM_CC_PolicyPassword: { PolicyPassword_In *in = (PolicyPassword_In *) MemoryGetInBuffer(sizeof(PolicyPassword_In)); in->policySession = handles[0]; if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_PolicyPassword (in); break; } #endif // CC_PolicyPassword #if CC_PolicyGetDigest case TPM_CC_PolicyGetDigest: { PolicyGetDigest_In *in = (PolicyGetDigest_In *) MemoryGetInBuffer(sizeof(PolicyGetDigest_In)); PolicyGetDigest_Out *out = (PolicyGetDigest_Out *) MemoryGetOutBuffer(sizeof(PolicyGetDigest_Out)); in->policySession = handles[0]; if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_PolicyGetDigest (in, out); rSize = sizeof(PolicyGetDigest_Out); *respParmSize += TPM2B_DIGEST_Marshal(&out->policyDigest, responseBuffer, &rSize); break; } #endif // CC_PolicyGetDigest #if CC_PolicyNvWritten case TPM_CC_PolicyNvWritten: { PolicyNvWritten_In *in = (PolicyNvWritten_In *) MemoryGetInBuffer(sizeof(PolicyNvWritten_In)); in->policySession = handles[0]; result = TPMI_YES_NO_Unmarshal(&in->writtenSet, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_PolicyNvWritten_writtenSet); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_PolicyNvWritten (in); break; } #endif // CC_PolicyNvWritten #if CC_PolicyTemplate case TPM_CC_PolicyTemplate: { PolicyTemplate_In *in = (PolicyTemplate_In *) MemoryGetInBuffer(sizeof(PolicyTemplate_In)); in->policySession = handles[0]; result = TPM2B_DIGEST_Unmarshal(&in->templateHash, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_PolicyTemplate_templateHash); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_PolicyTemplate (in); break; } #endif // CC_PolicyTemplate #if CC_PolicyAuthorizeNV case TPM_CC_PolicyAuthorizeNV: { PolicyAuthorizeNV_In *in = (PolicyAuthorizeNV_In *) MemoryGetInBuffer(sizeof(PolicyAuthorizeNV_In)); in->authHandle = handles[0]; in->nvIndex = handles[1]; in->policySession = handles[2]; if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_PolicyAuthorizeNV (in); break; } #endif // CC_PolicyAuthorizeNV #if CC_CreatePrimary case TPM_CC_CreatePrimary: { CreatePrimary_In *in = (CreatePrimary_In *) MemoryGetInBuffer(sizeof(CreatePrimary_In)); CreatePrimary_Out *out = (CreatePrimary_Out *) MemoryGetOutBuffer(sizeof(CreatePrimary_Out)); in->primaryHandle = handles[0]; result = TPM2B_SENSITIVE_CREATE_Unmarshal(&in->inSensitive, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_CreatePrimary_inSensitive); result = TPM2B_PUBLIC_Unmarshal(&in->inPublic, paramBuffer, paramBufferSize, FALSE); ERROR_IF_EXIT_PLUS(RC_CreatePrimary_inPublic); result = TPM2B_DATA_Unmarshal(&in->outsideInfo, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_CreatePrimary_outsideInfo); result = TPML_PCR_SELECTION_Unmarshal(&in->creationPCR, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_CreatePrimary_creationPCR); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_CreatePrimary (in, out); rSize = sizeof(CreatePrimary_Out); if(TPM_RC_SUCCESS != result) goto Exit; ; command->handles[command->handleNum++] = out->objectHandle; *respParmSize += TPM2B_PUBLIC_Marshal(&out->outPublic, responseBuffer, &rSize); *respParmSize += TPM2B_CREATION_DATA_Marshal(&out->creationData, responseBuffer, &rSize); *respParmSize += TPM2B_DIGEST_Marshal(&out->creationHash, responseBuffer, &rSize); *respParmSize += TPMT_TK_CREATION_Marshal(&out->creationTicket, responseBuffer, &rSize); *respParmSize += TPM2B_NAME_Marshal(&out->name, responseBuffer, &rSize); break; } #endif // CC_CreatePrimary #if CC_HierarchyControl case TPM_CC_HierarchyControl: { HierarchyControl_In *in = (HierarchyControl_In *) MemoryGetInBuffer(sizeof(HierarchyControl_In)); in->authHandle = handles[0]; result = TPMI_RH_ENABLES_Unmarshal(&in->enable, paramBuffer, paramBufferSize, FALSE); ERROR_IF_EXIT_PLUS(RC_HierarchyControl_enable); result = TPMI_YES_NO_Unmarshal(&in->state, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_HierarchyControl_state); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_HierarchyControl (in); break; } #endif // CC_HierarchyControl #if CC_SetPrimaryPolicy case TPM_CC_SetPrimaryPolicy: { SetPrimaryPolicy_In *in = (SetPrimaryPolicy_In *) MemoryGetInBuffer(sizeof(SetPrimaryPolicy_In)); in->authHandle = handles[0]; result = TPM2B_DIGEST_Unmarshal(&in->authPolicy, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_SetPrimaryPolicy_authPolicy); result = TPMI_ALG_HASH_Unmarshal(&in->hashAlg, paramBuffer, paramBufferSize, TRUE); ERROR_IF_EXIT_PLUS(RC_SetPrimaryPolicy_hashAlg); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_SetPrimaryPolicy (in); break; } #endif // CC_SetPrimaryPolicy #if CC_ChangePPS case TPM_CC_ChangePPS: { ChangePPS_In *in = (ChangePPS_In *) MemoryGetInBuffer(sizeof(ChangePPS_In)); in->authHandle = handles[0]; if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_ChangePPS (in); break; } #endif // CC_ChangePPS #if CC_ChangeEPS case TPM_CC_ChangeEPS: { ChangeEPS_In *in = (ChangeEPS_In *) MemoryGetInBuffer(sizeof(ChangeEPS_In)); in->authHandle = handles[0]; if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_ChangeEPS (in); break; } #endif // CC_ChangeEPS #if CC_Clear case TPM_CC_Clear: { Clear_In *in = (Clear_In *) MemoryGetInBuffer(sizeof(Clear_In)); in->authHandle = handles[0]; if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_Clear (in); break; } #endif // CC_Clear #if CC_ClearControl case TPM_CC_ClearControl: { ClearControl_In *in = (ClearControl_In *) MemoryGetInBuffer(sizeof(ClearControl_In)); in->auth = handles[0]; result = TPMI_YES_NO_Unmarshal(&in->disable, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_ClearControl_disable); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_ClearControl (in); break; } #endif // CC_ClearControl #if CC_HierarchyChangeAuth case TPM_CC_HierarchyChangeAuth: { HierarchyChangeAuth_In *in = (HierarchyChangeAuth_In *) MemoryGetInBuffer(sizeof(HierarchyChangeAuth_In)); in->authHandle = handles[0]; result = TPM2B_AUTH_Unmarshal(&in->newAuth, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_HierarchyChangeAuth_newAuth); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_HierarchyChangeAuth (in); break; } #endif // CC_HierarchyChangeAuth #if CC_DictionaryAttackLockReset case TPM_CC_DictionaryAttackLockReset: { DictionaryAttackLockReset_In *in = (DictionaryAttackLockReset_In *) MemoryGetInBuffer(sizeof(DictionaryAttackLockReset_In)); in->lockHandle = handles[0]; if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_DictionaryAttackLockReset (in); break; } #endif // CC_DictionaryAttackLockReset #if CC_DictionaryAttackParameters case TPM_CC_DictionaryAttackParameters: { DictionaryAttackParameters_In *in = (DictionaryAttackParameters_In *) MemoryGetInBuffer(sizeof(DictionaryAttackParameters_In)); in->lockHandle = handles[0]; result = UINT32_Unmarshal(&in->newMaxTries, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_DictionaryAttackParameters_newMaxTries); result = UINT32_Unmarshal(&in->newRecoveryTime, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_DictionaryAttackParameters_newRecoveryTime); result = UINT32_Unmarshal(&in->lockoutRecovery, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_DictionaryAttackParameters_lockoutRecovery); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_DictionaryAttackParameters (in); break; } #endif // CC_DictionaryAttackParameters #if CC_PP_Commands case TPM_CC_PP_Commands: { PP_Commands_In *in = (PP_Commands_In *) MemoryGetInBuffer(sizeof(PP_Commands_In)); in->auth = handles[0]; result = TPML_CC_Unmarshal(&in->setList, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_PP_Commands_setList); result = TPML_CC_Unmarshal(&in->clearList, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_PP_Commands_clearList); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_PP_Commands (in); break; } #endif // CC_PP_Commands #if CC_SetAlgorithmSet case TPM_CC_SetAlgorithmSet: { SetAlgorithmSet_In *in = (SetAlgorithmSet_In *) MemoryGetInBuffer(sizeof(SetAlgorithmSet_In)); in->authHandle = handles[0]; result = UINT32_Unmarshal(&in->algorithmSet, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_SetAlgorithmSet_algorithmSet); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_SetAlgorithmSet (in); break; } #endif // CC_SetAlgorithmSet #if CC_FieldUpgradeStart case TPM_CC_FieldUpgradeStart: { FieldUpgradeStart_In *in = (FieldUpgradeStart_In *) MemoryGetInBuffer(sizeof(FieldUpgradeStart_In)); in->authorization = handles[0]; in->keyHandle = handles[1]; result = TPM2B_DIGEST_Unmarshal(&in->fuDigest, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_FieldUpgradeStart_fuDigest); result = TPMT_SIGNATURE_Unmarshal(&in->manifestSignature, paramBuffer, paramBufferSize, FALSE); ERROR_IF_EXIT_PLUS(RC_FieldUpgradeStart_manifestSignature); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_FieldUpgradeStart (in); break; } #endif // CC_FieldUpgradeStart #if CC_FieldUpgradeData case TPM_CC_FieldUpgradeData: { FieldUpgradeData_In *in = (FieldUpgradeData_In *) MemoryGetInBuffer(sizeof(FieldUpgradeData_In)); FieldUpgradeData_Out *out = (FieldUpgradeData_Out *) MemoryGetOutBuffer(sizeof(FieldUpgradeData_Out)); result = TPM2B_MAX_BUFFER_Unmarshal(&in->fuData, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_FieldUpgradeData_fuData); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_FieldUpgradeData (in, out); rSize = sizeof(FieldUpgradeData_Out); *respParmSize += TPMT_HA_Marshal(&out->nextDigest, responseBuffer, &rSize); *respParmSize += TPMT_HA_Marshal(&out->firstDigest, responseBuffer, &rSize); break; } #endif // CC_FieldUpgradeData #if CC_FirmwareRead case TPM_CC_FirmwareRead: { FirmwareRead_In *in = (FirmwareRead_In *) MemoryGetInBuffer(sizeof(FirmwareRead_In)); FirmwareRead_Out *out = (FirmwareRead_Out *) MemoryGetOutBuffer(sizeof(FirmwareRead_Out)); result = UINT32_Unmarshal(&in->sequenceNumber, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_FirmwareRead_sequenceNumber); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_FirmwareRead (in, out); rSize = sizeof(FirmwareRead_Out); *respParmSize += TPM2B_MAX_BUFFER_Marshal(&out->fuData, responseBuffer, &rSize); break; } #endif // CC_FirmwareRead #if CC_ContextSave case TPM_CC_ContextSave: { ContextSave_In *in = (ContextSave_In *) MemoryGetInBuffer(sizeof(ContextSave_In)); ContextSave_Out *out = (ContextSave_Out *) MemoryGetOutBuffer(sizeof(ContextSave_Out)); in->saveHandle = handles[0]; if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_ContextSave (in, out); rSize = sizeof(ContextSave_Out); *respParmSize += TPMS_CONTEXT_Marshal(&out->context, responseBuffer, &rSize); break; } #endif // CC_ContextSave #if CC_ContextLoad case TPM_CC_ContextLoad: { ContextLoad_In *in = (ContextLoad_In *) MemoryGetInBuffer(sizeof(ContextLoad_In)); ContextLoad_Out *out = (ContextLoad_Out *) MemoryGetOutBuffer(sizeof(ContextLoad_Out)); result = TPMS_CONTEXT_Unmarshal(&in->context, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_ContextLoad_context); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_ContextLoad (in, out); rSize = sizeof(ContextLoad_Out); if(TPM_RC_SUCCESS != result) goto Exit; ; command->handles[command->handleNum++] = out->loadedHandle; break; } #endif // CC_ContextLoad #if CC_FlushContext case TPM_CC_FlushContext: { FlushContext_In *in = (FlushContext_In *) MemoryGetInBuffer(sizeof(FlushContext_In)); result = TPMI_DH_CONTEXT_Unmarshal(&in->flushHandle, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_FlushContext_flushHandle); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_FlushContext (in); break; } #endif // CC_FlushContext #if CC_EvictControl case TPM_CC_EvictControl: { EvictControl_In *in = (EvictControl_In *) MemoryGetInBuffer(sizeof(EvictControl_In)); in->auth = handles[0]; in->objectHandle = handles[1]; result = TPMI_DH_PERSISTENT_Unmarshal(&in->persistentHandle, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_EvictControl_persistentHandle); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_EvictControl (in); break; } #endif // CC_EvictControl #if CC_ReadClock case TPM_CC_ReadClock: { ReadClock_Out *out = (ReadClock_Out *) MemoryGetOutBuffer(sizeof(ReadClock_Out)); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_ReadClock (out); rSize = sizeof(ReadClock_Out); *respParmSize += TPMS_TIME_INFO_Marshal(&out->currentTime, responseBuffer, &rSize); break; } #endif // CC_ReadClock #if CC_ClockSet case TPM_CC_ClockSet: { ClockSet_In *in = (ClockSet_In *) MemoryGetInBuffer(sizeof(ClockSet_In)); in->auth = handles[0]; result = UINT64_Unmarshal(&in->newTime, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_ClockSet_newTime); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_ClockSet (in); break; } #endif // CC_ClockSet #if CC_ClockRateAdjust case TPM_CC_ClockRateAdjust: { ClockRateAdjust_In *in = (ClockRateAdjust_In *) MemoryGetInBuffer(sizeof(ClockRateAdjust_In)); in->auth = handles[0]; result = TPM_CLOCK_ADJUST_Unmarshal(&in->rateAdjust, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_ClockRateAdjust_rateAdjust); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_ClockRateAdjust (in); break; } #endif // CC_ClockRateAdjust #if CC_GetCapability case TPM_CC_GetCapability: { GetCapability_In *in = (GetCapability_In *) MemoryGetInBuffer(sizeof(GetCapability_In)); GetCapability_Out *out = (GetCapability_Out *) MemoryGetOutBuffer(sizeof(GetCapability_Out)); result = TPM_CAP_Unmarshal(&in->capability, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_GetCapability_capability); result = UINT32_Unmarshal(&in->property, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_GetCapability_property); result = UINT32_Unmarshal(&in->propertyCount, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_GetCapability_propertyCount); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_GetCapability (in, out); rSize = sizeof(GetCapability_Out); *respParmSize += TPMI_YES_NO_Marshal(&out->moreData, responseBuffer, &rSize); *respParmSize += TPMS_CAPABILITY_DATA_Marshal(&out->capabilityData, responseBuffer, &rSize); break; } #endif // CC_GetCapability #if CC_TestParms case TPM_CC_TestParms: { TestParms_In *in = (TestParms_In *) MemoryGetInBuffer(sizeof(TestParms_In)); result = TPMT_PUBLIC_PARMS_Unmarshal(&in->parameters, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_TestParms_parameters); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_TestParms (in); break; } #endif // CC_TestParms #if CC_NV_DefineSpace case TPM_CC_NV_DefineSpace: { NV_DefineSpace_In *in = (NV_DefineSpace_In *) MemoryGetInBuffer(sizeof(NV_DefineSpace_In)); in->authHandle = handles[0]; result = TPM2B_AUTH_Unmarshal(&in->auth, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_NV_DefineSpace_auth); result = TPM2B_NV_PUBLIC_Unmarshal(&in->publicInfo, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_NV_DefineSpace_publicInfo); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_NV_DefineSpace (in); break; } #endif // CC_NV_DefineSpace #if CC_NV_UndefineSpace case TPM_CC_NV_UndefineSpace: { NV_UndefineSpace_In *in = (NV_UndefineSpace_In *) MemoryGetInBuffer(sizeof(NV_UndefineSpace_In)); in->authHandle = handles[0]; in->nvIndex = handles[1]; if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_NV_UndefineSpace (in); break; } #endif // CC_NV_UndefineSpace #if CC_NV_UndefineSpaceSpecial case TPM_CC_NV_UndefineSpaceSpecial: { NV_UndefineSpaceSpecial_In *in = (NV_UndefineSpaceSpecial_In *) MemoryGetInBuffer(sizeof(NV_UndefineSpaceSpecial_In)); in->nvIndex = handles[0]; in->platform = handles[1]; if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_NV_UndefineSpaceSpecial (in); break; } #endif // CC_NV_UndefineSpaceSpecial #if CC_NV_ReadPublic case TPM_CC_NV_ReadPublic: { NV_ReadPublic_In *in = (NV_ReadPublic_In *) MemoryGetInBuffer(sizeof(NV_ReadPublic_In)); NV_ReadPublic_Out *out = (NV_ReadPublic_Out *) MemoryGetOutBuffer(sizeof(NV_ReadPublic_Out)); in->nvIndex = handles[0]; if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_NV_ReadPublic (in, out); rSize = sizeof(NV_ReadPublic_Out); *respParmSize += TPM2B_NV_PUBLIC_Marshal(&out->nvPublic, responseBuffer, &rSize); *respParmSize += TPM2B_NAME_Marshal(&out->nvName, responseBuffer, &rSize); break; } #endif // CC_NV_ReadPublic #if CC_NV_Write case TPM_CC_NV_Write: { NV_Write_In *in = (NV_Write_In *) MemoryGetInBuffer(sizeof(NV_Write_In)); in->authHandle = handles[0]; in->nvIndex = handles[1]; result = TPM2B_MAX_NV_BUFFER_Unmarshal(&in->data, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_NV_Write_data); result = UINT16_Unmarshal(&in->offset, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_NV_Write_offset); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_NV_Write (in); break; } #endif // CC_NV_Write #if CC_NV_Increment case TPM_CC_NV_Increment: { NV_Increment_In *in = (NV_Increment_In *) MemoryGetInBuffer(sizeof(NV_Increment_In)); in->authHandle = handles[0]; in->nvIndex = handles[1]; if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_NV_Increment (in); break; } #endif // CC_NV_Increment #if CC_NV_Extend case TPM_CC_NV_Extend: { NV_Extend_In *in = (NV_Extend_In *) MemoryGetInBuffer(sizeof(NV_Extend_In)); in->authHandle = handles[0]; in->nvIndex = handles[1]; result = TPM2B_MAX_NV_BUFFER_Unmarshal(&in->data, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_NV_Extend_data); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_NV_Extend (in); break; } #endif // CC_NV_Extend #if CC_NV_SetBits case TPM_CC_NV_SetBits: { NV_SetBits_In *in = (NV_SetBits_In *) MemoryGetInBuffer(sizeof(NV_SetBits_In)); in->authHandle = handles[0]; in->nvIndex = handles[1]; result = UINT64_Unmarshal(&in->bits, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_NV_SetBits_bits); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_NV_SetBits (in); break; } #endif // CC_NV_SetBits #if CC_NV_WriteLock case TPM_CC_NV_WriteLock: { NV_WriteLock_In *in = (NV_WriteLock_In *) MemoryGetInBuffer(sizeof(NV_WriteLock_In)); in->authHandle = handles[0]; in->nvIndex = handles[1]; if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_NV_WriteLock (in); break; } #endif // CC_NV_WriteLock #if CC_NV_GlobalWriteLock case TPM_CC_NV_GlobalWriteLock: { NV_GlobalWriteLock_In *in = (NV_GlobalWriteLock_In *) MemoryGetInBuffer(sizeof(NV_GlobalWriteLock_In)); in->authHandle = handles[0]; if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_NV_GlobalWriteLock (in); break; } #endif // CC_NV_GlobalWriteLock #if CC_NV_Read case TPM_CC_NV_Read: { NV_Read_In *in = (NV_Read_In *) MemoryGetInBuffer(sizeof(NV_Read_In)); NV_Read_Out *out = (NV_Read_Out *) MemoryGetOutBuffer(sizeof(NV_Read_Out)); in->authHandle = handles[0]; in->nvIndex = handles[1]; result = UINT16_Unmarshal(&in->size, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_NV_Read_size); result = UINT16_Unmarshal(&in->offset, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_NV_Read_offset); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_NV_Read (in, out); rSize = sizeof(NV_Read_Out); *respParmSize += TPM2B_MAX_NV_BUFFER_Marshal(&out->data, responseBuffer, &rSize); break; } #endif // CC_NV_Read #if CC_NV_ReadLock case TPM_CC_NV_ReadLock: { NV_ReadLock_In *in = (NV_ReadLock_In *) MemoryGetInBuffer(sizeof(NV_ReadLock_In)); in->authHandle = handles[0]; in->nvIndex = handles[1]; if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_NV_ReadLock (in); break; } #endif // CC_NV_ReadLock #if CC_NV_ChangeAuth case TPM_CC_NV_ChangeAuth: { NV_ChangeAuth_In *in = (NV_ChangeAuth_In *) MemoryGetInBuffer(sizeof(NV_ChangeAuth_In)); in->nvIndex = handles[0]; result = TPM2B_AUTH_Unmarshal(&in->newAuth, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_NV_ChangeAuth_newAuth); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_NV_ChangeAuth (in); break; } #endif // CC_NV_ChangeAuth #if CC_NV_Certify case TPM_CC_NV_Certify: { NV_Certify_In *in = (NV_Certify_In *) MemoryGetInBuffer(sizeof(NV_Certify_In)); NV_Certify_Out *out = (NV_Certify_Out *) MemoryGetOutBuffer(sizeof(NV_Certify_Out)); in->signHandle = handles[0]; in->authHandle = handles[1]; in->nvIndex = handles[2]; result = TPM2B_DATA_Unmarshal(&in->qualifyingData, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_NV_Certify_qualifyingData); result = TPMT_SIG_SCHEME_Unmarshal(&in->inScheme, paramBuffer, paramBufferSize, TRUE); ERROR_IF_EXIT_PLUS(RC_NV_Certify_inScheme); result = UINT16_Unmarshal(&in->size, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_NV_Certify_size); result = UINT16_Unmarshal(&in->offset, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_NV_Certify_offset); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_NV_Certify (in, out); rSize = sizeof(NV_Certify_Out); *respParmSize += TPM2B_ATTEST_Marshal(&out->certifyInfo, responseBuffer, &rSize); *respParmSize += TPMT_SIGNATURE_Marshal(&out->signature, responseBuffer, &rSize); break; } #endif // CC_NV_Certify #if CC_AC_GetCapability case TPM_CC_AC_GetCapability: { AC_GetCapability_In *in = (AC_GetCapability_In *) MemoryGetInBuffer(sizeof(AC_GetCapability_In)); AC_GetCapability_Out *out = (AC_GetCapability_Out *) MemoryGetOutBuffer(sizeof(AC_GetCapability_Out)); in->ac = handles[0]; result = TPM_AT_Unmarshal(&in->capability, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_AC_GetCapability_capability); result = UINT32_Unmarshal(&in->count, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_AC_GetCapability_count); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_AC_GetCapability (in, out); rSize = sizeof(AC_GetCapability_Out); *respParmSize += TPMI_YES_NO_Marshal(&out->moreData, responseBuffer, &rSize); *respParmSize += TPML_AC_CAPABILITIES_Marshal(&out->capabilitiesData, responseBuffer, &rSize); break; } #endif // CC_AC_GetCapability #if CC_AC_Send case TPM_CC_AC_Send: { AC_Send_In *in = (AC_Send_In *) MemoryGetInBuffer(sizeof(AC_Send_In)); AC_Send_Out *out = (AC_Send_Out *) MemoryGetOutBuffer(sizeof(AC_Send_Out)); in->sendObject = handles[0]; in->authHandle = handles[1]; in->ac = handles[2]; result = TPM2B_MAX_BUFFER_Unmarshal(&in->acDataIn, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_AC_Send_acDataIn); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_AC_Send (in, out); rSize = sizeof(AC_Send_Out); *respParmSize += TPMS_AC_OUTPUT_Marshal(&out->acDataOut, responseBuffer, &rSize); break; } #endif // CC_AC_Send #if CC_Policy_AC_SendSelect case TPM_CC_Policy_AC_SendSelect: { Policy_AC_SendSelect_In *in = (Policy_AC_SendSelect_In *) MemoryGetInBuffer(sizeof(Policy_AC_SendSelect_In)); in->policySession = handles[0]; result = TPM2B_NAME_Unmarshal(&in->objectName, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_Policy_AC_SendSelect_objectName); result = TPM2B_NAME_Unmarshal(&in->authHandleName, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_Policy_AC_SendSelect_authHandleName); result = TPM2B_NAME_Unmarshal(&in->acName, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_Policy_AC_SendSelect_acName); result = TPMI_YES_NO_Unmarshal(&in->includeObject, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_Policy_AC_SendSelect_includeObject); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_Policy_AC_SendSelect (in); break; } #endif // CC_Policy_AC_SendSelect #if CC_Vendor_TCG_Test case TPM_CC_Vendor_TCG_Test: { Vendor_TCG_Test_In *in = (Vendor_TCG_Test_In *) MemoryGetInBuffer(sizeof(Vendor_TCG_Test_In)); Vendor_TCG_Test_Out *out = (Vendor_TCG_Test_Out *) MemoryGetOutBuffer(sizeof(Vendor_TCG_Test_Out)); result = TPM2B_DATA_Unmarshal(&in->inputData, paramBuffer, paramBufferSize); ERROR_IF_EXIT_PLUS(RC_Vendor_TCG_Test_inputData); if(*paramBufferSize != 0) (result = TPM_RC_SIZE; goto Exit; } result = TPM2_Vendor_TCG_Test (in, out); rSize = sizeof(Vendor_TCG_Test_Out); *respParmSize += TPM2B_DATA_Marshal(&out->outputData, responseBuffer, &rSize); break; } #endif // CC_Vendor_TCG_Test go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Commands.h000066400000000000000000000245221510276467000255460ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.1 Dec 8, 2018 * Date: Jan 28, 2019 Time: 01:24:09AM */ #ifndef _COMMANDS_H_ #define _COMMANDS_H_ // Start-up #ifdef TPM_CC_Startup #include "Startup_fp.h" #endif #ifdef TPM_CC_Shutdown #include "Shutdown_fp.h" #endif // Testing #ifdef TPM_CC_SelfTest #include "SelfTest_fp.h" #endif #ifdef TPM_CC_IncrementalSelfTest #include "IncrementalSelfTest_fp.h" #endif #ifdef TPM_CC_GetTestResult #include "GetTestResult_fp.h" #endif // Session Commands #ifdef TPM_CC_StartAuthSession #include "StartAuthSession_fp.h" #endif #ifdef TPM_CC_PolicyRestart #include "PolicyRestart_fp.h" #endif // Object Commands #ifdef TPM_CC_Create #include "Create_fp.h" #endif #ifdef TPM_CC_Load #include "Load_fp.h" #endif #ifdef TPM_CC_LoadExternal #include "LoadExternal_fp.h" #endif #ifdef TPM_CC_ReadPublic #include "ReadPublic_fp.h" #endif #ifdef TPM_CC_ActivateCredential #include "ActivateCredential_fp.h" #endif #ifdef TPM_CC_MakeCredential #include "MakeCredential_fp.h" #endif #ifdef TPM_CC_Unseal #include "Unseal_fp.h" #endif #ifdef TPM_CC_ObjectChangeAuth #include "ObjectChangeAuth_fp.h" #endif #ifdef TPM_CC_CreateLoaded #include "CreateLoaded_fp.h" #endif // Duplication Commands #ifdef TPM_CC_Duplicate #include "Duplicate_fp.h" #endif #ifdef TPM_CC_Rewrap #include "Rewrap_fp.h" #endif #ifdef TPM_CC_Import #include "Import_fp.h" #endif // Asymmetric Primitives #ifdef TPM_CC_RSA_Encrypt #include "RSA_Encrypt_fp.h" #endif #ifdef TPM_CC_RSA_Decrypt #include "RSA_Decrypt_fp.h" #endif #ifdef TPM_CC_ECDH_KeyGen #include "ECDH_KeyGen_fp.h" #endif #ifdef TPM_CC_ECDH_ZGen #include "ECDH_ZGen_fp.h" #endif #ifdef TPM_CC_ECC_Parameters #include "ECC_Parameters_fp.h" #endif #ifdef TPM_CC_ZGen_2Phase #include "ZGen_2Phase_fp.h" #endif // Symmetric Primitives #ifdef TPM_CC_EncryptDecrypt #include "EncryptDecrypt_fp.h" #endif #ifdef TPM_CC_EncryptDecrypt2 #include "EncryptDecrypt2_fp.h" #endif #ifdef TPM_CC_Hash #include "Hash_fp.h" #endif #ifdef TPM_CC_HMAC #include "HMAC_fp.h" #endif #ifdef TPM_CC_MAC #include "MAC_fp.h" #endif // Random Number Generator #ifdef TPM_CC_GetRandom #include "GetRandom_fp.h" #endif #ifdef TPM_CC_StirRandom #include "StirRandom_fp.h" #endif // Hash/HMAC/Event Sequences #ifdef TPM_CC_HMAC_Start #include "HMAC_Start_fp.h" #endif #ifdef TPM_CC_MAC_Start #include "MAC_Start_fp.h" #endif #ifdef TPM_CC_HashSequenceStart #include "HashSequenceStart_fp.h" #endif #ifdef TPM_CC_SequenceUpdate #include "SequenceUpdate_fp.h" #endif #ifdef TPM_CC_SequenceComplete #include "SequenceComplete_fp.h" #endif #ifdef TPM_CC_EventSequenceComplete #include "EventSequenceComplete_fp.h" #endif // Attestation Commands #ifdef TPM_CC_Certify #include "Certify_fp.h" #endif #ifdef TPM_CC_CertifyCreation #include "CertifyCreation_fp.h" #endif #ifdef TPM_CC_Quote #include "Quote_fp.h" #endif #ifdef TPM_CC_GetSessionAuditDigest #include "GetSessionAuditDigest_fp.h" #endif #ifdef TPM_CC_GetCommandAuditDigest #include "GetCommandAuditDigest_fp.h" #endif #ifdef TPM_CC_GetTime #include "GetTime_fp.h" #endif #ifdef TPM_CC_CertifyX509 #include "CertifyX509_fp.h" #endif // Ephemeral EC Keys #ifdef TPM_CC_Commit #include "Commit_fp.h" #endif #ifdef TPM_CC_EC_Ephemeral #include "EC_Ephemeral_fp.h" #endif // Signing and Signature Verification #ifdef TPM_CC_VerifySignature #include "VerifySignature_fp.h" #endif #ifdef TPM_CC_Sign #include "Sign_fp.h" #endif // Command Audit #ifdef TPM_CC_SetCommandCodeAuditStatus #include "SetCommandCodeAuditStatus_fp.h" #endif // Integrity Collection (PCR) #ifdef TPM_CC_PCR_Extend #include "PCR_Extend_fp.h" #endif #ifdef TPM_CC_PCR_Event #include "PCR_Event_fp.h" #endif #ifdef TPM_CC_PCR_Read #include "PCR_Read_fp.h" #endif #ifdef TPM_CC_PCR_Allocate #include "PCR_Allocate_fp.h" #endif #ifdef TPM_CC_PCR_SetAuthPolicy #include "PCR_SetAuthPolicy_fp.h" #endif #ifdef TPM_CC_PCR_SetAuthValue #include "PCR_SetAuthValue_fp.h" #endif #ifdef TPM_CC_PCR_Reset #include "PCR_Reset_fp.h" #endif // Enhanced Authorization (EA) Commands #ifdef TPM_CC_PolicySigned #include "PolicySigned_fp.h" #endif #ifdef TPM_CC_PolicySecret #include "PolicySecret_fp.h" #endif #ifdef TPM_CC_PolicyTicket #include "PolicyTicket_fp.h" #endif #ifdef TPM_CC_PolicyOR #include "PolicyOR_fp.h" #endif #ifdef TPM_CC_PolicyPCR #include "PolicyPCR_fp.h" #endif #ifdef TPM_CC_PolicyLocality #include "PolicyLocality_fp.h" #endif #ifdef TPM_CC_PolicyNV #include "PolicyNV_fp.h" #endif #ifdef TPM_CC_PolicyCounterTimer #include "PolicyCounterTimer_fp.h" #endif #ifdef TPM_CC_PolicyCommandCode #include "PolicyCommandCode_fp.h" #endif #ifdef TPM_CC_PolicyPhysicalPresence #include "PolicyPhysicalPresence_fp.h" #endif #ifdef TPM_CC_PolicyCpHash #include "PolicyCpHash_fp.h" #endif #ifdef TPM_CC_PolicyNameHash #include "PolicyNameHash_fp.h" #endif #ifdef TPM_CC_PolicyDuplicationSelect #include "PolicyDuplicationSelect_fp.h" #endif #ifdef TPM_CC_PolicyAuthorize #include "PolicyAuthorize_fp.h" #endif #ifdef TPM_CC_PolicyAuthValue #include "PolicyAuthValue_fp.h" #endif #ifdef TPM_CC_PolicyPassword #include "PolicyPassword_fp.h" #endif #ifdef TPM_CC_PolicyGetDigest #include "PolicyGetDigest_fp.h" #endif #ifdef TPM_CC_PolicyNvWritten #include "PolicyNvWritten_fp.h" #endif #ifdef TPM_CC_PolicyTemplate #include "PolicyTemplate_fp.h" #endif #ifdef TPM_CC_PolicyAuthorizeNV #include "PolicyAuthorizeNV_fp.h" #endif // Hierarchy Commands #ifdef TPM_CC_CreatePrimary #include "CreatePrimary_fp.h" #endif #ifdef TPM_CC_HierarchyControl #include "HierarchyControl_fp.h" #endif #ifdef TPM_CC_SetPrimaryPolicy #include "SetPrimaryPolicy_fp.h" #endif #ifdef TPM_CC_ChangePPS #include "ChangePPS_fp.h" #endif #ifdef TPM_CC_ChangeEPS #include "ChangeEPS_fp.h" #endif #ifdef TPM_CC_Clear #include "Clear_fp.h" #endif #ifdef TPM_CC_ClearControl #include "ClearControl_fp.h" #endif #ifdef TPM_CC_HierarchyChangeAuth #include "HierarchyChangeAuth_fp.h" #endif // Dictionary Attack Functions #ifdef TPM_CC_DictionaryAttackLockReset #include "DictionaryAttackLockReset_fp.h" #endif #ifdef TPM_CC_DictionaryAttackParameters #include "DictionaryAttackParameters_fp.h" #endif // Miscellaneous Management Functions #ifdef TPM_CC_PP_Commands #include "PP_Commands_fp.h" #endif #ifdef TPM_CC_SetAlgorithmSet #include "SetAlgorithmSet_fp.h" #endif // Field Upgrade #ifdef TPM_CC_FieldUpgradeStart #include "FieldUpgradeStart_fp.h" #endif #ifdef TPM_CC_FieldUpgradeData #include "FieldUpgradeData_fp.h" #endif #ifdef TPM_CC_FirmwareRead #include "FirmwareRead_fp.h" #endif // Context Management #ifdef TPM_CC_ContextSave #include "ContextSave_fp.h" #endif #ifdef TPM_CC_ContextLoad #include "ContextLoad_fp.h" #endif #ifdef TPM_CC_FlushContext #include "FlushContext_fp.h" #endif #ifdef TPM_CC_EvictControl #include "EvictControl_fp.h" #endif // Clocks and Timers #ifdef TPM_CC_ReadClock #include "ReadClock_fp.h" #endif #ifdef TPM_CC_ClockSet #include "ClockSet_fp.h" #endif #ifdef TPM_CC_ClockRateAdjust #include "ClockRateAdjust_fp.h" #endif // Capability Commands #ifdef TPM_CC_GetCapability #include "GetCapability_fp.h" #endif #ifdef TPM_CC_TestParms #include "TestParms_fp.h" #endif // Non-volatile Storage #ifdef TPM_CC_NV_DefineSpace #include "NV_DefineSpace_fp.h" #endif #ifdef TPM_CC_NV_UndefineSpace #include "NV_UndefineSpace_fp.h" #endif #ifdef TPM_CC_NV_UndefineSpaceSpecial #include "NV_UndefineSpaceSpecial_fp.h" #endif #ifdef TPM_CC_NV_ReadPublic #include "NV_ReadPublic_fp.h" #endif #ifdef TPM_CC_NV_Write #include "NV_Write_fp.h" #endif #ifdef TPM_CC_NV_Increment #include "NV_Increment_fp.h" #endif #ifdef TPM_CC_NV_Extend #include "NV_Extend_fp.h" #endif #ifdef TPM_CC_NV_SetBits #include "NV_SetBits_fp.h" #endif #ifdef TPM_CC_NV_WriteLock #include "NV_WriteLock_fp.h" #endif #ifdef TPM_CC_NV_GlobalWriteLock #include "NV_GlobalWriteLock_fp.h" #endif #ifdef TPM_CC_NV_Read #include "NV_Read_fp.h" #endif #ifdef TPM_CC_NV_ReadLock #include "NV_ReadLock_fp.h" #endif #ifdef TPM_CC_NV_ChangeAuth #include "NV_ChangeAuth_fp.h" #endif #ifdef TPM_CC_NV_Certify #include "NV_Certify_fp.h" #endif // Attached Components #ifdef TPM_CC_AC_GetCapability #include "AC_GetCapability_fp.h" #endif #ifdef TPM_CC_AC_Send #include "AC_Send_fp.h" #endif #ifdef TPM_CC_Policy_AC_SendSelect #include "Policy_AC_SendSelect_fp.h" #endif // Vendor Specific #ifdef TPM_CC_Vendor_TCG_Test #include "Vendor_TCG_Test_fp.h" #endif #endif go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CompilerDependencies.h000066400000000000000000000107261510276467000300670ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ // This file contains the build switches. This contains switches for multiple // versions of the crypto-library so some may not apply to your environment. // #ifndef _COMPILER_DEPENDENCIES_H_ #define _COMPILER_DEPENDENCIES_H_ #ifdef GCC # undef _MSC_VER # undef WIN32 #endif #ifdef _MSC_VER // These definitions are for the Microsoft compiler // Endian conversion for aligned structures # define REVERSE_ENDIAN_16(_Number) _byteswap_ushort(_Number) # define REVERSE_ENDIAN_32(_Number) _byteswap_ulong(_Number) # define REVERSE_ENDIAN_64(_Number) _byteswap_uint64(_Number) // Avoid compiler warning for in line of stdio (or not) //#define _NO_CRT_STDIO_INLINE // This macro is used to handle LIB_EXPORT of function and variable names in lieu // of a .def file. Visual Studio requires that functions be explicitly exported and // imported. # define LIB_EXPORT __declspec(dllexport) // VS compatible version # define LIB_IMPORT __declspec(dllimport) // This is defined to indicate a function that does not return. Microsoft compilers // do not support the _Noretrun function parameter. # define NORETURN __declspec(noreturn) # if _MSC_VER >= 1400 // SAL processing when needed # include # endif # ifdef _WIN64 # define _INTPTR 2 # else # define _INTPTR 1 # endif #define NOT_REFERENCED(x) (x) // Lower the compiler error warning for system include // files. They tend not to be that clean and there is no // reason to sort through all the spurious errors that they // generate when the normal error level is set to /Wall # define _REDUCE_WARNING_LEVEL_(n) \ __pragma(warning(push, n)) // Restore the compiler warning level # define _NORMAL_WARNING_LEVEL_ \ __pragma(warning(pop)) # include #endif #ifndef _MSC_VER #ifndef WINAPI # define WINAPI #endif # define __pragma(x) # define REVERSE_ENDIAN_16(_Number) __builtin_bswap16(_Number) # define REVERSE_ENDIAN_32(_Number) __builtin_bswap32(_Number) # define REVERSE_ENDIAN_64(_Number) __builtin_bswap64(_Number) #endif #if defined(__GNUC__) # define NORETURN __attribute__((noreturn)) # include #endif // Things that are not defined should be defined as NULL #ifndef NORETURN # define NORETURN #endif #ifndef LIB_EXPORT # define LIB_EXPORT #endif #ifndef LIB_IMPORT # define LIB_IMPORT #endif #ifndef _REDUCE_WARNING_LEVEL_ # define _REDUCE_WARNING_LEVEL_(n) #endif #ifndef _NORMAL_WARNING_LEVEL_ # define _NORMAL_WARNING_LEVEL_ #endif #ifndef NOT_REFERENCED # define NOT_REFERENCED(x) (x = x) #endif #ifdef _POSIX_ typedef int SOCKET; #endif #endif // _COMPILER_DEPENDENCIES_H_go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptEcc.h000066400000000000000000000055671510276467000255310ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Introduction // This file contains structure definitions used for ECC. The // structures in this file are only used internally. The ECC-related structures // that cross the TPM interface are defined in TpmTypes.h // #ifndef _CRYPT_ECC_H #define _CRYPT_ECC_H //** Structures // This is used to define the macro that may or may not be in the data set for the // curve (CryptEccData.c). If there is a mismatch, the compiler will warn that there // is to much/not enough initialization data in the curve. The macro is used because // not all versions of the CryptEccData.c need the curve name. #ifdef NAMED_CURVES #define CURVE_NAME(a) , a #define CURVE_NAME_DEF const char *name; #else # define CURVE_NAME(a) # define CURVE_NAME_DEF #endif typedef struct ECC_CURVE { const TPM_ECC_CURVE curveId; const UINT16 keySizeBits; const TPMT_KDF_SCHEME kdf; const TPMT_ECC_SCHEME sign; const ECC_CURVE_DATA *curveData; // the address of the curve data const BYTE *OID; CURVE_NAME_DEF } ECC_CURVE; extern const ECC_CURVE eccCurves[ECC_CURVE_COUNT]; #endif go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptHash.h000066400000000000000000000276051510276467000257170ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Introduction // This header contains the hash structure definitions used in the TPM code // to define the amount of space to be reserved for the hash state. This allows // the TPM code to not have to import all of the symbols used by the hash // computations. This lets the build environment of the TPM code not to have // include the header files associated with the CryptoEngine code. #ifndef _CRYPT_HASH_H #define _CRYPT_HASH_H //** Hash-related Structures union SMAC_STATES; // These definitions add the high-level methods for processing state that may be // an SMAC typedef void(* SMAC_DATA_METHOD)( union SMAC_STATES *state, UINT32 size, const BYTE *buffer ); typedef UINT16(* SMAC_END_METHOD)( union SMAC_STATES *state, UINT32 size, BYTE *buffer ); typedef struct sequenceMethods { SMAC_DATA_METHOD data; SMAC_END_METHOD end; } SMAC_METHODS; #define SMAC_IMPLEMENTED (CC_MAC || CC_MAC_Start) // These definitions are here because the SMAC state is in the union of hash states. typedef struct tpmCmacState { TPM_ALG_ID symAlg; UINT16 keySizeBits; INT16 bcount; // current count of bytes accumulated in IV TPM2B_IV iv; // IV buffer TPM2B_SYM_KEY symKey; } tpmCmacState_t; typedef union SMAC_STATES { #if ALG_CMAC tpmCmacState_t cmac; #endif UINT64 pad; } SMAC_STATES; typedef struct SMAC_STATE { SMAC_METHODS smacMethods; SMAC_STATES state; } SMAC_STATE; typedef union { #if ALG_SHA1 tpmHashStateSHA1_t Sha1; #endif #if ALG_SHA256 tpmHashStateSHA256_t Sha256; #endif #if ALG_SHA384 tpmHashStateSHA384_t Sha384; #endif #if ALG_SHA512 tpmHashStateSHA512_t Sha512; #endif // Additions for symmetric block cipher MAC #if SMAC_IMPLEMENTED SMAC_STATE smac; #endif // to force structure alignment to be no worse than HASH_ALIGNMENT #if HASH_ALIGNMENT == 4 uint32_t align; #else uint64_t align; #endif } ANY_HASH_STATE; typedef ANY_HASH_STATE *PANY_HASH_STATE; typedef const ANY_HASH_STATE *PCANY_HASH_STATE; #define ALIGNED_SIZE(x, b) ((((x) + (b) - 1) / (b)) * (b)) // MAX_HASH_STATE_SIZE will change with each implementation. It is assumed that // a hash state will not be larger than twice the block size plus some // overhead (in this case, 16 bytes). The overall size needs to be as // large as any of the hash contexts. The structure needs to start on an // alignment boundary and be an even multiple of the alignment #define MAX_HASH_STATE_SIZE ((2 * MAX_HASH_BLOCK_SIZE) + 16) #define MAX_HASH_STATE_SIZE_ALIGNED \ ALIGNED_SIZE(MAX_HASH_STATE_SIZE, HASH_ALIGNMENT) // This is an aligned byte array that will hold any of the hash contexts. typedef ANY_HASH_STATE ALIGNED_HASH_STATE; // The header associated with the hash library is expected to define the methods // which include the calling sequence. When not compiling CryptHash.c, the methods // are not defined so we need placeholder functions for the structures #ifndef HASH_START_METHOD_DEF # define HASH_START_METHOD_DEF void (HASH_START_METHOD)(void) #endif #ifndef HASH_DATA_METHOD_DEF # define HASH_DATA_METHOD_DEF void (HASH_DATA_METHOD)(void) #endif #ifndef HASH_END_METHOD_DEF # define HASH_END_METHOD_DEF void (HASH_END_METHOD)(void) #endif #ifndef HASH_STATE_COPY_METHOD_DEF # define HASH_STATE_COPY_METHOD_DEF void (HASH_STATE_COPY_METHOD)(void) #endif #ifndef HASH_STATE_EXPORT_METHOD_DEF # define HASH_STATE_EXPORT_METHOD_DEF void (HASH_STATE_EXPORT_METHOD)(void) #endif #ifndef HASH_STATE_IMPORT_METHOD_DEF # define HASH_STATE_IMPORT_METHOD_DEF void (HASH_STATE_IMPORT_METHOD)(void) #endif // Define the prototypical function call for each of the methods. This defines the // order in which the parameters are passed to the underlying function. typedef HASH_START_METHOD_DEF; typedef HASH_DATA_METHOD_DEF; typedef HASH_END_METHOD_DEF; typedef HASH_STATE_COPY_METHOD_DEF; typedef HASH_STATE_EXPORT_METHOD_DEF; typedef HASH_STATE_IMPORT_METHOD_DEF; typedef struct _HASH_METHODS { HASH_START_METHOD *start; HASH_DATA_METHOD *data; HASH_END_METHOD *end; HASH_STATE_COPY_METHOD *copy; // Copy a hash block HASH_STATE_EXPORT_METHOD *copyOut; // Copy a hash block from a hash // context HASH_STATE_IMPORT_METHOD *copyIn; // Copy a hash block to a proper hash // context } HASH_METHODS, *PHASH_METHODS; #if ALG_SHA1 TPM2B_TYPE(SHA1_DIGEST, SHA1_DIGEST_SIZE); #endif #if ALG_SHA256 TPM2B_TYPE(SHA256_DIGEST, SHA256_DIGEST_SIZE); #endif #if ALG_SHA384 TPM2B_TYPE(SHA384_DIGEST, SHA384_DIGEST_SIZE); #endif #if ALG_SHA512 TPM2B_TYPE(SHA512_DIGEST, SHA512_DIGEST_SIZE); #endif #if ALG_SM3_256 TPM2B_TYPE(SM3_256_DIGEST, SM3_256_DIGEST_SIZE); #endif // When the TPM implements RSA, the hash-dependent OID pointers are part of the // HASH_DEF. These macros conditionally add the OID reference to the HASH_DEF and the // HASH_DEF_TEMPLATE. #if ALG_RSA #define PKCS1_HASH_REF const BYTE *PKCS1; #define PKCS1_OID(NAME) , OID_PKCS1_##NAME #else #define PKCS1_HASH_REF #define PKCS1_OID(NAME) #endif // When the TPM implements ECC, the hash-dependent OID pointers are part of the // HASH_DEF. These macros conditionally add the OID reference to the HASH_DEF and the // HASH_DEF_TEMPLATE. #if ALG_ECDSA #define ECDSA_HASH_REF const BYTE *ECDSA; #define ECDSA_OID(NAME) , OID_ECDSA_##NAME #else #define ECDSA_HASH_REF #define ECDSA_OID(NAME) #endif typedef const struct HASH_DEF { HASH_METHODS method; uint16_t blockSize; uint16_t digestSize; uint16_t contextSize; uint16_t hashAlg; const BYTE *OID; PKCS1_HASH_REF // PKCS1 OID ECDSA_HASH_REF // ECDSA OID } HASH_DEF, *PHASH_DEF; // Macro to fill in the HASH_DEF for an algorithm. For SHA1, the instance would be: // HASH_DEF_TEMPLATE(Sha1, SHA1) // This handles the difference in capitalization for the various pieces. #define HASH_DEF_TEMPLATE(HASH, Hash) \ HASH_DEF Hash##_Def= { \ {(HASH_START_METHOD *)&tpmHashStart_##HASH, \ (HASH_DATA_METHOD *)&tpmHashData_##HASH, \ (HASH_END_METHOD *)&tpmHashEnd_##HASH, \ (HASH_STATE_COPY_METHOD *)&tpmHashStateCopy_##HASH, \ (HASH_STATE_EXPORT_METHOD *)&tpmHashStateExport_##HASH, \ (HASH_STATE_IMPORT_METHOD *)&tpmHashStateImport_##HASH, \ }, \ HASH##_BLOCK_SIZE, /*block size */ \ HASH##_DIGEST_SIZE, /*data size */ \ sizeof(tpmHashState##HASH##_t), \ TPM_ALG_##HASH, OID_##HASH \ PKCS1_OID(HASH) ECDSA_OID(HASH)}; // These definitions are for the types that can be in a hash state structure. // These types are used in the cryptographic utilities. This is a define rather than // an enum so that the size of this field can be explicit. typedef BYTE HASH_STATE_TYPE; #define HASH_STATE_EMPTY ((HASH_STATE_TYPE) 0) #define HASH_STATE_HASH ((HASH_STATE_TYPE) 1) #define HASH_STATE_HMAC ((HASH_STATE_TYPE) 2) #if CC_MAC || CC_MAC_Start #define HASH_STATE_SMAC ((HASH_STATE_TYPE) 3) #endif // This is the structure that is used for passing a context into the hashing // functions. It should be the same size as the function context used within // the hashing functions. This is checked when the hash function is initialized. // This version uses a new layout for the contexts and a different definition. The // state buffer is an array of HASH_UNIT values so that a decent compiler will put // the structure on a HASH_UNIT boundary. If the structure is not properly aligned, // the code that manipulates the structure will copy to a properly aligned // structure before it is used and copy the result back. This just makes things // slower. // NOTE: This version of the state had the pointer to the update method in the // state. This is to allow the SMAC functions to use the same structure without // having to replicate the entire HASH_DEF structure. typedef struct _HASH_STATE { HASH_STATE_TYPE type; // type of the context TPM_ALG_ID hashAlg; PHASH_DEF def; ANY_HASH_STATE state; } HASH_STATE, *PHASH_STATE; typedef const HASH_STATE *PCHASH_STATE; //** HMAC State Structures // An HMAC_STATE structure contains an opaque HMAC stack state. A caller would // use this structure when performing incremental HMAC operations. This structure // contains a hash state and an HMAC key and allows slightly better stack // optimization than adding an HMAC key to each hash state. typedef struct hmacState { HASH_STATE hashState; // the hash state TPM2B_HASH_BLOCK hmacKey; // the HMAC key } HMAC_STATE, *PHMAC_STATE; // This is for the external hash state. This implementation assumes that the size // of the exported hash state is no larger than the internal hash state. typedef struct { BYTE buffer[sizeof(HASH_STATE)]; } EXPORT_HASH_STATE, *PEXPORT_HASH_STATE; typedef const EXPORT_HASH_STATE *PCEXPORT_HASH_STATE; #endif // _CRYPT_HASH_H go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptRand.h000066400000000000000000000166731510276467000257230ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Introduction // This file contains constant definition shared by CryptUtil and the parts // of the Crypto Engine. // #ifndef _CRYPT_RAND_H #define _CRYPT_RAND_H //** DRBG Structures and Defines // Values and structures for the random number generator. These values are defined // in this header file so that the size of the RNG state can be known to TPM.lib. // This allows the allocation of some space in NV memory for the state to // be stored on an orderly shutdown. // The DRBG based on a symmetric block cipher is defined by three values, // 1) the key size // 2) the block size (the IV size) // 3) the symmetric algorithm #define DRBG_KEY_SIZE_BITS AES_MAX_KEY_SIZE_BITS #define DRBG_IV_SIZE_BITS (AES_MAX_BLOCK_SIZE * 8) #define DRBG_ALGORITHM TPM_ALG_AES typedef tpmKeyScheduleAES DRBG_KEY_SCHEDULE; #define DRBG_ENCRYPT_SETUP(key, keySizeInBits, schedule) \ TpmCryptSetEncryptKeyAES(key, keySizeInBits, schedule) #define DRBG_ENCRYPT(keySchedule, in, out) \ TpmCryptEncryptAES(SWIZZLE(keySchedule, in, out)) #if ((DRBG_KEY_SIZE_BITS % RADIX_BITS) != 0) \ || ((DRBG_IV_SIZE_BITS % RADIX_BITS) != 0) #error "Key size and IV for DRBG must be even multiples of the radix" #endif #if (DRBG_KEY_SIZE_BITS % DRBG_IV_SIZE_BITS) != 0 #error "Key size for DRBG must be even multiple of the cypher block size" #endif // Derived values #define DRBG_MAX_REQUESTS_PER_RESEED (1 << 48) #define DRBG_MAX_REQEST_SIZE (1 << 32) #define pDRBG_KEY(seed) ((DRBG_KEY *)&(((BYTE *)(seed))[0])) #define pDRBG_IV(seed) ((DRBG_IV *)&(((BYTE *)(seed))[DRBG_KEY_SIZE_BYTES])) #define DRBG_KEY_SIZE_WORDS (BITS_TO_CRYPT_WORDS(DRBG_KEY_SIZE_BITS)) #define DRBG_KEY_SIZE_BYTES (DRBG_KEY_SIZE_WORDS * RADIX_BYTES) #define DRBG_IV_SIZE_WORDS (BITS_TO_CRYPT_WORDS(DRBG_IV_SIZE_BITS)) #define DRBG_IV_SIZE_BYTES (DRBG_IV_SIZE_WORDS * RADIX_BYTES) #define DRBG_SEED_SIZE_WORDS (DRBG_KEY_SIZE_WORDS + DRBG_IV_SIZE_WORDS) #define DRBG_SEED_SIZE_BYTES (DRBG_KEY_SIZE_BYTES + DRBG_IV_SIZE_BYTES) typedef union { BYTE bytes[DRBG_KEY_SIZE_BYTES]; crypt_uword_t words[DRBG_KEY_SIZE_WORDS]; } DRBG_KEY; typedef union { BYTE bytes[DRBG_IV_SIZE_BYTES]; crypt_uword_t words[DRBG_IV_SIZE_WORDS]; } DRBG_IV; typedef union { BYTE bytes[DRBG_SEED_SIZE_BYTES]; crypt_uword_t words[DRBG_SEED_SIZE_WORDS]; } DRBG_SEED; #define CTR_DRBG_MAX_REQUESTS_PER_RESEED ((UINT64)1 << 20) #define CTR_DRBG_MAX_BYTES_PER_REQUEST (1 << 16) # define CTR_DRBG_MIN_ENTROPY_INPUT_LENGTH DRBG_SEED_SIZE_BYTES # define CTR_DRBG_MAX_ENTROPY_INPUT_LENGTH DRBG_SEED_SIZE_BYTES # define CTR_DRBG_MAX_ADDITIONAL_INPUT_LENGTH DRBG_SEED_SIZE_BYTES #define TESTING (1 << 0) #define ENTROPY (1 << 1) #define TESTED (1 << 2) #define IsTestStateSet(BIT) ((g_cryptoSelfTestState.rng & BIT) != 0) #define SetTestStateBit(BIT) (g_cryptoSelfTestState.rng |= BIT) #define ClearTestStateBit(BIT) (g_cryptoSelfTestState.rng &= ~BIT) #define IsSelfTest() IsTestStateSet(TESTING) #define SetSelfTest() SetTestStateBit(TESTING) #define ClearSelfTest() ClearTestStateBit(TESTING) #define IsEntropyBad() IsTestStateSet(ENTROPY) #define SetEntropyBad() SetTestStateBit(ENTROPY) #define ClearEntropyBad() ClearTestStateBit(ENTROPY) #define IsDrbgTested() IsTestStateSet(TESTED) #define SetDrbgTested() SetTestStateBit(TESTED) #define ClearDrbgTested() ClearTestStateBit(TESTED) typedef struct { UINT64 reseedCounter; UINT32 magic; DRBG_SEED seed; // contains the key and IV for the counter mode DRBG UINT32 lastValue[4]; // used when the TPM does continuous self-test // for FIPS compliance of DRBG } DRBG_STATE, *pDRBG_STATE; #define DRBG_MAGIC ((UINT32) 0x47425244) // "DRBG" backwards so that it displays typedef struct { UINT64 counter; UINT32 magic; UINT32 limit; TPM2B *seed; const TPM2B *label; TPM2B *context; TPM_ALG_ID hash; TPM_ALG_ID kdf; UINT16 digestSize; TPM2B_DIGEST residual; } KDF_STATE, *pKDR_STATE; #define KDF_MAGIC ((UINT32) 0x4048444a) // "KDF " backwards // Make sure that any other structures added to this union start with a 64-bit // counter and a 32-bit magic number typedef union { DRBG_STATE drbg; KDF_STATE kdf; } RAND_STATE; // This is the state used when the library uses a random number generator. // A special function is installed for the library to call. That function // picks up the state from this location and uses it for the generation // of the random number. extern RAND_STATE *s_random; // When instrumenting RSA key sieve #if RSA_INSTRUMENT #define PRIME_INDEX(x) ((x) == 512 ? 0 : (x) == 1024 ? 1 : 2) # define INSTRUMENT_SET(a, b) ((a) = (b)) # define INSTRUMENT_ADD(a, b) (a) = (a) + (b) # define INSTRUMENT_INC(a) (a) = (a) + 1 extern UINT32 PrimeIndex; extern UINT32 failedAtIteration[10]; extern UINT32 PrimeCounts[3]; extern UINT32 MillerRabinTrials[3]; extern UINT32 totalFieldsSieved[3]; extern UINT32 bitsInFieldAfterSieve[3]; extern UINT32 emptyFieldsSieved[3]; extern UINT32 noPrimeFields[3]; extern UINT32 primesChecked[3]; extern UINT16 lastSievePrime; #else # define INSTRUMENT_SET(a, b) # define INSTRUMENT_ADD(a, b) # define INSTRUMENT_INC(a) #endif #endif // _CRYPT_RAND_H go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptRsa.h000066400000000000000000000057121510276467000255540ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ // This file contains the RSA-related structures and defines. #ifndef _CRYPT_RSA_H #define _CRYPT_RSA_H // These values are used in the bigNum representation of various RSA values. BN_TYPE(rsa, MAX_RSA_KEY_BITS); #define BN_RSA(name) BN_VAR(name, MAX_RSA_KEY_BITS) #define BN_RSA_INITIALIZED(name, initializer) \ BN_INITIALIZED(name, MAX_RSA_KEY_BITS, initializer) #define BN_PRIME(name) BN_VAR(name, (MAX_RSA_KEY_BITS / 2)) BN_TYPE(prime, (MAX_RSA_KEY_BITS / 2)); #define BN_PRIME_INITIALIZED(name, initializer) \ BN_INITIALIZED(name, MAX_RSA_KEY_BITS / 2, initializer) #if !CRT_FORMAT_RSA # error This verson only works with CRT formatted data #endif // !CRT_FORMAT_RSA typedef struct privateExponent { bigNum P; bigNum Q; bigNum dP; bigNum dQ; bigNum qInv; bn_prime_t entries[5]; } privateExponent; #define NEW_PRIVATE_EXPONENT(X) \ privateExponent _##X; \ privateExponent *X = RsaInitializeExponent(&(_##X)) #endif // _CRYPT_RSA_H go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptSym.h000066400000000000000000000132741510276467000256010ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Introduction // // This file contains the implementation of the symmetric block cipher modes // allowed for a TPM. These functions only use the single block encryption functions // of the selected symmetric cryptographic library. //** Includes, Defines, and Typedefs #ifndef CRYPT_SYM_H #define CRYPT_SYM_H typedef union tpmCryptKeySchedule_t { #if ALG_AES tpmKeyScheduleAES AES; #endif #if ALG_SM4 tpmKeyScheduleSM4 SM4; #endif #if ALG_CAMELLIA tpmKeyScheduleCAMELLIA CAMELLIA; #endif #if ALG_TDES tpmKeyScheduleTDES TDES[3]; #endif #if SYMMETRIC_ALIGNMENT == 8 uint64_t alignment; #else uint32_t alignment; #endif } tpmCryptKeySchedule_t; // Each block cipher within a library is expected to conform to the same calling // conventions with three parameters ('keySchedule', 'in', and 'out') in the same // order. That means that all algorithms would use the same order of the same // parameters. The code is written assuming the ('keySchedule', 'in', and 'out') // order. However, if the library uses a different order, the order can be changed // with a SWIZZLE macro that puts the parameters in the correct order. // Note that all algorithms have to use the same order and number of parameters // because the code to build the calling list is common for each call to encrypt // or decrypt with the algorithm chosen by setting a function pointer to select // the algorithm that is used. # define ENCRYPT(keySchedule, in, out) \ encrypt(SWIZZLE(keySchedule, in, out)) # define DECRYPT(keySchedule, in, out) \ decrypt(SWIZZLE(keySchedule, in, out)) // Note that the macros rely on 'encrypt' as local values in the // functions that use these macros. Those parameters are set by the macro that // set the key schedule to be used for the call. #define ENCRYPT_CASE(ALG) \ case TPM_ALG_##ALG: \ TpmCryptSetEncryptKey##ALG(key, keySizeInBits, &keySchedule.ALG); \ encrypt = (TpmCryptSetSymKeyCall_t)TpmCryptEncrypt##ALG; \ break; #define DECRYPT_CASE(ALG) \ case TPM_ALG_##ALG: \ TpmCryptSetDecryptKey##ALG(key, keySizeInBits, &keySchedule.ALG); \ decrypt = (TpmCryptSetSymKeyCall_t)TpmCryptDecrypt##ALG; \ break; #if ALG_AES #define ENCRYPT_CASE_AES ENCRYPT_CASE(AES) #define DECRYPT_CASE_AES DECRYPT_CASE(AES) #else #define ENCRYPT_CASE_AES #define DECRYPT_CASE_AES #endif #if ALG_SM4 #define ENCRYPT_CASE_SM4 ENCRYPT_CASE(SM4) #define DECRYPT_CASE_SM4 DECRYPT_CASE(SM4) #else #define ENCRYPT_CASE_SM4 #define DECRYPT_CASE_SM4 #endif #if ALG_CAMELLIA #define ENCRYPT_CASE_CAMELLIA ENCRYPT_CASE(CAMELLIA) #define DECRYPT_CASE_CAMELLIA DECRYPT_CASE(CAMELLIA) #else #define ENCRYPT_CASE_CAMELLIA #define DECRYPT_CASE_CAMELLIA #endif #if ALG_TDES #define ENCRYPT_CASE_TDES ENCRYPT_CASE(TDES) #define DECRYPT_CASE_TDES DECRYPT_CASE(TDES) #else #define ENCRYPT_CASE_TDES #define DECRYPT_CASE_TDES #endif // For each algorithm the case will either be defined or null. #define SELECT(direction) \ switch(algorithm) \ { \ direction##_CASE_AES \ direction##_CASE_SM4 \ direction##_CASE_CAMELLIA \ direction##_CASE_TDES \ default: \ FAIL(FATAL_ERROR_INTERNAL); \ } #endif // CRYPT_SYM_Hgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/CryptTest.h000066400000000000000000000056311510276467000257460ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ // This file contains constant definitions used for self-test. #ifndef _CRYPT_TEST_H #define _CRYPT_TEST_H // This is the definition of a bit array with one bit per algorithm. // NOTE: Since bit numbering starts at zero, when ALG_LAST_VALUE is a multiple of 8, // ALGORITHM_VECTOR will need to have byte for the single bit in the last byte. So, // for example, when ALG_LAST_VECTOR is 8, ALGORITHM_VECTOR will need 2 bytes. #define ALGORITHM_VECTOR_BYTES ((ALG_LAST_VALUE + 8) / 8) typedef BYTE ALGORITHM_VECTOR[ALGORITHM_VECTOR_BYTES]; #ifdef TEST_SELF_TEST LIB_EXPORT extern ALGORITHM_VECTOR LibToTest; #endif // This structure is used to contain self-test tracking information for the // cryptographic modules. Each of the major modules is given a 32-bit value in // which it may maintain its own self test information. The convention for this // state is that when all of the bits in this structure are 0, all functions need // to be tested. typedef struct { UINT32 rng; UINT32 hash; UINT32 sym; #if ALG_RSA UINT32 rsa; #endif #if ALG_ECC UINT32 ecc; #endif } CRYPTO_SELF_TEST_STATE; #endif // _CRYPT_TEST_H go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/EccTestData.h000066400000000000000000000174461510276467000261400ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ // This file contains the parameter data for ECC testing. #ifdef SELF_TEST_DATA TPM2B_TYPE(EC_TEST, 32); const TPM_ECC_CURVE c_testCurve = 00003; // The "static" key const TPM2B_EC_TEST c_ecTestKey_ds = {{32, { 0xdf,0x8d,0xa4,0xa3,0x88,0xf6,0x76,0x96,0x89,0xfc,0x2f,0x2d,0xa1,0xb4,0x39,0x7a, 0x78,0xc4,0x7f,0x71,0x8c,0xa6,0x91,0x85,0xc0,0xbf,0xf3,0x54,0x20,0x91,0x2f,0x73}}}; const TPM2B_EC_TEST c_ecTestKey_QsX = {{32, { 0x17,0xad,0x2f,0xcb,0x18,0xd4,0xdb,0x3f,0x2c,0x53,0x13,0x82,0x42,0x97,0xff,0x8d, 0x99,0x50,0x16,0x02,0x35,0xa7,0x06,0xae,0x1f,0xda,0xe2,0x9c,0x12,0x77,0xc0,0xf9}}}; const TPM2B_EC_TEST c_ecTestKey_QsY = {{32, { 0xa6,0xca,0xf2,0x18,0x45,0x96,0x6e,0x58,0xe6,0x72,0x34,0x12,0x89,0xcd,0xaa,0xad, 0xcb,0x68,0xb2,0x51,0xdc,0x5e,0xd1,0x6d,0x38,0x20,0x35,0x57,0xb2,0xfd,0xc7,0x52}}}; // The "ephemeral" key const TPM2B_EC_TEST c_ecTestKey_de = {{32, { 0xb6,0xb5,0x33,0x5c,0xd1,0xee,0x52,0x07,0x99,0xea,0x2e,0x8f,0x8b,0x19,0x18,0x07, 0xc1,0xf8,0xdf,0xdd,0xb8,0x77,0x00,0xc7,0xd6,0x53,0x21,0xed,0x02,0x53,0xee,0xac}}}; const TPM2B_EC_TEST c_ecTestKey_QeX = {{32, { 0xa5,0x1e,0x80,0xd1,0x76,0x3e,0x8b,0x96,0xce,0xcc,0x21,0x82,0xc9,0xa2,0xa2,0xed, 0x47,0x21,0x89,0x53,0x44,0xe9,0xc7,0x92,0xe7,0x31,0x48,0x38,0xe6,0xea,0x93,0x47}}}; const TPM2B_EC_TEST c_ecTestKey_QeY = {{32, { 0x30,0xe6,0x4f,0x97,0x03,0xa1,0xcb,0x3b,0x32,0x2a,0x70,0x39,0x94,0xeb,0x4e,0xea, 0x55,0x88,0x81,0x3f,0xb5,0x00,0xb8,0x54,0x25,0xab,0xd4,0xda,0xfd,0x53,0x7a,0x18}}}; // ECDH test results const TPM2B_EC_TEST c_ecTestEcdh_X = {{32, { 0x64,0x02,0x68,0x92,0x78,0xdb,0x33,0x52,0xed,0x3b,0xfa,0x3b,0x74,0xa3,0x3d,0x2c, 0x2f,0x9c,0x59,0x03,0x07,0xf8,0x22,0x90,0xed,0xe3,0x45,0xf8,0x2a,0x0a,0xd8,0x1d}}}; const TPM2B_EC_TEST c_ecTestEcdh_Y = {{32, { 0x58,0x94,0x05,0x82,0xbe,0x5f,0x33,0x02,0x25,0x90,0x3a,0x33,0x90,0x89,0xe3,0xe5, 0x10,0x4a,0xbc,0x78,0xa5,0xc5,0x07,0x64,0xaf,0x91,0xbc,0xe6,0xff,0x85,0x11,0x40}}}; TPM2B_TYPE(TEST_VALUE, 64); const TPM2B_TEST_VALUE c_ecTestValue = {{64, { 0x78,0xd5,0xd4,0x56,0x43,0x61,0xdb,0x97,0xa4,0x32,0xc4,0x0b,0x06,0xa9,0xa8,0xa0, 0xf4,0x45,0x7f,0x13,0xd8,0x13,0x81,0x0b,0xe5,0x76,0xbe,0xaa,0xb6,0x3f,0x8d,0x4d, 0x23,0x65,0xcc,0xa7,0xc9,0x19,0x10,0xce,0x69,0xcb,0x0c,0xc7,0x11,0x8d,0xc3,0xff, 0x62,0x69,0xa2,0xbe,0x46,0x90,0xe7,0x7d,0x81,0x77,0x94,0x65,0x1c,0x3e,0xc1,0x3e}}}; #if ALG_SHA1_VALUE == DEFAULT_TEST_HASH const TPM2B_EC_TEST c_TestEcDsa_r = {{32, { 0x57,0xf3,0x36,0xb7,0xec,0xc2,0xdd,0x76,0x0e,0xe2,0x81,0x21,0x49,0xc5,0x66,0x11, 0x4b,0x8a,0x4f,0x17,0x62,0x82,0xcc,0x06,0xf6,0x64,0x78,0xef,0x6b,0x7c,0xf2,0x6c}}}; const TPM2B_EC_TEST c_TestEcDsa_s = {{32, { 0x1b,0xed,0x23,0x72,0x8f,0x17,0x5f,0x47,0x2e,0xa7,0x97,0x2c,0x51,0x57,0x20,0x70, 0x6f,0x89,0x74,0x8a,0xa8,0xf4,0x26,0xf4,0x96,0xa1,0xb8,0x3e,0xe5,0x35,0xc5,0x94}}}; const TPM2B_EC_TEST c_TestEcSchnorr_r = {{32,{ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x1b,0x08,0x9f,0xde, 0xef,0x62,0xe3,0xf1,0x14,0xcb,0x54,0x28,0x13,0x76,0xfc,0x6d,0x69,0x22,0xb5,0x3e}}}; const TPM2B_EC_TEST c_TestEcSchnorr_s = {{32,{ 0xd9,0xd3,0x20,0xfb,0x4d,0x16,0xf2,0xe6,0xe2,0x45,0x07,0x45,0x1c,0x92,0x92,0x92, 0xa9,0x6b,0x48,0xf8,0xd1,0x98,0x29,0x4d,0xd3,0x8f,0x56,0xf2,0xbb,0x2e,0x22,0x3b}}}; #endif // SHA1 #if ALG_SHA256_VALUE == DEFAULT_TEST_HASH const TPM2B_EC_TEST c_TestEcDsa_r = {{32, { 0x04,0x7d,0x54,0xeb,0x04,0x6f,0x56,0xec,0xa2,0x6c,0x38,0x8c,0xeb,0x43,0x0b,0x71, 0xf8,0xf2,0xf4,0xa5,0xe0,0x1d,0x3c,0xa2,0x39,0x31,0xe4,0xe7,0x36,0x3b,0xb5,0x5f}}}; const TPM2B_EC_TEST c_TestEcDsa_s = {{32, { 0x8f,0xd0,0x12,0xd9,0x24,0x75,0xf6,0xc4,0x3b,0xb5,0x46,0x75,0x3a,0x41,0x8d,0x80, 0x23,0x99,0x38,0xd7,0xe2,0x40,0xca,0x9a,0x19,0x2a,0xfc,0x54,0x75,0xd3,0x4a,0x6e}}}; const TPM2B_EC_TEST c_TestEcSchnorr_r = {{32, { 0xf7,0xb9,0x15,0x4c,0x34,0xf6,0x41,0x19,0xa3,0xd2,0xf1,0xbd,0xf4,0x13,0x6a,0x4f, 0x63,0xb8,0x4d,0xb5,0xc8,0xcd,0xde,0x85,0x95,0xa5,0x39,0x0a,0x14,0x49,0x3d,0x2f}}}; const TPM2B_EC_TEST c_TestEcSchnorr_s = {{32,{ 0xfe,0xbe,0x17,0xaa,0x31,0x22,0x9f,0xd0,0xd2,0xf5,0x25,0x04,0x92,0xb0,0xaa,0x4e, 0xcc,0x1c,0xb6,0x79,0xd6,0x42,0xb3,0x4e,0x3f,0xbb,0xfe,0x5f,0xd0,0xd0,0x8b,0xc3}}}; #endif // SHA256 #if ALG_SHA384_VALUE == DEFAULT_TEST_HASH const TPM2B_EC_TEST c_TestEcDsa_r = {{32, { 0xf5,0x74,0x6d,0xd6,0xc6,0x56,0x86,0xbb,0xba,0x1c,0xba,0x75,0x65,0xee,0x64,0x31, 0xce,0x04,0xe3,0x9f,0x24,0x3f,0xbd,0xfe,0x04,0xcd,0xab,0x7e,0xfe,0xad,0xcb,0x82}}}; const TPM2B_EC_TEST c_TestEcDsa_s = {{32, { 0xc2,0x4f,0x32,0xa1,0x06,0xc0,0x85,0x4f,0xc6,0xd8,0x31,0x66,0x91,0x9f,0x79,0xcd, 0x5b,0xe5,0x7b,0x94,0xa1,0x91,0x38,0xac,0xd4,0x20,0xa2,0x10,0xf0,0xd5,0x9d,0xbf}}}; const TPM2B_EC_TEST c_TestEcSchnorr_r = {{32, { 0x1e,0xb8,0xe1,0xbf,0xa1,0x9e,0x39,0x1e,0x58,0xa2,0xe6,0x59,0xd0,0x1a,0x6a,0x03, 0x6a,0x1f,0x1c,0x4f,0x36,0x19,0xc1,0xec,0x30,0xa4,0x85,0x1b,0xe9,0x74,0x35,0x66}}}; const TPM2B_EC_TEST c_TestEcSchnorr_s = {{32,{ 0xb9,0xe6,0xe3,0x7e,0xcb,0xb9,0xea,0xf1,0xcc,0xf4,0x48,0x44,0x4a,0xda,0xc8,0xd7, 0x87,0xb4,0xba,0x40,0xfe,0x5b,0x68,0x11,0x14,0xcf,0xa0,0x0e,0x85,0x46,0x99,0x01}}}; #endif // SHA384 #if ALG_SHA512_VALUE == DEFAULT_TEST_HASH const TPM2B_EC_TEST c_TestEcDsa_r = {{32, { 0xc9,0x71,0xa6,0xb4,0xaf,0x46,0x26,0x8c,0x27,0x00,0x06,0x3b,0x00,0x0f,0xa3,0x17, 0x72,0x48,0x40,0x49,0x4d,0x51,0x4f,0xa4,0xcb,0x7e,0x86,0xe9,0xe7,0xb4,0x79,0xb2}}}; const TPM2B_EC_TEST c_TestEcDsa_s = {{32,{ 0x87,0xbc,0xc0,0xed,0x74,0x60,0x9e,0xfa,0x4e,0xe8,0x16,0xf3,0xf9,0x6b,0x26,0x07, 0x3c,0x74,0x31,0x7e,0xf0,0x62,0x46,0xdc,0xd6,0x45,0x22,0x47,0x3e,0x0c,0xa0,0x02}}}; const TPM2B_EC_TEST c_TestEcSchnorr_r = {{32,{ 0xcc,0x07,0xad,0x65,0x91,0xdd,0xa0,0x10,0x23,0xae,0x53,0xec,0xdf,0xf1,0x50,0x90, 0x16,0x96,0xf4,0x45,0x09,0x73,0x9c,0x84,0xb5,0x5c,0x5f,0x08,0x51,0xcb,0x60,0x01}}}; const TPM2B_EC_TEST c_TestEcSchnorr_s = {{32,{ 0x55,0x20,0x21,0x54,0xe2,0x49,0x07,0x47,0x71,0xf4,0x99,0x15,0x54,0xf3,0xab,0x14, 0xdb,0x8e,0xda,0x79,0xb6,0x02,0x0e,0xe3,0x5e,0x6f,0x2c,0xb6,0x05,0xbd,0x14,0x10}}}; #endif // SHA512 #endif // SELF_TEST_DATA go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Global.h000066400000000000000000002043611510276467000252060ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Description // This file contains internal global type definitions and data declarations that // are need between subsystems. The instantiation of global data is in Global.c. // The initialization of global data is in the subsystem that is the primary owner // of the data. // // The first part of this file has the typedefs for structures and other defines // used in many portions of the code. After the typedef section, is a section that // defines global values that are only present in RAM. The next three sections // define the structures for the NV data areas: persistent, orderly, and state // save. Additional sections define the data that is used in specific modules. That // data is private to the module but is collected here to simplify the management // of the instance data. // All the data is instanced in Global.c. #if !defined _TPM_H_ #error "Should only be instanced in TPM.h" #endif //** Includes #ifndef GLOBAL_H #define GLOBAL_H #ifdef GLOBAL_C #define EXTERN #define INITIALIZER(_value_) = _value_ #else #define EXTERN extern #define INITIALIZER(_value_) #endif _REDUCE_WARNING_LEVEL_(2) #include #include _NORMAL_WARNING_LEVEL_ #if SIMULATION #undef CONTEXT_SLOT # define CONTEXT_SLOT UINT8 #endif #include "Capabilities.h" #include "TpmTypes.h" #include "CommandAttributes.h" #include "CryptTest.h" #include "BnValues.h" #include "CryptHash.h" #include "CryptSym.h" #include "CryptRand.h" #include "CryptEcc.h" #include "CryptRsa.h" #include "CryptTest.h" #include "TpmError.h" #include "NV.h" //** Defines and Types //*** Size Types // These types are used to differentiate the two different size values used. // // NUMBYTES is used when a size is a number of bytes (usually a TPM2B) typedef UINT16 NUMBYTES; //*** Other Types // An AUTH_VALUE is a BYTE array containing a digest (TPMU_HA) typedef BYTE AUTH_VALUE[sizeof(TPMU_HA)]; // A TIME_INFO is a BYTE array that can contain a TPMS_TIME_INFO typedef BYTE TIME_INFO[sizeof(TPMS_TIME_INFO)]; // A NAME is a BYTE array that can contain a TPMU_NAME typedef BYTE NAME[sizeof(TPMU_NAME)]; // Definition for a PROOF value TPM2B_TYPE(PROOF, PROOF_SIZE); // Definition for a Primary Seed value TPM2B_TYPE(SEED, PRIMARY_SEED_SIZE); // A CLOCK_NONCE is used to tag the time value in the authorization session and // in the ticket computation so that the ticket expires when there is a time // discontinuity. When the clock stops during normal operation, the nonce is // 64-bit value kept in RAM but it is a 32-bit counter when the clock only stops // during power events. #if CLOCK_STOPS typedef UINT64 CLOCK_NONCE; #else typedef UINT32 CLOCK_NONCE; #endif //** Loaded Object Structures //*** Description // The structures in this section define the object layout as it exists in TPM // memory. // // Two types of objects are defined: an ordinary object such as a key, and a // sequence object that may be a hash, HMAC, or event. // //*** OBJECT_ATTRIBUTES // An OBJECT_ATTRIBUTES structure contains the variable attributes of an object. // These properties are not part of the public properties but are used by the // TPM in managing the object. An OBJECT_ATTRIBUTES is used in the definition of // the OBJECT data type. typedef struct { unsigned publicOnly : 1; //0) SET if only the public portion of // an object is loaded unsigned epsHierarchy : 1; //1) SET if the object belongs to EPS // Hierarchy unsigned ppsHierarchy : 1; //2) SET if the object belongs to PPS // Hierarchy unsigned spsHierarchy : 1; //3) SET f the object belongs to SPS // Hierarchy unsigned evict : 1; //4) SET if the object is a platform or // owner evict object. Platform- // evict object belongs to PPS // hierarchy, owner-evict object // belongs to SPS or EPS hierarchy. // This bit is also used to mark a // completed sequence object so it // will be flush when the // SequenceComplete command succeeds. unsigned primary : 1; //5) SET for a primary object unsigned temporary : 1; //6) SET for a temporary object unsigned stClear : 1; //7) SET for an stClear object unsigned hmacSeq : 1; //8) SET for an HMAC or MAC sequence // object unsigned hashSeq : 1; //9) SET for a hash sequence object unsigned eventSeq : 1; //10) SET for an event sequence object unsigned ticketSafe : 1; //11) SET if a ticket is safe to create // for hash sequence object unsigned firstBlock : 1; //12) SET if the first block of hash // data has been received. It // works with ticketSafe bit unsigned isParent : 1; //13) SET if the key has the proper // attributes to be a parent key // unsigned privateExp : 1; //14) SET when the private exponent // // of an RSA key has been validated. unsigned not_used_14 : 1; unsigned occupied : 1; //15) SET when the slot is occupied. unsigned derivation : 1; //16) SET when the key is a derivation // parent unsigned external : 1; //17) SET when the object is loaded with // TPM2_LoadExternal(); } OBJECT_ATTRIBUTES; #if ALG_RSA // There is an overload of the sensitive.rsa.t.size field of a TPMT_SENSITIVE when an // RSA key is loaded. When the sensitive->sensitive contains an RSA key with all of // the CRT values, then the MSB of the size field will be set to indicate that the // buffer contains all 5 of the CRT private key values. #define RSA_prime_flag 0x8000 #endif //*** OBJECT Structure // An OBJECT structure holds the object public, sensitive, and meta-data // associated. This structure is implementation dependent. For this // implementation, the structure is not optimized for space but rather // for clarity of the reference implementation. Other implementations // may choose to overlap portions of the structure that are not used // simultaneously. These changes would necessitate changes to the source // code but those changes would be compatible with the reference // implementation. typedef struct OBJECT { // The attributes field is required to be first followed by the publicArea. // This allows the overlay of the object structure and a sequence structure OBJECT_ATTRIBUTES attributes; // object attributes TPMT_PUBLIC publicArea; // public area of an object TPMT_SENSITIVE sensitive; // sensitive area of an object TPM2B_NAME qualifiedName; // object qualified name TPMI_DH_OBJECT evictHandle; // if the object is an evict object, // the original handle is kept here. // The 'working' handle will be the // handle of an object slot. TPM2B_NAME name; // Name of the object name. Kept here // to avoid repeatedly computing it. } OBJECT; //*** HASH_OBJECT Structure // This structure holds a hash sequence object or an event sequence object. // // The first four components of this structure are manually set to be the same as // the first four components of the object structure. This prevents the object // from being inadvertently misused as sequence objects occupy the same memory as // a regular object. A debug check is present to make sure that the offsets are // what they are supposed to be. // NOTE: In a future version, this will probably be renamed as SEQUENCE_OBJECT typedef struct HASH_OBJECT { OBJECT_ATTRIBUTES attributes; // The attributes of the HASH object TPMI_ALG_PUBLIC type; // algorithm TPMI_ALG_HASH nameAlg; // name algorithm TPMA_OBJECT objectAttributes; // object attributes // The data below is unique to a sequence object TPM2B_AUTH auth; // authorization for use of sequence union { HASH_STATE hashState[HASH_COUNT]; HMAC_STATE hmacState; } state; } HASH_OBJECT; typedef BYTE HASH_OBJECT_BUFFER[sizeof(HASH_OBJECT)]; //*** ANY_OBJECT // This is the union for holding either a sequence object or a regular object. // for ContextSave and ContextLoad typedef union ANY_OBJECT { OBJECT entity; HASH_OBJECT hash; } ANY_OBJECT; typedef BYTE ANY_OBJECT_BUFFER[sizeof(ANY_OBJECT)]; //**AUTH_DUP Types // These values are used in the authorization processing. typedef UINT32 AUTH_ROLE; #define AUTH_NONE ((AUTH_ROLE)(0)) #define AUTH_USER ((AUTH_ROLE)(1)) #define AUTH_ADMIN ((AUTH_ROLE)(2)) #define AUTH_DUP ((AUTH_ROLE)(3)) //** Active Session Context //*** Description // The structures in this section define the internal structure of a session // context. // //*** SESSION_ATTRIBUTES // The attributes in the SESSION_ATTRIBUTES structure track the various properties // of the session. It maintains most of the tracking state information for the // policy session. It is used within the SESSION structure. typedef struct SESSION_ATTRIBUTES { unsigned isPolicy : 1; //1) SET if the session may only be used // for policy unsigned isAudit : 1; //2) SET if the session is used for audit unsigned isBound : 1; //3) SET if the session is bound to with an // entity. This attribute will be CLEAR // if either isPolicy or isAudit is SET. unsigned isCpHashDefined : 1; //3) SET if the cpHash has been defined // This attribute is not SET unless // 'isPolicy' is SET. unsigned isAuthValueNeeded : 1; //5) SET if the authValue is required for // computing the session HMAC. This // attribute is not SET unless 'isPolicy' // is SET. unsigned isPasswordNeeded : 1; //6) SET if a password authValue is required // for authorization This attribute is not // SET unless 'isPolicy' is SET. unsigned isPPRequired : 1; //7) SET if physical presence is required to // be asserted when the authorization is // checked. This attribute is not SET // unless 'isPolicy' is SET. unsigned isTrialPolicy : 1; //8) SET if the policy session is created // for trial of the policy's policyHash // generation. This attribute is not SET // unless 'isPolicy' is SET. unsigned isDaBound : 1; //9) SET if the bind entity had noDA CLEAR. // If this is SET, then an authorization // failure using this session will count // against lockout even if the object // being authorized is exempt from DA. unsigned isLockoutBound : 1; //10) SET if the session is bound to // lockoutAuth. unsigned includeAuth : 1; //11) This attribute is SET when the // authValue of an object is to be // included in the computation of the // HMAC key for the command and response // computations. (was 'requestWasBound') unsigned checkNvWritten : 1; //12) SET if the TPMA_NV_WRITTEN attribute // needs to be checked when the policy is // used for authorization for NV access. // If this is SET for any other type, the // policy will fail. unsigned nvWrittenState : 1; //13) SET if TPMA_NV_WRITTEN is required to // be SET. Used when 'checkNvWritten' is // SET unsigned isTemplateSet : 1; //14) SET if the templateHash needs to be // checked for Create, CreatePrimary, or // CreateLoaded. } SESSION_ATTRIBUTES; //*** SESSION Structure // The SESSION structure contains all the context of a session except for the // associated contextID. // // Note: The contextID of a session is only relevant when the session context // is stored off the TPM. typedef struct SESSION { SESSION_ATTRIBUTES attributes; // session attributes UINT32 pcrCounter; // PCR counter value when PCR is // included (policy session) // If no PCR is included, this // value is 0. UINT64 startTime; // The value in g_time when the session // was started (policy session) UINT64 timeout; // The timeout relative to g_time // There is no timeout if this value // is 0. CLOCK_NONCE epoch; // The g_clockEpoch value when the // session was started. If g_clockEpoch // does not match this value when the // timeout is used, then // then the command will fail. TPM_CC commandCode; // command code (policy session) TPM_ALG_ID authHashAlg; // session hash algorithm TPMA_LOCALITY commandLocality; // command locality (policy session) TPMT_SYM_DEF symmetric; // session symmetric algorithm (if any) TPM2B_AUTH sessionKey; // session secret value used for // this session TPM2B_NONCE nonceTPM; // last TPM-generated nonce for // generating HMAC and encryption keys union { TPM2B_NAME boundEntity; // value used to track the entity to // which the session is bound TPM2B_DIGEST cpHash; // the required cpHash value for the // command being authorized TPM2B_DIGEST nameHash; // the required nameHash TPM2B_DIGEST templateHash; // the required template for creation } u1; union { TPM2B_DIGEST auditDigest; // audit session digest TPM2B_DIGEST policyDigest; // policyHash } u2; // audit log and policyHash may // share space to save memory } SESSION; #define EXPIRES_ON_RESET INT32_MIN #define TIMEOUT_ON_RESET UINT64_MAX #define EXPIRES_ON_RESTART (INT32_MIN + 1) #define TIMEOUT_ON_RESTART (UINT64_MAX - 1) typedef BYTE SESSION_BUF[sizeof(SESSION)]; //********************************************************************************* //** PCR //********************************************************************************* //***PCR_SAVE Structure // The PCR_SAVE structure type contains the PCR data that are saved across power // cycles. Only the static PCR are required to be saved across power cycles. The // DRTM and resettable PCR are not saved. The number of static and resettable PCR // is determined by the platform-specific specification to which the TPM is built. typedef struct PCR_SAVE { #if ALG_SHA1 BYTE sha1[NUM_STATIC_PCR][SHA1_DIGEST_SIZE]; #endif #if ALG_SHA256 BYTE sha256[NUM_STATIC_PCR][SHA256_DIGEST_SIZE]; #endif #if ALG_SHA384 BYTE sha384[NUM_STATIC_PCR][SHA384_DIGEST_SIZE]; #endif #if ALG_SHA512 BYTE sha512[NUM_STATIC_PCR][SHA512_DIGEST_SIZE]; #endif #if ALG_SM3_256 BYTE sm3_256[NUM_STATIC_PCR][SM3_256_DIGEST_SIZE]; #endif // This counter increments whenever the PCR are updated. // NOTE: A platform-specific specification may designate // certain PCR changes as not causing this counter // to increment. UINT32 pcrCounter; } PCR_SAVE; //***PCR_POLICY #if defined NUM_POLICY_PCR_GROUP && NUM_POLICY_PCR_GROUP > 0 // This structure holds the PCR policies, one for each group of PCR controlled // by policy. typedef struct PCR_POLICY { TPMI_ALG_HASH hashAlg[NUM_POLICY_PCR_GROUP]; TPM2B_DIGEST a; TPM2B_DIGEST policy[NUM_POLICY_PCR_GROUP]; } PCR_POLICY; #endif //***PCR_AUTHVALUE // This structure holds the PCR policies, one for each group of PCR controlled // by policy. typedef struct PCR_AUTH_VALUE { TPM2B_DIGEST auth[NUM_AUTHVALUE_PCR_GROUP]; } PCR_AUTHVALUE; //**STARTUP_TYPE // This enumeration is the possible startup types. The type is determined // by the combination of TPM2_ShutDown and TPM2_Startup. typedef enum { SU_RESET, SU_RESTART, SU_RESUME } STARTUP_TYPE; //**NV //***NV_INDEX // The NV_INDEX structure defines the internal format for an NV index. // The 'indexData' size varies according to the type of the index. // In this implementation, all of the index is manipulated as a unit. typedef struct NV_INDEX { TPMS_NV_PUBLIC publicArea; TPM2B_AUTH authValue; } NV_INDEX; //*** NV_REF // An NV_REF is an opaque value returned by the NV subsystem. It is used to // reference and NV Index in a relatively efficient way. Rather than having to // continually search for an Index, its reference value may be used. In this // implementation, an NV_REF is a byte pointer that points to the copy of the // NV memory that is kept in RAM. typedef UINT32 NV_REF; typedef BYTE *NV_RAM_REF; //***NV_PIN // This structure deals with the possible endianess differences between the // canonical form of the TPMS_NV_PIN_COUNTER_PARAMETERS structure and the internal // value. The structures allow the data in a PIN index to be read as an 8-octet // value using NvReadUINT64Data(). That function will byte swap all the values on a // little endian system. This will put the bytes with the 4-octet values in the // correct order but will swap the pinLimit and pinCount values. When written, the // PIN index is simply handled as a normal index with the octets in canonical order. #if BIG_ENDIAN_TPM typedef struct { UINT32 pinCount; UINT32 pinLimit; } PIN_DATA; #else typedef struct { UINT32 pinLimit; UINT32 pinCount; } PIN_DATA; #endif typedef union { UINT64 intVal; PIN_DATA pin; } NV_PIN; //**COMMIT_INDEX_MASK // This is the define for the mask value that is used when manipulating // the bits in the commit bit array. The commit counter is a 64-bit // value and the low order bits are used to index the commitArray. // This mask value is applied to the commit counter to extract the // bit number in the array. #if ALG_ECC #define COMMIT_INDEX_MASK ((UINT16)((sizeof(gr.commitArray)*8)-1)) #endif //***************************************************************************** //***************************************************************************** //** RAM Global Values //***************************************************************************** //***************************************************************************** //*** Description // The values in this section are only extant in RAM or ROM as constant values. //*** Crypto Self-Test Values EXTERN ALGORITHM_VECTOR g_implementedAlgorithms; EXTERN ALGORITHM_VECTOR g_toTest; //*** g_rcIndex[] // This array is used to contain the array of values that are added to a return // code when it is a parameter-, handle-, or session-related error. // This is an implementation choice and the same result can be achieved by using // a macro. #define g_rcIndexInitializer { TPM_RC_1, TPM_RC_2, TPM_RC_3, TPM_RC_4, \ TPM_RC_5, TPM_RC_6, TPM_RC_7, TPM_RC_8, \ TPM_RC_9, TPM_RC_A, TPM_RC_B, TPM_RC_C, \ TPM_RC_D, TPM_RC_E, TPM_RC_F } EXTERN const UINT16 g_rcIndex[15] INITIALIZER(g_rcIndexInitializer); //*** g_exclusiveAuditSession // This location holds the session handle for the current exclusive audit // session. If there is no exclusive audit session, the location is set to // TPM_RH_UNASSIGNED. EXTERN TPM_HANDLE g_exclusiveAuditSession; //*** g_time // This is the value in which we keep the current command time. This is initialized // at the start of each command. The time is the accumulated time since the last // time that the TPM's timer was last powered up. Clock is the accumulated time // since the last time that the TPM was cleared. g_time is in mS. EXTERN UINT64 g_time; //*** g_timeEpoch // This value contains the current clock Epoch. It changes when there is a clock // discontinuity. It may be necessary to place this in NV should the timer be able // to run across a power down of the TPM but not in all cases (e.g. dead battery). // If the nonce is placed in NV, it should go in gp because it should be changing // slowly. #if CLOCK_STOPS EXTERN CLOCK_NONCE g_timeEpoch; #else #define g_timeEpoch gp.timeEpoch #endif //*** g_phEnable // This is the platform hierarchy control and determines if the platform hierarchy // is available. This value is SET on each TPM2_Startup(). The default value is // SET. EXTERN BOOL g_phEnable; //*** g_pcrReConfig // This value is SET if a TPM2_PCR_Allocate command successfully executed since // the last TPM2_Startup(). If so, then the next shutdown is required to be // Shutdown(CLEAR). EXTERN BOOL g_pcrReConfig; //*** g_DRTMHandle // This location indicates the sequence object handle that holds the DRTM // sequence data. When not used, it is set to TPM_RH_UNASSIGNED. A sequence // DRTM sequence is started on either _TPM_Init or _TPM_Hash_Start. EXTERN TPMI_DH_OBJECT g_DRTMHandle; //*** g_DrtmPreStartup // This value indicates that an H-CRTM occurred after _TPM_Init but before // TPM2_Startup(). The define for PRE_STARTUP_FLAG is used to add the // g_DrtmPreStartup value to gp_orderlyState at shutdown. This hack is to avoid // adding another NV variable. EXTERN BOOL g_DrtmPreStartup; //*** g_StartupLocality3 // This value indicates that a TPM2_Startup() occurred at locality 3. Otherwise, it // at locality 0. The define for STARTUP_LOCALITY_3 is to // indicate that the startup was not at locality 0. This hack is to avoid // adding another NV variable. EXTERN BOOL g_StartupLocality3; //***TPM_SU_NONE // Part 2 defines the two shutdown/startup types that may be used in // TPM2_Shutdown() and TPM2_Starup(). This additional define is // used by the TPM to indicate that no shutdown was received. // NOTE: This is a reserved value. #define SU_NONE_VALUE (0xFFFF) #define TPM_SU_NONE (TPM_SU)(SU_NONE_VALUE) //*** TPM_SU_DA_USED // As with TPM_SU_NONE, this value is added to allow indication that the shutdown // was not orderly and that a DA=protected object was reference during the previous // cycle. #define SU_DA_USED_VALUE (SU_NONE_VALUE - 1) #define TPM_SU_DA_USED (TPM_SU)(SU_DA_USED_VALUE) //*** Startup Flags // These flags are included in gp.orderlyState. These are hacks and are being // used to avoid having to change the layout of gp. The PRE_STARTUP_FLAG indicates // that a _TPM_Hash_Start/_Data/_End sequence was received after _TPM_Init but // before TPM2_StartUp(). STARTUP_LOCALITY_3 indicates that the last TPM2_Startup() // was received at locality 3. These flags are only relevant if after a // TPM2_Shutdown(STATE). #define PRE_STARTUP_FLAG 0x8000 #define STARTUP_LOCALITY_3 0x4000 #if USE_DA_USED //*** g_daUsed // This location indicates if a DA-protected value is accessed during a boot // cycle. If none has, then there is no need to increment 'failedTries' on the // next non-orderly startup. This bit is merged with gp.orderlyState when that // gp.orderly is set to SU_NONE_VALUE EXTERN BOOL g_daUsed; #endif //*** g_updateNV // This flag indicates if NV should be updated at the end of a command. // This flag is set to UT_NONE at the beginning of each command in ExecuteCommand(). // This flag is checked in ExecuteCommand() after the detailed actions of a command // complete. If the command execution was successful and this flag is not UT_NONE, // any pending NV writes will be committed to NV. // UT_ORDERLY causes any RAM data to be written to the orderly space for staging // the write to NV. typedef BYTE UPDATE_TYPE; #define UT_NONE (UPDATE_TYPE)0 #define UT_NV (UPDATE_TYPE)1 #define UT_ORDERLY (UPDATE_TYPE)(UT_NV + 2) EXTERN UPDATE_TYPE g_updateNV; //*** g_powerWasLost // This flag is used to indicate if the power was lost. It is SET in _TPM__Init. // This flag is cleared by TPM2_Startup() after all power-lost activities are // completed. // Note: When power is applied, this value can come up as anything. However, // _plat__WasPowerLost() will provide the proper indication in that case. So, when // power is actually lost, we get the correct answer. When power was not lost, but // the power-lost processing has not been completed before the next _TPM_Init(), // then the TPM still does the correct thing. EXTERN BOOL g_powerWasLost; //*** g_clearOrderly // This flag indicates if the execution of a command should cause the orderly // state to be cleared. This flag is set to FALSE at the beginning of each // command in ExecuteCommand() and is checked in ExecuteCommand() after the // detailed actions of a command complete but before the check of // 'g_updateNV'. If this flag is TRUE, and the orderly state is not // SU_NONE_VALUE, then the orderly state in NV memory will be changed to // SU_NONE_VALUE or SU_DA_USED_VALUE. EXTERN BOOL g_clearOrderly; //*** g_prevOrderlyState // This location indicates how the TPM was shut down before the most recent // TPM2_Startup(). This value, along with the startup type, determines if // the TPM should do a TPM Reset, TPM Restart, or TPM Resume. EXTERN TPM_SU g_prevOrderlyState; //*** g_nvOk // This value indicates if the NV integrity check was successful or not. If not and // the failure was severe, then the TPM would have been put into failure mode after // it had been re-manufactured. If the NV failure was in the area where the state-save // data is kept, then this variable will have a value of FALSE indicating that // a TPM2_Startup(CLEAR) is required. EXTERN BOOL g_nvOk; // NV availability is sampled as the start of each command and stored here // so that its value remains consistent during the command execution EXTERN TPM_RC g_NvStatus; #ifdef VENDOR_PERMANENT //*** g_platformUnique // This location contains the unique value(s) used to identify the TPM. It is // loaded on every _TPM2_Startup() // The first value is used to seed the RNG. The second value is used as a vendor // authValue. The value used by the RNG would be the value derived from the // chip unique value (such as fused) with a dependency on the authorities of the // code in the TPM boot path. The second would be derived from the chip unique value // with a dependency on the details of the code in the boot path. That is, the // first value depends on the various signers of the code and the second depends on // what was signed. The TPM vendor should not be able to know the first value but // they are expected to know the second. EXTERN TPM2B_AUTH g_platformUniqueAuthorities; // Reserved for RNG EXTERN TPM2B_AUTH g_platformUniqueDetails; // referenced by VENDOR_PERMANENT #endif //********************************************************************************* //********************************************************************************* //** Persistent Global Values //********************************************************************************* //********************************************************************************* //*** Description // The values in this section are global values that are persistent across power // events. The lifetime of the values determines the structure in which the value // is placed. //********************************************************************************* //*** PERSISTENT_DATA //********************************************************************************* // This structure holds the persistent values that only change as a consequence // of a specific Protected Capability and are not affected by TPM power events // (TPM2_Startup() or TPM2_Shutdown(). typedef struct { //********************************************************************************* // Hierarchy //********************************************************************************* // The values in this section are related to the hierarchies. BOOL disableClear; // TRUE if TPM2_Clear() using // lockoutAuth is disabled // Hierarchy authPolicies TPMI_ALG_HASH ownerAlg; TPMI_ALG_HASH endorsementAlg; TPMI_ALG_HASH lockoutAlg; TPM2B_DIGEST ownerPolicy; TPM2B_DIGEST endorsementPolicy; TPM2B_DIGEST lockoutPolicy; // Hierarchy authValues TPM2B_AUTH ownerAuth; TPM2B_AUTH endorsementAuth; TPM2B_AUTH lockoutAuth; // Primary Seeds TPM2B_SEED EPSeed; TPM2B_SEED SPSeed; TPM2B_SEED PPSeed; // Note there is a nullSeed in the state_reset memory. // Hierarchy proofs TPM2B_PROOF phProof; TPM2B_PROOF shProof; TPM2B_PROOF ehProof; // Note there is a nullProof in the state_reset memory. //********************************************************************************* // Reset Events //********************************************************************************* // A count that increments at each TPM reset and never get reset during the life // time of TPM. The value of this counter is initialized to 1 during TPM // manufacture process. It is used to invalidate all saved contexts after a TPM // Reset. UINT64 totalResetCount; // This counter increments on each TPM Reset. The counter is reset by // TPM2_Clear(). UINT32 resetCount; //********************************************************************************* // PCR //********************************************************************************* // This structure hold the policies for those PCR that have an update policy. // This implementation only supports a single group of PCR controlled by // policy. If more are required, then this structure would be changed to // an array. #if defined NUM_POLICY_PCR_GROUP && NUM_POLICY_PCR_GROUP > 0 PCR_POLICY pcrPolicies; #endif // This structure indicates the allocation of PCR. The structure contains a // list of PCR allocations for each implemented algorithm. If no PCR are // allocated for an algorithm, a list entry still exists but the bit map // will contain no SET bits. TPML_PCR_SELECTION pcrAllocated; //********************************************************************************* // Physical Presence //********************************************************************************* // The PP_LIST type contains a bit map of the commands that require physical // to be asserted when the authorization is evaluated. Physical presence will be // checked if the corresponding bit in the array is SET and if the authorization // handle is TPM_RH_PLATFORM. // // These bits may be changed with TPM2_PP_Commands(). BYTE ppList[(COMMAND_COUNT + 7) / 8]; //********************************************************************************* // Dictionary attack values //********************************************************************************* // These values are used for dictionary attack tracking and control. UINT32 failedTries; // the current count of unexpired // authorization failures UINT32 maxTries; // number of unexpired authorization // failures before the TPM is in // lockout UINT32 recoveryTime; // time between authorization failures // before failedTries is decremented UINT32 lockoutRecovery; // time that must expire between // authorization failures associated // with lockoutAuth BOOL lockOutAuthEnabled; // TRUE if use of lockoutAuth is // allowed //***************************************************************************** // Orderly State //***************************************************************************** // The orderly state for current cycle TPM_SU orderlyState; //***************************************************************************** // Command audit values. //***************************************************************************** BYTE auditCommands[((COMMAND_COUNT + 1) + 7) / 8]; TPMI_ALG_HASH auditHashAlg; UINT64 auditCounter; //***************************************************************************** // Algorithm selection //***************************************************************************** // // The 'algorithmSet' value indicates the collection of algorithms that are // currently in used on the TPM. The interpretation of value is vendor dependent. UINT32 algorithmSet; //***************************************************************************** // Firmware version //***************************************************************************** // The firmwareV1 and firmwareV2 values are instanced in TimeStamp.c. This is // a scheme used in development to allow determination of the linker build time // of the TPM. An actual implementation would implement these values in a way that // is consistent with vendor needs. The values are maintained in RAM for simplified // access with a master version in NV. These values are modified in a // vendor-specific way. // g_firmwareV1 contains the more significant 32-bits of the vendor version number. // In the reference implementation, if this value is printed as a hex // value, it will have the format of YYYYMMDD UINT32 firmwareV1; // g_firmwareV1 contains the less significant 32-bits of the vendor version number. // In the reference implementation, if this value is printed as a hex // value, it will have the format of 00 HH MM SS UINT32 firmwareV2; //***************************************************************************** // Timer Epoch //***************************************************************************** // timeEpoch contains a nonce that has a vendor=specific size (should not be // less than 8 bytes. This nonce changes when the clock epoch changes. The clock // epoch changes when there is a discontinuity in the timing of the TPM. #if !CLOCK_STOPS CLOCK_NONCE timeEpoch; #endif } PERSISTENT_DATA; EXTERN PERSISTENT_DATA gp; //********************************************************************************* //********************************************************************************* //*** ORDERLY_DATA //********************************************************************************* //********************************************************************************* // The data in this structure is saved to NV on each TPM2_Shutdown(). typedef struct orderly_data { //***************************************************************************** // TIME //***************************************************************************** // Clock has two parts. One is the state save part and one is the NV part. The // state save version is updated on each command. When the clock rolls over, the // NV version is updated. When the TPM starts up, if the TPM was shutdown in and // orderly way, then the sClock value is used to initialize the clock. If the // TPM shutdown was not orderly, then the persistent value is used and the safe // attribute is clear. UINT64 clock; // The orderly version of clock TPMI_YES_NO clockSafe; // Indicates if the clock value is // safe. // In many implementations, the quality of the entropy available is not that // high. To compensate, the current value of the drbgState can be saved and // restored on each power cycle. This prevents the internal state from reverting // to the initial state on each power cycle and starting with a limited amount // of entropy. By keeping the old state and adding entropy, the entropy will // accumulate. DRBG_STATE drbgState; // These values allow the accumulation of self-healing time across orderly shutdown // of the TPM. #if ACCUMULATE_SELF_HEAL_TIMER UINT64 selfHealTimer; // current value of s_selfHealTimer UINT64 lockoutTimer; // current value of s_lockoutTimer UINT64 time; // current value of g_time at shutdown #endif // ACCUMULATE_SELF_HEAL_TIMER } ORDERLY_DATA; #if ACCUMULATE_SELF_HEAL_TIMER #define s_selfHealTimer go.selfHealTimer #define s_lockoutTimer go.lockoutTimer #endif // ACCUMULATE_SELF_HEAL_TIMER # define drbgDefault go.drbgState EXTERN ORDERLY_DATA go; //********************************************************************************* //********************************************************************************* //*** STATE_CLEAR_DATA //********************************************************************************* //********************************************************************************* // This structure contains the data that is saved on Shutdown(STATE) // and restored on Startup(STATE). The values are set to their default // settings on any Startup(Clear). In other words, the data is only persistent // across TPM Resume. // // If the comments associated with a parameter indicate a default reset value, the // value is applied on each Startup(CLEAR). typedef struct state_clear_data { //***************************************************************************** // Hierarchy Control //***************************************************************************** BOOL shEnable; // default reset is SET BOOL ehEnable; // default reset is SET BOOL phEnableNV; // default reset is SET TPMI_ALG_HASH platformAlg; // default reset is TPM_ALG_NULL TPM2B_DIGEST platformPolicy; // default reset is an Empty Buffer TPM2B_AUTH platformAuth; // default reset is an Empty Buffer //***************************************************************************** // PCR //***************************************************************************** // The set of PCR to be saved on Shutdown(STATE) PCR_SAVE pcrSave; // default reset is 0...0 // This structure hold the authorization values for those PCR that have an // update authorization. // This implementation only supports a single group of PCR controlled by // authorization. If more are required, then this structure would be changed to // an array. PCR_AUTHVALUE pcrAuthValues; } STATE_CLEAR_DATA; EXTERN STATE_CLEAR_DATA gc; //********************************************************************************* //********************************************************************************* //*** State Reset Data //********************************************************************************* //********************************************************************************* // This structure contains data is that is saved on Shutdown(STATE) and restored on // the subsequent Startup(ANY). That is, the data is preserved across TPM Resume // and TPM Restart. // // If a default value is specified in the comments this value is applied on // TPM Reset. typedef struct state_reset_data { //***************************************************************************** // Hierarchy Control //***************************************************************************** TPM2B_PROOF nullProof; // The proof value associated with // the TPM_RH_NULL hierarchy. The // default reset value is from the RNG. TPM2B_SEED nullSeed; // The seed value for the TPM_RN_NULL // hierarchy. The default reset value // is from the RNG. //***************************************************************************** // Context //***************************************************************************** // The 'clearCount' counter is incremented each time the TPM successfully executes // a TPM Resume. The counter is included in each saved context that has 'stClear' // SET (including descendants of keys that have 'stClear' SET). This prevents these // objects from being loaded after a TPM Resume. // If 'clearCount' is at its maximum value when the TPM receives a Shutdown(STATE), // the TPM will return TPM_RC_RANGE and the TPM will only accept Shutdown(CLEAR). UINT32 clearCount; // The default reset value is 0. UINT64 objectContextID; // This is the context ID for a saved // object context. The default reset // value is 0. #ifndef NDEBUG #undef CONTEXT_SLOT #define CONTEXT_SLOT BYTE #endif CONTEXT_SLOT contextArray[MAX_ACTIVE_SESSIONS]; // This array contains // contains the values used to track // the version numbers of saved // contexts (see // Session.c in for details). The // default reset value is {0}. CONTEXT_COUNTER contextCounter; // This is the value from which the // 'contextID' is derived. The // default reset value is {0}. //***************************************************************************** // Command Audit //***************************************************************************** // When an audited command completes, ExecuteCommand() checks the return // value. If it is TPM_RC_SUCCESS, and the command is an audited command, the // TPM will extend the cpHash and rpHash for the command to this value. If this // digest was the Zero Digest before the cpHash was extended, the audit counter // is incremented. TPM2B_DIGEST commandAuditDigest; // This value is set to an Empty Digest // by TPM2_GetCommandAuditDigest() or a // TPM Reset. //***************************************************************************** // Boot counter //***************************************************************************** UINT32 restartCount; // This counter counts TPM Restarts. // The default reset value is 0. //********************************************************************************* // PCR //********************************************************************************* // This counter increments whenever the PCR are updated. This counter is preserved // across TPM Resume even though the PCR are not preserved. This is because // sessions remain active across TPM Restart and the count value in the session // is compared to this counter so this counter must have values that are unique // as long as the sessions are active. // NOTE: A platform-specific specification may designate that certain PCR changes // do not increment this counter to increment. UINT32 pcrCounter; // The default reset value is 0. #if ALG_ECC //***************************************************************************** // ECDAA //***************************************************************************** UINT64 commitCounter; // This counter increments each time // TPM2_Commit() returns // TPM_RC_SUCCESS. The default reset // value is 0. TPM2B_NONCE commitNonce; // This random value is used to compute // the commit values. The default reset // value is from the RNG. // This implementation relies on the number of bits in g_commitArray being a // power of 2 (8, 16, 32, 64, etc.) and no greater than 64K. BYTE commitArray[16]; // The default reset value is {0}. #endif // ALG_ECC } STATE_RESET_DATA; EXTERN STATE_RESET_DATA gr; //** NV Layout // The NV data organization is // 1) a PERSISTENT_DATA structure // 2) a STATE_RESET_DATA structure // 3) a STATE_CLEAR_DATA structure // 4) an ORDERLY_DATA structure // 5) the user defined NV index space #define NV_PERSISTENT_DATA (0) #define NV_STATE_RESET_DATA (NV_PERSISTENT_DATA + sizeof(PERSISTENT_DATA)) #define NV_STATE_CLEAR_DATA (NV_STATE_RESET_DATA + sizeof(STATE_RESET_DATA)) #define NV_ORDERLY_DATA (NV_STATE_CLEAR_DATA + sizeof(STATE_CLEAR_DATA)) #define NV_INDEX_RAM_DATA (NV_ORDERLY_DATA + sizeof(ORDERLY_DATA)) #define NV_USER_DYNAMIC (NV_INDEX_RAM_DATA + sizeof(s_indexOrderlyRam)) #define NV_USER_DYNAMIC_END NV_MEMORY_SIZE //** Global Macro Definitions // The NV_READ_PERSISTENT and NV_WRITE_PERSISTENT macros are used to access members // of the PERSISTENT_DATA structure in NV. #define NV_READ_PERSISTENT(to, from) \ NvRead(&to, offsetof(PERSISTENT_DATA, from), sizeof(to)) #define NV_WRITE_PERSISTENT(to, from) \ NvWrite(offsetof(PERSISTENT_DATA, to), sizeof(gp.to), &from) #define CLEAR_PERSISTENT(item) \ NvClearPersistent(offsetof(PERSISTENT_DATA, item), sizeof(gp.item)) #define NV_SYNC_PERSISTENT(item) NV_WRITE_PERSISTENT(item, gp.item) // At the start of command processing, the index of the command is determined. This // index value is used to access the various data tables that contain per-command // information. There are multiple options for how the per-command tables can be // implemented. This is resolved in GetClosestCommandIndex(). typedef UINT16 COMMAND_INDEX; #define UNIMPLEMENTED_COMMAND_INDEX ((COMMAND_INDEX)(~0)) typedef struct _COMMAND_FLAGS_ { unsigned trialPolicy : 1; //1) If SET, one of the handles references a // trial policy and authorization may be // skipped. This is only allowed for a policy // command. } COMMAND_FLAGS; // This structure is used to avoid having to manage a large number of // parameters being passed through various levels of the command input processing. // typedef struct _COMMAND_ { TPM_ST tag; // the parsed command tag TPM_CC code; // the parsed command code COMMAND_INDEX index; // the computed command index UINT32 handleNum; // the number of entity handles in the // handle area of the command TPM_HANDLE handles[MAX_HANDLE_NUM]; // the parsed handle values UINT32 sessionNum; // the number of sessions found INT32 parameterSize; // starts out with the parsed command size // and is reduced and values are // unmarshaled. Just before calling the // command actions, this should be zero. // After the command actions, this number // should grow as values are marshaled // in to the response buffer. INT32 authSize; // this is initialized with the parsed size // of authorizationSize field and should // be zero when the authorizations are // parsed. BYTE *parameterBuffer; // input to ExecuteCommand BYTE *responseBuffer; // input to ExecuteCommand #if ALG_SHA1 TPM2B_SHA1_DIGEST sha1CpHash; TPM2B_SHA1_DIGEST sha1RpHash; #endif #if ALG_SHA256 TPM2B_SHA256_DIGEST sha256CpHash; TPM2B_SHA256_DIGEST sha256RpHash; #endif #if ALG_SHA384 TPM2B_SHA384_DIGEST sha384CpHash; TPM2B_SHA384_DIGEST sha384RpHash; #endif #if ALG_SHA512 TPM2B_SHA512_DIGEST sha512CpHash; TPM2B_SHA512_DIGEST sha512RpHash; #endif #if ALG_SM3_256 TPM2B_SM3_256_DIGEST sm3_256CpHash; TPM2B_SM3_256_DIGEST sm3_256RpHash; #endif } COMMAND; // Global sting constants for consistency in KDF function calls. // These string constants are shared across functions to make sure that they // are all using consistent sting values. #define STRING_INITIALIZER(value) {{sizeof(value), {value}}} #define TPM2B_STRING(name, value) \ typedef union name##_ { \ struct { \ UINT16 size; \ BYTE buffer[sizeof(value)]; \ } t; \ TPM2B b; \ } TPM2B_##name##_; \ EXTERN const TPM2B_##name##_ name##_ INITIALIZER(STRING_INITIALIZER(value)); \ EXTERN const TPM2B *name INITIALIZER(&name##_.b) TPM2B_STRING(PRIMARY_OBJECT_CREATION, "Primary Object Creation"); TPM2B_STRING(CFB_KEY, "CFB"); TPM2B_STRING(CONTEXT_KEY, "CONTEXT"); TPM2B_STRING(INTEGRITY_KEY, "INTEGRITY"); TPM2B_STRING(SECRET_KEY, "SECRET"); TPM2B_STRING(SESSION_KEY, "ATH"); TPM2B_STRING(STORAGE_KEY, "STORAGE"); TPM2B_STRING(XOR_KEY, "XOR"); TPM2B_STRING(COMMIT_STRING, "ECDAA Commit"); TPM2B_STRING(DUPLICATE_STRING, "DUPLICATE"); TPM2B_STRING(IDENTITY_STRING, "IDENTITY"); TPM2B_STRING(OBFUSCATE_STRING, "OBFUSCATE"); #if SELF_TEST TPM2B_STRING(OAEP_TEST_STRING, "OAEP Test Value"); #endif // SELF_TEST //***************************************************************************** //** From CryptTest.c //***************************************************************************** // This structure contains the self-test state values for the cryptographic modules. EXTERN CRYPTO_SELF_TEST_STATE g_cryptoSelfTestState; //***************************************************************************** //** From Manufacture.c //***************************************************************************** EXTERN BOOL g_manufactured INITIALIZER(FALSE); // This value indicates if a TPM2_Startup commands has been // receive since the power on event. This flag is maintained in power // simulation module because this is the only place that may reliably set this // flag to FALSE. EXTERN BOOL g_initialized; //** Private data //***************************************************************************** //*** From SessionProcess.c //***************************************************************************** #if defined SESSION_PROCESS_C || defined GLOBAL_C || defined MANUFACTURE_C // The following arrays are used to save command sessions information so that the // command handle/session buffer does not have to be preserved for the duration of // the command. These arrays are indexed by the session index in accordance with // the order of sessions in the session area of the command. // // Array of the authorization session handles EXTERN TPM_HANDLE s_sessionHandles[MAX_SESSION_NUM]; // Array of authorization session attributes EXTERN TPMA_SESSION s_attributes[MAX_SESSION_NUM]; // Array of handles authorized by the corresponding authorization sessions; // and if none, then TPM_RH_UNASSIGNED value is used EXTERN TPM_HANDLE s_associatedHandles[MAX_SESSION_NUM]; // Array of nonces provided by the caller for the corresponding sessions EXTERN TPM2B_NONCE s_nonceCaller[MAX_SESSION_NUM]; // Array of authorization values (HMAC's or passwords) for the corresponding // sessions EXTERN TPM2B_AUTH s_inputAuthValues[MAX_SESSION_NUM]; // Array of pointers to the SESSION structures for the sessions in a command EXTERN SESSION *s_usedSessions[MAX_SESSION_NUM]; // Special value to indicate an undefined session index #define UNDEFINED_INDEX (0xFFFF) // Index of the session used for encryption of a response parameter EXTERN UINT32 s_encryptSessionIndex; // Index of the session used for decryption of a command parameter EXTERN UINT32 s_decryptSessionIndex; // Index of a session used for audit EXTERN UINT32 s_auditSessionIndex; // The cpHash for command audit #ifdef TPM_CC_GetCommandAuditDigest EXTERN TPM2B_DIGEST s_cpHashForCommandAudit; #endif // Flag indicating if NV update is pending for the lockOutAuthEnabled or // failedTries DA parameter EXTERN BOOL s_DAPendingOnNV; #endif // SESSION_PROCESS_C //***************************************************************************** //*** From DA.c //***************************************************************************** #if defined DA_C || defined GLOBAL_C || defined MANUFACTURE_C // This variable holds the accumulated time since the last time // that 'failedTries' was decremented. This value is in millisecond. #if !ACCUMULATE_SELF_HEAL_TIMER EXTERN UINT64 s_selfHealTimer; // This variable holds the accumulated time that the lockoutAuth has been // blocked. EXTERN UINT64 s_lockoutTimer; #endif // ACCUMULATE_SELF_HEAL_TIMER #endif // DA_C //***************************************************************************** //*** From NV.c //***************************************************************************** #if defined NV_C || defined GLOBAL_C // This marks the end of the NV area. This is a run-time variable as it might // not be compile-time constant. EXTERN NV_REF s_evictNvEnd; // This space is used to hold the index data for an orderly Index. It also contains // the attributes for the index. EXTERN BYTE s_indexOrderlyRam[RAM_INDEX_SPACE]; // The orderly NV Index data // This value contains the current max counter value. It is written to the end of // allocatable NV space each time an index is deleted or added. This value is // initialized on Startup. The indices are searched and the maximum of all the // current counter indices and this value is the initial value for this. EXTERN UINT64 s_maxCounter; // This is space used for the NV Index cache. As with a persistent object, the // contents of a referenced index are copied into the cache so that the // NV Index memory scanning and data copying can be reduced. // Only code that operates on NV Index data should use this cache directly. When // that action code runs, s_lastNvIndex will contain the index header information. // It will have been loaded when the handles were verified. // NOTE: An NV index handle can appear in many commands that do not operate on the // NV data (e.g. TPM2_StartAuthSession). However, only one NV Index at a time is // ever directly referenced by any command. If that changes, then the NV Index // caching needs to be changed to accommodate that. Currently, the code will verify // that only one NV Index is referenced by the handles of the command. EXTERN NV_INDEX s_cachedNvIndex; EXTERN NV_REF s_cachedNvRef; EXTERN BYTE *s_cachedNvRamRef; // Initial NV Index/evict object iterator value #define NV_REF_INIT (NV_REF)0xFFFFFFFF #endif //***************************************************************************** //*** From Object.c //***************************************************************************** #if defined OBJECT_C || defined GLOBAL_C // This type is the container for an object. EXTERN OBJECT s_objects[MAX_LOADED_OBJECTS]; #endif // OBJECT_C //***************************************************************************** //*** From PCR.c //***************************************************************************** #if defined PCR_C || defined GLOBAL_C typedef struct { #if ALG_SHA1 // SHA1 PCR BYTE sha1Pcr[SHA1_DIGEST_SIZE]; #endif #if ALG_SHA256 // SHA256 PCR BYTE sha256Pcr[SHA256_DIGEST_SIZE]; #endif #if ALG_SHA384 // SHA384 PCR BYTE sha384Pcr[SHA384_DIGEST_SIZE]; #endif #if ALG_SHA512 // SHA512 PCR BYTE sha512Pcr[SHA512_DIGEST_SIZE]; #endif #if ALG_SM3_256 // SHA256 PCR BYTE sm3_256Pcr[SM3_256_DIGEST_SIZE]; #endif } PCR; typedef struct { unsigned int stateSave : 1; // if the PCR value should be // saved in state save unsigned int resetLocality : 5; // The locality that the PCR // can be reset unsigned int extendLocality : 5; // The locality that the PCR // can be extend } PCR_Attributes; EXTERN PCR s_pcrs[IMPLEMENTATION_PCR]; #endif // PCR_C //***************************************************************************** //*** From Session.c //***************************************************************************** #if defined SESSION_C || defined GLOBAL_C // Container for HMAC or policy session tracking information typedef struct { BOOL occupied; SESSION session; // session structure } SESSION_SLOT; EXTERN SESSION_SLOT s_sessions[MAX_LOADED_SESSIONS]; // The index in contextArray that has the value of the oldest saved session // context. When no context is saved, this will have a value that is greater // than or equal to MAX_ACTIVE_SESSIONS. EXTERN UINT32 s_oldestSavedSession; // The number of available session slot openings. When this is 1, // a session can't be created or loaded if the GAP is maxed out. // The exception is that the oldest saved session context can always // be loaded (assuming that there is a space in memory to put it) EXTERN int s_freeSessionSlots; #endif // SESSION_C //***************************************************************************** //*** From IoBuffers.c //***************************************************************************** #if defined IO_BUFFER_C || defined GLOBAL_C // Each command function is allowed a structure for the inputs to the function and // a structure for the outputs. The command dispatch code unmarshals the input butter // to the command action input structure starting at the first byte of // s_actionIoBuffer. The value of s_actionIoAllocation is the number of UINT64 values // allocated. It is used to set the pointer for the response structure. The command // dispatch code will marshal the response values into the final output buffer. EXTERN UINT64 s_actionIoBuffer[768]; // action I/O buffer EXTERN UINT32 s_actionIoAllocation; // number of UIN64 allocated for the // action input structure #endif // IO_BUFFER_C //***************************************************************************** //*** From TPMFail.c //***************************************************************************** // This value holds the address of the string containing the name of the function // in which the failure occurred. This address value isn't useful for anything // other than helping the vendor to know in which file the failure occurred. EXTERN BOOL g_inFailureMode; // Indicates that the TPM is in failure mode #if SIMULATION EXTERN BOOL g_forceFailureMode; // flag to force failure mode during test #endif typedef void(FailFunction)(const char *function, int line, int code); #if defined TPM_FAIL_C || defined GLOBAL_C EXTERN UINT32 s_failFunction; EXTERN UINT32 s_failLine; // the line in the file at which // the error was signaled EXTERN UINT32 s_failCode; // the error code used EXTERN FailFunction *LibFailCallback; #endif // TPM_FAIL_C //***************************************************************************** //*** From CommandCodeAttributes.c //***************************************************************************** // This array is instanced in CommandCodeAttributes.c when it includes // CommandCodeAttributes.h. Don't change the extern to EXTERN. extern const TPMA_CC s_ccAttr[]; extern const COMMAND_ATTRIBUTES s_commandAttributes[]; #endif // GLOBAL_H go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/GpMacros.h000066400000000000000000000337731510276467000255300ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Introduction // This file is a collection of miscellaneous macros. #ifndef GP_MACROS_H #define GP_MACROS_H #ifndef NULL #define NULL 0 #endif #include "swap.h" #include "VendorString.h" //** For Self-test // These macros are used in CryptUtil to invoke the incremental self test. #if SELF_TEST # define TEST(alg) if(TEST_BIT(alg, g_toTest)) CryptTestAlgorithm(alg, NULL) // Use of TPM_ALG_NULL is reserved for RSAEP/RSADP testing. If someone is wanting // to test a hash with that value, don't do it. # define TEST_HASH(alg) \ if(TEST_BIT(alg, g_toTest) \ && (alg != ALG_NULL_VALUE)) \ CryptTestAlgorithm(alg, NULL) #else # define TEST(alg) # define TEST_HASH(alg) #endif // SELF_TEST //** For Failures #if defined _POSIX_ # define FUNCTION_NAME 0 #else # define FUNCTION_NAME __FUNCTION__ #endif #if !FAIL_TRACE # define FAIL(errorCode) (TpmFail(errorCode)) # define LOG_FAILURE(errorCode) (TpmLogFailure(errorCode)) #else # define FAIL(errorCode) TpmFail(FUNCTION_NAME, __LINE__, errorCode) # define LOG_FAILURE(errorCode) TpmLogFailure(FUNCTION_NAME, __LINE__, errorCode) #endif // If implementation is using longjmp, then the call to TpmFail() does not return // and the compiler will complain about unreachable code that comes after. To allow // for not having longjmp, TpmFail() will return and the subsequent code will be // executed. This macro accounts for the difference. #ifndef NO_LONGJMP # define FAIL_RETURN(returnCode) # define TPM_FAIL_RETURN NORETURN void #else # define FAIL_RETURN(returnCode) return (returnCode) # define TPM_FAIL_RETURN void #endif // This macro tests that a condition is TRUE and puts the TPM into failure mode // if it is not. If longjmp is being used, then the FAIL(FATAL_ERROR_) macro makes // a call from which there is no return. Otherwise, it returns and the function // will exit with the appropriate return code. #define REQUIRE(condition, errorCode, returnCode) \ { \ if(!!(condition)) \ { \ FAIL(FATAL_ERROR_errorCode); \ FAIL_RETURN(returnCode); \ } \ } #define PARAMETER_CHECK(condition, returnCode) \ REQUIRE((condition), PARAMETER, returnCode) #if (defined EMPTY_ASSERT) && (EMPTY_ASSERT != NO) # define pAssert(a) ((void)0) #else # define pAssert(a) {if(!(a)) FAIL(FATAL_ERROR_PARAMETER);} #endif //** Derived from Vendor-specific values // Values derived from vendor specific settings in TpmProfile.h #define PCR_SELECT_MIN ((PLATFORM_PCR+7)/8) #define PCR_SELECT_MAX ((IMPLEMENTATION_PCR+7)/8) #define MAX_ORDERLY_COUNT ((1 << ORDERLY_BITS) - 1) //** Compile-time Checks // In some cases, the relationship between two values may be dependent // on things that change based on various selections like the chosen cryptographic // libraries. It is possible that these selections will result in incompatible // settings. These are often detectable by the compiler but it isn't always // possible to do the check in the preprocessor code. For example, when the // check requires use of "sizeof" then the preprocessor can't do the comparison. // For these cases, we include a special macro that, depending on the compiler // will generate a warning to indicate if the check always passes or always fails // because it involves fixed constants. To run these checks, define COMPILER_CHECKS // in TpmBuildSwitches.h #if COMPILER_CHECKS # define cAssert pAssert #else # define cAssert(value) #endif // This is used commonly in the "Crypt" code as a way to keep listings from // getting too long. This is not to save paper but to allow one to see more // useful stuff on the screen at any given time. #define ERROR_RETURN(returnCode) \ { \ retVal = returnCode; \ goto Exit; \ } #ifndef MAX # define MAX(a, b) ((a) > (b) ? (a) : (b)) #endif #ifndef MIN # define MIN(a, b) ((a) < (b) ? (a) : (b)) #endif #ifndef IsOdd # define IsOdd(a) (((a) & 1) != 0) #endif #ifndef BITS_TO_BYTES # define BITS_TO_BYTES(bits) (((bits) + 7) >> 3) #endif // These are defined for use when the size of the vector being checked is known // at compile time. #define TEST_BIT(bit, vector) TestBit((bit), (BYTE *)&(vector), sizeof(vector)) #define SET_BIT(bit, vector) SetBit((bit), (BYTE *)&(vector), sizeof(vector)) #define CLEAR_BIT(bit, vector) ClearBit((bit), (BYTE *)&(vector), sizeof(vector)) // The following definitions are used if they have not already been defined. The // defaults for these settings are compatible with ISO/IEC 9899:2011 (E) #ifndef LIB_EXPORT # define LIB_EXPORT # define LIB_IMPORT #endif #ifndef NORETURN # define NORETURN _Noreturn #endif #ifndef NOT_REFERENCED # define NOT_REFERENCED(x = x) ((void) (x)) #endif #define STD_RESPONSE_HEADER (sizeof(TPM_ST) + sizeof(UINT32) + sizeof(TPM_RC)) #define JOIN(x, y) x##y #define JOIN3(x, y, z) x##y##z #define CONCAT(x, y) JOIN(x, y) #define CONCAT3(x, y, z) JOIN3(x,y,z) // If CONTEXT_INTEGRITY_HASH_ALG is defined, then the vendor is using the old style // table. Otherwise, pick the "strongest" implemented hash algorithm as the context // hash. #ifndef CONTEXT_HASH_ALGORITHM # if defined ALG_SHA512 && ALG_SHA512 == YES # define CONTEXT_HASH_ALGORITHM SHA512 # elif defined ALG_SHA384 && ALG_SHA384 == YES # define CONTEXT_HASH_ALGORITHM SHA384 # elif defined ALG_SHA256 && ALG_SHA256 == YES # define CONTEXT_HASH_ALGORITHM SHA256 # elif defined ALG_SM3_256 && ALG_SM3_256 == YES # define CONTEXT_HASH_ALGORITHM SM3_256 # elif defined ALG_SHA1 && ALG_SHA1 == YES # define CONTEXT_HASH_ALGORITHM SHA1 # endif # define CONTEXT_INTEGRITY_HASH_ALG CONCAT(TPM_ALG_, CONTEXT_HASH_ALGORITHM) #endif #ifndef CONTEXT_INTEGRITY_HASH_SIZE #define CONTEXT_INTEGRITY_HASH_SIZE CONCAT(CONTEXT_HASH_ALGORITHM, _DIGEST_SIZE) #endif #if ALG_RSA #define RSA_SECURITY_STRENGTH (MAX_RSA_KEY_BITS >= 15360 ? 256 : \ (MAX_RSA_KEY_BITS >= 7680 ? 192 : \ (MAX_RSA_KEY_BITS >= 3072 ? 128 : \ (MAX_RSA_KEY_BITS >= 2048 ? 112 : \ (MAX_RSA_KEY_BITS >= 1024 ? 80 : 0))))) #else #define RSA_SECURITY_STRENGTH 0 #endif // ALG_RSA #if ALG_ECC #define ECC_SECURITY_STRENGTH (MAX_ECC_KEY_BITS >= 521 ? 256 : \ (MAX_ECC_KEY_BITS >= 384 ? 192 : \ (MAX_ECC_KEY_BITS >= 256 ? 128 : 0))) #else #define ECC_SECURITY_STRENGTH 0 #endif // ALG_ECC #define MAX_ASYM_SECURITY_STRENGTH \ MAX(RSA_SECURITY_STRENGTH, ECC_SECURITY_STRENGTH) #define MAX_HASH_SECURITY_STRENGTH ((CONTEXT_INTEGRITY_HASH_SIZE * 8) / 2) // Unless some algorithm is broken... #define MAX_SYM_SECURITY_STRENGTH MAX_SYM_KEY_BITS #define MAX_SECURITY_STRENGTH_BITS \ MAX(MAX_ASYM_SECURITY_STRENGTH, \ MAX(MAX_SYM_SECURITY_STRENGTH, \ MAX_HASH_SECURITY_STRENGTH)) // This is the size that was used before the 1.38 errata requiring that P1.14.4 be // followed #define PROOF_SIZE CONTEXT_INTEGRITY_HASH_SIZE // As required by P1.14.4 #define COMPLIANT_PROOF_SIZE \ (MAX(CONTEXT_INTEGRITY_HASH_SIZE, (2 * MAX_SYM_KEY_BYTES))) // As required by P1.14.3.1 #define COMPLIANT_PRIMARY_SEED_SIZE \ BITS_TO_BYTES(MAX_SECURITY_STRENGTH_BITS * 2) // This is the pre-errata version #ifndef PRIMARY_SEED_SIZE # define PRIMARY_SEED_SIZE PROOF_SIZE #endif #if USE_SPEC_COMPLIANT_PROOFS # undef PROOF_SIZE # define PROOF_SIZE COMPLIANT_PROOF_SIZE # undef PRIMARY_SEED_SIZE # define PRIMARY_SEED_SIZE COMPLIANT_PRIMARY_SEED_SIZE #endif // USE_SPEC_COMPLIANT_PROOFS #if !SKIP_PROOF_ERRORS # if PROOF_SIZE < COMPLIANT_PROOF_SIZE # error "PROOF_SIZE is not compliant with TPM specification" # endif # if PRIMARY_SEED_SIZE < COMPLIANT_PRIMARY_SEED_SIZE # error Non-compliant PRIMARY_SEED_SIZE # endif #endif // !SKIP_PROOF_ERRORS // If CONTEXT_ENCRYPT_ALG is defined, then the vendor is using the old style table #if defined CONTEXT_ENCRYPT_ALG # undef CONTEXT_ENCRYPT_ALGORITHM # if CONTEXT_ENCRYPT_ALG == ALG_AES_VALUE # define CONTEXT_ENCRYPT_ALGORITHM AES # elif CONTEXT_ENCRYPT_ALG == ALG_SM4_VALUE # define CONTEXT_ENCRYPT_ALGORITHM SM4 # elif CONTEXT_ENCRYPT_ALG == ALG_CAMELLIA_VALUE # define CONTEXT_ENCRYPT_ALGORITHM CAMELLIA # elif CONTEXT_ENCRYPT_ALG == ALG_TDES_VALUE # error Are you kidding? # else # error Unknown value for CONTEXT_ENCRYPT_ALG # endif // CONTEXT_ENCRYPT_ALG == ALG_AES_VALUE #else # define CONTEXT_ENCRYPT_ALG \ CONCAT3(ALG_, CONTEXT_ENCRYPT_ALGORITHM, _VALUE) #endif // CONTEXT_ENCRYPT_ALG #define CONTEXT_ENCRYPT_KEY_BITS \ CONCAT(CONTEXT_ENCRYPT_ALGORITHM, _MAX_KEY_SIZE_BITS) #define CONTEXT_ENCRYPT_KEY_BYTES ((CONTEXT_ENCRYPT_KEY_BITS+7)/8) // This is updated to follow the requirement of P2 that the label not be larger // than 32 bytes. #ifndef LABEL_MAX_BUFFER #define LABEL_MAX_BUFFER MIN(32, MAX(MAX_ECC_KEY_BYTES, MAX_DIGEST_SIZE)) #endif // This bit is used to indicate that an authorization ticket expires on TPM Reset // and TPM Restart. It is added to the timeout value returned by TPM2_PoliySigned() // and TPM2_PolicySecret() and used by TPM2_PolicyTicket(). The timeout value is // relative to Time (g_time). Time is reset whenever the TPM loses power and cannot // be moved forward by the user (as can Clock). 'g_time' is a 64-bit value expressing // time in ms. Stealing the MSb for a flag means that the TPM needs to be reset // at least once every 292,471,208 years rather than once every 584,942,417 years. #define EXPIRATION_BIT ((UINT64)1 << 63) // Check for consistency of the bit ordering of bit fields #if BIG_ENDIAN_TPM && MOST_SIGNIFICANT_BIT_0 && USE_BIT_FIELD_STRUCTURES # error "Settings not consistent" #endif // These macros are used to handle the variation in handling of bit fields. If #if USE_BIT_FIELD_STRUCTURES // The default, old version, with bit fields # define IS_ATTRIBUTE(a, type, b) ((a.b) != 0) # define SET_ATTRIBUTE(a, type, b) (a.b = SET) # define CLEAR_ATTRIBUTE(a, type, b) (a.b = CLEAR) # define GET_ATTRIBUTE(a, type, b) (a.b) # define TPMA_ZERO_INITIALIZER() {0} #else # define IS_ATTRIBUTE(a, type, b) ((a & type##_##b) != 0) # define SET_ATTRIBUTE(a, type, b) (a |= type##_##b) # define CLEAR_ATTRIBUTE(a, type, b) (a &= ~type##_##b) # define GET_ATTRIBUTE(a, type, b) \ (type)((a & type##_##b) >> type##_##b##_SHIFT) # define TPMA_ZERO_INITIALIZER() (0) #endif #define VERIFY(_X) if(!(_X)) goto Error #endif // GP_MACROS_Hgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/HandleProcess.h000066400000000000000000001251251510276467000265400ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmDispatch; Version 4.0 July 8,2017 * Date: Oct 9, 2018 Time: 07:25:19PM */ #if CC_Startup case TPM_CC_Startup: break; #endif // CC_Startup #if CC_Shutdown case TPM_CC_Shutdown: break; #endif // CC_Shutdown #if CC_SelfTest case TPM_CC_SelfTest: break; #endif // CC_SelfTest #if CC_IncrementalSelfTest case TPM_CC_IncrementalSelfTest: break; #endif // CC_IncrementalSelfTest #if CC_GetTestResult case TPM_CC_GetTestResult: break; #endif // CC_GetTestResult #if CC_StartAuthSession case TPM_CC_StartAuthSession: *handleCount = 2; result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize, TRUE); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; result = TPMI_DH_ENTITY_Unmarshal(&handles[1], handleBufferStart, bufferRemainingSize, TRUE); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; break; #endif // CC_StartAuthSession #if CC_PolicyRestart case TPM_CC_PolicyRestart: *handleCount = 1; result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_PolicyRestart #if CC_Create case TPM_CC_Create: *handleCount = 1; result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize, FALSE); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_Create #if CC_Load case TPM_CC_Load: *handleCount = 1; result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize, FALSE); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_Load #if CC_LoadExternal case TPM_CC_LoadExternal: break; #endif // CC_LoadExternal #if CC_ReadPublic case TPM_CC_ReadPublic: *handleCount = 1; result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize, FALSE); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_ReadPublic #if CC_ActivateCredential case TPM_CC_ActivateCredential: *handleCount = 2; result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize, FALSE); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; result = TPMI_DH_OBJECT_Unmarshal(&handles[1], handleBufferStart, bufferRemainingSize, FALSE); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; break; #endif // CC_ActivateCredential #if CC_MakeCredential case TPM_CC_MakeCredential: *handleCount = 1; result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize, FALSE); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_MakeCredential #if CC_Unseal case TPM_CC_Unseal: *handleCount = 1; result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize, FALSE); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_Unseal #if CC_ObjectChangeAuth case TPM_CC_ObjectChangeAuth: *handleCount = 2; result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize, FALSE); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; result = TPMI_DH_OBJECT_Unmarshal(&handles[1], handleBufferStart, bufferRemainingSize, FALSE); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; break; #endif // CC_ObjectChangeAuth #if CC_CreateLoaded case TPM_CC_CreateLoaded: *handleCount = 1; result = TPMI_DH_PARENT_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize, TRUE); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_CreateLoaded #if CC_Duplicate case TPM_CC_Duplicate: *handleCount = 2; result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize, FALSE); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; result = TPMI_DH_OBJECT_Unmarshal(&handles[1], handleBufferStart, bufferRemainingSize, TRUE); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; break; #endif // CC_Duplicate #if CC_Rewrap case TPM_CC_Rewrap: *handleCount = 2; result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize, TRUE); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; result = TPMI_DH_OBJECT_Unmarshal(&handles[1], handleBufferStart, bufferRemainingSize, TRUE); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; break; #endif // CC_Rewrap #if CC_Import case TPM_CC_Import: *handleCount = 1; result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize, FALSE); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_Import #if CC_RSA_Encrypt case TPM_CC_RSA_Encrypt: *handleCount = 1; result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize, FALSE); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_RSA_Encrypt #if CC_RSA_Decrypt case TPM_CC_RSA_Decrypt: *handleCount = 1; result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize, FALSE); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_RSA_Decrypt #if CC_ECDH_KeyGen case TPM_CC_ECDH_KeyGen: *handleCount = 1; result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize, FALSE); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_ECDH_KeyGen #if CC_ECDH_ZGen case TPM_CC_ECDH_ZGen: *handleCount = 1; result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize, FALSE); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_ECDH_ZGen #if CC_ECC_Parameters case TPM_CC_ECC_Parameters: break; #endif // CC_ECC_Parameters #if CC_ZGen_2Phase case TPM_CC_ZGen_2Phase: *handleCount = 1; result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize, FALSE); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_ZGen_2Phase #if CC_EncryptDecrypt case TPM_CC_EncryptDecrypt: *handleCount = 1; result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize, FALSE); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_EncryptDecrypt #if CC_EncryptDecrypt2 case TPM_CC_EncryptDecrypt2: *handleCount = 1; result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize, FALSE); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_EncryptDecrypt2 #if CC_Hash case TPM_CC_Hash: break; #endif // CC_Hash #if CC_HMAC case TPM_CC_HMAC: *handleCount = 1; result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize, FALSE); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_HMAC #if CC_MAC case TPM_CC_MAC: *handleCount = 1; result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize, FALSE); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_MAC #if CC_GetRandom case TPM_CC_GetRandom: break; #endif // CC_GetRandom #if CC_StirRandom case TPM_CC_StirRandom: break; #endif // CC_StirRandom #if CC_HMAC_Start case TPM_CC_HMAC_Start: *handleCount = 1; result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize, FALSE); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_HMAC_Start #if CC_MAC_Start case TPM_CC_MAC_Start: *handleCount = 1; result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize, FALSE); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_MAC_Start #if CC_HashSequenceStart case TPM_CC_HashSequenceStart: break; #endif // CC_HashSequenceStart #if CC_SequenceUpdate case TPM_CC_SequenceUpdate: *handleCount = 1; result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize, FALSE); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_SequenceUpdate #if CC_SequenceComplete case TPM_CC_SequenceComplete: *handleCount = 1; result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize, FALSE); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_SequenceComplete #if CC_EventSequenceComplete case TPM_CC_EventSequenceComplete: *handleCount = 2; result = TPMI_DH_PCR_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize, TRUE); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; result = TPMI_DH_OBJECT_Unmarshal(&handles[1], handleBufferStart, bufferRemainingSize, FALSE); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; break; #endif // CC_EventSequenceComplete #if CC_Certify case TPM_CC_Certify: *handleCount = 2; result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize, FALSE); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; result = TPMI_DH_OBJECT_Unmarshal(&handles[1], handleBufferStart, bufferRemainingSize, TRUE); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; break; #endif // CC_Certify #if CC_CertifyCreation case TPM_CC_CertifyCreation: *handleCount = 2; result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize, TRUE); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; result = TPMI_DH_OBJECT_Unmarshal(&handles[1], handleBufferStart, bufferRemainingSize, FALSE); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; break; #endif // CC_CertifyCreation #if CC_Quote case TPM_CC_Quote: *handleCount = 1; result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize, TRUE); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_Quote #if CC_GetSessionAuditDigest case TPM_CC_GetSessionAuditDigest: *handleCount = 3; result = TPMI_RH_ENDORSEMENT_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize, FALSE); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; result = TPMI_DH_OBJECT_Unmarshal(&handles[1], handleBufferStart, bufferRemainingSize, TRUE); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; result = TPMI_SH_HMAC_Unmarshal(&handles[2], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_3; break; #endif // CC_GetSessionAuditDigest #if CC_GetCommandAuditDigest case TPM_CC_GetCommandAuditDigest: *handleCount = 2; result = TPMI_RH_ENDORSEMENT_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize, FALSE); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; result = TPMI_DH_OBJECT_Unmarshal(&handles[1], handleBufferStart, bufferRemainingSize, TRUE); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; break; #endif // CC_GetCommandAuditDigest #if CC_GetTime case TPM_CC_GetTime: *handleCount = 2; result = TPMI_RH_ENDORSEMENT_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize, FALSE); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; result = TPMI_DH_OBJECT_Unmarshal(&handles[1], handleBufferStart, bufferRemainingSize, TRUE); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; break; #endif // CC_GetTime #if CC_CertifyX509 case TPM_CC_CertifyX509: *handleCount = 2; result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize, FALSE); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; result = TPMI_DH_OBJECT_Unmarshal(&handles[1], handleBufferStart, bufferRemainingSize, TRUE); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; break; #endif // CC_CertifyX509 #if CC_Commit case TPM_CC_Commit: *handleCount = 1; result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize, FALSE); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_Commit #if CC_EC_Ephemeral case TPM_CC_EC_Ephemeral: break; #endif // CC_EC_Ephemeral #if CC_VerifySignature case TPM_CC_VerifySignature: *handleCount = 1; result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize, FALSE); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_VerifySignature #if CC_Sign case TPM_CC_Sign: *handleCount = 1; result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize, FALSE); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_Sign #if CC_SetCommandCodeAuditStatus case TPM_CC_SetCommandCodeAuditStatus: *handleCount = 1; result = TPMI_RH_PROVISION_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_SetCommandCodeAuditStatus #if CC_PCR_Extend case TPM_CC_PCR_Extend: *handleCount = 1; result = TPMI_DH_PCR_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize, TRUE); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_PCR_Extend #if CC_PCR_Event case TPM_CC_PCR_Event: *handleCount = 1; result = TPMI_DH_PCR_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize, TRUE); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_PCR_Event #if CC_PCR_Read case TPM_CC_PCR_Read: break; #endif // CC_PCR_Read #if CC_PCR_Allocate case TPM_CC_PCR_Allocate: *handleCount = 1; result = TPMI_RH_PLATFORM_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_PCR_Allocate #if CC_PCR_SetAuthPolicy case TPM_CC_PCR_SetAuthPolicy: *handleCount = 1; result = TPMI_RH_PLATFORM_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_PCR_SetAuthPolicy #if CC_PCR_SetAuthValue case TPM_CC_PCR_SetAuthValue: *handleCount = 1; result = TPMI_DH_PCR_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize, FALSE); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_PCR_SetAuthValue #if CC_PCR_Reset case TPM_CC_PCR_Reset: *handleCount = 1; result = TPMI_DH_PCR_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize, FALSE); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_PCR_Reset #if CC_PolicySigned case TPM_CC_PolicySigned: *handleCount = 2; result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize, FALSE); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; result = TPMI_SH_POLICY_Unmarshal(&handles[1], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; break; #endif // CC_PolicySigned #if CC_PolicySecret case TPM_CC_PolicySecret: *handleCount = 2; result = TPMI_DH_ENTITY_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize, FALSE); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; result = TPMI_SH_POLICY_Unmarshal(&handles[1], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; break; #endif // CC_PolicySecret #if CC_PolicyTicket case TPM_CC_PolicyTicket: *handleCount = 1; result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_PolicyTicket #if CC_PolicyOR case TPM_CC_PolicyOR: *handleCount = 1; result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_PolicyOR #if CC_PolicyPCR case TPM_CC_PolicyPCR: *handleCount = 1; result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_PolicyPCR #if CC_PolicyLocality case TPM_CC_PolicyLocality: *handleCount = 1; result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_PolicyLocality #if CC_PolicyNV case TPM_CC_PolicyNV: *handleCount = 3; result = TPMI_RH_NV_AUTH_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; result = TPMI_RH_NV_INDEX_Unmarshal(&handles[1], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; result = TPMI_SH_POLICY_Unmarshal(&handles[2], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_3; break; #endif // CC_PolicyNV #if CC_PolicyCounterTimer case TPM_CC_PolicyCounterTimer: *handleCount = 1; result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_PolicyCounterTimer #if CC_PolicyCommandCode case TPM_CC_PolicyCommandCode: *handleCount = 1; result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_PolicyCommandCode #if CC_PolicyPhysicalPresence case TPM_CC_PolicyPhysicalPresence: *handleCount = 1; result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_PolicyPhysicalPresence #if CC_PolicyCpHash case TPM_CC_PolicyCpHash: *handleCount = 1; result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_PolicyCpHash #if CC_PolicyNameHash case TPM_CC_PolicyNameHash: *handleCount = 1; result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_PolicyNameHash #if CC_PolicyDuplicationSelect case TPM_CC_PolicyDuplicationSelect: *handleCount = 1; result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_PolicyDuplicationSelect #if CC_PolicyAuthorize case TPM_CC_PolicyAuthorize: *handleCount = 1; result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_PolicyAuthorize #if CC_PolicyAuthValue case TPM_CC_PolicyAuthValue: *handleCount = 1; result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_PolicyAuthValue #if CC_PolicyPassword case TPM_CC_PolicyPassword: *handleCount = 1; result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_PolicyPassword #if CC_PolicyGetDigest case TPM_CC_PolicyGetDigest: *handleCount = 1; result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_PolicyGetDigest #if CC_PolicyNvWritten case TPM_CC_PolicyNvWritten: *handleCount = 1; result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_PolicyNvWritten #if CC_PolicyTemplate case TPM_CC_PolicyTemplate: *handleCount = 1; result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_PolicyTemplate #if CC_PolicyAuthorizeNV case TPM_CC_PolicyAuthorizeNV: *handleCount = 3; result = TPMI_RH_NV_AUTH_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; result = TPMI_RH_NV_INDEX_Unmarshal(&handles[1], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; result = TPMI_SH_POLICY_Unmarshal(&handles[2], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_3; break; #endif // CC_PolicyAuthorizeNV #if CC_CreatePrimary case TPM_CC_CreatePrimary: *handleCount = 1; result = TPMI_RH_HIERARCHY_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize, TRUE); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_CreatePrimary #if CC_HierarchyControl case TPM_CC_HierarchyControl: *handleCount = 1; result = TPMI_RH_HIERARCHY_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize, FALSE); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_HierarchyControl #if CC_SetPrimaryPolicy case TPM_CC_SetPrimaryPolicy: *handleCount = 1; result = TPMI_RH_HIERARCHY_AUTH_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_SetPrimaryPolicy #if CC_ChangePPS case TPM_CC_ChangePPS: *handleCount = 1; result = TPMI_RH_PLATFORM_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_ChangePPS #if CC_ChangeEPS case TPM_CC_ChangeEPS: *handleCount = 1; result = TPMI_RH_PLATFORM_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_ChangeEPS #if CC_Clear case TPM_CC_Clear: *handleCount = 1; result = TPMI_RH_CLEAR_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_Clear #if CC_ClearControl case TPM_CC_ClearControl: *handleCount = 1; result = TPMI_RH_CLEAR_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_ClearControl #if CC_HierarchyChangeAuth case TPM_CC_HierarchyChangeAuth: *handleCount = 1; result = TPMI_RH_HIERARCHY_AUTH_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_HierarchyChangeAuth #if CC_DictionaryAttackLockReset case TPM_CC_DictionaryAttackLockReset: *handleCount = 1; result = TPMI_RH_LOCKOUT_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_DictionaryAttackLockReset #if CC_DictionaryAttackParameters case TPM_CC_DictionaryAttackParameters: *handleCount = 1; result = TPMI_RH_LOCKOUT_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_DictionaryAttackParameters #if CC_PP_Commands case TPM_CC_PP_Commands: *handleCount = 1; result = TPMI_RH_PLATFORM_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_PP_Commands #if CC_SetAlgorithmSet case TPM_CC_SetAlgorithmSet: *handleCount = 1; result = TPMI_RH_PLATFORM_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_SetAlgorithmSet #if CC_FieldUpgradeStart case TPM_CC_FieldUpgradeStart: *handleCount = 2; result = TPMI_RH_PLATFORM_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; result = TPMI_DH_OBJECT_Unmarshal(&handles[1], handleBufferStart, bufferRemainingSize, FALSE); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; break; #endif // CC_FieldUpgradeStart #if CC_FieldUpgradeData case TPM_CC_FieldUpgradeData: break; #endif // CC_FieldUpgradeData #if CC_FirmwareRead case TPM_CC_FirmwareRead: break; #endif // CC_FirmwareRead #if CC_ContextSave case TPM_CC_ContextSave: *handleCount = 1; result = TPMI_DH_CONTEXT_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_ContextSave #if CC_ContextLoad case TPM_CC_ContextLoad: break; #endif // CC_ContextLoad #if CC_FlushContext case TPM_CC_FlushContext: break; #endif // CC_FlushContext #if CC_EvictControl case TPM_CC_EvictControl: *handleCount = 2; result = TPMI_RH_PROVISION_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; result = TPMI_DH_OBJECT_Unmarshal(&handles[1], handleBufferStart, bufferRemainingSize, FALSE); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; break; #endif // CC_EvictControl #if CC_ReadClock case TPM_CC_ReadClock: break; #endif // CC_ReadClock #if CC_ClockSet case TPM_CC_ClockSet: *handleCount = 1; result = TPMI_RH_PROVISION_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_ClockSet #if CC_ClockRateAdjust case TPM_CC_ClockRateAdjust: *handleCount = 1; result = TPMI_RH_PROVISION_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_ClockRateAdjust #if CC_GetCapability case TPM_CC_GetCapability: break; #endif // CC_GetCapability #if CC_TestParms case TPM_CC_TestParms: break; #endif // CC_TestParms #if CC_NV_DefineSpace case TPM_CC_NV_DefineSpace: *handleCount = 1; result = TPMI_RH_PROVISION_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_NV_DefineSpace #if CC_NV_UndefineSpace case TPM_CC_NV_UndefineSpace: *handleCount = 2; result = TPMI_RH_PROVISION_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; result = TPMI_RH_NV_INDEX_Unmarshal(&handles[1], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; break; #endif // CC_NV_UndefineSpace #if CC_NV_UndefineSpaceSpecial case TPM_CC_NV_UndefineSpaceSpecial: *handleCount = 2; result = TPMI_RH_NV_INDEX_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; result = TPMI_RH_PLATFORM_Unmarshal(&handles[1], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; break; #endif // CC_NV_UndefineSpaceSpecial #if CC_NV_ReadPublic case TPM_CC_NV_ReadPublic: *handleCount = 1; result = TPMI_RH_NV_INDEX_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_NV_ReadPublic #if CC_NV_Write case TPM_CC_NV_Write: *handleCount = 2; result = TPMI_RH_NV_AUTH_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; result = TPMI_RH_NV_INDEX_Unmarshal(&handles[1], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; break; #endif // CC_NV_Write #if CC_NV_Increment case TPM_CC_NV_Increment: *handleCount = 2; result = TPMI_RH_NV_AUTH_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; result = TPMI_RH_NV_INDEX_Unmarshal(&handles[1], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; break; #endif // CC_NV_Increment #if CC_NV_Extend case TPM_CC_NV_Extend: *handleCount = 2; result = TPMI_RH_NV_AUTH_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; result = TPMI_RH_NV_INDEX_Unmarshal(&handles[1], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; break; #endif // CC_NV_Extend #if CC_NV_SetBits case TPM_CC_NV_SetBits: *handleCount = 2; result = TPMI_RH_NV_AUTH_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; result = TPMI_RH_NV_INDEX_Unmarshal(&handles[1], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; break; #endif // CC_NV_SetBits #if CC_NV_WriteLock case TPM_CC_NV_WriteLock: *handleCount = 2; result = TPMI_RH_NV_AUTH_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; result = TPMI_RH_NV_INDEX_Unmarshal(&handles[1], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; break; #endif // CC_NV_WriteLock #if CC_NV_GlobalWriteLock case TPM_CC_NV_GlobalWriteLock: *handleCount = 1; result = TPMI_RH_PROVISION_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_NV_GlobalWriteLock #if CC_NV_Read case TPM_CC_NV_Read: *handleCount = 2; result = TPMI_RH_NV_AUTH_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; result = TPMI_RH_NV_INDEX_Unmarshal(&handles[1], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; break; #endif // CC_NV_Read #if CC_NV_ReadLock case TPM_CC_NV_ReadLock: *handleCount = 2; result = TPMI_RH_NV_AUTH_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; result = TPMI_RH_NV_INDEX_Unmarshal(&handles[1], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; break; #endif // CC_NV_ReadLock #if CC_NV_ChangeAuth case TPM_CC_NV_ChangeAuth: *handleCount = 1; result = TPMI_RH_NV_INDEX_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_NV_ChangeAuth #if CC_NV_Certify case TPM_CC_NV_Certify: *handleCount = 3; result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize, TRUE); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; result = TPMI_RH_NV_AUTH_Unmarshal(&handles[1], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; result = TPMI_RH_NV_INDEX_Unmarshal(&handles[2], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_3; break; #endif // CC_NV_Certify #if CC_AC_GetCapability case TPM_CC_AC_GetCapability: *handleCount = 1; result = TPMI_RH_AC_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_AC_GetCapability #if CC_AC_Send case TPM_CC_AC_Send: *handleCount = 3; result = TPMI_DH_OBJECT_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize, FALSE); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; result = TPMI_RH_NV_AUTH_Unmarshal(&handles[1], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_2; result = TPMI_RH_AC_Unmarshal(&handles[2], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_3; break; #endif // CC_AC_Send #if CC_Policy_AC_SendSelect case TPM_CC_Policy_AC_SendSelect: *handleCount = 1; result = TPMI_SH_POLICY_Unmarshal(&handles[0], handleBufferStart, bufferRemainingSize); if(TPM_RC_SUCCESS != result) return result + TPM_RC_H + TPM_RC_1; break; #endif // CC_Policy_AC_SendSelect #if CC_Vendor_TCG_Test case TPM_CC_Vendor_TCG_Test: break; #endif // CC_Vendor_TCG_Test go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/HashTestData.h000066400000000000000000000123351510276467000263210ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ // // Hash Test Vectors // TPM2B_TYPE(HASH_TEST_KEY, 128); // Twice the largest digest size TPM2B_HASH_TEST_KEY c_hashTestKey = {{128, { 0xa0,0xed,0x5c,0x9a,0xd2,0x4a,0x21,0x40,0x1a,0xd0,0x81,0x47,0x39,0x63,0xf9,0x50, 0xdc,0x59,0x47,0x11,0x40,0x13,0x99,0x92,0xc0,0x72,0xa4,0x0f,0xe2,0x33,0xe4,0x63, 0x9b,0xb6,0x76,0xc3,0x1e,0x6f,0x13,0xee,0xcc,0x99,0x71,0xa5,0xc0,0xcf,0x9a,0x40, 0xcf,0xdb,0x66,0x70,0x05,0x63,0x54,0x12,0x25,0xf4,0xe0,0x1b,0x23,0x35,0xe3,0x70, 0x7d,0x19,0x5f,0x00,0xe4,0xf1,0x61,0x73,0x05,0xd8,0x58,0x7f,0x60,0x61,0x84,0x36, 0xec,0xbe,0x96,0x1b,0x69,0x00,0xf0,0x9a,0x6e,0xe3,0x26,0x73,0x0d,0x17,0x5b,0x33, 0x41,0x44,0x9d,0x90,0xab,0xd9,0x6b,0x7d,0x48,0x99,0x25,0x93,0x29,0x14,0x2b,0xce, 0x93,0x8d,0x8c,0xaf,0x31,0x0e,0x9c,0x57,0xd8,0x5b,0x57,0x20,0x1b,0x9f,0x2d,0xa5 }}}; TPM2B_TYPE(HASH_TEST_DATA, 256); // Twice the largest block size TPM2B_HASH_TEST_DATA c_hashTestData = {{256, { 0x88,0xac,0xc3,0xe5,0x5f,0x66,0x9d,0x18,0x80,0xc9,0x7a,0x9c,0xa4,0x08,0x90,0x98, 0x0f,0x3a,0x53,0x92,0x4c,0x67,0x4e,0xb7,0x37,0xec,0x67,0x87,0xb6,0xbe,0x10,0xca, 0x11,0x5b,0x4a,0x0b,0x45,0xc3,0x32,0x68,0x48,0x69,0xce,0x25,0x1b,0xc8,0xaf,0x44, 0x79,0x22,0x83,0xc8,0xfb,0xe2,0x63,0x94,0xa2,0x3c,0x59,0x3e,0x3e,0xc6,0x64,0x2c, 0x1f,0x8c,0x11,0x93,0x24,0xa3,0x17,0xc5,0x2f,0x37,0xcf,0x95,0x97,0x8e,0x63,0x39, 0x68,0xd5,0xca,0xba,0x18,0x37,0x69,0x6e,0x4f,0x19,0xfd,0x8a,0xc0,0x8d,0x87,0x3a, 0xbc,0x31,0x42,0x04,0x05,0xef,0xb5,0x02,0xef,0x1e,0x92,0x4b,0xb7,0x73,0x2c,0x8c, 0xeb,0x23,0x13,0x81,0x34,0xb9,0xb5,0xc1,0x17,0x37,0x39,0xf8,0x3e,0xe4,0x4c,0x06, 0xa8,0x81,0x52,0x2f,0xef,0xc9,0x9c,0x69,0x89,0xbc,0x85,0x9c,0x30,0x16,0x02,0xca, 0xe3,0x61,0xd4,0x0f,0xed,0x34,0x1b,0xca,0xc1,0x1b,0xd1,0xfa,0xc1,0xa2,0xe0,0xdf, 0x52,0x2f,0x0b,0x4b,0x9f,0x0e,0x45,0x54,0xb9,0x17,0xb6,0xaf,0xd6,0xd5,0xca,0x90, 0x29,0x57,0x7b,0x70,0x50,0x94,0x5c,0x8e,0xf6,0x4e,0x21,0x8b,0xc6,0x8b,0xa6,0xbc, 0xb9,0x64,0xd4,0x4d,0xf3,0x68,0xd8,0xac,0xde,0xd8,0xd8,0xb5,0x6d,0xcd,0x93,0xeb, 0x28,0xa4,0xe2,0x5c,0x44,0xef,0xf0,0xe1,0x6f,0x38,0x1a,0x3c,0xe6,0xef,0xa2,0x9d, 0xb9,0xa8,0x05,0x2a,0x95,0xec,0x5f,0xdb,0xb0,0x25,0x67,0x9c,0x86,0x7a,0x8e,0xea, 0x51,0xcc,0xc3,0xd3,0xff,0x6e,0xf0,0xed,0xa3,0xae,0xf9,0x5d,0x33,0x70,0xf2,0x11 }}}; #if ALG_SHA1 == YES TPM2B_TYPE(SHA1, 20); TPM2B_SHA1 c_SHA1_digest = {{20, { 0xee,0x2c,0xef,0x93,0x76,0xbd,0xf8,0x91,0xbc,0xe6,0xe5,0x57,0x53,0x77,0x01,0xb5, 0x70,0x95,0xe5,0x40 }}}; #endif #if ALG_SHA256 == YES TPM2B_TYPE(SHA256, 32); TPM2B_SHA256 c_SHA256_digest = {{32, { 0x64,0xe8,0xe0,0xc3,0xa9,0xa4,0x51,0x49,0x10,0x55,0x8d,0x31,0x71,0xe5,0x2f,0x69, 0x3a,0xdc,0xc7,0x11,0x32,0x44,0x61,0xbd,0x34,0x39,0x57,0xb0,0xa8,0x75,0x86,0x1b }}}; #endif #if ALG_SHA384 == YES TPM2B_TYPE(SHA384, 48); TPM2B_SHA384 c_SHA384_digest = {{48, { 0x37,0x75,0x29,0xb5,0x20,0x15,0x6e,0xa3,0x7e,0xa3,0x0d,0xcd,0x80,0xa8,0xa3,0x3d, 0xeb,0xe8,0xad,0x4e,0x1c,0x77,0x94,0x5a,0xaf,0x6c,0xd0,0xc1,0xfa,0x43,0x3f,0xc7, 0xb8,0xf1,0x01,0xc0,0x60,0xbf,0xf2,0x87,0xe8,0x71,0x9e,0x51,0x97,0xa0,0x09,0x8d }}}; #endif #if ALG_SHA512 == YES TPM2B_TYPE(SHA512, 64); TPM2B_SHA512 c_SHA512_digest = {{64, { 0xe2,0x7b,0x10,0x3d,0x5e,0x48,0x58,0x44,0x67,0xac,0xa3,0x81,0x8c,0x1d,0xc5,0x71, 0x66,0x92,0x8a,0x89,0xaa,0xd4,0x35,0x51,0x60,0x37,0x31,0xd7,0xba,0xe7,0x93,0x0b, 0x16,0x4d,0xb3,0xc8,0x34,0x98,0x3c,0xd3,0x53,0xde,0x5e,0xe8,0x0c,0xbc,0xaf,0xc9, 0x24,0x2c,0xcc,0xed,0xdb,0xde,0xba,0x1f,0x14,0x14,0x5a,0x95,0x80,0xde,0x66,0xbd }}}; #endif go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/InternalRoutines.h000066400000000000000000000074661510276467000273220ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #ifndef INTERNAL_ROUTINES_H #define INTERNAL_ROUTINES_H #if !defined _LIB_SUPPORT_H_ && !defined _TPM_H_ #error "Should not be called" #endif // DRTM functions #include "_TPM_Hash_Start_fp.h" #include "_TPM_Hash_Data_fp.h" #include "_TPM_Hash_End_fp.h" // Internal subsystem functions #include "Object_fp.h" #include "Context_spt_fp.h" #include "Object_spt_fp.h" #include "Entity_fp.h" #include "Session_fp.h" #include "Hierarchy_fp.h" #include "NvReserved_fp.h" #include "NvDynamic_fp.h" #include "NV_spt_fp.h" #include "PCR_fp.h" #include "DA_fp.h" #include "TpmFail_fp.h" #include "SessionProcess_fp.h" // Internal support functions #include "CommandCodeAttributes_fp.h" #include "Marshal_fp.h" #include "Time_fp.h" #include "Locality_fp.h" #include "PP_fp.h" #include "CommandAudit_fp.h" #include "Manufacture_fp.h" #include "Handle_fp.h" #include "Power_fp.h" #include "Response_fp.h" #include "CommandDispatcher_fp.h" #ifdef CC_AC_Send # include "AC_spt_fp.h" #endif // CC_AC_Send // Miscellaneous #include "Bits_fp.h" #include "AlgorithmCap_fp.h" #include "PropertyCap_fp.h" #include "IoBuffers_fp.h" #include "Memory_fp.h" #include "ResponseCodeProcessing_fp.h" // Internal cryptographic functions #include "BnConvert_fp.h" #include "BnMath_fp.h" #include "BnMemory_fp.h" #include "Ticket_fp.h" #include "CryptUtil_fp.h" #include "CryptHash_fp.h" #include "CryptSym_fp.h" #include "CryptDes_fp.h" #include "CryptPrime_fp.h" #include "CryptRand_fp.h" #include "CryptSelfTest_fp.h" #include "MathOnByteBuffers_fp.h" #include "CryptSym_fp.h" #include "AlgorithmTests_fp.h" #if ALG_RSA #include "CryptRsa_fp.h" #include "CryptPrimeSieve_fp.h" #endif #if ALG_ECC #include "CryptEccMain_fp.h" #include "CryptEccSignature_fp.h" #include "CryptEccKeyExchange_fp.h" #endif #if CC_MAC || CC_MAC_Start # include "CryptSmac_fp.h" # if ALG_CMAC # include "CryptCmac_fp.h" # endif #endif // Support library #include "SupportLibraryFunctionPrototypes_fp.h" // Linkage to platform functions #include "Platform_fp.h" #endif go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/KdfTestData.h000066400000000000000000000070141510276467000261400ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ // // Hash Test Vectors // #define TEST_KDF_KEY_SIZE 20 TPM2B_TYPE(KDF_TEST_KEY, TEST_KDF_KEY_SIZE); TPM2B_KDF_TEST_KEY c_kdfTestKeyIn = {{TEST_KDF_KEY_SIZE, { 0x27, 0x1F, 0xA0, 0x8B, 0xBD, 0xC5, 0x06, 0x0E, 0xC3, 0xDF, 0xA9, 0x28, 0xFF, 0x9B, 0x73, 0x12, 0x3A, 0x12, 0xDA, 0x0C }}}; TPM2B_TYPE(KDF_TEST_LABEL, 17); TPM2B_KDF_TEST_LABEL c_kdfTestLabel = {{17, { 0x4B, 0x44, 0x46, 0x53, 0x45, 0x4C, 0x46, 0x54, 0x45, 0x53, 0x54, 0x4C, 0x41, 0x42, 0x45, 0x4C, 0x00 }}}; TPM2B_TYPE(KDF_TEST_CONTEXT, 8); TPM2B_KDF_TEST_CONTEXT c_kdfTestContextU = {{8, { 0xCE, 0x24, 0x4F, 0x39, 0x5D, 0xCA, 0x73, 0x91 }}}; TPM2B_KDF_TEST_CONTEXT c_kdfTestContextV = {{8, { 0xDA, 0x50, 0x40, 0x31, 0xDD, 0xF1, 0x2E, 0x83 }}}; #if ALG_SHA512 == ALG_YES TPM2B_KDF_TEST_KEY c_kdfTestKeyOut = {{20, { 0x8b, 0xe2, 0xc1, 0xb8, 0x5b, 0x78, 0x56, 0x9b, 0x9f, 0xa7, 0x59, 0xf5, 0x85, 0x7c, 0x56, 0xd6, 0x84, 0x81, 0x0f, 0xd3 }}}; #define KDF_TEST_ALG TPM_ALG_SHA512 #elif ALG_SHA384 == ALG_YES TPM2B_KDF_TEST_KEY c_kdfTestKeyOut = {{20, { 0x1d, 0xce, 0x70, 0xc9, 0x11, 0x3e, 0xb2, 0xdb, 0xa4, 0x7b, 0xd9, 0xcf, 0xc7, 0x2b, 0xf4, 0x6f, 0x45, 0xb0, 0x93, 0x12 }}}; #define KDF_TEST_ALG TPM_ALG_SHA384 #elif ALG_SHA256 == ALG_YES TPM2B_KDF_TEST_KEY c_kdfTestKeyOut = {{20, { 0xbb, 0x02, 0x59, 0xe1, 0xc8, 0xba, 0x60, 0x7e, 0x6a, 0x2c, 0xd7, 0x04, 0xb6, 0x9a, 0x90, 0x2e, 0x9a, 0xde, 0x84, 0xc4 }}}; #define KDF_TEST_ALG TPM_ALG_SHA256 #elif ALG_SHA1 == ALG_YES TPM2B_KDF_TEST_KEY c_kdfTestKeyOut = {{20, { 0x55, 0xb5, 0xa7, 0x18, 0x4a, 0xa0, 0x74, 0x23, 0xc4, 0x7d, 0xae, 0x76, 0x6c, 0x26, 0xa2, 0x37, 0x7d, 0x7c, 0xf8, 0x51 }}}; #define KDF_TEST_ALG TPM_ALG_SHA1 #endif go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/LibSupport.h000066400000000000000000000064051510276467000261100ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ // This header file is used to select the library code that gets included in the // TPM build. #ifndef _LIB_SUPPORT_H_ #define _LIB_SUPPORT_H_ //********************* #ifndef RADIX_BITS # if defined(__x86_64__) || defined(__x86_64) \ || defined(__amd64__) || defined(__amd64) || defined(_WIN64) || defined(_M_X64) \ || defined(_M_ARM64) || defined(__aarch64__) \ || (defined(__riscv) && __riscv_xlen == 64) # define RADIX_BITS 64 # elif defined(__i386__) || defined(__i386) || defined(i386) \ || defined(_WIN32) || defined(_M_IX86) \ || defined(_M_ARM) || defined(__arm__) || defined(__thumb__) \ || (defined(__riscv) && __riscv_xlen == 32) # define RADIX_BITS 32 # else # error Unable to determine RADIX_BITS from compiler environment # endif #endif // RADIX_BITS // These macros use the selected libraries to the proper include files. #define LIB_QUOTE(_STRING_) #_STRING_ #define LIB_INCLUDE2(_LIB_, _TYPE_) LIB_QUOTE(_LIB_/TpmTo##_LIB_##_TYPE_.h) #define LIB_INCLUDE(_LIB_, _TYPE_) LIB_INCLUDE2(_LIB_, _TYPE_) // Include the options for hashing and symmetric. Defer the load of the math package // Until the bignum parameters are defined. #include LIB_INCLUDE(SYM_LIB, Sym) #include LIB_INCLUDE(HASH_LIB, Hash) #undef MIN #undef MAX #endif // _LIB_SUPPORT_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ltc/000077500000000000000000000000001510276467000243515ustar00rootroot00000000000000go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ltc/LtcSettings.h000066400000000000000000000052251510276467000267710ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or other * materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Introduction // // This header file contains some defines that are necessary to get LTC to compile // correctly // #ifndef _LTC_SETTINGS_H_ #define _LTC_SETTINGS_H_ #if (defined HASH_LIB_LTC) || (defined SYM_LIB_LTC) || (defined MATH_LIB_LTC) #if ALG_AES # define LTC_RIJNDAEL #endif #if ALG_TDES # define LTC_DES #endif #define _Bool int // LibTomCrypt types typedef unsigned long long ulong64; /* default no functions m for LTC */ #define LTC_MUTEX_GLOBAL(x) #define LTC_MUTEX_PROTO(x) #define LTC_MUTEX_TYPE(x) #define LTC_MUTEX_INIT(x) #define LTC_MUTEX_LOCK(x) #define LTC_MUTEX_UNLOCK(x) #ifndef XMEM_NEQ #define XMEM_NEQ #endif #define LTC_SHA512 #define LTC_SHA384 #define LTC_SHA256 #define LTC_SHA1 // Define these function calls as needed #define CryptLibStartup() LtcLibStartup() _REDUCE_WARNING_LEVEL_(0) #include "tomcrypt.h" _NORMAL_WARNING_LEVEL_ #endif #endif // go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ltc/TpmToLtcHash.h000066400000000000000000000210701510276467000270340ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or other * materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Introduction // This header defines the interface between the hashing code and the LIbTomCrypt // hash functions. #ifndef HASH_LIB_DEFINED #define HASH_LIB_DEFINED #define HASH_LIB_LTC // Avoid pulling in the MPA math if not doing asymmetric with LTC #if !(defined MATH_LIB_LTC) # define LTC_NO_ASYMMETRIC #endif #include "LtcSettings.h" //*************************************************************** //******** Linking to the TomCrypt HASH code ******************** //*************************************************************** // These defines need to be known in all parts of the TPM so that the structure // sizes can be properly computed when needed. #define tpmHashStateSHA1_t struct sha1_state #define tpmHashStateSHA256_t struct sha256_state #define tpmHashStateSHA512_t struct sha512_state #define tpmHashStateSHA384_t struct sha512_state // The following defines are only needed by CryptHash.c #ifdef _CRYPT_HASH_C_ // Define the interface between CryptHash.c to the functions provided by the // library. For each method, define the calling parameters of the method and then // define how the method is invoked in CryptHash.c. // // All hashes are required to have the same calling sequence. If they don't, create // a simple adaptation function that converts from the "standard" form of the call // to the form used by the specific hash (and then send a nasty letter to the // person who wrote the hash function for the library). // // The macro that calls the method also defines how the // parameters get swizzled between the default form (in CryptHash.c)and the // library form. // // Initialize the hash context #define HASH_START_METHOD_DEF \ void (HASH_START_METHOD)(PANY_HASH_STATE state) #define HASH_START(hashState) \ ((hashState)->def->method.start)(&(hashState)->state) // Add data to the hash #define HASH_DATA_METHOD_DEF \ void (HASH_DATA_METHOD)(PANY_HASH_STATE state, \ const BYTE *buffer, \ size_t size) #define HASH_DATA(hashState, dInSize, dIn) \ ((hashState)->def->method.data)(&(hashState)->state, dIn, dInSize) // Finalize the hash and get the digest #define HASH_END_METHOD_DEF \ void (HASH_END_METHOD)(PANY_HASH_STATE \ state, \ BYTE *buffer) #define HASH_END(hashState, buffer) \ ((hashState)->def->method.end)(&(hashState)->state, buffer) // Copy the hash context // Note: For import, export, and copy, memcpy() is used since there is no // reformatting necessary between the internal and external forms #define HASH_STATE_COPY_METHOD_DEF \ void (HASH_STATE_COPY_METHOD)(PANY_HASH_STATE to, \ PCANY_HASH_STATE from, \ size_t size) #define HASH_STATE_COPY(hashStateOut, hashStateIn) \ ((hashStateIn)->def->method.copy) \ (&(hashStateOut)->state, \ &(hashStateIn)->state, \ (hashStateIn)->def->contextSize) // Copy (with reformatting when necessary) an internal hash structure to an // external blob #define HASH_STATE_EXPORT_METHOD_DEF \ void (HASH_STATE_EXPORT_METHOD)(BYTE *to, \ PANY_HASH_STATE from, \ size_t size) #define HASH_STATE_EXPORT(to, hashStateFrom) \ ((hashStateFrom)->def->method.copyOut) \ (&(((BYTE *)(to))[offsetof(HASH_STATE, state)]), \ &(hashStateFrom)->state, \ (hashStateFrom)->def->contextSize) // Copy from an external blob to an internal formate (with reformatting when // necessary #define HASH_STATE_IMPORT_METHOD_DEF \ void (HASH_STATE_IMPORT_METHOD)(PANY_HASH_STATE to, \ const BYTE *from, \ size_t size) #define HASH_STATE_IMPORT(hashStateTo, from) \ ((hashStateTo)->def->method.copyIn) \ (&(hashStateTo)->state, \ &(((const BYTE *)(from))[offsetof(HASH_STATE, state)]),\ (hashStateTo)->def->contextSize) // Internal External // Designation Designation #define tpmHashStart_SHA1 sha1_init #define tpmHashData_SHA1 sha1_process #define tpmHashEnd_SHA1 sha1_done #define tpmHashStateCopy_SHA1 memcpy #define tpmHashStateExport_SHA1 memcpy #define tpmHashStateImport_SHA1 memcpy #define tpmHashStart_SHA256 sha256_init #define tpmHashData_SHA256 sha256_process #define tpmHashEnd_SHA256 sha256_done #define tpmHashStateCopy_SHA256 memcpy #define tpmHashStateExport_SHA256 memcpy #define tpmHashStateImport_SHA256 memcpy #define tpmHashStart_SHA384 sha384_init #define tpmHashData_SHA384 sha384_process #define tpmHashEnd_SHA384 sha384_done #define tpmHashStateCopy_SHA384 memcpy #define tpmHashStateExport_SHA384 memcpy #define tpmHashStateImport_SHA384 memcpy #define tpmHashStart_SHA512 sha512_init #define tpmHashData_SHA512 sha512_process #define tpmHashEnd_SHA512 sha512_done #define tpmHashStateCopy_SHA512 memcpy #define tpmHashStateExport_SHA512 memcpy #define tpmHashStateImport_SHA512 memcpy #endif // _CRYPT_HASH_C_ // No special processing to initialize the LTC hash library #define LibHashInit() // No special processing at the end of the simulation (i.e., no statistics to print) #define HashLibSimulationEnd() #endif // HASH_LIB_DEFINED go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ltc/TpmToLtcMath.h000066400000000000000000000066001510276467000270440ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or other * materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Introduction // This file contains the structure definitions used for linking from the TPM // code to the MPA and LTC math libraries. #ifndef MATH_LIB_DEFINED #define MATH_LIB_DEFINED #define MATH_LIB_LTC _REDUCE_WARNING_LEVEL_(2) #include "LtcSettings.h" #include "mpalib.h" #include "mpa.h" #include "tomcrypt_mpa.h" _NORMAL_WARNING_LEVEL_ #if RADIX_BITS != 32 #error "The mpa library used with LibTomCrypt only works for 32-bit words" #endif // These macros handle entering and leaving a scope // from which an MPA or LibTomCrypt function may be called. // Many of these functions require a scratch pool from which // they will allocate scratch variables (rather than using their // own stack). extern mpa_scratch_mem external_mem_pool; #define MPA_ENTER(vars, bits) \ mpa_word_t POOL_ [ \ mpa_scratch_mem_size_in_U32(vars, bits)]; \ mpa_scratch_mem pool_save = external_mem_pool; \ mpa_scratch_mem POOL = LtcPoolInit(POOL_, vars, bits) #define MPA_LEAVE() init_mpa_tomcrypt(pool_save) typedef ECC_CURVE_DATA bnCurve_t; typedef bnCurve_t *bigCurve; #define AccessCurveData(E) (E) // Include the support functions for the routines that are used by LTC thunk. #include "TpmToLtcSupport_fp.h" #define CURVE_INITIALIZED(name, initializer) \ bnCurve_t *name = (ECC_CURVE_DATA *)GetCurveData(initializer) #define CURVE_FREE(E) // This definition would change if there were something to report #define MathLibSimulationEnd() #endif // MATH_LIB_DEFINED go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ltc/TpmToLtcSym.h000066400000000000000000000104061510276467000267220ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or other * materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Introduction // // This header file is used to "splice" the TPM to the LTC symmetric cipher code. #ifndef SYM_LIB_DEFINED #define SYM_LIB_DEFINED #define SYM_LIB_LTC // Avoid pulling in the MPA math if not doing asymmetric with LTC #if !(defined MATH_LIB_LTC) # define LTC_NO_ASYMMETRIC #endif #include "LtcSettings.h" //*************************************************************** //******** Linking to the TomCrypt AES code ********************* //*************************************************************** #if ALG_SM4 #error "SM4 is not available" #endif #if ALG_CAMELLIA #error "Camellia is not available" #endif // Define the order of parameters to the functions that do block encryption and // decryption. typedef void(*TpmCryptSetSymKeyCall_t)( const void *in, void *out, void *keySchedule ); // Macro to put the parameters in the order required by the library #define SWIZZLE(keySchedule, in, out) \ (const void *)(in), (void *)(out), (void *)(keySchedule) // Macros to set up the encryption/decryption key schedules // // AES: # define TpmCryptSetEncryptKeyAES(key, keySizeInBits, schedule) \ aes_setup((key), BITS_TO_BYTES(keySizeInBits), 0, (symmetric_key *)(schedule)) # define TpmCryptSetDecryptKeyAES(key, keySizeInBits, schedule) \ aes_setup((key), BITS_TO_BYTES(keySizeInBits), 0, (symmetric_key *)(schedule)) // TDES: # define TpmCryptSetEncryptKeyTDES(key, keySizeInBits, schedule) \ TDES_setup((key), (keySizeInBits), (symmetric_key *)(schedule)) # define TpmCryptSetDecryptKeyTDES(key, keySizeInBits, schedule) \ TDES_setup((key), (keySizeInBits), (symmetric_key *)(schedule)) // Macros to alias encrypt and decrypt function calls to library-specific values // sparingly. These should be used sparingly. Currently, they are only used by // CryptRand.c in the AES version of the DRBG. #define TpmCryptEncryptAES aes_ecb_encrypt #define TpmCryptDecryptAES aes_ecb_decrypt #define tpmKeyScheduleAES struct rijndael_key // #define TpmCryptEncryptTDES des3_ecb_encrypt #define TpmCryptDecryptTDES des3_ecb_decrypt #define tpmKeyScheduleTDES struct des3_key typedef union tpmCryptKeySchedule_t tpmCryptKeySchedule_t; #include "TpmToLtcDesSupport_fp.h" // This is used to trigger printing of simulation statistics #define SymLibSimulationEnd() #endif // SYM_LIB_DEFINED go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/MinMax.h000066400000000000000000000036351510276467000252000ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #ifndef _MIN_MAX_H_ #define _MIN_MAX_H_ #ifndef MAX #define MAX(a, b) ((a) > (b) ? (a) : (b)) #endif #ifndef MIN #define MIN(a, b) ((a) < (b) ? (a) : (b)) #endif #endif // _MIN_MAX_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/NV.h000066400000000000000000000152271510276467000243320ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Index Type Definitions // These definitions allow the same code to be used pre and post 1.21. The main // action is to redefine the index type values from the bit values. // Use TPM_NT_ORDINARY to indicate if the TPM_NT type is defined #ifndef _NV_H_ #define _NV_H_ #ifdef TPM_NT_ORDINARY // If TPM_NT_ORDINARY is defined, then the TPM_NT field is present in a TPMA_NV # define GET_TPM_NT(attributes) GET_ATTRIBUTE(attributes, TPMA_NV, TPM_NT) #else // If TPM_NT_ORDINARY is not defined, then need to synthesize it from the // attributes # define GetNv_TPM_NV(attributes) \ ( IS_ATTRIBUTE(attributes, TPMA_NV, COUNTER) \ + (IS_ATTRIBUTE(attributes, TPMA_NV, BITS) << 1) \ + (IS_ATTRIBUTE(attributes, TPMA_NV, EXTEND) << 2) \ ) # define TPM_NT_ORDINARY (0) # define TPM_NT_COUNTER (1) # define TPM_NT_BITS (2) # define TPM_NT_EXTEND (4) #endif //** Attribute Macros // These macros are used to isolate the differences in the way that the index type // changed in version 1.21 of the specification # define IsNvOrdinaryIndex(attributes) \ (GET_TPM_NT(attributes) == TPM_NT_ORDINARY) # define IsNvCounterIndex(attributes) \ (GET_TPM_NT(attributes) == TPM_NT_COUNTER) # define IsNvBitsIndex(attributes) \ (GET_TPM_NT(attributes) == TPM_NT_BITS) # define IsNvExtendIndex(attributes) \ (GET_TPM_NT(attributes) == TPM_NT_EXTEND) #ifdef TPM_NT_PIN_PASS # define IsNvPinPassIndex(attributes) \ (GET_TPM_NT(attributes) == TPM_NT_PIN_PASS) #endif #ifdef TPM_NT_PIN_FAIL # define IsNvPinFailIndex(attributes) \ (GET_TPM_NT(attributes) == TPM_NT_PIN_FAIL) #endif typedef struct { UINT32 size; TPM_HANDLE handle; } NV_ENTRY_HEADER; #define NV_EVICT_OBJECT_SIZE \ (sizeof(UINT32) + sizeof(TPM_HANDLE) + sizeof(OBJECT)) #define NV_INDEX_COUNTER_SIZE \ (sizeof(UINT32) + sizeof(NV_INDEX) + sizeof(UINT64)) #define NV_RAM_INDEX_COUNTER_SIZE \ (sizeof(NV_RAM_HEADER) + sizeof(UINT64)) typedef struct { UINT32 size; TPM_HANDLE handle; TPMA_NV attributes; } NV_RAM_HEADER; // Defines the end-of-list marker for NV. The list terminator is // a UINT32 of zero, followed by the current value of s_maxCounter which is a // 64-bit value. The structure is defined as an array of 3 UINT32 values so that // there is no padding between the UINT32 list end marker and the UINT64 maxCounter // value. typedef UINT32 NV_LIST_TERMINATOR[3]; //** Orderly RAM Values // The following defines are for accessing orderly RAM values. // This is the initialize for the RAM reference iterator. #define NV_RAM_REF_INIT 0 // This is the starting address of the RAM space used for orderly data #define RAM_ORDERLY_START \ (&s_indexOrderlyRam[0]) // This is the offset within NV that is used to save the orderly data on an // orderly shutdown. #define NV_ORDERLY_START \ (NV_INDEX_RAM_DATA) // This is the end of the orderly RAM space. It is actually the first byte after the // last byte of orderly RAM data #define RAM_ORDERLY_END \ (RAM_ORDERLY_START + sizeof(s_indexOrderlyRam)) // This is the end of the orderly space in NV memory. As with RAM_ORDERLY_END, it is // actually the offset of the first byte after the end of the NV orderly data. #define NV_ORDERLY_END \ (NV_ORDERLY_START + sizeof(s_indexOrderlyRam)) // Macro to check that an orderly RAM address is with range. #define ORDERLY_RAM_ADDRESS_OK(start, offset) \ ((start >= RAM_ORDERLY_START) && ((start + offset - 1) < RAM_ORDERLY_END)) #define RETURN_IF_NV_IS_NOT_AVAILABLE \ { \ if(g_NvStatus != TPM_RC_SUCCESS) \ return g_NvStatus; \ } // Routinely have to clear the orderly flag and fail if the // NV is not available so that it can be cleared. #define RETURN_IF_ORDERLY \ { \ if(NvClearOrderly() != TPM_RC_SUCCESS) \ return g_NvStatus; \ } #define NV_IS_AVAILABLE (g_NvStatus == TPM_RC_SUCCESS) #define IS_ORDERLY(value) (value < SU_DA_USED_VALUE) #define NV_IS_ORDERLY (IS_ORDERLY(gp.orderlyState)) // Macro to set the NV UPDATE_TYPE. This deals with the fact that the update is // possibly a combination of UT_NV and UT_ORDERLY. #define SET_NV_UPDATE(type) g_updateNV |= (type) #endif // _NV_H_go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/OIDs.h000066400000000000000000000231571510276467000246060ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #ifndef _OIDS_H_ #define _OIDS_H_ // All the OIDs in this file are defined as DER-encoded values with a leading tag // 0x06 (ASN1_OBJECT_IDENTIFIER), followed by a single length byte. This allows the // OID size to be determined by looking at octet[1] of the OID (total size is // OID[1] + 2). #define MAKE_OID(NAME) \ EXTERN const BYTE OID##NAME[] INITIALIZER({OID##NAME##_VALUE}) // These macros allow OIDs to be defined (or not) depending on whether the associated // hash algorithm is implemented. // NOTE: When one of these macros is used, the NAME needs '_" on each side. The // exception is when the macro is used for the hash OID when only a single '_' is // used. #if ALG_SHA1 #define SHA1_OID(NAME) MAKE_OID(NAME##SHA1) #else #define SHA1_OID(NAME) #endif #if ALG_SHA256 #define SHA256_OID(NAME) MAKE_OID(NAME##SHA256) #else #define SHA256_OID(NAME) #endif #if ALG_SHA384 #define SHA384_OID(NAME) MAKE_OID(NAME##SHA384) #else #define SHA#84_OID(NAME) #endif #if ALG_SHA512 #define SHA512_OID(NAME) MAKE_OID(NAME##SHA512) #else #define SHA512_OID(NAME) #endif #if ALG_SM3_256 #define SM3_256_OID(NAME) MAKE_OID(NAME##SM2_256) #else #define SM3_256_OID(NAME) #endif #if ALG_SHA3_256 #define SHA3_256_OID(NAME) MAKE_OID(NAME##SHA3_256) #else #define SHA3_256_OID(NAME) #endif #if ALG_SHA3_384 #define SHA3_384_OID(NAME) MAKE_OID(NAME##SHA3_384) #else #define SHA3_384_OID(NAME) #endif #if ALG_SHA3_512 #define SSHA3_512_OID(NAME) MAKE_OID(NAME##SHA3_512) #else #define SHA3_512_OID(NAME) #endif // These are encoded to take one additional byte of algorithm selector #define NIST_HASH 0x06, 0x09, 0x60, 0x86, 0x48, 1, 101, 3, 4, 2 #define NIST_SIG 0x06, 0x09, 0x60, 0x86, 0x48, 1, 101, 3, 4, 3 // These hash OIDs used in a lot of places. #define OID_SHA1_VALUE 0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A SHA1_OID(_); // Expands to // MAKE_OID(_SHA1) // which expands to: // extern BYTE OID_SHA1[] // or // const BYTE OID_SHA1[] = {OID_SHA1_VALUE} // which is: // const BYTE OID_SHA1[] = {0x06, 0x05, 0x2B, 0x0E, // 0x03, 0x02, 0x1A} #define OID_SHA256_VALUE NIST_HASH, 1 SHA256_OID(_); #define OID_SHA384_VALUE NIST_HASH, 2 SHA384_OID(_); #define OID_SHA512_VALUE NIST_HASH, 3 SHA512_OID(_); #define OID_SM3_256_VALUE 0x06, 0x08, 0x2A, 0x81, 0x1C, 0xCF, 0x55, 0x01, \ 0x83, 0x11 SM3_256_OID(_); // (1.2.156.10197.1.401) #define OID_SHA3_256_VALUE NIST_HASH, 8 SHA3_256_OID(_); #define OID_SHA3_384_VALUE NIST_HASH, 9 SHA3_384_OID(_); #define OID_SHA3_512_VALUE NIST_HASH, 10 SHA3_512_OID(_); // These are used for RSA-PSS #if ALG_RSA #define OID_MGF1_VALUE 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, \ 0x01, 0x01, 0x08 MAKE_OID(_MGF1); #define OID_RSAPSS_VALUE 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, \ 0x01, 0x01, 0x0A MAKE_OID(_RSAPSS); // This is the OID to designate the public part of an RSA key. #define OID_PKCS1_PUB_VALUE 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, \ 0x01, 0x01, 0x01 MAKE_OID(_PKCS1_PUB); // These are used for RSA PKCS1 signature Algorithms #define OID_PKCS1_SHA1_VALUE 0x06,0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, \ 0x0D, 0x01, 0x01, 0x05 SHA1_OID(_PKCS1_); // (1.2.840.113549.1.1.5) #define OID_PKCS1_SHA256_VALUE 0x06,0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, \ 0x0D, 0x01, 0x01, 0x0B SHA256_OID(_PKCS1_); // (1.2.840.113549.1.1.11) #define OID_PKCS1_SHA384_VALUE 0x06,0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, \ 0x0D, 0x01, 0x01, 0x0C SHA384_OID(_PKCS1_); // (1.2.840.113549.1.1.12) #define OID_PKCS1_SHA512_VALUE 0x06,0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, \ 0x0D, 0x01, 0x01, 0x0D SHA512_OID(_PKCS1_); //(1.2.840.113549.1.1.13) #define OID_PKCS1_SM3_256_VALUE 0x06, 0x08, 0x2A, 0x81, 0x1C, 0xCF, 0x55, \ 0x01, 0x83, 0x78 SM3_256_OID(_PKCS1_); // 1.2.156.10197.1.504 #define OID_PKCS1_SHA3_256_VALUE NIST_SIG, 14 SHA3_256_OID(_PKCS1_); #define OID_PKCS1_SHA3_384_VALUE NIST_SIG, 15 SHA3_256_OID(_PKCS1_); #define OID_PKCS1_SHA3_512_VALUE NIST_SIG, 16 SHA3_512_OID(_PKCS1_); #endif // ALG_RSA #if ALG_ECDSA #define OID_ECDSA_SHA1_VALUE 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, \ 0x01 SHA1_OID(_ECDSA_); // (1.2.840.10045.4.1) SHA1 digest signed by an ECDSA key. #define OID_ECDSA_SHA256_VALUE 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, \ 0x03, 0x02 SHA256_OID(_ECDSA_); // (1.2.840.10045.4.3.2) SHA256 digest signed by an ECDSA key. #define OID_ECDSA_SHA384_VALUE 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, \ 0x03, 0x03 SHA384_OID(_ECDSA_); // (1.2.840.10045.4.3.3) SHA384 digest signed by an ECDSA key. #define OID_ECDSA_SHA512_VALUE 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, \ 0x03, 0x04 SHA512_OID(_ECDSA_); // (1.2.840.10045.4.3.4) SHA512 digest signed by an ECDSA key. #define OID_ECDSA_SM3_256_VALUE 0x00 SM3_256_OID(_ECDSA_); #define OID_ECDSA_SHA3_256_VALUE NIST_SIG, 10 SHA3_256_OID(_ECDSA_); #define OID_ECDSA_SHA3_384_VALUE NIST_SIG, 11 SHA3_384_OID(_ECDSA_); #define OID_ECDSA_SHA3_512_VALUE NIST_SIG, 12 SHA3_512_OID(_ECDSA_); #endif // ALG_ECDSA #if ALG_ECC #define OID_ECC_PUBLIC_VALUE 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, \ 0x01 MAKE_OID(_ECC_PUBLIC); #define OID_ECC_NIST_P192_VALUE 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, \ 0x01, 0x01 #if ECC_NIST_P192 MAKE_OID(_ECC_NIST_P192); // (1.2.840.10045.3.1.1) 'nistP192' #endif // ECC_NIST_P192 #define OID_ECC_NIST_P224_VALUE 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x21 #if ECC_NIST_P224 MAKE_OID(_ECC_NIST_P224); // (1.3.132.0.33) 'nistP224' #endif // ECC_NIST_P224 #define OID_ECC_NIST_P256_VALUE 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, \ 0x01, 0x07 #if ECC_NIST_P256 MAKE_OID(_ECC_NIST_P256); // (1.2.840.10045.3.1.7) 'nistP256' #endif // ECC_NIST_P256 #define OID_ECC_NIST_P384_VALUE 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22 #if ECC_NIST_P384 MAKE_OID(_ECC_NIST_P384); // (1.3.132.0.34) 'nistP384' #endif // ECC_NIST_P384 #define OID_ECC_NIST_P521_VALUE 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x23 #if ECC_NIST_P521 MAKE_OID(_ECC_NIST_P521); // (1.3.132.0.35) 'nistP521' #endif // ECC_NIST_P521 // No OIDs defined for these anonymous curves #define OID_ECC_BN_P256_VALUE 0x00 #if ECC_BN_P256 MAKE_OID(_ECC_BN_P256); #endif // ECC_BN_P256 #define OID_ECC_BN_P638_VALUE 0x00 #if ECC_BN_P638 MAKE_OID(_ECC_BN_P638); #endif // ECC_BN_P638 #define OID_ECC_SM2_P256_VALUE 0x06, 0x08, 0x2A, 0x81, 0x1C, 0xCF, 0x55, 0x01, \ 0x82, 0x2D #if ECC_SM2_P256 MAKE_OID(_ECC_SM2_P256); // Don't know where I found this OID. It needs checking #endif // ECC_SM2_P256 #if ECC_BN_P256 #define OID_ECC_BN_P256 NULL #endif // ECC_BN_P256 #endif // ALG_ECC #undef MAKE_OID #define OID_SIZE(OID) (OID[1] + 2) #endif // !_OIDS_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/000077500000000000000000000000001510276467000245475ustar00rootroot00000000000000go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslHash.h000066400000000000000000000212641510276467000274350ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Introduction // // This header file is used to 'splice' the OpenSSL hash code into the TPM code. // #ifndef HASH_LIB_DEFINED #define HASH_LIB_DEFINED #define HASH_LIB_OSSL #include #include #include //*************************************************************** //** Links to the OpenSSL HASH code //*************************************************************** // Redefine the internal name used for each of the hash state structures to the // name used by the library. // These defines need to be known in all parts of the TPM so that the structure // sizes can be properly computed when needed. #define tpmHashStateSHA1_t SHA_CTX #define tpmHashStateSHA256_t SHA256_CTX #define tpmHashStateSHA384_t SHA512_CTX #define tpmHashStateSHA512_t SHA512_CTX #if ALG_SM3_256 # error "The version of OpenSSL used by this code does not support SM3" #endif // The defines below are only needed when compiling CryptHash.c or CryptSmac.c. // This isolation is primarily to avoid name space collision. However, if there // is a real collision, it will likely show up when the linker tries to put things // together. #ifdef _CRYPT_HASH_C_ typedef BYTE *PBYTE; typedef const BYTE *PCBYTE; // Define the interface between CryptHash.c to the functions provided by the // library. For each method, define the calling parameters of the method and then // define how the method is invoked in CryptHash.c. // // All hashes are required to have the same calling sequence. If they don't, create // a simple adaptation function that converts from the "standard" form of the call // to the form used by the specific hash (and then send a nasty letter to the // person who wrote the hash function for the library). // // The macro that calls the method also defines how the // parameters get swizzled between the default form (in CryptHash.c)and the // library form. // // Initialize the hash context #define HASH_START_METHOD_DEF void (HASH_START_METHOD)(PANY_HASH_STATE state) #define HASH_START(hashState) \ ((hashState)->def->method.start)(&(hashState)->state); // Add data to the hash #define HASH_DATA_METHOD_DEF \ void (HASH_DATA_METHOD)(PANY_HASH_STATE state, \ PCBYTE buffer, \ size_t size) #define HASH_DATA(hashState, dInSize, dIn) \ ((hashState)->def->method.data)(&(hashState)->state, dIn, dInSize) // Finalize the hash and get the digest #define HASH_END_METHOD_DEF \ void (HASH_END_METHOD)(BYTE *buffer, PANY_HASH_STATE state) #define HASH_END(hashState, buffer) \ ((hashState)->def->method.end)(buffer, &(hashState)->state) // Copy the hash context // Note: For import, export, and copy, memcpy() is used since there is no // reformatting necessary between the internal and external forms. #define HASH_STATE_COPY_METHOD_DEF \ void (HASH_STATE_COPY_METHOD)(PANY_HASH_STATE to, \ PCANY_HASH_STATE from, \ size_t size) #define HASH_STATE_COPY(hashStateOut, hashStateIn) \ ((hashStateIn)->def->method.copy)(&(hashStateOut)->state, \ &(hashStateIn)->state, \ (hashStateIn)->def->contextSize) // Copy (with reformatting when necessary) an internal hash structure to an // external blob #define HASH_STATE_EXPORT_METHOD_DEF \ void (HASH_STATE_EXPORT_METHOD)(BYTE *to, \ PCANY_HASH_STATE from, \ size_t size) #define HASH_STATE_EXPORT(to, hashStateFrom) \ ((hashStateFrom)->def->method.copyOut) \ (&(((BYTE *)(to))[offsetof(HASH_STATE, state)]), \ &(hashStateFrom)->state, \ (hashStateFrom)->def->contextSize) // Copy from an external blob to an internal formate (with reformatting when // necessary #define HASH_STATE_IMPORT_METHOD_DEF \ void (HASH_STATE_IMPORT_METHOD)(PANY_HASH_STATE to, \ const BYTE *from, \ size_t size) #define HASH_STATE_IMPORT(hashStateTo, from) \ ((hashStateTo)->def->method.copyIn) \ (&(hashStateTo)->state, \ &(((const BYTE *)(from))[offsetof(HASH_STATE, state)]),\ (hashStateTo)->def->contextSize) // Function aliases. The code in CryptHash.c uses the internal designation for the // functions. These need to be translated to the function names of the library. #define tpmHashStart_SHA1 SHA1_Init // external name of the // initialization method #define tpmHashData_SHA1 SHA1_Update #define tpmHashEnd_SHA1 SHA1_Final #define tpmHashStateCopy_SHA1 memcpy #define tpmHashStateExport_SHA1 memcpy #define tpmHashStateImport_SHA1 memcpy #define tpmHashStart_SHA256 SHA256_Init #define tpmHashData_SHA256 SHA256_Update #define tpmHashEnd_SHA256 SHA256_Final #define tpmHashStateCopy_SHA256 memcpy #define tpmHashStateExport_SHA256 memcpy #define tpmHashStateImport_SHA256 memcpy #define tpmHashStart_SHA384 SHA384_Init #define tpmHashData_SHA384 SHA384_Update #define tpmHashEnd_SHA384 SHA384_Final #define tpmHashStateCopy_SHA384 memcpy #define tpmHashStateExport_SHA384 memcpy #define tpmHashStateImport_SHA384 memcpy #define tpmHashStart_SHA512 SHA512_Init #define tpmHashData_SHA512 SHA512_Update #define tpmHashEnd_SHA512 SHA512_Final #define tpmHashStateCopy_SHA512 memcpy #define tpmHashStateExport_SHA512 memcpy #define tpmHashStateImport_SHA512 memcpy #endif // _CRYPT_HASH_C_ #define LibHashInit() // This definition would change if there were something to report #define HashLibSimulationEnd() #endif // HASH_LIB_DEFINED go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslMath.h000066400000000000000000000130541510276467000274410ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Introduction // This file contains the structure definitions used for ECC in the LibTomCrypt // version of the code. These definitions would change, based on the library. // The ECC-related structures that cross the TPM interface are defined // in TpmTypes.h // #ifndef MATH_LIB_DEFINED #define MATH_LIB_DEFINED #define MATH_LIB_OSSL #include #include #if 0 // OPENSSL_VERSION_NUMBER >= 0x10200000L // Check the bignum_st definition in crypto/bn/bn_lcl.h and either update the // version check or provide the new definition for this version. # error Untested OpenSSL version #elif OPENSSL_VERSION_NUMBER >= 0x10100000L // from crypto/bn/bn_lcl.h struct bignum_st { BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit * chunks. */ int top; /* Index of last used d +1. */ /* The next are internal book keeping for bn_expand. */ int dmax; /* Size of the d array. */ int neg; /* one if the number is negative */ int flags; }; #endif // OPENSSL_VERSION_NUMBER #include //** Macros and Defines // Make sure that the library is using the correct size for a crypt word #if defined THIRTY_TWO_BIT && (RADIX_BITS != 32) \ || ((defined SIXTY_FOUR_BIT_LONG || defined SIXTY_FOUR_BIT) \ && (RADIX_BITS != 64)) # error Ossl library is using different radix #endif // Allocate a local BIGNUM value. For the allocation, a bigNum structure is created // as is a local BIGNUM. The bigNum is initialized and then the BIGNUM is // set to reference the local value. #define BIG_VAR(name, bits) \ BN_VAR(name##Bn, (bits)); \ BIGNUM _##name; \ BIGNUM *name = BigInitialized(&_##name, \ BnInit(name##Bn, \ BYTES_TO_CRYPT_WORDS(sizeof(_##name##Bn.d)))) // Allocate a BIGNUM and initialize with the values in a bigNum initializer #define BIG_INITIALIZED(name, initializer) \ BIGNUM _##name; \ BIGNUM *name = BigInitialized(&_##name, initializer) typedef struct { const ECC_CURVE_DATA *C; // the TPM curve values EC_GROUP *G; // group parameters BN_CTX *CTX; // the context for the math (this might not be // the context in which the curve was created>; } OSSL_CURVE_DATA; typedef OSSL_CURVE_DATA *bigCurve; #define AccessCurveData(E) ((E)->C) #include "TpmToOsslSupport_fp.h" // Start and end a context within which the OpenSSL memory management works #define OSSL_ENTER() BN_CTX *CTX = OsslContextEnter() #define OSSL_LEAVE() OsslContextLeave(CTX) // Start and end a context that spans multiple ECC functions. This is used so that // the group for the curve can persist across multiple frames. #define CURVE_INITIALIZED(name, initializer) \ OSSL_CURVE_DATA _##name; \ bigCurve name = BnCurveInitialize(&_##name, initializer) #define CURVE_FREE(name) BnCurveFree(name) // Start and end a local stack frame within the context of the curve frame #define ECC_ENTER() BN_CTX *CTX = OsslPushContext(E->CTX) #define ECC_LEAVE() OsslPopContext(CTX) #define BN_NEW() BnNewVariable(CTX) // This definition would change if there were something to report #define MathLibSimulationEnd() #endif // MATH_LIB_DEFINED go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Ossl/TpmToOsslSym.h000066400000000000000000000111121510276467000273110ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Introduction // // This header file is used to 'splice' the OpenSSL library into the TPM code. // // The support required of a library are a hash module, a block cipher module and // portions of a big number library. #ifndef SYM_LIB_DEFINED #define SYM_LIB_DEFINED #define SYM_LIB_OSSL #include #include #include #include //*************************************************************** //** Links to the OpenSSL AES code //*************************************************************** #if ALG_SM4 #error "SM4 is not available" #endif #if ALG_CAMELLIA #error "Camellia is not available" #endif // Define the order of parameters to the library functions that do block encryption // and decryption. typedef void(*TpmCryptSetSymKeyCall_t)( const BYTE *in, BYTE *out, void *keySchedule ); // The Crypt functions that call the block encryption function use the parameters // in the order: // 1) keySchedule // 2) in buffer // 3) out buffer // Since open SSL uses the order in encryptoCall_t above, need to swizzle the // values to the order required by the library. #define SWIZZLE(keySchedule, in, out) \ (const BYTE *)(in), (BYTE *)(out), (void *)(keySchedule) // Macros to set up the encryption/decryption key schedules // // AES: #define TpmCryptSetEncryptKeyAES(key, keySizeInBits, schedule) \ AES_set_encrypt_key((key), (keySizeInBits), (tpmKeyScheduleAES *)(schedule)) #define TpmCryptSetDecryptKeyAES(key, keySizeInBits, schedule) \ AES_set_decrypt_key((key), (keySizeInBits), (tpmKeyScheduleAES *)(schedule)) // TDES: #define TpmCryptSetEncryptKeyTDES(key, keySizeInBits, schedule) \ TDES_set_encrypt_key((key), (keySizeInBits), (tpmKeyScheduleTDES *)(schedule)) #define TpmCryptSetDecryptKeyTDES(key, keySizeInBits, schedule) \ TDES_set_encrypt_key((key), (keySizeInBits), (tpmKeyScheduleTDES *)(schedule)) // Macros to alias encryption calls to specific algorithms. This should be used // sparingly. Currently, only used by CryptRand.c // // When using these calls, to call the AES block encryption code, the caller // should use: // TpmCryptEncryptAES(SWIZZLE(keySchedule, in, out)); #define TpmCryptEncryptAES AES_encrypt #define TpmCryptDecryptAES AES_decrypt #define tpmKeyScheduleAES AES_KEY #define TpmCryptEncryptTDES TDES_encrypt #define TpmCryptDecryptTDES TDES_decrypt #define tpmKeyScheduleTDES DES_key_schedule typedef union tpmCryptKeySchedule_t tpmCryptKeySchedule_t; #if ALG_TDES #include "TpmToOsslDesSupport_fp.h" #endif // This definition would change if there were something to report #define SymLibSimulationEnd() #endif // SYM_LIB_DEFINED go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/PRNG_TestVectors.h000066400000000000000000000134741510276467000271240ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #ifndef _MSBN_DRBG_TEST_VECTORS_H #define _MSBN_DRBG_TEST_VECTORS_H //#if DRBG_ALGORITHM == TPM_ALG_AES && DRBG_KEY_BITS == 256 #if DRBG_KEY_SIZE_BITS == 256 /*(NIST test vector) [AES-256 no df] [PredictionResistance = False] [EntropyInputLen = 384] [NonceLen = 128] [PersonalizationStringLen = 0] [AdditionalInputLen = 0] COUNT = 0 EntropyInput = 0d15aa80 b16c3a10 906cfedb 795dae0b 5b81041c 5c5bfacb 373d4440 d9120f7e 3d6cf909 86cf52d8 5d3e947d 8c061f91 Nonce = 06caef5f b538e08e 1f3b0452 03f8f4b2 PersonalizationString = AdditionalInput = INTERMEDIATE Key = be5df629 34cc1230 166a6773 345bbd6b 4c8869cf 8aec1c3b 1aa98bca 37cacf61 INTERMEDIATE V = 3182dd1e 7638ec70 014e93bd 813e524c INTERMEDIATE ReturnedBits = 28e0ebb8 21016650 8c8f65f2 207bd0a3 EntropyInputReseed = 6ee793a3 3955d72a d12fd80a 8a3fcf95 ed3b4dac 5795fe25 cf869f7c 27573bbc 56f1acae 13a65042 b340093c 464a7a22 AdditionalInputReseed = AdditionalInput = ReturnedBits = 946f5182 d54510b9 461248f5 71ca06c9 */ // Entropy is the size of the state. The state is the size of the key // plus the IV. The IV is a block. If Key = 256 and Block = 128 then State = 384 # define DRBG_TEST_INITIATE_ENTROPY \ 0x0d, 0x15, 0xaa, 0x80, 0xb1, 0x6c, 0x3a, 0x10, \ 0x90, 0x6c, 0xfe, 0xdb, 0x79, 0x5d, 0xae, 0x0b, \ 0x5b, 0x81, 0x04, 0x1c, 0x5c, 0x5b, 0xfa, 0xcb, \ 0x37, 0x3d, 0x44, 0x40, 0xd9, 0x12, 0x0f, 0x7e, \ 0x3d, 0x6c, 0xf9, 0x09, 0x86, 0xcf, 0x52, 0xd8, \ 0x5d, 0x3e, 0x94, 0x7d, 0x8c, 0x06, 0x1f, 0x91 # define DRBG_TEST_RESEED_ENTROPY \ 0x6e, 0xe7, 0x93, 0xa3, 0x39, 0x55, 0xd7, 0x2a, \ 0xd1, 0x2f, 0xd8, 0x0a, 0x8a, 0x3f, 0xcf, 0x95, \ 0xed, 0x3b, 0x4d, 0xac, 0x57, 0x95, 0xfe, 0x25, \ 0xcf, 0x86, 0x9f, 0x7c, 0x27, 0x57, 0x3b, 0xbc, \ 0x56, 0xf1, 0xac, 0xae, 0x13, 0xa6, 0x50, 0x42, \ 0xb3, 0x40, 0x09, 0x3c, 0x46, 0x4a, 0x7a, 0x22 # define DRBG_TEST_GENERATED_INTERM \ 0x28, 0xe0, 0xeb, 0xb8, 0x21, 0x01, 0x66, 0x50, \ 0x8c, 0x8f, 0x65, 0xf2, 0x20, 0x7b, 0xd0, 0xa3 # define DRBG_TEST_GENERATED \ 0x94, 0x6f, 0x51, 0x82, 0xd5, 0x45, 0x10, 0xb9, \ 0x46, 0x12, 0x48, 0xf5, 0x71, 0xca, 0x06, 0xc9 #elif DRBG_KEY_SIZE_BITS == 128 /*(NIST test vector) [AES-128 no df] [PredictionResistance = False] [EntropyInputLen = 256] [NonceLen = 64] [PersonalizationStringLen = 0] [AdditionalInputLen = 0] COUNT = 0 EntropyInput = 8fc11bdb5aabb7e093b61428e0907303cb459f3b600dad870955f22da80a44f8 Nonce = be1f73885ddd15aa PersonalizationString = AdditionalInput = INTERMEDIATE Key = b134ecc836df6dbd624900af118dd7e6 INTERMEDIATE V = 01bb09e86dabd75c9f26dbf6f9531368 INTERMEDIATE ReturnedBits = dc3cf6bf5bd341135f2c6811a1071c87 EntropyInputReseed = 0cd53cd5eccd5a10d7ea266111259b05574fc6ddd8bed8bd72378cf82f1dba2a AdditionalInputReseed = AdditionalInput = ReturnedBits = b61850decfd7106d44769a8e6e8c1ad4 */ # define DRBG_TEST_INITIATE_ENTROPY \ 0x8f, 0xc1, 0x1b, 0xdb, 0x5a, 0xab, 0xb7, 0xe0, \ 0x93, 0xb6, 0x14, 0x28, 0xe0, 0x90, 0x73, 0x03, \ 0xcb, 0x45, 0x9f, 0x3b, 0x60, 0x0d, 0xad, 0x87, \ 0x09, 0x55, 0xf2, 0x2d, 0xa8, 0x0a, 0x44, 0xf8 # define DRBG_TEST_RESEED_ENTROPY \ 0x0c, 0xd5, 0x3c, 0xd5, 0xec, 0xcd, 0x5a, 0x10, \ 0xd7, 0xea, 0x26, 0x61, 0x11, 0x25, 0x9b, 0x05, \ 0x57, 0x4f, 0xc6, 0xdd, 0xd8, 0xbe, 0xd8, 0xbd, \ 0x72, 0x37, 0x8c, 0xf8, 0x2f, 0x1d, 0xba, 0x2a #define DRBG_TEST_GENERATED_INTERM \ 0xdc, 0x3c, 0xf6, 0xbf, 0x5b, 0xd3, 0x41, 0x13, \ 0x5f, 0x2c, 0x68, 0x11, 0xa1, 0x07, 0x1c, 0x87 # define DRBG_TEST_GENERATED \ 0xb6, 0x18, 0x50, 0xde, 0xcf, 0xd7, 0x10, 0x6d, \ 0x44, 0x76, 0x9a, 0x8e, 0x6e, 0x8c, 0x1a, 0xd4 #endif #endif // _MSBN_DRBG_TEST_VECTORS_Hgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/RsaTestData.h000066400000000000000000000724671510276467000261770ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ // // RSA Test Vectors #define RSA_TEST_KEY_SIZE 256 typedef struct { UINT16 size; BYTE buffer[RSA_TEST_KEY_SIZE]; } TPM2B_RSA_TEST_KEY; typedef TPM2B_RSA_TEST_KEY TPM2B_RSA_TEST_VALUE; typedef struct { UINT16 size; BYTE buffer[RSA_TEST_KEY_SIZE / 2]; } TPM2B_RSA_TEST_PRIME; const TPM2B_RSA_TEST_KEY c_rsaPublicModulus = {256, { 0x91,0x12,0xf5,0x07,0x9d,0x5f,0x6b,0x1c,0x90,0xf6,0xcc,0x87,0xde,0x3a,0x7a,0x15, 0xdc,0x54,0x07,0x6c,0x26,0x8f,0x25,0xef,0x7e,0x66,0xc0,0xe3,0x82,0x12,0x2f,0xab, 0x52,0x82,0x1e,0x85,0xbc,0x53,0xba,0x2b,0x01,0xad,0x01,0xc7,0x8d,0x46,0x4f,0x7d, 0xdd,0x7e,0xdc,0xb0,0xad,0xf6,0x0c,0xa1,0x62,0x92,0x97,0x8a,0x3e,0x6f,0x7e,0x3e, 0xf6,0x9a,0xcc,0xf9,0xa9,0x86,0x77,0xb6,0x85,0x43,0x42,0x04,0x13,0x65,0xe2,0xad, 0x36,0xc9,0xbf,0xc1,0x97,0x84,0x6f,0xee,0x7c,0xda,0x58,0xd2,0xae,0x07,0x00,0xaf, 0xc5,0x5f,0x4d,0x3a,0x98,0xb0,0xed,0x27,0x7c,0xc2,0xce,0x26,0x5d,0x87,0xe1,0xe3, 0xa9,0x69,0x88,0x4f,0x8c,0x08,0x31,0x18,0xae,0x93,0x16,0xe3,0x74,0xde,0xd3,0xf6, 0x16,0xaf,0xa3,0xac,0x37,0x91,0x8d,0x10,0xc6,0x6b,0x64,0x14,0x3a,0xd9,0xfc,0xe4, 0xa0,0xf2,0xd1,0x01,0x37,0x4f,0x4a,0xeb,0xe5,0xec,0x98,0xc5,0xd9,0x4b,0x30,0xd2, 0x80,0x2a,0x5a,0x18,0x5a,0x7d,0xd4,0x3d,0xb7,0x62,0x98,0xce,0x6d,0xa2,0x02,0x6e, 0x45,0xaa,0x95,0x73,0xe0,0xaa,0x75,0x57,0xb1,0x3d,0x1b,0x05,0x75,0x23,0x6b,0x20, 0x69,0x9e,0x14,0xb0,0x7f,0xac,0xae,0xd2,0xc7,0x48,0x3b,0xe4,0x56,0x11,0x34,0x1e, 0x05,0x1a,0x30,0x20,0xef,0x68,0x93,0x6b,0x9d,0x7e,0xdd,0xba,0x96,0x50,0xcc,0x1c, 0x81,0xb4,0x59,0xb9,0x74,0x36,0xd9,0x97,0xdc,0x8f,0x17,0x82,0x72,0xb3,0x59,0xf6, 0x23,0xfa,0x84,0xf7,0x6d,0xf2,0x05,0xff,0xf1,0xb9,0xcc,0xe9,0xa2,0x82,0x01,0xfb}}; const TPM2B_RSA_TEST_PRIME c_rsaPrivatePrime = {RSA_TEST_KEY_SIZE / 2, { 0xb7,0xa0,0x90,0xc7,0x92,0x09,0xde,0x71,0x03,0x37,0x4a,0xb5,0x2f,0xda,0x61,0xb8, 0x09,0x1b,0xba,0x99,0x70,0x45,0xc1,0x0b,0x15,0x12,0x71,0x8a,0xb3,0x2a,0x4d,0x5a, 0x41,0x9b,0x73,0x89,0x80,0x0a,0x8f,0x18,0x4c,0x8b,0xa2,0x5b,0xda,0xbd,0x43,0xbe, 0xdc,0x76,0x4d,0x71,0x0f,0xb9,0xfc,0x7a,0x09,0xfe,0x4f,0xac,0x63,0xd9,0x2e,0x50, 0x3a,0xa1,0x37,0xc6,0xf2,0xa1,0x89,0x12,0xe7,0x72,0x64,0x2b,0xba,0xc1,0x1f,0xca, 0x9d,0xb7,0xaa,0x3a,0xa9,0xd3,0xa6,0x6f,0x73,0x02,0xbb,0x85,0x5d,0x9a,0xb9,0x5c, 0x08,0x83,0x22,0x20,0x49,0x91,0x5f,0x4b,0x86,0xbc,0x3f,0x76,0x43,0x08,0x97,0xbf, 0x82,0x55,0x36,0x2d,0x8b,0x6e,0x9e,0xfb,0xc1,0x67,0x6a,0x43,0xa2,0x46,0x81,0x71}}; const BYTE c_RsaTestValue[RSA_TEST_KEY_SIZE] = { 0x2a,0x24,0x3a,0xbb,0x50,0x1d,0xd4,0x2a,0xf9,0x18,0x32,0x34,0xa2,0x0f,0xea,0x5c, 0x91,0x77,0xe9,0xe1,0x09,0x83,0xdc,0x5f,0x71,0x64,0x5b,0xeb,0x57,0x79,0xa0,0x41, 0xc9,0xe4,0x5a,0x0b,0xf4,0x9f,0xdb,0x84,0x04,0xa6,0x48,0x24,0xf6,0x3f,0x66,0x1f, 0xa8,0x04,0x5c,0xf0,0x7a,0x6b,0x4a,0x9c,0x7e,0x21,0xb6,0xda,0x6b,0x65,0x9c,0x3a, 0x68,0x50,0x13,0x1e,0xa4,0xb7,0xca,0xec,0xd3,0xcc,0xb2,0x9b,0x8c,0x87,0xa4,0x6a, 0xba,0xc2,0x06,0x3f,0x40,0x48,0x7b,0xa8,0xb8,0x2c,0x03,0x14,0x33,0xf3,0x1d,0xe9, 0xbd,0x6f,0x54,0x66,0xb4,0x69,0x5e,0xbc,0x80,0x7c,0xe9,0x6a,0x43,0x7f,0xb8,0x6a, 0xa0,0x5f,0x5d,0x7a,0x20,0xfd,0x7a,0x39,0xe1,0xea,0x0e,0x94,0x91,0x28,0x63,0x7a, 0xac,0xc9,0xa5,0x3a,0x6d,0x31,0x7b,0x7c,0x54,0x56,0x99,0x56,0xbb,0xb7,0xa1,0x2d, 0xd2,0x5c,0x91,0x5f,0x1c,0xd3,0x06,0x7f,0x34,0x53,0x2f,0x4c,0xd1,0x8b,0xd2,0x9e, 0xdc,0xc3,0x94,0x0a,0xe1,0x0f,0xa5,0x15,0x46,0x2a,0x8e,0x10,0xc2,0xfe,0xb7,0x5e, 0x2d,0x0d,0xd1,0x25,0xfc,0xe4,0xf7,0x02,0x19,0xfe,0xb6,0xe4,0x95,0x9c,0x17,0x4a, 0x9b,0xdb,0xab,0xc7,0x79,0xe3,0x5e,0x40,0xd0,0x56,0x6d,0x25,0x0a,0x72,0x65,0x80, 0x92,0x9a,0xa8,0x07,0x70,0x32,0x14,0xfb,0xfe,0x08,0xeb,0x13,0xb4,0x07,0x68,0xb4, 0x58,0x39,0xbe,0x8e,0x78,0x3a,0x59,0x3f,0x9c,0x4c,0xe9,0xa8,0x64,0x68,0xf7,0xb9, 0x6e,0x20,0xf5,0xcb,0xca,0x47,0xf2,0x17,0xaa,0x8b,0xbc,0x13,0x14,0x84,0xf6,0xab}; const TPM2B_RSA_TEST_VALUE c_RsaepKvt = {RSA_TEST_KEY_SIZE, { 0x73,0xbd,0x65,0x49,0xda,0x7b,0xb8,0x50,0x9e,0x87,0xf0,0x0a,0x8a,0x9a,0x07,0xb6, 0x00,0x82,0x10,0x14,0x60,0xd8,0x01,0xfc,0xc5,0x18,0xea,0x49,0x5f,0x13,0xcf,0x65, 0x66,0x30,0x6c,0x60,0x3f,0x24,0x3c,0xfb,0xe2,0x31,0x16,0x99,0x7e,0x31,0x98,0xab, 0x93,0xb8,0x07,0x53,0xcc,0xdb,0x7f,0x44,0xd9,0xee,0x5d,0xe8,0x5f,0x97,0x5f,0xe8, 0x1f,0x88,0x52,0x24,0x7b,0xac,0x62,0x95,0xb7,0x7d,0xf5,0xf8,0x9f,0x5a,0xa8,0x24, 0x9a,0x76,0x71,0x2a,0x35,0x2a,0xa1,0x08,0xbb,0x95,0xe3,0x64,0xdc,0xdb,0xc2,0x33, 0xa9,0x5f,0xbe,0x4c,0xc4,0xcc,0x28,0xc9,0x25,0xff,0xee,0x17,0x15,0x9a,0x50,0x90, 0x0e,0x15,0xb4,0xea,0x6a,0x09,0xe6,0xff,0xa4,0xee,0xc7,0x7e,0xce,0xa9,0x73,0xe4, 0xa0,0x56,0xbd,0x53,0x2a,0xe4,0xc0,0x2b,0xa8,0x9b,0x09,0x30,0x72,0x62,0x0f,0xf9, 0xf6,0xa1,0x52,0xd2,0x8a,0x37,0xee,0xa5,0xc8,0x47,0xe1,0x99,0x21,0x47,0xeb,0xdd, 0x37,0xaa,0xe4,0xbd,0x55,0x46,0x5a,0x5a,0x5d,0xfb,0x7b,0xfc,0xff,0xbf,0x26,0x71, 0xf6,0x1e,0xad,0xbc,0xbf,0x33,0xca,0xe1,0x92,0x8f,0x2a,0x89,0x6c,0x45,0x24,0xd1, 0xa6,0x52,0x56,0x24,0x5e,0x90,0x47,0xe5,0xcb,0x12,0xb0,0x32,0xf9,0xa6,0xbb,0xea, 0x37,0xa9,0xbd,0xef,0x23,0xef,0x63,0x07,0x6c,0xc4,0x4e,0x64,0x3c,0xc6,0x11,0x84, 0x7d,0x65,0xd6,0x5d,0x7a,0x17,0x58,0xa5,0xf7,0x74,0x3b,0x42,0xe3,0xd2,0xda,0x5f, 0x6f,0xe0,0x1e,0x4b,0xcf,0x46,0xe2,0xdf,0x3e,0x41,0x8e,0x0e,0xb0,0x3f,0x8b,0x65}}; #define OAEP_TEST_LABEL "OAEP Test Value" #if ALG_SHA1_VALUE == DEFAULT_TEST_HASH const TPM2B_RSA_TEST_VALUE c_OaepKvt = {RSA_TEST_KEY_SIZE, { 0x32,0x68,0x84,0x0b,0x9c,0xc9,0x25,0x26,0xd9,0xc0,0xd0,0xb1,0xde,0x60,0x55,0xae, 0x33,0xe5,0xcf,0x6c,0x85,0xbe,0x0d,0x71,0x11,0xe1,0x45,0x60,0xbb,0x42,0x3d,0xf3, 0xb1,0x18,0x84,0x7b,0xc6,0x5d,0xce,0x1d,0x5f,0x9a,0x97,0xcf,0xb1,0x97,0x9a,0x85, 0x7c,0xa7,0xa1,0x63,0x23,0xb6,0x74,0x0f,0x1a,0xee,0x29,0x51,0xeb,0x50,0x8f,0x3c, 0x8e,0x4e,0x31,0x38,0xdc,0x11,0xfc,0x9a,0x4e,0xaf,0x93,0xc9,0x7f,0x6e,0x35,0xf3, 0xc9,0xe4,0x89,0x14,0x53,0xe2,0xc2,0x1a,0xf7,0x6b,0x9b,0xf0,0x7a,0xa4,0x69,0x52, 0xe0,0x24,0x8f,0xea,0x31,0xa7,0x5c,0x43,0xb0,0x65,0xc9,0xfe,0xba,0xfe,0x80,0x9e, 0xa5,0xc0,0xf5,0x8d,0xce,0x41,0xf9,0x83,0x0d,0x8e,0x0f,0xef,0x3d,0x1f,0x6a,0xcc, 0x8a,0x3d,0x3b,0xdf,0x22,0x38,0xd7,0x34,0x58,0x7b,0x55,0xc9,0xf6,0xbc,0x7c,0x4c, 0x3f,0xd7,0xde,0x4e,0x30,0xa9,0x69,0xf3,0x5f,0x56,0x8f,0xc2,0xe7,0x75,0x79,0xb8, 0xa5,0xc8,0x0d,0xc0,0xcd,0xb6,0xc9,0x63,0xad,0x7c,0xe4,0x8f,0x39,0x60,0x4d,0x7d, 0xdb,0x34,0x49,0x2a,0x47,0xde,0xc0,0x42,0x4a,0x19,0x94,0x2e,0x50,0x21,0x03,0x47, 0xff,0x73,0xb3,0xb7,0x89,0xcc,0x7b,0x2c,0xeb,0x03,0xa7,0x9a,0x06,0xfd,0xed,0x19, 0xbb,0x82,0xa0,0x13,0xe9,0xfa,0xac,0x06,0x5f,0xc5,0xa9,0x2b,0xda,0x88,0x23,0xa2, 0x5d,0xc2,0x7f,0xda,0xc8,0x5a,0x94,0x31,0xc1,0x21,0xd7,0x1e,0x6b,0xd7,0x89,0xb1, 0x93,0x80,0xab,0xd1,0x37,0xf2,0x6f,0x50,0xcd,0x2a,0xea,0xb1,0xc4,0xcd,0xcb,0xb5}}; const TPM2B_RSA_TEST_VALUE c_RsaesKvt = {RSA_TEST_KEY_SIZE, { 0x29,0xa4,0x2f,0xbb,0x8a,0x14,0x05,0x1e,0x3c,0x72,0x76,0x77,0x38,0xe7,0x73,0xe3, 0x6e,0x24,0x4b,0x38,0xd2,0x1a,0xcf,0x23,0x58,0x78,0x36,0x82,0x23,0x6e,0x6b,0xef, 0x2c,0x3d,0xf2,0xe8,0xd6,0xc6,0x87,0x8e,0x78,0x9b,0x27,0x39,0xc0,0xd6,0xef,0x4d, 0x0b,0xfc,0x51,0x27,0x18,0xf3,0x51,0x5e,0x4d,0x96,0x3a,0xe2,0x15,0xe2,0x7e,0x42, 0xf4,0x16,0xd5,0xc6,0x52,0x5d,0x17,0x44,0x76,0x09,0x7a,0xcf,0xe3,0x30,0xe3,0x84, 0xf6,0x6f,0x3a,0x33,0xfb,0x32,0x0d,0x1d,0xe7,0x7c,0x80,0x82,0x4f,0xed,0xda,0x87, 0x11,0x9c,0xc3,0x7e,0x85,0xbd,0x18,0x58,0x08,0x2b,0x23,0x37,0xe7,0x9d,0xd0,0xd1, 0x79,0xe2,0x05,0xbd,0xf5,0x4f,0x0e,0x0f,0xdb,0x4a,0x74,0xeb,0x09,0x01,0xb3,0xca, 0xbd,0xa6,0x7b,0x09,0xb1,0x13,0x77,0x30,0x4d,0x87,0x41,0x06,0x57,0x2e,0x5f,0x36, 0x6e,0xfc,0x35,0x69,0xfe,0x0a,0x24,0x6c,0x98,0x8c,0xda,0x97,0xf4,0xfb,0xc7,0x83, 0x2d,0x3e,0x7d,0xc0,0x5c,0x34,0xfd,0x11,0x2a,0x12,0xa7,0xae,0x4a,0xde,0xc8,0x4e, 0xcf,0xf4,0x85,0x63,0x77,0xc6,0x33,0x34,0xe0,0x27,0xe4,0x9e,0x91,0x0b,0x4b,0x85, 0xf0,0xb0,0x79,0xaa,0x7c,0xc6,0xff,0x3b,0xbc,0x04,0x73,0xb8,0x95,0xd7,0x31,0x54, 0x3b,0x56,0xec,0x52,0x15,0xd7,0x3e,0x62,0xf5,0x82,0x99,0x3e,0x2a,0xc0,0x4b,0x2e, 0x06,0x57,0x6d,0x3f,0x3e,0x77,0x1f,0x2b,0x2d,0xc5,0xb9,0x3b,0x68,0x56,0x73,0x70, 0x32,0x6b,0x6b,0x65,0x25,0x76,0x45,0x6c,0x45,0xf1,0x6c,0x59,0xfc,0x94,0xa7,0x15}}; const TPM2B_RSA_TEST_VALUE c_RsapssKvt = {RSA_TEST_KEY_SIZE, { 0x01,0xfe,0xd5,0x83,0x0b,0x15,0xba,0x90,0x2c,0xdf,0xf7,0x26,0xb7,0x8f,0xb1,0xd7, 0x0b,0xfd,0x83,0xf9,0x95,0xd5,0xd7,0xb5,0xc5,0xc5,0x4a,0xde,0xd5,0xe6,0x20,0x78, 0xca,0x73,0x77,0x3d,0x61,0x36,0x48,0xae,0x3e,0x8f,0xee,0x43,0x29,0x96,0xdf,0x3f, 0x1c,0x97,0x5a,0xbe,0xe5,0xa2,0x7e,0x5b,0xd0,0xc0,0x29,0x39,0x83,0x81,0x77,0x24, 0x43,0xdb,0x3c,0x64,0x4d,0xf0,0x23,0xe4,0xae,0x0f,0x78,0x31,0x8c,0xda,0x0c,0xec, 0xf1,0xdf,0x09,0xf2,0x14,0x6a,0x4d,0xaf,0x36,0x81,0x6e,0xbd,0xbe,0x36,0x79,0x88, 0x98,0xb6,0x6f,0x5a,0xad,0xcf,0x7c,0xee,0xe0,0xdd,0x00,0xbe,0x59,0x97,0x88,0x00, 0x34,0xc0,0x8b,0x48,0x42,0x05,0x04,0x5a,0xb7,0x85,0x38,0xa0,0x35,0xd7,0x3b,0x51, 0xb8,0x7b,0x81,0x83,0xee,0xff,0x76,0x6f,0x50,0x39,0x4d,0xab,0x89,0x63,0x07,0x6d, 0xf5,0xe5,0x01,0x10,0x56,0xfe,0x93,0x06,0x8f,0xd3,0xc9,0x41,0xab,0xc9,0xdf,0x6e, 0x59,0xa8,0xc3,0x1d,0xbf,0x96,0x4a,0x59,0x80,0x3c,0x90,0x3a,0x59,0x56,0x4c,0x6d, 0x44,0x6d,0xeb,0xdc,0x73,0xcd,0xc1,0xec,0xb8,0x41,0xbf,0x89,0x8c,0x03,0x69,0x4c, 0xaf,0x3f,0xc1,0xc5,0xc7,0xe7,0x7d,0xa7,0x83,0x39,0x70,0xa2,0x6b,0x83,0xbc,0xbe, 0xf5,0xbf,0x1c,0xee,0x6e,0xa3,0x22,0x1e,0x25,0x2f,0x16,0x68,0x69,0x5a,0x1d,0xfa, 0x2c,0x3a,0x0f,0x67,0xe1,0x77,0x12,0xe8,0x3d,0xba,0xaa,0xef,0x96,0x9c,0x1f,0x64, 0x32,0xf4,0xa7,0xb3,0x3f,0x7d,0x61,0xbb,0x9a,0x27,0xad,0xfb,0x2f,0x33,0xc4,0x70}}; const TPM2B_RSA_TEST_VALUE c_RsassaKvt = {RSA_TEST_KEY_SIZE, { 0x67,0x4e,0xdd,0xc2,0xd2,0x6d,0xe0,0x03,0xc4,0xc2,0x41,0xd3,0xd4,0x61,0x30,0xd0, 0xe1,0x68,0x31,0x4a,0xda,0xd9,0xc2,0x5d,0xaa,0xa2,0x7b,0xfb,0x44,0x02,0xf5,0xd6, 0xd8,0x2e,0xcd,0x13,0x36,0xc9,0x4b,0xdb,0x1a,0x4b,0x66,0x1b,0x4f,0x9c,0xb7,0x17, 0xac,0x53,0x37,0x4f,0x21,0xbd,0x0c,0x66,0xac,0x06,0x65,0x52,0x9f,0x04,0xf6,0xa5, 0x22,0x5b,0xf7,0xe6,0x0d,0x3c,0x9f,0x41,0x19,0x09,0x88,0x7c,0x41,0x4c,0x2f,0x9c, 0x8b,0x3c,0xdd,0x7c,0x28,0x78,0x24,0xd2,0x09,0xa6,0x5b,0xf7,0x3c,0x88,0x7e,0x73, 0x5a,0x2d,0x36,0x02,0x4f,0x65,0xb0,0xcb,0xc8,0xdc,0xac,0xa2,0xda,0x8b,0x84,0x91, 0x71,0xe4,0x30,0x8b,0xb6,0x12,0xf2,0xf0,0xd0,0xa0,0x38,0xcf,0x75,0xb7,0x20,0xcb, 0x35,0x51,0x52,0x6b,0xc4,0xf4,0x21,0x95,0xc2,0xf7,0x9a,0x13,0xc1,0x1a,0x7b,0x8f, 0x77,0xda,0x19,0x48,0xbb,0x6d,0x14,0x5d,0xba,0x65,0xb4,0x9e,0x43,0x42,0x58,0x98, 0x0b,0x91,0x46,0xd8,0x4c,0xf3,0x4c,0xaf,0x2e,0x02,0xa6,0xb2,0x49,0x12,0x62,0x43, 0x4e,0xa8,0xac,0xbf,0xfd,0xfa,0x37,0x24,0xea,0x69,0x1c,0xf5,0xae,0xfa,0x08,0x82, 0x30,0xc3,0xc0,0xf8,0x9a,0x89,0x33,0xe1,0x40,0x6d,0x18,0x5c,0x7b,0x90,0x48,0xbf, 0x37,0xdb,0xea,0xfb,0x0e,0xd4,0x2e,0x11,0xfa,0xa9,0x86,0xff,0x00,0x0b,0x7b,0xca, 0x09,0x64,0x6a,0x8f,0x0c,0x0e,0x09,0x14,0x36,0x4a,0x74,0x31,0x18,0x5b,0x18,0xeb, 0xea,0x83,0xc3,0x66,0x68,0xa6,0x7d,0x43,0x06,0x0f,0x99,0x60,0xce,0x65,0x08,0xf6}}; #endif // SHA1 #if ALG_SHA256_VALUE == DEFAULT_TEST_HASH const TPM2B_RSA_TEST_VALUE c_OaepKvt = {RSA_TEST_KEY_SIZE, { 0x33,0x20,0x6e,0x21,0xc3,0xf6,0xcd,0xf8,0xd7,0x5d,0x9f,0xe9,0x05,0x14,0x8c,0x7c, 0xbb,0x69,0x24,0x9e,0x52,0x8f,0xaf,0x84,0x73,0x21,0x2c,0x85,0xa5,0x30,0x4d,0xb6, 0xb8,0xfa,0x15,0x9b,0xc7,0x8f,0xc9,0x7a,0x72,0x4b,0x85,0xa4,0x1c,0xc5,0xd8,0xe4, 0x92,0xb3,0xec,0xd9,0xa8,0xca,0x5e,0x74,0x73,0x89,0x7f,0xb4,0xac,0x7e,0x68,0x12, 0xb2,0x53,0x27,0x4b,0xbf,0xd0,0x71,0x69,0x46,0x9f,0xef,0xf4,0x70,0x60,0xf8,0xd7, 0xae,0xc7,0x5a,0x27,0x38,0x25,0x2d,0x25,0xab,0x96,0x56,0x66,0x3a,0x23,0x40,0xa8, 0xdb,0xbc,0x86,0xe8,0xf3,0xd2,0x58,0x0b,0x44,0xfc,0x94,0x1e,0xb7,0x5d,0xb4,0x57, 0xb5,0xf3,0x56,0xee,0x9b,0xcf,0x97,0x91,0x29,0x36,0xe3,0x06,0x13,0xa2,0xea,0xd6, 0xd6,0x0b,0x86,0x0b,0x1a,0x27,0xe6,0x22,0xc4,0x7b,0xff,0xde,0x0f,0xbf,0x79,0xc8, 0x1b,0xed,0xf1,0x27,0x62,0xb5,0x8b,0xf9,0xd9,0x76,0x90,0xf6,0xcc,0x83,0x0f,0xce, 0xce,0x2e,0x63,0x7a,0x9b,0xf4,0x48,0x5b,0xd7,0x81,0x2c,0x3a,0xdb,0x59,0x0d,0x4d, 0x9e,0x46,0xe9,0x9e,0x92,0x22,0x27,0x1c,0xb0,0x67,0x8a,0xe6,0x8a,0x16,0x8a,0xdf, 0x95,0x76,0x24,0x82,0xad,0xf1,0xbc,0x97,0xbf,0xd3,0x5e,0x6e,0x14,0x0c,0x5b,0x25, 0xfe,0x58,0xfa,0x64,0xe5,0x14,0x46,0xb7,0x58,0xc6,0x3f,0x7f,0x42,0xd2,0x8e,0x45, 0x13,0x41,0x85,0x12,0x2e,0x96,0x19,0xd0,0x5e,0x7d,0x34,0x06,0x32,0x2b,0xc8,0xd9, 0x0d,0x6c,0x06,0x36,0xa0,0xff,0x47,0x57,0x2c,0x25,0xbc,0x8a,0xa5,0xe2,0xc7,0xe3}}; const TPM2B_RSA_TEST_VALUE c_RsaesKvt = {RSA_TEST_KEY_SIZE, { 0x39,0xfc,0x10,0x5d,0xf4,0x45,0x3d,0x94,0x53,0x06,0x89,0x24,0xe7,0xe8,0xfd,0x03, 0xac,0xfd,0xbd,0xb2,0x28,0xd3,0x4a,0x52,0xc5,0xd4,0xdb,0x17,0xd4,0x24,0x05,0xc4, 0xeb,0x6a,0xce,0x1d,0xbb,0x37,0xcb,0x09,0xd8,0x6c,0x83,0x19,0x93,0xd4,0xe2,0x88, 0x88,0x9b,0xaf,0x92,0x16,0xc4,0x15,0xbd,0x49,0x13,0x22,0xb7,0x84,0xcf,0x23,0xf2, 0x6f,0x0c,0x3e,0x8f,0xde,0x04,0x09,0x31,0x2d,0x99,0xdf,0xe6,0x74,0x70,0x30,0xde, 0x8c,0xad,0x32,0x86,0xe2,0x7c,0x12,0x90,0x21,0xf3,0x86,0xb7,0xe2,0x64,0xca,0x98, 0xcc,0x64,0x4b,0xef,0x57,0x4f,0x5a,0x16,0x6e,0xd7,0x2f,0x5b,0xf6,0x07,0xad,0x33, 0xb4,0x8f,0x3b,0x3a,0x8b,0xd9,0x06,0x2b,0xed,0x3c,0x3c,0x76,0xf6,0x21,0x31,0xe3, 0xfb,0x2c,0x45,0x61,0x42,0xba,0xe0,0xc3,0x72,0x63,0xd0,0x6b,0x8f,0x36,0x26,0xfb, 0x9e,0x89,0x0e,0x44,0x9a,0xc1,0x84,0x5e,0x84,0x8d,0xb6,0xea,0xf1,0x0d,0x66,0xc7, 0xdb,0x44,0xbd,0x19,0x7c,0x05,0xbe,0xc4,0xab,0x88,0x32,0xbe,0xc7,0x63,0x31,0xe6, 0x38,0xd4,0xe5,0xb8,0x4b,0xf5,0x0e,0x55,0x9a,0x3a,0xe6,0x0a,0xec,0xee,0xe2,0xa8, 0x88,0x04,0xf2,0xb8,0xaa,0x5a,0xd8,0x97,0x5d,0xa0,0xa8,0x42,0xfb,0xd9,0xde,0x80, 0xae,0x4c,0xb3,0xa1,0x90,0x47,0x57,0x03,0x10,0x78,0xa6,0x8f,0x11,0xba,0x4b,0xce, 0x2d,0x56,0xa4,0xe1,0xbd,0xf8,0xa0,0xa4,0xd5,0x48,0x3c,0x63,0x20,0x00,0x38,0xa0, 0xd1,0xe6,0x12,0xe9,0x1d,0xd8,0x49,0xe3,0xd5,0x24,0xb5,0xc5,0x3a,0x1f,0xb0,0xd4}}; const TPM2B_RSA_TEST_VALUE c_RsapssKvt = {RSA_TEST_KEY_SIZE, { 0x74,0x89,0x29,0x3e,0x1b,0xac,0xc6,0x85,0xca,0xf0,0x63,0x43,0x30,0x7d,0x1c,0x9b, 0x2f,0xbd,0x4d,0x69,0x39,0x5e,0x85,0xe2,0xef,0x86,0x0a,0xc6,0x6b,0xa6,0x08,0x19, 0x6c,0x56,0x38,0x24,0x55,0x92,0x84,0x9b,0x1b,0x8b,0x04,0xcf,0x24,0x14,0x24,0x13, 0x0e,0x8b,0x82,0x6f,0x96,0xc8,0x9a,0x68,0xfc,0x4c,0x02,0xf0,0xdc,0xcd,0x36,0x25, 0x31,0xd5,0x82,0xcf,0xc9,0x69,0x72,0xf6,0x1d,0xab,0x68,0x20,0x2e,0x2d,0x19,0x49, 0xf0,0x2e,0xad,0xd2,0xda,0xaf,0xff,0xb6,0x92,0x83,0x5b,0x8a,0x06,0x2d,0x0c,0x32, 0x11,0x32,0x3b,0x77,0x17,0xf6,0x50,0xfb,0xf8,0x57,0xc9,0xc7,0x9b,0x9e,0xc6,0xd1, 0xa9,0x55,0xf0,0x22,0x35,0xda,0xca,0x3c,0x8e,0xc6,0x9a,0xd8,0x25,0xc8,0x5e,0x93, 0x0d,0xaa,0xa7,0x06,0xaf,0x11,0x29,0x99,0xe7,0x7c,0xee,0x49,0x82,0x30,0xba,0x2c, 0xe2,0x40,0x8f,0x0a,0xa6,0x7b,0x24,0x75,0xc5,0xcd,0x03,0x12,0xf4,0xb2,0x4b,0x3a, 0xd1,0x91,0x3c,0x20,0x0e,0x58,0x2b,0x31,0xf8,0x8b,0xee,0xbc,0x1f,0x95,0x35,0x58, 0x6a,0x73,0xee,0x99,0xb0,0x01,0x42,0x4f,0x66,0xc0,0x66,0xbb,0x35,0x86,0xeb,0xd9, 0x7b,0x55,0x77,0x2d,0x54,0x78,0x19,0x49,0xe8,0xcc,0xfd,0xb1,0xcb,0x49,0xc9,0xea, 0x20,0xab,0xed,0xb5,0xed,0xfe,0xb2,0xb5,0xa8,0xcf,0x05,0x06,0xd5,0x7d,0x2b,0xbb, 0x0b,0x65,0x6b,0x2b,0x6d,0x55,0x95,0x85,0x44,0x8b,0x12,0x05,0xf3,0x4b,0xd4,0x8e, 0x3d,0x68,0x2d,0x29,0x9c,0x05,0x79,0xd6,0xfc,0x72,0x90,0x6a,0xab,0x46,0x38,0x81}}; const TPM2B_RSA_TEST_VALUE c_RsassaKvt = {RSA_TEST_KEY_SIZE, { 0x8a,0xb1,0x0a,0xb5,0xe4,0x02,0xf7,0xdd,0x45,0x2a,0xcc,0x2b,0x6b,0x8c,0x0e,0x9a, 0x92,0x4f,0x9b,0xc5,0xe4,0x8b,0x82,0xb9,0xb0,0xd9,0x87,0x8c,0xcb,0xf0,0xb0,0x59, 0xa5,0x92,0x21,0xa0,0xa7,0x61,0x5c,0xed,0xa8,0x6e,0x22,0x29,0x46,0xc7,0x86,0x37, 0x4b,0x1b,0x1e,0x94,0x93,0xc8,0x4c,0x17,0x7a,0xae,0x59,0x91,0xf8,0x83,0x84,0xc4, 0x8c,0x38,0xc2,0x35,0x0e,0x7e,0x50,0x67,0x76,0xe7,0xd3,0xec,0x6f,0x0d,0xa0,0x5c, 0x2f,0x0a,0x80,0x28,0xd3,0xc5,0x7d,0x2d,0x1a,0x0b,0x96,0xd6,0xe5,0x98,0x05,0x8c, 0x4d,0xa0,0x1f,0x8c,0xb6,0xfb,0xb1,0xcf,0xe9,0xcb,0x38,0x27,0x60,0x64,0x17,0xca, 0xf4,0x8b,0x61,0xb7,0x1d,0xb6,0x20,0x9d,0x40,0x2a,0x1c,0xfd,0x55,0x40,0x4b,0x95, 0x39,0x52,0x18,0x3b,0xab,0x44,0xe8,0x83,0x4b,0x7c,0x47,0xfb,0xed,0x06,0x9c,0xcd, 0x4f,0xba,0x81,0xd6,0xb7,0x31,0xcf,0x5c,0x23,0xf8,0x25,0xab,0x95,0x77,0x0a,0x8f, 0x46,0xef,0xfb,0x59,0xb8,0x04,0xd7,0x1e,0xf5,0xaf,0x6a,0x1a,0x26,0x9b,0xae,0xf4, 0xf5,0x7f,0x84,0x6f,0x3c,0xed,0xf8,0x24,0x0b,0x43,0xd1,0xba,0x74,0x89,0x4e,0x39, 0xfe,0xab,0xa5,0x16,0xa5,0x28,0xee,0x96,0x84,0x3e,0x16,0x6d,0x5f,0x4e,0x0b,0x7d, 0x94,0x16,0x1b,0x8c,0xf9,0xaa,0x9b,0xc0,0x49,0x02,0x4c,0x3e,0x62,0xff,0xfe,0xa2, 0x20,0x33,0x5e,0xa6,0xdd,0xda,0x15,0x2d,0xb7,0xcd,0xda,0xff,0xb1,0x0b,0x45,0x7b, 0xd3,0xa0,0x42,0x29,0xab,0xa9,0x73,0xe9,0xa4,0xd9,0x8d,0xac,0xa1,0x88,0x2c,0x2d}}; #endif // SHA256 #if ALG_SHA384_VALUE == DEFAULT_TEST_HASH const TPM2B_RSA_TEST_VALUE c_OaepKvt = {RSA_TEST_KEY_SIZE, { 0x0f,0x3c,0x42,0x4d,0x8c,0x91,0x96,0x05,0x3c,0xfd,0x59,0x3b,0x7f,0x29,0xbc,0x03, 0x67,0xc1,0xff,0x74,0xe7,0x09,0xf4,0x13,0x45,0xbe,0x13,0x1d,0xc9,0x86,0x94,0xfe, 0xed,0xa6,0xe8,0x3a,0xcb,0x89,0x4d,0xec,0x86,0x63,0x4c,0xdb,0xf1,0x95,0xee,0xc1, 0x46,0xc5,0x3b,0xd8,0xf8,0xa2,0x41,0x6a,0x60,0x8b,0x9e,0x5e,0x7f,0x20,0x16,0xe3, 0x69,0xb6,0x2d,0x92,0xfc,0x60,0xa2,0x74,0x88,0xd5,0xc7,0xa6,0xd1,0xff,0xe3,0x45, 0x02,0x51,0x39,0xd9,0xf3,0x56,0x0b,0x91,0x80,0xe0,0x6c,0xa8,0xc3,0x78,0xef,0x34, 0x22,0x8c,0xf5,0xfb,0x47,0x98,0x5d,0x57,0x8e,0x3a,0xb9,0xff,0x92,0x04,0xc7,0xc2, 0x6e,0xfa,0x14,0xc1,0xb9,0x68,0x15,0x5c,0x12,0xe8,0xa8,0xbe,0xea,0xe8,0x8d,0x9b, 0x48,0x28,0x35,0xdb,0x4b,0x52,0xc1,0x2d,0x85,0x47,0x83,0xd0,0xe9,0xae,0x90,0x6e, 0x65,0xd4,0x34,0x7f,0x81,0xce,0x69,0xf0,0x96,0x62,0xf7,0xec,0x41,0xd5,0xc2,0xe3, 0x4b,0xba,0x9c,0x8a,0x02,0xce,0xf0,0x5d,0x14,0xf7,0x09,0x42,0x8e,0x4a,0x27,0xfe, 0x3e,0x66,0x42,0x99,0x03,0xe1,0x69,0xbd,0xdb,0x7f,0x9b,0x70,0xeb,0x4e,0x9c,0xac, 0x45,0x67,0x91,0x9f,0x75,0x10,0xc6,0xfc,0x14,0xe1,0x28,0xc1,0x0e,0xe0,0x7e,0xc0, 0x5c,0x1d,0xee,0xe8,0xff,0x45,0x79,0x51,0x86,0x08,0xe6,0x39,0xac,0xb5,0xfd,0xb8, 0xf1,0xdd,0x2e,0xf4,0xb2,0x1a,0x69,0x0d,0xd9,0x98,0x8e,0xdb,0x85,0x61,0x70,0x20, 0x82,0x91,0x26,0x87,0x80,0xc4,0x6a,0xd8,0x3b,0x91,0x4d,0xd3,0x33,0x84,0xad,0xb7}}; const TPM2B_RSA_TEST_VALUE c_RsaesKvt = {RSA_TEST_KEY_SIZE, { 0x44,0xd5,0x9f,0xbc,0x48,0x03,0x3d,0x9f,0x22,0x91,0x2a,0xab,0x3c,0x31,0x71,0xab, 0x86,0x3f,0x0f,0x6f,0x59,0x5b,0x93,0x27,0xbc,0xbc,0xcd,0x29,0x38,0x43,0x2a,0x3b, 0x3b,0xd2,0xb3,0x45,0x40,0xba,0x15,0xb4,0x45,0xe3,0x56,0xab,0xff,0xb3,0x20,0x26, 0x39,0xcc,0x48,0xc5,0x5d,0x41,0x0d,0x2f,0x57,0x7f,0x9d,0x16,0x2e,0x26,0x57,0xc7, 0x6b,0xf3,0x36,0x54,0xbd,0xb6,0x1d,0x46,0x4e,0x13,0x50,0xd7,0x61,0x9d,0x8d,0x7b, 0xeb,0x21,0x9f,0x79,0xf3,0xfd,0xe0,0x1b,0xa8,0xed,0x6d,0x29,0x33,0x0d,0x65,0x94, 0x24,0x1e,0x62,0x88,0x6b,0x2b,0x4e,0x39,0xf5,0x80,0x39,0xca,0x76,0x95,0xbc,0x7c, 0x27,0x1d,0xdd,0x3a,0x11,0xf1,0x3e,0x54,0x03,0xb7,0x43,0x91,0x99,0x33,0xfe,0x9d, 0x14,0x2c,0x87,0x9a,0x95,0x18,0x1f,0x02,0x04,0x6a,0xe2,0xb7,0x81,0x14,0x13,0x45, 0x16,0xfb,0xe4,0xb7,0x8f,0xab,0x2b,0xd7,0x60,0x34,0x8a,0x55,0xbc,0x01,0x8c,0x49, 0x02,0x29,0xf1,0x9c,0x94,0x98,0x44,0xd0,0x94,0xcb,0xd4,0x85,0x4c,0x3b,0x77,0x72, 0x99,0xd5,0x4b,0xc6,0x3b,0xe4,0xd2,0xc8,0xe9,0x6a,0x23,0x18,0x3b,0x3b,0x5e,0x32, 0xec,0x70,0x84,0x5d,0xbb,0x6a,0x8f,0x0c,0x5f,0x55,0xa5,0x30,0x34,0x48,0xbb,0xc2, 0xdf,0x12,0xb9,0x81,0xad,0x36,0x3f,0xf0,0x24,0x16,0x48,0x04,0x4a,0x7f,0xfd,0x9f, 0x4c,0xea,0xfe,0x1d,0x83,0xd0,0x81,0xad,0x25,0x6c,0x5f,0x45,0x36,0x91,0xf0,0xd5, 0x8b,0x53,0x0a,0xdf,0xec,0x9f,0x04,0x58,0xc4,0x35,0xa0,0x78,0x1f,0x68,0xe0,0x22}}; const TPM2B_RSA_TEST_VALUE c_RsapssKvt = {RSA_TEST_KEY_SIZE, { 0x3f,0x3a,0x82,0x6d,0x42,0xe3,0x8b,0x4f,0x45,0x9c,0xda,0x6c,0xbe,0xbe,0xcd,0x00, 0x98,0xfb,0xbe,0x59,0x30,0xc6,0x3c,0xaa,0xb3,0x06,0x27,0xb5,0xda,0xfa,0xb2,0xc3, 0x43,0xb7,0xbd,0xe9,0xd3,0x23,0xed,0x80,0xce,0x74,0xb3,0xb8,0x77,0x8d,0xe6,0x8d, 0x3c,0xe5,0xf5,0xd7,0x80,0xcf,0x38,0x55,0x76,0xd7,0x87,0xa8,0xd6,0x3a,0xcf,0xfd, 0xd8,0x91,0x65,0xab,0x43,0x66,0x50,0xb7,0x9a,0x13,0x6b,0x45,0x80,0x76,0x86,0x22, 0x27,0x72,0xf7,0xbb,0x65,0x22,0x5c,0x55,0x60,0xd8,0x84,0x9f,0xf2,0x61,0x52,0xac, 0xf2,0x4f,0x5b,0x7b,0x21,0xe1,0xf5,0x4b,0x8f,0x01,0xf2,0x4b,0xcf,0xd3,0xfb,0x74, 0x5e,0x6e,0x96,0xb4,0xa8,0x0f,0x01,0x9b,0x26,0x54,0x0a,0x70,0x55,0x26,0xb7,0x0b, 0xe8,0x01,0x68,0x66,0x0d,0x6f,0xb5,0xfc,0x66,0xbd,0x9e,0x44,0xed,0x6a,0x1e,0x3c, 0x3b,0x61,0x5d,0xe8,0xdb,0x99,0x5b,0x67,0xbf,0x94,0xfb,0xe6,0x8c,0x4b,0x07,0xcb, 0x43,0x3a,0x0d,0xb1,0x1b,0x10,0x66,0x81,0xe2,0x0d,0xe7,0xd1,0xca,0x85,0xa7,0x50, 0x82,0x2d,0xbf,0xed,0xcf,0x43,0x6d,0xdb,0x2c,0x7b,0x73,0x20,0xfe,0x73,0x3f,0x19, 0xc6,0xdb,0x69,0xb8,0xc3,0xd3,0xf4,0xe5,0x64,0xf8,0x36,0x8e,0xd5,0xd8,0x09,0x2a, 0x5f,0x26,0x70,0xa1,0xd9,0x5b,0x14,0xf8,0x22,0xe9,0x9d,0x22,0x51,0xf4,0x52,0xc1, 0x6f,0x53,0xf5,0xca,0x0d,0xda,0x39,0x8c,0x29,0x42,0xe8,0x58,0x89,0xbb,0xd1,0x2e, 0xc5,0xdb,0x86,0x8d,0xaf,0xec,0x58,0x36,0x8d,0x8d,0x57,0x23,0xd5,0xdd,0xb9,0x24}}; const TPM2B_RSA_TEST_VALUE c_RsassaKvt = {RSA_TEST_KEY_SIZE, { 0x39,0x10,0x58,0x7d,0x6d,0xa8,0xd5,0x90,0x07,0xd6,0x2b,0x13,0xe9,0xd8,0x93,0x7e, 0xf3,0x5d,0x71,0xe0,0xf0,0x33,0x3a,0x4a,0x22,0xf3,0xe6,0x95,0xd3,0x8e,0x8c,0x41, 0xe7,0xb3,0x13,0xde,0x4a,0x45,0xd3,0xd1,0xfb,0xb1,0x3f,0x9b,0x39,0xa5,0x50,0x58, 0xef,0xb6,0x3a,0x43,0xdd,0x54,0xab,0xda,0x9d,0x32,0x49,0xe4,0x57,0x96,0xe5,0x1b, 0x1d,0x8f,0x33,0x8e,0x07,0x67,0x56,0x14,0xc1,0x18,0x78,0xa2,0x52,0xe6,0x2e,0x07, 0x81,0xbe,0xd8,0xca,0x76,0x63,0x68,0xc5,0x47,0xa2,0x92,0x5e,0x4c,0xfd,0x14,0xc7, 0x46,0x14,0xbe,0xc7,0x85,0xef,0xe6,0xb8,0x46,0xcb,0x3a,0x67,0x66,0x89,0xc6,0xee, 0x9d,0x64,0xf5,0x0d,0x09,0x80,0x9a,0x6f,0x0e,0xeb,0xe4,0xb9,0xe9,0xab,0x90,0x4f, 0xe7,0x5a,0xc8,0xca,0xf6,0x16,0x0a,0x82,0xbd,0xb7,0x76,0x59,0x08,0x2d,0xd9,0x40, 0x5d,0xaa,0xa5,0xef,0xfb,0xe3,0x81,0x2c,0x2c,0x5c,0xa8,0x16,0xbd,0x63,0x20,0xc2, 0x4d,0x3b,0x51,0xaa,0x62,0x1f,0x06,0xe5,0xbb,0x78,0x44,0x04,0x0c,0x5c,0xe1,0x1b, 0x6b,0x9d,0x21,0x10,0xaf,0x48,0x48,0x98,0x97,0x77,0xc2,0x73,0xb4,0x98,0x64,0xcc, 0x94,0x2c,0x29,0x28,0x45,0x36,0xd1,0xc5,0xd0,0x2f,0x97,0x27,0x92,0x65,0x22,0xbb, 0x63,0x79,0xea,0xf5,0xff,0x77,0x0f,0x4b,0x56,0x8a,0x9f,0xad,0x1a,0x97,0x67,0x39, 0x69,0xb8,0x4c,0x6c,0xc2,0x56,0xc5,0x7a,0xa8,0x14,0x5a,0x24,0x7a,0xa4,0x6e,0x55, 0xb2,0x86,0x1d,0xf4,0x62,0x5a,0x2d,0x87,0x6d,0xde,0x99,0x78,0x2d,0xef,0xd7,0xdc}}; #endif // SHA384 #if ALG_SHA512_VALUE == DEFAULT_TEST_HASH const TPM2B_RSA_TEST_VALUE c_OaepKvt = {RSA_TEST_KEY_SIZE, { 0x48,0x45,0xa7,0x70,0xb2,0x41,0xb7,0x48,0x5e,0x79,0x8c,0xdf,0x1c,0xc6,0x7e,0xbb, 0x11,0x80,0x82,0x52,0xbf,0x40,0x3d,0x90,0x03,0x6e,0x20,0x3a,0xb9,0x65,0xc8,0x51, 0x4c,0xbd,0x9c,0xa9,0x43,0x89,0xd0,0x57,0x0c,0xa3,0x69,0x22,0x7e,0x82,0x2a,0x1c, 0x1d,0x5a,0x80,0x84,0x81,0xbb,0x5e,0x5e,0xd0,0xc1,0x66,0x9a,0xac,0x00,0xba,0x14, 0xa2,0xe9,0xd0,0x3a,0x89,0x5a,0x63,0xe2,0xec,0x92,0x05,0xf4,0x47,0x66,0x12,0x7f, 0xdb,0xa7,0x3c,0x5b,0x67,0xe1,0x55,0xca,0x0a,0x27,0xbf,0x39,0x89,0x11,0x05,0xba, 0x9b,0x5a,0x9b,0x65,0x44,0xad,0x78,0xcf,0x8f,0x94,0xf6,0x9a,0xb4,0x52,0x39,0x0e, 0x00,0xba,0xbc,0xe0,0xbd,0x6f,0x81,0x2d,0x76,0x42,0x66,0x70,0x07,0x77,0xbf,0x09, 0x88,0x2a,0x0c,0xb1,0x56,0x3e,0xee,0xfd,0xdc,0xb6,0x3c,0x0d,0xc5,0xa4,0x0d,0x10, 0x32,0x80,0x3e,0x1e,0xfe,0x36,0x8f,0xb5,0x42,0xc1,0x21,0x7b,0xdf,0xdf,0x4a,0xd2, 0x68,0x0c,0x01,0x9f,0x4a,0xfd,0xd4,0xec,0xf7,0x49,0x06,0xab,0xed,0xc6,0xd5,0x1b, 0x63,0x76,0x38,0xc8,0x6c,0xc7,0x4f,0xcb,0x29,0x8a,0x0e,0x6f,0x33,0xaf,0x69,0x31, 0x8e,0xa7,0xdd,0x9a,0x36,0xde,0x9b,0xf1,0x0b,0xfb,0x20,0xa0,0x6d,0x33,0x31,0xc9, 0x9e,0xb4,0x2e,0xc5,0x40,0x0e,0x60,0x71,0x36,0x75,0x05,0xf9,0x37,0xe0,0xca,0x8e, 0x8f,0x56,0xe0,0xea,0x9b,0xeb,0x17,0xf3,0xca,0x40,0xc3,0x48,0x01,0xba,0xdc,0xc6, 0x4b,0x2b,0x5b,0x7b,0x5c,0x81,0xa6,0xbb,0xc7,0x43,0xc0,0xbe,0xc0,0x30,0x7b,0x55}}; const TPM2B_RSA_TEST_VALUE c_RsaesKvt = {RSA_TEST_KEY_SIZE, { 0x74,0x83,0xfa,0x52,0x65,0x50,0x68,0xd0,0x82,0x05,0x72,0x70,0x78,0x1c,0xac,0x10, 0x23,0xc5,0x07,0xf8,0x93,0xd2,0xeb,0x65,0x87,0xbb,0x47,0xc2,0xfb,0x30,0x9e,0x61, 0x4c,0xac,0x04,0x57,0x5a,0x7c,0xeb,0x29,0x08,0x84,0x86,0x89,0x1e,0x8f,0x07,0x32, 0xa3,0x8b,0x70,0xe7,0xa2,0x9f,0x9c,0x42,0x71,0x3d,0x23,0x59,0x82,0x5e,0x8a,0xde, 0xd6,0xfb,0xd8,0xc5,0x8b,0xc0,0xdb,0x10,0x38,0x87,0xd3,0xbf,0x04,0xb0,0x66,0xb9, 0x85,0x81,0x54,0x4c,0x69,0xdc,0xba,0x78,0xf3,0x4a,0xdb,0x25,0xa2,0xf2,0x34,0x55, 0xdd,0xaa,0xa5,0xc4,0xed,0x55,0x06,0x0e,0x2a,0x30,0x77,0xab,0x82,0x79,0xf0,0xcd, 0x9d,0x6f,0x09,0xa0,0xc8,0x82,0xc9,0xe0,0x61,0xda,0x40,0xcd,0x17,0x59,0xc0,0xef, 0x95,0x6d,0xa3,0x6d,0x1c,0x2b,0xee,0x24,0xef,0xd8,0x4a,0x55,0x6c,0xd6,0x26,0x42, 0x32,0x17,0xfd,0x6a,0xb3,0x4f,0xde,0x07,0x2f,0x10,0xd4,0xac,0x14,0xea,0x89,0x68, 0xcc,0xd3,0x07,0xb7,0xcf,0xba,0x39,0x20,0x63,0x20,0x7b,0x44,0x8b,0x48,0x60,0x5d, 0x3a,0x2a,0x0a,0xe9,0x68,0xab,0x15,0x46,0x27,0x64,0xb5,0x82,0x06,0x29,0xe7,0x25, 0xca,0x46,0x48,0x6e,0x2a,0x34,0x57,0x4b,0x81,0x75,0xae,0xb6,0xfd,0x6f,0x51,0x5f, 0x04,0x59,0xc7,0x15,0x1f,0xe0,0x68,0xf7,0x36,0x2d,0xdf,0xc8,0x9d,0x05,0x27,0x2d, 0x3f,0x2b,0x59,0x5d,0xcb,0xf3,0xc4,0x92,0x6e,0x00,0xa8,0x8d,0xd0,0x69,0xe5,0x59, 0xda,0xba,0x4f,0x38,0xf5,0xa0,0x8b,0xf1,0x73,0xe9,0x0d,0xee,0x64,0xe5,0xa2,0xd8}}; const TPM2B_RSA_TEST_VALUE c_RsapssKvt = {RSA_TEST_KEY_SIZE, { 0x1b,0xca,0x8b,0x18,0x15,0x3b,0x95,0x5b,0x0a,0x89,0x10,0x03,0x7f,0x7c,0xa0,0xc9, 0x66,0x57,0x86,0x6a,0xc9,0xeb,0x82,0x71,0xf3,0x8d,0x6f,0xa9,0xa4,0x2d,0xd0,0x22, 0xdf,0xe9,0xc6,0x71,0x5b,0xf4,0x27,0x38,0x5b,0x2c,0x8a,0x54,0xcc,0x85,0x11,0x69, 0x6d,0x6f,0x42,0xe7,0x22,0xcb,0xd6,0xad,0x1a,0xc5,0xab,0x6a,0xa5,0xfc,0xa5,0x70, 0x72,0x4a,0x62,0x25,0xd0,0xa2,0x16,0x61,0xab,0xac,0x31,0xa0,0x46,0x24,0x4f,0xdd, 0x9a,0x36,0x55,0xb6,0x00,0x9e,0x23,0x50,0x0d,0x53,0x01,0xb3,0x46,0x56,0xb2,0x1d, 0x33,0x5b,0xca,0x41,0x7f,0x65,0x7e,0x00,0x5c,0x12,0xff,0x0a,0x70,0x5d,0x8c,0x69, 0x4a,0x02,0xee,0x72,0x30,0xa7,0x5c,0xa4,0xbb,0xbe,0x03,0x0c,0xe4,0x5f,0x33,0xb6, 0x78,0x91,0x9d,0xd8,0xec,0x34,0x03,0x2e,0x63,0x32,0xc7,0x2a,0x36,0x50,0xd5,0x8b, 0x0e,0x7f,0x54,0x4e,0xf4,0x29,0x11,0x1b,0xcd,0x0f,0x37,0xa5,0xbc,0x61,0x83,0x50, 0xfa,0x18,0x75,0xd9,0xfe,0xa7,0xe8,0x9b,0xc1,0x4f,0x96,0x37,0x81,0x71,0xdf,0x71, 0x8b,0x89,0x81,0xf4,0x95,0xb5,0x29,0x66,0x41,0x0c,0x73,0xd7,0x0b,0x21,0xb4,0xfb, 0xf9,0x63,0x2f,0xe9,0x7b,0x38,0xaa,0x20,0xc3,0x96,0xcc,0xb7,0xb2,0x24,0xa1,0xe0, 0x59,0x9c,0x10,0x9e,0x5a,0xf7,0xe3,0x02,0xe6,0x23,0xe2,0x44,0x21,0x3f,0x6e,0x5e, 0x79,0xb2,0x93,0x7d,0xce,0xed,0xe2,0xe1,0xab,0x98,0x07,0xa7,0xbd,0xbc,0xd8,0xf7, 0x06,0xeb,0xc5,0xa6,0x37,0x18,0x11,0x88,0xf7,0x63,0x39,0xb9,0x57,0x29,0xdc,0x03}}; const TPM2B_RSA_TEST_VALUE c_RsassaKvt = {RSA_TEST_KEY_SIZE, { 0x05,0x55,0x00,0x62,0x01,0xc6,0x04,0x31,0x55,0x73,0x3f,0x2a,0xf9,0xd4,0x0f,0xc1, 0x2b,0xeb,0xd8,0xc8,0xdb,0xb2,0xab,0x6c,0x26,0xde,0x2d,0x89,0xc2,0x2d,0x36,0x62, 0xc8,0x22,0x5d,0x58,0x03,0xb1,0x46,0x14,0xa5,0xd4,0xbc,0x25,0x6b,0x7f,0x8f,0x14, 0x7e,0x03,0x2f,0x3d,0xb8,0x39,0xa5,0x79,0x13,0x7e,0x22,0x2a,0xb9,0x3e,0x8f,0xaa, 0x01,0x7c,0x03,0x12,0x21,0x6c,0x2a,0xb4,0x39,0x98,0x6d,0xff,0x08,0x6c,0x59,0x2d, 0xdc,0xc6,0xf1,0x77,0x62,0x10,0xa6,0xcc,0xe2,0x71,0x8e,0x97,0x00,0x87,0x5b,0x0e, 0x20,0x00,0x3f,0x18,0x63,0x83,0xf0,0xe4,0x0a,0x64,0x8c,0xe9,0x8c,0x91,0xe7,0x89, 0x04,0x64,0x2c,0x8b,0x41,0xc8,0xac,0xf6,0x5a,0x75,0xe6,0xa5,0x76,0x43,0xcb,0xa5, 0x33,0x8b,0x07,0xc9,0x73,0x0f,0x45,0xa4,0xc3,0xac,0xc1,0xc3,0xe6,0xe7,0x21,0x66, 0x1c,0xba,0xbf,0xea,0x3e,0x39,0xfa,0xb2,0xe2,0x8f,0xfe,0x9c,0xb4,0x85,0x89,0x33, 0x2a,0x0c,0xc8,0x5d,0x58,0xe1,0x89,0x12,0xe9,0x4d,0x42,0xb3,0x1f,0x99,0x0c,0x3e, 0xd8,0xb2,0xeb,0xf5,0x88,0xfb,0xe1,0x4b,0x8e,0xdc,0xd3,0xa8,0xda,0xbe,0x04,0x45, 0xbf,0x56,0xc6,0x54,0x70,0x00,0xb8,0x66,0x46,0x3a,0xa3,0x1e,0xb6,0xeb,0x1a,0xa0, 0x0b,0xd3,0x9a,0x9a,0x52,0xda,0x60,0x69,0xb7,0xef,0x93,0x47,0x38,0xab,0x1a,0xa0, 0x22,0x6e,0x76,0x06,0xb6,0x74,0xaf,0x74,0x8f,0x51,0xc0,0x89,0x5a,0x4b,0xbe,0x6a, 0x91,0x18,0x25,0x7d,0xa6,0x77,0xe6,0xfd,0xc2,0x62,0x36,0x07,0xc6,0xef,0x79,0xc9}}; #endif // SHA512 go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/SelfTest.h000066400000000000000000000110101510276467000255220ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Introduction // This file contains the structure definitions for the self-test. It also contains // macros for use when the self-test is implemented. #ifndef _SELF_TEST_H_ #define _SELF_TEST_H_ //** Defines // Was typing this a lot #define SELF_TEST_FAILURE FAIL(FATAL_ERROR_SELF_TEST) // Use the definition of key sizes to set algorithm values for key size. #define AES_ENTRIES (AES_128 + AES_192 + AES_256) #define SM4_ENTRIES (SM4_128) #define CAMELLIA_ENTRIES (CAMELLIA_128 + CAMELLIA_192 + CAMELLIA_256) #define TDES_ENTRIES (TDES_128 + TDES_192) #define NUM_SYMS (AES_ENTRIES + SM4_ENTRIES + CAMELLIA_ENTRIES + TDES_ENTRIES) typedef UINT32 SYM_INDEX; // These two defines deal with the fact that the TPM_ALG_ID table does not delimit // the symmetric mode values with a TPM_SYM_MODE_FIRST and TPM_SYM_MODE_LAST #define TPM_SYM_MODE_FIRST ALG_CTR_VALUE #define TPM_SYM_MODE_LAST ALG_ECB_VALUE #define NUM_SYM_MODES (TPM_SYM_MODE_LAST - TPM_SYM_MODE_FIRST + 1) // Define a type to hold a bit vector for the modes. #if NUM_SYM_MODES <= 0 #error "No symmetric modes implemented" #elif NUM_SYM_MODES <= 8 typedef BYTE SYM_MODES; #elif NUM_SYM_MODES <= 16 typedef UINT16 SYM_MODES; #elif NUM_SYM_MODES <= 32 typedef UINT32 SYM_MODES; #else #error "Too many symmetric modes" #endif typedef struct SYMMETRIC_TEST_VECTOR { const TPM_ALG_ID alg; // the algorithm const UINT16 keyBits; // bits in the key const BYTE *key; // The test key const UINT32 ivSize; // block size of the algorithm const UINT32 dataInOutSize; // size to encrypt/decrypt const BYTE *dataIn; // data to encrypt const BYTE *dataOut[NUM_SYM_MODES];// data to decrypt } SYMMETRIC_TEST_VECTOR; #if ALG_SHA512 # define DEFAULT_TEST_HASH ALG_SHA512_VALUE # define DEFAULT_TEST_DIGEST_SIZE SHA512_DIGEST_SIZE # define DEFAULT_TEST_HASH_BLOCK_SIZE SHA512_BLOCK_SIZE #elif ALG_SHA384 # define DEFAULT_TEST_HASH ALG_SHA384_VALUE # define DEFAULT_TEST_DIGEST_SIZE SHA384_DIGEST_SIZE # define DEFAULT_TEST_HASH_BLOCK_SIZE SHA384_BLOCK_SIZE #elif ALG_SHA256 # define DEFAULT_TEST_HASH ALG_SHA256_VALUE # define DEFAULT_TEST_DIGEST_SIZE SHA256_DIGEST_SIZE # define DEFAULT_TEST_HASH_BLOCK_SIZE SHA256_BLOCK_SIZE #elif ALG_SHA1 # define DEFAULT_TEST_HASH ALG_SHA1_VALUE # define DEFAULT_TEST_DIGEST_SIZE SHA1_DIGEST_SIZE # define DEFAULT_TEST_HASH_BLOCK_SIZE SHA1_BLOCK_SIZE #endif #endif // _SELF_TEST_H_go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/SupportLibraryFunctionPrototypes_fp.h000066400000000000000000000132461510276467000333130ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Introduction // This file contains the function prototypes for the functions that need to be // present in the selected math library. For each function listed, there should // be a small stub function. That stub provides the interface between the TPM // code and the support library. In most cases, the stub function will only need // to do a format conversion between the TPM big number and the support library // big number. The TPM big number format was chosen to make this relatively // simple and fast. // // Arithmetic operations return a BOOL to indicate if the operation completed // successfully or not. #ifndef SUPPORT_LIBRARY_FUNCTION_PROTOTYPES_H #define SUPPORT_LIBRARY_FUNCTION_PROTOTYPES_H //** SupportLibInit() // This function is called by CryptInit() so that necessary initializations can be // performed on the cryptographic library. LIB_EXPORT int SupportLibInit(void); //** MathLibraryCompatibililtyCheck() // This function is only used during development to make sure that the library // that is being referenced is using the same size of data structures as the TPM. void MathLibraryCompatibilityCheck( void ); //** BnModMult() // Does 'op1' * 'op2' and divide by 'modulus' returning the remainder of the divide. LIB_EXPORT BOOL BnModMult(bigNum result, bigConst op1, bigConst op2, bigConst modulus); //** BnMult() // Multiplies two numbers and returns the result LIB_EXPORT BOOL BnMult(bigNum result, bigConst multiplicand, bigConst multiplier); //** BnDiv() // This function divides two bigNum values. The function returns FALSE if there is // an error in the operation. LIB_EXPORT BOOL BnDiv(bigNum quotient, bigNum remainder, bigConst dividend, bigConst divisor); //** BnMod() #define BnMod(a, b) BnDiv(NULL, (a), (a), (b)) //** BnGcd() // Get the greatest common divisor of two numbers. This function is only needed // when the TPM implements RSA. LIB_EXPORT BOOL BnGcd(bigNum gcd, bigConst number1, bigConst number2); //** BnModExp() // Do modular exponentiation using bigNum values. This function is only needed // when the TPM implements RSA. LIB_EXPORT BOOL BnModExp(bigNum result, bigConst number, bigConst exponent, bigConst modulus); //** BnModInverse() // Modular multiplicative inverse. This function is only needed // when the TPM implements RSA. LIB_EXPORT BOOL BnModInverse(bigNum result, bigConst number, bigConst modulus); //** BnEccModMult() // This function does a point multiply of the form R = [d]S. A return of FALSE // indicates that the result was the point at infinity. This function is only needed // if the TPM supports ECC. LIB_EXPORT BOOL BnEccModMult(bigPoint R, pointConst S, bigConst d, bigCurve E); //** BnEccModMult2() // This function does a point multiply of the form R = [d]S + [u]Q. A return of // FALSE indicates that the result was the point at infinity. This function is only // needed if the TPM supports ECC. LIB_EXPORT BOOL BnEccModMult2(bigPoint R, pointConst S, bigConst d, pointConst Q, bigConst u, bigCurve E); //** BnEccAdd() // This function does a point add R = S + Q. A return of FALSE // indicates that the result was the point at infinity. This function is only needed // if the TPM supports ECC. LIB_EXPORT BOOL BnEccAdd(bigPoint R, pointConst S, pointConst Q, bigCurve E); //** BnCurveInitialize() // This function is used to initialize the pointers of a bnCurve_t structure. The // structure is a set of pointers to bigNum values. The curve-dependent values are // set by a different function. This function is only needed // if the TPM supports ECC. LIB_EXPORT bigCurve BnCurveInitialize(bigCurve E, TPM_ECC_CURVE curveId); //*** BnCurveFree() // This function will free the allocated components of the curve and end the // frame in which the curve data exists LIB_EXPORT void BnCurveFree(bigCurve E); #endif go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/SymmetricTest.h000066400000000000000000000064101510276467000266150ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Introduction // This file contains the structures and data definitions for the symmetric tests. // This file references the header file that contains the actual test vectors. This // organization was chosen so that the program that is used to generate the test // vector values does not have to also re-generate this data. #ifndef SELF_TEST_DATA #error "This file may only be included in AlgorithmTests.c" #endif #ifndef _SYMMETRIC_TEST_H #define _SYMMETRIC_TEST_H #include "SymmetricTestData.h" //** Symmetric Test Structures const SYMMETRIC_TEST_VECTOR c_symTestValues[NUM_SYMS + 1] = { #if ALG_AES && AES_128 {ALG_AES_VALUE, 128, key_AES128, 16, sizeof(dataIn_AES128), dataIn_AES128, {dataOut_AES128_CTR, dataOut_AES128_OFB, dataOut_AES128_CBC, dataOut_AES128_CFB, dataOut_AES128_ECB}}, #endif #if ALG_AES && AES_192 {ALG_AES_VALUE, 192, key_AES192, 16, sizeof(dataIn_AES192), dataIn_AES192, {dataOut_AES192_CTR, dataOut_AES192_OFB, dataOut_AES192_CBC, dataOut_AES192_CFB, dataOut_AES192_ECB}}, #endif #if ALG_AES && AES_256 {ALG_AES_VALUE, 256, key_AES256, 16, sizeof(dataIn_AES256), dataIn_AES256, {dataOut_AES256_CTR, dataOut_AES256_OFB, dataOut_AES256_CBC, dataOut_AES256_CFB, dataOut_AES256_ECB}}, #endif #if ALG_SM4 && SM4_128 {ALG_SM4_VALUE, 128, key_SM4128, 16, sizeof(dataIn_SM4128), dataIn_SM4128, {dataOut_SM4128_CTR, dataOut_SM4128_OFB, dataOut_SM4128_CBC, dataOut_SM4128_CFB, dataOut_AES128_ECB}}, #endif {0} }; #endif // _SYMMETRIC_TEST_H go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/SymmetricTestData.h000066400000000000000000000203641510276467000274130ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ // This is a vector for testing either encrypt or decrypt. The premise for decrypt // is that the IV for decryption is the same as the IV for encryption. However, // the ivOut value may be different for encryption and decryption. We will encrypt // at least two blocks. This means that the chaining value will be used for each // of the schemes (if any) and that implicitly checks that the chaining value // is handled properly. #if AES_128 const BYTE key_AES128 [] = { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c}; const BYTE dataIn_AES128 [] = { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51}; const BYTE dataOut_AES128_ECB [] = { 0x3a, 0xd7, 0x7b, 0xb4, 0x0d, 0x7a, 0x36, 0x60, 0xa8, 0x9e, 0xca, 0xf3, 0x24, 0x66, 0xef, 0x97, 0xf5, 0xd3, 0xd5, 0x85, 0x03, 0xb9, 0x69, 0x9d, 0xe7, 0x85, 0x89, 0x5a, 0x96, 0xfd, 0xba, 0xaf}; const BYTE dataOut_AES128_CBC [] = { 0x76, 0x49, 0xab, 0xac, 0x81, 0x19, 0xb2, 0x46, 0xce, 0xe9, 0x8e, 0x9b, 0x12, 0xe9, 0x19, 0x7d, 0x50, 0x86, 0xcb, 0x9b, 0x50, 0x72, 0x19, 0xee, 0x95, 0xdb, 0x11, 0x3a, 0x91, 0x76, 0x78, 0xb2}; const BYTE dataOut_AES128_CFB [] = { 0x3b, 0x3f, 0xd9, 0x2e, 0xb7, 0x2d, 0xad, 0x20, 0x33, 0x34, 0x49, 0xf8, 0xe8, 0x3c, 0xfb, 0x4a, 0xc8, 0xa6, 0x45, 0x37, 0xa0, 0xb3, 0xa9, 0x3f, 0xcd, 0xe3, 0xcd, 0xad, 0x9f, 0x1c, 0xe5, 0x8b}; const BYTE dataOut_AES128_OFB [] = { 0x3b, 0x3f, 0xd9, 0x2e, 0xb7, 0x2d, 0xad, 0x20, 0x33, 0x34, 0x49, 0xf8, 0xe8, 0x3c, 0xfb, 0x4a, 0x77, 0x89, 0x50, 0x8d, 0x16, 0x91, 0x8f, 0x03, 0xf5, 0x3c, 0x52, 0xda, 0xc5, 0x4e, 0xd8, 0x25}; const BYTE dataOut_AES128_CTR [] = { 0x87, 0x4d, 0x61, 0x91, 0xb6, 0x20, 0xe3, 0x26, 0x1b, 0xef, 0x68, 0x64, 0x99, 0x0d, 0xb6, 0xce, 0x98, 0x06, 0xf6, 0x6b, 0x79, 0x70, 0xfd, 0xff, 0x86, 0x17, 0x18, 0x7b, 0xb9, 0xff, 0xfd, 0xff}; #endif #if AES_192 const BYTE key_AES192 [] = { 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52, 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5, 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b}; const BYTE dataIn_AES192 [] = { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51}; const BYTE dataOut_AES192_ECB [] = { 0xbd, 0x33, 0x4f, 0x1d, 0x6e, 0x45, 0xf2, 0x5f, 0xf7, 0x12, 0xa2, 0x14, 0x57, 0x1f, 0xa5, 0xcc, 0x97, 0x41, 0x04, 0x84, 0x6d, 0x0a, 0xd3, 0xad, 0x77, 0x34, 0xec, 0xb3, 0xec, 0xee, 0x4e, 0xef}; const BYTE dataOut_AES192_CBC [] = { 0x4f, 0x02, 0x1d, 0xb2, 0x43, 0xbc, 0x63, 0x3d, 0x71, 0x78, 0x18, 0x3a, 0x9f, 0xa0, 0x71, 0xe8, 0xb4, 0xd9, 0xad, 0xa9, 0xad, 0x7d, 0xed, 0xf4, 0xe5, 0xe7, 0x38, 0x76, 0x3f, 0x69, 0x14, 0x5a}; const BYTE dataOut_AES192_CFB [] = { 0xcd, 0xc8, 0x0d, 0x6f, 0xdd, 0xf1, 0x8c, 0xab, 0x34, 0xc2, 0x59, 0x09, 0xc9, 0x9a, 0x41, 0x74, 0x67, 0xce, 0x7f, 0x7f, 0x81, 0x17, 0x36, 0x21, 0x96, 0x1a, 0x2b, 0x70, 0x17, 0x1d, 0x3d, 0x7a}; const BYTE dataOut_AES192_OFB [] = { 0xcd, 0xc8, 0x0d, 0x6f, 0xdd, 0xf1, 0x8c, 0xab, 0x34, 0xc2, 0x59, 0x09, 0xc9, 0x9a, 0x41, 0x74, 0xfc, 0xc2, 0x8b, 0x8d, 0x4c, 0x63, 0x83, 0x7c, 0x09, 0xe8, 0x17, 0x00, 0xc1, 0x10, 0x04, 0x01}; const BYTE dataOut_AES192_CTR [] = { 0x1a, 0xbc, 0x93, 0x24, 0x17, 0x52, 0x1c, 0xa2, 0x4f, 0x2b, 0x04, 0x59, 0xfe, 0x7e, 0x6e, 0x0b, 0x09, 0x03, 0x39, 0xec, 0x0a, 0xa6, 0xfa, 0xef, 0xd5, 0xcc, 0xc2, 0xc6, 0xf4, 0xce, 0x8e, 0x94}; #endif #if AES_256 const BYTE key_AES256 [] = { 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe, 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81, 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7, 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4}; const BYTE dataIn_AES256 [] = { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51}; const BYTE dataOut_AES256_ECB [] = { 0xf3, 0xee, 0xd1, 0xbd, 0xb5, 0xd2, 0xa0, 0x3c, 0x06, 0x4b, 0x5a, 0x7e, 0x3d, 0xb1, 0x81, 0xf8, 0x59, 0x1c, 0xcb, 0x10, 0xd4, 0x10, 0xed, 0x26, 0xdc, 0x5b, 0xa7, 0x4a, 0x31, 0x36, 0x28, 0x70}; const BYTE dataOut_AES256_CBC [] = { 0xf5, 0x8c, 0x4c, 0x04, 0xd6, 0xe5, 0xf1, 0xba, 0x77, 0x9e, 0xab, 0xfb, 0x5f, 0x7b, 0xfb, 0xd6, 0x9c, 0xfc, 0x4e, 0x96, 0x7e, 0xdb, 0x80, 0x8d, 0x67, 0x9f, 0x77, 0x7b, 0xc6, 0x70, 0x2c, 0x7d}; const BYTE dataOut_AES256_CFB [] = { 0xdc, 0x7e, 0x84, 0xbf, 0xda, 0x79, 0x16, 0x4b, 0x7e, 0xcd, 0x84, 0x86, 0x98, 0x5d, 0x38, 0x60, 0x39, 0xff, 0xed, 0x14, 0x3b, 0x28, 0xb1, 0xc8, 0x32, 0x11, 0x3c, 0x63, 0x31, 0xe5, 0x40, 0x7b}; const BYTE dataOut_AES256_OFB [] = { 0xdc, 0x7e, 0x84, 0xbf, 0xda, 0x79, 0x16, 0x4b, 0x7e, 0xcd, 0x84, 0x86, 0x98, 0x5d, 0x38, 0x60, 0x4f, 0xeb, 0xdc, 0x67, 0x40, 0xd2, 0x0b, 0x3a, 0xc8, 0x8f, 0x6a, 0xd8, 0x2a, 0x4f, 0xb0, 0x8d}; const BYTE dataOut_AES256_CTR [] = { 0x60, 0x1e, 0xc3, 0x13, 0x77, 0x57, 0x89, 0xa5, 0xb7, 0xa7, 0xf5, 0x04, 0xbb, 0xf3, 0xd2, 0x28, 0xf4, 0x43, 0xe3, 0xca, 0x4d, 0x62, 0xb5, 0x9a, 0xca, 0x84, 0xe9, 0x90, 0xca, 0xca, 0xf5, 0xc5}; #endif go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TPMB.h000066400000000000000000000057071510276467000245530ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ // // This file contains extra TPM2B structures // #ifndef _TPMB_H #define _TPMB_H // TPM2B Types typedef struct { UINT16 size; BYTE buffer[1]; } TPM2B, *P2B; typedef const TPM2B *PC2B; // This macro helps avoid having to type in the structure in order to create // a new TPM2B type that is used in a function. #define TPM2B_TYPE(name, bytes) \ typedef union { \ struct { \ UINT16 size; \ BYTE buffer[(bytes)]; \ } t; \ TPM2B b; \ } TPM2B_##name // This macro defines a TPM2B with a constant character value. This macro // sets the size of the string to the size minus the terminating zero byte. // This lets the user of the label add their terminating 0. This method // is chosen so that existing code that provides a label will continue // to work correctly. // Macro to instance and initialize a TPM2B value #define TPM2B_INIT(TYPE, name) \ TPM2B_##TYPE name = {sizeof(name.t.buffer), {0}} #define TPM2B_BYTE_VALUE(bytes) TPM2B_TYPE(bytes##_BYTE_VALUE, bytes) #endif go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Tpm.h000066400000000000000000000047151510276467000245470ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ // Root header file for building any TPM.lib code #ifndef _TPM_H_ #define _TPM_H_ #include "TpmBuildSwitches.h" #include "BaseTypes.h" #include "TPMB.h" #include "MinMax.h" #include "TpmProfile.h" #include "TpmAlgorithmDefines.h" #include "LibSupport.h" // Types from the library. These need to come before // Global.h because some of the structures in // that file depend on the structures used by the // cryptographic libraries. #include "GpMacros.h" // Define additional macros #include "Global.h" // Define other TPM types #include "InternalRoutines.h" // Function prototypes #endif // _TPM_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmASN1.h000066400000000000000000000123701510276467000251660ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Introduction // This file contains the macro and structure definitions for the X509 commands and // functions. #ifndef _TPMASN1_H_ #define _TPMASN1_H_ //** Includes #include "Tpm.h" #include "OIDs.h" //** Defined Constants //*** ASN.1 Universal Types (Class 00b) #define ASN1_EOC 0x00 #define ASN1_BOOLEAN 0x01 #define ASN1_INTEGER 0x02 #define ASN1_BITSTRING 0x03 #define ASN1_OCTET_STRING 0x04 #define ASN1_NULL 0x05 #define ASN1_OBJECT_IDENTIFIER 0x06 #define ASN1_OBJECT_DESCRIPTOR 0x07 #define ASN1_EXTERNAL 0x08 #define ASN1_REAL 0x09 #define ASN1_ENUMERATED 0x0A #define ASN1_EMBEDDED 0x0B #define ASN1_UTF8String 0x0C #define ASN1_RELATIVE_OID 0x0D #define ASN1_SEQUENCE 0x10 // Primitive + Constructed + 0x10 #define ASN1_SET 0x11 // Primitive + Constructed + 0x11 #define ASN1_NumericString 0x12 #define ASN1_PrintableString 0x13 #define ASN1_T61String 0x14 #define ASN1_VideoString 0x15 #define ASN1_IA5String 0x16 #define ASN1_UTCTime 0x17 #define ASN1_GeneralizeTime 0x18 #define ASN1_VisibleString 0x1A #define ASN1_GeneralString 0x1B #define ASN1_UniversalString 0x1C #define ASN1_CHARACTER STRING 0x1D #define ASN1_BMPString 0x1E #define ASN1_CONSTRUCTED 0x20 #define ASN1_APPLICAIION_SPECIFIC 0xA0 #define ASN1_CONSTRUCTED_SEQUENCE (ASN1_SEQUENCE + ASN1_CONSTRUCTED) #define MAX_DEPTH 10 // maximum push depth for marshaling context. //** Macros //*** Unmarshaling Macros #ifndef VERIFY #define VERIFY(_X_) {if(!(_X_)) goto Error; } #endif // Checks the validity of the size making sure that there is no wrap around #define CHECK_SIZE(context, length) \ VERIFY( (((length) + (context)->offset) >= (context)->offset) \ && (((length) + (context)->offset) <= (context)->size)) #define NEXT_OCTET(context) ((context)->buffer[(context)->offset++]) #define PEEK_NEXT(context) ((context)->buffer[(context)->offset]) //*** Marshaling Macros // Marshaling works in reverse order. The offset is set to the top of the buffer and, // as the buffer is filled, 'offset' counts down to zero. When the full thing is // encoded it can be moved to the top of the buffer. This happens when the last // context is closed. #define CHECK_SPACE(context, length) VERIFY(context->offset > length) //** Structures typedef struct ASN1UnmarshalContext { BYTE *buffer; // pointer to the buffer INT16 size; // size of the buffer (a negative number indicates // a parsing failure). INT16 offset; // current offset into the buffer (a negative number // indicates a parsing failure). Not used BYTE tag; // The last unmarshaled tag } ASN1UnmarshalContext; typedef struct ASN1MarshalContext { BYTE *buffer; // pointer to the start of the buffer INT16 offset; // place on the top where the last entry was added // items are added from the bottom up. INT16 end; // the end offset of the current value INT16 depth; // how many pushed end values. INT16 ends[MAX_DEPTH]; } ASN1MarshalContext; #endif // _TPMASN1_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmAlgorithmDefines.h000066400000000000000000000534021510276467000277110ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Apr 7, 2019 Time: 06:58:55PM */ #ifndef _TPM_ALGORITHM_DEFINES_H_ #define _TPM_ALGORITHM_DEFINES_H_ // Table 2:3 - Definition of Base Types // Base Types are in BaseTypes.h #define ECC_CURVES \ {TPM_ECC_BN_P256, TPM_ECC_BN_P638, TPM_ECC_NIST_P192, \ TPM_ECC_NIST_P224, TPM_ECC_NIST_P256, TPM_ECC_NIST_P384, \ TPM_ECC_NIST_P521, TPM_ECC_SM2_P256} #define ECC_CURVE_COUNT \ (ECC_BN_P256 + ECC_BN_P638 + ECC_NIST_P192 + ECC_NIST_P224 + \ ECC_NIST_P256 + ECC_NIST_P384 + ECC_NIST_P521 + ECC_SM2_P256) #define MAX_ECC_KEY_BITS \ MAX(ECC_BN_P256 * 256, MAX(ECC_BN_P638 * 638, \ MAX(ECC_NIST_P192 * 192, MAX(ECC_NIST_P224 * 224, \ MAX(ECC_NIST_P256 * 256, MAX(ECC_NIST_P384 * 384, \ MAX(ECC_NIST_P521 * 521, MAX(ECC_SM2_P256 * 256, \ 0)))))))) #define MAX_ECC_KEY_BYTES BITS_TO_BYTES(MAX_ECC_KEY_BITS) // Table 0:6 - Defines for PLATFORM Values #define PLATFORM_FAMILY TPM_SPEC_FAMILY #define PLATFORM_LEVEL TPM_SPEC_LEVEL #define PLATFORM_VERSION TPM_SPEC_VERSION #define PLATFORM_YEAR TPM_SPEC_YEAR #define PLATFORM_DAY_OF_YEAR TPM_SPEC_DAY_OF_YEAR // Table 1:12 - Defines for SHA1 Hash Values #define SHA1_DIGEST_SIZE 20 #define SHA1_BLOCK_SIZE 64 // Table 1:13 - Defines for SHA256 Hash Values #define SHA256_DIGEST_SIZE 32 #define SHA256_BLOCK_SIZE 64 // Table 1:14 - Defines for SHA384 Hash Values #define SHA384_DIGEST_SIZE 48 #define SHA384_BLOCK_SIZE 128 // Table 1:15 - Defines for SHA512 Hash Values #define SHA512_DIGEST_SIZE 64 #define SHA512_BLOCK_SIZE 128 // Table 1:16 - Defines for SM3_256 Hash Values #define SM3_256_DIGEST_SIZE 32 #define SM3_256_BLOCK_SIZE 64 // Table 1:16 - Defines for SHA3_256 Hash Values #define SHA3_256_DIGEST_SIZE 32 #define SHA3_256_BLOCK_SIZE 136 // Table 1:16 - Defines for SHA3_384 Hash Values #define SHA3_384_DIGEST_SIZE 48 #define SHA3_384_BLOCK_SIZE 104 // Table 1:16 - Defines for SHA3_512 Hash Values #define SHA3_512_DIGEST_SIZE 64 #define SHA3_512_BLOCK_SIZE 72 // Table 1:00 - Defines for RSA Asymmetric Cipher Algorithm Constants #define RSA_KEY_SIZES_BITS \ (1024 * RSA_1024), (2048 * RSA_2048), (3072 * RSA_3072), \ (4096 * RSA_4096) #if RSA_4096 # define RSA_MAX_KEY_SIZE_BITS 4096 #elif RSA_3072 # define RSA_MAX_KEY_SIZE_BITS 3072 #elif RSA_2048 # define RSA_MAX_KEY_SIZE_BITS 2048 #elif RSA_1024 # define RSA_MAX_KEY_SIZE_BITS 1024 #else # define RSA_MAX_KEY_SIZE_BITS 0 #endif #define MAX_RSA_KEY_BITS RSA_MAX_KEY_SIZE_BITS #define MAX_RSA_KEY_BYTES ((RSA_MAX_KEY_SIZE_BITS + 7) / 8) // Table 1:17 - Defines for AES Symmetric Cipher Algorithm Constants #define AES_KEY_SIZES_BITS \ (128 * AES_128), (192 * AES_192), (256 * AES_256) #if AES_256 # define AES_MAX_KEY_SIZE_BITS 256 #elif AES_192 # define AES_MAX_KEY_SIZE_BITS 192 #elif AES_128 # define AES_MAX_KEY_SIZE_BITS 128 #else # define AES_MAX_KEY_SIZE_BITS 0 #endif #define MAX_AES_KEY_BITS AES_MAX_KEY_SIZE_BITS #define MAX_AES_KEY_BYTES ((AES_MAX_KEY_SIZE_BITS + 7) / 8) #define AES_128_BLOCK_SIZE_BYTES (AES_128 * 16) #define AES_192_BLOCK_SIZE_BYTES (AES_192 * 16) #define AES_256_BLOCK_SIZE_BYTES (AES_256 * 16) #define AES_BLOCK_SIZES \ AES_128_BLOCK_SIZE_BYTES, AES_192_BLOCK_SIZE_BYTES, \ AES_256_BLOCK_SIZE_BYTES #if ALG_AES # define AES_MAX_BLOCK_SIZE 16 #else # define AES_MAX_BLOCK_SIZE 0 #endif #define MAX_AES_BLOCK_SIZE_BYTES AES_MAX_BLOCK_SIZE // Table 1:18 - Defines for SM4 Symmetric Cipher Algorithm Constants #define SM4_KEY_SIZES_BITS (128 * SM4_128) #if SM4_128 # define SM4_MAX_KEY_SIZE_BITS 128 #else # define SM4_MAX_KEY_SIZE_BITS 0 #endif #define MAX_SM4_KEY_BITS SM4_MAX_KEY_SIZE_BITS #define MAX_SM4_KEY_BYTES ((SM4_MAX_KEY_SIZE_BITS + 7) / 8) #define SM4_128_BLOCK_SIZE_BYTES (SM4_128 * 16) #define SM4_BLOCK_SIZES SM4_128_BLOCK_SIZE_BYTES #if ALG_SM4 # define SM4_MAX_BLOCK_SIZE 16 #else # define SM4_MAX_BLOCK_SIZE 0 #endif #define MAX_SM4_BLOCK_SIZE_BYTES SM4_MAX_BLOCK_SIZE // Table 1:19 - Defines for CAMELLIA Symmetric Cipher Algorithm Constants #define CAMELLIA_KEY_SIZES_BITS \ (128 * CAMELLIA_128), (192 * CAMELLIA_192), (256 * CAMELLIA_256) #if CAMELLIA_256 # define CAMELLIA_MAX_KEY_SIZE_BITS 256 #elif CAMELLIA_192 # define CAMELLIA_MAX_KEY_SIZE_BITS 192 #elif CAMELLIA_128 # define CAMELLIA_MAX_KEY_SIZE_BITS 128 #else # define CAMELLIA_MAX_KEY_SIZE_BITS 0 #endif #define MAX_CAMELLIA_KEY_BITS CAMELLIA_MAX_KEY_SIZE_BITS #define MAX_CAMELLIA_KEY_BYTES ((CAMELLIA_MAX_KEY_SIZE_BITS + 7) / 8) #define CAMELLIA_128_BLOCK_SIZE_BYTES (CAMELLIA_128 * 16) #define CAMELLIA_192_BLOCK_SIZE_BYTES (CAMELLIA_192 * 16) #define CAMELLIA_256_BLOCK_SIZE_BYTES (CAMELLIA_256 * 16) #define CAMELLIA_BLOCK_SIZES \ CAMELLIA_128_BLOCK_SIZE_BYTES, CAMELLIA_192_BLOCK_SIZE_BYTES, \ CAMELLIA_256_BLOCK_SIZE_BYTES #if ALG_CAMELLIA # define CAMELLIA_MAX_BLOCK_SIZE 16 #else # define CAMELLIA_MAX_BLOCK_SIZE 0 #endif #define MAX_CAMELLIA_BLOCK_SIZE_BYTES CAMELLIA_MAX_BLOCK_SIZE // Table 1:17 - Defines for TDES Symmetric Cipher Algorithm Constants #define TDES_KEY_SIZES_BITS (128 * TDES_128), (192 * TDES_192) #if TDES_192 # define TDES_MAX_KEY_SIZE_BITS 192 #elif TDES_128 # define TDES_MAX_KEY_SIZE_BITS 128 #else # define TDES_MAX_KEY_SIZE_BITS 0 #endif #define MAX_TDES_KEY_BITS TDES_MAX_KEY_SIZE_BITS #define MAX_TDES_KEY_BYTES ((TDES_MAX_KEY_SIZE_BITS + 7) / 8) #define TDES_128_BLOCK_SIZE_BYTES (TDES_128 * 8) #define TDES_192_BLOCK_SIZE_BYTES (TDES_192 * 8) #define TDES_BLOCK_SIZES \ TDES_128_BLOCK_SIZE_BYTES, TDES_192_BLOCK_SIZE_BYTES #if ALG_TDES # define TDES_MAX_BLOCK_SIZE 8 #else # define TDES_MAX_BLOCK_SIZE 0 #endif #define MAX_TDES_BLOCK_SIZE_BYTES TDES_MAX_BLOCK_SIZE // Additional values for benefit of code #define TPM_CC_FIRST 0x0000011F #define TPM_CC_LAST 0x00000197 #if COMPRESSED_LISTS #define ADD_FILL 0 #else #define ADD_FILL 1 #endif // Size the array of library commands based on whether or not // the array is packed (only defined commands) or dense // (having entries for unimplemented commands) #define LIBRARY_COMMAND_ARRAY_SIZE (0 \ + (ADD_FILL || CC_NV_UndefineSpaceSpecial) /* 0x0000011F */ \ + (ADD_FILL || CC_EvictControl) /* 0x00000120 */ \ + (ADD_FILL || CC_HierarchyControl) /* 0x00000121 */ \ + (ADD_FILL || CC_NV_UndefineSpace) /* 0x00000122 */ \ + ADD_FILL /* 0x00000123 */ \ + (ADD_FILL || CC_ChangeEPS) /* 0x00000124 */ \ + (ADD_FILL || CC_ChangePPS) /* 0x00000125 */ \ + (ADD_FILL || CC_Clear) /* 0x00000126 */ \ + (ADD_FILL || CC_ClearControl) /* 0x00000127 */ \ + (ADD_FILL || CC_ClockSet) /* 0x00000128 */ \ + (ADD_FILL || CC_HierarchyChangeAuth) /* 0x00000129 */ \ + (ADD_FILL || CC_NV_DefineSpace) /* 0x0000012A */ \ + (ADD_FILL || CC_PCR_Allocate) /* 0x0000012B */ \ + (ADD_FILL || CC_PCR_SetAuthPolicy) /* 0x0000012C */ \ + (ADD_FILL || CC_PP_Commands) /* 0x0000012D */ \ + (ADD_FILL || CC_SetPrimaryPolicy) /* 0x0000012E */ \ + (ADD_FILL || CC_FieldUpgradeStart) /* 0x0000012F */ \ + (ADD_FILL || CC_ClockRateAdjust) /* 0x00000130 */ \ + (ADD_FILL || CC_CreatePrimary) /* 0x00000131 */ \ + (ADD_FILL || CC_NV_GlobalWriteLock) /* 0x00000132 */ \ + (ADD_FILL || CC_GetCommandAuditDigest) /* 0x00000133 */ \ + (ADD_FILL || CC_NV_Increment) /* 0x00000134 */ \ + (ADD_FILL || CC_NV_SetBits) /* 0x00000135 */ \ + (ADD_FILL || CC_NV_Extend) /* 0x00000136 */ \ + (ADD_FILL || CC_NV_Write) /* 0x00000137 */ \ + (ADD_FILL || CC_NV_WriteLock) /* 0x00000138 */ \ + (ADD_FILL || CC_DictionaryAttackLockReset) /* 0x00000139 */ \ + (ADD_FILL || CC_DictionaryAttackParameters) /* 0x0000013A */ \ + (ADD_FILL || CC_NV_ChangeAuth) /* 0x0000013B */ \ + (ADD_FILL || CC_PCR_Event) /* 0x0000013C */ \ + (ADD_FILL || CC_PCR_Reset) /* 0x0000013D */ \ + (ADD_FILL || CC_SequenceComplete) /* 0x0000013E */ \ + (ADD_FILL || CC_SetAlgorithmSet) /* 0x0000013F */ \ + (ADD_FILL || CC_SetCommandCodeAuditStatus) /* 0x00000140 */ \ + (ADD_FILL || CC_FieldUpgradeData) /* 0x00000141 */ \ + (ADD_FILL || CC_IncrementalSelfTest) /* 0x00000142 */ \ + (ADD_FILL || CC_SelfTest) /* 0x00000143 */ \ + (ADD_FILL || CC_Startup) /* 0x00000144 */ \ + (ADD_FILL || CC_Shutdown) /* 0x00000145 */ \ + (ADD_FILL || CC_StirRandom) /* 0x00000146 */ \ + (ADD_FILL || CC_ActivateCredential) /* 0x00000147 */ \ + (ADD_FILL || CC_Certify) /* 0x00000148 */ \ + (ADD_FILL || CC_PolicyNV) /* 0x00000149 */ \ + (ADD_FILL || CC_CertifyCreation) /* 0x0000014A */ \ + (ADD_FILL || CC_Duplicate) /* 0x0000014B */ \ + (ADD_FILL || CC_GetTime) /* 0x0000014C */ \ + (ADD_FILL || CC_GetSessionAuditDigest) /* 0x0000014D */ \ + (ADD_FILL || CC_NV_Read) /* 0x0000014E */ \ + (ADD_FILL || CC_NV_ReadLock) /* 0x0000014F */ \ + (ADD_FILL || CC_ObjectChangeAuth) /* 0x00000150 */ \ + (ADD_FILL || CC_PolicySecret) /* 0x00000151 */ \ + (ADD_FILL || CC_Rewrap) /* 0x00000152 */ \ + (ADD_FILL || CC_Create) /* 0x00000153 */ \ + (ADD_FILL || CC_ECDH_ZGen) /* 0x00000154 */ \ + (ADD_FILL || CC_HMAC || CC_MAC) /* 0x00000155 */ \ + (ADD_FILL || CC_Import) /* 0x00000156 */ \ + (ADD_FILL || CC_Load) /* 0x00000157 */ \ + (ADD_FILL || CC_Quote) /* 0x00000158 */ \ + (ADD_FILL || CC_RSA_Decrypt) /* 0x00000159 */ \ + ADD_FILL /* 0x0000015A */ \ + (ADD_FILL || CC_HMAC_Start || CC_MAC_Start) /* 0x0000015B */ \ + (ADD_FILL || CC_SequenceUpdate) /* 0x0000015C */ \ + (ADD_FILL || CC_Sign) /* 0x0000015D */ \ + (ADD_FILL || CC_Unseal) /* 0x0000015E */ \ + ADD_FILL /* 0x0000015F */ \ + (ADD_FILL || CC_PolicySigned) /* 0x00000160 */ \ + (ADD_FILL || CC_ContextLoad) /* 0x00000161 */ \ + (ADD_FILL || CC_ContextSave) /* 0x00000162 */ \ + (ADD_FILL || CC_ECDH_KeyGen) /* 0x00000163 */ \ + (ADD_FILL || CC_EncryptDecrypt) /* 0x00000164 */ \ + (ADD_FILL || CC_FlushContext) /* 0x00000165 */ \ + ADD_FILL /* 0x00000166 */ \ + (ADD_FILL || CC_LoadExternal) /* 0x00000167 */ \ + (ADD_FILL || CC_MakeCredential) /* 0x00000168 */ \ + (ADD_FILL || CC_NV_ReadPublic) /* 0x00000169 */ \ + (ADD_FILL || CC_PolicyAuthorize) /* 0x0000016A */ \ + (ADD_FILL || CC_PolicyAuthValue) /* 0x0000016B */ \ + (ADD_FILL || CC_PolicyCommandCode) /* 0x0000016C */ \ + (ADD_FILL || CC_PolicyCounterTimer) /* 0x0000016D */ \ + (ADD_FILL || CC_PolicyCpHash) /* 0x0000016E */ \ + (ADD_FILL || CC_PolicyLocality) /* 0x0000016F */ \ + (ADD_FILL || CC_PolicyNameHash) /* 0x00000170 */ \ + (ADD_FILL || CC_PolicyOR) /* 0x00000171 */ \ + (ADD_FILL || CC_PolicyTicket) /* 0x00000172 */ \ + (ADD_FILL || CC_ReadPublic) /* 0x00000173 */ \ + (ADD_FILL || CC_RSA_Encrypt) /* 0x00000174 */ \ + ADD_FILL /* 0x00000175 */ \ + (ADD_FILL || CC_StartAuthSession) /* 0x00000176 */ \ + (ADD_FILL || CC_VerifySignature) /* 0x00000177 */ \ + (ADD_FILL || CC_ECC_Parameters) /* 0x00000178 */ \ + (ADD_FILL || CC_FirmwareRead) /* 0x00000179 */ \ + (ADD_FILL || CC_GetCapability) /* 0x0000017A */ \ + (ADD_FILL || CC_GetRandom) /* 0x0000017B */ \ + (ADD_FILL || CC_GetTestResult) /* 0x0000017C */ \ + (ADD_FILL || CC_Hash) /* 0x0000017D */ \ + (ADD_FILL || CC_PCR_Read) /* 0x0000017E */ \ + (ADD_FILL || CC_PolicyPCR) /* 0x0000017F */ \ + (ADD_FILL || CC_PolicyRestart) /* 0x00000180 */ \ + (ADD_FILL || CC_ReadClock) /* 0x00000181 */ \ + (ADD_FILL || CC_PCR_Extend) /* 0x00000182 */ \ + (ADD_FILL || CC_PCR_SetAuthValue) /* 0x00000183 */ \ + (ADD_FILL || CC_NV_Certify) /* 0x00000184 */ \ + (ADD_FILL || CC_EventSequenceComplete) /* 0x00000185 */ \ + (ADD_FILL || CC_HashSequenceStart) /* 0x00000186 */ \ + (ADD_FILL || CC_PolicyPhysicalPresence) /* 0x00000187 */ \ + (ADD_FILL || CC_PolicyDuplicationSelect) /* 0x00000188 */ \ + (ADD_FILL || CC_PolicyGetDigest) /* 0x00000189 */ \ + (ADD_FILL || CC_TestParms) /* 0x0000018A */ \ + (ADD_FILL || CC_Commit) /* 0x0000018B */ \ + (ADD_FILL || CC_PolicyPassword) /* 0x0000018C */ \ + (ADD_FILL || CC_ZGen_2Phase) /* 0x0000018D */ \ + (ADD_FILL || CC_EC_Ephemeral) /* 0x0000018E */ \ + (ADD_FILL || CC_PolicyNvWritten) /* 0x0000018F */ \ + (ADD_FILL || CC_PolicyTemplate) /* 0x00000190 */ \ + (ADD_FILL || CC_CreateLoaded) /* 0x00000191 */ \ + (ADD_FILL || CC_PolicyAuthorizeNV) /* 0x00000192 */ \ + (ADD_FILL || CC_EncryptDecrypt2) /* 0x00000193 */ \ + (ADD_FILL || CC_AC_GetCapability) /* 0x00000194 */ \ + (ADD_FILL || CC_AC_Send) /* 0x00000195 */ \ + (ADD_FILL || CC_Policy_AC_SendSelect) /* 0x00000196 */ \ + (ADD_FILL || CC_CertifyX509) /* 0x00000197 */ \ ) #define VENDOR_COMMAND_ARRAY_SIZE (0 + CC_Vendor_TCG_Test) #define COMMAND_COUNT (LIBRARY_COMMAND_ARRAY_SIZE + VENDOR_COMMAND_ARRAY_SIZE) #define HASH_COUNT \ (ALG_SHA1 + ALG_SHA256 + ALG_SHA384 + ALG_SHA3_256 + \ ALG_SHA3_384 + ALG_SHA3_512 + ALG_SHA512 + ALG_SM3_256) #define MAX_HASH_BLOCK_SIZE \ (MAX(ALG_SHA1 * SHA1_BLOCK_SIZE, \ MAX(ALG_SHA256 * SHA256_BLOCK_SIZE, \ MAX(ALG_SHA384 * SHA384_BLOCK_SIZE, \ MAX(ALG_SHA3_256 * SHA3_256_BLOCK_SIZE, \ MAX(ALG_SHA3_384 * SHA3_384_BLOCK_SIZE, \ MAX(ALG_SHA3_512 * SHA3_512_BLOCK_SIZE, \ MAX(ALG_SHA512 * SHA512_BLOCK_SIZE, \ MAX(ALG_SM3_256 * SM3_256_BLOCK_SIZE, \ 0))))))))) #define MAX_DIGEST_SIZE \ (MAX(ALG_SHA1 * SHA1_DIGEST_SIZE, \ MAX(ALG_SHA256 * SHA256_DIGEST_SIZE, \ MAX(ALG_SHA384 * SHA384_DIGEST_SIZE, \ MAX(ALG_SHA3_256 * SHA3_256_DIGEST_SIZE, \ MAX(ALG_SHA3_384 * SHA3_384_DIGEST_SIZE, \ MAX(ALG_SHA3_512 * SHA3_512_DIGEST_SIZE, \ MAX(ALG_SHA512 * SHA512_DIGEST_SIZE, \ MAX(ALG_SM3_256 * SM3_256_DIGEST_SIZE, \ 0))))))))) #if MAX_DIGEST_SIZE == 0 || MAX_HASH_BLOCK_SIZE == 0 #error "Hash data not valid" #endif // Define the 2B structure that would hold any hash block TPM2B_TYPE(MAX_HASH_BLOCK, MAX_HASH_BLOCK_SIZE); // Following typedef is for some old code typedef TPM2B_MAX_HASH_BLOCK TPM2B_HASH_BLOCK; /* Additional symmetric constants */ #define MAX_SYM_KEY_BITS \ (MAX(AES_MAX_KEY_SIZE_BITS, MAX(CAMELLIA_MAX_KEY_SIZE_BITS, \ MAX(SM4_MAX_KEY_SIZE_BITS, MAX(TDES_MAX_KEY_SIZE_BITS, \ 0))))) #define MAX_SYM_KEY_BYTES ((MAX_SYM_KEY_BITS + 7) / 8) #define MAX_SYM_BLOCK_SIZE \ (MAX(AES_MAX_BLOCK_SIZE, MAX(CAMELLIA_MAX_BLOCK_SIZE, \ MAX(SM4_MAX_BLOCK_SIZE, MAX(TDES_MAX_BLOCK_SIZE, \ 0))))) #if MAX_SYM_KEY_BITS == 0 || MAX_SYM_BLOCK_SIZE == 0 # error Bad size for MAX_SYM_KEY_BITS or MAX_SYM_BLOCK #endif #endif // _TPM_ALGORITHM_DEFINES_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmBuildSwitches.h000066400000000000000000000406151510276467000272400ustar00rootroot00000000000000 /* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ // This file contains the build switches. This contains switches for multiple // versions of the crypto-library so some may not apply to your environment. // // The switches are guarded so that they can either be set on the command line or // set here. If the switch is listed on the command line (-DSOME_SWITCH) with NO // setting, then the switch will be set to YES. If the switch setting is not on the // command line or if the setting is other than YES or NO, then the switch will be set // to the default value. The default can either be YES or NO as indicated on each line // where the default is selected. // // A caution. Do not try to test these macros by inserting #defines in this file. For // some curious reason, a variable set on the command line with no setting will have a // value of 1. An #if SOME_VARIABLE will work if the variable is not defined or is // defined on the command line with no initial setting. However, a // "#define SOME_VARIABLE" is a null string and when used in "#if SOME_VARIABLE" will // not be a proper expression If you want to test various switches, either use the // command line or change the default. // #ifndef _TPM_BUILD_SWITCHES_H_ #define _TPM_BUILD_SWITCHES_H_ #undef YES #define YES 1 #undef NO #define NO 0 // Allow the command line to specify a "profile" file #ifdef PROFILE # define PROFILE_QUOTE(a) #a # define PROFILE_INCLUDE(a) PROFILE_QUOTE(a) # include PROFILE_INCLUDE(PROFILE) #endif // Need an unambiguous definition for DEBUG. Don't change this #ifndef DEBUG # ifdef NDEBUG # define DEBUG NO # else # define DEBUG YES # endif #elif (DEBUG != NO) && (DEBUG != YES) # undef DEBUG # define DEBUG YES // Default: Either YES or NO #endif #include "CompilerDependencies.h" // This definition is required for the re-factored code #if (!defined USE_BN_ECC_DATA) \ || ((USE_BN_ECC_DATA != NO) && (USE_BN_ECC_DATA != YES)) # undef USE_BN_ECC_DATA # define USE_BN_ECC_DATA YES // Default: Either YES or NO #endif // The SIMULATION switch allows certain other macros to be enabled. The things that // can be enabled in a simulation include key caching, reproducible "random" // sequences, instrumentation of the RSA key generation process, and certain other // debug code. SIMULATION Needs to be defined as either YES or NO. This grouping of // macros will make sure that it is set correctly. A simulated TPM would include a // Virtual TPM. The interfaces for a Virtual TPM should be modified from the standard // ones in the Simulator project. // // If SIMULATION is in the compile parameters without modifiers, // make SIMULATION == YES #if !(defined SIMULATION) || ((SIMULATION != NO) && (SIMULATION != YES)) # undef SIMULATION # define SIMULATION YES // Default: Either YES or NO #endif // Define this to run the function that checks the compatibility between the // chosen big number math library and the TPM code. Not all ports use this. #if !(defined LIBRARY_COMPATABILITY_CHECK) \ || ((LIBRARY_COMPATABILITY_CHECK != NO) \ && (LIBRARY_COMPATABILITY_CHECK != YES)) # undef LIBRARY_COMPATABILITY_CHECK # define LIBRARY_COMPATABILITY_CHECK YES // Default: Either YES or NO #endif #if !(defined FIPS_COMPLIANT) || ((FIPS_COMPLIANT != NO) && (FIPS_COMPLIANT != YES)) # undef FIPS_COMPLIANT # define FIPS_COMPLIANT YES // Default: Either YES or NO #endif // Definition to allow alternate behavior for non-orderly startup. If there is a // chance that the TPM could not update 'failedTries' #if !(defined USE_DA_USED) || ((USE_DA_USED != NO) && (USE_DA_USED != YES)) # undef USE_DA_USED # define USE_DA_USED YES // Default: Either YES or NO #endif // Define TABLE_DRIVEN_DISPATCH to use tables rather than case statements // for command dispatch and handle unmarshaling #if !(defined TABLE_DRIVEN_DISPATCH) \ || ((TABLE_DRIVEN_DISPATCH != NO) && (TABLE_DRIVEN_DISPATCH != YES)) # undef TABLE_DRIVEN_DISPATCH # define TABLE_DRIVEN_DISPATCH YES // Default: Either YES or NO #endif // This switch is used to enable the self-test capability in AlgorithmTests.c #if !(defined SELF_TEST) || ((SELF_TEST != NO) && (SELF_TEST != YES)) # undef SELF_TEST # define SELF_TEST YES // Default: Either YES or NO #endif // Enable the generation of RSA primes using a sieve. #if !(defined RSA_KEY_SIEVE) || ((RSA_KEY_SIEVE != NO) && (RSA_KEY_SIEVE != YES)) # undef RSA_KEY_SIEVE # define RSA_KEY_SIEVE YES // Default: Either YES or NO #endif // Enable the instrumentation of the sieve process. This is used to tune the sieve // variables. #if RSA_KEY_SIEVE && SIMULATION # if !(defined RSA_INSTRUMENT) \ || ((RSA_INSTRUMENT != NO) && (RSA_INSTRUMENT != YES)) # undef RSA_INSTRUMENT # define RSA_INSTRUMENT NO // Default: Either YES or NO # endif #endif // This switch enables the RNG state save and restore #if !(defined _DRBG_STATE_SAVE) \ || ((_DRBG_STATE_SAVE != NO) && (_DRBG_STATE_SAVE != YES)) # undef _DRBG_STATE_SAVE # define _DRBG_STATE_SAVE YES // Default: Either YES or NO #endif // Switch added to support packed lists that leave out space associated with // unimplemented commands. Comment this out to use linear lists. // Note: if vendor specific commands are present, the associated list is always // in compressed form. #if !(defined COMPRESSED_LISTS) \ || ((COMPRESSED_LISTS != NO) && (COMPRESSED_LISTS != YES)) # undef COMPRESSED_LISTS # define COMPRESSED_LISTS YES // Default: Either YES or NO #endif // This switch indicates where clock epoch value should be stored. If this value // defined, then it is assumed that the timer will change at any time so the // nonce should be a random number kept in RAM. When it is not defined, then the // timer only stops during power outages. #if !(defined CLOCK_STOPS) || ((CLOCK_STOPS != NO) && (CLOCK_STOPS != YES)) # undef CLOCK_STOPS # define CLOCK_STOPS NO // Default: Either YES or NO #endif // This switch allows use of #defines in place of pass-through marshaling or // unmarshaling code. A pass-through function just calls another function to do // the required function and does no parameter checking of its own. The // table-driven dispatcher calls directly to the lowest level // marshaling/unmarshaling code and by-passes any pass-through functions. #if (defined USE_MARSHALING_DEFINES) && (USE_MARSHALING_DEFINES != NO) # undef USE_MARSHALING_DEFINES # define USE_MARSHALING_DEFINES YES #else # define USE_MARSHALING_DEFINES YES // Default: Either YES or NO #endif //********************************** // The switches in this group can only be enabled when doing debug during simulation #if SIMULATION && DEBUG // Enables use of the key cache. Default is YES # if !(defined USE_RSA_KEY_CACHE) \ || ((USE_RSA_KEY_CACHE != NO) && (USE_RSA_KEY_CACHE != YES)) # undef USE_RSA_KEY_CACHE # define USE_RSA_KEY_CACHE YES // Default: Either YES or NO # endif // Enables use of a file to store the key cache values so that the TPM will start // faster during debug. Default for this is YES # if USE_RSA_KEY_CACHE # if !(defined USE_KEY_CACHE_FILE) \ || ((USE_KEY_CACHE_FILE != NO) && (USE_KEY_CACHE_FILE != YES)) # undef USE_KEY_CACHE_FILE # define USE_KEY_CACHE_FILE YES // Default: Either YES or NO # endif # else # undef USE_KEY_CACHE_FILE # define USE_KEY_CACHE_FILE NO # endif // USE_RSA_KEY_CACHE // This provides fixed seeding of the RNG when doing debug on a simulator. This // should allow consistent results on test runs as long as the input parameters // to the functions remains the same. There is no default value. # if !(defined USE_DEBUG_RNG) || ((USE_DEBUG_RNG != NO) && (USE_DEBUG_RNG != YES)) # undef USE_DEBUG_RNG # define USE_DEBUG_RNG YES // Default: Either YES or NO # endif // Don't change these. They are the settings needed when not doing a simulation and // not doing debug. Can't use the key cache except during debug. Otherwise, all of the // key values end up being the same #else # define USE_RSA_KEY_CACHE NO # define USE_RSA_KEY_CACHE_FILE NO # define USE_DEBUG_RNG NO #endif // DEBUG && SIMULATION #if DEBUG // In some cases, the relationship between two values may be dependent // on things that change based on various selections like the chosen cryptographic // libraries. It is possible that these selections will result in incompatible // settings. These are often detectable by the compiler but it isn't always // possible to do the check in the preprocessor code. For example, when the // check requires use of 'sizeof()' then the preprocessor can't do the comparison. // For these cases, we include a special macro that, depending on the compiler // will generate a warning to indicate if the check always passes or always fails // because it involves fixed constants. To run these checks, define COMPILER_CHECKS. # if !(defined COMPILER_CHECKS) \ || ((COMPILER_CHECKS != NO) && (COMPILER_CHECKS != YES)) # undef COMPILER_CHECKS # define COMPILER_CHECKS NO // Default: Either YES or NO # endif // Some of the values (such as sizes) are the result of different options set in // TpmProfile.h. The combination might not be consistent. A function is defined // (TpmSizeChecks()) that is used to verify the sizes at run time. To enable the // function, define this parameter. # if !(defined RUNTIME_SIZE_CHECKS) \ || ((RUNTIME_SIZE_CHECKS != NO) && (RUNTIME_SIZE_CHECKS != YES)) # undef RUNTIME_SIZE_CHECKS # define RUNTIME_SIZE_CHECKS NO // Default: Either YES or NO # endif // If doing debug, can set the DRBG to print out the intermediate test values. // Before enabling this, make sure that the dbgDumpMemBlock() function // has been added someplace (preferably, somewhere in CryptRand.c) # if !(defined DRBG_DEBUG_PRINT) \ || ((DRBG_DEBUG_PRINT != NO) && (DRBG_DEBUG_PRINT != YES)) # undef DRBG_DEBUG_PRINT # define DRBG_DEBUG_PRINT NO // Default: Either YES or NO # endif // If an assertion event it not going to produce any trace information (function and // line number) then make FAIL_TRACE == NO # if !(defined FAIL_TRACE) || ((FAIL_TRACE != NO) && (FAIL_TRACE != YES)) # undef FAIL_TRACE # define FAIL_TRACE YES // Default: Either YES or NO # endif #endif // DEBUG // Indicate if the implementation is going to give lockout time credit for time up to // the last orderly shutdown. #if !(defined ACCUMULATE_SELF_HEAL_TIMER) \ || ((ACCUMULATE_SELF_HEAL_TIMER != NO) && (ACCUMULATE_SELF_HEAL_TIMER != YES)) # undef ACCUMULATE_SELF_HEAL_TIMER # define ACCUMULATE_SELF_HEAL_TIMER YES // Default: Either YES or NO #endif // Indicates if the implementation is to compute the sizes of the proof and primary // seed size values based on the implemented algorithms. #if !(defined USE_SPEC_COMPLIANT_PROOFS) \ || ((USE_SPEC_COMPLIANT_PROOFS != NO) && (USE_SPEC_COMPLIANT_PROOFS != YES)) # undef USE_SPEC_COMPLIANT_PROOFS # define USE_SPEC_COMPLIANT_PROOFS YES // Default: Either YES or NO #endif // Comment this out to allow compile to continue even though the chosen proof values // do not match the compliant values. This is written so that someone would // have to proactively ignore errors. #if !(defined SKIP_PROOF_ERRORS) \ || ((SKIP_PROOF_ERRORS != NO) && (SKIP_PROOF_ERRORS != YES)) # undef SKIP_PROOF_ERRORS # define SKIP_PROOF_ERRORS NO // Default: Either YES or NO #endif // This define is used to eliminate the use of bit-fields. It can be enabled for big- // or little-endian machines. For big-endian architectures that numbers bits in // registers from left to right (MSb0) this must be enabled. Little-endian machines // number from right to left with the least significant bit having assigned a bit // number of 0. These are LSb0 machines (they are also little-endian so they are also // least-significant byte 0 (LSB0) machines. Big-endian (MSB0) machines may number in // either direction (MSb0 or LSb0). For an MSB0+MSb0 machine this value is required to // be 'NO' #if !(defined USE_BIT_FIELD_STRUCTURES) \ || ((USE_BIT_FIELD_STRUCTURES != NO) && (USE_BIT_FIELD_STRUCTURES != YES)) # undef USE_BIT_FIELD_STRUCTURES # define USE_BIT_FIELD_STRUCTURES DEBUG // Default: Either YES or NO #endif // This define is used to enable any runtime checks of the interface between the // cryptographic library (e.g., OpenSSL) and the thunking layer. #if !(defined LIBRARY_COMPATIBILITY_CHECK) \ || ((LIBRARY_COMPATIBILITY_CHECK != NO) && (LIBRARY_COMPATIBILITY_CHECK != YES)) # undef LIBRARY_COMPATIBILITY_CHECK # define LIBRARY_COMPATIBILITY_CHECK NO // Default: Either YES or NO #endif // This define is used to control the debug for the CertifyX509 command. #if !(defined CERTIFYX509_DEBUG) \ || ((CERTIFYX509_DEBUG != NO) && (CERTIFYX509_DEBUG != YES)) # undef CERTIFYX509_DEBUG # define CERTIFYX509_DEBUG YES // Default: Either YES or NO #endif // Change these definitions to turn all algorithms or commands ON or OFF. That is, // to turn all algorithms on, set ALG_NO to YES. This is mostly useful as a debug // feature. #define ALG_YES YES #define ALG_NO NO #define CC_YES YES #define CC_NO NO #endif // _TPM_BUILD_SWITCHES_H_go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmError.h000066400000000000000000000054031510276467000255540ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #ifndef _TPM_ERROR_H #define _TPM_ERROR_H #define FATAL_ERROR_ALLOCATION (1) #define FATAL_ERROR_DIVIDE_ZERO (2) #define FATAL_ERROR_INTERNAL (3) #define FATAL_ERROR_PARAMETER (4) #define FATAL_ERROR_ENTROPY (5) #define FATAL_ERROR_SELF_TEST (6) #define FATAL_ERROR_CRYPTO (7) #define FATAL_ERROR_NV_UNRECOVERABLE (8) #define FATAL_ERROR_REMANUFACTURED (9) // indicates that the TPM has // been re-manufactured after an // unrecoverable NV error #define FATAL_ERROR_DRBG (10) #define FATAL_ERROR_MOVE_SIZE (11) #define FATAL_ERROR_COUNTER_OVERFLOW (12) #define FATAL_ERROR_SUBTRACT (13) #define FATAL_ERROR_MATHLIBRARY (14) #define FATAL_ERROR_FORCED (666) #endif // _TPM_ERROR_H go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmProfile.h000066400000000000000000000545121510276467000260700ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Apr 10, 2019 Time: 03:21:33PM */ #ifndef _TPM_PROFILE_H_ #define _TPM_PROFILE_H_ // Table 2:4 - Defines for Logic Values #undef TRUE #define TRUE 1 #undef FALSE #define FALSE 0 #undef YES #define YES 1 #undef NO #define NO 0 #undef SET #define SET 1 #undef CLEAR #define CLEAR 0 // Table 0:1 - Defines for Processor Values #ifndef BIG_ENDIAN_TPM #define BIG_ENDIAN_TPM NO #endif #ifndef LITTLE_ENDIAN_TPM #define LITTLE_ENDIAN_TPM !BIG_ENDIAN_TPM #endif #ifndef MOST_SIGNIFICANT_BIT_0 #define MOST_SIGNIFICANT_BIT_0 NO #endif #ifndef LEAST_SIGNIFICANT_BIT_0 #define LEAST_SIGNIFICANT_BIT_0 !MOST_SIGNIFICANT_BIT_0 #endif #ifndef AUTO_ALIGN #define AUTO_ALIGN NO #endif // Table 0:4 - Defines for Implemented Curves #ifndef ECC_NIST_P192 #define ECC_NIST_P192 NO #endif #ifndef ECC_NIST_P224 #define ECC_NIST_P224 NO #endif #ifndef ECC_NIST_P256 #define ECC_NIST_P256 YES #endif #ifndef ECC_NIST_P384 #define ECC_NIST_P384 YES #endif #ifndef ECC_NIST_P521 #define ECC_NIST_P521 NO #endif #ifndef ECC_BN_P256 #define ECC_BN_P256 YES #endif #ifndef ECC_BN_P638 #define ECC_BN_P638 NO #endif #ifndef ECC_SM2_P256 #define ECC_SM2_P256 NO #endif // Table 0:7 - Defines for Implementation Values #ifndef FIELD_UPGRADE_IMPLEMENTED #define FIELD_UPGRADE_IMPLEMENTED NO #endif #ifndef HASH_ALIGNMENT #define HASH_ALIGNMENT 4 #endif #ifndef SYMMETRIC_ALIGNMENT #define SYMMETRIC_ALIGNMENT 4 #endif #ifndef HASH_LIB #define HASH_LIB Ossl #endif #ifndef SYM_LIB #define SYM_LIB Ossl #endif #ifndef MATH_LIB #define MATH_LIB Ossl #endif #ifndef BSIZE #define BSIZE UINT16 #endif #ifndef IMPLEMENTATION_PCR #define IMPLEMENTATION_PCR 24 #endif #ifndef PCR_SELECT_MAX #define PCR_SELECT_MAX ((IMPLEMENTATION_PCR+7)/8) #endif #ifndef PLATFORM_PCR #define PLATFORM_PCR 24 #endif #ifndef PCR_SELECT_MIN #define PCR_SELECT_MIN ((PLATFORM_PCR+7)/8) #endif #ifndef DRTM_PCR #define DRTM_PCR 17 #endif #ifndef HCRTM_PCR #define HCRTM_PCR 0 #endif #ifndef NUM_LOCALITIES #define NUM_LOCALITIES 5 #endif #ifndef MAX_HANDLE_NUM #define MAX_HANDLE_NUM 3 #endif #ifndef MAX_ACTIVE_SESSIONS #define MAX_ACTIVE_SESSIONS 64 #endif #ifndef CONTEXT_SLOT #define CONTEXT_SLOT UINT16 #endif #ifndef CONTEXT_COUNTER #define CONTEXT_COUNTER UINT64 #endif #ifndef MAX_LOADED_SESSIONS #define MAX_LOADED_SESSIONS 3 #endif #ifndef MAX_SESSION_NUM #define MAX_SESSION_NUM 3 #endif #ifndef MAX_LOADED_OBJECTS #define MAX_LOADED_OBJECTS 3 #endif #ifndef MIN_EVICT_OBJECTS #define MIN_EVICT_OBJECTS 2 #endif #ifndef NUM_POLICY_PCR_GROUP #define NUM_POLICY_PCR_GROUP 1 #endif #ifndef NUM_AUTHVALUE_PCR_GROUP #define NUM_AUTHVALUE_PCR_GROUP 1 #endif #ifndef MAX_CONTEXT_SIZE #define MAX_CONTEXT_SIZE 1264 #endif #ifndef MAX_DIGEST_BUFFER #define MAX_DIGEST_BUFFER 1024 #endif #ifndef MAX_NV_INDEX_SIZE #define MAX_NV_INDEX_SIZE 2048 #endif #ifndef MAX_NV_BUFFER_SIZE #define MAX_NV_BUFFER_SIZE 1024 #endif #ifndef MAX_CAP_BUFFER #define MAX_CAP_BUFFER 1024 #endif #ifndef NV_MEMORY_SIZE #define NV_MEMORY_SIZE 16384 #endif #ifndef MIN_COUNTER_INDICES #define MIN_COUNTER_INDICES 8 #endif #ifndef NUM_STATIC_PCR #define NUM_STATIC_PCR 16 #endif #ifndef MAX_ALG_LIST_SIZE #define MAX_ALG_LIST_SIZE 64 #endif #ifndef PRIMARY_SEED_SIZE #define PRIMARY_SEED_SIZE 32 #endif #ifndef CONTEXT_ENCRYPT_ALGORITHM #define CONTEXT_ENCRYPT_ALGORITHM AES #endif #ifndef NV_CLOCK_UPDATE_INTERVAL #define NV_CLOCK_UPDATE_INTERVAL 12 #endif #ifndef NUM_POLICY_PCR #define NUM_POLICY_PCR 1 #endif #ifndef MAX_COMMAND_SIZE #define MAX_COMMAND_SIZE 4096 #endif #ifndef MAX_RESPONSE_SIZE #define MAX_RESPONSE_SIZE 4096 #endif #ifndef ORDERLY_BITS #define ORDERLY_BITS 8 #endif #ifndef MAX_SYM_DATA #define MAX_SYM_DATA 128 #endif #ifndef MAX_RNG_ENTROPY_SIZE #define MAX_RNG_ENTROPY_SIZE 64 #endif #ifndef RAM_INDEX_SPACE #define RAM_INDEX_SPACE 512 #endif #ifndef RSA_DEFAULT_PUBLIC_EXPONENT #define RSA_DEFAULT_PUBLIC_EXPONENT 0x00010001 #endif #ifndef ENABLE_PCR_NO_INCREMENT #define ENABLE_PCR_NO_INCREMENT YES #endif #ifndef CRT_FORMAT_RSA #define CRT_FORMAT_RSA YES #endif #ifndef VENDOR_COMMAND_COUNT #define VENDOR_COMMAND_COUNT 0 #endif #ifndef MAX_VENDOR_BUFFER_SIZE #define MAX_VENDOR_BUFFER_SIZE 1024 #endif #ifndef TPM_MAX_DERIVATION_BITS #define TPM_MAX_DERIVATION_BITS 8192 #endif #ifndef RSA_MAX_PRIME #define RSA_MAX_PRIME (MAX_RSA_KEY_BYTES/2) #endif #ifndef RSA_PRIVATE_SIZE #define RSA_PRIVATE_SIZE (RSA_MAX_PRIME*5) #endif #ifndef SIZE_OF_X509_SERIAL_NUMBER #define SIZE_OF_X509_SERIAL_NUMBER 20 #endif #ifndef PRIVATE_VENDOR_SPECIFIC_BYTES #define PRIVATE_VENDOR_SPECIFIC_BYTES RSA_PRIVATE_SIZE #endif // Table 0:2 - Defines for Implemented Algorithms #ifndef ALG_AES #define ALG_AES ALG_YES #endif #ifndef ALG_CAMELLIA #define ALG_CAMELLIA ALG_NO /* Not specified by vendor */ #endif #ifndef ALG_CBC #define ALG_CBC ALG_YES #endif #ifndef ALG_CFB #define ALG_CFB ALG_YES #endif #ifndef ALG_CMAC #define ALG_CMAC ALG_YES #endif #ifndef ALG_CTR #define ALG_CTR ALG_YES #endif #ifndef ALG_ECB #define ALG_ECB ALG_YES #endif #ifndef ALG_ECC #define ALG_ECC ALG_YES #endif #ifndef ALG_ECDAA #define ALG_ECDAA (ALG_YES && ALG_ECC) #endif #ifndef ALG_ECDH #define ALG_ECDH (ALG_YES && ALG_ECC) #endif #ifndef ALG_ECDSA #define ALG_ECDSA (ALG_YES && ALG_ECC) #endif #ifndef ALG_ECMQV #define ALG_ECMQV (ALG_NO && ALG_ECC) #endif #ifndef ALG_ECSCHNORR #define ALG_ECSCHNORR (ALG_YES && ALG_ECC) #endif #ifndef ALG_HMAC #define ALG_HMAC ALG_YES #endif #ifndef ALG_KDF1_SP800_108 #define ALG_KDF1_SP800_108 ALG_YES #endif #ifndef ALG_KDF1_SP800_56A #define ALG_KDF1_SP800_56A (ALG_YES && ALG_ECC) #endif #ifndef ALG_KDF2 #define ALG_KDF2 ALG_NO #endif #ifndef ALG_KEYEDHASH #define ALG_KEYEDHASH ALG_YES #endif #ifndef ALG_MGF1 #define ALG_MGF1 ALG_YES #endif #ifndef ALG_OAEP #define ALG_OAEP (ALG_YES && ALG_RSA) #endif #ifndef ALG_OFB #define ALG_OFB ALG_YES #endif #ifndef ALG_RSA #define ALG_RSA ALG_YES #endif #ifndef ALG_RSAES #define ALG_RSAES (ALG_YES && ALG_RSA) #endif #ifndef ALG_RSAPSS #define ALG_RSAPSS (ALG_YES && ALG_RSA) #endif #ifndef ALG_RSASSA #define ALG_RSASSA (ALG_YES && ALG_RSA) #endif #ifndef ALG_SHA #define ALG_SHA ALG_NO /* Not specified by vendor */ #endif #ifndef ALG_SHA1 #define ALG_SHA1 ALG_YES #endif #ifndef ALG_SHA256 #define ALG_SHA256 ALG_YES #endif #ifndef ALG_SHA384 #define ALG_SHA384 ALG_YES #endif #ifndef ALG_SHA3_256 #define ALG_SHA3_256 ALG_NO /* Not specified by vendor */ #endif #ifndef ALG_SHA3_384 #define ALG_SHA3_384 ALG_NO /* Not specified by vendor */ #endif #ifndef ALG_SHA3_512 #define ALG_SHA3_512 ALG_NO /* Not specified by vendor */ #endif #ifndef ALG_SHA512 #define ALG_SHA512 ALG_NO #endif #ifndef ALG_SM2 #define ALG_SM2 (ALG_NO && ALG_ECC) #endif #ifndef ALG_SM3_256 #define ALG_SM3_256 ALG_NO #endif #ifndef ALG_SM4 #define ALG_SM4 ALG_NO #endif #ifndef ALG_SYMCIPHER #define ALG_SYMCIPHER ALG_YES #endif #ifndef ALG_TDES #define ALG_TDES ALG_NO #endif #ifndef ALG_XOR #define ALG_XOR ALG_YES #endif // Table 1:00 - Defines for RSA Asymmetric Cipher Algorithm Constants #ifndef RSA_1024 #define RSA_1024 (ALG_RSA & YES) #endif #ifndef RSA_2048 #define RSA_2048 (ALG_RSA & YES) #endif #ifndef RSA_3072 #define RSA_3072 (ALG_RSA & NO) #endif #ifndef RSA_4096 #define RSA_4096 (ALG_RSA & NO) #endif // Table 1:17 - Defines for AES Symmetric Cipher Algorithm Constants #ifndef AES_128 #define AES_128 (ALG_AES & YES) #endif #ifndef AES_192 #define AES_192 (ALG_AES & NO) #endif #ifndef AES_256 #define AES_256 (ALG_AES & YES) #endif // Table 1:18 - Defines for SM4 Symmetric Cipher Algorithm Constants #ifndef SM4_128 #define SM4_128 (ALG_SM4 & YES) #endif // Table 1:19 - Defines for CAMELLIA Symmetric Cipher Algorithm Constants #ifndef CAMELLIA_128 #define CAMELLIA_128 (ALG_CAMELLIA & YES) #endif #ifndef CAMELLIA_192 #define CAMELLIA_192 (ALG_CAMELLIA & NO) #endif #ifndef CAMELLIA_256 #define CAMELLIA_256 (ALG_CAMELLIA & NO) #endif // Table 1:17 - Defines for TDES Symmetric Cipher Algorithm Constants #ifndef TDES_128 #define TDES_128 (ALG_TDES & YES) #endif #ifndef TDES_192 #define TDES_192 (ALG_TDES & YES) #endif // Table 0:5 - Defines for Implemented Commands #ifndef CC_AC_GetCapability #define CC_AC_GetCapability CC_YES #endif #ifndef CC_AC_Send #define CC_AC_Send CC_YES #endif #ifndef CC_ActivateCredential #define CC_ActivateCredential CC_YES #endif #ifndef CC_Certify #define CC_Certify CC_YES #endif #ifndef CC_CertifyCreation #define CC_CertifyCreation CC_YES #endif #ifndef CC_CertifyX509 #define CC_CertifyX509 CC_YES #endif #ifndef CC_ChangeEPS #define CC_ChangeEPS CC_YES #endif #ifndef CC_ChangePPS #define CC_ChangePPS CC_YES #endif #ifndef CC_Clear #define CC_Clear CC_YES #endif #ifndef CC_ClearControl #define CC_ClearControl CC_YES #endif #ifndef CC_ClockRateAdjust #define CC_ClockRateAdjust CC_YES #endif #ifndef CC_ClockSet #define CC_ClockSet CC_YES #endif #ifndef CC_Commit #define CC_Commit (CC_YES && ALG_ECC) #endif #ifndef CC_ContextLoad #define CC_ContextLoad CC_YES #endif #ifndef CC_ContextSave #define CC_ContextSave CC_YES #endif #ifndef CC_Create #define CC_Create CC_YES #endif #ifndef CC_CreateLoaded #define CC_CreateLoaded CC_YES #endif #ifndef CC_CreatePrimary #define CC_CreatePrimary CC_YES #endif #ifndef CC_DictionaryAttackLockReset #define CC_DictionaryAttackLockReset CC_YES #endif #ifndef CC_DictionaryAttackParameters #define CC_DictionaryAttackParameters CC_YES #endif #ifndef CC_Duplicate #define CC_Duplicate CC_YES #endif #ifndef CC_ECC_Parameters #define CC_ECC_Parameters (CC_YES && ALG_ECC) #endif #ifndef CC_ECDH_KeyGen #define CC_ECDH_KeyGen (CC_YES && ALG_ECC) #endif #ifndef CC_ECDH_ZGen #define CC_ECDH_ZGen (CC_YES && ALG_ECC) #endif #ifndef CC_EC_Ephemeral #define CC_EC_Ephemeral (CC_YES && ALG_ECC) #endif #ifndef CC_EncryptDecrypt #define CC_EncryptDecrypt CC_YES #endif #ifndef CC_EncryptDecrypt2 #define CC_EncryptDecrypt2 CC_YES #endif #ifndef CC_EventSequenceComplete #define CC_EventSequenceComplete CC_YES #endif #ifndef CC_EvictControl #define CC_EvictControl CC_YES #endif #ifndef CC_FieldUpgradeData #define CC_FieldUpgradeData CC_NO #endif #ifndef CC_FieldUpgradeStart #define CC_FieldUpgradeStart CC_NO #endif #ifndef CC_FirmwareRead #define CC_FirmwareRead CC_NO #endif #ifndef CC_FlushContext #define CC_FlushContext CC_YES #endif #ifndef CC_GetCapability #define CC_GetCapability CC_YES #endif #ifndef CC_GetCommandAuditDigest #define CC_GetCommandAuditDigest CC_YES #endif #ifndef CC_GetRandom #define CC_GetRandom CC_YES #endif #ifndef CC_GetSessionAuditDigest #define CC_GetSessionAuditDigest CC_YES #endif #ifndef CC_GetTestResult #define CC_GetTestResult CC_YES #endif #ifndef CC_GetTime #define CC_GetTime CC_YES #endif #ifndef CC_HMAC #define CC_HMAC (CC_YES && !ALG_CMAC) #endif #ifndef CC_HMAC_Start #define CC_HMAC_Start (CC_YES && !ALG_CMAC) #endif #ifndef CC_Hash #define CC_Hash CC_YES #endif #ifndef CC_HashSequenceStart #define CC_HashSequenceStart CC_YES #endif #ifndef CC_HierarchyChangeAuth #define CC_HierarchyChangeAuth CC_YES #endif #ifndef CC_HierarchyControl #define CC_HierarchyControl CC_YES #endif #ifndef CC_Import #define CC_Import CC_YES #endif #ifndef CC_IncrementalSelfTest #define CC_IncrementalSelfTest CC_YES #endif #ifndef CC_Load #define CC_Load CC_YES #endif #ifndef CC_LoadExternal #define CC_LoadExternal CC_YES #endif #ifndef CC_MAC #define CC_MAC (CC_YES && ALG_CMAC) #endif #ifndef CC_MAC_Start #define CC_MAC_Start (CC_YES && ALG_CMAC) #endif #ifndef CC_MakeCredential #define CC_MakeCredential CC_YES #endif #ifndef CC_NV_Certify #define CC_NV_Certify CC_YES #endif #ifndef CC_NV_ChangeAuth #define CC_NV_ChangeAuth CC_YES #endif #ifndef CC_NV_DefineSpace #define CC_NV_DefineSpace CC_YES #endif #ifndef CC_NV_Extend #define CC_NV_Extend CC_YES #endif #ifndef CC_NV_GlobalWriteLock #define CC_NV_GlobalWriteLock CC_YES #endif #ifndef CC_NV_Increment #define CC_NV_Increment CC_YES #endif #ifndef CC_NV_Read #define CC_NV_Read CC_YES #endif #ifndef CC_NV_ReadLock #define CC_NV_ReadLock CC_YES #endif #ifndef CC_NV_ReadPublic #define CC_NV_ReadPublic CC_YES #endif #ifndef CC_NV_SetBits #define CC_NV_SetBits CC_YES #endif #ifndef CC_NV_UndefineSpace #define CC_NV_UndefineSpace CC_YES #endif #ifndef CC_NV_UndefineSpaceSpecial #define CC_NV_UndefineSpaceSpecial CC_YES #endif #ifndef CC_NV_Write #define CC_NV_Write CC_YES #endif #ifndef CC_NV_WriteLock #define CC_NV_WriteLock CC_YES #endif #ifndef CC_ObjectChangeAuth #define CC_ObjectChangeAuth CC_YES #endif #ifndef CC_PCR_Allocate #define CC_PCR_Allocate CC_YES #endif #ifndef CC_PCR_Event #define CC_PCR_Event CC_YES #endif #ifndef CC_PCR_Extend #define CC_PCR_Extend CC_YES #endif #ifndef CC_PCR_Read #define CC_PCR_Read CC_YES #endif #ifndef CC_PCR_Reset #define CC_PCR_Reset CC_YES #endif #ifndef CC_PCR_SetAuthPolicy #define CC_PCR_SetAuthPolicy CC_YES #endif #ifndef CC_PCR_SetAuthValue #define CC_PCR_SetAuthValue CC_YES #endif #ifndef CC_PP_Commands #define CC_PP_Commands CC_YES #endif #ifndef CC_PolicyAuthValue #define CC_PolicyAuthValue CC_YES #endif #ifndef CC_PolicyAuthorize #define CC_PolicyAuthorize CC_YES #endif #ifndef CC_PolicyAuthorizeNV #define CC_PolicyAuthorizeNV CC_YES #endif #ifndef CC_PolicyCommandCode #define CC_PolicyCommandCode CC_YES #endif #ifndef CC_PolicyCounterTimer #define CC_PolicyCounterTimer CC_YES #endif #ifndef CC_PolicyCpHash #define CC_PolicyCpHash CC_YES #endif #ifndef CC_PolicyDuplicationSelect #define CC_PolicyDuplicationSelect CC_YES #endif #ifndef CC_PolicyGetDigest #define CC_PolicyGetDigest CC_YES #endif #ifndef CC_PolicyLocality #define CC_PolicyLocality CC_YES #endif #ifndef CC_PolicyNV #define CC_PolicyNV CC_YES #endif #ifndef CC_PolicyNameHash #define CC_PolicyNameHash CC_YES #endif #ifndef CC_PolicyNvWritten #define CC_PolicyNvWritten CC_YES #endif #ifndef CC_PolicyOR #define CC_PolicyOR CC_YES #endif #ifndef CC_PolicyPCR #define CC_PolicyPCR CC_YES #endif #ifndef CC_PolicyPassword #define CC_PolicyPassword CC_YES #endif #ifndef CC_PolicyPhysicalPresence #define CC_PolicyPhysicalPresence CC_YES #endif #ifndef CC_PolicyRestart #define CC_PolicyRestart CC_YES #endif #ifndef CC_PolicySecret #define CC_PolicySecret CC_YES #endif #ifndef CC_PolicySigned #define CC_PolicySigned CC_YES #endif #ifndef CC_PolicyTemplate #define CC_PolicyTemplate CC_YES #endif #ifndef CC_PolicyTicket #define CC_PolicyTicket CC_YES #endif #ifndef CC_Policy_AC_SendSelect #define CC_Policy_AC_SendSelect CC_YES #endif #ifndef CC_Quote #define CC_Quote CC_YES #endif #ifndef CC_RSA_Decrypt #define CC_RSA_Decrypt (CC_YES && ALG_RSA) #endif #ifndef CC_RSA_Encrypt #define CC_RSA_Encrypt (CC_YES && ALG_RSA) #endif #ifndef CC_ReadClock #define CC_ReadClock CC_YES #endif #ifndef CC_ReadPublic #define CC_ReadPublic CC_YES #endif #ifndef CC_Rewrap #define CC_Rewrap CC_YES #endif #ifndef CC_SelfTest #define CC_SelfTest CC_YES #endif #ifndef CC_SequenceComplete #define CC_SequenceComplete CC_YES #endif #ifndef CC_SequenceUpdate #define CC_SequenceUpdate CC_YES #endif #ifndef CC_SetAlgorithmSet #define CC_SetAlgorithmSet CC_YES #endif #ifndef CC_SetCommandCodeAuditStatus #define CC_SetCommandCodeAuditStatus CC_YES #endif #ifndef CC_SetPrimaryPolicy #define CC_SetPrimaryPolicy CC_YES #endif #ifndef CC_Shutdown #define CC_Shutdown CC_YES #endif #ifndef CC_Sign #define CC_Sign CC_YES #endif #ifndef CC_StartAuthSession #define CC_StartAuthSession CC_YES #endif #ifndef CC_Startup #define CC_Startup CC_YES #endif #ifndef CC_StirRandom #define CC_StirRandom CC_YES #endif #ifndef CC_TestParms #define CC_TestParms CC_YES #endif #ifndef CC_Unseal #define CC_Unseal CC_YES #endif #ifndef CC_Vendor_TCG_Test #define CC_Vendor_TCG_Test CC_YES #endif #ifndef CC_VerifySignature #define CC_VerifySignature CC_YES #endif #ifndef CC_ZGen_2Phase #define CC_ZGen_2Phase (CC_YES && ALG_ECC) #endif #endif // _TPM_PROFILE_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/TpmTypes.h000066400000000000000000003464111510276467000255760ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Apr 10, 2019 Time: 03:21:33PM */ #ifndef _TPM_TYPES_H_ #define _TPM_TYPES_H_ // Table 1:2 - Definition of TPM_ALG_ID Constants typedef UINT16 TPM_ALG_ID; #define TYPE_OF_TPM_ALG_ID UINT16 #define ALG_ERROR_VALUE 0x0000 #define TPM_ALG_ERROR (TPM_ALG_ID)(ALG_ERROR_VALUE) #define ALG_RSA_VALUE 0x0001 #define TPM_ALG_RSA (TPM_ALG_ID)(ALG_RSA_VALUE) #define ALG_TDES_VALUE 0x0003 #define TPM_ALG_TDES (TPM_ALG_ID)(ALG_TDES_VALUE) #define ALG_SHA_VALUE 0x0004 #define TPM_ALG_SHA (TPM_ALG_ID)(ALG_SHA_VALUE) #define ALG_SHA1_VALUE 0x0004 #define TPM_ALG_SHA1 (TPM_ALG_ID)(ALG_SHA1_VALUE) #define ALG_HMAC_VALUE 0x0005 #define TPM_ALG_HMAC (TPM_ALG_ID)(ALG_HMAC_VALUE) #define ALG_AES_VALUE 0x0006 #define TPM_ALG_AES (TPM_ALG_ID)(ALG_AES_VALUE) #define ALG_MGF1_VALUE 0x0007 #define TPM_ALG_MGF1 (TPM_ALG_ID)(ALG_MGF1_VALUE) #define ALG_KEYEDHASH_VALUE 0x0008 #define TPM_ALG_KEYEDHASH (TPM_ALG_ID)(ALG_KEYEDHASH_VALUE) #define ALG_XOR_VALUE 0x000A #define TPM_ALG_XOR (TPM_ALG_ID)(ALG_XOR_VALUE) #define ALG_SHA256_VALUE 0x000B #define TPM_ALG_SHA256 (TPM_ALG_ID)(ALG_SHA256_VALUE) #define ALG_SHA384_VALUE 0x000C #define TPM_ALG_SHA384 (TPM_ALG_ID)(ALG_SHA384_VALUE) #define ALG_SHA512_VALUE 0x000D #define TPM_ALG_SHA512 (TPM_ALG_ID)(ALG_SHA512_VALUE) #define ALG_NULL_VALUE 0x0010 #define TPM_ALG_NULL (TPM_ALG_ID)(ALG_NULL_VALUE) #define ALG_SM3_256_VALUE 0x0012 #define TPM_ALG_SM3_256 (TPM_ALG_ID)(ALG_SM3_256_VALUE) #define ALG_SM4_VALUE 0x0013 #define TPM_ALG_SM4 (TPM_ALG_ID)(ALG_SM4_VALUE) #define ALG_RSASSA_VALUE 0x0014 #define TPM_ALG_RSASSA (TPM_ALG_ID)(ALG_RSASSA_VALUE) #define ALG_RSAES_VALUE 0x0015 #define TPM_ALG_RSAES (TPM_ALG_ID)(ALG_RSAES_VALUE) #define ALG_RSAPSS_VALUE 0x0016 #define TPM_ALG_RSAPSS (TPM_ALG_ID)(ALG_RSAPSS_VALUE) #define ALG_OAEP_VALUE 0x0017 #define TPM_ALG_OAEP (TPM_ALG_ID)(ALG_OAEP_VALUE) #define ALG_ECDSA_VALUE 0x0018 #define TPM_ALG_ECDSA (TPM_ALG_ID)(ALG_ECDSA_VALUE) #define ALG_ECDH_VALUE 0x0019 #define TPM_ALG_ECDH (TPM_ALG_ID)(ALG_ECDH_VALUE) #define ALG_ECDAA_VALUE 0x001A #define TPM_ALG_ECDAA (TPM_ALG_ID)(ALG_ECDAA_VALUE) #define ALG_SM2_VALUE 0x001B #define TPM_ALG_SM2 (TPM_ALG_ID)(ALG_SM2_VALUE) #define ALG_ECSCHNORR_VALUE 0x001C #define TPM_ALG_ECSCHNORR (TPM_ALG_ID)(ALG_ECSCHNORR_VALUE) #define ALG_ECMQV_VALUE 0x001D #define TPM_ALG_ECMQV (TPM_ALG_ID)(ALG_ECMQV_VALUE) #define ALG_KDF1_SP800_56A_VALUE 0x0020 #define TPM_ALG_KDF1_SP800_56A (TPM_ALG_ID)(ALG_KDF1_SP800_56A_VALUE) #define ALG_KDF2_VALUE 0x0021 #define TPM_ALG_KDF2 (TPM_ALG_ID)(ALG_KDF2_VALUE) #define ALG_KDF1_SP800_108_VALUE 0x0022 #define TPM_ALG_KDF1_SP800_108 (TPM_ALG_ID)(ALG_KDF1_SP800_108_VALUE) #define ALG_ECC_VALUE 0x0023 #define TPM_ALG_ECC (TPM_ALG_ID)(ALG_ECC_VALUE) #define ALG_SYMCIPHER_VALUE 0x0025 #define TPM_ALG_SYMCIPHER (TPM_ALG_ID)(ALG_SYMCIPHER_VALUE) #define ALG_CAMELLIA_VALUE 0x0026 #define TPM_ALG_CAMELLIA (TPM_ALG_ID)(ALG_CAMELLIA_VALUE) #define ALG_SHA3_256_VALUE 0x0027 #define TPM_ALG_SHA3_256 (TPM_ALG_ID)(ALG_SHA3_256_VALUE) #define ALG_SHA3_384_VALUE 0x0028 #define TPM_ALG_SHA3_384 (TPM_ALG_ID)(ALG_SHA3_384_VALUE) #define ALG_SHA3_512_VALUE 0x0029 #define TPM_ALG_SHA3_512 (TPM_ALG_ID)(ALG_SHA3_512_VALUE) #define ALG_CMAC_VALUE 0x003F #define TPM_ALG_CMAC (TPM_ALG_ID)(ALG_CMAC_VALUE) #define ALG_CTR_VALUE 0x0040 #define TPM_ALG_CTR (TPM_ALG_ID)(ALG_CTR_VALUE) #define ALG_OFB_VALUE 0x0041 #define TPM_ALG_OFB (TPM_ALG_ID)(ALG_OFB_VALUE) #define ALG_CBC_VALUE 0x0042 #define TPM_ALG_CBC (TPM_ALG_ID)(ALG_CBC_VALUE) #define ALG_CFB_VALUE 0x0043 #define TPM_ALG_CFB (TPM_ALG_ID)(ALG_CFB_VALUE) #define ALG_ECB_VALUE 0x0044 #define TPM_ALG_ECB (TPM_ALG_ID)(ALG_ECB_VALUE) // Values derived from Table 1:2 #define ALG_FIRST_VALUE 0x0001 #define TPM_ALG_FIRST (TPM_ALG_ID)(ALG_FIRST_VALUE) #define ALG_LAST_VALUE 0x0044 #define TPM_ALG_LAST (TPM_ALG_ID)(ALG_LAST_VALUE) // Table 1:3 - Definition of TPM_ECC_CURVE Constants typedef UINT16 TPM_ECC_CURVE; #define TYPE_OF_TPM_ECC_CURVE UINT16 #define TPM_ECC_NONE (TPM_ECC_CURVE)(0x0000) #define TPM_ECC_NIST_P192 (TPM_ECC_CURVE)(0x0001) #define TPM_ECC_NIST_P224 (TPM_ECC_CURVE)(0x0002) #define TPM_ECC_NIST_P256 (TPM_ECC_CURVE)(0x0003) #define TPM_ECC_NIST_P384 (TPM_ECC_CURVE)(0x0004) #define TPM_ECC_NIST_P521 (TPM_ECC_CURVE)(0x0005) #define TPM_ECC_BN_P256 (TPM_ECC_CURVE)(0x0010) #define TPM_ECC_BN_P638 (TPM_ECC_CURVE)(0x0011) #define TPM_ECC_SM2_P256 (TPM_ECC_CURVE)(0x0020) // Table 2:12 - Definition of TPM_CC Constants typedef UINT32 TPM_CC; #define TYPE_OF_TPM_CC UINT32 #define TPM_CC_NV_UndefineSpaceSpecial (TPM_CC)(0x0000011F) #define TPM_CC_EvictControl (TPM_CC)(0x00000120) #define TPM_CC_HierarchyControl (TPM_CC)(0x00000121) #define TPM_CC_NV_UndefineSpace (TPM_CC)(0x00000122) #define TPM_CC_ChangeEPS (TPM_CC)(0x00000124) #define TPM_CC_ChangePPS (TPM_CC)(0x00000125) #define TPM_CC_Clear (TPM_CC)(0x00000126) #define TPM_CC_ClearControl (TPM_CC)(0x00000127) #define TPM_CC_ClockSet (TPM_CC)(0x00000128) #define TPM_CC_HierarchyChangeAuth (TPM_CC)(0x00000129) #define TPM_CC_NV_DefineSpace (TPM_CC)(0x0000012A) #define TPM_CC_PCR_Allocate (TPM_CC)(0x0000012B) #define TPM_CC_PCR_SetAuthPolicy (TPM_CC)(0x0000012C) #define TPM_CC_PP_Commands (TPM_CC)(0x0000012D) #define TPM_CC_SetPrimaryPolicy (TPM_CC)(0x0000012E) #define TPM_CC_FieldUpgradeStart (TPM_CC)(0x0000012F) #define TPM_CC_ClockRateAdjust (TPM_CC)(0x00000130) #define TPM_CC_CreatePrimary (TPM_CC)(0x00000131) #define TPM_CC_NV_GlobalWriteLock (TPM_CC)(0x00000132) #define TPM_CC_GetCommandAuditDigest (TPM_CC)(0x00000133) #define TPM_CC_NV_Increment (TPM_CC)(0x00000134) #define TPM_CC_NV_SetBits (TPM_CC)(0x00000135) #define TPM_CC_NV_Extend (TPM_CC)(0x00000136) #define TPM_CC_NV_Write (TPM_CC)(0x00000137) #define TPM_CC_NV_WriteLock (TPM_CC)(0x00000138) #define TPM_CC_DictionaryAttackLockReset (TPM_CC)(0x00000139) #define TPM_CC_DictionaryAttackParameters (TPM_CC)(0x0000013A) #define TPM_CC_NV_ChangeAuth (TPM_CC)(0x0000013B) #define TPM_CC_PCR_Event (TPM_CC)(0x0000013C) #define TPM_CC_PCR_Reset (TPM_CC)(0x0000013D) #define TPM_CC_SequenceComplete (TPM_CC)(0x0000013E) #define TPM_CC_SetAlgorithmSet (TPM_CC)(0x0000013F) #define TPM_CC_SetCommandCodeAuditStatus (TPM_CC)(0x00000140) #define TPM_CC_FieldUpgradeData (TPM_CC)(0x00000141) #define TPM_CC_IncrementalSelfTest (TPM_CC)(0x00000142) #define TPM_CC_SelfTest (TPM_CC)(0x00000143) #define TPM_CC_Startup (TPM_CC)(0x00000144) #define TPM_CC_Shutdown (TPM_CC)(0x00000145) #define TPM_CC_StirRandom (TPM_CC)(0x00000146) #define TPM_CC_ActivateCredential (TPM_CC)(0x00000147) #define TPM_CC_Certify (TPM_CC)(0x00000148) #define TPM_CC_PolicyNV (TPM_CC)(0x00000149) #define TPM_CC_CertifyCreation (TPM_CC)(0x0000014A) #define TPM_CC_Duplicate (TPM_CC)(0x0000014B) #define TPM_CC_GetTime (TPM_CC)(0x0000014C) #define TPM_CC_GetSessionAuditDigest (TPM_CC)(0x0000014D) #define TPM_CC_NV_Read (TPM_CC)(0x0000014E) #define TPM_CC_NV_ReadLock (TPM_CC)(0x0000014F) #define TPM_CC_ObjectChangeAuth (TPM_CC)(0x00000150) #define TPM_CC_PolicySecret (TPM_CC)(0x00000151) #define TPM_CC_Rewrap (TPM_CC)(0x00000152) #define TPM_CC_Create (TPM_CC)(0x00000153) #define TPM_CC_ECDH_ZGen (TPM_CC)(0x00000154) #define TPM_CC_HMAC (TPM_CC)(0x00000155) #define TPM_CC_MAC (TPM_CC)(0x00000155) #define TPM_CC_Import (TPM_CC)(0x00000156) #define TPM_CC_Load (TPM_CC)(0x00000157) #define TPM_CC_Quote (TPM_CC)(0x00000158) #define TPM_CC_RSA_Decrypt (TPM_CC)(0x00000159) #define TPM_CC_HMAC_Start (TPM_CC)(0x0000015B) #define TPM_CC_MAC_Start (TPM_CC)(0x0000015B) #define TPM_CC_SequenceUpdate (TPM_CC)(0x0000015C) #define TPM_CC_Sign (TPM_CC)(0x0000015D) #define TPM_CC_Unseal (TPM_CC)(0x0000015E) #define TPM_CC_PolicySigned (TPM_CC)(0x00000160) #define TPM_CC_ContextLoad (TPM_CC)(0x00000161) #define TPM_CC_ContextSave (TPM_CC)(0x00000162) #define TPM_CC_ECDH_KeyGen (TPM_CC)(0x00000163) #define TPM_CC_EncryptDecrypt (TPM_CC)(0x00000164) #define TPM_CC_FlushContext (TPM_CC)(0x00000165) #define TPM_CC_LoadExternal (TPM_CC)(0x00000167) #define TPM_CC_MakeCredential (TPM_CC)(0x00000168) #define TPM_CC_NV_ReadPublic (TPM_CC)(0x00000169) #define TPM_CC_PolicyAuthorize (TPM_CC)(0x0000016A) #define TPM_CC_PolicyAuthValue (TPM_CC)(0x0000016B) #define TPM_CC_PolicyCommandCode (TPM_CC)(0x0000016C) #define TPM_CC_PolicyCounterTimer (TPM_CC)(0x0000016D) #define TPM_CC_PolicyCpHash (TPM_CC)(0x0000016E) #define TPM_CC_PolicyLocality (TPM_CC)(0x0000016F) #define TPM_CC_PolicyNameHash (TPM_CC)(0x00000170) #define TPM_CC_PolicyOR (TPM_CC)(0x00000171) #define TPM_CC_PolicyTicket (TPM_CC)(0x00000172) #define TPM_CC_ReadPublic (TPM_CC)(0x00000173) #define TPM_CC_RSA_Encrypt (TPM_CC)(0x00000174) #define TPM_CC_StartAuthSession (TPM_CC)(0x00000176) #define TPM_CC_VerifySignature (TPM_CC)(0x00000177) #define TPM_CC_ECC_Parameters (TPM_CC)(0x00000178) #define TPM_CC_FirmwareRead (TPM_CC)(0x00000179) #define TPM_CC_GetCapability (TPM_CC)(0x0000017A) #define TPM_CC_GetRandom (TPM_CC)(0x0000017B) #define TPM_CC_GetTestResult (TPM_CC)(0x0000017C) #define TPM_CC_Hash (TPM_CC)(0x0000017D) #define TPM_CC_PCR_Read (TPM_CC)(0x0000017E) #define TPM_CC_PolicyPCR (TPM_CC)(0x0000017F) #define TPM_CC_PolicyRestart (TPM_CC)(0x00000180) #define TPM_CC_ReadClock (TPM_CC)(0x00000181) #define TPM_CC_PCR_Extend (TPM_CC)(0x00000182) #define TPM_CC_PCR_SetAuthValue (TPM_CC)(0x00000183) #define TPM_CC_NV_Certify (TPM_CC)(0x00000184) #define TPM_CC_EventSequenceComplete (TPM_CC)(0x00000185) #define TPM_CC_HashSequenceStart (TPM_CC)(0x00000186) #define TPM_CC_PolicyPhysicalPresence (TPM_CC)(0x00000187) #define TPM_CC_PolicyDuplicationSelect (TPM_CC)(0x00000188) #define TPM_CC_PolicyGetDigest (TPM_CC)(0x00000189) #define TPM_CC_TestParms (TPM_CC)(0x0000018A) #define TPM_CC_Commit (TPM_CC)(0x0000018B) #define TPM_CC_PolicyPassword (TPM_CC)(0x0000018C) #define TPM_CC_ZGen_2Phase (TPM_CC)(0x0000018D) #define TPM_CC_EC_Ephemeral (TPM_CC)(0x0000018E) #define TPM_CC_PolicyNvWritten (TPM_CC)(0x0000018F) #define TPM_CC_PolicyTemplate (TPM_CC)(0x00000190) #define TPM_CC_CreateLoaded (TPM_CC)(0x00000191) #define TPM_CC_PolicyAuthorizeNV (TPM_CC)(0x00000192) #define TPM_CC_EncryptDecrypt2 (TPM_CC)(0x00000193) #define TPM_CC_AC_GetCapability (TPM_CC)(0x00000194) #define TPM_CC_AC_Send (TPM_CC)(0x00000195) #define TPM_CC_Policy_AC_SendSelect (TPM_CC)(0x00000196) #define TPM_CC_CertifyX509 (TPM_CC)(0x00000197) #define CC_VEND 0x20000000 #define TPM_CC_Vendor_TCG_Test (TPM_CC)(0x20000000) // Table 2:5 - Definition of Types for Documentation Clarity typedef UINT32 TPM_ALGORITHM_ID; #define TYPE_OF_TPM_ALGORITHM_ID UINT32 typedef UINT32 TPM_MODIFIER_INDICATOR; #define TYPE_OF_TPM_MODIFIER_INDICATOR UINT32 typedef UINT32 TPM_AUTHORIZATION_SIZE; #define TYPE_OF_TPM_AUTHORIZATION_SIZE UINT32 typedef UINT32 TPM_PARAMETER_SIZE; #define TYPE_OF_TPM_PARAMETER_SIZE UINT32 typedef UINT16 TPM_KEY_SIZE; #define TYPE_OF_TPM_KEY_SIZE UINT16 typedef UINT16 TPM_KEY_BITS; #define TYPE_OF_TPM_KEY_BITS UINT16 // Table 2:6 - Definition of TPM_SPEC Constants typedef UINT32 TPM_SPEC; #define TYPE_OF_TPM_SPEC UINT32 #define SPEC_FAMILY 0x322E3000 #define TPM_SPEC_FAMILY (TPM_SPEC)(SPEC_FAMILY) #define SPEC_LEVEL 00 #define TPM_SPEC_LEVEL (TPM_SPEC)(SPEC_LEVEL) #define SPEC_VERSION 154 #define TPM_SPEC_VERSION (TPM_SPEC)(SPEC_VERSION) #define SPEC_YEAR 2019 #define TPM_SPEC_YEAR (TPM_SPEC)(SPEC_YEAR) #define SPEC_DAY_OF_YEAR 81 #define TPM_SPEC_DAY_OF_YEAR (TPM_SPEC)(SPEC_DAY_OF_YEAR) // Table 2:7 - Definition of TPM_GENERATED Constants typedef UINT32 TPM_GENERATED; #define TYPE_OF_TPM_GENERATED UINT32 #define TPM_GENERATED_VALUE (TPM_GENERATED)(0xFF544347) // Table 2:16 - Definition of TPM_RC Constants typedef UINT32 TPM_RC; #define TYPE_OF_TPM_RC UINT32 #define TPM_RC_SUCCESS (TPM_RC)(0x000) #define TPM_RC_BAD_TAG (TPM_RC)(0x01E) #define RC_VER1 (TPM_RC)(0x100) #define TPM_RC_INITIALIZE (TPM_RC)(RC_VER1+0x000) #define TPM_RC_FAILURE (TPM_RC)(RC_VER1+0x001) #define TPM_RC_SEQUENCE (TPM_RC)(RC_VER1+0x003) #define TPM_RC_PRIVATE (TPM_RC)(RC_VER1+0x00B) #define TPM_RC_HMAC (TPM_RC)(RC_VER1+0x019) #define TPM_RC_DISABLED (TPM_RC)(RC_VER1+0x020) #define TPM_RC_EXCLUSIVE (TPM_RC)(RC_VER1+0x021) #define TPM_RC_AUTH_TYPE (TPM_RC)(RC_VER1+0x024) #define TPM_RC_AUTH_MISSING (TPM_RC)(RC_VER1+0x025) #define TPM_RC_POLICY (TPM_RC)(RC_VER1+0x026) #define TPM_RC_PCR (TPM_RC)(RC_VER1+0x027) #define TPM_RC_PCR_CHANGED (TPM_RC)(RC_VER1+0x028) #define TPM_RC_UPGRADE (TPM_RC)(RC_VER1+0x02D) #define TPM_RC_TOO_MANY_CONTEXTS (TPM_RC)(RC_VER1+0x02E) #define TPM_RC_AUTH_UNAVAILABLE (TPM_RC)(RC_VER1+0x02F) #define TPM_RC_REBOOT (TPM_RC)(RC_VER1+0x030) #define TPM_RC_UNBALANCED (TPM_RC)(RC_VER1+0x031) #define TPM_RC_COMMAND_SIZE (TPM_RC)(RC_VER1+0x042) #define TPM_RC_COMMAND_CODE (TPM_RC)(RC_VER1+0x043) #define TPM_RC_AUTHSIZE (TPM_RC)(RC_VER1+0x044) #define TPM_RC_AUTH_CONTEXT (TPM_RC)(RC_VER1+0x045) #define TPM_RC_NV_RANGE (TPM_RC)(RC_VER1+0x046) #define TPM_RC_NV_SIZE (TPM_RC)(RC_VER1+0x047) #define TPM_RC_NV_LOCKED (TPM_RC)(RC_VER1+0x048) #define TPM_RC_NV_AUTHORIZATION (TPM_RC)(RC_VER1+0x049) #define TPM_RC_NV_UNINITIALIZED (TPM_RC)(RC_VER1+0x04A) #define TPM_RC_NV_SPACE (TPM_RC)(RC_VER1+0x04B) #define TPM_RC_NV_DEFINED (TPM_RC)(RC_VER1+0x04C) #define TPM_RC_BAD_CONTEXT (TPM_RC)(RC_VER1+0x050) #define TPM_RC_CPHASH (TPM_RC)(RC_VER1+0x051) #define TPM_RC_PARENT (TPM_RC)(RC_VER1+0x052) #define TPM_RC_NEEDS_TEST (TPM_RC)(RC_VER1+0x053) #define TPM_RC_NO_RESULT (TPM_RC)(RC_VER1+0x054) #define TPM_RC_SENSITIVE (TPM_RC)(RC_VER1+0x055) #define RC_MAX_FM0 (TPM_RC)(RC_VER1+0x07F) #define RC_FMT1 (TPM_RC)(0x080) #define TPM_RC_ASYMMETRIC (TPM_RC)(RC_FMT1+0x001) #define TPM_RCS_ASYMMETRIC (TPM_RC)(RC_FMT1+0x001) #define TPM_RC_ATTRIBUTES (TPM_RC)(RC_FMT1+0x002) #define TPM_RCS_ATTRIBUTES (TPM_RC)(RC_FMT1+0x002) #define TPM_RC_HASH (TPM_RC)(RC_FMT1+0x003) #define TPM_RCS_HASH (TPM_RC)(RC_FMT1+0x003) #define TPM_RC_VALUE (TPM_RC)(RC_FMT1+0x004) #define TPM_RCS_VALUE (TPM_RC)(RC_FMT1+0x004) #define TPM_RC_HIERARCHY (TPM_RC)(RC_FMT1+0x005) #define TPM_RCS_HIERARCHY (TPM_RC)(RC_FMT1+0x005) #define TPM_RC_KEY_SIZE (TPM_RC)(RC_FMT1+0x007) #define TPM_RCS_KEY_SIZE (TPM_RC)(RC_FMT1+0x007) #define TPM_RC_MGF (TPM_RC)(RC_FMT1+0x008) #define TPM_RCS_MGF (TPM_RC)(RC_FMT1+0x008) #define TPM_RC_MODE (TPM_RC)(RC_FMT1+0x009) #define TPM_RCS_MODE (TPM_RC)(RC_FMT1+0x009) #define TPM_RC_TYPE (TPM_RC)(RC_FMT1+0x00A) #define TPM_RCS_TYPE (TPM_RC)(RC_FMT1+0x00A) #define TPM_RC_HANDLE (TPM_RC)(RC_FMT1+0x00B) #define TPM_RCS_HANDLE (TPM_RC)(RC_FMT1+0x00B) #define TPM_RC_KDF (TPM_RC)(RC_FMT1+0x00C) #define TPM_RCS_KDF (TPM_RC)(RC_FMT1+0x00C) #define TPM_RC_RANGE (TPM_RC)(RC_FMT1+0x00D) #define TPM_RCS_RANGE (TPM_RC)(RC_FMT1+0x00D) #define TPM_RC_AUTH_FAIL (TPM_RC)(RC_FMT1+0x00E) #define TPM_RCS_AUTH_FAIL (TPM_RC)(RC_FMT1+0x00E) #define TPM_RC_NONCE (TPM_RC)(RC_FMT1+0x00F) #define TPM_RCS_NONCE (TPM_RC)(RC_FMT1+0x00F) #define TPM_RC_PP (TPM_RC)(RC_FMT1+0x010) #define TPM_RCS_PP (TPM_RC)(RC_FMT1+0x010) #define TPM_RC_SCHEME (TPM_RC)(RC_FMT1+0x012) #define TPM_RCS_SCHEME (TPM_RC)(RC_FMT1+0x012) #define TPM_RC_SIZE (TPM_RC)(RC_FMT1+0x015) #define TPM_RCS_SIZE (TPM_RC)(RC_FMT1+0x015) #define TPM_RC_SYMMETRIC (TPM_RC)(RC_FMT1+0x016) #define TPM_RCS_SYMMETRIC (TPM_RC)(RC_FMT1+0x016) #define TPM_RC_TAG (TPM_RC)(RC_FMT1+0x017) #define TPM_RCS_TAG (TPM_RC)(RC_FMT1+0x017) #define TPM_RC_SELECTOR (TPM_RC)(RC_FMT1+0x018) #define TPM_RCS_SELECTOR (TPM_RC)(RC_FMT1+0x018) #define TPM_RC_INSUFFICIENT (TPM_RC)(RC_FMT1+0x01A) #define TPM_RCS_INSUFFICIENT (TPM_RC)(RC_FMT1+0x01A) #define TPM_RC_SIGNATURE (TPM_RC)(RC_FMT1+0x01B) #define TPM_RCS_SIGNATURE (TPM_RC)(RC_FMT1+0x01B) #define TPM_RC_KEY (TPM_RC)(RC_FMT1+0x01C) #define TPM_RCS_KEY (TPM_RC)(RC_FMT1+0x01C) #define TPM_RC_POLICY_FAIL (TPM_RC)(RC_FMT1+0x01D) #define TPM_RCS_POLICY_FAIL (TPM_RC)(RC_FMT1+0x01D) #define TPM_RC_INTEGRITY (TPM_RC)(RC_FMT1+0x01F) #define TPM_RCS_INTEGRITY (TPM_RC)(RC_FMT1+0x01F) #define TPM_RC_TICKET (TPM_RC)(RC_FMT1+0x020) #define TPM_RCS_TICKET (TPM_RC)(RC_FMT1+0x020) #define TPM_RC_RESERVED_BITS (TPM_RC)(RC_FMT1+0x021) #define TPM_RCS_RESERVED_BITS (TPM_RC)(RC_FMT1+0x021) #define TPM_RC_BAD_AUTH (TPM_RC)(RC_FMT1+0x022) #define TPM_RCS_BAD_AUTH (TPM_RC)(RC_FMT1+0x022) #define TPM_RC_EXPIRED (TPM_RC)(RC_FMT1+0x023) #define TPM_RCS_EXPIRED (TPM_RC)(RC_FMT1+0x023) #define TPM_RC_POLICY_CC (TPM_RC)(RC_FMT1+0x024) #define TPM_RCS_POLICY_CC (TPM_RC)(RC_FMT1+0x024) #define TPM_RC_BINDING (TPM_RC)(RC_FMT1+0x025) #define TPM_RCS_BINDING (TPM_RC)(RC_FMT1+0x025) #define TPM_RC_CURVE (TPM_RC)(RC_FMT1+0x026) #define TPM_RCS_CURVE (TPM_RC)(RC_FMT1+0x026) #define TPM_RC_ECC_POINT (TPM_RC)(RC_FMT1+0x027) #define TPM_RCS_ECC_POINT (TPM_RC)(RC_FMT1+0x027) #define RC_WARN (TPM_RC)(0x900) #define TPM_RC_CONTEXT_GAP (TPM_RC)(RC_WARN+0x001) #define TPM_RC_OBJECT_MEMORY (TPM_RC)(RC_WARN+0x002) #define TPM_RC_SESSION_MEMORY (TPM_RC)(RC_WARN+0x003) #define TPM_RC_MEMORY (TPM_RC)(RC_WARN+0x004) #define TPM_RC_SESSION_HANDLES (TPM_RC)(RC_WARN+0x005) #define TPM_RC_OBJECT_HANDLES (TPM_RC)(RC_WARN+0x006) #define TPM_RC_LOCALITY (TPM_RC)(RC_WARN+0x007) #define TPM_RC_YIELDED (TPM_RC)(RC_WARN+0x008) #define TPM_RC_CANCELED (TPM_RC)(RC_WARN+0x009) #define TPM_RC_TESTING (TPM_RC)(RC_WARN+0x00A) #define TPM_RC_REFERENCE_H0 (TPM_RC)(RC_WARN+0x010) #define TPM_RC_REFERENCE_H1 (TPM_RC)(RC_WARN+0x011) #define TPM_RC_REFERENCE_H2 (TPM_RC)(RC_WARN+0x012) #define TPM_RC_REFERENCE_H3 (TPM_RC)(RC_WARN+0x013) #define TPM_RC_REFERENCE_H4 (TPM_RC)(RC_WARN+0x014) #define TPM_RC_REFERENCE_H5 (TPM_RC)(RC_WARN+0x015) #define TPM_RC_REFERENCE_H6 (TPM_RC)(RC_WARN+0x016) #define TPM_RC_REFERENCE_S0 (TPM_RC)(RC_WARN+0x018) #define TPM_RC_REFERENCE_S1 (TPM_RC)(RC_WARN+0x019) #define TPM_RC_REFERENCE_S2 (TPM_RC)(RC_WARN+0x01A) #define TPM_RC_REFERENCE_S3 (TPM_RC)(RC_WARN+0x01B) #define TPM_RC_REFERENCE_S4 (TPM_RC)(RC_WARN+0x01C) #define TPM_RC_REFERENCE_S5 (TPM_RC)(RC_WARN+0x01D) #define TPM_RC_REFERENCE_S6 (TPM_RC)(RC_WARN+0x01E) #define TPM_RC_NV_RATE (TPM_RC)(RC_WARN+0x020) #define TPM_RC_LOCKOUT (TPM_RC)(RC_WARN+0x021) #define TPM_RC_RETRY (TPM_RC)(RC_WARN+0x022) #define TPM_RC_NV_UNAVAILABLE (TPM_RC)(RC_WARN+0x023) #define TPM_RC_NOT_USED (TPM_RC)(RC_WARN+0x7F) #define TPM_RC_H (TPM_RC)(0x000) #define TPM_RC_P (TPM_RC)(0x040) #define TPM_RC_S (TPM_RC)(0x800) #define TPM_RC_1 (TPM_RC)(0x100) #define TPM_RC_2 (TPM_RC)(0x200) #define TPM_RC_3 (TPM_RC)(0x300) #define TPM_RC_4 (TPM_RC)(0x400) #define TPM_RC_5 (TPM_RC)(0x500) #define TPM_RC_6 (TPM_RC)(0x600) #define TPM_RC_7 (TPM_RC)(0x700) #define TPM_RC_8 (TPM_RC)(0x800) #define TPM_RC_9 (TPM_RC)(0x900) #define TPM_RC_A (TPM_RC)(0xA00) #define TPM_RC_B (TPM_RC)(0xB00) #define TPM_RC_C (TPM_RC)(0xC00) #define TPM_RC_D (TPM_RC)(0xD00) #define TPM_RC_E (TPM_RC)(0xE00) #define TPM_RC_F (TPM_RC)(0xF00) #define TPM_RC_N_MASK (TPM_RC)(0xF00) // Table 2:17 - Definition of TPM_CLOCK_ADJUST Constants typedef INT8 TPM_CLOCK_ADJUST; #define TYPE_OF_TPM_CLOCK_ADJUST UINT8 #define TPM_CLOCK_COARSE_SLOWER (TPM_CLOCK_ADJUST)(-3) #define TPM_CLOCK_MEDIUM_SLOWER (TPM_CLOCK_ADJUST)(-2) #define TPM_CLOCK_FINE_SLOWER (TPM_CLOCK_ADJUST)(-1) #define TPM_CLOCK_NO_CHANGE (TPM_CLOCK_ADJUST)(0) #define TPM_CLOCK_FINE_FASTER (TPM_CLOCK_ADJUST)(1) #define TPM_CLOCK_MEDIUM_FASTER (TPM_CLOCK_ADJUST)(2) #define TPM_CLOCK_COARSE_FASTER (TPM_CLOCK_ADJUST)(3) // Table 2:18 - Definition of TPM_EO Constants typedef UINT16 TPM_EO; #define TYPE_OF_TPM_EO UINT16 #define TPM_EO_EQ (TPM_EO)(0x0000) #define TPM_EO_NEQ (TPM_EO)(0x0001) #define TPM_EO_SIGNED_GT (TPM_EO)(0x0002) #define TPM_EO_UNSIGNED_GT (TPM_EO)(0x0003) #define TPM_EO_SIGNED_LT (TPM_EO)(0x0004) #define TPM_EO_UNSIGNED_LT (TPM_EO)(0x0005) #define TPM_EO_SIGNED_GE (TPM_EO)(0x0006) #define TPM_EO_UNSIGNED_GE (TPM_EO)(0x0007) #define TPM_EO_SIGNED_LE (TPM_EO)(0x0008) #define TPM_EO_UNSIGNED_LE (TPM_EO)(0x0009) #define TPM_EO_BITSET (TPM_EO)(0x000A) #define TPM_EO_BITCLEAR (TPM_EO)(0x000B) // Table 2:19 - Definition of TPM_ST Constants typedef UINT16 TPM_ST; #define TYPE_OF_TPM_ST UINT16 #define TPM_ST_RSP_COMMAND (TPM_ST)(0x00C4) #define TPM_ST_NULL (TPM_ST)(0x8000) #define TPM_ST_NO_SESSIONS (TPM_ST)(0x8001) #define TPM_ST_SESSIONS (TPM_ST)(0x8002) #define TPM_ST_ATTEST_NV (TPM_ST)(0x8014) #define TPM_ST_ATTEST_COMMAND_AUDIT (TPM_ST)(0x8015) #define TPM_ST_ATTEST_SESSION_AUDIT (TPM_ST)(0x8016) #define TPM_ST_ATTEST_CERTIFY (TPM_ST)(0x8017) #define TPM_ST_ATTEST_QUOTE (TPM_ST)(0x8018) #define TPM_ST_ATTEST_TIME (TPM_ST)(0x8019) #define TPM_ST_ATTEST_CREATION (TPM_ST)(0x801A) #define TPM_ST_ATTEST_NV_DIGEST (TPM_ST)(0x801C) #define TPM_ST_CREATION (TPM_ST)(0x8021) #define TPM_ST_VERIFIED (TPM_ST)(0x8022) #define TPM_ST_AUTH_SECRET (TPM_ST)(0x8023) #define TPM_ST_HASHCHECK (TPM_ST)(0x8024) #define TPM_ST_AUTH_SIGNED (TPM_ST)(0x8025) #define TPM_ST_FU_MANIFEST (TPM_ST)(0x8029) // Table 2:20 - Definition of TPM_SU Constants typedef UINT16 TPM_SU; #define TYPE_OF_TPM_SU UINT16 #define TPM_SU_CLEAR (TPM_SU)(0x0000) #define TPM_SU_STATE (TPM_SU)(0x0001) // Table 2:21 - Definition of TPM_SE Constants typedef UINT8 TPM_SE; #define TYPE_OF_TPM_SE UINT8 #define TPM_SE_HMAC (TPM_SE)(0x00) #define TPM_SE_POLICY (TPM_SE)(0x01) #define TPM_SE_TRIAL (TPM_SE)(0x03) // Table 2:22 - Definition of TPM_CAP Constants typedef UINT32 TPM_CAP; #define TYPE_OF_TPM_CAP UINT32 #define TPM_CAP_FIRST (TPM_CAP)(0x00000000) #define TPM_CAP_ALGS (TPM_CAP)(0x00000000) #define TPM_CAP_HANDLES (TPM_CAP)(0x00000001) #define TPM_CAP_COMMANDS (TPM_CAP)(0x00000002) #define TPM_CAP_PP_COMMANDS (TPM_CAP)(0x00000003) #define TPM_CAP_AUDIT_COMMANDS (TPM_CAP)(0x00000004) #define TPM_CAP_PCRS (TPM_CAP)(0x00000005) #define TPM_CAP_TPM_PROPERTIES (TPM_CAP)(0x00000006) #define TPM_CAP_PCR_PROPERTIES (TPM_CAP)(0x00000007) #define TPM_CAP_ECC_CURVES (TPM_CAP)(0x00000008) #define TPM_CAP_AUTH_POLICIES (TPM_CAP)(0x00000009) #define TPM_CAP_LAST (TPM_CAP)(0x00000009) #define TPM_CAP_VENDOR_PROPERTY (TPM_CAP)(0x00000100) // Table 2:23 - Definition of TPM_PT Constants typedef UINT32 TPM_PT; #define TYPE_OF_TPM_PT UINT32 #define TPM_PT_NONE (TPM_PT)(0x00000000) #define PT_GROUP (TPM_PT)(0x00000100) #define PT_FIXED (TPM_PT)(PT_GROUP*1) #define TPM_PT_FAMILY_INDICATOR (TPM_PT)(PT_FIXED+0) #define TPM_PT_LEVEL (TPM_PT)(PT_FIXED+1) #define TPM_PT_REVISION (TPM_PT)(PT_FIXED+2) #define TPM_PT_DAY_OF_YEAR (TPM_PT)(PT_FIXED+3) #define TPM_PT_YEAR (TPM_PT)(PT_FIXED+4) #define TPM_PT_MANUFACTURER (TPM_PT)(PT_FIXED+5) #define TPM_PT_VENDOR_STRING_1 (TPM_PT)(PT_FIXED+6) #define TPM_PT_VENDOR_STRING_2 (TPM_PT)(PT_FIXED+7) #define TPM_PT_VENDOR_STRING_3 (TPM_PT)(PT_FIXED+8) #define TPM_PT_VENDOR_STRING_4 (TPM_PT)(PT_FIXED+9) #define TPM_PT_VENDOR_TPM_TYPE (TPM_PT)(PT_FIXED+10) #define TPM_PT_FIRMWARE_VERSION_1 (TPM_PT)(PT_FIXED+11) #define TPM_PT_FIRMWARE_VERSION_2 (TPM_PT)(PT_FIXED+12) #define TPM_PT_INPUT_BUFFER (TPM_PT)(PT_FIXED+13) #define TPM_PT_HR_TRANSIENT_MIN (TPM_PT)(PT_FIXED+14) #define TPM_PT_HR_PERSISTENT_MIN (TPM_PT)(PT_FIXED+15) #define TPM_PT_HR_LOADED_MIN (TPM_PT)(PT_FIXED+16) #define TPM_PT_ACTIVE_SESSIONS_MAX (TPM_PT)(PT_FIXED+17) #define TPM_PT_PCR_COUNT (TPM_PT)(PT_FIXED+18) #define TPM_PT_PCR_SELECT_MIN (TPM_PT)(PT_FIXED+19) #define TPM_PT_CONTEXT_GAP_MAX (TPM_PT)(PT_FIXED+20) #define TPM_PT_NV_COUNTERS_MAX (TPM_PT)(PT_FIXED+22) #define TPM_PT_NV_INDEX_MAX (TPM_PT)(PT_FIXED+23) #define TPM_PT_MEMORY (TPM_PT)(PT_FIXED+24) #define TPM_PT_CLOCK_UPDATE (TPM_PT)(PT_FIXED+25) #define TPM_PT_CONTEXT_HASH (TPM_PT)(PT_FIXED+26) #define TPM_PT_CONTEXT_SYM (TPM_PT)(PT_FIXED+27) #define TPM_PT_CONTEXT_SYM_SIZE (TPM_PT)(PT_FIXED+28) #define TPM_PT_ORDERLY_COUNT (TPM_PT)(PT_FIXED+29) #define TPM_PT_MAX_COMMAND_SIZE (TPM_PT)(PT_FIXED+30) #define TPM_PT_MAX_RESPONSE_SIZE (TPM_PT)(PT_FIXED+31) #define TPM_PT_MAX_DIGEST (TPM_PT)(PT_FIXED+32) #define TPM_PT_MAX_OBJECT_CONTEXT (TPM_PT)(PT_FIXED+33) #define TPM_PT_MAX_SESSION_CONTEXT (TPM_PT)(PT_FIXED+34) #define TPM_PT_PS_FAMILY_INDICATOR (TPM_PT)(PT_FIXED+35) #define TPM_PT_PS_LEVEL (TPM_PT)(PT_FIXED+36) #define TPM_PT_PS_REVISION (TPM_PT)(PT_FIXED+37) #define TPM_PT_PS_DAY_OF_YEAR (TPM_PT)(PT_FIXED+38) #define TPM_PT_PS_YEAR (TPM_PT)(PT_FIXED+39) #define TPM_PT_SPLIT_MAX (TPM_PT)(PT_FIXED+40) #define TPM_PT_TOTAL_COMMANDS (TPM_PT)(PT_FIXED+41) #define TPM_PT_LIBRARY_COMMANDS (TPM_PT)(PT_FIXED+42) #define TPM_PT_VENDOR_COMMANDS (TPM_PT)(PT_FIXED+43) #define TPM_PT_NV_BUFFER_MAX (TPM_PT)(PT_FIXED+44) #define TPM_PT_MODES (TPM_PT)(PT_FIXED+45) #define TPM_PT_MAX_CAP_BUFFER (TPM_PT)(PT_FIXED+46) #define PT_VAR (TPM_PT)(PT_GROUP*2) #define TPM_PT_PERMANENT (TPM_PT)(PT_VAR+0) #define TPM_PT_STARTUP_CLEAR (TPM_PT)(PT_VAR+1) #define TPM_PT_HR_NV_INDEX (TPM_PT)(PT_VAR+2) #define TPM_PT_HR_LOADED (TPM_PT)(PT_VAR+3) #define TPM_PT_HR_LOADED_AVAIL (TPM_PT)(PT_VAR+4) #define TPM_PT_HR_ACTIVE (TPM_PT)(PT_VAR+5) #define TPM_PT_HR_ACTIVE_AVAIL (TPM_PT)(PT_VAR+6) #define TPM_PT_HR_TRANSIENT_AVAIL (TPM_PT)(PT_VAR+7) #define TPM_PT_HR_PERSISTENT (TPM_PT)(PT_VAR+8) #define TPM_PT_HR_PERSISTENT_AVAIL (TPM_PT)(PT_VAR+9) #define TPM_PT_NV_COUNTERS (TPM_PT)(PT_VAR+10) #define TPM_PT_NV_COUNTERS_AVAIL (TPM_PT)(PT_VAR+11) #define TPM_PT_ALGORITHM_SET (TPM_PT)(PT_VAR+12) #define TPM_PT_LOADED_CURVES (TPM_PT)(PT_VAR+13) #define TPM_PT_LOCKOUT_COUNTER (TPM_PT)(PT_VAR+14) #define TPM_PT_MAX_AUTH_FAIL (TPM_PT)(PT_VAR+15) #define TPM_PT_LOCKOUT_INTERVAL (TPM_PT)(PT_VAR+16) #define TPM_PT_LOCKOUT_RECOVERY (TPM_PT)(PT_VAR+17) #define TPM_PT_NV_WRITE_RECOVERY (TPM_PT)(PT_VAR+18) #define TPM_PT_AUDIT_COUNTER_0 (TPM_PT)(PT_VAR+19) #define TPM_PT_AUDIT_COUNTER_1 (TPM_PT)(PT_VAR+20) // Table 2:24 - Definition of TPM_PT_PCR Constants typedef UINT32 TPM_PT_PCR; #define TYPE_OF_TPM_PT_PCR UINT32 #define TPM_PT_PCR_FIRST (TPM_PT_PCR)(0x00000000) #define TPM_PT_PCR_SAVE (TPM_PT_PCR)(0x00000000) #define TPM_PT_PCR_EXTEND_L0 (TPM_PT_PCR)(0x00000001) #define TPM_PT_PCR_RESET_L0 (TPM_PT_PCR)(0x00000002) #define TPM_PT_PCR_EXTEND_L1 (TPM_PT_PCR)(0x00000003) #define TPM_PT_PCR_RESET_L1 (TPM_PT_PCR)(0x00000004) #define TPM_PT_PCR_EXTEND_L2 (TPM_PT_PCR)(0x00000005) #define TPM_PT_PCR_RESET_L2 (TPM_PT_PCR)(0x00000006) #define TPM_PT_PCR_EXTEND_L3 (TPM_PT_PCR)(0x00000007) #define TPM_PT_PCR_RESET_L3 (TPM_PT_PCR)(0x00000008) #define TPM_PT_PCR_EXTEND_L4 (TPM_PT_PCR)(0x00000009) #define TPM_PT_PCR_RESET_L4 (TPM_PT_PCR)(0x0000000A) #define TPM_PT_PCR_NO_INCREMENT (TPM_PT_PCR)(0x00000011) #define TPM_PT_PCR_DRTM_RESET (TPM_PT_PCR)(0x00000012) #define TPM_PT_PCR_POLICY (TPM_PT_PCR)(0x00000013) #define TPM_PT_PCR_AUTH (TPM_PT_PCR)(0x00000014) #define TPM_PT_PCR_LAST (TPM_PT_PCR)(0x00000014) // Table 2:25 - Definition of TPM_PS Constants typedef UINT32 TPM_PS; #define TYPE_OF_TPM_PS UINT32 #define TPM_PS_MAIN (TPM_PS)(0x00000000) #define TPM_PS_PC (TPM_PS)(0x00000001) #define TPM_PS_PDA (TPM_PS)(0x00000002) #define TPM_PS_CELL_PHONE (TPM_PS)(0x00000003) #define TPM_PS_SERVER (TPM_PS)(0x00000004) #define TPM_PS_PERIPHERAL (TPM_PS)(0x00000005) #define TPM_PS_TSS (TPM_PS)(0x00000006) #define TPM_PS_STORAGE (TPM_PS)(0x00000007) #define TPM_PS_AUTHENTICATION (TPM_PS)(0x00000008) #define TPM_PS_EMBEDDED (TPM_PS)(0x00000009) #define TPM_PS_HARDCOPY (TPM_PS)(0x0000000A) #define TPM_PS_INFRASTRUCTURE (TPM_PS)(0x0000000B) #define TPM_PS_VIRTUALIZATION (TPM_PS)(0x0000000C) #define TPM_PS_TNC (TPM_PS)(0x0000000D) #define TPM_PS_MULTI_TENANT (TPM_PS)(0x0000000E) #define TPM_PS_TC (TPM_PS)(0x0000000F) // Table 2:26 - Definition of Types for Handles typedef UINT32 TPM_HANDLE; #define TYPE_OF_TPM_HANDLE UINT32 // Table 2:27 - Definition of TPM_HT Constants typedef UINT8 TPM_HT; #define TYPE_OF_TPM_HT UINT8 #define TPM_HT_PCR (TPM_HT)(0x00) #define TPM_HT_NV_INDEX (TPM_HT)(0x01) #define TPM_HT_HMAC_SESSION (TPM_HT)(0x02) #define TPM_HT_LOADED_SESSION (TPM_HT)(0x02) #define TPM_HT_POLICY_SESSION (TPM_HT)(0x03) #define TPM_HT_SAVED_SESSION (TPM_HT)(0x03) #define TPM_HT_PERMANENT (TPM_HT)(0x40) #define TPM_HT_TRANSIENT (TPM_HT)(0x80) #define TPM_HT_PERSISTENT (TPM_HT)(0x81) #define TPM_HT_AC (TPM_HT)(0x90) // Table 2:28 - Definition of TPM_RH Constants typedef TPM_HANDLE TPM_RH; #define TPM_RH_FIRST (TPM_RH)(0x40000000) #define TPM_RH_SRK (TPM_RH)(0x40000000) #define TPM_RH_OWNER (TPM_RH)(0x40000001) #define TPM_RH_REVOKE (TPM_RH)(0x40000002) #define TPM_RH_TRANSPORT (TPM_RH)(0x40000003) #define TPM_RH_OPERATOR (TPM_RH)(0x40000004) #define TPM_RH_ADMIN (TPM_RH)(0x40000005) #define TPM_RH_EK (TPM_RH)(0x40000006) #define TPM_RH_NULL (TPM_RH)(0x40000007) #define TPM_RH_UNASSIGNED (TPM_RH)(0x40000008) #define TPM_RS_PW (TPM_RH)(0x40000009) #define TPM_RH_LOCKOUT (TPM_RH)(0x4000000A) #define TPM_RH_ENDORSEMENT (TPM_RH)(0x4000000B) #define TPM_RH_PLATFORM (TPM_RH)(0x4000000C) #define TPM_RH_PLATFORM_NV (TPM_RH)(0x4000000D) #define TPM_RH_AUTH_00 (TPM_RH)(0x40000010) #define TPM_RH_AUTH_FF (TPM_RH)(0x4000010F) #define TPM_RH_LAST (TPM_RH)(0x4000010F) // Table 2:29 - Definition of TPM_HC Constants typedef TPM_HANDLE TPM_HC; #define HR_HANDLE_MASK (TPM_HC)(0x00FFFFFF) #define HR_RANGE_MASK (TPM_HC)(0xFF000000) #define HR_SHIFT (TPM_HC)(24) #define HR_PCR (TPM_HC)((TPM_HT_PCR< #include #include //*************************************************************** //** Links to the wolfcrypt HASH code //*************************************************************** // Redefine the internal name used for each of the hash state structures to the // name used by the library. // These defines need to be known in all parts of the TPM so that the structure // sizes can be properly computed when needed. #define tpmHashStateSHA1_t wc_Sha #define tpmHashStateSHA256_t wc_Sha256 #define tpmHashStateSHA384_t wc_Sha512 #define tpmHashStateSHA512_t wc_Sha512 #if ALG_SM3 # error "The version of WolfCrypt used by this code does not support SM3" #endif // The defines below are only needed when compiling CryptHash.c or CryptSmac.c. // This isolation is primarily to avoid name space collision. However, if there // is a real collision, it will likely show up when the linker tries to put things // together. #ifdef _CRYPT_HASH_C_ typedef BYTE *PBYTE; typedef const BYTE *PCBYTE; // Define the interface between CryptHash.c to the functions provided by the // library. For each method, define the calling parameters of the method and then // define how the method is invoked in CryptHash.c. // // All hashes are required to have the same calling sequence. If they don't, create // a simple adaptation function that converts from the "standard" form of the call // to the form used by the specific hash (and then send a nasty letter to the // person who wrote the hash function for the library). // // The macro that calls the method also defines how the // parameters get swizzled between the default form (in CryptHash.c)and the // library form. // // Initialize the hash context #define HASH_START_METHOD_DEF void (HASH_START_METHOD)(PANY_HASH_STATE state) #define HASH_START(hashState) \ ((hashState)->def->method.start)(&(hashState)->state); // Add data to the hash #define HASH_DATA_METHOD_DEF \ void (HASH_DATA_METHOD)(PANY_HASH_STATE state, \ PCBYTE buffer, \ size_t size) #define HASH_DATA(hashState, dInSize, dIn) \ ((hashState)->def->method.data)(&(hashState)->state, dIn, dInSize) // Finalize the hash and get the digest #define HASH_END_METHOD_DEF \ void (HASH_END_METHOD)(PANY_HASH_STATE state, BYTE *buffer) #define HASH_END(hashState, buffer) \ ((hashState)->def->method.end)(&(hashState)->state, buffer) // Copy the hash context // Note: For import, export, and copy, memcpy() is used since there is no // reformatting necessary between the internal and external forms. #define HASH_STATE_COPY_METHOD_DEF \ void (HASH_STATE_COPY_METHOD)(PANY_HASH_STATE to, \ PCANY_HASH_STATE from, \ size_t size) #define HASH_STATE_COPY(hashStateOut, hashStateIn) \ ((hashStateIn)->def->method.copy)(&(hashStateOut)->state, \ &(hashStateIn)->state, \ (hashStateIn)->def->contextSize) // Copy (with reformatting when necessary) an internal hash structure to an // external blob #define HASH_STATE_EXPORT_METHOD_DEF \ void (HASH_STATE_EXPORT_METHOD)(BYTE *to, \ PCANY_HASH_STATE from, \ size_t size) #define HASH_STATE_EXPORT(to, hashStateFrom) \ ((hashStateFrom)->def->method.copyOut) \ (&(((BYTE *)(to))[offsetof(HASH_STATE, state)]), \ &(hashStateFrom)->state, \ (hashStateFrom)->def->contextSize) // Copy from an external blob to an internal formate (with reformatting when // necessary #define HASH_STATE_IMPORT_METHOD_DEF \ void (HASH_STATE_IMPORT_METHOD)(PANY_HASH_STATE to, \ const BYTE *from, \ size_t size) #define HASH_STATE_IMPORT(hashStateTo, from) \ ((hashStateTo)->def->method.copyIn) \ (&(hashStateTo)->state, \ &(((const BYTE *)(from))[offsetof(HASH_STATE, state)]),\ (hashStateTo)->def->contextSize) // Function aliases. The code in CryptHash.c uses the internal designation for the // functions. These need to be translated to the function names of the library. // Internal External // Designation Designation #define tpmHashStart_SHA1 wc_InitSha // external name of the // initialization method #define tpmHashData_SHA1 wc_ShaUpdate #define tpmHashEnd_SHA1 wc_ShaFinal #define tpmHashStateCopy_SHA1 memcpy #define tpmHashStateExport_SHA1 memcpy #define tpmHashStateImport_SHA1 memcpy #define tpmHashStart_SHA256 wc_InitSha256 #define tpmHashData_SHA256 wc_Sha256Update #define tpmHashEnd_SHA256 wc_Sha256Final #define tpmHashStateCopy_SHA256 memcpy #define tpmHashStateExport_SHA256 memcpy #define tpmHashStateImport_SHA256 memcpy #define tpmHashStart_SHA384 wc_InitSha384 #define tpmHashData_SHA384 wc_Sha384Update #define tpmHashEnd_SHA384 wc_Sha384Final #define tpmHashStateCopy_SHA384 memcpy #define tpmHashStateExport_SHA384 memcpy #define tpmHashStateImport_SHA384 memcpy #define tpmHashStart_SHA512 wc_InitSha512 #define tpmHashData_SHA512 wc_Sha512Update #define tpmHashEnd_SHA512 wc_Sha512Final #define tpmHashStateCopy_SHA512 memcpy #define tpmHashStateExport_SHA512 memcpy #define tpmHashStateImport_SHA512 memcpy #endif // _CRYPT_HASH_C_ #define LibHashInit() // This definition would change if there were something to report #define HashLibSimulationEnd() #endif // HASH_LIB_DEFINED go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Wolf/TpmToWolfMath.h000066400000000000000000000064741510276467000274270ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or other * materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Introduction // This file contains the structure definitions used for ECC in the LibTomCrypt // version of the code. These definitions would change, based on the library. // The ECC-related structures that cross the TPM interface are defined // in TpmTypes.h // #ifndef MATH_LIB_DEFINED #define MATH_LIB_DEFINED #define MATH_LIB_WOLF #if ALG_ECC #define HAVE_ECC #endif #include #include #define MP_VAR(name) \ mp_int _##name; \ mp_int *name = MpInitialize(&_##name); // Allocate a mp_int and initialize with the values in a mp_int* initializer #define MP_INITIALIZED(name, initializer) \ MP_VAR(name); \ BnToWolf(name, initializer); #define POINT_CREATE(name, initializer) \ ecc_point *name = EcPointInitialized(initializer); #define POINT_DELETE(name) \ wc_ecc_del_point(name); \ name = NULL; typedef ECC_CURVE_DATA bnCurve_t; typedef bnCurve_t *bigCurve; #define AccessCurveData(E) (E) #define CURVE_INITIALIZED(name, initializer) \ bnCurve_t *name = (ECC_CURVE_DATA *)GetCurveData(initializer) #define CURVE_FREE(E) #include "TpmToWolfSupport_fp.h" #define WOLF_ENTER() #define WOLF_LEAVE() // This definition would change if there were something to report #define MathLibSimulationEnd() #endif // MATH_LIB_DEFINED go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Wolf/TpmToWolfSym.h000066400000000000000000000107551510276467000273030ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or other * materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Introduction // // This header file is used to 'splice' the wolfcrypt library into the TPM code. #ifndef SYM_LIB_DEFINED #define SYM_LIB_DEFINED #define SYM_LIB_WOLF #include #include //*************************************************************** //** Links to the wolfCrypt AES code //*************************************************************** #if ALG_SM4 #error "SM4 is not available" #endif #if ALG_CAMELLIA #error "Camellia is not available" #endif // Define the order of parameters to the library functions that do block encryption // and decryption. typedef void(*TpmCryptSetSymKeyCall_t)( void *keySchedule, BYTE *out, const BYTE *in ); // The Crypt functions that call the block encryption function use the parameters // in the order: // 1) keySchedule // 2) in buffer // 3) out buffer // Since wolfcrypt uses the order in encryptoCall_t above, need to swizzle the // values to the order required by the library. #define SWIZZLE(keySchedule, in, out) \ (void *)(keySchedule), (BYTE *)(out), (const BYTE *)(in) // Macros to set up the encryption/decryption key schedules // // AES: #define TpmCryptSetEncryptKeyAES(key, keySizeInBits, schedule) \ wc_AesSetKeyDirect((tpmKeyScheduleAES *)(schedule), key, BITS_TO_BYTES(keySizeInBits), 0, AES_ENCRYPTION) #define TpmCryptSetDecryptKeyAES(key, keySizeInBits, schedule) \ wc_AesSetKeyDirect((tpmKeyScheduleAES *)(schedule), key, BITS_TO_BYTES(keySizeInBits), 0, AES_DECRYPTION) // TDES: #define TpmCryptSetEncryptKeyTDES(key, keySizeInBits, schedule) \ TDES_setup_encrypt_key((key), (keySizeInBits), (tpmKeyScheduleTDES *)(schedule)) #define TpmCryptSetDecryptKeyTDES(key, keySizeInBits, schedule) \ TDES_setup_decrypt_key((key), (keySizeInBits), (tpmKeyScheduleTDES *)(schedule)) // Macros to alias encryption calls to specific algorithms. This should be used // sparingly. Currently, only used by CryptRand.c // // When using these calls, to call the AES block encryption code, the caller // should use: // TpmCryptEncryptAES(SWIZZLE(keySchedule, in, out)); #define TpmCryptEncryptAES wc_AesEncryptDirect #define TpmCryptDecryptAES wc_AesDecryptDirect #define tpmKeyScheduleAES Aes #define TpmCryptEncryptTDES TDES_encrypt #define TpmCryptDecryptTDES TDES_decrypt #define tpmKeyScheduleTDES Des3 typedef union tpmCryptKeySchedule_t tpmCryptKeySchedule_t; #if ALG_TDES #include "TpmToWolfDesSupport_fp.h" #endif // This definition would change if there were something to report #define SymLibSimulationEnd() #endif // SYM_LIB_DEFINED go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/Wolf/user_settings.h000066400000000000000000000064231510276467000276120ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or other * materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /* TPM specific preprocessor flags for wolfcrypt */ #ifndef WOLF_CRYPT_USER_SETTINGS_H #define WOLF_CRYPT_USER_SETTINGS_H /* Remove the automatic setting of the default I/O functions EmbedSend() and EmbedReceive(). */ #define WOLFSSL_USER_IO /* Avoid naming conflicts */ #define NO_OLD_WC_NAMES /* Use stack based fast math for all big integer math */ #define USE_FAST_MATH #define TFM_TIMING_RESISTANT /* Expose direct encryption functions */ #define WOLFSSL_AES_DIRECT /* Enable/Disable algorithm support based on TPM implementation header */ #if ALG_SHA256 #define WOLFSSL_SHA256 #endif #if ALG_SHA384 || ALG_SHA512 #define WOLFSSL_SHA384 #define WOLFSSL_SHA512 #endif #if ALG_TDES #define WOLFSSL_DES_ECB #endif #if ALG_RSA /* Turn on RSA key generation functionality */ #define WOLFSSL_KEY_GEN #endif #if ALG_ECC || defined(WOLFSSL_LIB) #define HAVE_ECC /* Expose additional ECC primitives */ #define WOLFSSL_PUBLIC_ECC_ADD_DBL #define ECC_TIMING_RESISTANT /* Enables Shamir calc method */ #define ECC_SHAMIR /* The TPM only needs low level ECC crypto */ #define NO_ECC_SIGN #define NO_ECC_VERIFY #define NO_ECC_SECP #undef ECC_BN_P256 #undef ECC_SM2_P256 #undef ECC_BN_P638 #define ECC_BN_P256 NO #define ECC_SM2_P256 NO #define ECC_BN_P638 NO #endif /* Disable explicit RSA. The TPM support for RSA is dependent only on TFM */ #define NO_RSA #define NO_RC4 #define NO_ASN /* Enable debug wolf library check */ //#define LIBRARY_COMPATIBILITY_CHECK #define WOLFSSL_ #endif // WOLF_CRYPT_USER_SETTINGS_H go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/X509.h000066400000000000000000000116561510276467000244560ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Introduction // This file contains the macro and structure definitions for the X509 commands and // functions. #ifndef _X509_H_ #define _X509_H_ //** Includes #include "Tpm.h" #include "TpmASN1.h" //** Defined Constants //*** X509 Application-specific types #define X509_SELECTION 0xA0 #define X509_ISSUER_UNIQUE_ID 0xA1 #define X509_SUBJECT_UNIQUE_ID 0xA2 #define X509_EXTENSIONS 0xA3 // These defines give the order in which values appear in the TBScertificate // of an x.509 certificate. These values are used to index into an array of // #define ENCODED_SIZE_REF 0 #define VERSION_REF (ENCODED_SIZE_REF + 1) #define SERIAL_NUMBER_REF (VERSION_REF + 1) #define SIGNATURE_REF (SERIAL_NUMBER_REF + 1) #define ISSUER_REF (SIGNATURE_REF + 1) #define VALIDITY_REF (ISSUER_REF + 1) #define SUBJECT_KEY_REF (VALIDITY_REF + 1) #define SUBJECT_PUBLIC_KEY_REF (SUBJECT_KEY_REF + 1) #define EXTENSIONS_REF (SUBJECT_PUBLIC_KEY_REF + 1) #define REF_COUNT (EXTENSIONS_REF + 1) #undef MAKE_OID #ifdef _X509_SPT_ # define MAKE_OID(NAME) \ const BYTE OID##NAME[] = {OID##NAME##_VALUE} #else # define MAKE_OID(NAME) \ extern const BYTE OID##NAME[] #endif //** Structures // Used to access the fields of a TBSsignature some of which are in the in_CertifyX509 // structure and some of which are in the out_CertifyX509 structure. typedef struct stringRef { BYTE *buf; INT16 len; } stringRef; typedef union x509KeyUsageUnion { TPMA_X509_KEY_USAGE x509; UINT32 integer; } x509KeyUsageUnion; //** Global X509 Constants // These values are instanced by X509_spt.c and referenced by other X509-related // files. // This is the DER-encoded value for the Key Usage OID (2.5.29.15). This is the // full OID, not just the numeric value #define OID_KEY_USAGE_EXTENSTION_VALUE 0x06, 0x03, 0x55, 0x1D, 0x0F MAKE_OID(_KEY_USAGE_EXTENSTION); // This is the DER-encoded value for the TCG-defined TPMA_OBJECT OID // (2.23.133.10.1.1.1) #define OID_TCG_TPMA_OBJECT_VALUE 0x06, 0x07, 0x67, 0x81, 0x05, 0x0a, 0x01, \ 0x01, 0x01 MAKE_OID(_TCG_TPMA_OBJECT); #ifdef _X509_SPT_ const x509KeyUsageUnion keyUsageSign = { TPMA_X509_KEY_USAGE_INITIALIZER( /* digitalsignature */ 1, /* nonrepudiation */ 0, /* keyencipherment */ 0, /* dataencipherment */ 0, /* keyagreement */ 0, /* keycertsign */ 1, /* crlsign */ 1, /* encipheronly */ 0, /* decipheronly */ 0, /* bits_at_9 */ 0) }; const x509KeyUsageUnion keyUsageDecrypt = { TPMA_X509_KEY_USAGE_INITIALIZER( /* digitalsignature */ 0, /* nonrepudiation */ 0, /* keyencipherment */ 1, /* dataencipherment */ 1, /* keyagreement */ 1, /* keycertsign */ 0, /* crlsign */ 0, /* encipheronly */ 1, /* decipheronly */ 1, /* bits_at_9 */ 0) }; #else extern x509KeyUsageUnion keyUsageSign; extern x509KeyUsageUnion keyUsageDecrypt; #endif #undef MAKE_OID #endif // _X509_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/000077500000000000000000000000001510276467000260575ustar00rootroot00000000000000go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AC_GetCapability_fp.h000066400000000000000000000053341510276467000320060ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_AC_GetCapability // Command must be enabled #ifndef _AC_Get_Capability_FP_H_ #define _AC_Get_Capability_FP_H_ // Input structure definition typedef struct { TPMI_RH_AC ac; TPM_AT capability; UINT32 count; } AC_GetCapability_In; // Output structure definition typedef struct { TPMI_YES_NO moreData; TPML_AC_CAPABILITIES capabilitiesData; } AC_GetCapability_Out; // Response code modifiers #define RC_AC_GetCapability_ac (TPM_RC_H + TPM_RC_1) #define RC_AC_GetCapability_capability (TPM_RC_P + TPM_RC_1) #define RC_AC_GetCapability_count (TPM_RC_P + TPM_RC_2) // Function prototype TPM_RC TPM2_AC_GetCapability( AC_GetCapability_In *in, AC_GetCapability_Out *out ); #endif // _AC_Get_Capability_FP_H_ #endif // CC_AC_GetCapability go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AC_Send_fp.h000066400000000000000000000052721510276467000301570ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_AC_Send // Command must be enabled #ifndef _AC_Send_FP_H_ #define _AC_Send_FP_H_ // Input structure definition typedef struct { TPMI_DH_OBJECT sendObject; TPMI_RH_NV_AUTH authHandle; TPMI_RH_AC ac; TPM2B_MAX_BUFFER acDataIn; } AC_Send_In; // Output structure definition typedef struct { TPMS_AC_OUTPUT acDataOut; } AC_Send_Out; // Response code modifiers #define RC_AC_Send_sendObject (TPM_RC_H + TPM_RC_1) #define RC_AC_Send_authHandle (TPM_RC_H + TPM_RC_2) #define RC_AC_Send_ac (TPM_RC_H + TPM_RC_3) #define RC_AC_Send_acDataIn (TPM_RC_P + TPM_RC_1) // Function prototype TPM_RC TPM2_AC_Send( AC_Send_In *in, AC_Send_Out *out ); #endif // _AC_Send_FP_H_ #endif // CC_AC_Send go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AC_spt_fp.h000066400000000000000000000061341510276467000300720ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Mar 28, 2019 Time: 08:25:18PM */ #ifndef _AC_SPT_FP_H_ #define _AC_SPT_FP_H_ //*** AcToCapabilities() // This function returns a pointer to a list of AC capabilities. TPML_AC_CAPABILITIES * AcToCapabilities( TPMI_RH_AC component // IN: component ); //*** AcIsAccessible() // Function to determine if an AC handle references an actual AC // Return Type: BOOL BOOL AcIsAccessible( TPM_HANDLE acHandle ); //*** AcCapabilitiesGet() // This function returns a list of capabilities associated with an AC // Return Type: TPMI_YES_NO // YES if there are more handles available // NO all the available handles has been returned TPMI_YES_NO AcCapabilitiesGet( TPMI_RH_AC component, // IN: the component TPM_AT type, // IN: start capability type TPML_AC_CAPABILITIES *capabilityList // OUT: list of handle ); //*** AcSendObject() // Stub to handle sending of an AC object // Return Type: TPM_RC TPM_RC AcSendObject( TPM_HANDLE acHandle, // IN: Handle of AC receiving object OBJECT *object, // IN: object structure to send TPMS_AC_OUTPUT *acDataOut // OUT: results of operation ); #endif // _AC_SPT_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ActivateCredential_fp.h000066400000000000000000000055551510276467000324620ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_ActivateCredential // Command must be enabled #ifndef _Activate_Credential_FP_H_ #define _Activate_Credential_FP_H_ // Input structure definition typedef struct { TPMI_DH_OBJECT activateHandle; TPMI_DH_OBJECT keyHandle; TPM2B_ID_OBJECT credentialBlob; TPM2B_ENCRYPTED_SECRET secret; } ActivateCredential_In; // Output structure definition typedef struct { TPM2B_DIGEST certInfo; } ActivateCredential_Out; // Response code modifiers #define RC_ActivateCredential_activateHandle (TPM_RC_H + TPM_RC_1) #define RC_ActivateCredential_keyHandle (TPM_RC_H + TPM_RC_2) #define RC_ActivateCredential_credentialBlob (TPM_RC_P + TPM_RC_1) #define RC_ActivateCredential_secret (TPM_RC_P + TPM_RC_2) // Function prototype TPM_RC TPM2_ActivateCredential( ActivateCredential_In *in, ActivateCredential_Out *out ); #endif // _Activate_Credential_FP_H_ #endif // CC_ActivateCredential go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AlgorithmCap_fp.h000066400000000000000000000052761510276467000313010ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Mar 28, 2019 Time: 08:25:19PM */ #ifndef _ALGORITHM_CAP_FP_H_ #define _ALGORITHM_CAP_FP_H_ //** AlgorithmCapGetImplemented() // This function is used by TPM2_GetCapability() to return a list of the // implemented algorithms. // Return Type: TPMI_YES_NO // YES more algorithms to report // NO no more algorithms to report TPMI_YES_NO AlgorithmCapGetImplemented( TPM_ALG_ID algID, // IN: the starting algorithm ID UINT32 count, // IN: count of returned algorithms TPML_ALG_PROPERTY *algList // OUT: algorithm list ); //** AlgorithmGetImplementedVector() // This function returns the bit vector of the implemented algorithms. LIB_EXPORT void AlgorithmGetImplementedVector( ALGORITHM_VECTOR *implemented // OUT: the implemented bits are SET ); #endif // _ALGORITHM_CAP_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/AlgorithmTests_fp.h000066400000000000000000000056111510276467000316710ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Mar 28, 2019 Time: 08:25:18PM */ #ifndef _ALGORITHM_TESTS_FP_H_ #define _ALGORITHM_TESTS_FP_H_ #if SELF_TEST //*** TestAlgorithm() // Dispatches to the correct test function for the algorithm or gets a list of // testable algorithms. // // If 'toTest' is not NULL, then the test decisions are based on the algorithm // selections in 'toTest'. Otherwise, 'g_toTest' is used. When bits are clear in // 'g_toTest' they will also be cleared 'toTest'. // // If there doesn't happen to be a test for the algorithm, its associated bit is // quietly cleared. // // If 'alg' is zero (TPM_ALG_ERROR), then the toTest vector is cleared of any bits // for which there is no test (i.e. no tests are actually run but the vector is // cleared). // // Note: 'toTest' will only ever have bits set for implemented algorithms but 'alg' // can be anything. // Return Type: TPM_RC // TPM_RC_CANCELED test was canceled LIB_EXPORT TPM_RC TestAlgorithm( TPM_ALG_ID alg, ALGORITHM_VECTOR *toTest ); #endif // SELF_TESTS #endif // _ALGORITHM_TESTS_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Attest_spt_fp.h000066400000000000000000000075021510276467000310530ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Mar 28, 2019 Time: 08:25:18PM */ #ifndef _ATTEST_SPT_FP_H_ #define _ATTEST_SPT_FP_H_ //***FillInAttestInfo() // Fill in common fields of TPMS_ATTEST structure. void FillInAttestInfo( TPMI_DH_OBJECT signHandle, // IN: handle of signing object TPMT_SIG_SCHEME *scheme, // IN/OUT: scheme to be used for signing TPM2B_DATA *data, // IN: qualifying data TPMS_ATTEST *attest // OUT: attest structure ); //***SignAttestInfo() // Sign a TPMS_ATTEST structure. If signHandle is TPM_RH_NULL, a null signature // is returned. // // Return Type: TPM_RC // TPM_RC_ATTRIBUTES 'signHandle' references not a signing key // TPM_RC_SCHEME 'scheme' is not compatible with 'signHandle' type // TPM_RC_VALUE digest generated for the given 'scheme' is greater than // the modulus of 'signHandle' (for an RSA key); // invalid commit status or failed to generate "r" value // (for an ECC key) TPM_RC SignAttestInfo( OBJECT *signKey, // IN: sign object TPMT_SIG_SCHEME *scheme, // IN: sign scheme TPMS_ATTEST *certifyInfo, // IN: the data to be signed TPM2B_DATA *qualifyingData, // IN: extra data for the signing // process TPM2B_ATTEST *attest, // OUT: marshaled attest blob to be // signed TPMT_SIGNATURE *signature // OUT: signature ); //*** IsSigningObject() // Checks to see if the object is OK for signing. This is here rather than in // Object_spt.c because all the attestation commands use this file but not // Object_spt.c. // Return Type: BOOL // TRUE(1) object may sign // FALSE(0) object may not sign BOOL IsSigningObject( OBJECT *object // IN: ); #endif // _ATTEST_SPT_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Bits_fp.h000066400000000000000000000056741510276467000276320ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Mar 28, 2019 Time: 08:25:19PM */ #ifndef _BITS_FP_H_ #define _BITS_FP_H_ //*** TestBit() // This function is used to check the setting of a bit in an array of bits. // Return Type: BOOL // TRUE(1) bit is set // FALSE(0) bit is not set BOOL TestBit( unsigned int bitNum, // IN: number of the bit in 'bArray' BYTE *bArray, // IN: array containing the bits unsigned int bytesInArray // IN: size in bytes of 'bArray' ); //*** SetBit() // This function will set the indicated bit in 'bArray'. void SetBit( unsigned int bitNum, // IN: number of the bit in 'bArray' BYTE *bArray, // IN: array containing the bits unsigned int bytesInArray // IN: size in bytes of 'bArray' ); //*** ClearBit() // This function will clear the indicated bit in 'bArray'. void ClearBit( unsigned int bitNum, // IN: number of the bit in 'bArray'. BYTE *bArray, // IN: array containing the bits unsigned int bytesInArray // IN: size in bytes of 'bArray' ); #endif // _BITS_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/BnConvert_fp.h000066400000000000000000000126021510276467000306160ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Mar 28, 2019 Time: 08:25:18PM */ #ifndef _BN_CONVERT_FP_H_ #define _BN_CONVERT_FP_H_ //*** BnFromBytes() // This function will convert a big-endian byte array to the internal number // format. If bn is NULL, then the output is NULL. If bytes is null or the // required size is 0, then the output is set to zero LIB_EXPORT bigNum BnFromBytes( bigNum bn, const BYTE *bytes, NUMBYTES nBytes ); //*** BnFrom2B() // Convert an TPM2B to a BIG_NUM. // If the input value does not exist, or the output does not exist, or the input // will not fit into the output the function returns NULL LIB_EXPORT bigNum BnFrom2B( bigNum bn, // OUT: const TPM2B *a2B // IN: number to convert ); //*** BnFromHex() // Convert a hex string into a bigNum. This is primarily used in debugging. LIB_EXPORT bigNum BnFromHex( bigNum bn, // OUT: const char *hex // IN: ); //*** BnToBytes() // This function converts a BIG_NUM to a byte array. It converts the bigNum to a // big-endian byte string and sets 'size' to the normalized value. If 'size' is an // input 0, then the receiving buffer is guaranteed to be large enough for the result // and the size will be set to the size required for bigNum (leading zeros // suppressed). // // The conversion for a little-endian machine simply requires that all significant // bytes of the bigNum be reversed. For a big-endian machine, rather than // unpack each word individually, the bigNum is converted to little-endian words, // copied, and then converted back to big-endian. LIB_EXPORT BOOL BnToBytes( bigConst bn, BYTE *buffer, NUMBYTES *size // This the number of bytes that are // available in the buffer. The result // should be this big. ); //*** BnTo2B() // Function to convert a BIG_NUM to TPM2B. // The TPM2B size is set to the requested 'size' which may require padding. // If 'size' is non-zero and less than required by the value in 'bn' then an error // is returned. If 'size' is zero, then the TPM2B is assumed to be large enough // for the data and a2b->size will be adjusted accordingly. LIB_EXPORT BOOL BnTo2B( bigConst bn, // IN: TPM2B *a2B, // OUT: NUMBYTES size // IN: the desired size ); #if ALG_ECC //*** BnPointFrom2B() // Function to create a BIG_POINT structure from a 2B point. // A point is going to be two ECC values in the same buffer. The values are going // to be the size of the modulus. They are in modular form. LIB_EXPORT bn_point_t * BnPointFrom2B( bigPoint ecP, // OUT: the preallocated point structure TPMS_ECC_POINT *p // IN: the number to convert ); //*** BnPointTo2B() // This function converts a BIG_POINT into a TPMS_ECC_POINT. A TPMS_ECC_POINT // contains two TPM2B_ECC_PARAMETER values. The maximum size of the parameters // is dependent on the maximum EC key size used in an implementation. // The presumption is that the TPMS_ECC_POINT is large enough to hold 2 TPM2B // values, each as large as a MAX_ECC_PARAMETER_BYTES LIB_EXPORT BOOL BnPointTo2B( TPMS_ECC_POINT *p, // OUT: the converted 2B structure bigPoint ecP, // IN: the values to be converted bigCurve E // IN: curve descriptor for the point ); #endif // ALG_ECC #endif // _BN_CONVERT_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/BnMath_fp.h000066400000000000000000000200561510276467000300710ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Mar 28, 2019 Time: 08:25:18PM */ #ifndef _BN_MATH_FP_H_ #define _BN_MATH_FP_H_ //*** BnAdd() // This function adds two bigNum values. This function always returns TRUE. LIB_EXPORT BOOL BnAdd( bigNum result, bigConst op1, bigConst op2 ); //*** BnAddWord() // This function adds a word value to a bigNum. This function always returns TRUE. LIB_EXPORT BOOL BnAddWord( bigNum result, bigConst op, crypt_uword_t word ); //*** BnSub() // This function does subtraction of two bigNum values and returns result = op1 - op2 // when op1 is greater than op2. If op2 is greater than op1, then a fault is // generated. This function always returns TRUE. LIB_EXPORT BOOL BnSub( bigNum result, bigConst op1, bigConst op2 ); //*** BnSubWord() // This function subtracts a word value from a bigNum. This function always // returns TRUE. LIB_EXPORT BOOL BnSubWord( bigNum result, bigConst op, crypt_uword_t word ); //*** BnUnsignedCmp() // This function performs a comparison of op1 to op2. The compare is approximately // constant time if the size of the values used in the compare is consistent // across calls (from the same line in the calling code). // Return Type: int // < 0 op1 is less than op2 // 0 op1 is equal to op2 // > 0 op1 is greater than op2 LIB_EXPORT int BnUnsignedCmp( bigConst op1, bigConst op2 ); //*** BnUnsignedCmpWord() // Compare a bigNum to a crypt_uword_t. // Return Type: int // -1 op1 is less that word // 0 op1 is equal to word // 1 op1 is greater than word LIB_EXPORT int BnUnsignedCmpWord( bigConst op1, crypt_uword_t word ); //*** BnModWord() // This function does modular division of a big number when the modulus is a // word value. LIB_EXPORT crypt_word_t BnModWord( bigConst numerator, crypt_word_t modulus ); //*** Msb() // This function returns the bit number of the most significant bit of a // crypt_uword_t. The number for the least significant bit of any bigNum value is 0. // The maximum return value is RADIX_BITS - 1, // Return Type: int // -1 the word was zero // n the bit number of the most significant bit in the word LIB_EXPORT int Msb( crypt_uword_t word ); //*** BnMsb() // This function returns the number of the MSb of a bigNum value. // Return Type: int // -1 the word was zero or 'bn' was NULL // n the bit number of the most significant bit in the word LIB_EXPORT int BnMsb( bigConst bn ); //*** BnSizeInBits() // This function returns the number of bits required to hold a number. It is one // greater than the Msb. // LIB_EXPORT unsigned BnSizeInBits( bigConst n ); //*** BnSetWord() // Change the value of a bignum_t to a word value. LIB_EXPORT bigNum BnSetWord( bigNum n, crypt_uword_t w ); //*** BnSetBit() // This function will SET a bit in a bigNum. Bit 0 is the least-significant bit in // the 0th digit_t. The function always return TRUE LIB_EXPORT BOOL BnSetBit( bigNum bn, // IN/OUT: big number to modify unsigned int bitNum // IN: Bit number to SET ); //*** BnTestBit() // This function is used to check to see if a bit is SET in a bignum_t. The 0th bit // is the LSb of d[0]. // Return Type: BOOL // TRUE(1) the bit is set // FALSE(0) the bit is not set or the number is out of range LIB_EXPORT BOOL BnTestBit( bigNum bn, // IN: number to check unsigned int bitNum // IN: bit to test ); //***BnMaskBits() // This function is used to mask off high order bits of a big number. // The returned value will have no more than 'maskBit' bits // set. // Note: There is a requirement that unused words of a bignum_t are set to zero. // Return Type: BOOL // TRUE(1) result masked // FALSE(0) the input was not as large as the mask LIB_EXPORT BOOL BnMaskBits( bigNum bn, // IN/OUT: number to mask crypt_uword_t maskBit // IN: the bit number for the mask. ); //*** BnShiftRight() // This function will shift a bigNum to the right by the shiftAmount. // This function always returns TRUE. LIB_EXPORT BOOL BnShiftRight( bigNum result, bigConst toShift, uint32_t shiftAmount ); //*** BnGetRandomBits() // This function gets random bits for use in various places. To make sure that the // number is generated in a portable format, it is created as a TPM2B and then // converted to the internal format. // // One consequence of the generation scheme is that, if the number of bits requested // is not a multiple of 8, then the high-order bits are set to zero. This would come // into play when generating a 521-bit ECC key. A 66-byte (528-bit) value is // generated an the high order 7 bits are masked off (CLEAR). // Return Type: BOOL // TRUE(1) success // FALSE(0) failure LIB_EXPORT BOOL BnGetRandomBits( bigNum n, size_t bits, RAND_STATE *rand ); //*** BnGenerateRandomInRange() // This function is used to generate a random number r in the range 1 <= r < limit. // The function gets a random number of bits that is the size of limit. There is some // some probability that the returned number is going to be greater than or equal // to the limit. If it is, try again. There is no more than 50% chance that the // next number is also greater, so try again. We keep trying until we get a // value that meets the criteria. Since limit is very often a number with a LOT of // high order ones, this rarely would need a second try. // Return Type: BOOL // TRUE(1) success // FALSE(0) failure ('limit' is too small) LIB_EXPORT BOOL BnGenerateRandomInRange( bigNum dest, bigConst limit, RAND_STATE *rand ); #endif // _BN_MATH_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/BnMemory_fp.h000066400000000000000000000075001510276467000304470ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Mar 28, 2019 Time: 08:25:18PM */ #ifndef _BN_MEMORY_FP_H_ #define _BN_MEMORY_FP_H_ //*** BnSetTop() // This function is used when the size of a bignum_t is changed. It // makes sure that the unused words are set to zero and that any significant // words of zeros are eliminated from the used size indicator. LIB_EXPORT bigNum BnSetTop( bigNum bn, // IN/OUT: number to clean crypt_uword_t top // IN: the new top ); //*** BnClearTop() // This function will make sure that all unused words are zero. LIB_EXPORT bigNum BnClearTop( bigNum bn ); //*** BnInitializeWord() // This function is used to initialize an allocated bigNum with a word value. The // bigNum does not have to be allocated with a single word. LIB_EXPORT bigNum BnInitializeWord( bigNum bn, // IN: crypt_uword_t allocated, // IN: crypt_uword_t word // IN: ); //*** BnInit() // This function initializes a stack allocated bignum_t. It initializes // 'allocated' and 'size' and zeros the words of 'd'. LIB_EXPORT bigNum BnInit( bigNum bn, crypt_uword_t allocated ); //*** BnCopy() // Function to copy a bignum_t. If the output is NULL, then // nothing happens. If the input is NULL, the output is set // to zero. LIB_EXPORT BOOL BnCopy( bigNum out, bigConst in ); #if ALG_ECC //*** BnPointCopy() // Function to copy a bn point. LIB_EXPORT BOOL BnPointCopy( bigPoint pOut, pointConst pIn ); //*** BnInitializePoint() // This function is used to initialize a point structure with the addresses // of the coordinates. LIB_EXPORT bn_point_t * BnInitializePoint( bigPoint p, // OUT: structure to receive pointers bigNum x, // IN: x coordinate bigNum y, // IN: y coordinate bigNum z // IN: x coordinate ); #endif // ALG_ECC #endif // _BN_MEMORY_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CertifyCreation_fp.h000066400000000000000000000060731510276467000320150ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_CertifyCreation // Command must be enabled #ifndef _Certify_Creation_FP_H_ #define _Certify_Creation_FP_H_ // Input structure definition typedef struct { TPMI_DH_OBJECT signHandle; TPMI_DH_OBJECT objectHandle; TPM2B_DATA qualifyingData; TPM2B_DIGEST creationHash; TPMT_SIG_SCHEME inScheme; TPMT_TK_CREATION creationTicket; } CertifyCreation_In; // Output structure definition typedef struct { TPM2B_ATTEST certifyInfo; TPMT_SIGNATURE signature; } CertifyCreation_Out; // Response code modifiers #define RC_CertifyCreation_signHandle (TPM_RC_H + TPM_RC_1) #define RC_CertifyCreation_objectHandle (TPM_RC_H + TPM_RC_2) #define RC_CertifyCreation_qualifyingData (TPM_RC_P + TPM_RC_1) #define RC_CertifyCreation_creationHash (TPM_RC_P + TPM_RC_2) #define RC_CertifyCreation_inScheme (TPM_RC_P + TPM_RC_3) #define RC_CertifyCreation_creationTicket (TPM_RC_P + TPM_RC_4) // Function prototype TPM_RC TPM2_CertifyCreation( CertifyCreation_In *in, CertifyCreation_Out *out ); #endif // _Certify_Creation_FP_H_ #endif // CC_CertifyCreation go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CertifyX509_fp.h000066400000000000000000000057241510276467000307200ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Apr 2, 2019 Time: 11:00:48AM */ #if CC_CertifyX509 // Command must be enabled #ifndef _Certify_X509_FP_H_ #define _Certify_X509_FP_H_ // Input structure definition typedef struct { TPMI_DH_OBJECT objectHandle; TPMI_DH_OBJECT signHandle; TPM2B_DATA qualifyingData; TPMT_SIG_SCHEME inScheme; TPM2B_MAX_BUFFER partialCertificate; } CertifyX509_In; // Output structure definition typedef struct { TPM2B_MAX_BUFFER addedToCertificate; TPM2B_DIGEST tbsDigest; TPMT_SIGNATURE signature; } CertifyX509_Out; // Response code modifiers #define RC_CertifyX509_objectHandle (TPM_RC_H + TPM_RC_1) #define RC_CertifyX509_signHandle (TPM_RC_H + TPM_RC_2) #define RC_CertifyX509_qualifyingData (TPM_RC_P + TPM_RC_1) #define RC_CertifyX509_inScheme (TPM_RC_P + TPM_RC_2) #define RC_CertifyX509_partialCertificate (TPM_RC_P + TPM_RC_3) // Function prototype TPM_RC TPM2_CertifyX509( CertifyX509_In *in, CertifyX509_Out *out ); #endif // _Certify_X509_FP_H_ #endif // CC_CertifyX509 go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Certify_fp.h000066400000000000000000000053721510276467000303310ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_Certify // Command must be enabled #ifndef _Certify_FP_H_ #define _Certify_FP_H_ // Input structure definition typedef struct { TPMI_DH_OBJECT objectHandle; TPMI_DH_OBJECT signHandle; TPM2B_DATA qualifyingData; TPMT_SIG_SCHEME inScheme; } Certify_In; // Output structure definition typedef struct { TPM2B_ATTEST certifyInfo; TPMT_SIGNATURE signature; } Certify_Out; // Response code modifiers #define RC_Certify_objectHandle (TPM_RC_H + TPM_RC_1) #define RC_Certify_signHandle (TPM_RC_H + TPM_RC_2) #define RC_Certify_qualifyingData (TPM_RC_P + TPM_RC_1) #define RC_Certify_inScheme (TPM_RC_P + TPM_RC_2) // Function prototype TPM_RC TPM2_Certify( Certify_In *in, Certify_Out *out ); #endif // _Certify_FP_H_ #endif // CC_Certify go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ChangeEPS_fp.h000066400000000000000000000044221510276467000304540ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_ChangeEPS // Command must be enabled #ifndef _Change_EPS_FP_H_ #define _Change_EPS_FP_H_ // Input structure definition typedef struct { TPMI_RH_PLATFORM authHandle; } ChangeEPS_In; // Response code modifiers #define RC_ChangeEPS_authHandle (TPM_RC_H + TPM_RC_1) // Function prototype TPM_RC TPM2_ChangeEPS( ChangeEPS_In *in ); #endif // _Change_EPS_FP_H_ #endif // CC_ChangeEPS go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ChangePPS_fp.h000066400000000000000000000044221510276467000304670ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_ChangePPS // Command must be enabled #ifndef _Change_PPS_FP_H_ #define _Change_PPS_FP_H_ // Input structure definition typedef struct { TPMI_RH_PLATFORM authHandle; } ChangePPS_In; // Response code modifiers #define RC_ChangePPS_authHandle (TPM_RC_H + TPM_RC_1) // Function prototype TPM_RC TPM2_ChangePPS( ChangePPS_In *in ); #endif // _Change_PPS_FP_H_ #endif // CC_ChangePPS go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ClearControl_fp.h000066400000000000000000000046021510276467000313060ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_ClearControl // Command must be enabled #ifndef _Clear_Control_FP_H_ #define _Clear_Control_FP_H_ // Input structure definition typedef struct { TPMI_RH_CLEAR auth; TPMI_YES_NO disable; } ClearControl_In; // Response code modifiers #define RC_ClearControl_auth (TPM_RC_H + TPM_RC_1) #define RC_ClearControl_disable (TPM_RC_P + TPM_RC_1) // Function prototype TPM_RC TPM2_ClearControl( ClearControl_In *in ); #endif // _Clear_Control_FP_H_ #endif // CC_ClearControl go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Clear_fp.h000066400000000000000000000043631510276467000277510ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_Clear // Command must be enabled #ifndef _Clear_FP_H_ #define _Clear_FP_H_ // Input structure definition typedef struct { TPMI_RH_CLEAR authHandle; } Clear_In; // Response code modifiers #define RC_Clear_authHandle (TPM_RC_H + TPM_RC_1) // Function prototype TPM_RC TPM2_Clear( Clear_In *in ); #endif // _Clear_FP_H_ #endif // CC_Clear go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ClockRateAdjust_fp.h000066400000000000000000000046451510276467000317500ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_ClockRateAdjust // Command must be enabled #ifndef _Clock_Rate_Adjust_FP_H_ #define _Clock_Rate_Adjust_FP_H_ // Input structure definition typedef struct { TPMI_RH_PROVISION auth; TPM_CLOCK_ADJUST rateAdjust; } ClockRateAdjust_In; // Response code modifiers #define RC_ClockRateAdjust_auth (TPM_RC_H + TPM_RC_1) #define RC_ClockRateAdjust_rateAdjust (TPM_RC_P + TPM_RC_1) // Function prototype TPM_RC TPM2_ClockRateAdjust( ClockRateAdjust_In *in ); #endif // _Clock_Rate_Adjust_FP_H_ #endif // CC_ClockRateAdjust go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ClockSet_fp.h000066400000000000000000000045461510276467000304350ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_ClockSet // Command must be enabled #ifndef _Clock_Set_FP_H_ #define _Clock_Set_FP_H_ // Input structure definition typedef struct { TPMI_RH_PROVISION auth; UINT64 newTime; } ClockSet_In; // Response code modifiers #define RC_ClockSet_auth (TPM_RC_H + TPM_RC_1) #define RC_ClockSet_newTime (TPM_RC_P + TPM_RC_1) // Function prototype TPM_RC TPM2_ClockSet( ClockSet_In *in ); #endif // _Clock_Set_FP_H_ #endif // CC_ClockSet go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CommandAudit_fp.h000066400000000000000000000122211510276467000312600ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Apr 2, 2019 Time: 04:23:27PM */ #ifndef _COMMAND_AUDIT_FP_H_ #define _COMMAND_AUDIT_FP_H_ //*** CommandAuditPreInstall_Init() // This function initializes the command audit list. This function simulates // the behavior of manufacturing. A function is used instead of a structure // definition because this is easier than figuring out the initialization value // for a bit array. // // This function would not be implemented outside of a manufacturing or // simulation environment. void CommandAuditPreInstall_Init( void ); //*** CommandAuditStartup() // This function clears the command audit digest on a TPM Reset. BOOL CommandAuditStartup( STARTUP_TYPE type // IN: start up type ); //*** CommandAuditSet() // This function will SET the audit flag for a command. This function // will not SET the audit flag for a command that is not implemented. This // ensures that the audit status is not SET when TPM2_GetCapability() is // used to read the list of audited commands. // // This function is only used by TPM2_SetCommandCodeAuditStatus(). // // The actions in TPM2_SetCommandCodeAuditStatus() are expected to cause the // changes to be saved to NV after it is setting and clearing bits. // Return Type: BOOL // TRUE(1) command code audit status was changed // FALSE(0) command code audit status was not changed BOOL CommandAuditSet( TPM_CC commandCode // IN: command code ); //*** CommandAuditClear() // This function will CLEAR the audit flag for a command. It will not CLEAR the // audit flag for TPM_CC_SetCommandCodeAuditStatus(). // // This function is only used by TPM2_SetCommandCodeAuditStatus(). // // The actions in TPM2_SetCommandCodeAuditStatus() are expected to cause the // changes to be saved to NV after it is setting and clearing bits. // Return Type: BOOL // TRUE(1) command code audit status was changed // FALSE(0) command code audit status was not changed BOOL CommandAuditClear( TPM_CC commandCode // IN: command code ); //*** CommandAuditIsRequired() // This function indicates if the audit flag is SET for a command. // Return Type: BOOL // TRUE(1) command is audited // FALSE(0) command is not audited BOOL CommandAuditIsRequired( COMMAND_INDEX commandIndex // IN: command index ); //*** CommandAuditCapGetCCList() // This function returns a list of commands that have their audit bit SET. // // The list starts at the input commandCode. // Return Type: TPMI_YES_NO // YES if there are more command code available // NO all the available command code has been returned TPMI_YES_NO CommandAuditCapGetCCList( TPM_CC commandCode, // IN: start command code UINT32 count, // IN: count of returned TPM_CC TPML_CC *commandList // OUT: list of TPM_CC ); //*** CommandAuditGetDigest // This command is used to create a digest of the commands being audited. The // commands are processed in ascending numeric order with a list of TPM_CC being // added to a hash. This operates as if all the audited command codes were // concatenated and then hashed. void CommandAuditGetDigest( TPM2B_DIGEST *digest // OUT: command digest ); #endif // _COMMAND_AUDIT_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CommandCodeAttributes_fp.h000066400000000000000000000147741510276467000331520ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Mar 28, 2019 Time: 08:25:19PM */ #ifndef _COMMAND_CODE_ATTRIBUTES_FP_H_ #define _COMMAND_CODE_ATTRIBUTES_FP_H_ //*** GetClosestCommandIndex() // This function returns the command index for the command with a value that is // equal to or greater than the input value // Return Type: COMMAND_INDEX // UNIMPLEMENTED_COMMAND_INDEX command is not implemented // other index of a command COMMAND_INDEX GetClosestCommandIndex( TPM_CC commandCode // IN: the command code to start at ); //*** CommandCodeToComandIndex() // This function returns the index in the various attributes arrays of the // command. // Return Type: COMMAND_INDEX // UNIMPLEMENTED_COMMAND_INDEX command is not implemented // other index of the command COMMAND_INDEX CommandCodeToCommandIndex( TPM_CC commandCode // IN: the command code to look up ); //*** GetNextCommandIndex() // This function returns the index of the next implemented command. // Return Type: COMMAND_INDEX // UNIMPLEMENTED_COMMAND_INDEX no more implemented commands // other the index of the next implemented command COMMAND_INDEX GetNextCommandIndex( COMMAND_INDEX commandIndex // IN: the starting index ); //*** GetCommandCode() // This function returns the commandCode associated with the command index TPM_CC GetCommandCode( COMMAND_INDEX commandIndex // IN: the command index ); //*** CommandAuthRole() // // This function returns the authorization role required of a handle. // // Return Type: AUTH_ROLE // AUTH_NONE no authorization is required // AUTH_USER user role authorization is required // AUTH_ADMIN admin role authorization is required // AUTH_DUP duplication role authorization is required AUTH_ROLE CommandAuthRole( COMMAND_INDEX commandIndex, // IN: command index UINT32 handleIndex // IN: handle index (zero based) ); //*** EncryptSize() // This function returns the size of the decrypt size field. This function returns // 0 if encryption is not allowed // Return Type: int // 0 encryption not allowed // 2 size field is two bytes // 4 size field is four bytes int EncryptSize( COMMAND_INDEX commandIndex // IN: command index ); //*** DecryptSize() // This function returns the size of the decrypt size field. This function returns // 0 if decryption is not allowed // Return Type: int // 0 encryption not allowed // 2 size field is two bytes // 4 size field is four bytes int DecryptSize( COMMAND_INDEX commandIndex // IN: command index ); //*** IsSessionAllowed() // // This function indicates if the command is allowed to have sessions. // // This function must not be called if the command is not known to be implemented. // // Return Type: BOOL // TRUE(1) session is allowed with this command // FALSE(0) session is not allowed with this command BOOL IsSessionAllowed( COMMAND_INDEX commandIndex // IN: the command to be checked ); //*** IsHandleInResponse() // This function determines if a command has a handle in the response BOOL IsHandleInResponse( COMMAND_INDEX commandIndex ); //*** IsWriteOperation() // Checks to see if an operation will write to an NV Index and is subject to being // blocked by read-lock BOOL IsWriteOperation( COMMAND_INDEX commandIndex // IN: Command to check ); //*** IsReadOperation() // Checks to see if an operation will write to an NV Index and is // subject to being blocked by write-lock. BOOL IsReadOperation( COMMAND_INDEX commandIndex // IN: Command to check ); //*** CommandCapGetCCList() // This function returns a list of implemented commands and command attributes // starting from the command in 'commandCode'. // Return Type: TPMI_YES_NO // YES more command attributes are available // NO no more command attributes are available TPMI_YES_NO CommandCapGetCCList( TPM_CC commandCode, // IN: start command code UINT32 count, // IN: maximum count for number of entries in // 'commandList' TPML_CCA *commandList // OUT: list of TPMA_CC ); //*** IsVendorCommand() // Function indicates if a command index references a vendor command. // Return Type: BOOL // TRUE(1) command is a vendor command // FALSE(0) command is not a vendor command BOOL IsVendorCommand( COMMAND_INDEX commandIndex // IN: command index to check ); #endif // _COMMAND_CODE_ATTRIBUTES_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CommandDispatcher_fp.h000066400000000000000000000045241510276467000323070ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Mar 28, 2019 Time: 08:25:19PM */ #ifndef _COMMAND_DISPATCHER_FP_H_ #define _COMMAND_DISPATCHER_FP_H_ //*** ParseHandleBuffer() // This is the table-driven version of the handle buffer unmarshaling code TPM_RC ParseHandleBuffer( COMMAND *command ); //*** CommandDispatcher() // Function to unmarshal the command parameters, call the selected action code, and // marshal the response parameters. TPM_RC CommandDispatcher( COMMAND *command ); #endif // _COMMAND_DISPATCHER_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Commit_fp.h000066400000000000000000000054161510276467000301530ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_Commit // Command must be enabled #ifndef _Commit_FP_H_ #define _Commit_FP_H_ // Input structure definition typedef struct { TPMI_DH_OBJECT signHandle; TPM2B_ECC_POINT P1; TPM2B_SENSITIVE_DATA s2; TPM2B_ECC_PARAMETER y2; } Commit_In; // Output structure definition typedef struct { TPM2B_ECC_POINT K; TPM2B_ECC_POINT L; TPM2B_ECC_POINT E; UINT16 counter; } Commit_Out; // Response code modifiers #define RC_Commit_signHandle (TPM_RC_H + TPM_RC_1) #define RC_Commit_P1 (TPM_RC_P + TPM_RC_1) #define RC_Commit_s2 (TPM_RC_P + TPM_RC_2) #define RC_Commit_y2 (TPM_RC_P + TPM_RC_3) // Function prototype TPM_RC TPM2_Commit( Commit_In *in, Commit_Out *out ); #endif // _Commit_FP_H_ #endif // CC_Commit go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ContextLoad_fp.h000066400000000000000000000046731510276467000311530ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_ContextLoad // Command must be enabled #ifndef _Context_Load_FP_H_ #define _Context_Load_FP_H_ // Input structure definition typedef struct { TPMS_CONTEXT context; } ContextLoad_In; // Output structure definition typedef struct { TPMI_DH_CONTEXT loadedHandle; } ContextLoad_Out; // Response code modifiers #define RC_ContextLoad_context (TPM_RC_P + TPM_RC_1) // Function prototype TPM_RC TPM2_ContextLoad( ContextLoad_In *in, ContextLoad_Out *out ); #endif // _Context_Load_FP_H_ #endif // CC_ContextLoad go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ContextSave_fp.h000066400000000000000000000046751510276467000311740ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_ContextSave // Command must be enabled #ifndef _Context_Save_FP_H_ #define _Context_Save_FP_H_ // Input structure definition typedef struct { TPMI_DH_CONTEXT saveHandle; } ContextSave_In; // Output structure definition typedef struct { TPMS_CONTEXT context; } ContextSave_Out; // Response code modifiers #define RC_ContextSave_saveHandle (TPM_RC_H + TPM_RC_1) // Function prototype TPM_RC TPM2_ContextSave( ContextSave_In *in, ContextSave_Out *out ); #endif // _Context_Save_FP_H_ #endif // CC_ContextSave go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Context_spt_fp.h000066400000000000000000000103601510276467000312270ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Mar 28, 2019 Time: 08:25:18PM */ #ifndef _CONTEXT_SPT_FP_H_ #define _CONTEXT_SPT_FP_H_ //*** ComputeContextProtectionKey() // This function retrieves the symmetric protection key for context encryption // It is used by TPM2_ConextSave and TPM2_ContextLoad to create the symmetric // encryption key and iv // Return Type: void void ComputeContextProtectionKey( TPMS_CONTEXT *contextBlob, // IN: context blob TPM2B_SYM_KEY *symKey, // OUT: the symmetric key TPM2B_IV *iv // OUT: the IV. ); //*** ComputeContextIntegrity() // Generate the integrity hash for a context // It is used by TPM2_ContextSave to create an integrity hash // and by TPM2_ContextLoad to compare an integrity hash // Return Type: void void ComputeContextIntegrity( TPMS_CONTEXT *contextBlob, // IN: context blob TPM2B_DIGEST *integrity // OUT: integrity ); //*** SequenceDataExport(); // This function is used scan through the sequence object and // either modify the hash state data for export (contextSave) or to // import it into the internal format (contextLoad). // This function should only be called after the sequence object has been copied // to the context buffer (contextSave) or from the context buffer into the sequence // object. The presumption is that the context buffer version of the data is the // same size as the internal representation so nothing outsize of the hash context // area gets modified. void SequenceDataExport( HASH_OBJECT *object, // IN: an internal hash object HASH_OBJECT_BUFFER *exportObject // OUT: a sequence context in a buffer ); //*** SequenceDataImport(); // This function is used scan through the sequence object and // either modify the hash state data for export (contextSave) or to // import it into the internal format (contextLoad). // This function should only be called after the sequence object has been copied // to the context buffer (contextSave) or from the context buffer into the sequence // object. The presumption is that the context buffer version of the data is the // same size as the internal representation so nothing outsize of the hash context // area gets modified. void SequenceDataImport( HASH_OBJECT *object, // IN/OUT: an internal hash object HASH_OBJECT_BUFFER *exportObject // IN/OUT: a sequence context in a buffer ); #endif // _CONTEXT_SPT_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CreateLoaded_fp.h000066400000000000000000000054371510276467000312420ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_CreateLoaded // Command must be enabled #ifndef _Create_Loaded_FP_H_ #define _Create_Loaded_FP_H_ // Input structure definition typedef struct { TPMI_DH_PARENT parentHandle; TPM2B_SENSITIVE_CREATE inSensitive; TPM2B_TEMPLATE inPublic; } CreateLoaded_In; // Output structure definition typedef struct { TPM_HANDLE objectHandle; TPM2B_PRIVATE outPrivate; TPM2B_PUBLIC outPublic; TPM2B_NAME name; } CreateLoaded_Out; // Response code modifiers #define RC_CreateLoaded_parentHandle (TPM_RC_H + TPM_RC_1) #define RC_CreateLoaded_inSensitive (TPM_RC_P + TPM_RC_1) #define RC_CreateLoaded_inPublic (TPM_RC_P + TPM_RC_2) // Function prototype TPM_RC TPM2_CreateLoaded( CreateLoaded_In *in, CreateLoaded_Out *out ); #endif // _Create_Loaded_FP_H_ #endif // CC_CreateLoaded go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CreatePrimary_fp.h000066400000000000000000000061501510276467000314660ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_CreatePrimary // Command must be enabled #ifndef _Create_Primary_FP_H_ #define _Create_Primary_FP_H_ // Input structure definition typedef struct { TPMI_RH_HIERARCHY primaryHandle; TPM2B_SENSITIVE_CREATE inSensitive; TPM2B_PUBLIC inPublic; TPM2B_DATA outsideInfo; TPML_PCR_SELECTION creationPCR; } CreatePrimary_In; // Output structure definition typedef struct { TPM_HANDLE objectHandle; TPM2B_PUBLIC outPublic; TPM2B_CREATION_DATA creationData; TPM2B_DIGEST creationHash; TPMT_TK_CREATION creationTicket; TPM2B_NAME name; } CreatePrimary_Out; // Response code modifiers #define RC_CreatePrimary_primaryHandle (TPM_RC_H + TPM_RC_1) #define RC_CreatePrimary_inSensitive (TPM_RC_P + TPM_RC_1) #define RC_CreatePrimary_inPublic (TPM_RC_P + TPM_RC_2) #define RC_CreatePrimary_outsideInfo (TPM_RC_P + TPM_RC_3) #define RC_CreatePrimary_creationPCR (TPM_RC_P + TPM_RC_4) // Function prototype TPM_RC TPM2_CreatePrimary( CreatePrimary_In *in, CreatePrimary_Out *out ); #endif // _Create_Primary_FP_H_ #endif // CC_CreatePrimary go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Create_fp.h000066400000000000000000000057371510276467000301340ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_Create // Command must be enabled #ifndef _Create_FP_H_ #define _Create_FP_H_ // Input structure definition typedef struct { TPMI_DH_OBJECT parentHandle; TPM2B_SENSITIVE_CREATE inSensitive; TPM2B_PUBLIC inPublic; TPM2B_DATA outsideInfo; TPML_PCR_SELECTION creationPCR; } Create_In; // Output structure definition typedef struct { TPM2B_PRIVATE outPrivate; TPM2B_PUBLIC outPublic; TPM2B_CREATION_DATA creationData; TPM2B_DIGEST creationHash; TPMT_TK_CREATION creationTicket; } Create_Out; // Response code modifiers #define RC_Create_parentHandle (TPM_RC_H + TPM_RC_1) #define RC_Create_inSensitive (TPM_RC_P + TPM_RC_1) #define RC_Create_inPublic (TPM_RC_P + TPM_RC_2) #define RC_Create_outsideInfo (TPM_RC_P + TPM_RC_3) #define RC_Create_creationPCR (TPM_RC_P + TPM_RC_4) // Function prototype TPM_RC TPM2_Create( Create_In *in, Create_Out *out ); #endif // _Create_FP_H_ #endif // CC_Create go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptCmac_fp.h000066400000000000000000000066451510276467000306150ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Mar 28, 2019 Time: 08:25:18PM */ #ifndef _CRYPT_CMAC_FP_H_ #define _CRYPT_CMAC_FP_H_ #if ALG_CMAC //*** CryptCmacStart() // This is the function to start the CMAC sequence operation. It initializes the // dispatch functions for the data and end operations for CMAC and initializes the // parameters that are used for the processing of data, including the key, key size // and block cipher algorithm. UINT16 CryptCmacStart( SMAC_STATE *state, TPMU_PUBLIC_PARMS *keyParms, TPM_ALG_ID macAlg, TPM2B *key ); //*** CryptCmacData() // This function is used to add data to the CMAC sequence computation. The function // will XOR new data into the IV. If the buffer is full, and there is additional // input data, the data is encrypted into the IV buffer, the new data is then // XOR into the IV. When the data runs out, the function returns without encrypting // even if the buffer is full. The last data block of a sequence will not be // encrypted until the call to CryptCmacEnd(). This is to allow the proper subkey // to be computed and applied before the last block is encrypted. void CryptCmacData( SMAC_STATES *state, UINT32 size, const BYTE *buffer ); //*** CryptCmacEnd() // This is the completion function for the CMAC. It does padding, if needed, and // selects the subkey to be applied before the last block is encrypted. UINT16 CryptCmacEnd( SMAC_STATES *state, UINT32 outSize, BYTE *outBuffer ); #endif #endif // _CRYPT_CMAC_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptDes_fp.h000066400000000000000000000061641510276467000304610ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Mar 28, 2019 Time: 08:25:18PM */ #ifndef _CRYPT_DES_FP_H_ #define _CRYPT_DES_FP_H_ #if ALG_TDES //*** CryptSetOddByteParity() // This function sets the per byte parity of a 64-bit value. The least-significant // bit is of each byte is replaced with the odd parity of the other 7 bits in the // byte. With odd parity, no byte will ever be 0x00. UINT64 CryptSetOddByteParity( UINT64 k ); //*** CryptDesValidateKey() // Function to check to see if the input key is a valid DES key where the definition // of valid is that none of the elements are on the list of weak, semi-weak, or // possibly weak keys; and that for two keys, K1!=K2, and for three keys that // K1!=K2 and K2!=K3. BOOL CryptDesValidateKey( TPM2B_SYM_KEY *desKey // IN: key to validate ); //*** CryptGenerateKeyDes() // This function is used to create a DES key of the appropriate size. The key will // have odd parity in the bytes. TPM_RC CryptGenerateKeyDes( TPMT_PUBLIC *publicArea, // IN/OUT: The public area template // for the new key. TPMT_SENSITIVE *sensitive, // OUT: sensitive area RAND_STATE *rand // IN: the "entropy" source for ); #endif #endif // _CRYPT_DES_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptEccKeyExchange_fp.h000066400000000000000000000100301510276467000325370ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Mar 28, 2019 Time: 08:25:18PM */ #ifndef _CRYPT_ECC_KEY_EXCHANGE_FP_H_ #define _CRYPT_ECC_KEY_EXCHANGE_FP_H_ #if CC_ZGen_2Phase == YES //*** CryptEcc2PhaseKeyExchange() // This function is the dispatch routine for the EC key exchange functions that use // two ephemeral and two static keys. // Return Type: TPM_RC // TPM_RC_SCHEME scheme is not defined LIB_EXPORT TPM_RC CryptEcc2PhaseKeyExchange( TPMS_ECC_POINT *outZ1, // OUT: a computed point TPMS_ECC_POINT *outZ2, // OUT: and optional second point TPM_ECC_CURVE curveId, // IN: the curve for the computations TPM_ALG_ID scheme, // IN: the key exchange scheme TPM2B_ECC_PARAMETER *dsA, // IN: static private TPM key TPM2B_ECC_PARAMETER *deA, // IN: ephemeral private TPM key TPMS_ECC_POINT *QsB, // IN: static public party B key TPMS_ECC_POINT *QeB // IN: ephemeral public party B key ); #if ALG_SM2 //*** SM2KeyExchange() // This function performs the key exchange defined in SM2. // The first step is to compute // 'tA' = ('dsA' + 'deA' avf(Xe,A)) mod 'n' // Then, compute the 'Z' value from // 'outZ' = ('h' 'tA' mod 'n') ('QsA' + [avf('QeB.x')]('QeB')). // The function will compute the ephemeral public key from the ephemeral // private key. // All points are required to be on the curve of 'inQsA'. The function will fail // catastrophically if this is not the case // Return Type: TPM_RC // TPM_RC_NO_RESULT the value for dsA does not give a valid point on the // curve LIB_EXPORT TPM_RC SM2KeyExchange( TPMS_ECC_POINT *outZ, // OUT: the computed point TPM_ECC_CURVE curveId, // IN: the curve for the computations TPM2B_ECC_PARAMETER *dsAIn, // IN: static private TPM key TPM2B_ECC_PARAMETER *deAIn, // IN: ephemeral private TPM key TPMS_ECC_POINT *QsBIn, // IN: static public party B key TPMS_ECC_POINT *QeBIn // IN: ephemeral public party B key ); #endif #endif // CC_ZGen_2Phase #endif // _CRYPT_ECC_KEY_EXCHANGE_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptEccMain_fp.h000066400000000000000000000347001510276467000312420ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Apr 2, 2019 Time: 03:18:00PM */ #ifndef _CRYPT_ECC_MAIN_FP_H_ #define _CRYPT_ECC_MAIN_FP_H_ #if ALG_ECC //** Functions #if SIMULATION void EccSimulationEnd( void ); #endif // SIMULATION //*** CryptEccInit() // This function is called at _TPM_Init BOOL CryptEccInit( void ); //*** CryptEccStartup() // This function is called at TPM2_Startup(). BOOL CryptEccStartup( void ); //*** ClearPoint2B(generic) // Initialize the size values of a TPMS_ECC_POINT structure. void ClearPoint2B( TPMS_ECC_POINT *p // IN: the point ); //*** CryptEccGetParametersByCurveId() // This function returns a pointer to the curve data that is associated with // the indicated curveId. // If there is no curve with the indicated ID, the function returns NULL. This // function is in this module so that it can be called by GetCurve data. // Return Type: const ECC_CURVE_DATA // NULL curve with the indicated TPM_ECC_CURVE is not implemented // != NULL pointer to the curve data LIB_EXPORT const ECC_CURVE * CryptEccGetParametersByCurveId( TPM_ECC_CURVE curveId // IN: the curveID ); //*** CryptEccGetKeySizeForCurve() // This function returns the key size in bits of the indicated curve. LIB_EXPORT UINT16 CryptEccGetKeySizeForCurve( TPM_ECC_CURVE curveId // IN: the curve ); //*** GetCurveData() // This function returns the a pointer for the parameter data // associated with a curve. const ECC_CURVE_DATA * GetCurveData( TPM_ECC_CURVE curveId // IN: the curveID ); //***CryptEccGetOID() const BYTE * CryptEccGetOID( TPM_ECC_CURVE curveId ); //*** CryptEccGetCurveByIndex() // This function returns the number of the 'i'-th implemented curve. The normal // use would be to call this function with 'i' starting at 0. When the 'i' is greater // than or equal to the number of implemented curves, TPM_ECC_NONE is returned. LIB_EXPORT TPM_ECC_CURVE CryptEccGetCurveByIndex( UINT16 i ); //*** CryptEccGetParameter() // This function returns an ECC curve parameter. The parameter is // selected by a single character designator from the set of ""PNABXYH"". // Return Type: BOOL // TRUE(1) curve exists and parameter returned // FALSE(0) curve does not exist or parameter selector LIB_EXPORT BOOL CryptEccGetParameter( TPM2B_ECC_PARAMETER *out, // OUT: place to put parameter char p, // IN: the parameter selector TPM_ECC_CURVE curveId // IN: the curve id ); //*** CryptCapGetECCCurve() // This function returns the list of implemented ECC curves. // Return Type: TPMI_YES_NO // YES if no more ECC curve is available // NO if there are more ECC curves not reported TPMI_YES_NO CryptCapGetECCCurve( TPM_ECC_CURVE curveID, // IN: the starting ECC curve UINT32 maxCount, // IN: count of returned curves TPML_ECC_CURVE *curveList // OUT: ECC curve list ); //*** CryptGetCurveSignScheme() // This function will return a pointer to the scheme of the curve. const TPMT_ECC_SCHEME * CryptGetCurveSignScheme( TPM_ECC_CURVE curveId // IN: The curve selector ); //*** CryptGenerateR() // This function computes the commit random value for a split signing scheme. // // If 'c' is NULL, it indicates that 'r' is being generated // for TPM2_Commit. // If 'c' is not NULL, the TPM will validate that the 'gr.commitArray' // bit associated with the input value of 'c' is SET. If not, the TPM // returns FALSE and no 'r' value is generated. // Return Type: BOOL // TRUE(1) r value computed // FALSE(0) no r value computed BOOL CryptGenerateR( TPM2B_ECC_PARAMETER *r, // OUT: the generated random value UINT16 *c, // IN/OUT: count value. TPMI_ECC_CURVE curveID, // IN: the curve for the value TPM2B_NAME *name // IN: optional name of a key to // associate with 'r' ); //*** CryptCommit() // This function is called when the count value is committed. The 'gr.commitArray' // value associated with the current count value is SET and g_commitCounter is // incremented. The low-order 16 bits of old value of the counter is returned. UINT16 CryptCommit( void ); //*** CryptEndCommit() // This function is called when the signing operation using the committed value // is completed. It clears the gr.commitArray bit associated with the count // value so that it can't be used again. void CryptEndCommit( UINT16 c // IN: the counter value of the commitment ); //*** CryptEccGetParameters() // This function returns the ECC parameter details of the given curve. // Return Type: BOOL // TRUE(1) success // FALSE(0) unsupported ECC curve ID BOOL CryptEccGetParameters( TPM_ECC_CURVE curveId, // IN: ECC curve ID TPMS_ALGORITHM_DETAIL_ECC *parameters // OUT: ECC parameters ); //*** BnGetCurvePrime() // This function is used to get just the prime modulus associated with a curve. const bignum_t * BnGetCurvePrime( TPM_ECC_CURVE curveId ); //*** BnGetCurveOrder() // This function is used to get just the curve order const bignum_t * BnGetCurveOrder( TPM_ECC_CURVE curveId ); //*** BnIsOnCurve() // This function checks if a point is on the curve. BOOL BnIsOnCurve( pointConst Q, const ECC_CURVE_DATA *C ); //*** BnIsValidPrivateEcc() // Checks that 0 < 'x' < 'q' BOOL BnIsValidPrivateEcc( bigConst x, // IN: private key to check bigCurve E // IN: the curve to check ); LIB_EXPORT BOOL CryptEccIsValidPrivateKey( TPM2B_ECC_PARAMETER *d, TPM_ECC_CURVE curveId ); //*** BnPointMul() // This function does a point multiply of the form 'R' = ['d']'S' + ['u']'Q' where the // parameters are bigNum values. If 'S' is NULL and d is not NULL, then it computes // 'R' = ['d']'G' + ['u']'Q' or just 'R' = ['d']'G' if 'u' and 'Q' are NULL. // If 'skipChecks' is TRUE, then the function will not verify that the inputs are // correct for the domain. This would be the case when the values were created by the // CryptoEngine code. // It will return TPM_RC_NO_RESULT if the resulting point is the point at infinity. // Return Type: TPM_RC // TPM_RC_NO_RESULT result of multiplication is a point at infinity // TPM_RC_ECC_POINT 'S' or 'Q' is not on the curve // TPM_RC_VALUE 'd' or 'u' is not < n TPM_RC BnPointMult( bigPoint R, // OUT: computed point pointConst S, // IN: optional point to multiply by 'd' bigConst d, // IN: scalar for [d]S or [d]G pointConst Q, // IN: optional second point bigConst u, // IN: optional second scalar bigCurve E // IN: curve parameters ); //***BnEccGetPrivate() // This function gets random values that are the size of the key plus 64 bits. The // value is reduced (mod ('q' - 1)) and incremented by 1 ('q' is the order of the // curve. This produces a value ('d') such that 1 <= 'd' < 'q'. This is the method // of FIPS 186-4 Section B.4.1 ""Key Pair Generation Using Extra Random Bits"". // Return Type: BOOL // TRUE(1) success // FALSE(0) failure generating private key BOOL BnEccGetPrivate( bigNum dOut, // OUT: the qualified random value const ECC_CURVE_DATA *C, // IN: curve for which the private key // needs to be appropriate RAND_STATE *rand // IN: state for DRBG ); //*** BnEccGenerateKeyPair() // This function gets a private scalar from the source of random bits and does // the point multiply to get the public key. BOOL BnEccGenerateKeyPair( bigNum bnD, // OUT: private scalar bn_point_t *ecQ, // OUT: public point bigCurve E, // IN: curve for the point RAND_STATE *rand // IN: DRBG state to use ); //***CryptEccNewKeyPair(***) // This function creates an ephemeral ECC. It is ephemeral in that // is expected that the private part of the key will be discarded LIB_EXPORT TPM_RC CryptEccNewKeyPair( TPMS_ECC_POINT *Qout, // OUT: the public point TPM2B_ECC_PARAMETER *dOut, // OUT: the private scalar TPM_ECC_CURVE curveId // IN: the curve for the key ); //*** CryptEccPointMultiply() // This function computes 'R' := ['dIn']'G' + ['uIn']'QIn'. Where 'dIn' and // 'uIn' are scalars, 'G' and 'QIn' are points on the specified curve and 'G' is the // default generator of the curve. // // The 'xOut' and 'yOut' parameters are optional and may be set to NULL if not // used. // // It is not necessary to provide 'uIn' if 'QIn' is specified but one of 'uIn' and // 'dIn' must be provided. If 'dIn' and 'QIn' are specified but 'uIn' is not // provided, then 'R' = ['dIn']'QIn'. // // If the multiply produces the point at infinity, the TPM_RC_NO_RESULT is returned. // // The sizes of 'xOut' and yOut' will be set to be the size of the degree of // the curve // // It is a fatal error if 'dIn' and 'uIn' are both unspecified (NULL) or if 'Qin' // or 'Rout' is unspecified. // // Return Type: TPM_RC // TPM_RC_ECC_POINT the point 'Pin' or 'Qin' is not on the curve // TPM_RC_NO_RESULT the product point is at infinity // TPM_RC_CURVE bad curve // TPM_RC_VALUE 'dIn' or 'uIn' out of range // LIB_EXPORT TPM_RC CryptEccPointMultiply( TPMS_ECC_POINT *Rout, // OUT: the product point R TPM_ECC_CURVE curveId, // IN: the curve to use TPMS_ECC_POINT *Pin, // IN: first point (can be null) TPM2B_ECC_PARAMETER *dIn, // IN: scalar value for [dIn]Qin // the Pin TPMS_ECC_POINT *Qin, // IN: point Q TPM2B_ECC_PARAMETER *uIn // IN: scalar value for the multiplier // of Q ); //*** CryptEccIsPointOnCurve() // This function is used to test if a point is on a defined curve. It does this // by checking that 'y'^2 mod 'p' = 'x'^3 + 'a'*'x' + 'b' mod 'p'. // // It is a fatal error if 'Q' is not specified (is NULL). // Return Type: BOOL // TRUE(1) point is on curve // FALSE(0) point is not on curve or curve is not supported LIB_EXPORT BOOL CryptEccIsPointOnCurve( TPM_ECC_CURVE curveId, // IN: the curve selector TPMS_ECC_POINT *Qin // IN: the point. ); //*** CryptEccGenerateKey() // This function generates an ECC key pair based on the input parameters. // This routine uses KDFa to produce candidate numbers. The method is according // to FIPS 186-3, section B.1.2 "Key Pair Generation by Testing Candidates." // According to the method in FIPS 186-3, the resulting private value 'd' should be // 1 <= 'd' < 'n' where 'n' is the order of the base point. // // It is a fatal error if 'Qout', 'dOut', is not provided (is NULL). // // If the curve is not supported // If 'seed' is not provided, then a random number will be used for the key // Return Type: TPM_RC // TPM_RC_CURVE curve is not supported // TPM_RC_NO_RESULT could not verify key with signature (FIPS only) LIB_EXPORT TPM_RC CryptEccGenerateKey( TPMT_PUBLIC *publicArea, // IN/OUT: The public area template for // the new key. The public key // area will be replaced computed // ECC public key TPMT_SENSITIVE *sensitive, // OUT: the sensitive area will be // updated to contain the private // ECC key and the symmetric // encryption key RAND_STATE *rand // IN: if not NULL, the deterministic // RNG state ); #endif // ALG_ECC #endif // _CRYPT_ECC_MAIN_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptEccSignature_fp.h000066400000000000000000000147651510276467000323300ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Mar 28, 2019 Time: 08:25:18PM */ #ifndef _CRYPT_ECC_SIGNATURE_FP_H_ #define _CRYPT_ECC_SIGNATURE_FP_H_ #if ALG_ECC //*** BnSignEcdsa() // This function implements the ECDSA signing algorithm. The method is described // in the comments below. TPM_RC BnSignEcdsa( bigNum bnR, // OUT: 'r' component of the signature bigNum bnS, // OUT: 's' component of the signature bigCurve E, // IN: the curve used in the signature // process bigNum bnD, // IN: private signing key const TPM2B_DIGEST *digest, // IN: the digest to sign RAND_STATE *rand // IN: used in debug of signing ); //*** CryptEccSign() // This function is the dispatch function for the various ECC-based // signing schemes. // There is a bit of ugliness to the parameter passing. In order to test this, // we sometime would like to use a deterministic RNG so that we can get the same // signatures during testing. The easiest way to do this for most schemes is to // pass in a deterministic RNG and let it return canned values during testing. // There is a competing need for a canned parameter to use in ECDAA. To accommodate // both needs with minimal fuss, a special type of RAND_STATE is defined to carry // the address of the commit value. The setup and handling of this is not very // different for the caller than what was in previous versions of the code. // Return Type: TPM_RC // TPM_RC_SCHEME 'scheme' is not supported LIB_EXPORT TPM_RC CryptEccSign( TPMT_SIGNATURE *signature, // OUT: signature OBJECT *signKey, // IN: ECC key to sign the hash const TPM2B_DIGEST *digest, // IN: digest to sign TPMT_ECC_SCHEME *scheme, // IN: signing scheme RAND_STATE *rand ); #if ALG_ECDSA //*** BnValidateSignatureEcdsa() // This function validates an ECDSA signature. rIn and sIn should have been checked // to make sure that they are in the range 0 < 'v' < 'n' // Return Type: TPM_RC // TPM_RC_SIGNATURE signature not valid TPM_RC BnValidateSignatureEcdsa( bigNum bnR, // IN: 'r' component of the signature bigNum bnS, // IN: 's' component of the signature bigCurve E, // IN: the curve used in the signature // process bn_point_t *ecQ, // IN: the public point of the key const TPM2B_DIGEST *digest // IN: the digest that was signed ); #endif // ALG_ECDSA //*** CryptEccValidateSignature() // This function validates an EcDsa or EcSchnorr signature. // The point 'Qin' needs to have been validated to be on the curve of 'curveId'. // Return Type: TPM_RC // TPM_RC_SIGNATURE not a valid signature LIB_EXPORT TPM_RC CryptEccValidateSignature( TPMT_SIGNATURE *signature, // IN: signature to be verified OBJECT *signKey, // IN: ECC key signed the hash const TPM2B_DIGEST *digest // IN: digest that was signed ); //***CryptEccCommitCompute() // This function performs the point multiply operations required by TPM2_Commit. // // If 'B' or 'M' is provided, they must be on the curve defined by 'curveId'. This // routine does not check that they are on the curve and results are unpredictable // if they are not. // // It is a fatal error if 'r' is NULL. If 'B' is not NULL, then it is a // fatal error if 'd' is NULL or if 'K' and 'L' are both NULL. // If 'M' is not NULL, then it is a fatal error if 'E' is NULL. // // Return Type: TPM_RC // TPM_RC_NO_RESULT if 'K', 'L' or 'E' was computed to be the point // at infinity // TPM_RC_CANCELED a cancel indication was asserted during this // function LIB_EXPORT TPM_RC CryptEccCommitCompute( TPMS_ECC_POINT *K, // OUT: [d]B or [r]Q TPMS_ECC_POINT *L, // OUT: [r]B TPMS_ECC_POINT *E, // OUT: [r]M TPM_ECC_CURVE curveId, // IN: the curve for the computations TPMS_ECC_POINT *M, // IN: M (optional) TPMS_ECC_POINT *B, // IN: B (optional) TPM2B_ECC_PARAMETER *d, // IN: d (optional) TPM2B_ECC_PARAMETER *r // IN: the computed r value (required) ); #endif // ALG_ECC #endif // _CRYPT_ECC_SIGNATURE_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptHash_fp.h000066400000000000000000000404371510276467000306320ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Apr 2, 2019 Time: 03:18:00PM */ #ifndef _CRYPT_HASH_FP_H_ #define _CRYPT_HASH_FP_H_ //*** CryptHashInit() // This function is called by _TPM_Init do perform the initialization operations for // the library. BOOL CryptHashInit( void ); //*** CryptHashStartup() // This function is called by TPM2_Startup() in case there is work to do at startup. // Currently, this is a placeholder. BOOL CryptHashStartup( void ); //*** CryptGetHashDef() // This function accesses the hash descriptor associated with a hash a // algorithm. The function returns a pointer to a 'null' descriptor if hashAlg is // TPM_ALG_NULL or not a defined algorithm. PHASH_DEF CryptGetHashDef( TPM_ALG_ID hashAlg ); //*** CryptHashIsValidAlg() // This function tests to see if an algorithm ID is a valid hash algorithm. If // flag is true, then TPM_ALG_NULL is a valid hash. // Return Type: BOOL // TRUE(1) hashAlg is a valid, implemented hash on this TPM // FALSE(0) hashAlg is not valid for this TPM BOOL CryptHashIsValidAlg( TPM_ALG_ID hashAlg, // IN: the algorithm to check BOOL flag // IN: TRUE if TPM_ALG_NULL is to be treated // as a valid hash ); //*** CryptHashGetAlgByIndex() // This function is used to iterate through the hashes. TPM_ALG_NULL // is returned for all indexes that are not valid hashes. // If the TPM implements 3 hashes, then an 'index' value of 0 will // return the first implemented hash and an 'index' of 2 will return the // last. All other index values will return TPM_ALG_NULL. // // Return Type: TPM_ALG_ID // TPM_ALG_xxx a hash algorithm // TPM_ALG_NULL this can be used as a stop value LIB_EXPORT TPM_ALG_ID CryptHashGetAlgByIndex( UINT32 index // IN: the index ); //*** CryptHashGetDigestSize() // Returns the size of the digest produced by the hash. If 'hashAlg' is not a hash // algorithm, the TPM will FAIL. // Return Type: UINT16 // 0 TPM_ALG_NULL // > 0 the digest size // LIB_EXPORT UINT16 CryptHashGetDigestSize( TPM_ALG_ID hashAlg // IN: hash algorithm to look up ); //*** CryptHashGetBlockSize() // Returns the size of the block used by the hash. If 'hashAlg' is not a hash // algorithm, the TPM will FAIL. // Return Type: UINT16 // 0 TPM_ALG_NULL // > 0 the digest size // LIB_EXPORT UINT16 CryptHashGetBlockSize( TPM_ALG_ID hashAlg // IN: hash algorithm to look up ); //*** CryptHashGetOid() // This function returns a pointer to DER=encoded OID for a hash algorithm. All OIDs // are full OID values including the Tag (0x06) and length byte. LIB_EXPORT const BYTE * CryptHashGetOid( TPM_ALG_ID hashAlg ); //*** CryptHashGetContextAlg() // This function returns the hash algorithm associated with a hash context. TPM_ALG_ID CryptHashGetContextAlg( PHASH_STATE state // IN: the context to check ); //*** CryptHashCopyState // This function is used to clone a HASH_STATE. LIB_EXPORT void CryptHashCopyState( HASH_STATE *out, // OUT: destination of the state const HASH_STATE *in // IN: source of the state ); //*** CryptHashExportState() // This function is used to export a hash or HMAC hash state. This function // would be called when preparing to context save a sequence object. void CryptHashExportState( PCHASH_STATE internalFmt, // IN: the hash state formatted for use by // library PEXPORT_HASH_STATE externalFmt // OUT: the exported hash state ); //*** CryptHashImportState() // This function is used to import the hash state. This function // would be called to import a hash state when the context of a sequence object // was being loaded. void CryptHashImportState( PHASH_STATE internalFmt, // OUT: the hash state formatted for use by // the library PCEXPORT_HASH_STATE externalFmt // IN: the exported hash state ); //*** CryptHashStart() // Functions starts a hash stack // Start a hash stack and returns the digest size. As a side effect, the // value of 'stateSize' in hashState is updated to indicate the number of bytes // of state that were saved. This function calls GetHashServer() and that function // will put the TPM into failure mode if the hash algorithm is not supported. // // This function does not use the sequence parameter. If it is necessary to import // or export context, this will start the sequence in a local state // and export the state to the input buffer. Will need to add a flag to the state // structure to indicate that it needs to be imported before it can be used. // (BLEH). // Return Type: UINT16 // 0 hash is TPM_ALG_NULL // >0 digest size LIB_EXPORT UINT16 CryptHashStart( PHASH_STATE hashState, // OUT: the running hash state TPM_ALG_ID hashAlg // IN: hash algorithm ); //*** CryptDigestUpdate() // Add data to a hash or HMAC, SMAC stack. // void CryptDigestUpdate( PHASH_STATE hashState, // IN: the hash context information UINT32 dataSize, // IN: the size of data to be added const BYTE *data // IN: data to be hashed ); //*** CryptHashEnd() // Complete a hash or HMAC computation. This function will place the smaller of // 'digestSize' or the size of the digest in 'dOut'. The number of bytes in the // placed in the buffer is returned. If there is a failure, the returned value // is <= 0. // Return Type: UINT16 // 0 no data returned // > 0 the number of bytes in the digest or dOutSize, whichever is smaller LIB_EXPORT UINT16 CryptHashEnd( PHASH_STATE hashState, // IN: the state of hash stack UINT32 dOutSize, // IN: size of digest buffer BYTE *dOut // OUT: hash digest ); //*** CryptHashBlock() // Start a hash, hash a single block, update 'digest' and return the size of // the results. // // The 'digestSize' parameter can be smaller than the digest. If so, only the more // significant bytes are returned. // Return Type: UINT16 // >= 0 number of bytes placed in 'dOut' LIB_EXPORT UINT16 CryptHashBlock( TPM_ALG_ID hashAlg, // IN: The hash algorithm UINT32 dataSize, // IN: size of buffer to hash const BYTE *data, // IN: the buffer to hash UINT32 dOutSize, // IN: size of the digest buffer BYTE *dOut // OUT: digest buffer ); //*** CryptDigestUpdate2B() // This function updates a digest (hash or HMAC) with a TPM2B. // // This function can be used for both HMAC and hash functions so the // 'digestState' is void so that either state type can be passed. LIB_EXPORT void CryptDigestUpdate2B( PHASH_STATE state, // IN: the digest state const TPM2B *bIn // IN: 2B containing the data ); //*** CryptHashEnd2B() // This function is the same as CryptCompleteHash() but the digest is // placed in a TPM2B. This is the most common use and this is provided // for specification clarity. 'digest.size' should be set to indicate the number of // bytes to place in the buffer // Return Type: UINT16 // >=0 the number of bytes placed in 'digest.buffer' LIB_EXPORT UINT16 CryptHashEnd2B( PHASH_STATE state, // IN: the hash state P2B digest // IN: the size of the buffer Out: requested // number of bytes ); //*** CryptDigestUpdateInt() // This function is used to include an integer value to a hash stack. The function // marshals the integer into its canonical form before calling CryptDigestUpdate(). LIB_EXPORT void CryptDigestUpdateInt( void *state, // IN: the state of hash stack UINT32 intSize, // IN: the size of 'intValue' in bytes UINT64 intValue // IN: integer value to be hashed ); //*** CryptHmacStart() // This function is used to start an HMAC using a temp // hash context. The function does the initialization // of the hash with the HMAC key XOR iPad and updates the // HMAC key XOR oPad. // // The function returns the number of bytes in a digest produced by 'hashAlg'. // Return Type: UINT16 // >= 0 number of bytes in digest produced by 'hashAlg' (may be zero) // LIB_EXPORT UINT16 CryptHmacStart( PHMAC_STATE state, // IN/OUT: the state buffer TPM_ALG_ID hashAlg, // IN: the algorithm to use UINT16 keySize, // IN: the size of the HMAC key const BYTE *key // IN: the HMAC key ); //*** CryptHmacEnd() // This function is called to complete an HMAC. It will finish the current // digest, and start a new digest. It will then add the oPadKey and the // completed digest and return the results in dOut. It will not return more // than dOutSize bytes. // Return Type: UINT16 // >= 0 number of bytes in 'dOut' (may be zero) LIB_EXPORT UINT16 CryptHmacEnd( PHMAC_STATE state, // IN: the hash state buffer UINT32 dOutSize, // IN: size of digest buffer BYTE *dOut // OUT: hash digest ); //*** CryptHmacStart2B() // This function starts an HMAC and returns the size of the digest // that will be produced. // // This function is provided to support the most common use of starting an HMAC // with a TPM2B key. // // The caller must provide a block of memory in which the hash sequence state // is kept. The caller should not alter the contents of this buffer until the // hash sequence is completed or abandoned. // // Return Type: UINT16 // > 0 the digest size of the algorithm // = 0 the hashAlg was TPM_ALG_NULL LIB_EXPORT UINT16 CryptHmacStart2B( PHMAC_STATE hmacState, // OUT: the state of HMAC stack. It will be used // in HMAC update and completion TPMI_ALG_HASH hashAlg, // IN: hash algorithm P2B key // IN: HMAC key ); //*** CryptHmacEnd2B() // This function is the same as CryptHmacEnd() but the HMAC result // is returned in a TPM2B which is the most common use. // Return Type: UINT16 // >=0 the number of bytes placed in 'digest' LIB_EXPORT UINT16 CryptHmacEnd2B( PHMAC_STATE hmacState, // IN: the state of HMAC stack P2B digest // OUT: HMAC ); //** Mask and Key Generation Functions //*** CryptMGF1() // This function performs MGF1 using the selected hash. MGF1 is // T(n) = T(n-1) || H(seed || counter). // This function returns the length of the mask produced which // could be zero if the digest algorithm is not supported // Return Type: UINT16 // 0 hash algorithm was TPM_ALG_NULL // > 0 should be the same as 'mSize' LIB_EXPORT UINT16 CryptMGF1( UINT32 mSize, // IN: length of the mask to be produced BYTE *mask, // OUT: buffer to receive the mask TPM_ALG_ID hashAlg, // IN: hash to use UINT32 seedSize, // IN: size of the seed BYTE *seed // IN: seed size ); //*** CryptKDFa() // This function performs the key generation according to Part 1 of the // TPM specification. // // This function returns the number of bytes generated which may be zero. // // The 'key' and 'keyStream' pointers are not allowed to be NULL. The other // pointer values may be NULL. The value of 'sizeInBits' must be no larger // than (2^18)-1 = 256K bits (32385 bytes). // // The 'once' parameter is set to allow incremental generation of a large // value. If this flag is TRUE, 'sizeInBits' will be used in the HMAC computation // but only one iteration of the KDF is performed. This would be used for // XOR obfuscation so that the mask value can be generated in digest-sized // chunks rather than having to be generated all at once in an arbitrarily // large buffer and then XORed into the result. If 'once' is TRUE, then // 'sizeInBits' must be a multiple of 8. // // Any error in the processing of this command is considered fatal. // Return Type: UINT16 // 0 hash algorithm is not supported or is TPM_ALG_NULL // > 0 the number of bytes in the 'keyStream' buffer LIB_EXPORT UINT16 CryptKDFa( TPM_ALG_ID hashAlg, // IN: hash algorithm used in HMAC const TPM2B *key, // IN: HMAC key const TPM2B *label, // IN: a label for the KDF const TPM2B *contextU, // IN: context U const TPM2B *contextV, // IN: context V UINT32 sizeInBits, // IN: size of generated key in bits BYTE *keyStream, // OUT: key buffer UINT32 *counterInOut, // IN/OUT: caller may provide the iteration // counter for incremental operations to // avoid large intermediate buffers. UINT16 blocks // IN: If non-zero, this is the maximum number // of blocks to be returned, regardless // of sizeInBits ); //*** CryptKDFe() // This function implements KDFe() as defined in TPM specification part 1. // // This function returns the number of bytes generated which may be zero. // // The 'Z' and 'keyStream' pointers are not allowed to be NULL. The other // pointer values may be NULL. The value of 'sizeInBits' must be no larger // than (2^18)-1 = 256K bits (32385 bytes). // Any error in the processing of this command is considered fatal. // Return Type: UINT16 // 0 hash algorithm is not supported or is TPM_ALG_NULL // > 0 the number of bytes in the 'keyStream' buffer // LIB_EXPORT UINT16 CryptKDFe( TPM_ALG_ID hashAlg, // IN: hash algorithm used in HMAC TPM2B *Z, // IN: Z const TPM2B *label, // IN: a label value for the KDF TPM2B *partyUInfo, // IN: PartyUInfo TPM2B *partyVInfo, // IN: PartyVInfo UINT32 sizeInBits, // IN: size of generated key in bits BYTE *keyStream // OUT: key buffer ); #endif // _CRYPT_HASH_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptPrimeSieve_fp.h000066400000000000000000000141411510276467000320100ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Apr 2, 2019 Time: 04:06:42PM */ #ifndef _CRYPT_PRIME_SIEVE_FP_H_ #define _CRYPT_PRIME_SIEVE_FP_H_ #if RSA_KEY_SIEVE //*** RsaAdjustPrimeLimit() // This used during the sieve process. The iterator for getting the // next prime (RsaNextPrime()) will return primes until it hits the // limit (primeLimit) set up by this function. This causes the sieve // process to stop when an appropriate number of primes have been // sieved. LIB_EXPORT void RsaAdjustPrimeLimit( uint32_t requestedPrimes ); //*** RsaNextPrime() // This the iterator used during the sieve process. The input is the // last prime returned (or any starting point) and the output is the // next higher prime. The function returns 0 when the primeLimit is // reached. LIB_EXPORT uint32_t RsaNextPrime( uint32_t lastPrime ); //*** FindNthSetBit() // This function finds the nth SET bit in a bit array. The 'n' parameter is // between 1 and the number of bits in the array (always a multiple of 8). // If called when the array does not have n bits set, it will return -1 // Return Type: unsigned int // <0 no bit is set or no bit with the requested number is set // >=0 the number of the bit in the array that is the nth set LIB_EXPORT int FindNthSetBit( const UINT16 aSize, // IN: the size of the array to check const BYTE *a, // IN: the array to check const UINT32 n // IN, the number of the SET bit ); //*** PrimeSieve() // This function does a prime sieve over the input 'field' which has as its // starting address the value in bnN. Since this initializes the Sieve // using a precomputed field with the bits associated with 3, 5 and 7 already // turned off, the value of pnN may need to be adjusted by a few counts to allow // the precomputed field to be used without modification. // // To get better performance, one could address the issue of developing the // composite numbers. When the size of the prime gets large, the time for doing // the divisions goes up, noticeably. It could be better to develop larger composite // numbers even if they need to be bigNum's themselves. The object would be to // reduce the number of times that the large prime is divided into a few large // divides and then use smaller divides to get to the final 16 bit (or smaller) // remainders. LIB_EXPORT UINT32 PrimeSieve( bigNum bnN, // IN/OUT: number to sieve UINT32 fieldSize, // IN: size of the field area in bytes BYTE *field // IN: field ); #ifdef SIEVE_DEBUG //***SetFieldSize() // Function to set the field size used for prime generation. Used for tuning. LIB_EXPORT uint32_t SetFieldSize( uint32_t newFieldSize ); #endif // SIEVE_DEBUG //*** PrimeSelectWithSieve() // This function will sieve the field around the input prime candidate. If the // sieve field is not empty, one of the one bits in the field is chosen for testing // with Miller-Rabin. If the value is prime, 'pnP' is updated with this value // and the function returns success. If this value is not prime, another // pseudo-random candidate is chosen and tested. This process repeats until // all values in the field have been checked. If all bits in the field have // been checked and none is prime, the function returns FALSE and a new random // value needs to be chosen. // Return Type: TPM_RC // TPM_RC_FAILURE TPM in failure mode, probably due to entropy source // TPM_RC_SUCCESS candidate is probably prime // TPM_RC_NO_RESULT candidate is not prime and couldn't find and alternative // in the field LIB_EXPORT TPM_RC PrimeSelectWithSieve( bigNum candidate, // IN/OUT: The candidate to filter UINT32 e, // IN: the exponent RAND_STATE *rand // IN: the random number generator state ); #if RSA_INSTRUMENT char * PrintTuple( UINT32 *i ); void RsaSimulationEnd( void ); LIB_EXPORT void GetSieveStats( uint32_t *trials, uint32_t *emptyFields, uint32_t *averageBits ); #endif #endif // RSA_KEY_SIEVE #if !RSA_INSTRUMENT void RsaSimulationEnd( void ); #endif #endif // _CRYPT_PRIME_SIEVE_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptPrime_fp.h000066400000000000000000000122461510276467000310200ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Apr 2, 2019 Time: 03:18:00PM */ #ifndef _CRYPT_PRIME_FP_H_ #define _CRYPT_PRIME_FP_H_ //*** IsPrimeInt() // This will do a test of a word of up to 32-bits in size. BOOL IsPrimeInt( uint32_t n ); //*** BnIsProbablyPrime() // This function is used when the key sieve is not implemented. This function // Will try to eliminate some of the obvious things before going on // to perform MillerRabin as a final verification of primeness. BOOL BnIsProbablyPrime( bigNum prime, // IN: RAND_STATE *rand // IN: the random state just // in case Miller-Rabin is required ); //*** MillerRabinRounds() // Function returns the number of Miller-Rabin rounds necessary to give an // error probability equal to the security strength of the prime. These values // are from FIPS 186-3. UINT32 MillerRabinRounds( UINT32 bits // IN: Number of bits in the RSA prime ); //*** MillerRabin() // This function performs a Miller-Rabin test from FIPS 186-3. It does // 'iterations' trials on the number. In all likelihood, if the number // is not prime, the first test fails. // Return Type: BOOL // TRUE(1) probably prime // FALSE(0) composite BOOL MillerRabin( bigNum bnW, RAND_STATE *rand ); #if ALG_RSA //*** RsaCheckPrime() // This will check to see if a number is prime and appropriate for an // RSA prime. // // This has different functionality based on whether we are using key // sieving or not. If not, the number checked to see if it is divisible by // the public exponent, then the number is adjusted either up or down // in order to make it a better candidate. It is then checked for being // probably prime. // // If sieving is used, the number is used to root a sieving process. // TPM_RC RsaCheckPrime( bigNum prime, UINT32 exponent, RAND_STATE *rand ); //*** AdjustPrimeCandiate() // This function adjusts the candidate prime so that it is odd and > root(2)/2. // This allows the product of these two numbers to be .5, which, in fixed point // notation means that the most significant bit is 1. // For this routine, the root(2)/2 (0.7071067811865475) approximated with 0xB505 // which is, in fixed point, 0.7071075439453125 or an error of 0.000108%. Just setting // the upper two bits would give a value > 0.75 which is an error of > 6%. Given the // amount of time all the other computations take, reducing the error is not much of // a cost, but it isn't totally required either. // // The code maps the most significant crypt_uword_t in 'prime' so that a 32-/64-bit // value of 0 to 0xB5050...0 and a value of 0xff...f to 0xff...f. It also sets the LSb // of 'prime' to make sure that the number is odd. // // This code has been fixed so that it will work with a RADIX_SIZE == 64. // // The function also puts the number on a field boundary. LIB_EXPORT void RsaAdjustPrimeCandidate( bigNum prime ); //***BnGeneratePrimeForRSA() // Function to generate a prime of the desired size with the proper attributes // for an RSA prime. TPM_RC BnGeneratePrimeForRSA( bigNum prime, UINT32 bits, UINT32 exponent, RAND_STATE *rand ); #endif // ALG_RSA #endif // _CRYPT_PRIME_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptRand_fp.h000066400000000000000000000173711510276467000306340ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Apr 2, 2019 Time: 03:18:00PM */ #ifndef _CRYPT_RAND_FP_H_ #define _CRYPT_RAND_FP_H_ //*** DRBG_GetEntropy() // Even though this implementation never fails, it may get blocked // indefinitely long in the call to get entropy from the platform // (DRBG_GetEntropy32()). // This function is only used during instantiation of the DRBG for // manufacturing and on each start-up after an non-orderly shutdown. // Return Type: BOOL // TRUE(1) requested entropy returned // FALSE(0) entropy Failure BOOL DRBG_GetEntropy( UINT32 requiredEntropy, // IN: requested number of bytes of full // entropy BYTE *entropy // OUT: buffer to return collected entropy ); //*** IncrementIv() // This function increments the IV value by 1. It is used by EncryptDRBG(). void IncrementIv( DRBG_IV *iv ); //*** DRBG_Reseed() // This function is used when reseeding of the DRBG is required. If // entropy is provided, it is used in lieu of using hardware entropy. // Note: the provided entropy must be the required size. // Return Type: BOOL // TRUE(1) reseed succeeded // FALSE(0) reseed failed, probably due to the entropy generation BOOL DRBG_Reseed( DRBG_STATE *drbgState, // IN: the state to update DRBG_SEED *providedEntropy, // IN: entropy DRBG_SEED *additionalData // IN: ); //*** DRBG_SelfTest() // This is run when the DRBG is instantiated and at startup // Return Type: BOOL // TRUE(1) test OK // FALSE(0) test failed BOOL DRBG_SelfTest( void ); //*** CryptRandomStir() // This function is used to cause a reseed. A DRBG_SEED amount of entropy is // collected from the hardware and then additional data is added. // Return Type: TPM_RC // TPM_RC_NO_RESULT failure of the entropy generator LIB_EXPORT TPM_RC CryptRandomStir( UINT16 additionalDataSize, BYTE *additionalData ); //*** CryptRandomGenerate() // Generate a 'randomSize' number or random bytes. LIB_EXPORT UINT16 CryptRandomGenerate( UINT16 randomSize, BYTE *buffer ); //**** DRBG_InstantiateSeededKdf() // This function is used to instantiate a KDF-based RNG. This is used for derivations. // This function always returns TRUE. LIB_EXPORT BOOL DRBG_InstantiateSeededKdf( KDF_STATE *state, // OUT: buffer to hold the state TPM_ALG_ID hashAlg, // IN: hash algorithm TPM_ALG_ID kdf, // IN: the KDF to use TPM2B *seed, // IN: the seed to use const TPM2B *label, // IN: a label for the generation process. TPM2B *context, // IN: the context value UINT32 limit // IN: Maximum number of bits from the KDF ); //**** DRBG_AdditionalData() // Function to reseed the DRBG with additional entropy. This is normally called // before computing the protection value of a primary key in the Endorsement // hierarchy. LIB_EXPORT void DRBG_AdditionalData( DRBG_STATE *drbgState, // IN:OUT state to update TPM2B *additionalData // IN: value to incorporate ); //**** DRBG_InstantiateSeeded() // This function is used to instantiate a random number generator from seed values. // The nominal use of this generator is to create sequences of pseudo-random // numbers from a seed value. This function always returns TRUE. LIB_EXPORT TPM_RC DRBG_InstantiateSeeded( DRBG_STATE *drbgState, // IN/OUT: buffer to hold the state const TPM2B *seed, // IN: the seed to use const TPM2B *purpose, // IN: a label for the generation process. const TPM2B *name, // IN: name of the object const TPM2B *additional // IN: additional data ); //**** CryptRandStartup() // This function is called when TPM_Startup is executed. This function always returns // TRUE. LIB_EXPORT BOOL CryptRandStartup( void ); //**** CryptRandInit() // This function is called when _TPM_Init is being processed. // Return Type: BOOL // TRUE(1) success // FALSE(0) failure LIB_EXPORT BOOL CryptRandInit( void ); //*** DRBG_Generate() // This function generates a random sequence according SP800-90A. // If 'random' is not NULL, then 'randomSize' bytes of random values are generated. // If 'random' is NULL or 'randomSize' is zero, then the function returns // TRUE without generating any bits or updating the reseed counter. // This function returns 0 if a reseed is required. Otherwise, it returns the // number of bytes produced which could be less than the number requested if the // request is too large. LIB_EXPORT UINT16 DRBG_Generate( RAND_STATE *state, BYTE *random, // OUT: buffer to receive the random values UINT16 randomSize // IN: the number of bytes to generate ); //*** DRBG_Instantiate() // This is CTR_DRBG_Instantiate_algorithm() from [SP 800-90A 10.2.1.3.1]. // This is called when a the TPM DRBG is to be instantiated. This is // called to instantiate a DRBG used by the TPM for normal // operations. // Return Type: BOOL // TRUE(1) instantiation succeeded // FALSE(0) instantiation failed LIB_EXPORT BOOL DRBG_Instantiate( DRBG_STATE *drbgState, // OUT: the instantiated value UINT16 pSize, // IN: Size of personalization string BYTE *personalization // IN: The personalization string ); //*** DRBG_Uninstantiate() // This is Uninstantiate_function() from [SP 800-90A 9.4]. // // Return Type: TPM_RC // TPM_RC_VALUE not a valid state LIB_EXPORT TPM_RC DRBG_Uninstantiate( DRBG_STATE *drbgState // IN/OUT: working state to erase ); #endif // _CRYPT_RAND_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptRsa_fp.h000066400000000000000000000205431510276467000304700ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Apr 2, 2019 Time: 03:18:00PM */ #ifndef _CRYPT_RSA_FP_H_ #define _CRYPT_RSA_FP_H_ #if ALG_RSA //*** CryptRsaInit() // Function called at _TPM_Init(). BOOL CryptRsaInit( void ); //*** CryptRsaStartup() // Function called at TPM2_Startup() BOOL CryptRsaStartup( void ); //*** CryptRsaPssSaltSize() // This function computes the salt size used in PSS. It is broken out so that // the X509 code can get the same value that is used by the encoding function in this // module. INT16 CryptRsaPssSaltSize( INT16 hashSize, INT16 outSize ); //*** MakeDerTag() // Construct the DER value that is used in RSASSA // Return Type: INT16 // > 0 size of value // <= 0 no hash exists INT16 MakeDerTag( TPM_ALG_ID hashAlg, INT16 sizeOfBuffer, BYTE *buffer ); //*** CryptRsaSelectScheme() // This function is used by TPM2_RSA_Decrypt and TPM2_RSA_Encrypt. It sets up // the rules to select a scheme between input and object default. // This function assume the RSA object is loaded. // If a default scheme is defined in object, the default scheme should be chosen, // otherwise, the input scheme should be chosen. // In the case that both the object and 'scheme' are not TPM_ALG_NULL, then // if the schemes are the same, the input scheme will be chosen. // if the scheme are not compatible, a NULL pointer will be returned. // // The return pointer may point to a TPM_ALG_NULL scheme. TPMT_RSA_DECRYPT* CryptRsaSelectScheme( TPMI_DH_OBJECT rsaHandle, // IN: handle of an RSA key TPMT_RSA_DECRYPT *scheme // IN: a sign or decrypt scheme ); //*** CryptRsaLoadPrivateExponent() // This function is called to generate the private exponent of an RSA key. // Return Type: TPM_RC // TPM_RC_BINDING public and private parts of 'rsaKey' are not matched TPM_RC CryptRsaLoadPrivateExponent( TPMT_PUBLIC *publicArea, TPMT_SENSITIVE *sensitive ); //*** CryptRsaEncrypt() // This is the entry point for encryption using RSA. Encryption is // use of the public exponent. The padding parameter determines what // padding will be used. // // The 'cOutSize' parameter must be at least as large as the size of the key. // // If the padding is RSA_PAD_NONE, 'dIn' is treated as a number. It must be // lower in value than the key modulus. // NOTE: If dIn has fewer bytes than cOut, then we don't add low-order zeros to // dIn to make it the size of the RSA key for the call to RSAEP. This is // because the high order bytes of dIn might have a numeric value that is // greater than the value of the key modulus. If this had low-order zeros // added, it would have a numeric value larger than the modulus even though // it started out with a lower numeric value. // // Return Type: TPM_RC // TPM_RC_VALUE 'cOutSize' is too small (must be the size // of the modulus) // TPM_RC_SCHEME 'padType' is not a supported scheme // LIB_EXPORT TPM_RC CryptRsaEncrypt( TPM2B_PUBLIC_KEY_RSA *cOut, // OUT: the encrypted data TPM2B *dIn, // IN: the data to encrypt OBJECT *key, // IN: the key used for encryption TPMT_RSA_DECRYPT *scheme, // IN: the type of padding and hash // if needed const TPM2B *label, // IN: in case it is needed RAND_STATE *rand // IN: random number generator // state (mostly for testing) ); //*** CryptRsaDecrypt() // This is the entry point for decryption using RSA. Decryption is // use of the private exponent. The 'padType' parameter determines what // padding was used. // // Return Type: TPM_RC // TPM_RC_SIZE 'cInSize' is not the same as the size of the public // modulus of 'key'; or numeric value of the encrypted // data is greater than the modulus // TPM_RC_VALUE 'dOutSize' is not large enough for the result // TPM_RC_SCHEME 'padType' is not supported // LIB_EXPORT TPM_RC CryptRsaDecrypt( TPM2B *dOut, // OUT: the decrypted data TPM2B *cIn, // IN: the data to decrypt OBJECT *key, // IN: the key to use for decryption TPMT_RSA_DECRYPT *scheme, // IN: the padding scheme const TPM2B *label // IN: in case it is needed for the scheme ); //*** CryptRsaSign() // This function is used to generate an RSA signature of the type indicated in // 'scheme'. // // Return Type: TPM_RC // TPM_RC_SCHEME 'scheme' or 'hashAlg' are not supported // TPM_RC_VALUE 'hInSize' does not match 'hashAlg' (for RSASSA) // LIB_EXPORT TPM_RC CryptRsaSign( TPMT_SIGNATURE *sigOut, OBJECT *key, // IN: key to use TPM2B_DIGEST *hIn, // IN: the digest to sign RAND_STATE *rand // IN: the random number generator // to use (mostly for testing) ); //*** CryptRsaValidateSignature() // This function is used to validate an RSA signature. If the signature is valid // TPM_RC_SUCCESS is returned. If the signature is not valid, TPM_RC_SIGNATURE is // returned. Other return codes indicate either parameter problems or fatal errors. // // Return Type: TPM_RC // TPM_RC_SIGNATURE the signature does not check // TPM_RC_SCHEME unsupported scheme or hash algorithm // LIB_EXPORT TPM_RC CryptRsaValidateSignature( TPMT_SIGNATURE *sig, // IN: signature OBJECT *key, // IN: public modulus TPM2B_DIGEST *digest // IN: The digest being validated ); //*** CryptRsaGenerateKey() // Generate an RSA key from a provided seed // Return Type: TPM_RC // TPM_RC_CANCELED operation was canceled // TPM_RC_RANGE public exponent is not supported // TPM_RC_VALUE could not find a prime using the provided parameters LIB_EXPORT TPM_RC CryptRsaGenerateKey( TPMT_PUBLIC *publicArea, TPMT_SENSITIVE *sensitive, RAND_STATE *rand // IN: if not NULL, the deterministic // RNG state ); #endif // ALG_RSA #endif // _CRYPT_RSA_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptSelfTest_fp.h000066400000000000000000000114601510276467000314720ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Mar 28, 2019 Time: 08:25:19PM */ #ifndef _CRYPT_SELF_TEST_FP_H_ #define _CRYPT_SELF_TEST_FP_H_ //*** CryptSelfTest() // This function is called to start/complete a full self-test. // If 'fullTest' is NO, then only the untested algorithms will be run. If // 'fullTest' is YES, then 'g_untestedDecryptionAlgorithms' is reinitialized and then // all tests are run. // This implementation of the reference design does not support processing outside // the framework of a TPM command. As a consequence, this command does not // complete until all tests are done. Since this can take a long time, the TPM // will check after each test to see if the command is canceled. If so, then the // TPM will returned TPM_RC_CANCELLED. To continue with the self-tests, call // TPM2_SelfTest(fullTest == No) and the TPM will complete the testing. // Return Type: TPM_RC // TPM_RC_CANCELED if the command is canceled LIB_EXPORT TPM_RC CryptSelfTest( TPMI_YES_NO fullTest // IN: if full test is required ); //*** CryptIncrementalSelfTest() // This function is used to perform an incremental self-test. This implementation // will perform the toTest values before returning. That is, it assumes that the // TPM cannot perform background tasks between commands. // // This command may be canceled. If it is, then there is no return result. // However, this command can be run again and the incremental progress will not // be lost. // Return Type: TPM_RC // TPM_RC_CANCELED processing of this command was canceled // TPM_RC_TESTING if toTest list is not empty // TPM_RC_VALUE an algorithm in the toTest list is not implemented TPM_RC CryptIncrementalSelfTest( TPML_ALG *toTest, // IN: list of algorithms to be tested TPML_ALG *toDoList // OUT: list of algorithms needing test ); //*** CryptInitializeToTest() // This function will initialize the data structures for testing all the // algorithms. This should not be called unless CryptAlgsSetImplemented() has // been called void CryptInitializeToTest( void ); //*** CryptTestAlgorithm() // Only point of contact with the actual self tests. If a self-test fails, there // is no return and the TPM goes into failure mode. // The call to TestAlgorithm uses an algorithm selector and a bit vector. When the // test is run, the corresponding bit in 'toTest' and in 'g_toTest' is CLEAR. If // 'toTest' is NULL, then only the bit in 'g_toTest' is CLEAR. // There is a special case for the call to TestAlgorithm(). When 'alg' is // ALG_ERROR, TestAlgorithm() will CLEAR any bit in 'toTest' for which it has // no test. This allows the knowledge about which algorithms have test to be // accessed through the interface that provides the test. // Return Type: TPM_RC // TPM_RC_CANCELED test was canceled LIB_EXPORT TPM_RC CryptTestAlgorithm( TPM_ALG_ID alg, ALGORITHM_VECTOR *toTest ); #endif // _CRYPT_SELF_TEST_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptSmac_fp.h000066400000000000000000000057641510276467000306360ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Mar 28, 2019 Time: 08:25:19PM */ #ifndef _CRYPT_SMAC_FP_H_ #define _CRYPT_SMAC_FP_H_ #if SMAC_IMPLEMENTED //*** CryptSmacStart() // Function to start an SMAC. UINT16 CryptSmacStart( HASH_STATE *state, TPMU_PUBLIC_PARMS *keyParameters, TPM_ALG_ID macAlg, // IN: the type of MAC TPM2B *key ); //*** CryptMacStart() // Function to start either an HMAC or an SMAC. Cannot reuse the CryptHmacStart // function because of the difference in number of parameters. UINT16 CryptMacStart( HMAC_STATE *state, TPMU_PUBLIC_PARMS *keyParameters, TPM_ALG_ID macAlg, // IN: the type of MAC TPM2B *key ); //*** CryptMacEnd() // Dispatch to the MAC end function using a size and buffer pointer. UINT16 CryptMacEnd( HMAC_STATE *state, UINT32 size, BYTE *buffer ); //*** CryptMacEnd2B() // Dispatch to the MAC end function using a 2B. UINT16 CryptMacEnd2B ( HMAC_STATE *state, TPM2B *data ); #endif // SMAC_IMPLEMENTED #endif // _CRYPT_SMAC_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptSym_fp.h000066400000000000000000000126401510276467000305120ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Apr 2, 2019 Time: 03:18:00PM */ #ifndef _CRYPT_SYM_FP_H_ #define _CRYPT_SYM_FP_H_ //** Initialization and Data Access Functions // //*** CryptSymInit() // This function is called to do _TPM_Init processing BOOL CryptSymInit( void ); //*** CryptSymStartup() // This function is called to do TPM2_Startup() processing BOOL CryptSymStartup( void ); //*** CryptGetSymmetricBlockSize() // This function returns the block size of the algorithm. The table of bit sizes has // an entry for each allowed key size. The entry for a key size is 0 if the TPM does // not implement that key size. The key size table is delimited with a negative number // (-1). After the delimiter is a list of block sizes with each entry corresponding // to the key bit size. For most symmetric algorithms, the block size is the same // regardless of the key size but this arrangement allows them to be different. // Return Type: INT16 // <= 0 cipher not supported // > 0 the cipher block size in bytes LIB_EXPORT INT16 CryptGetSymmetricBlockSize( TPM_ALG_ID symmetricAlg, // IN: the symmetric algorithm UINT16 keySizeInBits // IN: the key size ); //** Symmetric Encryption // This function performs symmetric encryption based on the mode. // Return Type: TPM_RC // TPM_RC_SIZE 'dSize' is not a multiple of the block size for an // algorithm that requires it // TPM_RC_FAILURE Fatal error LIB_EXPORT TPM_RC CryptSymmetricEncrypt( BYTE *dOut, // OUT: TPM_ALG_ID algorithm, // IN: the symmetric algorithm UINT16 keySizeInBits, // IN: key size in bits const BYTE *key, // IN: key buffer. The size of this buffer // in bytes is (keySizeInBits + 7) / 8 TPM2B_IV *ivInOut, // IN/OUT: IV for decryption. TPM_ALG_ID mode, // IN: Mode to use INT32 dSize, // IN: data size (may need to be a // multiple of the blockSize) const BYTE *dIn // IN: data buffer ); //*** CryptSymmetricDecrypt() // This function performs symmetric decryption based on the mode. // Return Type: TPM_RC // TPM_RC_FAILURE A fatal error // TPM_RCS_SIZE 'dSize' is not a multiple of the block size for an // algorithm that requires it LIB_EXPORT TPM_RC CryptSymmetricDecrypt( BYTE *dOut, // OUT: decrypted data TPM_ALG_ID algorithm, // IN: the symmetric algorithm UINT16 keySizeInBits, // IN: key size in bits const BYTE *key, // IN: key buffer. The size of this buffer // in bytes is (keySizeInBits + 7) / 8 TPM2B_IV *ivInOut, // IN/OUT: IV for decryption. TPM_ALG_ID mode, // IN: Mode to use INT32 dSize, // IN: data size (may need to be a // multiple of the blockSize) const BYTE *dIn // IN: data buffer ); //*** CryptSymKeyValidate() // Validate that a provided symmetric key meets the requirements of the TPM // Return Type: TPM_RC // TPM_RC_KEY_SIZE Key size specifiers do not match // TPM_RC_KEY Key is not allowed TPM_RC CryptSymKeyValidate( TPMT_SYM_DEF_OBJECT *symDef, TPM2B_SYM_KEY *key ); #endif // _CRYPT_SYM_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/CryptUtil_fp.h000066400000000000000000000531621510276467000306630ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Mar 28, 2019 Time: 08:25:19PM */ #ifndef _CRYPT_UTIL_FP_H_ #define _CRYPT_UTIL_FP_H_ //*** CryptIsSchemeAnonymous() // This function is used to test a scheme to see if it is an anonymous scheme // The only anonymous scheme is ECDAA. ECDAA can be used to do things // like U-Prove. BOOL CryptIsSchemeAnonymous( TPM_ALG_ID scheme // IN: the scheme algorithm to test ); //*** ParmDecryptSym() // This function performs parameter decryption using symmetric block cipher. void ParmDecryptSym( TPM_ALG_ID symAlg, // IN: the symmetric algorithm TPM_ALG_ID hash, // IN: hash algorithm for KDFa UINT16 keySizeInBits, // IN: the key size in bits TPM2B *key, // IN: KDF HMAC key TPM2B *nonceCaller, // IN: nonce caller TPM2B *nonceTpm, // IN: nonce TPM UINT32 dataSize, // IN: size of parameter buffer BYTE *data // OUT: buffer to be decrypted ); //*** ParmEncryptSym() // This function performs parameter encryption using symmetric block cipher. void ParmEncryptSym( TPM_ALG_ID symAlg, // IN: symmetric algorithm TPM_ALG_ID hash, // IN: hash algorithm for KDFa UINT16 keySizeInBits, // IN: symmetric key size in bits TPM2B *key, // IN: KDF HMAC key TPM2B *nonceCaller, // IN: nonce caller TPM2B *nonceTpm, // IN: nonce TPM UINT32 dataSize, // IN: size of parameter buffer BYTE *data // OUT: buffer to be encrypted ); //*** CryptXORObfuscation() // This function implements XOR obfuscation. It should not be called if the // hash algorithm is not implemented. The only return value from this function // is TPM_RC_SUCCESS. void CryptXORObfuscation( TPM_ALG_ID hash, // IN: hash algorithm for KDF TPM2B *key, // IN: KDF key TPM2B *contextU, // IN: contextU TPM2B *contextV, // IN: contextV UINT32 dataSize, // IN: size of data buffer BYTE *data // IN/OUT: data to be XORed in place ); //*** CryptInit() // This function is called when the TPM receives a _TPM_Init indication. // // NOTE: The hash algorithms do not have to be tested, they just need to be // available. They have to be tested before the TPM can accept HMAC authorization // or return any result that relies on a hash algorithm. // Return Type: BOOL // TRUE(1) initializations succeeded // FALSE(0) initialization failed and caller should place the TPM into // Failure Mode BOOL CryptInit( void ); //*** CryptStartup() // This function is called by TPM2_Startup() to initialize the functions in // this cryptographic library and in the provided CryptoLibrary. This function // and CryptUtilInit() are both provided so that the implementation may move the // initialization around to get the best interaction. // Return Type: BOOL // TRUE(1) startup succeeded // FALSE(0) startup failed and caller should place the TPM into // Failure Mode BOOL CryptStartup( STARTUP_TYPE type // IN: the startup type ); //**************************************************************************** //** Algorithm-Independent Functions //**************************************************************************** //*** Introduction // These functions are used generically when a function of a general type // (e.g., symmetric encryption) is required. The functions will modify the // parameters as required to interface to the indicated algorithms. // //*** CryptIsAsymAlgorithm() // This function indicates if an algorithm is an asymmetric algorithm. // Return Type: BOOL // TRUE(1) if it is an asymmetric algorithm // FALSE(0) if it is not an asymmetric algorithm BOOL CryptIsAsymAlgorithm( TPM_ALG_ID algID // IN: algorithm ID ); //*** CryptSecretEncrypt() // This function creates a secret value and its associated secret structure using // an asymmetric algorithm. // // This function is used by TPM2_Rewrap() TPM2_MakeCredential(), // and TPM2_Duplicate(). // Return Type: TPM_RC // TPM_RC_ATTRIBUTES 'keyHandle' does not reference a valid decryption key // TPM_RC_KEY invalid ECC key (public point is not on the curve) // TPM_RC_SCHEME RSA key with an unsupported padding scheme // TPM_RC_VALUE numeric value of the data to be decrypted is greater // than the RSA key modulus TPM_RC CryptSecretEncrypt( OBJECT *encryptKey, // IN: encryption key object const TPM2B *label, // IN: a null-terminated string as L TPM2B_DATA *data, // OUT: secret value TPM2B_ENCRYPTED_SECRET *secret // OUT: secret structure ); //*** CryptSecretDecrypt() // Decrypt a secret value by asymmetric (or symmetric) algorithm // This function is used for ActivateCredential and Import for asymmetric // decryption, and StartAuthSession for both asymmetric and symmetric // decryption process // // Return Type: TPM_RC // TPM_RC_ATTRIBUTES RSA key is not a decryption key // TPM_RC_BINDING Invalid RSA key (public and private parts are not // cryptographically bound. // TPM_RC_ECC_POINT ECC point in the secret is not on the curve // TPM_RC_INSUFFICIENT failed to retrieve ECC point from the secret // TPM_RC_NO_RESULT multiplication resulted in ECC point at infinity // TPM_RC_SIZE data to decrypt is not of the same size as RSA key // TPM_RC_VALUE For RSA key, numeric value of the encrypted data is // greater than the modulus, or the recovered data is // larger than the output buffer. // For keyedHash or symmetric key, the secret is // larger than the size of the digest produced by // the name algorithm. // TPM_RC_FAILURE internal error TPM_RC CryptSecretDecrypt( OBJECT *decryptKey, // IN: decrypt key TPM2B_NONCE *nonceCaller, // IN: nonceCaller. It is needed for // symmetric decryption. For // asymmetric decryption, this // parameter is NULL const TPM2B *label, // IN: a value for L TPM2B_ENCRYPTED_SECRET *secret, // IN: input secret TPM2B_DATA *data // OUT: decrypted secret value ); //*** CryptParameterEncryption() // This function does in-place encryption of a response parameter. void CryptParameterEncryption( TPM_HANDLE handle, // IN: encrypt session handle TPM2B *nonceCaller, // IN: nonce caller UINT16 leadingSizeInByte, // IN: the size of the leading size field in // bytes TPM2B_AUTH *extraKey, // IN: additional key material other than // sessionAuth BYTE *buffer // IN/OUT: parameter buffer to be encrypted ); //*** CryptParameterDecryption() // This function does in-place decryption of a command parameter. // Return Type: TPM_RC // TPM_RC_SIZE The number of bytes in the input buffer is less than // the number of bytes to be decrypted. TPM_RC CryptParameterDecryption( TPM_HANDLE handle, // IN: encrypted session handle TPM2B *nonceCaller, // IN: nonce caller UINT32 bufferSize, // IN: size of parameter buffer UINT16 leadingSizeInByte, // IN: the size of the leading size field in // byte TPM2B_AUTH *extraKey, // IN: the authValue BYTE *buffer // IN/OUT: parameter buffer to be decrypted ); //*** CryptComputeSymmetricUnique() // This function computes the unique field in public area for symmetric objects. void CryptComputeSymmetricUnique( TPMT_PUBLIC *publicArea, // IN: the object's public area TPMT_SENSITIVE *sensitive, // IN: the associated sensitive area TPM2B_DIGEST *unique // OUT: unique buffer ); //*** CryptCreateObject() // This function creates an object. // For an asymmetric key, it will create a key pair and, for a parent key, a seed // value for child protections. // // For an symmetric object, (TPM_ALG_SYMCIPHER or TPM_ALG_KEYEDHASH), it will // create a secret key if the caller did not provide one. It will create a random // secret seed value that is hashed with the secret value to create the public // unique value. // // 'publicArea', 'sensitive', and 'sensitiveCreate' are the only required parameters // and are the only ones that are used by TPM2_Create(). The other parameters // are optional and are used when the generated Object needs to be deterministic. // This is the case for both Primary Objects and Derived Objects. // // When a seed value is provided, a RAND_STATE will be populated and used for // all operations in the object generation that require a random number. In the // simplest case, TPM2_CreatePrimary() will use 'seed', 'label' and 'context' with // context being the hash of the template. If the Primary Object is in // the Endorsement hierarchy, it will also populate 'proof' with ehProof. // // For derived keys, 'seed' will be the secret value from the parent, 'label' and // 'context' will be set according to the parameters of TPM2_CreateLoaded() and // 'hashAlg' will be set which causes the RAND_STATE to be a KDF generator. // // Return Type: TPM_RC // TPM_RC_KEY a provided key is not an allowed value // TPM_RC_KEY_SIZE key size in the public area does not match the size // in the sensitive creation area for a symmetric key // TPM_RC_NO_RESULT unable to get random values (only in derivation) // TPM_RC_RANGE for an RSA key, the exponent is not supported // TPM_RC_SIZE sensitive data size is larger than allowed for the // scheme for a keyed hash object // TPM_RC_VALUE exponent is not prime or could not find a prime using // the provided parameters for an RSA key; // unsupported name algorithm for an ECC key TPM_RC CryptCreateObject( OBJECT *object, // IN: new object structure pointer TPMS_SENSITIVE_CREATE *sensitiveCreate, // IN: sensitive creation RAND_STATE *rand // IN: the random number generator // to use ); //*** CryptGetSignHashAlg() // Get the hash algorithm of signature from a TPMT_SIGNATURE structure. // It assumes the signature is not NULL // This is a function for easy access TPMI_ALG_HASH CryptGetSignHashAlg( TPMT_SIGNATURE *auth // IN: signature ); //*** CryptIsSplitSign() // This function us used to determine if the signing operation is a split // signing operation that required a TPM2_Commit(). // BOOL CryptIsSplitSign( TPM_ALG_ID scheme // IN: the algorithm selector ); //*** CryptIsAsymSignScheme() // This function indicates if a scheme algorithm is a sign algorithm. BOOL CryptIsAsymSignScheme( TPMI_ALG_PUBLIC publicType, // IN: Type of the object TPMI_ALG_ASYM_SCHEME scheme // IN: the scheme ); //*** CryptIsAsymDecryptScheme() // This function indicate if a scheme algorithm is a decrypt algorithm. BOOL CryptIsAsymDecryptScheme( TPMI_ALG_PUBLIC publicType, // IN: Type of the object TPMI_ALG_ASYM_SCHEME scheme // IN: the scheme ); //*** CryptSelectSignScheme() // This function is used by the attestation and signing commands. It implements // the rules for selecting the signature scheme to use in signing. This function // requires that the signing key either be TPM_RH_NULL or be loaded. // // If a default scheme is defined in object, the default scheme should be chosen, // otherwise, the input scheme should be chosen. // In the case that both object and input scheme has a non-NULL scheme // algorithm, if the schemes are compatible, the input scheme will be chosen. // // This function should not be called if 'signObject->publicArea.type' == // ALG_SYMCIPHER. // // Return Type: BOOL // TRUE(1) scheme selected // FALSE(0) both 'scheme' and key's default scheme are empty; or // 'scheme' is empty while key's default scheme requires // explicit input scheme (split signing); or // non-empty default key scheme differs from 'scheme' BOOL CryptSelectSignScheme( OBJECT *signObject, // IN: signing key TPMT_SIG_SCHEME *scheme // IN/OUT: signing scheme ); //*** CryptSign() // Sign a digest with asymmetric key or HMAC. // This function is called by attestation commands and the generic TPM2_Sign // command. // This function checks the key scheme and digest size. It does not // check if the sign operation is allowed for restricted key. It should be // checked before the function is called. // The function will assert if the key is not a signing key. // // Return Type: TPM_RC // TPM_RC_SCHEME 'signScheme' is not compatible with the signing key type // TPM_RC_VALUE 'digest' value is greater than the modulus of // 'signHandle' or size of 'hashData' does not match hash // algorithm in'signScheme' (for an RSA key); // invalid commit status or failed to generate "r" value // (for an ECC key) TPM_RC CryptSign( OBJECT *signKey, // IN: signing key TPMT_SIG_SCHEME *signScheme, // IN: sign scheme. TPM2B_DIGEST *digest, // IN: The digest being signed TPMT_SIGNATURE *signature // OUT: signature ); //*** CryptValidateSignature() // This function is used to verify a signature. It is called by // TPM2_VerifySignature() and TPM2_PolicySigned. // // Since this operation only requires use of a public key, no consistency // checks are necessary for the key to signature type because a caller can load // any public key that they like with any scheme that they like. This routine // simply makes sure that the signature is correct, whatever the type. // // Return Type: TPM_RC // TPM_RC_SIGNATURE the signature is not genuine // TPM_RC_SCHEME the scheme is not supported // TPM_RC_HANDLE an HMAC key was selected but the // private part of the key is not loaded TPM_RC CryptValidateSignature( TPMI_DH_OBJECT keyHandle, // IN: The handle of sign key TPM2B_DIGEST *digest, // IN: The digest being validated TPMT_SIGNATURE *signature // IN: signature ); //*** CryptGetTestResult // This function returns the results of a self-test function. // Note: the behavior in this function is NOT the correct behavior for a real // TPM implementation. An artificial behavior is placed here due to the // limitation of a software simulation environment. For the correct behavior, // consult the part 3 specification for TPM2_GetTestResult(). TPM_RC CryptGetTestResult( TPM2B_MAX_BUFFER *outData // OUT: test result data ); //*** CryptIsUniqueSizeValid() // This function validates that the unique values are consistent. // NOTE: This is not a comprehensive test of the public key. // Return Type: BOOL // TRUE(1) sizes are consistent // FALSE(0) sizes are not consistent BOOL CryptIsUniqueSizeValid( TPMT_PUBLIC *publicArea // IN: the public area to check ); //*** CryptIsSensitiveSizeValid() // This function is used by TPM2_LoadExternal() to validate that the sensitive area // contains a 'sensitive' value that is consistent with the values in the public // area. BOOL CryptIsSensitiveSizeValid( TPMT_PUBLIC *publicArea, // IN: the object's public part TPMT_SENSITIVE *sensitiveArea // IN: the object's sensitive part ); //*** CryptValidateKeys() // This function is used to verify that the key material of and object is valid. // For a 'publicOnly' object, the key is verified for size and, if it is an ECC // key, it is verified to be on the specified curve. For a key with a sensitive // area, the binding between the public and private parts of the key are verified. // If the nameAlg of the key is TPM_ALG_NULL, then the size of the sensitive area // is verified but the public portion is not verified, unless the key is an RSA key. // For an RSA key, the reason for loading the sensitive area is to use it. The // only way to use a private RSA key is to compute the private exponent. To compute // the private exponent, the public modulus is used. // Return Type: TPM_RC // TPM_RC_BINDING the public and private parts are not cryptographically // bound // TPM_RC_HASH cannot have a publicOnly key with nameAlg of TPM_ALG_NULL // TPM_RC_KEY the public unique is not valid // TPM_RC_KEY_SIZE the private area key is not valid // TPM_RC_TYPE the types of the sensitive and private parts do not match TPM_RC CryptValidateKeys( TPMT_PUBLIC *publicArea, TPMT_SENSITIVE *sensitive, TPM_RC blamePublic, TPM_RC blameSensitive ); //*** CryptAlgSetImplemented() // This function initializes the bit vector with one bit for each implemented // algorithm. This function is called from _TPM_Init(). The vector of implemented // algorithms should be generated by the part 2 parser so that the // 'g_implementedAlgorithms' vector can be a constant. That's not how it is now void CryptAlgsSetImplemented( void ); //*** CryptSelectMac() // This function is used to set the MAC scheme based on the key parameters and // the input scheme. // Return Type: TPM_RC // TPM_RC_SCHEME the scheme is not a valid mac scheme // TPM_RC_TYPE the input key is not a type that supports a mac // TPM_RC_VALUE the input scheme and the key scheme are not compatible TPM_RC CryptSelectMac( TPMT_PUBLIC *publicArea, TPMI_ALG_MAC_SCHEME *inMac ); //*** CryptMacIsValidForKey() // Check to see if the key type is compatible with the mac type BOOL CryptMacIsValidForKey( TPM_ALG_ID keyType, TPM_ALG_ID macAlg, BOOL flag ); //*** CryptSmacIsValidAlg() // This function is used to test if an algorithm is a supported SMAC algorithm. It // needs to be updated as new algorithms are added. BOOL CryptSmacIsValidAlg( TPM_ALG_ID alg, BOOL FLAG // IN: Indicates if TPM_ALG_NULL is valid ); //*** CryptSymModeIsValid() // Function checks to see if an algorithm ID is a valid, symmetric block cipher // mode for the TPM. If 'flag' is SET, them TPM_ALG_NULL is a valid mode. // not include the modes used for SMAC BOOL CryptSymModeIsValid( TPM_ALG_ID mode, BOOL flag ); #endif // _CRYPT_UTIL_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/DA_fp.h000066400000000000000000000066461510276467000272150ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Apr 2, 2019 Time: 04:23:27PM */ #ifndef _DA_FP_H_ #define _DA_FP_H_ //*** DAPreInstall_Init() // This function initializes the DA parameters to their manufacturer-default // values. The default values are determined by a platform-specific specification. // // This function should not be called outside of a manufacturing or simulation // environment. // // The DA parameters will be restored to these initial values by TPM2_Clear(). void DAPreInstall_Init( void ); //*** DAStartup() // This function is called by TPM2_Startup() to initialize the DA parameters. // In the case of Startup(CLEAR), use of lockoutAuth will be enabled if the // lockout recovery time is 0. Otherwise, lockoutAuth will not be enabled until // the TPM has been continuously powered for the lockoutRecovery time. // // This function requires that NV be available and not rate limiting. BOOL DAStartup( STARTUP_TYPE type // IN: startup type ); //*** DARegisterFailure() // This function is called when a authorization failure occurs on an entity // that is subject to dictionary-attack protection. When a DA failure is // triggered, register the failure by resetting the relevant self-healing // timer to the current time. void DARegisterFailure( TPM_HANDLE handle // IN: handle for failure ); //*** DASelfHeal() // This function is called to check if sufficient time has passed to allow // decrement of failedTries or to re-enable use of lockoutAuth. // // This function should be called when the time interval is updated. void DASelfHeal( void ); #endif // _DA_FP_H_ DictionaryAttackLockReset_fp.h000066400000000000000000000046601510276467000337150ustar00rootroot00000000000000go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_DictionaryAttackLockReset // Command must be enabled #ifndef _Dictionary_Attack_Lock_Reset_FP_H_ #define _Dictionary_Attack_Lock_Reset_FP_H_ // Input structure definition typedef struct { TPMI_RH_LOCKOUT lockHandle; } DictionaryAttackLockReset_In; // Response code modifiers #define RC_DictionaryAttackLockReset_lockHandle (TPM_RC_H + TPM_RC_1) // Function prototype TPM_RC TPM2_DictionaryAttackLockReset( DictionaryAttackLockReset_In *in ); #endif // _Dictionary_Attack_Lock_Reset_FP_H_ #endif // CC_DictionaryAttackLockReset DictionaryAttackParameters_fp.h000066400000000000000000000055271510276467000341300ustar00rootroot00000000000000go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_DictionaryAttackParameters // Command must be enabled #ifndef _Dictionary_Attack_Parameters_FP_H_ #define _Dictionary_Attack_Parameters_FP_H_ // Input structure definition typedef struct { TPMI_RH_LOCKOUT lockHandle; UINT32 newMaxTries; UINT32 newRecoveryTime; UINT32 lockoutRecovery; } DictionaryAttackParameters_In; // Response code modifiers #define RC_DictionaryAttackParameters_lockHandle (TPM_RC_H + TPM_RC_1) #define RC_DictionaryAttackParameters_newMaxTries (TPM_RC_P + TPM_RC_1) #define RC_DictionaryAttackParameters_newRecoveryTime (TPM_RC_P + TPM_RC_2) #define RC_DictionaryAttackParameters_lockoutRecovery (TPM_RC_P + TPM_RC_3) // Function prototype TPM_RC TPM2_DictionaryAttackParameters( DictionaryAttackParameters_In *in ); #endif // _Dictionary_Attack_Parameters_FP_H_ #endif // CC_DictionaryAttackParameters go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Duplicate_fp.h000066400000000000000000000055321510276467000306340ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_Duplicate // Command must be enabled #ifndef _Duplicate_FP_H_ #define _Duplicate_FP_H_ // Input structure definition typedef struct { TPMI_DH_OBJECT objectHandle; TPMI_DH_OBJECT newParentHandle; TPM2B_DATA encryptionKeyIn; TPMT_SYM_DEF_OBJECT symmetricAlg; } Duplicate_In; // Output structure definition typedef struct { TPM2B_DATA encryptionKeyOut; TPM2B_PRIVATE duplicate; TPM2B_ENCRYPTED_SECRET outSymSeed; } Duplicate_Out; // Response code modifiers #define RC_Duplicate_objectHandle (TPM_RC_H + TPM_RC_1) #define RC_Duplicate_newParentHandle (TPM_RC_H + TPM_RC_2) #define RC_Duplicate_encryptionKeyIn (TPM_RC_P + TPM_RC_1) #define RC_Duplicate_symmetricAlg (TPM_RC_P + TPM_RC_2) // Function prototype TPM_RC TPM2_Duplicate( Duplicate_In *in, Duplicate_Out *out ); #endif // _Duplicate_FP_H_ #endif // CC_Duplicate go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ECC_Parameters_fp.h000066400000000000000000000047221510276467000314770ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_ECC_Parameters // Command must be enabled #ifndef _ECC_Parameters_FP_H_ #define _ECC_Parameters_FP_H_ // Input structure definition typedef struct { TPMI_ECC_CURVE curveID; } ECC_Parameters_In; // Output structure definition typedef struct { TPMS_ALGORITHM_DETAIL_ECC parameters; } ECC_Parameters_Out; // Response code modifiers #define RC_ECC_Parameters_curveID (TPM_RC_P + TPM_RC_1) // Function prototype TPM_RC TPM2_ECC_Parameters( ECC_Parameters_In *in, ECC_Parameters_Out *out ); #endif // _ECC_Parameters_FP_H_ #endif // CC_ECC_Parameters go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ECDH_KeyGen_fp.h000066400000000000000000000047461510276467000306750ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_ECDH_KeyGen // Command must be enabled #ifndef _ECDH_Key_Gen_FP_H_ #define _ECDH_Key_Gen_FP_H_ // Input structure definition typedef struct { TPMI_DH_OBJECT keyHandle; } ECDH_KeyGen_In; // Output structure definition typedef struct { TPM2B_ECC_POINT zPoint; TPM2B_ECC_POINT pubPoint; } ECDH_KeyGen_Out; // Response code modifiers #define RC_ECDH_KeyGen_keyHandle (TPM_RC_H + TPM_RC_1) // Function prototype TPM_RC TPM2_ECDH_KeyGen( ECDH_KeyGen_In *in, ECDH_KeyGen_Out *out ); #endif // _ECDH_Key_Gen_FP_H_ #endif // CC_ECDH_KeyGen go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ECDH_ZGen_fp.h000066400000000000000000000050071510276467000303450ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_ECDH_ZGen // Command must be enabled #ifndef _ECDH_ZGen_FP_H_ #define _ECDH_ZGen_FP_H_ // Input structure definition typedef struct { TPMI_DH_OBJECT keyHandle; TPM2B_ECC_POINT inPoint; } ECDH_ZGen_In; // Output structure definition typedef struct { TPM2B_ECC_POINT outPoint; } ECDH_ZGen_Out; // Response code modifiers #define RC_ECDH_ZGen_keyHandle (TPM_RC_H + TPM_RC_1) #define RC_ECDH_ZGen_inPoint (TPM_RC_P + TPM_RC_1) // Function prototype TPM_RC TPM2_ECDH_ZGen( ECDH_ZGen_In *in, ECDH_ZGen_Out *out ); #endif // _ECDH_ZGen_FP_H_ #endif // CC_ECDH_ZGen go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EC_Ephemeral_fp.h000066400000000000000000000047371510276467000312010ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_EC_Ephemeral // Command must be enabled #ifndef _EC_Ephemeral_FP_H_ #define _EC_Ephemeral_FP_H_ // Input structure definition typedef struct { TPMI_ECC_CURVE curveID; } EC_Ephemeral_In; // Output structure definition typedef struct { TPM2B_ECC_POINT Q; UINT16 counter; } EC_Ephemeral_Out; // Response code modifiers #define RC_EC_Ephemeral_curveID (TPM_RC_P + TPM_RC_1) // Function prototype TPM_RC TPM2_EC_Ephemeral( EC_Ephemeral_In *in, EC_Ephemeral_Out *out ); #endif // _EC_Ephemeral_FP_H_ #endif // CC_EC_Ephemeral go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EncryptDecrypt2_fp.h000066400000000000000000000056151510276467000317650ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_EncryptDecrypt2 // Command must be enabled #ifndef _Encrypt_Decrypt2_FP_H_ #define _Encrypt_Decrypt2_FP_H_ // Input structure definition typedef struct { TPMI_DH_OBJECT keyHandle; TPM2B_MAX_BUFFER inData; TPMI_YES_NO decrypt; TPMI_ALG_CIPHER_MODE mode; TPM2B_IV ivIn; } EncryptDecrypt2_In; // Output structure definition typedef struct { TPM2B_MAX_BUFFER outData; TPM2B_IV ivOut; } EncryptDecrypt2_Out; // Response code modifiers #define RC_EncryptDecrypt2_keyHandle (TPM_RC_H + TPM_RC_1) #define RC_EncryptDecrypt2_inData (TPM_RC_P + TPM_RC_1) #define RC_EncryptDecrypt2_decrypt (TPM_RC_P + TPM_RC_2) #define RC_EncryptDecrypt2_mode (TPM_RC_P + TPM_RC_3) #define RC_EncryptDecrypt2_ivIn (TPM_RC_P + TPM_RC_4) // Function prototype TPM_RC TPM2_EncryptDecrypt2( EncryptDecrypt2_In *in, EncryptDecrypt2_Out *out ); #endif // _Encrypt_Decrypt2_FP_H_ #endif // CC_EncryptDecrypt2 go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EncryptDecrypt_fp.h000066400000000000000000000056011510276467000316760ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_EncryptDecrypt // Command must be enabled #ifndef _Encrypt_Decrypt_FP_H_ #define _Encrypt_Decrypt_FP_H_ // Input structure definition typedef struct { TPMI_DH_OBJECT keyHandle; TPMI_YES_NO decrypt; TPMI_ALG_CIPHER_MODE mode; TPM2B_IV ivIn; TPM2B_MAX_BUFFER inData; } EncryptDecrypt_In; // Output structure definition typedef struct { TPM2B_MAX_BUFFER outData; TPM2B_IV ivOut; } EncryptDecrypt_Out; // Response code modifiers #define RC_EncryptDecrypt_keyHandle (TPM_RC_H + TPM_RC_1) #define RC_EncryptDecrypt_decrypt (TPM_RC_P + TPM_RC_1) #define RC_EncryptDecrypt_mode (TPM_RC_P + TPM_RC_2) #define RC_EncryptDecrypt_ivIn (TPM_RC_P + TPM_RC_3) #define RC_EncryptDecrypt_inData (TPM_RC_P + TPM_RC_4) // Function prototype TPM_RC TPM2_EncryptDecrypt( EncryptDecrypt_In *in, EncryptDecrypt_Out *out ); #endif // _Encrypt_Decrypt_FP_H_ #endif // CC_EncryptDecrypt go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EncryptDecrypt_spt_fp.h000066400000000000000000000054101510276467000325620ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Mar 28, 2019 Time: 08:25:18PM */ #ifndef _ENCRYPT_DECRYPT_SPT_FP_H_ #define _ENCRYPT_DECRYPT_SPT_FP_H_ #if CC_EncryptDecrypt2 // Return Type: TPM_RC // TPM_RC_KEY is not a symmetric decryption key with both // public and private portions loaded // TPM_RC_SIZE 'IvIn' size is incompatible with the block cipher mode; // or 'inData' size is not an even multiple of the block // size for CBC or ECB mode // TPM_RC_VALUE 'keyHandle' is restricted and the argument 'mode' does // not match the key's mode TPM_RC EncryptDecryptShared( TPMI_DH_OBJECT keyHandleIn, TPMI_YES_NO decryptIn, TPMI_ALG_SYM_MODE modeIn, TPM2B_IV *ivIn, TPM2B_MAX_BUFFER *inData, EncryptDecrypt_Out *out ); #endif // CC_EncryptDecrypt #endif // _ENCRYPT_DECRYPT_SPT_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Entity_fp.h000066400000000000000000000111451510276467000301730ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Mar 28, 2019 Time: 08:25:19PM */ #ifndef _ENTITY_FP_H_ #define _ENTITY_FP_H_ //** Functions //*** EntityGetLoadStatus() // This function will check that all the handles access loaded entities. // Return Type: TPM_RC // TPM_RC_HANDLE handle type does not match // TPM_RC_REFERENCE_Hx entity is not present // TPM_RC_HIERARCHY entity belongs to a disabled hierarchy // TPM_RC_OBJECT_MEMORY handle is an evict object but there is no // space to load it to RAM TPM_RC EntityGetLoadStatus( COMMAND *command // IN/OUT: command parsing structure ); //*** EntityGetAuthValue() // This function is used to access the 'authValue' associated with a handle. // This function assumes that the handle references an entity that is accessible // and the handle is not for a persistent objects. That is EntityGetLoadStatus() // should have been called. Also, the accessibility of the authValue should have // been verified by IsAuthValueAvailable(). // // This function copies the authorization value of the entity to 'auth'. // Return Type: UINT16 // count number of bytes in the authValue with 0's stripped UINT16 EntityGetAuthValue( TPMI_DH_ENTITY handle, // IN: handle of entity TPM2B_AUTH *auth // OUT: authValue of the entity ); //*** EntityGetAuthPolicy() // This function is used to access the 'authPolicy' associated with a handle. // This function assumes that the handle references an entity that is accessible // and the handle is not for a persistent objects. That is EntityGetLoadStatus() // should have been called. Also, the accessibility of the authPolicy should have // been verified by IsAuthPolicyAvailable(). // // This function copies the authorization policy of the entity to 'authPolicy'. // // The return value is the hash algorithm for the policy. TPMI_ALG_HASH EntityGetAuthPolicy( TPMI_DH_ENTITY handle, // IN: handle of entity TPM2B_DIGEST *authPolicy // OUT: authPolicy of the entity ); //*** EntityGetName() // This function returns the Name associated with a handle. TPM2B_NAME * EntityGetName( TPMI_DH_ENTITY handle, // IN: handle of entity TPM2B_NAME *name // OUT: name of entity ); //*** EntityGetHierarchy() // This function returns the hierarchy handle associated with an entity. // 1. A handle that is a hierarchy handle is associated with itself. // 2. An NV index belongs to TPM_RH_PLATFORM if TPMA_NV_PLATFORMCREATE, // is SET, otherwise it belongs to TPM_RH_OWNER // 3. An object handle belongs to its hierarchy. TPMI_RH_HIERARCHY EntityGetHierarchy( TPMI_DH_ENTITY handle // IN :handle of entity ); #endif // _ENTITY_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EventSequenceComplete_fp.h000066400000000000000000000054471510276467000331720ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_EventSequenceComplete // Command must be enabled #ifndef _Event_Sequence_Complete_FP_H_ #define _Event_Sequence_Complete_FP_H_ // Input structure definition typedef struct { TPMI_DH_PCR pcrHandle; TPMI_DH_OBJECT sequenceHandle; TPM2B_MAX_BUFFER buffer; } EventSequenceComplete_In; // Output structure definition typedef struct { TPML_DIGEST_VALUES results; } EventSequenceComplete_Out; // Response code modifiers #define RC_EventSequenceComplete_pcrHandle (TPM_RC_H + TPM_RC_1) #define RC_EventSequenceComplete_sequenceHandle (TPM_RC_H + TPM_RC_2) #define RC_EventSequenceComplete_buffer (TPM_RC_P + TPM_RC_1) // Function prototype TPM_RC TPM2_EventSequenceComplete( EventSequenceComplete_In *in, EventSequenceComplete_Out *out ); #endif // _Event_Sequence_Complete_FP_H_ #endif // CC_EventSequenceComplete go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/EvictControl_fp.h000066400000000000000000000050051510276467000313300ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_EvictControl // Command must be enabled #ifndef _Evict_Control_FP_H_ #define _Evict_Control_FP_H_ // Input structure definition typedef struct { TPMI_RH_PROVISION auth; TPMI_DH_OBJECT objectHandle; TPMI_DH_PERSISTENT persistentHandle; } EvictControl_In; // Response code modifiers #define RC_EvictControl_auth (TPM_RC_H + TPM_RC_1) #define RC_EvictControl_objectHandle (TPM_RC_H + TPM_RC_2) #define RC_EvictControl_persistentHandle (TPM_RC_P + TPM_RC_1) // Function prototype TPM_RC TPM2_EvictControl( EvictControl_In *in ); #endif // _Evict_Control_FP_H_ #endif // CC_EvictControl go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ExecCommand_fp.h000066400000000000000000000077111510276467000311060ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Mar 28, 2019 Time: 08:25:19PM */ #ifndef _EXEC_COMMAND_FP_H_ #define _EXEC_COMMAND_FP_H_ //** ExecuteCommand() // // The function performs the following steps. // // a) Parses the command header from input buffer. // b) Calls ParseHandleBuffer() to parse the handle area of the command. // c) Validates that each of the handles references a loaded entity. // d) Calls ParseSessionBuffer () to: // 1) unmarshal and parse the session area; // 2) check the authorizations; and // 3) when necessary, decrypt a parameter. // e) Calls CommandDispatcher() to: // 1) unmarshal the command parameters from the command buffer; // 2) call the routine that performs the command actions; and // 3) marshal the responses into the response buffer. // f) If any error occurs in any of the steps above create the error response // and return. // g) Calls BuildResponseSessions() to: // 1) when necessary, encrypt a parameter // 2) build the response authorization sessions // 3) update the audit sessions and nonces // h) Calls BuildResponseHeader() to complete the construction of the response. // // 'responseSize' is set by the caller to the maximum number of bytes available in // the output buffer. ExecuteCommand will adjust the value and return the number // of bytes placed in the buffer. // // 'response' is also set by the caller to indicate the buffer into which // ExecuteCommand is to place the response. // // 'request' and 'response' may point to the same buffer // // Note: As of February, 2016, the failure processing has been moved to the // platform-specific code. When the TPM code encounters an unrecoverable failure, it // will SET g_inFailureMode and call _plat__Fail(). That function should not return // but may call ExecuteCommand(). // LIB_EXPORT void ExecuteCommand( uint32_t requestSize, // IN: command buffer size unsigned char *request, // IN: command buffer uint32_t *responseSize, // IN/OUT: response buffer size unsigned char **response // IN/OUT: response buffer ); #endif // _EXEC_COMMAND_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/FieldUpgradeData_fp.h000066400000000000000000000050251510276467000320440ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_FieldUpgradeData // Command must be enabled #ifndef _Field_Upgrade_Data_FP_H_ #define _Field_Upgrade_Data_FP_H_ // Input structure definition typedef struct { TPM2B_MAX_BUFFER fuData; } FieldUpgradeData_In; // Output structure definition typedef struct { TPMT_HA nextDigest; TPMT_HA firstDigest; } FieldUpgradeData_Out; // Response code modifiers #define RC_FieldUpgradeData_fuData (TPM_RC_P + TPM_RC_1) // Function prototype TPM_RC TPM2_FieldUpgradeData( FieldUpgradeData_In *in, FieldUpgradeData_Out *out ); #endif // _Field_Upgrade_Data_FP_H_ #endif // CC_FieldUpgradeData go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/FieldUpgradeStart_fp.h000066400000000000000000000053001510276467000322640ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_FieldUpgradeStart // Command must be enabled #ifndef _Field_Upgrade_Start_FP_H_ #define _Field_Upgrade_Start_FP_H_ // Input structure definition typedef struct { TPMI_RH_PLATFORM authorization; TPMI_DH_OBJECT keyHandle; TPM2B_DIGEST fuDigest; TPMT_SIGNATURE manifestSignature; } FieldUpgradeStart_In; // Response code modifiers #define RC_FieldUpgradeStart_authorization (TPM_RC_H + TPM_RC_1) #define RC_FieldUpgradeStart_keyHandle (TPM_RC_H + TPM_RC_2) #define RC_FieldUpgradeStart_fuDigest (TPM_RC_P + TPM_RC_1) #define RC_FieldUpgradeStart_manifestSignature (TPM_RC_P + TPM_RC_2) // Function prototype TPM_RC TPM2_FieldUpgradeStart( FieldUpgradeStart_In *in ); #endif // _Field_Upgrade_Start_FP_H_ #endif // CC_FieldUpgradeStart go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/FirmwareRead_fp.h000066400000000000000000000047141510276467000312730ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_FirmwareRead // Command must be enabled #ifndef _Firmware_Read_FP_H_ #define _Firmware_Read_FP_H_ // Input structure definition typedef struct { UINT32 sequenceNumber; } FirmwareRead_In; // Output structure definition typedef struct { TPM2B_MAX_BUFFER fuData; } FirmwareRead_Out; // Response code modifiers #define RC_FirmwareRead_sequenceNumber (TPM_RC_P + TPM_RC_1) // Function prototype TPM_RC TPM2_FirmwareRead( FirmwareRead_In *in, FirmwareRead_Out *out ); #endif // _Firmware_Read_FP_H_ #endif // CC_FirmwareRead go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/FlushContext_fp.h000066400000000000000000000044541510276467000313520ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_FlushContext // Command must be enabled #ifndef _Flush_Context_FP_H_ #define _Flush_Context_FP_H_ // Input structure definition typedef struct { TPMI_DH_CONTEXT flushHandle; } FlushContext_In; // Response code modifiers #define RC_FlushContext_flushHandle (TPM_RC_P + TPM_RC_1) // Function prototype TPM_RC TPM2_FlushContext( FlushContext_In *in ); #endif // _Flush_Context_FP_H_ #endif // CC_FlushContext go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetCapability_fp.h000066400000000000000000000053241510276467000314420ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_GetCapability // Command must be enabled #ifndef _Get_Capability_FP_H_ #define _Get_Capability_FP_H_ // Input structure definition typedef struct { TPM_CAP capability; UINT32 property; UINT32 propertyCount; } GetCapability_In; // Output structure definition typedef struct { TPMI_YES_NO moreData; TPMS_CAPABILITY_DATA capabilityData; } GetCapability_Out; // Response code modifiers #define RC_GetCapability_capability (TPM_RC_P + TPM_RC_1) #define RC_GetCapability_property (TPM_RC_P + TPM_RC_2) #define RC_GetCapability_propertyCount (TPM_RC_P + TPM_RC_3) // Function prototype TPM_RC TPM2_GetCapability( GetCapability_In *in, GetCapability_Out *out ); #endif // _Get_Capability_FP_H_ #endif // CC_GetCapability go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetCommandAuditDigest_fp.h000066400000000000000000000057461510276467000330760ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_GetCommandAuditDigest // Command must be enabled #ifndef _Get_Command_Audit_Digest_FP_H_ #define _Get_Command_Audit_Digest_FP_H_ // Input structure definition typedef struct { TPMI_RH_ENDORSEMENT privacyHandle; TPMI_DH_OBJECT signHandle; TPM2B_DATA qualifyingData; TPMT_SIG_SCHEME inScheme; } GetCommandAuditDigest_In; // Output structure definition typedef struct { TPM2B_ATTEST auditInfo; TPMT_SIGNATURE signature; } GetCommandAuditDigest_Out; // Response code modifiers #define RC_GetCommandAuditDigest_privacyHandle (TPM_RC_H + TPM_RC_1) #define RC_GetCommandAuditDigest_signHandle (TPM_RC_H + TPM_RC_2) #define RC_GetCommandAuditDigest_qualifyingData (TPM_RC_P + TPM_RC_1) #define RC_GetCommandAuditDigest_inScheme (TPM_RC_P + TPM_RC_2) // Function prototype TPM_RC TPM2_GetCommandAuditDigest( GetCommandAuditDigest_In *in, GetCommandAuditDigest_Out *out ); #endif // _Get_Command_Audit_Digest_FP_H_ #endif // CC_GetCommandAuditDigest go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetRandom_fp.h000066400000000000000000000046651510276467000306100ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_GetRandom // Command must be enabled #ifndef _Get_Random_FP_H_ #define _Get_Random_FP_H_ // Input structure definition typedef struct { UINT16 bytesRequested; } GetRandom_In; // Output structure definition typedef struct { TPM2B_DIGEST randomBytes; } GetRandom_Out; // Response code modifiers #define RC_GetRandom_bytesRequested (TPM_RC_P + TPM_RC_1) // Function prototype TPM_RC TPM2_GetRandom( GetRandom_In *in, GetRandom_Out *out ); #endif // _Get_Random_FP_H_ #endif // CC_GetRandom go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetSessionAuditDigest_fp.h000066400000000000000000000061561510276467000331370ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_GetSessionAuditDigest // Command must be enabled #ifndef _Get_Session_Audit_Digest_FP_H_ #define _Get_Session_Audit_Digest_FP_H_ // Input structure definition typedef struct { TPMI_RH_ENDORSEMENT privacyAdminHandle; TPMI_DH_OBJECT signHandle; TPMI_SH_HMAC sessionHandle; TPM2B_DATA qualifyingData; TPMT_SIG_SCHEME inScheme; } GetSessionAuditDigest_In; // Output structure definition typedef struct { TPM2B_ATTEST auditInfo; TPMT_SIGNATURE signature; } GetSessionAuditDigest_Out; // Response code modifiers #define RC_GetSessionAuditDigest_privacyAdminHandle (TPM_RC_H + TPM_RC_1) #define RC_GetSessionAuditDigest_signHandle (TPM_RC_H + TPM_RC_2) #define RC_GetSessionAuditDigest_sessionHandle (TPM_RC_H + TPM_RC_3) #define RC_GetSessionAuditDigest_qualifyingData (TPM_RC_P + TPM_RC_1) #define RC_GetSessionAuditDigest_inScheme (TPM_RC_P + TPM_RC_2) // Function prototype TPM_RC TPM2_GetSessionAuditDigest( GetSessionAuditDigest_In *in, GetSessionAuditDigest_Out *out ); #endif // _Get_Session_Audit_Digest_FP_H_ #endif // CC_GetSessionAuditDigest go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetTestResult_fp.h000066400000000000000000000044131510276467000314750ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_GetTestResult // Command must be enabled #ifndef _Get_Test_Result_FP_H_ #define _Get_Test_Result_FP_H_ // Output structure definition typedef struct { TPM2B_MAX_BUFFER outData; TPM_RC testResult; } GetTestResult_Out; // Function prototype TPM_RC TPM2_GetTestResult( GetTestResult_Out *out ); #endif // _Get_Test_Result_FP_H_ #endif // CC_GetTestResult go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/GetTime_fp.h000066400000000000000000000054101510276467000302530ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_GetTime // Command must be enabled #ifndef _Get_Time_FP_H_ #define _Get_Time_FP_H_ // Input structure definition typedef struct { TPMI_RH_ENDORSEMENT privacyAdminHandle; TPMI_DH_OBJECT signHandle; TPM2B_DATA qualifyingData; TPMT_SIG_SCHEME inScheme; } GetTime_In; // Output structure definition typedef struct { TPM2B_ATTEST timeInfo; TPMT_SIGNATURE signature; } GetTime_Out; // Response code modifiers #define RC_GetTime_privacyAdminHandle (TPM_RC_H + TPM_RC_1) #define RC_GetTime_signHandle (TPM_RC_H + TPM_RC_2) #define RC_GetTime_qualifyingData (TPM_RC_P + TPM_RC_1) #define RC_GetTime_inScheme (TPM_RC_P + TPM_RC_2) // Function prototype TPM_RC TPM2_GetTime( GetTime_In *in, GetTime_Out *out ); #endif // _Get_Time_FP_H_ #endif // CC_GetTime go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HMAC_Start_fp.h000066400000000000000000000051601510276467000306040ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_HMAC_Start // Command must be enabled #ifndef _HMAC_Start_FP_H_ #define _HMAC_Start_FP_H_ // Input structure definition typedef struct { TPMI_DH_OBJECT handle; TPM2B_AUTH auth; TPMI_ALG_HASH hashAlg; } HMAC_Start_In; // Output structure definition typedef struct { TPMI_DH_OBJECT sequenceHandle; } HMAC_Start_Out; // Response code modifiers #define RC_HMAC_Start_handle (TPM_RC_H + TPM_RC_1) #define RC_HMAC_Start_auth (TPM_RC_P + TPM_RC_1) #define RC_HMAC_Start_hashAlg (TPM_RC_P + TPM_RC_2) // Function prototype TPM_RC TPM2_HMAC_Start( HMAC_Start_In *in, HMAC_Start_Out *out ); #endif // _HMAC_Start_FP_H_ #endif // CC_HMAC_Start go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HMAC_fp.h000066400000000000000000000050731510276467000274320ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_HMAC // Command must be enabled #ifndef _HMAC_FP_H_ #define _HMAC_FP_H_ // Input structure definition typedef struct { TPMI_DH_OBJECT handle; TPM2B_MAX_BUFFER buffer; TPMI_ALG_HASH hashAlg; } HMAC_In; // Output structure definition typedef struct { TPM2B_DIGEST outHMAC; } HMAC_Out; // Response code modifiers #define RC_HMAC_handle (TPM_RC_H + TPM_RC_1) #define RC_HMAC_buffer (TPM_RC_P + TPM_RC_1) #define RC_HMAC_hashAlg (TPM_RC_P + TPM_RC_2) // Function prototype TPM_RC TPM2_HMAC( HMAC_In *in, HMAC_Out *out ); #endif // _HMAC_FP_H_ #endif // CC_HMAC go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Handle_fp.h000066400000000000000000000072631510276467000301200ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Mar 28, 2019 Time: 08:25:19PM */ #ifndef _HANDLE_FP_H_ #define _HANDLE_FP_H_ //*** HandleGetType() // This function returns the type of a handle which is the MSO of the handle. TPM_HT HandleGetType( TPM_HANDLE handle // IN: a handle to be checked ); //*** NextPermanentHandle() // This function returns the permanent handle that is equal to the input value or // is the next higher value. If there is no handle with the input value and there // is no next higher value, it returns 0: TPM_HANDLE NextPermanentHandle( TPM_HANDLE inHandle // IN: the handle to check ); //*** PermanentCapGetHandles() // This function returns a list of the permanent handles of PCR, started from // 'handle'. If 'handle' is larger than the largest permanent handle, an empty list // will be returned with 'more' set to NO. // Return Type: TPMI_YES_NO // YES if there are more handles available // NO all the available handles has been returned TPMI_YES_NO PermanentCapGetHandles( TPM_HANDLE handle, // IN: start handle UINT32 count, // IN: count of returned handles TPML_HANDLE *handleList // OUT: list of handle ); //*** PermanentHandleGetPolicy() // This function returns a list of the permanent handles of PCR, started from // 'handle'. If 'handle' is larger than the largest permanent handle, an empty list // will be returned with 'more' set to NO. // Return Type: TPMI_YES_NO // YES if there are more handles available // NO all the available handles has been returned TPMI_YES_NO PermanentHandleGetPolicy( TPM_HANDLE handle, // IN: start handle UINT32 count, // IN: max count of returned handles TPML_TAGGED_POLICY *policyList // OUT: list of handle ); #endif // _HANDLE_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HashSequenceStart_fp.h000066400000000000000000000051561510276467000323160ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_HashSequenceStart // Command must be enabled #ifndef _Hash_Sequence_Start_FP_H_ #define _Hash_Sequence_Start_FP_H_ // Input structure definition typedef struct { TPM2B_AUTH auth; TPMI_ALG_HASH hashAlg; } HashSequenceStart_In; // Output structure definition typedef struct { TPMI_DH_OBJECT sequenceHandle; } HashSequenceStart_Out; // Response code modifiers #define RC_HashSequenceStart_auth (TPM_RC_P + TPM_RC_1) #define RC_HashSequenceStart_hashAlg (TPM_RC_P + TPM_RC_2) // Function prototype TPM_RC TPM2_HashSequenceStart( HashSequenceStart_In *in, HashSequenceStart_Out *out ); #endif // _Hash_Sequence_Start_FP_H_ #endif // CC_HashSequenceStart go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Hash_fp.h000066400000000000000000000051511510276467000276020ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_Hash // Command must be enabled #ifndef _Hash_FP_H_ #define _Hash_FP_H_ // Input structure definition typedef struct { TPM2B_MAX_BUFFER data; TPMI_ALG_HASH hashAlg; TPMI_RH_HIERARCHY hierarchy; } Hash_In; // Output structure definition typedef struct { TPM2B_DIGEST outHash; TPMT_TK_HASHCHECK validation; } Hash_Out; // Response code modifiers #define RC_Hash_data (TPM_RC_P + TPM_RC_1) #define RC_Hash_hashAlg (TPM_RC_P + TPM_RC_2) #define RC_Hash_hierarchy (TPM_RC_P + TPM_RC_3) // Function prototype TPM_RC TPM2_Hash( Hash_In *in, Hash_Out *out ); #endif // _Hash_FP_H_ #endif // CC_Hash go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HierarchyChangeAuth_fp.h000066400000000000000000000047341510276467000325730ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_HierarchyChangeAuth // Command must be enabled #ifndef _Hierarchy_Change_Auth_FP_H_ #define _Hierarchy_Change_Auth_FP_H_ // Input structure definition typedef struct { TPMI_RH_HIERARCHY_AUTH authHandle; TPM2B_AUTH newAuth; } HierarchyChangeAuth_In; // Response code modifiers #define RC_HierarchyChangeAuth_authHandle (TPM_RC_H + TPM_RC_1) #define RC_HierarchyChangeAuth_newAuth (TPM_RC_P + TPM_RC_1) // Function prototype TPM_RC TPM2_HierarchyChangeAuth( HierarchyChangeAuth_In *in ); #endif // _Hierarchy_Change_Auth_FP_H_ #endif // CC_HierarchyChangeAuth go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/HierarchyControl_fp.h000066400000000000000000000050221510276467000321730ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_HierarchyControl // Command must be enabled #ifndef _Hierarchy_Control_FP_H_ #define _Hierarchy_Control_FP_H_ // Input structure definition typedef struct { TPMI_RH_HIERARCHY authHandle; TPMI_RH_ENABLES enable; TPMI_YES_NO state; } HierarchyControl_In; // Response code modifiers #define RC_HierarchyControl_authHandle (TPM_RC_H + TPM_RC_1) #define RC_HierarchyControl_enable (TPM_RC_P + TPM_RC_1) #define RC_HierarchyControl_state (TPM_RC_P + TPM_RC_2) // Function prototype TPM_RC TPM2_HierarchyControl( HierarchyControl_In *in ); #endif // _Hierarchy_Control_FP_H_ #endif // CC_HierarchyControl go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Hierarchy_fp.h000066400000000000000000000063271510276467000306430ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Apr 2, 2019 Time: 04:23:27PM */ #ifndef _HIERARCHY_FP_H_ #define _HIERARCHY_FP_H_ //*** HierarchyPreInstall() // This function performs the initialization functions for the hierarchy // when the TPM is simulated. This function should not be called if the // TPM is not in a manufacturing mode at the manufacturer, or in a simulated // environment. void HierarchyPreInstall_Init( void ); //*** HierarchyStartup() // This function is called at TPM2_Startup() to initialize the hierarchy // related values. BOOL HierarchyStartup( STARTUP_TYPE type // IN: start up type ); //*** HierarchyGetProof() // This function finds the proof value associated with a hierarchy.It returns a // pointer to the proof value. TPM2B_PROOF * HierarchyGetProof( TPMI_RH_HIERARCHY hierarchy // IN: hierarchy constant ); //*** HierarchyGetPrimarySeed() // This function returns the primary seed of a hierarchy. TPM2B_SEED * HierarchyGetPrimarySeed( TPMI_RH_HIERARCHY hierarchy // IN: hierarchy ); //*** HierarchyIsEnabled() // This function checks to see if a hierarchy is enabled. // NOTE: The TPM_RH_NULL hierarchy is always enabled. // Return Type: BOOL // TRUE(1) hierarchy is enabled // FALSE(0) hierarchy is disabled BOOL HierarchyIsEnabled( TPMI_RH_HIERARCHY hierarchy // IN: hierarchy ); #endif // _HIERARCHY_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Import_fp.h000066400000000000000000000056141510276467000301750ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_Import // Command must be enabled #ifndef _Import_FP_H_ #define _Import_FP_H_ // Input structure definition typedef struct { TPMI_DH_OBJECT parentHandle; TPM2B_DATA encryptionKey; TPM2B_PUBLIC objectPublic; TPM2B_PRIVATE duplicate; TPM2B_ENCRYPTED_SECRET inSymSeed; TPMT_SYM_DEF_OBJECT symmetricAlg; } Import_In; // Output structure definition typedef struct { TPM2B_PRIVATE outPrivate; } Import_Out; // Response code modifiers #define RC_Import_parentHandle (TPM_RC_H + TPM_RC_1) #define RC_Import_encryptionKey (TPM_RC_P + TPM_RC_1) #define RC_Import_objectPublic (TPM_RC_P + TPM_RC_2) #define RC_Import_duplicate (TPM_RC_P + TPM_RC_3) #define RC_Import_inSymSeed (TPM_RC_P + TPM_RC_4) #define RC_Import_symmetricAlg (TPM_RC_P + TPM_RC_5) // Function prototype TPM_RC TPM2_Import( Import_In *in, Import_Out *out ); #endif // _Import_FP_H_ #endif // CC_Import go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/IncrementalSelfTest_fp.h000066400000000000000000000050211510276467000326260ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_IncrementalSelfTest // Command must be enabled #ifndef _Incremental_Self_Test_FP_H_ #define _Incremental_Self_Test_FP_H_ // Input structure definition typedef struct { TPML_ALG toTest; } IncrementalSelfTest_In; // Output structure definition typedef struct { TPML_ALG toDoList; } IncrementalSelfTest_Out; // Response code modifiers #define RC_IncrementalSelfTest_toTest (TPM_RC_P + TPM_RC_1) // Function prototype TPM_RC TPM2_IncrementalSelfTest( IncrementalSelfTest_In *in, IncrementalSelfTest_Out *out ); #endif // _Incremental_Self_Test_FP_H_ #endif // CC_IncrementalSelfTest go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/IoBuffers_fp.h000066400000000000000000000063321510276467000306050ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Mar 28, 2019 Time: 08:25:19PM */ #ifndef _IO_BUFFERS_FP_H_ #define _IO_BUFFERS_FP_H_ //*** MemoryIoBufferAllocationReset() // This function is used to reset the allocation of buffers. void MemoryIoBufferAllocationReset( void ); //*** MemoryIoBufferZero() // Function zeros the action I/O buffer at the end of a command. Calling this is // not mandatory for proper functionality. void MemoryIoBufferZero( void ); //*** MemoryGetInBuffer() // This function returns the address of the buffer into which the // command parameters will be unmarshaled in preparation for calling // the command actions. BYTE * MemoryGetInBuffer( UINT32 size // Size, in bytes, required for the input // unmarshaling ); //*** MemoryGetOutBuffer() // This function returns the address of the buffer into which the command // action code places its output values. BYTE * MemoryGetOutBuffer( UINT32 size // required size of the buffer ); //*** IsLabelProperlyFormatted() // This function checks that a label is a null-terminated string. // NOTE: this function is here because there was no better place for it. // Return Type: BOOL // TRUE(1) string is null terminated // FALSE(0) string is not null terminated BOOL IsLabelProperlyFormatted( TPM2B *x ); #endif // _IO_BUFFERS_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/LoadExternal_fp.h000066400000000000000000000052751510276467000313100ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_LoadExternal // Command must be enabled #ifndef _Load_External_FP_H_ #define _Load_External_FP_H_ // Input structure definition typedef struct { TPM2B_SENSITIVE inPrivate; TPM2B_PUBLIC inPublic; TPMI_RH_HIERARCHY hierarchy; } LoadExternal_In; // Output structure definition typedef struct { TPM_HANDLE objectHandle; TPM2B_NAME name; } LoadExternal_Out; // Response code modifiers #define RC_LoadExternal_inPrivate (TPM_RC_P + TPM_RC_1) #define RC_LoadExternal_inPublic (TPM_RC_P + TPM_RC_2) #define RC_LoadExternal_hierarchy (TPM_RC_P + TPM_RC_3) // Function prototype TPM_RC TPM2_LoadExternal( LoadExternal_In *in, LoadExternal_Out *out ); #endif // _Load_External_FP_H_ #endif // CC_LoadExternal go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Load_fp.h000066400000000000000000000051611510276467000275770ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_Load // Command must be enabled #ifndef _Load_FP_H_ #define _Load_FP_H_ // Input structure definition typedef struct { TPMI_DH_OBJECT parentHandle; TPM2B_PRIVATE inPrivate; TPM2B_PUBLIC inPublic; } Load_In; // Output structure definition typedef struct { TPM_HANDLE objectHandle; TPM2B_NAME name; } Load_Out; // Response code modifiers #define RC_Load_parentHandle (TPM_RC_H + TPM_RC_1) #define RC_Load_inPrivate (TPM_RC_P + TPM_RC_1) #define RC_Load_inPublic (TPM_RC_P + TPM_RC_2) // Function prototype TPM_RC TPM2_Load( Load_In *in, Load_Out *out ); #endif // _Load_FP_H_ #endif // CC_Load go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Locality_fp.h000066400000000000000000000043041510276467000304760ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Mar 28, 2019 Time: 08:25:19PM */ #ifndef _LOCALITY_FP_H_ #define _LOCALITY_FP_H_ //** LocalityGetAttributes() // This function will convert a locality expressed as an integer into // TPMA_LOCALITY form. // // The function returns the locality attribute. TPMA_LOCALITY LocalityGetAttributes( UINT8 locality // IN: locality value ); #endif // _LOCALITY_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/MAC_Start_fp.h000066400000000000000000000051511510276467000304740ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_MAC_Start // Command must be enabled #ifndef _MAC_Start_FP_H_ #define _MAC_Start_FP_H_ // Input structure definition typedef struct { TPMI_DH_OBJECT handle; TPM2B_AUTH auth; TPMI_ALG_MAC_SCHEME inScheme; } MAC_Start_In; // Output structure definition typedef struct { TPMI_DH_OBJECT sequenceHandle; } MAC_Start_Out; // Response code modifiers #define RC_MAC_Start_handle (TPM_RC_H + TPM_RC_1) #define RC_MAC_Start_auth (TPM_RC_P + TPM_RC_1) #define RC_MAC_Start_inScheme (TPM_RC_P + TPM_RC_2) // Function prototype TPM_RC TPM2_MAC_Start( MAC_Start_In *in, MAC_Start_Out *out ); #endif // _MAC_Start_FP_H_ #endif // CC_MAC_Start go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/MAC_fp.h000066400000000000000000000050631510276467000273210ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_MAC // Command must be enabled #ifndef _MAC_FP_H_ #define _MAC_FP_H_ // Input structure definition typedef struct { TPMI_DH_OBJECT handle; TPM2B_MAX_BUFFER buffer; TPMI_ALG_MAC_SCHEME inScheme; } MAC_In; // Output structure definition typedef struct { TPM2B_DIGEST outMAC; } MAC_Out; // Response code modifiers #define RC_MAC_handle (TPM_RC_H + TPM_RC_1) #define RC_MAC_buffer (TPM_RC_P + TPM_RC_1) #define RC_MAC_inScheme (TPM_RC_P + TPM_RC_2) // Function prototype TPM_RC TPM2_MAC( MAC_In *in, MAC_Out *out ); #endif // _MAC_FP_H_ #endif // CC_MAC go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/MakeCredential_fp.h000066400000000000000000000053311510276467000315670ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_MakeCredential // Command must be enabled #ifndef _Make_Credential_FP_H_ #define _Make_Credential_FP_H_ // Input structure definition typedef struct { TPMI_DH_OBJECT handle; TPM2B_DIGEST credential; TPM2B_NAME objectName; } MakeCredential_In; // Output structure definition typedef struct { TPM2B_ID_OBJECT credentialBlob; TPM2B_ENCRYPTED_SECRET secret; } MakeCredential_Out; // Response code modifiers #define RC_MakeCredential_handle (TPM_RC_H + TPM_RC_1) #define RC_MakeCredential_credential (TPM_RC_P + TPM_RC_1) #define RC_MakeCredential_objectName (TPM_RC_P + TPM_RC_2) // Function prototype TPM_RC TPM2_MakeCredential( MakeCredential_In *in, MakeCredential_Out *out ); #endif // _Make_Credential_FP_H_ #endif // CC_MakeCredential go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Manufacture_fp.h000066400000000000000000000063111510276467000311700ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Mar 28, 2019 Time: 08:25:19PM */ #ifndef _MANUFACTURE_FP_H_ #define _MANUFACTURE_FP_H_ //*** TPM_Manufacture() // This function initializes the TPM values in preparation for the TPM's first // use. This function will fail if previously called. The TPM can be re-manufactured // by calling TPM_Teardown() first and then calling this function again. // Return Type: int // 0 success // 1 manufacturing process previously performed LIB_EXPORT int TPM_Manufacture( int firstTime // IN: indicates if this is the first call from // main() ); //*** TPM_TearDown() // This function prepares the TPM for re-manufacture. It should not be implemented // in anything other than a simulated TPM. // // In this implementation, all that is needs is to stop the cryptographic units // and set a flag to indicate that the TPM can be re-manufactured. This should // be all that is necessary to start the manufacturing process again. // Return Type: int // 0 success // 1 TPM not previously manufactured LIB_EXPORT int TPM_TearDown( void ); //*** TpmEndSimulation() // This function is called at the end of the simulation run. It is used to provoke // printing of any statistics that might be needed. LIB_EXPORT void TpmEndSimulation( void ); #endif // _MANUFACTURE_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Marshal_fp.h000066400000000000000000002720111510276467000303070ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmMarshal; Version 4.1 Dec 10, 2018 * Date: Apr 2, 2019 Time: 11:00:48AM */ #ifndef _MARSHAL_FP_H_ #define _MARSHAL_FP_H_ // Table 2:3 - Definition of Base Types // UINT8 definition from table 2:3 TPM_RC UINT8_Unmarshal(UINT8 *target, BYTE **buffer, INT32 *size); UINT16 UINT8_Marshal(UINT8 *source, BYTE **buffer, INT32 *size); // BYTE definition from table 2:3 #if !USE_MARSHALING_DEFINES TPM_RC BYTE_Unmarshal(BYTE *target, BYTE **buffer, INT32 *size); #else #define BYTE_Unmarshal(target, buffer, size) \ UINT8_Unmarshal((UINT8 *)(target), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES UINT16 BYTE_Marshal(BYTE *source, BYTE **buffer, INT32 *size); #else #define BYTE_Marshal(source, buffer, size) \ UINT8_Marshal((UINT8 *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // INT8 definition from table 2:3 #if !USE_MARSHALING_DEFINES TPM_RC INT8_Unmarshal(INT8 *target, BYTE **buffer, INT32 *size); #else #define INT8_Unmarshal(target, buffer, size) \ UINT8_Unmarshal((UINT8 *)(target), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES UINT16 INT8_Marshal(INT8 *source, BYTE **buffer, INT32 *size); #else #define INT8_Marshal(source, buffer, size) \ UINT8_Marshal((UINT8 *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // UINT16 definition from table 2:3 TPM_RC UINT16_Unmarshal(UINT16 *target, BYTE **buffer, INT32 *size); UINT16 UINT16_Marshal(UINT16 *source, BYTE **buffer, INT32 *size); // INT16 definition from table 2:3 #if !USE_MARSHALING_DEFINES TPM_RC INT16_Unmarshal(INT16 *target, BYTE **buffer, INT32 *size); #else #define INT16_Unmarshal(target, buffer, size) \ UINT16_Unmarshal((UINT16 *)(target), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES UINT16 INT16_Marshal(INT16 *source, BYTE **buffer, INT32 *size); #else #define INT16_Marshal(source, buffer, size) \ UINT16_Marshal((UINT16 *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // UINT32 definition from table 2:3 TPM_RC UINT32_Unmarshal(UINT32 *target, BYTE **buffer, INT32 *size); UINT16 UINT32_Marshal(UINT32 *source, BYTE **buffer, INT32 *size); // INT32 definition from table 2:3 #if !USE_MARSHALING_DEFINES TPM_RC INT32_Unmarshal(INT32 *target, BYTE **buffer, INT32 *size); #else #define INT32_Unmarshal(target, buffer, size) \ UINT32_Unmarshal((UINT32 *)(target), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES UINT16 INT32_Marshal(INT32 *source, BYTE **buffer, INT32 *size); #else #define INT32_Marshal(source, buffer, size) \ UINT32_Marshal((UINT32 *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // UINT64 definition from table 2:3 TPM_RC UINT64_Unmarshal(UINT64 *target, BYTE **buffer, INT32 *size); UINT16 UINT64_Marshal(UINT64 *source, BYTE **buffer, INT32 *size); // INT64 definition from table 2:3 #if !USE_MARSHALING_DEFINES TPM_RC INT64_Unmarshal(INT64 *target, BYTE **buffer, INT32 *size); #else #define INT64_Unmarshal(target, buffer, size) \ UINT64_Unmarshal((UINT64 *)(target), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES UINT16 INT64_Marshal(INT64 *source, BYTE **buffer, INT32 *size); #else #define INT64_Marshal(source, buffer, size) \ UINT64_Marshal((UINT64 *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // Table 2:4 - Defines for Logic Values // Table 2:5 - Definition of Types for Documentation Clarity #if !USE_MARSHALING_DEFINES TPM_RC TPM_ALGORITHM_ID_Unmarshal(TPM_ALGORITHM_ID *target, BYTE **buffer, INT32 *size); #else #define TPM_ALGORITHM_ID_Unmarshal(target, buffer, size) \ UINT32_Unmarshal((UINT32 *)(target), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES UINT16 TPM_ALGORITHM_ID_Marshal(TPM_ALGORITHM_ID *source, BYTE **buffer, INT32 *size); #else #define TPM_ALGORITHM_ID_Marshal(source, buffer, size) \ UINT32_Marshal((UINT32 *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES TPM_RC TPM_MODIFIER_INDICATOR_Unmarshal(TPM_MODIFIER_INDICATOR *target, BYTE **buffer, INT32 *size); #else #define TPM_MODIFIER_INDICATOR_Unmarshal(target, buffer, size) \ UINT32_Unmarshal((UINT32 *)(target), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES UINT16 TPM_MODIFIER_INDICATOR_Marshal(TPM_MODIFIER_INDICATOR *source, BYTE **buffer, INT32 *size); #else #define TPM_MODIFIER_INDICATOR_Marshal(source, buffer, size) \ UINT32_Marshal((UINT32 *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES TPM_RC TPM_AUTHORIZATION_SIZE_Unmarshal(TPM_AUTHORIZATION_SIZE *target, BYTE **buffer, INT32 *size); #else #define TPM_AUTHORIZATION_SIZE_Unmarshal(target, buffer, size) \ UINT32_Unmarshal((UINT32 *)(target), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES UINT16 TPM_AUTHORIZATION_SIZE_Marshal(TPM_AUTHORIZATION_SIZE *source, BYTE **buffer, INT32 *size); #else #define TPM_AUTHORIZATION_SIZE_Marshal(source, buffer, size) \ UINT32_Marshal((UINT32 *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES TPM_RC TPM_PARAMETER_SIZE_Unmarshal(TPM_PARAMETER_SIZE *target, BYTE **buffer, INT32 *size); #else #define TPM_PARAMETER_SIZE_Unmarshal(target, buffer, size) \ UINT32_Unmarshal((UINT32 *)(target), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES UINT16 TPM_PARAMETER_SIZE_Marshal(TPM_PARAMETER_SIZE *source, BYTE **buffer, INT32 *size); #else #define TPM_PARAMETER_SIZE_Marshal(source, buffer, size) \ UINT32_Marshal((UINT32 *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES TPM_RC TPM_KEY_SIZE_Unmarshal(TPM_KEY_SIZE *target, BYTE **buffer, INT32 *size); #else #define TPM_KEY_SIZE_Unmarshal(target, buffer, size) \ UINT16_Unmarshal((UINT16 *)(target), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES UINT16 TPM_KEY_SIZE_Marshal(TPM_KEY_SIZE *source, BYTE **buffer, INT32 *size); #else #define TPM_KEY_SIZE_Marshal(source, buffer, size) \ UINT16_Marshal((UINT16 *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES TPM_RC TPM_KEY_BITS_Unmarshal(TPM_KEY_BITS *target, BYTE **buffer, INT32 *size); #else #define TPM_KEY_BITS_Unmarshal(target, buffer, size) \ UINT16_Unmarshal((UINT16 *)(target), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES UINT16 TPM_KEY_BITS_Marshal(TPM_KEY_BITS *source, BYTE **buffer, INT32 *size); #else #define TPM_KEY_BITS_Marshal(source, buffer, size) \ UINT16_Marshal((UINT16 *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // Table 2:6 - Definition of TPM_SPEC Constants // Table 2:7 - Definition of TPM_GENERATED Constants #if !USE_MARSHALING_DEFINES UINT16 TPM_GENERATED_Marshal(TPM_GENERATED *source, BYTE **buffer, INT32 *size); #else #define TPM_GENERATED_Marshal(source, buffer, size) \ UINT32_Marshal((UINT32 *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // Table 2:9 - Definition of TPM_ALG_ID Constants #if !USE_MARSHALING_DEFINES TPM_RC TPM_ALG_ID_Unmarshal(TPM_ALG_ID *target, BYTE **buffer, INT32 *size); #else #define TPM_ALG_ID_Unmarshal(target, buffer, size) \ UINT16_Unmarshal((UINT16 *)(target), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES UINT16 TPM_ALG_ID_Marshal(TPM_ALG_ID *source, BYTE **buffer, INT32 *size); #else #define TPM_ALG_ID_Marshal(source, buffer, size) \ UINT16_Marshal((UINT16 *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // Table 2:10 - Definition of TPM_ECC_CURVE Constants #if ALG_ECC TPM_RC TPM_ECC_CURVE_Unmarshal(TPM_ECC_CURVE *target, BYTE **buffer, INT32 *size); #if !USE_MARSHALING_DEFINES UINT16 TPM_ECC_CURVE_Marshal(TPM_ECC_CURVE *source, BYTE **buffer, INT32 *size); #else #define TPM_ECC_CURVE_Marshal(source, buffer, size) \ UINT16_Marshal((UINT16 *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES #endif // ALG_ECC // Table 2:12 - Definition of TPM_CC Constants #if !USE_MARSHALING_DEFINES TPM_RC TPM_CC_Unmarshal(TPM_CC *target, BYTE **buffer, INT32 *size); #else #define TPM_CC_Unmarshal(target, buffer, size) \ UINT32_Unmarshal((UINT32 *)(target), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES UINT16 TPM_CC_Marshal(TPM_CC *source, BYTE **buffer, INT32 *size); #else #define TPM_CC_Marshal(source, buffer, size) \ UINT32_Marshal((UINT32 *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // Table 2:16 - Definition of TPM_RC Constants #if !USE_MARSHALING_DEFINES UINT16 TPM_RC_Marshal(TPM_RC *source, BYTE **buffer, INT32 *size); #else #define TPM_RC_Marshal(source, buffer, size) \ UINT32_Marshal((UINT32 *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // Table 2:17 - Definition of TPM_CLOCK_ADJUST Constants TPM_RC TPM_CLOCK_ADJUST_Unmarshal(TPM_CLOCK_ADJUST *target, BYTE **buffer, INT32 *size); // Table 2:18 - Definition of TPM_EO Constants TPM_RC TPM_EO_Unmarshal(TPM_EO *target, BYTE **buffer, INT32 *size); #if !USE_MARSHALING_DEFINES UINT16 TPM_EO_Marshal(TPM_EO *source, BYTE **buffer, INT32 *size); #else #define TPM_EO_Marshal(source, buffer, size) \ UINT16_Marshal((UINT16 *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // Table 2:19 - Definition of TPM_ST Constants #if !USE_MARSHALING_DEFINES TPM_RC TPM_ST_Unmarshal(TPM_ST *target, BYTE **buffer, INT32 *size); #else #define TPM_ST_Unmarshal(target, buffer, size) \ UINT16_Unmarshal((UINT16 *)(target), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES UINT16 TPM_ST_Marshal(TPM_ST *source, BYTE **buffer, INT32 *size); #else #define TPM_ST_Marshal(source, buffer, size) \ UINT16_Marshal((UINT16 *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // Table 2:20 - Definition of TPM_SU Constants TPM_RC TPM_SU_Unmarshal(TPM_SU *target, BYTE **buffer, INT32 *size); // Table 2:21 - Definition of TPM_SE Constants TPM_RC TPM_SE_Unmarshal(TPM_SE *target, BYTE **buffer, INT32 *size); // Table 2:22 - Definition of TPM_CAP Constants TPM_RC TPM_CAP_Unmarshal(TPM_CAP *target, BYTE **buffer, INT32 *size); #if !USE_MARSHALING_DEFINES UINT16 TPM_CAP_Marshal(TPM_CAP *source, BYTE **buffer, INT32 *size); #else #define TPM_CAP_Marshal(source, buffer, size) \ UINT32_Marshal((UINT32 *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // Table 2:23 - Definition of TPM_PT Constants #if !USE_MARSHALING_DEFINES TPM_RC TPM_PT_Unmarshal(TPM_PT *target, BYTE **buffer, INT32 *size); #else #define TPM_PT_Unmarshal(target, buffer, size) \ UINT32_Unmarshal((UINT32 *)(target), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES UINT16 TPM_PT_Marshal(TPM_PT *source, BYTE **buffer, INT32 *size); #else #define TPM_PT_Marshal(source, buffer, size) \ UINT32_Marshal((UINT32 *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // Table 2:24 - Definition of TPM_PT_PCR Constants #if !USE_MARSHALING_DEFINES TPM_RC TPM_PT_PCR_Unmarshal(TPM_PT_PCR *target, BYTE **buffer, INT32 *size); #else #define TPM_PT_PCR_Unmarshal(target, buffer, size) \ UINT32_Unmarshal((UINT32 *)(target), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES UINT16 TPM_PT_PCR_Marshal(TPM_PT_PCR *source, BYTE **buffer, INT32 *size); #else #define TPM_PT_PCR_Marshal(source, buffer, size) \ UINT32_Marshal((UINT32 *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // Table 2:25 - Definition of TPM_PS Constants #if !USE_MARSHALING_DEFINES UINT16 TPM_PS_Marshal(TPM_PS *source, BYTE **buffer, INT32 *size); #else #define TPM_PS_Marshal(source, buffer, size) \ UINT32_Marshal((UINT32 *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // Table 2:26 - Definition of Types for Handles #if !USE_MARSHALING_DEFINES TPM_RC TPM_HANDLE_Unmarshal(TPM_HANDLE *target, BYTE **buffer, INT32 *size); #else #define TPM_HANDLE_Unmarshal(target, buffer, size) \ UINT32_Unmarshal((UINT32 *)(target), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES UINT16 TPM_HANDLE_Marshal(TPM_HANDLE *source, BYTE **buffer, INT32 *size); #else #define TPM_HANDLE_Marshal(source, buffer, size) \ UINT32_Marshal((UINT32 *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // Table 2:27 - Definition of TPM_HT Constants #if !USE_MARSHALING_DEFINES TPM_RC TPM_HT_Unmarshal(TPM_HT *target, BYTE **buffer, INT32 *size); #else #define TPM_HT_Unmarshal(target, buffer, size) \ UINT8_Unmarshal((UINT8 *)(target), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES UINT16 TPM_HT_Marshal(TPM_HT *source, BYTE **buffer, INT32 *size); #else #define TPM_HT_Marshal(source, buffer, size) \ UINT8_Marshal((UINT8 *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // Table 2:28 - Definition of TPM_RH Constants #if !USE_MARSHALING_DEFINES TPM_RC TPM_RH_Unmarshal(TPM_RH *target, BYTE **buffer, INT32 *size); #else #define TPM_RH_Unmarshal(target, buffer, size) \ TPM_HANDLE_Unmarshal((TPM_HANDLE *)(target), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES UINT16 TPM_RH_Marshal(TPM_RH *source, BYTE **buffer, INT32 *size); #else #define TPM_RH_Marshal(source, buffer, size) \ TPM_HANDLE_Marshal((TPM_HANDLE *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // Table 2:29 - Definition of TPM_HC Constants #if !USE_MARSHALING_DEFINES TPM_RC TPM_HC_Unmarshal(TPM_HC *target, BYTE **buffer, INT32 *size); #else #define TPM_HC_Unmarshal(target, buffer, size) \ TPM_HANDLE_Unmarshal((TPM_HANDLE *)(target), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES UINT16 TPM_HC_Marshal(TPM_HC *source, BYTE **buffer, INT32 *size); #else #define TPM_HC_Marshal(source, buffer, size) \ TPM_HANDLE_Marshal((TPM_HANDLE *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // Table 2:30 - Definition of TPMA_ALGORITHM Bits TPM_RC TPMA_ALGORITHM_Unmarshal(TPMA_ALGORITHM *target, BYTE **buffer, INT32 *size); #if !USE_MARSHALING_DEFINES UINT16 TPMA_ALGORITHM_Marshal(TPMA_ALGORITHM *source, BYTE **buffer, INT32 *size); #else #define TPMA_ALGORITHM_Marshal(source, buffer, size) \ UINT32_Marshal((UINT32 *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // Table 2:31 - Definition of TPMA_OBJECT Bits TPM_RC TPMA_OBJECT_Unmarshal(TPMA_OBJECT *target, BYTE **buffer, INT32 *size); #if !USE_MARSHALING_DEFINES UINT16 TPMA_OBJECT_Marshal(TPMA_OBJECT *source, BYTE **buffer, INT32 *size); #else #define TPMA_OBJECT_Marshal(source, buffer, size) \ UINT32_Marshal((UINT32 *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // Table 2:32 - Definition of TPMA_SESSION Bits TPM_RC TPMA_SESSION_Unmarshal(TPMA_SESSION *target, BYTE **buffer, INT32 *size); #if !USE_MARSHALING_DEFINES UINT16 TPMA_SESSION_Marshal(TPMA_SESSION *source, BYTE **buffer, INT32 *size); #else #define TPMA_SESSION_Marshal(source, buffer, size) \ UINT8_Marshal((UINT8 *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // Table 2:33 - Definition of TPMA_LOCALITY Bits #if !USE_MARSHALING_DEFINES TPM_RC TPMA_LOCALITY_Unmarshal(TPMA_LOCALITY *target, BYTE **buffer, INT32 *size); #else #define TPMA_LOCALITY_Unmarshal(target, buffer, size) \ UINT8_Unmarshal((UINT8 *)(target), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES UINT16 TPMA_LOCALITY_Marshal(TPMA_LOCALITY *source, BYTE **buffer, INT32 *size); #else #define TPMA_LOCALITY_Marshal(source, buffer, size) \ UINT8_Marshal((UINT8 *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // Table 2:34 - Definition of TPMA_PERMANENT Bits #if !USE_MARSHALING_DEFINES UINT16 TPMA_PERMANENT_Marshal(TPMA_PERMANENT *source, BYTE **buffer, INT32 *size); #else #define TPMA_PERMANENT_Marshal(source, buffer, size) \ UINT32_Marshal((UINT32 *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // Table 2:35 - Definition of TPMA_STARTUP_CLEAR Bits #if !USE_MARSHALING_DEFINES UINT16 TPMA_STARTUP_CLEAR_Marshal(TPMA_STARTUP_CLEAR *source, BYTE **buffer, INT32 *size); #else #define TPMA_STARTUP_CLEAR_Marshal(source, buffer, size) \ UINT32_Marshal((UINT32 *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // Table 2:36 - Definition of TPMA_MEMORY Bits #if !USE_MARSHALING_DEFINES UINT16 TPMA_MEMORY_Marshal(TPMA_MEMORY *source, BYTE **buffer, INT32 *size); #else #define TPMA_MEMORY_Marshal(source, buffer, size) \ UINT32_Marshal((UINT32 *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // Table 2:37 - Definition of TPMA_CC Bits #if !USE_MARSHALING_DEFINES UINT16 TPMA_CC_Marshal(TPMA_CC *source, BYTE **buffer, INT32 *size); #else #define TPMA_CC_Marshal(source, buffer, size) \ TPM_CC_Marshal((TPM_CC *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // Table 2:38 - Definition of TPMA_MODES Bits #if !USE_MARSHALING_DEFINES UINT16 TPMA_MODES_Marshal(TPMA_MODES *source, BYTE **buffer, INT32 *size); #else #define TPMA_MODES_Marshal(source, buffer, size) \ UINT32_Marshal((UINT32 *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // Table 2:39 - Definition of TPMA_X509_KEY_USAGE Bits #if !USE_MARSHALING_DEFINES UINT16 TPMA_X509_KEY_USAGE_Marshal(TPMA_X509_KEY_USAGE *source, BYTE **buffer, INT32 *size); #else #define TPMA_X509_KEY_USAGE_Marshal(source, buffer, size) \ UINT32_Marshal((UINT32 *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // Table 2:40 - Definition of TPMI_YES_NO Type TPM_RC TPMI_YES_NO_Unmarshal(TPMI_YES_NO *target, BYTE **buffer, INT32 *size); #if !USE_MARSHALING_DEFINES UINT16 TPMI_YES_NO_Marshal(TPMI_YES_NO *source, BYTE **buffer, INT32 *size); #else #define TPMI_YES_NO_Marshal(source, buffer, size) \ BYTE_Marshal((BYTE *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // Table 2:41 - Definition of TPMI_DH_OBJECT Type TPM_RC TPMI_DH_OBJECT_Unmarshal(TPMI_DH_OBJECT *target, BYTE **buffer, INT32 *size, BOOL flag); #if !USE_MARSHALING_DEFINES UINT16 TPMI_DH_OBJECT_Marshal(TPMI_DH_OBJECT *source, BYTE **buffer, INT32 *size); #else #define TPMI_DH_OBJECT_Marshal(source, buffer, size) \ TPM_HANDLE_Marshal((TPM_HANDLE *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // Table 2:42 - Definition of TPMI_DH_PARENT Type TPM_RC TPMI_DH_PARENT_Unmarshal(TPMI_DH_PARENT *target, BYTE **buffer, INT32 *size, BOOL flag); #if !USE_MARSHALING_DEFINES UINT16 TPMI_DH_PARENT_Marshal(TPMI_DH_PARENT *source, BYTE **buffer, INT32 *size); #else #define TPMI_DH_PARENT_Marshal(source, buffer, size) \ TPM_HANDLE_Marshal((TPM_HANDLE *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // Table 2:43 - Definition of TPMI_DH_PERSISTENT Type TPM_RC TPMI_DH_PERSISTENT_Unmarshal(TPMI_DH_PERSISTENT *target, BYTE **buffer, INT32 *size); #if !USE_MARSHALING_DEFINES UINT16 TPMI_DH_PERSISTENT_Marshal(TPMI_DH_PERSISTENT *source, BYTE **buffer, INT32 *size); #else #define TPMI_DH_PERSISTENT_Marshal(source, buffer, size) \ TPM_HANDLE_Marshal((TPM_HANDLE *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // Table 2:44 - Definition of TPMI_DH_ENTITY Type TPM_RC TPMI_DH_ENTITY_Unmarshal(TPMI_DH_ENTITY *target, BYTE **buffer, INT32 *size, BOOL flag); // Table 2:45 - Definition of TPMI_DH_PCR Type TPM_RC TPMI_DH_PCR_Unmarshal(TPMI_DH_PCR *target, BYTE **buffer, INT32 *size, BOOL flag); // Table 2:46 - Definition of TPMI_SH_AUTH_SESSION Type TPM_RC TPMI_SH_AUTH_SESSION_Unmarshal(TPMI_SH_AUTH_SESSION *target, BYTE **buffer, INT32 *size, BOOL flag); #if !USE_MARSHALING_DEFINES UINT16 TPMI_SH_AUTH_SESSION_Marshal(TPMI_SH_AUTH_SESSION *source, BYTE **buffer, INT32 *size); #else #define TPMI_SH_AUTH_SESSION_Marshal(source, buffer, size) \ TPM_HANDLE_Marshal((TPM_HANDLE *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // Table 2:47 - Definition of TPMI_SH_HMAC Type TPM_RC TPMI_SH_HMAC_Unmarshal(TPMI_SH_HMAC *target, BYTE **buffer, INT32 *size); #if !USE_MARSHALING_DEFINES UINT16 TPMI_SH_HMAC_Marshal(TPMI_SH_HMAC *source, BYTE **buffer, INT32 *size); #else #define TPMI_SH_HMAC_Marshal(source, buffer, size) \ TPM_HANDLE_Marshal((TPM_HANDLE *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // Table 2:48 - Definition of TPMI_SH_POLICY Type TPM_RC TPMI_SH_POLICY_Unmarshal(TPMI_SH_POLICY *target, BYTE **buffer, INT32 *size); #if !USE_MARSHALING_DEFINES UINT16 TPMI_SH_POLICY_Marshal(TPMI_SH_POLICY *source, BYTE **buffer, INT32 *size); #else #define TPMI_SH_POLICY_Marshal(source, buffer, size) \ TPM_HANDLE_Marshal((TPM_HANDLE *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // Table 2:49 - Definition of TPMI_DH_CONTEXT Type TPM_RC TPMI_DH_CONTEXT_Unmarshal(TPMI_DH_CONTEXT *target, BYTE **buffer, INT32 *size); #if !USE_MARSHALING_DEFINES UINT16 TPMI_DH_CONTEXT_Marshal(TPMI_DH_CONTEXT *source, BYTE **buffer, INT32 *size); #else #define TPMI_DH_CONTEXT_Marshal(source, buffer, size) \ TPM_HANDLE_Marshal((TPM_HANDLE *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // Table 2:50 - Definition of TPMI_DH_SAVED Type TPM_RC TPMI_DH_SAVED_Unmarshal(TPMI_DH_SAVED *target, BYTE **buffer, INT32 *size); #if !USE_MARSHALING_DEFINES UINT16 TPMI_DH_SAVED_Marshal(TPMI_DH_SAVED *source, BYTE **buffer, INT32 *size); #else #define TPMI_DH_SAVED_Marshal(source, buffer, size) \ TPM_HANDLE_Marshal((TPM_HANDLE *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // Table 2:51 - Definition of TPMI_RH_HIERARCHY Type TPM_RC TPMI_RH_HIERARCHY_Unmarshal(TPMI_RH_HIERARCHY *target, BYTE **buffer, INT32 *size, BOOL flag); #if !USE_MARSHALING_DEFINES UINT16 TPMI_RH_HIERARCHY_Marshal(TPMI_RH_HIERARCHY *source, BYTE **buffer, INT32 *size); #else #define TPMI_RH_HIERARCHY_Marshal(source, buffer, size) \ TPM_HANDLE_Marshal((TPM_HANDLE *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // Table 2:52 - Definition of TPMI_RH_ENABLES Type TPM_RC TPMI_RH_ENABLES_Unmarshal(TPMI_RH_ENABLES *target, BYTE **buffer, INT32 *size, BOOL flag); #if !USE_MARSHALING_DEFINES UINT16 TPMI_RH_ENABLES_Marshal(TPMI_RH_ENABLES *source, BYTE **buffer, INT32 *size); #else #define TPMI_RH_ENABLES_Marshal(source, buffer, size) \ TPM_HANDLE_Marshal((TPM_HANDLE *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // Table 2:53 - Definition of TPMI_RH_HIERARCHY_AUTH Type TPM_RC TPMI_RH_HIERARCHY_AUTH_Unmarshal(TPMI_RH_HIERARCHY_AUTH *target, BYTE **buffer, INT32 *size); // Table 2:54 - Definition of TPMI_RH_PLATFORM Type TPM_RC TPMI_RH_PLATFORM_Unmarshal(TPMI_RH_PLATFORM *target, BYTE **buffer, INT32 *size); // Table 2:55 - Definition of TPMI_RH_OWNER Type TPM_RC TPMI_RH_OWNER_Unmarshal(TPMI_RH_OWNER *target, BYTE **buffer, INT32 *size, BOOL flag); // Table 2:56 - Definition of TPMI_RH_ENDORSEMENT Type TPM_RC TPMI_RH_ENDORSEMENT_Unmarshal(TPMI_RH_ENDORSEMENT *target, BYTE **buffer, INT32 *size, BOOL flag); // Table 2:57 - Definition of TPMI_RH_PROVISION Type TPM_RC TPMI_RH_PROVISION_Unmarshal(TPMI_RH_PROVISION *target, BYTE **buffer, INT32 *size); // Table 2:58 - Definition of TPMI_RH_CLEAR Type TPM_RC TPMI_RH_CLEAR_Unmarshal(TPMI_RH_CLEAR *target, BYTE **buffer, INT32 *size); // Table 2:59 - Definition of TPMI_RH_NV_AUTH Type TPM_RC TPMI_RH_NV_AUTH_Unmarshal(TPMI_RH_NV_AUTH *target, BYTE **buffer, INT32 *size); // Table 2:60 - Definition of TPMI_RH_LOCKOUT Type TPM_RC TPMI_RH_LOCKOUT_Unmarshal(TPMI_RH_LOCKOUT *target, BYTE **buffer, INT32 *size); // Table 2:61 - Definition of TPMI_RH_NV_INDEX Type TPM_RC TPMI_RH_NV_INDEX_Unmarshal(TPMI_RH_NV_INDEX *target, BYTE **buffer, INT32 *size); #if !USE_MARSHALING_DEFINES UINT16 TPMI_RH_NV_INDEX_Marshal(TPMI_RH_NV_INDEX *source, BYTE **buffer, INT32 *size); #else #define TPMI_RH_NV_INDEX_Marshal(source, buffer, size) \ TPM_HANDLE_Marshal((TPM_HANDLE *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // Table 2:62 - Definition of TPMI_RH_AC Type TPM_RC TPMI_RH_AC_Unmarshal(TPMI_RH_AC *target, BYTE **buffer, INT32 *size); // Table 2:63 - Definition of TPMI_ALG_HASH Type TPM_RC TPMI_ALG_HASH_Unmarshal(TPMI_ALG_HASH *target, BYTE **buffer, INT32 *size, BOOL flag); #if !USE_MARSHALING_DEFINES UINT16 TPMI_ALG_HASH_Marshal(TPMI_ALG_HASH *source, BYTE **buffer, INT32 *size); #else #define TPMI_ALG_HASH_Marshal(source, buffer, size) \ TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // Table 2:64 - Definition of TPMI_ALG_ASYM Type TPM_RC TPMI_ALG_ASYM_Unmarshal(TPMI_ALG_ASYM *target, BYTE **buffer, INT32 *size, BOOL flag); #if !USE_MARSHALING_DEFINES UINT16 TPMI_ALG_ASYM_Marshal(TPMI_ALG_ASYM *source, BYTE **buffer, INT32 *size); #else #define TPMI_ALG_ASYM_Marshal(source, buffer, size) \ TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // Table 2:65 - Definition of TPMI_ALG_SYM Type TPM_RC TPMI_ALG_SYM_Unmarshal(TPMI_ALG_SYM *target, BYTE **buffer, INT32 *size, BOOL flag); #if !USE_MARSHALING_DEFINES UINT16 TPMI_ALG_SYM_Marshal(TPMI_ALG_SYM *source, BYTE **buffer, INT32 *size); #else #define TPMI_ALG_SYM_Marshal(source, buffer, size) \ TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // Table 2:66 - Definition of TPMI_ALG_SYM_OBJECT Type TPM_RC TPMI_ALG_SYM_OBJECT_Unmarshal(TPMI_ALG_SYM_OBJECT *target, BYTE **buffer, INT32 *size, BOOL flag); #if !USE_MARSHALING_DEFINES UINT16 TPMI_ALG_SYM_OBJECT_Marshal(TPMI_ALG_SYM_OBJECT *source, BYTE **buffer, INT32 *size); #else #define TPMI_ALG_SYM_OBJECT_Marshal(source, buffer, size) \ TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // Table 2:67 - Definition of TPMI_ALG_SYM_MODE Type TPM_RC TPMI_ALG_SYM_MODE_Unmarshal(TPMI_ALG_SYM_MODE *target, BYTE **buffer, INT32 *size, BOOL flag); #if !USE_MARSHALING_DEFINES UINT16 TPMI_ALG_SYM_MODE_Marshal(TPMI_ALG_SYM_MODE *source, BYTE **buffer, INT32 *size); #else #define TPMI_ALG_SYM_MODE_Marshal(source, buffer, size) \ TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // Table 2:68 - Definition of TPMI_ALG_KDF Type TPM_RC TPMI_ALG_KDF_Unmarshal(TPMI_ALG_KDF *target, BYTE **buffer, INT32 *size, BOOL flag); #if !USE_MARSHALING_DEFINES UINT16 TPMI_ALG_KDF_Marshal(TPMI_ALG_KDF *source, BYTE **buffer, INT32 *size); #else #define TPMI_ALG_KDF_Marshal(source, buffer, size) \ TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // Table 2:69 - Definition of TPMI_ALG_SIG_SCHEME Type TPM_RC TPMI_ALG_SIG_SCHEME_Unmarshal(TPMI_ALG_SIG_SCHEME *target, BYTE **buffer, INT32 *size, BOOL flag); #if !USE_MARSHALING_DEFINES UINT16 TPMI_ALG_SIG_SCHEME_Marshal(TPMI_ALG_SIG_SCHEME *source, BYTE **buffer, INT32 *size); #else #define TPMI_ALG_SIG_SCHEME_Marshal(source, buffer, size) \ TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // Table 2:70 - Definition of TPMI_ECC_KEY_EXCHANGE Type #if ALG_ECC TPM_RC TPMI_ECC_KEY_EXCHANGE_Unmarshal(TPMI_ECC_KEY_EXCHANGE *target, BYTE **buffer, INT32 *size, BOOL flag); #if !USE_MARSHALING_DEFINES UINT16 TPMI_ECC_KEY_EXCHANGE_Marshal(TPMI_ECC_KEY_EXCHANGE *source, BYTE **buffer, INT32 *size); #else #define TPMI_ECC_KEY_EXCHANGE_Marshal(source, buffer, size) \ TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES #endif // ALG_ECC // Table 2:71 - Definition of TPMI_ST_COMMAND_TAG Type TPM_RC TPMI_ST_COMMAND_TAG_Unmarshal(TPMI_ST_COMMAND_TAG *target, BYTE **buffer, INT32 *size); #if !USE_MARSHALING_DEFINES UINT16 TPMI_ST_COMMAND_TAG_Marshal(TPMI_ST_COMMAND_TAG *source, BYTE **buffer, INT32 *size); #else #define TPMI_ST_COMMAND_TAG_Marshal(source, buffer, size) \ TPM_ST_Marshal((TPM_ST *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // Table 2:72 - Definition of TPMI_ALG_MAC_SCHEME Type TPM_RC TPMI_ALG_MAC_SCHEME_Unmarshal(TPMI_ALG_MAC_SCHEME *target, BYTE **buffer, INT32 *size, BOOL flag); #if !USE_MARSHALING_DEFINES UINT16 TPMI_ALG_MAC_SCHEME_Marshal(TPMI_ALG_MAC_SCHEME *source, BYTE **buffer, INT32 *size); #else #define TPMI_ALG_MAC_SCHEME_Marshal(source, buffer, size) \ TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // Table 2:73 - Definition of TPMI_ALG_CIPHER_MODE Type TPM_RC TPMI_ALG_CIPHER_MODE_Unmarshal(TPMI_ALG_CIPHER_MODE *target, BYTE **buffer, INT32 *size, BOOL flag); #if !USE_MARSHALING_DEFINES UINT16 TPMI_ALG_CIPHER_MODE_Marshal(TPMI_ALG_CIPHER_MODE *source, BYTE **buffer, INT32 *size); #else #define TPMI_ALG_CIPHER_MODE_Marshal(source, buffer, size) \ TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // Table 2:74 - Definition of TPMS_EMPTY Structure TPM_RC TPMS_EMPTY_Unmarshal(TPMS_EMPTY *target, BYTE **buffer, INT32 *size); UINT16 TPMS_EMPTY_Marshal(TPMS_EMPTY *source, BYTE **buffer, INT32 *size); // Table 2:75 - Definition of TPMS_ALGORITHM_DESCRIPTION Structure UINT16 TPMS_ALGORITHM_DESCRIPTION_Marshal(TPMS_ALGORITHM_DESCRIPTION *source, BYTE **buffer, INT32 *size); // Table 2:76 - Definition of TPMU_HA Union TPM_RC TPMU_HA_Unmarshal(TPMU_HA *target, BYTE **buffer, INT32 *size, UINT32 selector); UINT16 TPMU_HA_Marshal(TPMU_HA *source, BYTE **buffer, INT32 *size, UINT32 selector); // Table 2:77 - Definition of TPMT_HA Structure TPM_RC TPMT_HA_Unmarshal(TPMT_HA *target, BYTE **buffer, INT32 *size, BOOL flag); UINT16 TPMT_HA_Marshal(TPMT_HA *source, BYTE **buffer, INT32 *size); // Table 2:78 - Definition of TPM2B_DIGEST Structure TPM_RC TPM2B_DIGEST_Unmarshal(TPM2B_DIGEST *target, BYTE **buffer, INT32 *size); UINT16 TPM2B_DIGEST_Marshal(TPM2B_DIGEST *source, BYTE **buffer, INT32 *size); // Table 2:79 - Definition of TPM2B_DATA Structure TPM_RC TPM2B_DATA_Unmarshal(TPM2B_DATA *target, BYTE **buffer, INT32 *size); UINT16 TPM2B_DATA_Marshal(TPM2B_DATA *source, BYTE **buffer, INT32 *size); // Table 2:80 - Definition of Types for TPM2B_NONCE #if !USE_MARSHALING_DEFINES TPM_RC TPM2B_NONCE_Unmarshal(TPM2B_NONCE *target, BYTE **buffer, INT32 *size); #else #define TPM2B_NONCE_Unmarshal(target, buffer, size) \ TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)(target), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES UINT16 TPM2B_NONCE_Marshal(TPM2B_NONCE *source, BYTE **buffer, INT32 *size); #else #define TPM2B_NONCE_Marshal(source, buffer, size) \ TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // Table 2:81 - Definition of Types for TPM2B_AUTH #if !USE_MARSHALING_DEFINES TPM_RC TPM2B_AUTH_Unmarshal(TPM2B_AUTH *target, BYTE **buffer, INT32 *size); #else #define TPM2B_AUTH_Unmarshal(target, buffer, size) \ TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)(target), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES UINT16 TPM2B_AUTH_Marshal(TPM2B_AUTH *source, BYTE **buffer, INT32 *size); #else #define TPM2B_AUTH_Marshal(source, buffer, size) \ TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // Table 2:82 - Definition of Types for TPM2B_OPERAND #if !USE_MARSHALING_DEFINES TPM_RC TPM2B_OPERAND_Unmarshal(TPM2B_OPERAND *target, BYTE **buffer, INT32 *size); #else #define TPM2B_OPERAND_Unmarshal(target, buffer, size) \ TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)(target), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES UINT16 TPM2B_OPERAND_Marshal(TPM2B_OPERAND *source, BYTE **buffer, INT32 *size); #else #define TPM2B_OPERAND_Marshal(source, buffer, size) \ TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // Table 2:83 - Definition of TPM2B_EVENT Structure TPM_RC TPM2B_EVENT_Unmarshal(TPM2B_EVENT *target, BYTE **buffer, INT32 *size); UINT16 TPM2B_EVENT_Marshal(TPM2B_EVENT *source, BYTE **buffer, INT32 *size); // Table 2:84 - Definition of TPM2B_MAX_BUFFER Structure TPM_RC TPM2B_MAX_BUFFER_Unmarshal(TPM2B_MAX_BUFFER *target, BYTE **buffer, INT32 *size); UINT16 TPM2B_MAX_BUFFER_Marshal(TPM2B_MAX_BUFFER *source, BYTE **buffer, INT32 *size); // Table 2:85 - Definition of TPM2B_MAX_NV_BUFFER Structure TPM_RC TPM2B_MAX_NV_BUFFER_Unmarshal(TPM2B_MAX_NV_BUFFER *target, BYTE **buffer, INT32 *size); UINT16 TPM2B_MAX_NV_BUFFER_Marshal(TPM2B_MAX_NV_BUFFER *source, BYTE **buffer, INT32 *size); // Table 2:86 - Definition of TPM2B_TIMEOUT Structure TPM_RC TPM2B_TIMEOUT_Unmarshal(TPM2B_TIMEOUT *target, BYTE **buffer, INT32 *size); UINT16 TPM2B_TIMEOUT_Marshal(TPM2B_TIMEOUT *source, BYTE **buffer, INT32 *size); // Table 2:87 - Definition of TPM2B_IV Structure TPM_RC TPM2B_IV_Unmarshal(TPM2B_IV *target, BYTE **buffer, INT32 *size); UINT16 TPM2B_IV_Marshal(TPM2B_IV *source, BYTE **buffer, INT32 *size); // Table 2:88 - Definition of TPMU_NAME Union // Table 2:89 - Definition of TPM2B_NAME Structure TPM_RC TPM2B_NAME_Unmarshal(TPM2B_NAME *target, BYTE **buffer, INT32 *size); UINT16 TPM2B_NAME_Marshal(TPM2B_NAME *source, BYTE **buffer, INT32 *size); // Table 2:90 - Definition of TPMS_PCR_SELECT Structure TPM_RC TPMS_PCR_SELECT_Unmarshal(TPMS_PCR_SELECT *target, BYTE **buffer, INT32 *size); UINT16 TPMS_PCR_SELECT_Marshal(TPMS_PCR_SELECT *source, BYTE **buffer, INT32 *size); // Table 2:91 - Definition of TPMS_PCR_SELECTION Structure TPM_RC TPMS_PCR_SELECTION_Unmarshal(TPMS_PCR_SELECTION *target, BYTE **buffer, INT32 *size); UINT16 TPMS_PCR_SELECTION_Marshal(TPMS_PCR_SELECTION *source, BYTE **buffer, INT32 *size); // Table 2:94 - Definition of TPMT_TK_CREATION Structure TPM_RC TPMT_TK_CREATION_Unmarshal(TPMT_TK_CREATION *target, BYTE **buffer, INT32 *size); UINT16 TPMT_TK_CREATION_Marshal(TPMT_TK_CREATION *source, BYTE **buffer, INT32 *size); // Table 2:95 - Definition of TPMT_TK_VERIFIED Structure TPM_RC TPMT_TK_VERIFIED_Unmarshal(TPMT_TK_VERIFIED *target, BYTE **buffer, INT32 *size); UINT16 TPMT_TK_VERIFIED_Marshal(TPMT_TK_VERIFIED *source, BYTE **buffer, INT32 *size); // Table 2:96 - Definition of TPMT_TK_AUTH Structure TPM_RC TPMT_TK_AUTH_Unmarshal(TPMT_TK_AUTH *target, BYTE **buffer, INT32 *size); UINT16 TPMT_TK_AUTH_Marshal(TPMT_TK_AUTH *source, BYTE **buffer, INT32 *size); // Table 2:97 - Definition of TPMT_TK_HASHCHECK Structure TPM_RC TPMT_TK_HASHCHECK_Unmarshal(TPMT_TK_HASHCHECK *target, BYTE **buffer, INT32 *size); UINT16 TPMT_TK_HASHCHECK_Marshal(TPMT_TK_HASHCHECK *source, BYTE **buffer, INT32 *size); // Table 2:98 - Definition of TPMS_ALG_PROPERTY Structure UINT16 TPMS_ALG_PROPERTY_Marshal(TPMS_ALG_PROPERTY *source, BYTE **buffer, INT32 *size); // Table 2:99 - Definition of TPMS_TAGGED_PROPERTY Structure UINT16 TPMS_TAGGED_PROPERTY_Marshal(TPMS_TAGGED_PROPERTY *source, BYTE **buffer, INT32 *size); // Table 2:100 - Definition of TPMS_TAGGED_PCR_SELECT Structure UINT16 TPMS_TAGGED_PCR_SELECT_Marshal(TPMS_TAGGED_PCR_SELECT *source, BYTE **buffer, INT32 *size); // Table 2:101 - Definition of TPMS_TAGGED_POLICY Structure UINT16 TPMS_TAGGED_POLICY_Marshal(TPMS_TAGGED_POLICY *source, BYTE **buffer, INT32 *size); // Table 2:102 - Definition of TPML_CC Structure TPM_RC TPML_CC_Unmarshal(TPML_CC *target, BYTE **buffer, INT32 *size); UINT16 TPML_CC_Marshal(TPML_CC *source, BYTE **buffer, INT32 *size); // Table 2:103 - Definition of TPML_CCA Structure UINT16 TPML_CCA_Marshal(TPML_CCA *source, BYTE **buffer, INT32 *size); // Table 2:104 - Definition of TPML_ALG Structure TPM_RC TPML_ALG_Unmarshal(TPML_ALG *target, BYTE **buffer, INT32 *size); UINT16 TPML_ALG_Marshal(TPML_ALG *source, BYTE **buffer, INT32 *size); // Table 2:105 - Definition of TPML_HANDLE Structure UINT16 TPML_HANDLE_Marshal(TPML_HANDLE *source, BYTE **buffer, INT32 *size); // Table 2:106 - Definition of TPML_DIGEST Structure TPM_RC TPML_DIGEST_Unmarshal(TPML_DIGEST *target, BYTE **buffer, INT32 *size); UINT16 TPML_DIGEST_Marshal(TPML_DIGEST *source, BYTE **buffer, INT32 *size); // Table 2:107 - Definition of TPML_DIGEST_VALUES Structure TPM_RC TPML_DIGEST_VALUES_Unmarshal(TPML_DIGEST_VALUES *target, BYTE **buffer, INT32 *size); UINT16 TPML_DIGEST_VALUES_Marshal(TPML_DIGEST_VALUES *source, BYTE **buffer, INT32 *size); // Table 2:108 - Definition of TPML_PCR_SELECTION Structure TPM_RC TPML_PCR_SELECTION_Unmarshal(TPML_PCR_SELECTION *target, BYTE **buffer, INT32 *size); UINT16 TPML_PCR_SELECTION_Marshal(TPML_PCR_SELECTION *source, BYTE **buffer, INT32 *size); // Table 2:109 - Definition of TPML_ALG_PROPERTY Structure UINT16 TPML_ALG_PROPERTY_Marshal(TPML_ALG_PROPERTY *source, BYTE **buffer, INT32 *size); // Table 2:110 - Definition of TPML_TAGGED_TPM_PROPERTY Structure UINT16 TPML_TAGGED_TPM_PROPERTY_Marshal(TPML_TAGGED_TPM_PROPERTY *source, BYTE **buffer, INT32 *size); // Table 2:111 - Definition of TPML_TAGGED_PCR_PROPERTY Structure UINT16 TPML_TAGGED_PCR_PROPERTY_Marshal(TPML_TAGGED_PCR_PROPERTY *source, BYTE **buffer, INT32 *size); // Table 2:112 - Definition of TPML_ECC_CURVE Structure #if ALG_ECC UINT16 TPML_ECC_CURVE_Marshal(TPML_ECC_CURVE *source, BYTE **buffer, INT32 *size); #endif // ALG_ECC // Table 2:113 - Definition of TPML_TAGGED_POLICY Structure UINT16 TPML_TAGGED_POLICY_Marshal(TPML_TAGGED_POLICY *source, BYTE **buffer, INT32 *size); // Table 2:114 - Definition of TPMU_CAPABILITIES Union UINT16 TPMU_CAPABILITIES_Marshal(TPMU_CAPABILITIES *source, BYTE **buffer, INT32 *size, UINT32 selector); // Table 2:115 - Definition of TPMS_CAPABILITY_DATA Structure UINT16 TPMS_CAPABILITY_DATA_Marshal(TPMS_CAPABILITY_DATA *source, BYTE **buffer, INT32 *size); // Table 2:116 - Definition of TPMS_CLOCK_INFO Structure TPM_RC TPMS_CLOCK_INFO_Unmarshal(TPMS_CLOCK_INFO *target, BYTE **buffer, INT32 *size); UINT16 TPMS_CLOCK_INFO_Marshal(TPMS_CLOCK_INFO *source, BYTE **buffer, INT32 *size); // Table 2:117 - Definition of TPMS_TIME_INFO Structure TPM_RC TPMS_TIME_INFO_Unmarshal(TPMS_TIME_INFO *target, BYTE **buffer, INT32 *size); UINT16 TPMS_TIME_INFO_Marshal(TPMS_TIME_INFO *source, BYTE **buffer, INT32 *size); // Table 2:118 - Definition of TPMS_TIME_ATTEST_INFO Structure UINT16 TPMS_TIME_ATTEST_INFO_Marshal(TPMS_TIME_ATTEST_INFO *source, BYTE **buffer, INT32 *size); // Table 2:119 - Definition of TPMS_CERTIFY_INFO Structure UINT16 TPMS_CERTIFY_INFO_Marshal(TPMS_CERTIFY_INFO *source, BYTE **buffer, INT32 *size); // Table 2:120 - Definition of TPMS_QUOTE_INFO Structure UINT16 TPMS_QUOTE_INFO_Marshal(TPMS_QUOTE_INFO *source, BYTE **buffer, INT32 *size); // Table 2:121 - Definition of TPMS_COMMAND_AUDIT_INFO Structure UINT16 TPMS_COMMAND_AUDIT_INFO_Marshal(TPMS_COMMAND_AUDIT_INFO *source, BYTE **buffer, INT32 *size); // Table 2:122 - Definition of TPMS_SESSION_AUDIT_INFO Structure UINT16 TPMS_SESSION_AUDIT_INFO_Marshal(TPMS_SESSION_AUDIT_INFO *source, BYTE **buffer, INT32 *size); // Table 2:123 - Definition of TPMS_CREATION_INFO Structure UINT16 TPMS_CREATION_INFO_Marshal(TPMS_CREATION_INFO *source, BYTE **buffer, INT32 *size); // Table 2:124 - Definition of TPMS_NV_CERTIFY_INFO Structure UINT16 TPMS_NV_CERTIFY_INFO_Marshal(TPMS_NV_CERTIFY_INFO *source, BYTE **buffer, INT32 *size); // Table 2:125 - Definition of TPMS_NV_DIGEST_CERTIFY_INFO Structure UINT16 TPMS_NV_DIGEST_CERTIFY_INFO_Marshal(TPMS_NV_DIGEST_CERTIFY_INFO *source, BYTE **buffer, INT32 *size); // Table 2:126 - Definition of TPMI_ST_ATTEST Type #if !USE_MARSHALING_DEFINES UINT16 TPMI_ST_ATTEST_Marshal(TPMI_ST_ATTEST *source, BYTE **buffer, INT32 *size); #else #define TPMI_ST_ATTEST_Marshal(source, buffer, size) \ TPM_ST_Marshal((TPM_ST *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // Table 2:127 - Definition of TPMU_ATTEST Union UINT16 TPMU_ATTEST_Marshal(TPMU_ATTEST *source, BYTE **buffer, INT32 *size, UINT32 selector); // Table 2:128 - Definition of TPMS_ATTEST Structure UINT16 TPMS_ATTEST_Marshal(TPMS_ATTEST *source, BYTE **buffer, INT32 *size); // Table 2:129 - Definition of TPM2B_ATTEST Structure UINT16 TPM2B_ATTEST_Marshal(TPM2B_ATTEST *source, BYTE **buffer, INT32 *size); // Table 2:130 - Definition of TPMS_AUTH_COMMAND Structure TPM_RC TPMS_AUTH_COMMAND_Unmarshal(TPMS_AUTH_COMMAND *target, BYTE **buffer, INT32 *size); // Table 2:131 - Definition of TPMS_AUTH_RESPONSE Structure UINT16 TPMS_AUTH_RESPONSE_Marshal(TPMS_AUTH_RESPONSE *source, BYTE **buffer, INT32 *size); // Table 2:132 - Definition of TPMI_TDES_KEY_BITS Type #if ALG_TDES TPM_RC TPMI_TDES_KEY_BITS_Unmarshal(TPMI_TDES_KEY_BITS *target, BYTE **buffer, INT32 *size); #if !USE_MARSHALING_DEFINES UINT16 TPMI_TDES_KEY_BITS_Marshal(TPMI_TDES_KEY_BITS *source, BYTE **buffer, INT32 *size); #else #define TPMI_TDES_KEY_BITS_Marshal(source, buffer, size) \ TPM_KEY_BITS_Marshal((TPM_KEY_BITS *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES #endif // ALG_TDES // Table 2:132 - Definition of TPMI_AES_KEY_BITS Type #if ALG_AES TPM_RC TPMI_AES_KEY_BITS_Unmarshal(TPMI_AES_KEY_BITS *target, BYTE **buffer, INT32 *size); #if !USE_MARSHALING_DEFINES UINT16 TPMI_AES_KEY_BITS_Marshal(TPMI_AES_KEY_BITS *source, BYTE **buffer, INT32 *size); #else #define TPMI_AES_KEY_BITS_Marshal(source, buffer, size) \ TPM_KEY_BITS_Marshal((TPM_KEY_BITS *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES #endif // ALG_AES // Table 2:132 - Definition of TPMI_SM4_KEY_BITS Type #if ALG_SM4 TPM_RC TPMI_SM4_KEY_BITS_Unmarshal(TPMI_SM4_KEY_BITS *target, BYTE **buffer, INT32 *size); #if !USE_MARSHALING_DEFINES UINT16 TPMI_SM4_KEY_BITS_Marshal(TPMI_SM4_KEY_BITS *source, BYTE **buffer, INT32 *size); #else #define TPMI_SM4_KEY_BITS_Marshal(source, buffer, size) \ TPM_KEY_BITS_Marshal((TPM_KEY_BITS *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES #endif // ALG_SM4 // Table 2:132 - Definition of TPMI_CAMELLIA_KEY_BITS Type #if ALG_CAMELLIA TPM_RC TPMI_CAMELLIA_KEY_BITS_Unmarshal(TPMI_CAMELLIA_KEY_BITS *target, BYTE **buffer, INT32 *size); #if !USE_MARSHALING_DEFINES UINT16 TPMI_CAMELLIA_KEY_BITS_Marshal(TPMI_CAMELLIA_KEY_BITS *source, BYTE **buffer, INT32 *size); #else #define TPMI_CAMELLIA_KEY_BITS_Marshal(source, buffer, size) \ TPM_KEY_BITS_Marshal((TPM_KEY_BITS *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES #endif // ALG_CAMELLIA // Table 2:133 - Definition of TPMU_SYM_KEY_BITS Union TPM_RC TPMU_SYM_KEY_BITS_Unmarshal(TPMU_SYM_KEY_BITS *target, BYTE **buffer, INT32 *size, UINT32 selector); UINT16 TPMU_SYM_KEY_BITS_Marshal(TPMU_SYM_KEY_BITS *source, BYTE **buffer, INT32 *size, UINT32 selector); // Table 2:134 - Definition of TPMU_SYM_MODE Union TPM_RC TPMU_SYM_MODE_Unmarshal(TPMU_SYM_MODE *target, BYTE **buffer, INT32 *size, UINT32 selector); UINT16 TPMU_SYM_MODE_Marshal(TPMU_SYM_MODE *source, BYTE **buffer, INT32 *size, UINT32 selector); // Table 2:136 - Definition of TPMT_SYM_DEF Structure TPM_RC TPMT_SYM_DEF_Unmarshal(TPMT_SYM_DEF *target, BYTE **buffer, INT32 *size, BOOL flag); UINT16 TPMT_SYM_DEF_Marshal(TPMT_SYM_DEF *source, BYTE **buffer, INT32 *size); // Table 2:137 - Definition of TPMT_SYM_DEF_OBJECT Structure TPM_RC TPMT_SYM_DEF_OBJECT_Unmarshal(TPMT_SYM_DEF_OBJECT *target, BYTE **buffer, INT32 *size, BOOL flag); UINT16 TPMT_SYM_DEF_OBJECT_Marshal(TPMT_SYM_DEF_OBJECT *source, BYTE **buffer, INT32 *size); // Table 2:138 - Definition of TPM2B_SYM_KEY Structure TPM_RC TPM2B_SYM_KEY_Unmarshal(TPM2B_SYM_KEY *target, BYTE **buffer, INT32 *size); UINT16 TPM2B_SYM_KEY_Marshal(TPM2B_SYM_KEY *source, BYTE **buffer, INT32 *size); // Table 2:139 - Definition of TPMS_SYMCIPHER_PARMS Structure TPM_RC TPMS_SYMCIPHER_PARMS_Unmarshal(TPMS_SYMCIPHER_PARMS *target, BYTE **buffer, INT32 *size); UINT16 TPMS_SYMCIPHER_PARMS_Marshal(TPMS_SYMCIPHER_PARMS *source, BYTE **buffer, INT32 *size); // Table 2:140 - Definition of TPM2B_LABEL Structure TPM_RC TPM2B_LABEL_Unmarshal(TPM2B_LABEL *target, BYTE **buffer, INT32 *size); UINT16 TPM2B_LABEL_Marshal(TPM2B_LABEL *source, BYTE **buffer, INT32 *size); // Table 2:141 - Definition of TPMS_DERIVE Structure TPM_RC TPMS_DERIVE_Unmarshal(TPMS_DERIVE *target, BYTE **buffer, INT32 *size); UINT16 TPMS_DERIVE_Marshal(TPMS_DERIVE *source, BYTE **buffer, INT32 *size); // Table 2:142 - Definition of TPM2B_DERIVE Structure TPM_RC TPM2B_DERIVE_Unmarshal(TPM2B_DERIVE *target, BYTE **buffer, INT32 *size); UINT16 TPM2B_DERIVE_Marshal(TPM2B_DERIVE *source, BYTE **buffer, INT32 *size); // Table 2:143 - Definition of TPMU_SENSITIVE_CREATE Union // Table 2:144 - Definition of TPM2B_SENSITIVE_DATA Structure TPM_RC TPM2B_SENSITIVE_DATA_Unmarshal(TPM2B_SENSITIVE_DATA *target, BYTE **buffer, INT32 *size); UINT16 TPM2B_SENSITIVE_DATA_Marshal(TPM2B_SENSITIVE_DATA *source, BYTE **buffer, INT32 *size); // Table 2:145 - Definition of TPMS_SENSITIVE_CREATE Structure TPM_RC TPMS_SENSITIVE_CREATE_Unmarshal(TPMS_SENSITIVE_CREATE *target, BYTE **buffer, INT32 *size); // Table 2:146 - Definition of TPM2B_SENSITIVE_CREATE Structure TPM_RC TPM2B_SENSITIVE_CREATE_Unmarshal(TPM2B_SENSITIVE_CREATE *target, BYTE **buffer, INT32 *size); // Table 2:147 - Definition of TPMS_SCHEME_HASH Structure TPM_RC TPMS_SCHEME_HASH_Unmarshal(TPMS_SCHEME_HASH *target, BYTE **buffer, INT32 *size); UINT16 TPMS_SCHEME_HASH_Marshal(TPMS_SCHEME_HASH *source, BYTE **buffer, INT32 *size); // Table 2:148 - Definition of TPMS_SCHEME_ECDAA Structure #if ALG_ECC TPM_RC TPMS_SCHEME_ECDAA_Unmarshal(TPMS_SCHEME_ECDAA *target, BYTE **buffer, INT32 *size); UINT16 TPMS_SCHEME_ECDAA_Marshal(TPMS_SCHEME_ECDAA *source, BYTE **buffer, INT32 *size); #endif // ALG_ECC // Table 2:149 - Definition of TPMI_ALG_KEYEDHASH_SCHEME Type TPM_RC TPMI_ALG_KEYEDHASH_SCHEME_Unmarshal(TPMI_ALG_KEYEDHASH_SCHEME *target, BYTE **buffer, INT32 *size, BOOL flag); #if !USE_MARSHALING_DEFINES UINT16 TPMI_ALG_KEYEDHASH_SCHEME_Marshal(TPMI_ALG_KEYEDHASH_SCHEME *source, BYTE **buffer, INT32 *size); #else #define TPMI_ALG_KEYEDHASH_SCHEME_Marshal(source, buffer, size) \ TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // Table 2:150 - Definition of Types for HMAC_SIG_SCHEME #if !USE_MARSHALING_DEFINES TPM_RC TPMS_SCHEME_HMAC_Unmarshal(TPMS_SCHEME_HMAC *target, BYTE **buffer, INT32 *size); #else #define TPMS_SCHEME_HMAC_Unmarshal(target, buffer, size) \ TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)(target), \ (buffer), \ (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES UINT16 TPMS_SCHEME_HMAC_Marshal(TPMS_SCHEME_HMAC *source, BYTE **buffer, INT32 *size); #else #define TPMS_SCHEME_HMAC_Marshal(source, buffer, size) \ TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)(source), \ (buffer), \ (size)) #endif // !USE_MARSHALING_DEFINES // Table 2:151 - Definition of TPMS_SCHEME_XOR Structure TPM_RC TPMS_SCHEME_XOR_Unmarshal(TPMS_SCHEME_XOR *target, BYTE **buffer, INT32 *size); UINT16 TPMS_SCHEME_XOR_Marshal(TPMS_SCHEME_XOR *source, BYTE **buffer, INT32 *size); // Table 2:152 - Definition of TPMU_SCHEME_KEYEDHASH Union TPM_RC TPMU_SCHEME_KEYEDHASH_Unmarshal(TPMU_SCHEME_KEYEDHASH *target, BYTE **buffer, INT32 *size, UINT32 selector); UINT16 TPMU_SCHEME_KEYEDHASH_Marshal(TPMU_SCHEME_KEYEDHASH *source, BYTE **buffer, INT32 *size, UINT32 selector); // Table 2:153 - Definition of TPMT_KEYEDHASH_SCHEME Structure TPM_RC TPMT_KEYEDHASH_SCHEME_Unmarshal(TPMT_KEYEDHASH_SCHEME *target, BYTE **buffer, INT32 *size, BOOL flag); UINT16 TPMT_KEYEDHASH_SCHEME_Marshal(TPMT_KEYEDHASH_SCHEME *source, BYTE **buffer, INT32 *size); // Table 2:154 - Definition of Types for RSA Signature Schemes #if ALG_RSA #if !USE_MARSHALING_DEFINES TPM_RC TPMS_SIG_SCHEME_RSASSA_Unmarshal(TPMS_SIG_SCHEME_RSASSA *target, BYTE **buffer, INT32 *size); #else #define TPMS_SIG_SCHEME_RSASSA_Unmarshal(target, buffer, size) \ TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)(target), \ (buffer), \ (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES UINT16 TPMS_SIG_SCHEME_RSASSA_Marshal(TPMS_SIG_SCHEME_RSASSA *source, BYTE **buffer, INT32 *size); #else #define TPMS_SIG_SCHEME_RSASSA_Marshal(source, buffer, size) \ TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)(source), \ (buffer), \ (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES TPM_RC TPMS_SIG_SCHEME_RSAPSS_Unmarshal(TPMS_SIG_SCHEME_RSAPSS *target, BYTE **buffer, INT32 *size); #else #define TPMS_SIG_SCHEME_RSAPSS_Unmarshal(target, buffer, size) \ TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)(target), \ (buffer), \ (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES UINT16 TPMS_SIG_SCHEME_RSAPSS_Marshal(TPMS_SIG_SCHEME_RSAPSS *source, BYTE **buffer, INT32 *size); #else #define TPMS_SIG_SCHEME_RSAPSS_Marshal(source, buffer, size) \ TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)(source), \ (buffer), \ (size)) #endif // !USE_MARSHALING_DEFINES #endif // ALG_RSA // Table 2:155 - Definition of Types for ECC Signature Schemes #if ALG_ECC #if !USE_MARSHALING_DEFINES TPM_RC TPMS_SIG_SCHEME_ECDSA_Unmarshal(TPMS_SIG_SCHEME_ECDSA *target, BYTE **buffer, INT32 *size); #else #define TPMS_SIG_SCHEME_ECDSA_Unmarshal(target, buffer, size) \ TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)(target), \ (buffer), \ (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES UINT16 TPMS_SIG_SCHEME_ECDSA_Marshal(TPMS_SIG_SCHEME_ECDSA *source, BYTE **buffer, INT32 *size); #else #define TPMS_SIG_SCHEME_ECDSA_Marshal(source, buffer, size) \ TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)(source), \ (buffer), \ (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES TPM_RC TPMS_SIG_SCHEME_SM2_Unmarshal(TPMS_SIG_SCHEME_SM2 *target, BYTE **buffer, INT32 *size); #else #define TPMS_SIG_SCHEME_SM2_Unmarshal(target, buffer, size) \ TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)(target), \ (buffer), \ (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES UINT16 TPMS_SIG_SCHEME_SM2_Marshal(TPMS_SIG_SCHEME_SM2 *source, BYTE **buffer, INT32 *size); #else #define TPMS_SIG_SCHEME_SM2_Marshal(source, buffer, size) \ TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)(source), \ (buffer), \ (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES TPM_RC TPMS_SIG_SCHEME_ECSCHNORR_Unmarshal(TPMS_SIG_SCHEME_ECSCHNORR *target, BYTE **buffer, INT32 *size); #else #define TPMS_SIG_SCHEME_ECSCHNORR_Unmarshal(target, buffer, size) \ TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)(target), \ (buffer), \ (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES UINT16 TPMS_SIG_SCHEME_ECSCHNORR_Marshal(TPMS_SIG_SCHEME_ECSCHNORR *source, BYTE **buffer, INT32 *size); #else #define TPMS_SIG_SCHEME_ECSCHNORR_Marshal(source, buffer, size) \ TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)(source), \ (buffer), \ (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES TPM_RC TPMS_SIG_SCHEME_ECDAA_Unmarshal(TPMS_SIG_SCHEME_ECDAA *target, BYTE **buffer, INT32 *size); #else #define TPMS_SIG_SCHEME_ECDAA_Unmarshal(target, buffer, size) \ TPMS_SCHEME_ECDAA_Unmarshal((TPMS_SCHEME_ECDAA *)(target), \ (buffer), \ (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES UINT16 TPMS_SIG_SCHEME_ECDAA_Marshal(TPMS_SIG_SCHEME_ECDAA *source, BYTE **buffer, INT32 *size); #else #define TPMS_SIG_SCHEME_ECDAA_Marshal(source, buffer, size) \ TPMS_SCHEME_ECDAA_Marshal((TPMS_SCHEME_ECDAA *)(source), \ (buffer), \ (size)) #endif // !USE_MARSHALING_DEFINES #endif // ALG_ECC // Table 2:156 - Definition of TPMU_SIG_SCHEME Union TPM_RC TPMU_SIG_SCHEME_Unmarshal(TPMU_SIG_SCHEME *target, BYTE **buffer, INT32 *size, UINT32 selector); UINT16 TPMU_SIG_SCHEME_Marshal(TPMU_SIG_SCHEME *source, BYTE **buffer, INT32 *size, UINT32 selector); // Table 2:157 - Definition of TPMT_SIG_SCHEME Structure TPM_RC TPMT_SIG_SCHEME_Unmarshal(TPMT_SIG_SCHEME *target, BYTE **buffer, INT32 *size, BOOL flag); UINT16 TPMT_SIG_SCHEME_Marshal(TPMT_SIG_SCHEME *source, BYTE **buffer, INT32 *size); // Table 2:158 - Definition of Types for Encryption Schemes #if ALG_RSA #if !USE_MARSHALING_DEFINES TPM_RC TPMS_ENC_SCHEME_OAEP_Unmarshal(TPMS_ENC_SCHEME_OAEP *target, BYTE **buffer, INT32 *size); #else #define TPMS_ENC_SCHEME_OAEP_Unmarshal(target, buffer, size) \ TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)(target), \ (buffer), \ (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES UINT16 TPMS_ENC_SCHEME_OAEP_Marshal(TPMS_ENC_SCHEME_OAEP *source, BYTE **buffer, INT32 *size); #else #define TPMS_ENC_SCHEME_OAEP_Marshal(source, buffer, size) \ TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)(source), \ (buffer), \ (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES TPM_RC TPMS_ENC_SCHEME_RSAES_Unmarshal(TPMS_ENC_SCHEME_RSAES *target, BYTE **buffer, INT32 *size); #else #define TPMS_ENC_SCHEME_RSAES_Unmarshal(target, buffer, size) \ TPMS_EMPTY_Unmarshal((TPMS_EMPTY *)(target), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES UINT16 TPMS_ENC_SCHEME_RSAES_Marshal(TPMS_ENC_SCHEME_RSAES *source, BYTE **buffer, INT32 *size); #else #define TPMS_ENC_SCHEME_RSAES_Marshal(source, buffer, size) \ TPMS_EMPTY_Marshal((TPMS_EMPTY *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES #endif // ALG_RSA // Table 2:159 - Definition of Types for ECC Key Exchange #if ALG_ECC #if !USE_MARSHALING_DEFINES TPM_RC TPMS_KEY_SCHEME_ECDH_Unmarshal(TPMS_KEY_SCHEME_ECDH *target, BYTE **buffer, INT32 *size); #else #define TPMS_KEY_SCHEME_ECDH_Unmarshal(target, buffer, size) \ TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)(target), \ (buffer), \ (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES UINT16 TPMS_KEY_SCHEME_ECDH_Marshal(TPMS_KEY_SCHEME_ECDH *source, BYTE **buffer, INT32 *size); #else #define TPMS_KEY_SCHEME_ECDH_Marshal(source, buffer, size) \ TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)(source), \ (buffer), \ (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES TPM_RC TPMS_KEY_SCHEME_ECMQV_Unmarshal(TPMS_KEY_SCHEME_ECMQV *target, BYTE **buffer, INT32 *size); #else #define TPMS_KEY_SCHEME_ECMQV_Unmarshal(target, buffer, size) \ TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)(target), \ (buffer), \ (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES UINT16 TPMS_KEY_SCHEME_ECMQV_Marshal(TPMS_KEY_SCHEME_ECMQV *source, BYTE **buffer, INT32 *size); #else #define TPMS_KEY_SCHEME_ECMQV_Marshal(source, buffer, size) \ TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)(source), \ (buffer), \ (size)) #endif // !USE_MARSHALING_DEFINES #endif // ALG_ECC // Table 2:160 - Definition of Types for KDF Schemes #if !USE_MARSHALING_DEFINES TPM_RC TPMS_SCHEME_MGF1_Unmarshal(TPMS_SCHEME_MGF1 *target, BYTE **buffer, INT32 *size); #else #define TPMS_SCHEME_MGF1_Unmarshal(target, buffer, size) \ TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)(target), \ (buffer), \ (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES UINT16 TPMS_SCHEME_MGF1_Marshal(TPMS_SCHEME_MGF1 *source, BYTE **buffer, INT32 *size); #else #define TPMS_SCHEME_MGF1_Marshal(source, buffer, size) \ TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)(source), \ (buffer), \ (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES TPM_RC TPMS_SCHEME_KDF1_SP800_56A_Unmarshal(TPMS_SCHEME_KDF1_SP800_56A *target, BYTE **buffer, INT32 *size); #else #define TPMS_SCHEME_KDF1_SP800_56A_Unmarshal(target, buffer, size) \ TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)(target), \ (buffer), \ (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES UINT16 TPMS_SCHEME_KDF1_SP800_56A_Marshal(TPMS_SCHEME_KDF1_SP800_56A *source, BYTE **buffer, INT32 *size); #else #define TPMS_SCHEME_KDF1_SP800_56A_Marshal(source, buffer, size) \ TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)(source), \ (buffer), \ (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES TPM_RC TPMS_SCHEME_KDF2_Unmarshal(TPMS_SCHEME_KDF2 *target, BYTE **buffer, INT32 *size); #else #define TPMS_SCHEME_KDF2_Unmarshal(target, buffer, size) \ TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)(target), \ (buffer), \ (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES UINT16 TPMS_SCHEME_KDF2_Marshal(TPMS_SCHEME_KDF2 *source, BYTE **buffer, INT32 *size); #else #define TPMS_SCHEME_KDF2_Marshal(source, buffer, size) \ TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)(source), \ (buffer), \ (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES TPM_RC TPMS_SCHEME_KDF1_SP800_108_Unmarshal(TPMS_SCHEME_KDF1_SP800_108 *target, BYTE **buffer, INT32 *size); #else #define TPMS_SCHEME_KDF1_SP800_108_Unmarshal(target, buffer, size) \ TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)(target), \ (buffer), \ (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES UINT16 TPMS_SCHEME_KDF1_SP800_108_Marshal(TPMS_SCHEME_KDF1_SP800_108 *source, BYTE **buffer, INT32 *size); #else #define TPMS_SCHEME_KDF1_SP800_108_Marshal(source, buffer, size) \ TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)(source), \ (buffer), \ (size)) #endif // !USE_MARSHALING_DEFINES // Table 2:161 - Definition of TPMU_KDF_SCHEME Union TPM_RC TPMU_KDF_SCHEME_Unmarshal(TPMU_KDF_SCHEME *target, BYTE **buffer, INT32 *size, UINT32 selector); UINT16 TPMU_KDF_SCHEME_Marshal(TPMU_KDF_SCHEME *source, BYTE **buffer, INT32 *size, UINT32 selector); // Table 2:162 - Definition of TPMT_KDF_SCHEME Structure TPM_RC TPMT_KDF_SCHEME_Unmarshal(TPMT_KDF_SCHEME *target, BYTE **buffer, INT32 *size, BOOL flag); UINT16 TPMT_KDF_SCHEME_Marshal(TPMT_KDF_SCHEME *source, BYTE **buffer, INT32 *size); // Table 2:163 - Definition of TPMI_ALG_ASYM_SCHEME Type TPM_RC TPMI_ALG_ASYM_SCHEME_Unmarshal(TPMI_ALG_ASYM_SCHEME *target, BYTE **buffer, INT32 *size, BOOL flag); #if !USE_MARSHALING_DEFINES UINT16 TPMI_ALG_ASYM_SCHEME_Marshal(TPMI_ALG_ASYM_SCHEME *source, BYTE **buffer, INT32 *size); #else #define TPMI_ALG_ASYM_SCHEME_Marshal(source, buffer, size) \ TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // Table 2:164 - Definition of TPMU_ASYM_SCHEME Union TPM_RC TPMU_ASYM_SCHEME_Unmarshal(TPMU_ASYM_SCHEME *target, BYTE **buffer, INT32 *size, UINT32 selector); UINT16 TPMU_ASYM_SCHEME_Marshal(TPMU_ASYM_SCHEME *source, BYTE **buffer, INT32 *size, UINT32 selector); // Table 2:165 - Definition of TPMT_ASYM_SCHEME Structure // Table 2:166 - Definition of TPMI_ALG_RSA_SCHEME Type #if ALG_RSA TPM_RC TPMI_ALG_RSA_SCHEME_Unmarshal(TPMI_ALG_RSA_SCHEME *target, BYTE **buffer, INT32 *size, BOOL flag); #if !USE_MARSHALING_DEFINES UINT16 TPMI_ALG_RSA_SCHEME_Marshal(TPMI_ALG_RSA_SCHEME *source, BYTE **buffer, INT32 *size); #else #define TPMI_ALG_RSA_SCHEME_Marshal(source, buffer, size) \ TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES #endif // ALG_RSA // Table 2:167 - Definition of TPMT_RSA_SCHEME Structure #if ALG_RSA TPM_RC TPMT_RSA_SCHEME_Unmarshal(TPMT_RSA_SCHEME *target, BYTE **buffer, INT32 *size, BOOL flag); UINT16 TPMT_RSA_SCHEME_Marshal(TPMT_RSA_SCHEME *source, BYTE **buffer, INT32 *size); #endif // ALG_RSA // Table 2:168 - Definition of TPMI_ALG_RSA_DECRYPT Type #if ALG_RSA TPM_RC TPMI_ALG_RSA_DECRYPT_Unmarshal(TPMI_ALG_RSA_DECRYPT *target, BYTE **buffer, INT32 *size, BOOL flag); #if !USE_MARSHALING_DEFINES UINT16 TPMI_ALG_RSA_DECRYPT_Marshal(TPMI_ALG_RSA_DECRYPT *source, BYTE **buffer, INT32 *size); #else #define TPMI_ALG_RSA_DECRYPT_Marshal(source, buffer, size) \ TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES #endif // ALG_RSA // Table 2:169 - Definition of TPMT_RSA_DECRYPT Structure #if ALG_RSA TPM_RC TPMT_RSA_DECRYPT_Unmarshal(TPMT_RSA_DECRYPT *target, BYTE **buffer, INT32 *size, BOOL flag); UINT16 TPMT_RSA_DECRYPT_Marshal(TPMT_RSA_DECRYPT *source, BYTE **buffer, INT32 *size); #endif // ALG_RSA // Table 2:170 - Definition of TPM2B_PUBLIC_KEY_RSA Structure #if ALG_RSA TPM_RC TPM2B_PUBLIC_KEY_RSA_Unmarshal(TPM2B_PUBLIC_KEY_RSA *target, BYTE **buffer, INT32 *size); UINT16 TPM2B_PUBLIC_KEY_RSA_Marshal(TPM2B_PUBLIC_KEY_RSA *source, BYTE **buffer, INT32 *size); #endif // ALG_RSA // Table 2:171 - Definition of TPMI_RSA_KEY_BITS Type #if ALG_RSA TPM_RC TPMI_RSA_KEY_BITS_Unmarshal(TPMI_RSA_KEY_BITS *target, BYTE **buffer, INT32 *size); #if !USE_MARSHALING_DEFINES UINT16 TPMI_RSA_KEY_BITS_Marshal(TPMI_RSA_KEY_BITS *source, BYTE **buffer, INT32 *size); #else #define TPMI_RSA_KEY_BITS_Marshal(source, buffer, size) \ TPM_KEY_BITS_Marshal((TPM_KEY_BITS *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES #endif // ALG_RSA // Table 2:172 - Definition of TPM2B_PRIVATE_KEY_RSA Structure #if ALG_RSA TPM_RC TPM2B_PRIVATE_KEY_RSA_Unmarshal(TPM2B_PRIVATE_KEY_RSA *target, BYTE **buffer, INT32 *size); UINT16 TPM2B_PRIVATE_KEY_RSA_Marshal(TPM2B_PRIVATE_KEY_RSA *source, BYTE **buffer, INT32 *size); #endif // ALG_RSA // Table 2:173 - Definition of TPM2B_ECC_PARAMETER Structure TPM_RC TPM2B_ECC_PARAMETER_Unmarshal(TPM2B_ECC_PARAMETER *target, BYTE **buffer, INT32 *size); UINT16 TPM2B_ECC_PARAMETER_Marshal(TPM2B_ECC_PARAMETER *source, BYTE **buffer, INT32 *size); // Table 2:174 - Definition of TPMS_ECC_POINT Structure #if ALG_ECC TPM_RC TPMS_ECC_POINT_Unmarshal(TPMS_ECC_POINT *target, BYTE **buffer, INT32 *size); UINT16 TPMS_ECC_POINT_Marshal(TPMS_ECC_POINT *source, BYTE **buffer, INT32 *size); #endif // ALG_ECC // Table 2:175 - Definition of TPM2B_ECC_POINT Structure #if ALG_ECC TPM_RC TPM2B_ECC_POINT_Unmarshal(TPM2B_ECC_POINT *target, BYTE **buffer, INT32 *size); UINT16 TPM2B_ECC_POINT_Marshal(TPM2B_ECC_POINT *source, BYTE **buffer, INT32 *size); #endif // ALG_ECC // Table 2:176 - Definition of TPMI_ALG_ECC_SCHEME Type #if ALG_ECC TPM_RC TPMI_ALG_ECC_SCHEME_Unmarshal(TPMI_ALG_ECC_SCHEME *target, BYTE **buffer, INT32 *size, BOOL flag); #if !USE_MARSHALING_DEFINES UINT16 TPMI_ALG_ECC_SCHEME_Marshal(TPMI_ALG_ECC_SCHEME *source, BYTE **buffer, INT32 *size); #else #define TPMI_ALG_ECC_SCHEME_Marshal(source, buffer, size) \ TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES #endif // ALG_ECC // Table 2:177 - Definition of TPMI_ECC_CURVE Type #if ALG_ECC TPM_RC TPMI_ECC_CURVE_Unmarshal(TPMI_ECC_CURVE *target, BYTE **buffer, INT32 *size); #if !USE_MARSHALING_DEFINES UINT16 TPMI_ECC_CURVE_Marshal(TPMI_ECC_CURVE *source, BYTE **buffer, INT32 *size); #else #define TPMI_ECC_CURVE_Marshal(source, buffer, size) \ TPM_ECC_CURVE_Marshal((TPM_ECC_CURVE *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES #endif // ALG_ECC // Table 2:178 - Definition of TPMT_ECC_SCHEME Structure #if ALG_ECC TPM_RC TPMT_ECC_SCHEME_Unmarshal(TPMT_ECC_SCHEME *target, BYTE **buffer, INT32 *size, BOOL flag); UINT16 TPMT_ECC_SCHEME_Marshal(TPMT_ECC_SCHEME *source, BYTE **buffer, INT32 *size); #endif // ALG_ECC // Table 2:179 - Definition of TPMS_ALGORITHM_DETAIL_ECC Structure #if ALG_ECC UINT16 TPMS_ALGORITHM_DETAIL_ECC_Marshal(TPMS_ALGORITHM_DETAIL_ECC *source, BYTE **buffer, INT32 *size); #endif // ALG_ECC // Table 2:180 - Definition of TPMS_SIGNATURE_RSA Structure #if ALG_RSA TPM_RC TPMS_SIGNATURE_RSA_Unmarshal(TPMS_SIGNATURE_RSA *target, BYTE **buffer, INT32 *size); UINT16 TPMS_SIGNATURE_RSA_Marshal(TPMS_SIGNATURE_RSA *source, BYTE **buffer, INT32 *size); #endif // ALG_RSA // Table 2:181 - Definition of Types for Signature #if ALG_RSA #if !USE_MARSHALING_DEFINES TPM_RC TPMS_SIGNATURE_RSASSA_Unmarshal(TPMS_SIGNATURE_RSASSA *target, BYTE **buffer, INT32 *size); #else #define TPMS_SIGNATURE_RSASSA_Unmarshal(target, buffer, size) \ TPMS_SIGNATURE_RSA_Unmarshal((TPMS_SIGNATURE_RSA *)(target), \ (buffer), \ (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES UINT16 TPMS_SIGNATURE_RSASSA_Marshal(TPMS_SIGNATURE_RSASSA *source, BYTE **buffer, INT32 *size); #else #define TPMS_SIGNATURE_RSASSA_Marshal(source, buffer, size) \ TPMS_SIGNATURE_RSA_Marshal((TPMS_SIGNATURE_RSA *)(source), \ (buffer), \ (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES TPM_RC TPMS_SIGNATURE_RSAPSS_Unmarshal(TPMS_SIGNATURE_RSAPSS *target, BYTE **buffer, INT32 *size); #else #define TPMS_SIGNATURE_RSAPSS_Unmarshal(target, buffer, size) \ TPMS_SIGNATURE_RSA_Unmarshal((TPMS_SIGNATURE_RSA *)(target), \ (buffer), \ (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES UINT16 TPMS_SIGNATURE_RSAPSS_Marshal(TPMS_SIGNATURE_RSAPSS *source, BYTE **buffer, INT32 *size); #else #define TPMS_SIGNATURE_RSAPSS_Marshal(source, buffer, size) \ TPMS_SIGNATURE_RSA_Marshal((TPMS_SIGNATURE_RSA *)(source), \ (buffer), \ (size)) #endif // !USE_MARSHALING_DEFINES #endif // ALG_RSA // Table 2:182 - Definition of TPMS_SIGNATURE_ECC Structure #if ALG_ECC TPM_RC TPMS_SIGNATURE_ECC_Unmarshal(TPMS_SIGNATURE_ECC *target, BYTE **buffer, INT32 *size); UINT16 TPMS_SIGNATURE_ECC_Marshal(TPMS_SIGNATURE_ECC *source, BYTE **buffer, INT32 *size); #endif // ALG_ECC // Table 2:183 - Definition of Types for TPMS_SIGNATURE_ECC #if ALG_ECC #if !USE_MARSHALING_DEFINES TPM_RC TPMS_SIGNATURE_ECDAA_Unmarshal(TPMS_SIGNATURE_ECDAA *target, BYTE **buffer, INT32 *size); #else #define TPMS_SIGNATURE_ECDAA_Unmarshal(target, buffer, size) \ TPMS_SIGNATURE_ECC_Unmarshal((TPMS_SIGNATURE_ECC *)(target), \ (buffer), \ (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES UINT16 TPMS_SIGNATURE_ECDAA_Marshal(TPMS_SIGNATURE_ECDAA *source, BYTE **buffer, INT32 *size); #else #define TPMS_SIGNATURE_ECDAA_Marshal(source, buffer, size) \ TPMS_SIGNATURE_ECC_Marshal((TPMS_SIGNATURE_ECC *)(source), \ (buffer), \ (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES TPM_RC TPMS_SIGNATURE_ECDSA_Unmarshal(TPMS_SIGNATURE_ECDSA *target, BYTE **buffer, INT32 *size); #else #define TPMS_SIGNATURE_ECDSA_Unmarshal(target, buffer, size) \ TPMS_SIGNATURE_ECC_Unmarshal((TPMS_SIGNATURE_ECC *)(target), \ (buffer), \ (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES UINT16 TPMS_SIGNATURE_ECDSA_Marshal(TPMS_SIGNATURE_ECDSA *source, BYTE **buffer, INT32 *size); #else #define TPMS_SIGNATURE_ECDSA_Marshal(source, buffer, size) \ TPMS_SIGNATURE_ECC_Marshal((TPMS_SIGNATURE_ECC *)(source), \ (buffer), \ (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES TPM_RC TPMS_SIGNATURE_SM2_Unmarshal(TPMS_SIGNATURE_SM2 *target, BYTE **buffer, INT32 *size); #else #define TPMS_SIGNATURE_SM2_Unmarshal(target, buffer, size) \ TPMS_SIGNATURE_ECC_Unmarshal((TPMS_SIGNATURE_ECC *)(target), \ (buffer), \ (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES UINT16 TPMS_SIGNATURE_SM2_Marshal(TPMS_SIGNATURE_SM2 *source, BYTE **buffer, INT32 *size); #else #define TPMS_SIGNATURE_SM2_Marshal(source, buffer, size) \ TPMS_SIGNATURE_ECC_Marshal((TPMS_SIGNATURE_ECC *)(source), \ (buffer), \ (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES TPM_RC TPMS_SIGNATURE_ECSCHNORR_Unmarshal(TPMS_SIGNATURE_ECSCHNORR *target, BYTE **buffer, INT32 *size); #else #define TPMS_SIGNATURE_ECSCHNORR_Unmarshal(target, buffer, size) \ TPMS_SIGNATURE_ECC_Unmarshal((TPMS_SIGNATURE_ECC *)(target), \ (buffer), \ (size)) #endif // !USE_MARSHALING_DEFINES #if !USE_MARSHALING_DEFINES UINT16 TPMS_SIGNATURE_ECSCHNORR_Marshal(TPMS_SIGNATURE_ECSCHNORR *source, BYTE **buffer, INT32 *size); #else #define TPMS_SIGNATURE_ECSCHNORR_Marshal(source, buffer, size) \ TPMS_SIGNATURE_ECC_Marshal((TPMS_SIGNATURE_ECC *)(source), \ (buffer), \ (size)) #endif // !USE_MARSHALING_DEFINES #endif // ALG_ECC // Table 2:184 - Definition of TPMU_SIGNATURE Union TPM_RC TPMU_SIGNATURE_Unmarshal(TPMU_SIGNATURE *target, BYTE **buffer, INT32 *size, UINT32 selector); UINT16 TPMU_SIGNATURE_Marshal(TPMU_SIGNATURE *source, BYTE **buffer, INT32 *size, UINT32 selector); // Table 2:185 - Definition of TPMT_SIGNATURE Structure TPM_RC TPMT_SIGNATURE_Unmarshal(TPMT_SIGNATURE *target, BYTE **buffer, INT32 *size, BOOL flag); UINT16 TPMT_SIGNATURE_Marshal(TPMT_SIGNATURE *source, BYTE **buffer, INT32 *size); // Table 2:186 - Definition of TPMU_ENCRYPTED_SECRET Union TPM_RC TPMU_ENCRYPTED_SECRET_Unmarshal(TPMU_ENCRYPTED_SECRET *target, BYTE **buffer, INT32 *size, UINT32 selector); UINT16 TPMU_ENCRYPTED_SECRET_Marshal(TPMU_ENCRYPTED_SECRET *source, BYTE **buffer, INT32 *size, UINT32 selector); // Table 2:187 - Definition of TPM2B_ENCRYPTED_SECRET Structure TPM_RC TPM2B_ENCRYPTED_SECRET_Unmarshal(TPM2B_ENCRYPTED_SECRET *target, BYTE **buffer, INT32 *size); UINT16 TPM2B_ENCRYPTED_SECRET_Marshal(TPM2B_ENCRYPTED_SECRET *source, BYTE **buffer, INT32 *size); // Table 2:188 - Definition of TPMI_ALG_PUBLIC Type TPM_RC TPMI_ALG_PUBLIC_Unmarshal(TPMI_ALG_PUBLIC *target, BYTE **buffer, INT32 *size); #if !USE_MARSHALING_DEFINES UINT16 TPMI_ALG_PUBLIC_Marshal(TPMI_ALG_PUBLIC *source, BYTE **buffer, INT32 *size); #else #define TPMI_ALG_PUBLIC_Marshal(source, buffer, size) \ TPM_ALG_ID_Marshal((TPM_ALG_ID *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // Table 2:189 - Definition of TPMU_PUBLIC_ID Union TPM_RC TPMU_PUBLIC_ID_Unmarshal(TPMU_PUBLIC_ID *target, BYTE **buffer, INT32 *size, UINT32 selector); UINT16 TPMU_PUBLIC_ID_Marshal(TPMU_PUBLIC_ID *source, BYTE **buffer, INT32 *size, UINT32 selector); // Table 2:190 - Definition of TPMS_KEYEDHASH_PARMS Structure TPM_RC TPMS_KEYEDHASH_PARMS_Unmarshal(TPMS_KEYEDHASH_PARMS *target, BYTE **buffer, INT32 *size); UINT16 TPMS_KEYEDHASH_PARMS_Marshal(TPMS_KEYEDHASH_PARMS *source, BYTE **buffer, INT32 *size); // Table 2:191 - Definition of TPMS_ASYM_PARMS Structure // Table 2:192 - Definition of TPMS_RSA_PARMS Structure #if ALG_RSA TPM_RC TPMS_RSA_PARMS_Unmarshal(TPMS_RSA_PARMS *target, BYTE **buffer, INT32 *size); UINT16 TPMS_RSA_PARMS_Marshal(TPMS_RSA_PARMS *source, BYTE **buffer, INT32 *size); #endif // ALG_RSA // Table 2:193 - Definition of TPMS_ECC_PARMS Structure #if ALG_ECC TPM_RC TPMS_ECC_PARMS_Unmarshal(TPMS_ECC_PARMS *target, BYTE **buffer, INT32 *size); UINT16 TPMS_ECC_PARMS_Marshal(TPMS_ECC_PARMS *source, BYTE **buffer, INT32 *size); #endif // ALG_ECC // Table 2:194 - Definition of TPMU_PUBLIC_PARMS Union TPM_RC TPMU_PUBLIC_PARMS_Unmarshal(TPMU_PUBLIC_PARMS *target, BYTE **buffer, INT32 *size, UINT32 selector); UINT16 TPMU_PUBLIC_PARMS_Marshal(TPMU_PUBLIC_PARMS *source, BYTE **buffer, INT32 *size, UINT32 selector); // Table 2:195 - Definition of TPMT_PUBLIC_PARMS Structure TPM_RC TPMT_PUBLIC_PARMS_Unmarshal(TPMT_PUBLIC_PARMS *target, BYTE **buffer, INT32 *size); UINT16 TPMT_PUBLIC_PARMS_Marshal(TPMT_PUBLIC_PARMS *source, BYTE **buffer, INT32 *size); // Table 2:196 - Definition of TPMT_PUBLIC Structure TPM_RC TPMT_PUBLIC_Unmarshal(TPMT_PUBLIC *target, BYTE **buffer, INT32 *size, BOOL flag); UINT16 TPMT_PUBLIC_Marshal(TPMT_PUBLIC *source, BYTE **buffer, INT32 *size); // Table 2:197 - Definition of TPM2B_PUBLIC Structure TPM_RC TPM2B_PUBLIC_Unmarshal(TPM2B_PUBLIC *target, BYTE **buffer, INT32 *size, BOOL flag); UINT16 TPM2B_PUBLIC_Marshal(TPM2B_PUBLIC *source, BYTE **buffer, INT32 *size); // Table 2:198 - Definition of TPM2B_TEMPLATE Structure TPM_RC TPM2B_TEMPLATE_Unmarshal(TPM2B_TEMPLATE *target, BYTE **buffer, INT32 *size); UINT16 TPM2B_TEMPLATE_Marshal(TPM2B_TEMPLATE *source, BYTE **buffer, INT32 *size); // Table 2:199 - Definition of TPM2B_PRIVATE_VENDOR_SPECIFIC Structure TPM_RC TPM2B_PRIVATE_VENDOR_SPECIFIC_Unmarshal(TPM2B_PRIVATE_VENDOR_SPECIFIC *target, BYTE **buffer, INT32 *size); UINT16 TPM2B_PRIVATE_VENDOR_SPECIFIC_Marshal(TPM2B_PRIVATE_VENDOR_SPECIFIC *source, BYTE **buffer, INT32 *size); // Table 2:200 - Definition of TPMU_SENSITIVE_COMPOSITE Union TPM_RC TPMU_SENSITIVE_COMPOSITE_Unmarshal(TPMU_SENSITIVE_COMPOSITE *target, BYTE **buffer, INT32 *size, UINT32 selector); UINT16 TPMU_SENSITIVE_COMPOSITE_Marshal(TPMU_SENSITIVE_COMPOSITE *source, BYTE **buffer, INT32 *size, UINT32 selector); // Table 2:201 - Definition of TPMT_SENSITIVE Structure TPM_RC TPMT_SENSITIVE_Unmarshal(TPMT_SENSITIVE *target, BYTE **buffer, INT32 *size); UINT16 TPMT_SENSITIVE_Marshal(TPMT_SENSITIVE *source, BYTE **buffer, INT32 *size); // Table 2:202 - Definition of TPM2B_SENSITIVE Structure TPM_RC TPM2B_SENSITIVE_Unmarshal(TPM2B_SENSITIVE *target, BYTE **buffer, INT32 *size); UINT16 TPM2B_SENSITIVE_Marshal(TPM2B_SENSITIVE *source, BYTE **buffer, INT32 *size); // Table 2:203 - Definition of _PRIVATE Structure // Table 2:204 - Definition of TPM2B_PRIVATE Structure TPM_RC TPM2B_PRIVATE_Unmarshal(TPM2B_PRIVATE *target, BYTE **buffer, INT32 *size); UINT16 TPM2B_PRIVATE_Marshal(TPM2B_PRIVATE *source, BYTE **buffer, INT32 *size); // Table 2:205 - Definition of TPMS_ID_OBJECT Structure // Table 2:206 - Definition of TPM2B_ID_OBJECT Structure TPM_RC TPM2B_ID_OBJECT_Unmarshal(TPM2B_ID_OBJECT *target, BYTE **buffer, INT32 *size); UINT16 TPM2B_ID_OBJECT_Marshal(TPM2B_ID_OBJECT *source, BYTE **buffer, INT32 *size); // Table 2:207 - Definition of TPM_NV_INDEX Bits #if !USE_MARSHALING_DEFINES UINT16 TPM_NV_INDEX_Marshal(TPM_NV_INDEX *source, BYTE **buffer, INT32 *size); #else #define TPM_NV_INDEX_Marshal(source, buffer, size) \ UINT32_Marshal((UINT32 *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // Table 2:208 - Definition of TPM_NT Constants // Table 2:209 - Definition of TPMS_NV_PIN_COUNTER_PARAMETERS Structure TPM_RC TPMS_NV_PIN_COUNTER_PARAMETERS_Unmarshal(TPMS_NV_PIN_COUNTER_PARAMETERS *target, BYTE **buffer, INT32 *size); UINT16 TPMS_NV_PIN_COUNTER_PARAMETERS_Marshal(TPMS_NV_PIN_COUNTER_PARAMETERS *source, BYTE **buffer, INT32 *size); // Table 2:210 - Definition of TPMA_NV Bits TPM_RC TPMA_NV_Unmarshal(TPMA_NV *target, BYTE **buffer, INT32 *size); #if !USE_MARSHALING_DEFINES UINT16 TPMA_NV_Marshal(TPMA_NV *source, BYTE **buffer, INT32 *size); #else #define TPMA_NV_Marshal(source, buffer, size) \ UINT32_Marshal((UINT32 *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // Table 2:211 - Definition of TPMS_NV_PUBLIC Structure TPM_RC TPMS_NV_PUBLIC_Unmarshal(TPMS_NV_PUBLIC *target, BYTE **buffer, INT32 *size); UINT16 TPMS_NV_PUBLIC_Marshal(TPMS_NV_PUBLIC *source, BYTE **buffer, INT32 *size); // Table 2:212 - Definition of TPM2B_NV_PUBLIC Structure TPM_RC TPM2B_NV_PUBLIC_Unmarshal(TPM2B_NV_PUBLIC *target, BYTE **buffer, INT32 *size); UINT16 TPM2B_NV_PUBLIC_Marshal(TPM2B_NV_PUBLIC *source, BYTE **buffer, INT32 *size); // Table 2:213 - Definition of TPM2B_CONTEXT_SENSITIVE Structure TPM_RC TPM2B_CONTEXT_SENSITIVE_Unmarshal(TPM2B_CONTEXT_SENSITIVE *target, BYTE **buffer, INT32 *size); UINT16 TPM2B_CONTEXT_SENSITIVE_Marshal(TPM2B_CONTEXT_SENSITIVE *source, BYTE **buffer, INT32 *size); // Table 2:214 - Definition of TPMS_CONTEXT_DATA Structure TPM_RC TPMS_CONTEXT_DATA_Unmarshal(TPMS_CONTEXT_DATA *target, BYTE **buffer, INT32 *size); UINT16 TPMS_CONTEXT_DATA_Marshal(TPMS_CONTEXT_DATA *source, BYTE **buffer, INT32 *size); // Table 2:215 - Definition of TPM2B_CONTEXT_DATA Structure TPM_RC TPM2B_CONTEXT_DATA_Unmarshal(TPM2B_CONTEXT_DATA *target, BYTE **buffer, INT32 *size); UINT16 TPM2B_CONTEXT_DATA_Marshal(TPM2B_CONTEXT_DATA *source, BYTE **buffer, INT32 *size); // Table 2:216 - Definition of TPMS_CONTEXT Structure TPM_RC TPMS_CONTEXT_Unmarshal(TPMS_CONTEXT *target, BYTE **buffer, INT32 *size); UINT16 TPMS_CONTEXT_Marshal(TPMS_CONTEXT *source, BYTE **buffer, INT32 *size); // Table 2:218 - Definition of TPMS_CREATION_DATA Structure UINT16 TPMS_CREATION_DATA_Marshal(TPMS_CREATION_DATA *source, BYTE **buffer, INT32 *size); // Table 2:219 - Definition of TPM2B_CREATION_DATA Structure UINT16 TPM2B_CREATION_DATA_Marshal(TPM2B_CREATION_DATA *source, BYTE **buffer, INT32 *size); // Table 2:220 - Definition of TPM_AT Constants TPM_RC TPM_AT_Unmarshal(TPM_AT *target, BYTE **buffer, INT32 *size); #if !USE_MARSHALING_DEFINES UINT16 TPM_AT_Marshal(TPM_AT *source, BYTE **buffer, INT32 *size); #else #define TPM_AT_Marshal(source, buffer, size) \ UINT32_Marshal((UINT32 *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // Table 2:221 - Definition of TPM_AE Constants #if !USE_MARSHALING_DEFINES UINT16 TPM_AE_Marshal(TPM_AE *source, BYTE **buffer, INT32 *size); #else #define TPM_AE_Marshal(source, buffer, size) \ UINT32_Marshal((UINT32 *)(source), (buffer), (size)) #endif // !USE_MARSHALING_DEFINES // Table 2:222 - Definition of TPMS_AC_OUTPUT Structure UINT16 TPMS_AC_OUTPUT_Marshal(TPMS_AC_OUTPUT *source, BYTE **buffer, INT32 *size); // Table 2:223 - Definition of TPML_AC_CAPABILITIES Structure UINT16 TPML_AC_CAPABILITIES_Marshal(TPML_AC_CAPABILITIES *source, BYTE **buffer, INT32 *size); // Array Marshal/Unmarshal for BYTE TPM_RC BYTE_Array_Unmarshal(BYTE *target, BYTE **buffer, INT32 *size, INT32 count); UINT16 BYTE_Array_Marshal(BYTE *source, BYTE **buffer, INT32 *size, INT32 count); // Array Marshal/Unmarshal for TPM2B_DIGEST TPM_RC TPM2B_DIGEST_Array_Unmarshal(TPM2B_DIGEST *target, BYTE **buffer, INT32 *size, INT32 count); UINT16 TPM2B_DIGEST_Array_Marshal(TPM2B_DIGEST *source, BYTE **buffer, INT32 *size, INT32 count); // Array Marshal for TPMA_CC UINT16 TPMA_CC_Array_Marshal(TPMA_CC *source, BYTE **buffer, INT32 *size, INT32 count); // Array Marshal for TPMS_AC_OUTPUT UINT16 TPMS_AC_OUTPUT_Array_Marshal(TPMS_AC_OUTPUT *source, BYTE **buffer, INT32 *size, INT32 count); // Array Marshal for TPMS_ALG_PROPERTY UINT16 TPMS_ALG_PROPERTY_Array_Marshal(TPMS_ALG_PROPERTY *source, BYTE **buffer, INT32 *size, INT32 count); // Array Marshal/Unmarshal for TPMS_PCR_SELECTION TPM_RC TPMS_PCR_SELECTION_Array_Unmarshal(TPMS_PCR_SELECTION *target, BYTE **buffer, INT32 *size, INT32 count); UINT16 TPMS_PCR_SELECTION_Array_Marshal(TPMS_PCR_SELECTION *source, BYTE **buffer, INT32 *size, INT32 count); // Array Marshal for TPMS_TAGGED_PCR_SELECT UINT16 TPMS_TAGGED_PCR_SELECT_Array_Marshal(TPMS_TAGGED_PCR_SELECT *source, BYTE **buffer, INT32 *size, INT32 count); // Array Marshal for TPMS_TAGGED_POLICY UINT16 TPMS_TAGGED_POLICY_Array_Marshal(TPMS_TAGGED_POLICY *source, BYTE **buffer, INT32 *size, INT32 count); // Array Marshal for TPMS_TAGGED_PROPERTY UINT16 TPMS_TAGGED_PROPERTY_Array_Marshal(TPMS_TAGGED_PROPERTY *source, BYTE **buffer, INT32 *size, INT32 count); // Array Marshal/Unmarshal for TPMT_HA TPM_RC TPMT_HA_Array_Unmarshal(TPMT_HA *target, BYTE **buffer, INT32 *size, BOOL flag, INT32 count); UINT16 TPMT_HA_Array_Marshal(TPMT_HA *source, BYTE **buffer, INT32 *size, INT32 count); // Array Marshal/Unmarshal for TPM_ALG_ID TPM_RC TPM_ALG_ID_Array_Unmarshal(TPM_ALG_ID *target, BYTE **buffer, INT32 *size, INT32 count); UINT16 TPM_ALG_ID_Array_Marshal(TPM_ALG_ID *source, BYTE **buffer, INT32 *size, INT32 count); // Array Marshal/Unmarshal for TPM_CC TPM_RC TPM_CC_Array_Unmarshal(TPM_CC *target, BYTE **buffer, INT32 *size, INT32 count); UINT16 TPM_CC_Array_Marshal(TPM_CC *source, BYTE **buffer, INT32 *size, INT32 count); // Array Marshal/Unmarshal for TPM_ECC_CURVE #if ALG_ECC TPM_RC TPM_ECC_CURVE_Array_Unmarshal(TPM_ECC_CURVE *target, BYTE **buffer, INT32 *size, INT32 count); UINT16 TPM_ECC_CURVE_Array_Marshal(TPM_ECC_CURVE *source, BYTE **buffer, INT32 *size, INT32 count); #endif // ALG_ECC // Array Marshal/Unmarshal for TPM_HANDLE TPM_RC TPM_HANDLE_Array_Unmarshal(TPM_HANDLE *target, BYTE **buffer, INT32 *size, INT32 count); UINT16 TPM_HANDLE_Array_Marshal(TPM_HANDLE *source, BYTE **buffer, INT32 *size, INT32 count); #endif // _MARSHAL_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/MathOnByteBuffers_fp.h000066400000000000000000000132241510276467000322460ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Mar 28, 2019 Time: 08:25:19PM */ #ifndef _MATH_ON_BYTE_BUFFERS_FP_H_ #define _MATH_ON_BYTE_BUFFERS_FP_H_ //*** UnsignedCmpB // This function compare two unsigned values. The values are byte-aligned, // big-endian numbers (e.g, a hash). // Return Type: int // 1 if (a > b) // 0 if (a = b) // -1 if (a < b) LIB_EXPORT int UnsignedCompareB( UINT32 aSize, // IN: size of a const BYTE *a, // IN: a UINT32 bSize, // IN: size of b const BYTE *b // IN: b ); //***SignedCompareB() // Compare two signed integers: // Return Type: int // 1 if a > b // 0 if a = b // -1 if a < b int SignedCompareB( const UINT32 aSize, // IN: size of a const BYTE *a, // IN: a buffer const UINT32 bSize, // IN: size of b const BYTE *b // IN: b buffer ); //*** ModExpB // This function is used to do modular exponentiation in support of RSA. // The most typical uses are: 'c' = 'm'^'e' mod 'n' (RSA encrypt) and // 'm' = 'c'^'d' mod 'n' (RSA decrypt). When doing decryption, the 'e' parameter // of the function will contain the private exponent 'd' instead of the public // exponent 'e'. // // If the results will not fit in the provided buffer, // an error is returned (CRYPT_ERROR_UNDERFLOW). If the results is smaller // than the buffer, the results is de-normalized. // // This version is intended for use with RSA and requires that 'm' be // less than 'n'. // // Return Type: TPM_RC // TPM_RC_SIZE number to exponentiate is larger than the modulus // TPM_RC_NO_RESULT result will not fit into the provided buffer // TPM_RC ModExpB( UINT32 cSize, // IN: the size of the output buffer. It will // need to be the same size as the modulus BYTE *c, // OUT: the buffer to receive the results // (c->size must be set to the maximum size // for the returned value) const UINT32 mSize, const BYTE *m, // IN: number to exponentiate const UINT32 eSize, const BYTE *e, // IN: power const UINT32 nSize, const BYTE *n // IN: modulus ); //*** DivideB() // Divide an integer ('n') by an integer ('d') producing a quotient ('q') and // a remainder ('r'). If 'q' or 'r' is not needed, then the pointer to them // may be set to NULL. // // Return Type: TPM_RC // TPM_RC_NO_RESULT 'q' or 'r' is too small to receive the result // LIB_EXPORT TPM_RC DivideB( const TPM2B *n, // IN: numerator const TPM2B *d, // IN: denominator TPM2B *q, // OUT: quotient TPM2B *r // OUT: remainder ); //*** AdjustNumberB() // Remove/add leading zeros from a number in a TPM2B. Will try to make the number // by adding or removing leading zeros. If the number is larger than the requested // size, it will make the number as small as possible. Setting 'requestedSize' to // zero is equivalent to requesting that the number be normalized. UINT16 AdjustNumberB( TPM2B *num, UINT16 requestedSize ); //*** ShiftLeft() // This function shifts a byte buffer (a TPM2B) one byte to the left. That is, // the most significant bit of the most significant byte is lost. TPM2B * ShiftLeft( TPM2B *value // IN/OUT: value to shift and shifted value out ); //*** IsNumeric() // Verifies that all the characters are simple numeric (0-9) BOOL IsNumeric( TPM2B *value ); #endif // _MATH_ON_BYTE_BUFFERS_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Memory_fp.h000066400000000000000000000135061510276467000301720ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Apr 7, 2019 Time: 06:58:58PM */ #ifndef _MEMORY_FP_H_ #define _MEMORY_FP_H_ //*** MemoryCopy() // This is an alias for memmove. This is used in place of memcpy because // some of the moves may overlap and rather than try to make sure that // memmove is used when necessary, it is always used. void MemoryCopy( void *dest, const void *src, int sSize ); //*** MemoryEqual() // This function indicates if two buffers have the same values in the indicated // number of bytes. // Return Type: BOOL // TRUE(1) all octets are the same // FALSE(0) all octets are not the same BOOL MemoryEqual( const void *buffer1, // IN: compare buffer1 const void *buffer2, // IN: compare buffer2 unsigned int size // IN: size of bytes being compared ); //*** MemoryCopy2B() // This function copies a TPM2B. This can be used when the TPM2B types are // the same or different. // // This function returns the number of octets in the data buffer of the TPM2B. LIB_EXPORT INT16 MemoryCopy2B( TPM2B *dest, // OUT: receiving TPM2B const TPM2B *source, // IN: source TPM2B unsigned int dSize // IN: size of the receiving buffer ); //*** MemoryConcat2B() // This function will concatenate the buffer contents of a TPM2B to an // the buffer contents of another TPM2B and adjust the size accordingly // ('a' := ('a' | 'b')). void MemoryConcat2B( TPM2B *aInOut, // IN/OUT: destination 2B TPM2B *bIn, // IN: second 2B unsigned int aMaxSize // IN: The size of aInOut.buffer (max values for // aInOut.size) ); //*** MemoryEqual2B() // This function will compare two TPM2B structures. To be equal, they // need to be the same size and the buffer contexts need to be the same // in all octets. // Return Type: BOOL // TRUE(1) size and buffer contents are the same // FALSE(0) size or buffer contents are not the same BOOL MemoryEqual2B( const TPM2B *aIn, // IN: compare value const TPM2B *bIn // IN: compare value ); //*** MemorySet() // This function will set all the octets in the specified memory range to // the specified octet value. // Note: A previous version had an additional parameter (dSize) that was // intended to make sure that the destination would not be overrun. The // problem is that, in use, all that was happening was that the value of // size was used for dSize so there was no benefit in the extra parameter. void MemorySet( void *dest, int value, size_t size ); //*** MemoryPad2B() // Function to pad a TPM2B with zeros and adjust the size. void MemoryPad2B( TPM2B *b, UINT16 newSize ); //*** Uint16ToByteArray() // Function to write an integer to a byte array void Uint16ToByteArray( UINT16 i, BYTE *a ); //*** Uint32ToByteArray() // Function to write an integer to a byte array void Uint32ToByteArray( UINT32 i, BYTE *a ); //*** Uint64ToByteArray() // Function to write an integer to a byte array void Uint64ToByteArray( UINT64 i, BYTE *a ); //*** ByteArrayToUint8() // Function to write a UINT8 to a byte array. This is included for completeness // and to allow certain macro expansions UINT8 ByteArrayToUint8( BYTE *a ); //*** ByteArrayToUint16() // Function to write an integer to a byte array UINT16 ByteArrayToUint16( BYTE *a ); //*** ByteArrayToUint32() // Function to write an integer to a byte array UINT32 ByteArrayToUint32( BYTE *a ); //*** ByteArrayToUint64() // Function to write an integer to a byte array UINT64 ByteArrayToUint64( BYTE *a ); #endif // _MEMORY_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Certify_fp.h000066400000000000000000000060731510276467000307330ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_NV_Certify // Command must be enabled #ifndef _NV_Certify_FP_H_ #define _NV_Certify_FP_H_ // Input structure definition typedef struct { TPMI_DH_OBJECT signHandle; TPMI_RH_NV_AUTH authHandle; TPMI_RH_NV_INDEX nvIndex; TPM2B_DATA qualifyingData; TPMT_SIG_SCHEME inScheme; UINT16 size; UINT16 offset; } NV_Certify_In; // Output structure definition typedef struct { TPM2B_ATTEST certifyInfo; TPMT_SIGNATURE signature; } NV_Certify_Out; // Response code modifiers #define RC_NV_Certify_signHandle (TPM_RC_H + TPM_RC_1) #define RC_NV_Certify_authHandle (TPM_RC_H + TPM_RC_2) #define RC_NV_Certify_nvIndex (TPM_RC_H + TPM_RC_3) #define RC_NV_Certify_qualifyingData (TPM_RC_P + TPM_RC_1) #define RC_NV_Certify_inScheme (TPM_RC_P + TPM_RC_2) #define RC_NV_Certify_size (TPM_RC_P + TPM_RC_3) #define RC_NV_Certify_offset (TPM_RC_P + TPM_RC_4) // Function prototype TPM_RC TPM2_NV_Certify( NV_Certify_In *in, NV_Certify_Out *out ); #endif // _NV_Certify_FP_H_ #endif // CC_NV_Certify go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_ChangeAuth_fp.h000066400000000000000000000046241510276467000313350ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_NV_ChangeAuth // Command must be enabled #ifndef _NV_Change_Auth_FP_H_ #define _NV_Change_Auth_FP_H_ // Input structure definition typedef struct { TPMI_RH_NV_INDEX nvIndex; TPM2B_AUTH newAuth; } NV_ChangeAuth_In; // Response code modifiers #define RC_NV_ChangeAuth_nvIndex (TPM_RC_H + TPM_RC_1) #define RC_NV_ChangeAuth_newAuth (TPM_RC_P + TPM_RC_1) // Function prototype TPM_RC TPM2_NV_ChangeAuth( NV_ChangeAuth_In *in ); #endif // _NV_Change_Auth_FP_H_ #endif // CC_NV_ChangeAuth go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_DefineSpace_fp.h000066400000000000000000000050071510276467000314700ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_NV_DefineSpace // Command must be enabled #ifndef _NV_Define_Space_FP_H_ #define _NV_Define_Space_FP_H_ // Input structure definition typedef struct { TPMI_RH_PROVISION authHandle; TPM2B_AUTH auth; TPM2B_NV_PUBLIC publicInfo; } NV_DefineSpace_In; // Response code modifiers #define RC_NV_DefineSpace_authHandle (TPM_RC_H + TPM_RC_1) #define RC_NV_DefineSpace_auth (TPM_RC_P + TPM_RC_1) #define RC_NV_DefineSpace_publicInfo (TPM_RC_P + TPM_RC_2) // Function prototype TPM_RC TPM2_NV_DefineSpace( NV_DefineSpace_In *in ); #endif // _NV_Define_Space_FP_H_ #endif // CC_NV_DefineSpace go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Extend_fp.h000066400000000000000000000047161510276467000305570ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_NV_Extend // Command must be enabled #ifndef _NV_Extend_FP_H_ #define _NV_Extend_FP_H_ // Input structure definition typedef struct { TPMI_RH_NV_AUTH authHandle; TPMI_RH_NV_INDEX nvIndex; TPM2B_MAX_NV_BUFFER data; } NV_Extend_In; // Response code modifiers #define RC_NV_Extend_authHandle (TPM_RC_H + TPM_RC_1) #define RC_NV_Extend_nvIndex (TPM_RC_H + TPM_RC_2) #define RC_NV_Extend_data (TPM_RC_P + TPM_RC_1) // Function prototype TPM_RC TPM2_NV_Extend( NV_Extend_In *in ); #endif // _NV_Extend_FP_H_ #endif // CC_NV_Extend go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_GlobalWriteLock_fp.h000066400000000000000000000045501510276467000323500ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_NV_GlobalWriteLock // Command must be enabled #ifndef _NV_Global_Write_Lock_FP_H_ #define _NV_Global_Write_Lock_FP_H_ // Input structure definition typedef struct { TPMI_RH_PROVISION authHandle; } NV_GlobalWriteLock_In; // Response code modifiers #define RC_NV_GlobalWriteLock_authHandle (TPM_RC_H + TPM_RC_1) // Function prototype TPM_RC TPM2_NV_GlobalWriteLock( NV_GlobalWriteLock_In *in ); #endif // _NV_Global_Write_Lock_FP_H_ #endif // CC_NV_GlobalWriteLock go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Increment_fp.h000066400000000000000000000046111510276467000312460ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_NV_Increment // Command must be enabled #ifndef _NV_Increment_FP_H_ #define _NV_Increment_FP_H_ // Input structure definition typedef struct { TPMI_RH_NV_AUTH authHandle; TPMI_RH_NV_INDEX nvIndex; } NV_Increment_In; // Response code modifiers #define RC_NV_Increment_authHandle (TPM_RC_H + TPM_RC_1) #define RC_NV_Increment_nvIndex (TPM_RC_H + TPM_RC_2) // Function prototype TPM_RC TPM2_NV_Increment( NV_Increment_In *in ); #endif // _NV_Increment_FP_H_ #endif // CC_NV_Increment go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_ReadLock_fp.h000066400000000000000000000046051510276467000310110ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_NV_ReadLock // Command must be enabled #ifndef _NV_Read_Lock_FP_H_ #define _NV_Read_Lock_FP_H_ // Input structure definition typedef struct { TPMI_RH_NV_AUTH authHandle; TPMI_RH_NV_INDEX nvIndex; } NV_ReadLock_In; // Response code modifiers #define RC_NV_ReadLock_authHandle (TPM_RC_H + TPM_RC_1) #define RC_NV_ReadLock_nvIndex (TPM_RC_H + TPM_RC_2) // Function prototype TPM_RC TPM2_NV_ReadLock( NV_ReadLock_In *in ); #endif // _NV_Read_Lock_FP_H_ #endif // CC_NV_ReadLock go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_ReadPublic_fp.h000066400000000000000000000047641510276467000313450ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_NV_ReadPublic // Command must be enabled #ifndef _NV_Read_Public_FP_H_ #define _NV_Read_Public_FP_H_ // Input structure definition typedef struct { TPMI_RH_NV_INDEX nvIndex; } NV_ReadPublic_In; // Output structure definition typedef struct { TPM2B_NV_PUBLIC nvPublic; TPM2B_NAME nvName; } NV_ReadPublic_Out; // Response code modifiers #define RC_NV_ReadPublic_nvIndex (TPM_RC_H + TPM_RC_1) // Function prototype TPM_RC TPM2_NV_ReadPublic( NV_ReadPublic_In *in, NV_ReadPublic_Out *out ); #endif // _NV_Read_Public_FP_H_ #endif // CC_NV_ReadPublic go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Read_fp.h000066400000000000000000000052621510276467000302000ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_NV_Read // Command must be enabled #ifndef _NV_Read_FP_H_ #define _NV_Read_FP_H_ // Input structure definition typedef struct { TPMI_RH_NV_AUTH authHandle; TPMI_RH_NV_INDEX nvIndex; UINT16 size; UINT16 offset; } NV_Read_In; // Output structure definition typedef struct { TPM2B_MAX_NV_BUFFER data; } NV_Read_Out; // Response code modifiers #define RC_NV_Read_authHandle (TPM_RC_H + TPM_RC_1) #define RC_NV_Read_nvIndex (TPM_RC_H + TPM_RC_2) #define RC_NV_Read_size (TPM_RC_P + TPM_RC_1) #define RC_NV_Read_offset (TPM_RC_P + TPM_RC_2) // Function prototype TPM_RC TPM2_NV_Read( NV_Read_In *in, NV_Read_Out *out ); #endif // _NV_Read_FP_H_ #endif // CC_NV_Read go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_SetBits_fp.h000066400000000000000000000047341510276467000307050ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_NV_SetBits // Command must be enabled #ifndef _NV_Set_Bits_FP_H_ #define _NV_Set_Bits_FP_H_ // Input structure definition typedef struct { TPMI_RH_NV_AUTH authHandle; TPMI_RH_NV_INDEX nvIndex; UINT64 bits; } NV_SetBits_In; // Response code modifiers #define RC_NV_SetBits_authHandle (TPM_RC_H + TPM_RC_1) #define RC_NV_SetBits_nvIndex (TPM_RC_H + TPM_RC_2) #define RC_NV_SetBits_bits (TPM_RC_P + TPM_RC_1) // Function prototype TPM_RC TPM2_NV_SetBits( NV_SetBits_In *in ); #endif // _NV_Set_Bits_FP_H_ #endif // CC_NV_SetBits NV_UndefineSpaceSpecial_fp.h000066400000000000000000000050061510276467000332540ustar00rootroot00000000000000go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_NV_UndefineSpaceSpecial // Command must be enabled #ifndef _NV_Undefine_Space_Special_FP_H_ #define _NV_Undefine_Space_Special_FP_H_ // Input structure definition typedef struct { TPMI_RH_NV_INDEX nvIndex; TPMI_RH_PLATFORM platform; } NV_UndefineSpaceSpecial_In; // Response code modifiers #define RC_NV_UndefineSpaceSpecial_nvIndex (TPM_RC_H + TPM_RC_1) #define RC_NV_UndefineSpaceSpecial_platform (TPM_RC_H + TPM_RC_2) // Function prototype TPM_RC TPM2_NV_UndefineSpaceSpecial( NV_UndefineSpaceSpecial_In *in ); #endif // _NV_Undefine_Space_Special_FP_H_ #endif // CC_NV_UndefineSpaceSpecial go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_UndefineSpace_fp.h000066400000000000000000000046601510276467000320370ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_NV_UndefineSpace // Command must be enabled #ifndef _NV_Undefine_Space_FP_H_ #define _NV_Undefine_Space_FP_H_ // Input structure definition typedef struct { TPMI_RH_PROVISION authHandle; TPMI_RH_NV_INDEX nvIndex; } NV_UndefineSpace_In; // Response code modifiers #define RC_NV_UndefineSpace_authHandle (TPM_RC_H + TPM_RC_1) #define RC_NV_UndefineSpace_nvIndex (TPM_RC_H + TPM_RC_2) // Function prototype TPM_RC TPM2_NV_UndefineSpace( NV_UndefineSpace_In *in ); #endif // _NV_Undefine_Space_FP_H_ #endif // CC_NV_UndefineSpace go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_WriteLock_fp.h000066400000000000000000000046141510276467000312300ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_NV_WriteLock // Command must be enabled #ifndef _NV_Write_Lock_FP_H_ #define _NV_Write_Lock_FP_H_ // Input structure definition typedef struct { TPMI_RH_NV_AUTH authHandle; TPMI_RH_NV_INDEX nvIndex; } NV_WriteLock_In; // Response code modifiers #define RC_NV_WriteLock_authHandle (TPM_RC_H + TPM_RC_1) #define RC_NV_WriteLock_nvIndex (TPM_RC_H + TPM_RC_2) // Function prototype TPM_RC TPM2_NV_WriteLock( NV_WriteLock_In *in ); #endif // _NV_Write_Lock_FP_H_ #endif // CC_NV_WriteLock go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_Write_fp.h000066400000000000000000000050471510276467000304200ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_NV_Write // Command must be enabled #ifndef _NV_Write_FP_H_ #define _NV_Write_FP_H_ // Input structure definition typedef struct { TPMI_RH_NV_AUTH authHandle; TPMI_RH_NV_INDEX nvIndex; TPM2B_MAX_NV_BUFFER data; UINT16 offset; } NV_Write_In; // Response code modifiers #define RC_NV_Write_authHandle (TPM_RC_H + TPM_RC_1) #define RC_NV_Write_nvIndex (TPM_RC_H + TPM_RC_2) #define RC_NV_Write_data (TPM_RC_P + TPM_RC_1) #define RC_NV_Write_offset (TPM_RC_P + TPM_RC_2) // Function prototype TPM_RC TPM2_NV_Write( NV_Write_In *in ); #endif // _NV_Write_FP_H_ #endif // CC_NV_Write go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NV_spt_fp.h000066400000000000000000000072371510276467000301370ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Mar 28, 2019 Time: 08:25:18PM */ #ifndef _NV_SPT_FP_H_ #define _NV_SPT_FP_H_ //*** NvReadAccessChecks() // Common routine for validating a read // Used by TPM2_NV_Read, TPM2_NV_ReadLock and TPM2_PolicyNV // Return Type: TPM_RC // TPM_RC_NV_AUTHORIZATION autHandle is not allowed to authorize read // of the index // TPM_RC_NV_LOCKED Read locked // TPM_RC_NV_UNINITIALIZED Try to read an uninitialized index // TPM_RC NvReadAccessChecks( TPM_HANDLE authHandle, // IN: the handle that provided the // authorization TPM_HANDLE nvHandle, // IN: the handle of the NV index to be read TPMA_NV attributes // IN: the attributes of 'nvHandle' ); //*** NvWriteAccessChecks() // Common routine for validating a write // Used by TPM2_NV_Write, TPM2_NV_Increment, TPM2_SetBits, and TPM2_NV_WriteLock // Return Type: TPM_RC // TPM_RC_NV_AUTHORIZATION Authorization fails // TPM_RC_NV_LOCKED Write locked // TPM_RC NvWriteAccessChecks( TPM_HANDLE authHandle, // IN: the handle that provided the // authorization TPM_HANDLE nvHandle, // IN: the handle of the NV index to be written TPMA_NV attributes // IN: the attributes of 'nvHandle' ); //*** NvClearOrderly() // This function is used to cause gp.orderlyState to be cleared to the // non-orderly state. TPM_RC NvClearOrderly( void ); //*** NvIsPinPassIndex() // Function to check to see if an NV index is a PIN Pass Index // Return Type: BOOL // TRUE(1) is pin pass // FALSE(0) is not pin pass BOOL NvIsPinPassIndex( TPM_HANDLE index // IN: Handle to check ); #endif // _NV_SPT_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NvDynamic_fp.h000066400000000000000000000414001510276467000306040ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Apr 7, 2019 Time: 06:58:58PM */ #ifndef _NV_DYNAMIC_FP_H_ #define _NV_DYNAMIC_FP_H_ //*** NvWriteNvListEnd() // Function to write the list terminator. NV_REF NvWriteNvListEnd( NV_REF end ); //*** NvUpdateIndexOrderlyData() // This function is used to cause an update of the orderly data to the NV backing // store. void NvUpdateIndexOrderlyData( void ); //*** NvReadIndex() // This function is used to read the NV Index NV_INDEX. This is used so that the // index information can be compressed and only this function would be needed // to decompress it. Mostly, compression would only be able to save the space // needed by the policy. void NvReadNvIndexInfo( NV_REF ref, // IN: points to NV where index is located NV_INDEX *nvIndex // OUT: place to receive index data ); //*** NvReadObject() // This function is used to read a persistent object. This is used so that the // object information can be compressed and only this function would be needed // to uncompress it. void NvReadObject( NV_REF ref, // IN: points to NV where index is located OBJECT *object // OUT: place to receive the object data ); //*** NvIndexIsDefined() // See if an index is already defined BOOL NvIndexIsDefined( TPM_HANDLE nvHandle // IN: Index to look for ); //*** NvIsPlatformPersistentHandle() // This function indicates if a handle references a persistent object in the // range belonging to the platform. // Return Type: BOOL // TRUE(1) handle references a platform persistent object // and may reference an owner persistent object either // FALSE(0) handle does not reference platform persistent object BOOL NvIsPlatformPersistentHandle( TPM_HANDLE handle // IN: handle ); //*** NvIsOwnerPersistentHandle() // This function indicates if a handle references a persistent object in the // range belonging to the owner. // Return Type: BOOL // TRUE(1) handle is owner persistent handle // FALSE(0) handle is not owner persistent handle and may not be // a persistent handle at all BOOL NvIsOwnerPersistentHandle( TPM_HANDLE handle // IN: handle ); //*** NvIndexIsAccessible() // // This function validates that a handle references a defined NV Index and // that the Index is currently accessible. // Return Type: TPM_RC // TPM_RC_HANDLE the handle points to an undefined NV Index // If shEnable is CLEAR, this would include an index // created using ownerAuth. If phEnableNV is CLEAR, // this would include and index created using // platformAuth // TPM_RC_NV_READLOCKED Index is present but locked for reading and command // does not write to the index // TPM_RC_NV_WRITELOCKED Index is present but locked for writing and command // writes to the index TPM_RC NvIndexIsAccessible( TPMI_RH_NV_INDEX handle // IN: handle ); //*** NvGetEvictObject() // This function is used to dereference an evict object handle and get a pointer // to the object. // Return Type: TPM_RC // TPM_RC_HANDLE the handle does not point to an existing // persistent object TPM_RC NvGetEvictObject( TPM_HANDLE handle, // IN: handle OBJECT *object // OUT: object data ); //*** NvIndexCacheInit() // Function to initialize the Index cache void NvIndexCacheInit( void ); //*** NvGetIndexData() // This function is used to access the data in an NV Index. The data is returned // as a byte sequence. // // This function requires that the NV Index be defined, and that the // required data is within the data range. It also requires that TPMA_NV_WRITTEN // of the Index is SET. void NvGetIndexData( NV_INDEX *nvIndex, // IN: the in RAM index descriptor NV_REF locator, // IN: where the data is located UINT32 offset, // IN: offset of NV data UINT16 size, // IN: number of octets of NV data to read void *data // OUT: data buffer ); //*** NvHashIndexData() // This function adds Index data to a hash. It does this in parts to avoid large stack // buffers. void NvHashIndexData( HASH_STATE *hashState, // IN: Initialized hash state NV_INDEX *nvIndex, // IN: Index NV_REF locator, // IN: where the data is located UINT32 offset, // IN: starting offset UINT16 size // IN: amount to hash ); //*** NvGetUINT64Data() // Get data in integer format of a bit or counter NV Index. // // This function requires that the NV Index is defined and that the NV Index // previously has been written. UINT64 NvGetUINT64Data( NV_INDEX *nvIndex, // IN: the in RAM index descriptor NV_REF locator // IN: where index exists in NV ); //*** NvWriteIndexAttributes() // This function is used to write just the attributes of an index. // Return type: TPM_RC // TPM_RC_NV_RATE NV is rate limiting so retry // TPM_RC_NV_UNAVAILABLE NV is not available TPM_RC NvWriteIndexAttributes( TPM_HANDLE handle, NV_REF locator, // IN: location of the index TPMA_NV attributes // IN: attributes to write ); //*** NvWriteIndexAuth() // This function is used to write the authValue of an index. It is used by // TPM2_NV_ChangeAuth() // Return type: TPM_RC // TPM_RC_NV_RATE NV is rate limiting so retry // TPM_RC_NV_UNAVAILABLE NV is not available TPM_RC NvWriteIndexAuth( NV_REF locator, // IN: location of the index TPM2B_AUTH *authValue // IN: the authValue to write ); //*** NvGetIndexInfo() // This function loads the nvIndex Info into the NV cache and returns a pointer // to the NV_INDEX. If the returned value is zero, the index was not found. // The 'locator' parameter, if not NULL, will be set to the offset in NV of the // Index (the location of the handle of the Index). // // This function will set the index cache. If the index is orderly, the attributes // from RAM are substituted for the attributes in the cached index NV_INDEX * NvGetIndexInfo( TPM_HANDLE nvHandle, // IN: the index handle NV_REF *locator // OUT: location of the index ); //*** NvWriteIndexData() // This function is used to write NV index data. It is intended to be used to // update the data associated with the default index. // // This function requires that the NV Index is defined, and the data is // within the defined data range for the index. // // Index data is only written due to a command that modifies the data in a single // index. There is no case where changes are made to multiple indexes data at the // same time. Multiple attributes may be change but not multiple index data. This // is important because we will normally be handling the index for which we have // the cached pointer values. // Return type: TPM_RC // TPM_RC_NV_RATE NV is rate limiting so retry // TPM_RC_NV_UNAVAILABLE NV is not available TPM_RC NvWriteIndexData( NV_INDEX *nvIndex, // IN: the description of the index UINT32 offset, // IN: offset of NV data UINT32 size, // IN: size of NV data void *data // IN: data buffer ); //*** NvWriteUINT64Data() // This function to write back a UINT64 value. The various UINT64 values (bits, // counters, and PINs) are kept in canonical format but manipulate in native // format. This takes a native format value converts it and saves it back as // in canonical format. // // This function will return the value from NV or RAM depending on the type of the // index (orderly or not) // TPM_RC NvWriteUINT64Data( NV_INDEX *nvIndex, // IN: the description of the index UINT64 intValue // IN: the value to write ); //*** NvGetIndexName() // This function computes the Name of an index // The 'name' buffer receives the bytes of the Name and the return value // is the number of octets in the Name. // // This function requires that the NV Index is defined. TPM2B_NAME * NvGetIndexName( NV_INDEX *nvIndex, // IN: the index over which the name is to be // computed TPM2B_NAME *name // OUT: name of the index ); //*** NvGetNameByIndexHandle() // This function is used to compute the Name of an NV Index referenced by handle. // // The 'name' buffer receives the bytes of the Name and the return value // is the number of octets in the Name. // // This function requires that the NV Index is defined. TPM2B_NAME * NvGetNameByIndexHandle( TPMI_RH_NV_INDEX handle, // IN: handle of the index TPM2B_NAME *name // OUT: name of the index ); //*** NvDefineIndex() // This function is used to assign NV memory to an NV Index. // // Return Type: TPM_RC // TPM_RC_NV_SPACE insufficient NV space TPM_RC NvDefineIndex( TPMS_NV_PUBLIC *publicArea, // IN: A template for an area to create. TPM2B_AUTH *authValue // IN: The initial authorization value ); //*** NvAddEvictObject() // This function is used to assign NV memory to a persistent object. // Return Type: TPM_RC // TPM_RC_NV_HANDLE the requested handle is already in use // TPM_RC_NV_SPACE insufficient NV space TPM_RC NvAddEvictObject( TPMI_DH_OBJECT evictHandle, // IN: new evict handle OBJECT *object // IN: object to be added ); //*** NvDeleteIndex() // This function is used to delete an NV Index. // Return Type: TPM_RC // TPM_RC_NV_UNAVAILABLE NV is not accessible // TPM_RC_NV_RATE NV is rate limiting TPM_RC NvDeleteIndex( NV_INDEX *nvIndex, // IN: an in RAM index descriptor NV_REF entityAddr // IN: location in NV ); TPM_RC NvDeleteEvict( TPM_HANDLE handle // IN: handle of entity to be deleted ); //*** NvFlushHierarchy() // This function will delete persistent objects belonging to the indicated hierarchy. // If the storage hierarchy is selected, the function will also delete any // NV Index defined using ownerAuth. // Return Type: TPM_RC // TPM_RC_NV_RATE NV is unavailable because of rate limit // TPM_RC_NV_UNAVAILABLE NV is inaccessible TPM_RC NvFlushHierarchy( TPMI_RH_HIERARCHY hierarchy // IN: hierarchy to be flushed. ); //*** NvSetGlobalLock() // This function is used to SET the TPMA_NV_WRITELOCKED attribute for all // NV indexes that have TPMA_NV_GLOBALLOCK SET. This function is use by // TPM2_NV_GlobalWriteLock(). // Return Type: TPM_RC // TPM_RC_NV_RATE NV is unavailable because of rate limit // TPM_RC_NV_UNAVAILABLE NV is inaccessible TPM_RC NvSetGlobalLock( void ); //*** NvCapGetPersistent() // This function is used to get a list of handles of the persistent objects, // starting at 'handle'. // // 'Handle' must be in valid persistent object handle range, but does not // have to reference an existing persistent object. // Return Type: TPMI_YES_NO // YES if there are more handles available // NO all the available handles has been returned TPMI_YES_NO NvCapGetPersistent( TPMI_DH_OBJECT handle, // IN: start handle UINT32 count, // IN: maximum number of returned handles TPML_HANDLE *handleList // OUT: list of handle ); //*** NvCapGetIndex() // This function returns a list of handles of NV indexes, starting from 'handle'. // 'Handle' must be in the range of NV indexes, but does not have to reference // an existing NV Index. // Return Type: TPMI_YES_NO // YES if there are more handles to report // NO all the available handles has been reported TPMI_YES_NO NvCapGetIndex( TPMI_DH_OBJECT handle, // IN: start handle UINT32 count, // IN: max number of returned handles TPML_HANDLE *handleList // OUT: list of handle ); //*** NvCapGetIndexNumber() // This function returns the count of NV Indexes currently defined. UINT32 NvCapGetIndexNumber( void ); //*** NvCapGetPersistentNumber() // Function returns the count of persistent objects currently in NV memory. UINT32 NvCapGetPersistentNumber( void ); //*** NvCapGetPersistentAvail() // This function returns an estimate of the number of additional persistent // objects that could be loaded into NV memory. UINT32 NvCapGetPersistentAvail( void ); //*** NvCapGetCounterNumber() // Get the number of defined NV Indexes that are counter indexes. UINT32 NvCapGetCounterNumber( void ); //*** NvEntityStartup() // This function is called at TPM_Startup(). If the startup completes // a TPM Resume cycle, no action is taken. If the startup is a TPM Reset // or a TPM Restart, then this function will: // 1. clear read/write lock; // 2. reset NV Index data that has TPMA_NV_CLEAR_STCLEAR SET; and // 3. set the lower bits in orderly counters to 1 for a non-orderly startup // // It is a prerequisite that NV be available for writing before this // function is called. BOOL NvEntityStartup( STARTUP_TYPE type // IN: start up type ); //*** NvCapGetCounterAvail() // This function returns an estimate of the number of additional counter type // NV indexes that can be defined. UINT32 NvCapGetCounterAvail( void ); //*** NvFindHandle() // this function returns the offset in NV memory of the entity associated // with the input handle. A value of zero indicates that handle does not // exist reference an existing persistent object or defined NV Index. NV_REF NvFindHandle( TPM_HANDLE handle ); //*** NvReadMaxCount() // This function returns the max NV counter value. // UINT64 NvReadMaxCount( void ); //*** NvUpdateMaxCount() // This function updates the max counter value to NV memory. This is just staging // for the actual write that will occur when the NV index memory is modified. // void NvUpdateMaxCount( UINT64 count ); //*** NvSetMaxCount() // This function is used at NV initialization time to set the initial value of // the maximum counter. void NvSetMaxCount( UINT64 value ); //*** NvGetMaxCount() // Function to get the NV max counter value from the end-of-list marker UINT64 NvGetMaxCount( void ); #endif // _NV_DYNAMIC_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/NvReserved_fp.h000066400000000000000000000111211510276467000307740ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Apr 2, 2019 Time: 04:23:27PM */ #ifndef _NV_RESERVED_FP_H_ #define _NV_RESERVED_FP_H_ //*** NvCheckState() // Function to check the NV state by accessing the platform-specific function // to get the NV state. The result state is registered in s_NvIsAvailable // that will be reported by NvIsAvailable. // // This function is called at the beginning of ExecuteCommand before any potential // check of g_NvStatus. void NvCheckState( void ); //*** NvCommit // This is a wrapper for the platform function to commit pending NV writes. BOOL NvCommit( void ); //*** NvPowerOn() // This function is called at _TPM_Init to initialize the NV environment. // Return Type: BOOL // TRUE(1) all NV was initialized // FALSE(0) the NV containing saved state had an error and // TPM2_Startup(CLEAR) is required BOOL NvPowerOn( void ); //*** NvManufacture() // This function initializes the NV system at pre-install time. // // This function should only be called in a manufacturing environment or in a // simulation. // // The layout of NV memory space is an implementation choice. void NvManufacture( void ); //*** NvRead() // This function is used to move reserved data from NV memory to RAM. void NvRead( void *outBuffer, // OUT: buffer to receive data UINT32 nvOffset, // IN: offset in NV of value UINT32 size // IN: size of the value to read ); //*** NvWrite() // This function is used to post reserved data for writing to NV memory. Before // the TPM completes the operation, the value will be written. BOOL NvWrite( UINT32 nvOffset, // IN: location in NV to receive data UINT32 size, // IN: size of the data to move void *inBuffer // IN: location containing data to write ); //*** NvUpdatePersistent() // This function is used to update a value in the PERSISTENT_DATA structure and // commits the value to NV. void NvUpdatePersistent( UINT32 offset, // IN: location in PERMANENT_DATA to be updated UINT32 size, // IN: size of the value void *buffer // IN: the new data ); //*** NvClearPersistent() // This function is used to clear a persistent data entry and commit it to NV void NvClearPersistent( UINT32 offset, // IN: the offset in the PERMANENT_DATA // structure to be cleared (zeroed) UINT32 size // IN: number of bytes to clear ); //*** NvReadPersistent() // This function reads persistent data to the RAM copy of the 'gp' structure. void NvReadPersistent( void ); #endif // _NV_RESERVED_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ObjectChangeAuth_fp.h000066400000000000000000000053141510276467000320560ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_ObjectChangeAuth // Command must be enabled #ifndef _Object_Change_Auth_FP_H_ #define _Object_Change_Auth_FP_H_ // Input structure definition typedef struct { TPMI_DH_OBJECT objectHandle; TPMI_DH_OBJECT parentHandle; TPM2B_AUTH newAuth; } ObjectChangeAuth_In; // Output structure definition typedef struct { TPM2B_PRIVATE outPrivate; } ObjectChangeAuth_Out; // Response code modifiers #define RC_ObjectChangeAuth_objectHandle (TPM_RC_H + TPM_RC_1) #define RC_ObjectChangeAuth_parentHandle (TPM_RC_H + TPM_RC_2) #define RC_ObjectChangeAuth_newAuth (TPM_RC_P + TPM_RC_1) // Function prototype TPM_RC TPM2_ObjectChangeAuth( ObjectChangeAuth_In *in, ObjectChangeAuth_Out *out ); #endif // _Object_Change_Auth_FP_H_ #endif // CC_ObjectChangeAuth go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Object_fp.h000066400000000000000000000322261510276467000301300ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Apr 2, 2019 Time: 04:23:27PM */ #ifndef _OBJECT_FP_H_ #define _OBJECT_FP_H_ //*** ObjectFlush() // This function marks an object slot as available. // Since there is no checking of the input parameters, it should be used // judiciously. // Note: This could be converted to a macro. void ObjectFlush( OBJECT *object ); //*** ObjectSetInUse() // This access function sets the occupied attribute of an object slot. void ObjectSetInUse( OBJECT *object ); //*** ObjectStartup() // This function is called at TPM2_Startup() to initialize the object subsystem. BOOL ObjectStartup( void ); //*** ObjectCleanupEvict() // // In this implementation, a persistent object is moved from NV into an object slot // for processing. It is flushed after command execution. This function is called // from ExecuteCommand(). void ObjectCleanupEvict( void ); //*** IsObjectPresent() // This function checks to see if a transient handle references a loaded // object. This routine should not be called if the handle is not a // transient handle. The function validates that the handle is in the // implementation-dependent allowed in range for loaded transient objects. // Return Type: BOOL // TRUE(1) handle references a loaded object // FALSE(0) handle is not an object handle, or it does not // reference to a loaded object BOOL IsObjectPresent( TPMI_DH_OBJECT handle // IN: handle to be checked ); //*** ObjectIsSequence() // This function is used to check if the object is a sequence object. This function // should not be called if the handle does not reference a loaded object. // Return Type: BOOL // TRUE(1) object is an HMAC, hash, or event sequence object // FALSE(0) object is not an HMAC, hash, or event sequence object BOOL ObjectIsSequence( OBJECT *object // IN: handle to be checked ); //*** HandleToObject() // This function is used to find the object structure associated with a handle. // // This function requires that 'handle' references a loaded object or a permanent // handle. OBJECT* HandleToObject( TPMI_DH_OBJECT handle // IN: handle of the object ); //*** GetQualifiedName() // This function returns the Qualified Name of the object. In this implementation, // the Qualified Name is computed when the object is loaded and is saved in the // internal representation of the object. The alternative would be to retain the // Name of the parent and compute the QN when needed. This would take the same // amount of space so it is not recommended that the alternate be used. // // This function requires that 'handle' references a loaded object. void GetQualifiedName( TPMI_DH_OBJECT handle, // IN: handle of the object TPM2B_NAME *qualifiedName // OUT: qualified name of the object ); //*** ObjectGetHierarchy() // This function returns the handle for the hierarchy of an object. TPMI_RH_HIERARCHY ObjectGetHierarchy( OBJECT *object // IN :object ); //*** GetHeriarchy() // This function returns the handle of the hierarchy to which a handle belongs. // This function is similar to ObjectGetHierarchy() but this routine takes // a handle but ObjectGetHierarchy() takes an pointer to an object. // // This function requires that 'handle' references a loaded object. TPMI_RH_HIERARCHY GetHeriarchy( TPMI_DH_OBJECT handle // IN :object handle ); //*** FindEmptyObjectSlot() // This function finds an open object slot, if any. It will clear the attributes // but will not set the occupied attribute. This is so that a slot may be used // and discarded if everything does not go as planned. // Return Type: OBJECT * // NULL no open slot found // != NULL pointer to available slot OBJECT * FindEmptyObjectSlot( TPMI_DH_OBJECT *handle // OUT: (optional) ); //*** ObjectAllocateSlot() // This function is used to allocate a slot in internal object array. OBJECT * ObjectAllocateSlot( TPMI_DH_OBJECT *handle // OUT: handle of allocated object ); //*** ObjectSetLoadedAttributes() // This function sets the internal attributes for a loaded object. It is called to // finalize the OBJECT attributes (not the TPMA_OBJECT attributes) for a loaded // object. void ObjectSetLoadedAttributes( OBJECT *object, // IN: object attributes to finalize TPM_HANDLE parentHandle // IN: the parent handle ); //*** ObjectLoad() // Common function to load an object. A loaded object has its public area validated // (unless its 'nameAlg' is TPM_ALG_NULL). If a sensitive part is loaded, it is // verified to be correct and if both public and sensitive parts are loaded, then // the cryptographic binding between the objects is validated. This function does // not cause the allocated slot to be marked as in use. TPM_RC ObjectLoad( OBJECT *object, // IN: pointer to object slot // object OBJECT *parent, // IN: (optional) the parent object TPMT_PUBLIC *publicArea, // IN: public area to be installed in the object TPMT_SENSITIVE *sensitive, // IN: (optional) sensitive area to be // installed in the object TPM_RC blamePublic, // IN: parameter number to associate with the // publicArea errors TPM_RC blameSensitive,// IN: parameter number to associate with the // sensitive area errors TPM2B_NAME *name // IN: (optional) ); #if CC_HMAC_Start || CC_MAC_Start //*** ObjectCreateHMACSequence() // This function creates an internal HMAC sequence object. // Return Type: TPM_RC // TPM_RC_OBJECT_MEMORY if there is no free slot for an object TPM_RC ObjectCreateHMACSequence( TPMI_ALG_HASH hashAlg, // IN: hash algorithm OBJECT *keyObject, // IN: the object containing the HMAC key TPM2B_AUTH *auth, // IN: authValue TPMI_DH_OBJECT *newHandle // OUT: HMAC sequence object handle ); #endif //*** ObjectCreateHashSequence() // This function creates a hash sequence object. // Return Type: TPM_RC // TPM_RC_OBJECT_MEMORY if there is no free slot for an object TPM_RC ObjectCreateHashSequence( TPMI_ALG_HASH hashAlg, // IN: hash algorithm TPM2B_AUTH *auth, // IN: authValue TPMI_DH_OBJECT *newHandle // OUT: sequence object handle ); //*** ObjectCreateEventSequence() // This function creates an event sequence object. // Return Type: TPM_RC // TPM_RC_OBJECT_MEMORY if there is no free slot for an object TPM_RC ObjectCreateEventSequence( TPM2B_AUTH *auth, // IN: authValue TPMI_DH_OBJECT *newHandle // OUT: sequence object handle ); //*** ObjectTerminateEvent() // This function is called to close out the event sequence and clean up the hash // context states. void ObjectTerminateEvent( void ); //*** ObjectContextLoad() // This function loads an object from a saved object context. // Return Type: OBJECT * // NULL if there is no free slot for an object // != NULL points to the loaded object OBJECT * ObjectContextLoad( ANY_OBJECT_BUFFER *object, // IN: pointer to object structure in saved // context TPMI_DH_OBJECT *handle // OUT: object handle ); //*** FlushObject() // This function frees an object slot. // // This function requires that the object is loaded. void FlushObject( TPMI_DH_OBJECT handle // IN: handle to be freed ); //*** ObjectFlushHierarchy() // This function is called to flush all the loaded transient objects associated // with a hierarchy when the hierarchy is disabled. void ObjectFlushHierarchy( TPMI_RH_HIERARCHY hierarchy // IN: hierarchy to be flush ); //*** ObjectLoadEvict() // This function loads a persistent object into a transient object slot. // // This function requires that 'handle' is associated with a persistent object. // Return Type: TPM_RC // TPM_RC_HANDLE the persistent object does not exist // or the associated hierarchy is disabled. // TPM_RC_OBJECT_MEMORY no object slot TPM_RC ObjectLoadEvict( TPM_HANDLE *handle, // IN:OUT: evict object handle. If success, it // will be replace by the loaded object handle COMMAND_INDEX commandIndex // IN: the command being processed ); //*** ObjectComputeName() // This does the name computation from a public area (can be marshaled or not). TPM2B_NAME * ObjectComputeName( UINT32 size, // IN: the size of the area to digest BYTE *publicArea, // IN: the public area to digest TPM_ALG_ID nameAlg, // IN: the hash algorithm to use TPM2B_NAME *name // OUT: Computed name ); //*** PublicMarshalAndComputeName() // This function computes the Name of an object from its public area. TPM2B_NAME * PublicMarshalAndComputeName( TPMT_PUBLIC *publicArea, // IN: public area of an object TPM2B_NAME *name // OUT: name of the object ); //*** ComputeQualifiedName() // This function computes the qualified name of an object. void ComputeQualifiedName( TPM_HANDLE parentHandle, // IN: parent's handle TPM_ALG_ID nameAlg, // IN: name hash TPM2B_NAME *name, // IN: name of the object TPM2B_NAME *qualifiedName // OUT: qualified name of the object ); //*** ObjectIsStorage() // This function determines if an object has the attributes associated // with a parent. A parent is an asymmetric or symmetric block cipher key // that has its 'restricted' and 'decrypt' attributes SET, and 'sign' CLEAR. // Return Type: BOOL // TRUE(1) object is a storage key // FALSE(0) object is not a storage key BOOL ObjectIsStorage( TPMI_DH_OBJECT handle // IN: object handle ); //*** ObjectCapGetLoaded() // This function returns a a list of handles of loaded object, starting from // 'handle'. 'Handle' must be in the range of valid transient object handles, // but does not have to be the handle of a loaded transient object. // Return Type: TPMI_YES_NO // YES if there are more handles available // NO all the available handles has been returned TPMI_YES_NO ObjectCapGetLoaded( TPMI_DH_OBJECT handle, // IN: start handle UINT32 count, // IN: count of returned handles TPML_HANDLE *handleList // OUT: list of handle ); //*** ObjectCapGetTransientAvail() // This function returns an estimate of the number of additional transient // objects that could be loaded into the TPM. UINT32 ObjectCapGetTransientAvail( void ); //*** ObjectGetPublicAttributes() // Returns the attributes associated with an object handles. TPMA_OBJECT ObjectGetPublicAttributes( TPM_HANDLE handle ); OBJECT_ATTRIBUTES ObjectGetProperties( TPM_HANDLE handle ); #endif // _OBJECT_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Object_spt_fp.h000066400000000000000000000463311510276467000310200ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Mar 28, 2019 Time: 08:25:18PM */ #ifndef _OBJECT_SPT_FP_H_ #define _OBJECT_SPT_FP_H_ //*** AdjustAuthSize() // This function will validate that the input authValue is no larger than the // digestSize for the nameAlg. It will then pad with zeros to the size of the // digest. BOOL AdjustAuthSize( TPM2B_AUTH *auth, // IN/OUT: value to adjust TPMI_ALG_HASH nameAlg // IN: ); //*** AreAttributesForParent() // This function is called by create, load, and import functions. // Note: The 'isParent' attribute is SET when an object is loaded and it has // attributes that are suitable for a parent object. // Return Type: BOOL // TRUE(1) properties are those of a parent // FALSE(0) properties are not those of a parent BOOL ObjectIsParent( OBJECT *parentObject // IN: parent handle ); //*** CreateChecks() // Attribute checks that are unique to creation. // Return Type: TPM_RC // TPM_RC_ATTRIBUTES sensitiveDataOrigin is not consistent with the // object type // other returns from PublicAttributesValidation() TPM_RC CreateChecks( OBJECT *parentObject, TPMT_PUBLIC *publicArea, UINT16 sensitiveDataSize ); //*** SchemeChecks // This function is called by TPM2_LoadExternal() and PublicAttributesValidation(). // This function validates the schemes in the public area of an object. // Return Type: TPM_RC // TPM_RC_HASH non-duplicable storage key and its parent have different // name algorithm // TPM_RC_KDF incorrect KDF specified for decrypting keyed hash object // TPM_RC_KEY invalid key size values in an asymmetric key public area // TPM_RCS_SCHEME inconsistent attributes 'decrypt', 'sign', 'restricted' // and key's scheme ID; or hash algorithm is inconsistent // with the scheme ID for keyed hash object // TPM_RC_SYMMETRIC a storage key with no symmetric algorithm specified; or // non-storage key with symmetric algorithm different from // ALG_NULL TPM_RC SchemeChecks( OBJECT *parentObject, // IN: parent (null if primary seed) TPMT_PUBLIC *publicArea // IN: public area of the object ); //*** PublicAttributesValidation() // This function validates the values in the public area of an object. // This function is used in the processing of TPM2_Create, TPM2_CreatePrimary, // TPM2_CreateLoaded(), TPM2_Load(), TPM2_Import(), and TPM2_LoadExternal(). // For TPM2_Import() this is only used if the new parent has fixedTPM SET. For // TPM2_LoadExternal(), this is not used for a public-only key // Return Type: TPM_RC // TPM_RC_ATTRIBUTES 'fixedTPM', 'fixedParent', or 'encryptedDuplication' // attributes are inconsistent between themselves or with // those of the parent object; // inconsistent 'restricted', 'decrypt' and 'sign' // attributes; // attempt to inject sensitive data for an asymmetric key; // attempt to create a symmetric cipher key that is not // a decryption key // TPM_RC_HASH nameAlg is TPM_ALG_NULL // TPM_RC_SIZE 'authPolicy' size does not match digest size of the name // algorithm in 'publicArea' // other returns from SchemeChecks() TPM_RC PublicAttributesValidation( OBJECT *parentObject, // IN: input parent object TPMT_PUBLIC *publicArea // IN: public area of the object ); //*** FillInCreationData() // Fill in creation data for an object. // Return Type: void void FillInCreationData( TPMI_DH_OBJECT parentHandle, // IN: handle of parent TPMI_ALG_HASH nameHashAlg, // IN: name hash algorithm TPML_PCR_SELECTION *creationPCR, // IN: PCR selection TPM2B_DATA *outsideData, // IN: outside data TPM2B_CREATION_DATA *outCreation, // OUT: creation data for output TPM2B_DIGEST *creationDigest // OUT: creation digest ); //*** GetSeedForKDF() // Get a seed for KDF. The KDF for encryption and HMAC key use the same seed. const TPM2B * GetSeedForKDF( OBJECT *protector // IN: the protector handle ); //*** ProduceOuterWrap() // This function produce outer wrap for a buffer containing the sensitive data. // It requires the sensitive data being marshaled to the outerBuffer, with the // leading bytes reserved for integrity hash. If iv is used, iv space should // be reserved at the beginning of the buffer. It assumes the sensitive data // starts at address (outerBuffer + integrity size @). // This function performs: // 1. Add IV before sensitive area if required // 2. encrypt sensitive data, if iv is required, encrypt by iv. otherwise, // encrypted by a NULL iv // 3. add HMAC integrity at the beginning of the buffer // It returns the total size of blob with outer wrap UINT16 ProduceOuterWrap( OBJECT *protector, // IN: The handle of the object that provides // protection. For object, it is parent // handle. For credential, it is the handle // of encrypt object. TPM2B *name, // IN: the name of the object TPM_ALG_ID hashAlg, // IN: hash algorithm for outer wrap TPM2B *seed, // IN: an external seed may be provided for // duplication blob. For non duplication // blob, this parameter should be NULL BOOL useIV, // IN: indicate if an IV is used UINT16 dataSize, // IN: the size of sensitive data, excluding the // leading integrity buffer size or the // optional iv size BYTE *outerBuffer // IN/OUT: outer buffer with sensitive data in // it ); //*** UnwrapOuter() // This function remove the outer wrap of a blob containing sensitive data // This function performs: // 1. check integrity of outer blob // 2. decrypt outer blob // // Return Type: TPM_RC // TPM_RCS_INSUFFICIENT error during sensitive data unmarshaling // TPM_RCS_INTEGRITY sensitive data integrity is broken // TPM_RCS_SIZE error during sensitive data unmarshaling // TPM_RCS_VALUE IV size for CFB does not match the encryption // algorithm block size TPM_RC UnwrapOuter( OBJECT *protector, // IN: The object that provides // protection. For object, it is parent // handle. For credential, it is the // encrypt object. TPM2B *name, // IN: the name of the object TPM_ALG_ID hashAlg, // IN: hash algorithm for outer wrap TPM2B *seed, // IN: an external seed may be provided for // duplication blob. For non duplication // blob, this parameter should be NULL. BOOL useIV, // IN: indicates if an IV is used UINT16 dataSize, // IN: size of sensitive data in outerBuffer, // including the leading integrity buffer // size, and an optional iv area BYTE *outerBuffer // IN/OUT: sensitive data ); //*** SensitiveToPrivate() // This function prepare the private blob for off the chip storage // The operations in this function: // 1. marshal TPM2B_SENSITIVE structure into the buffer of TPM2B_PRIVATE // 2. apply encryption to the sensitive area. // 3. apply outer integrity computation. void SensitiveToPrivate( TPMT_SENSITIVE *sensitive, // IN: sensitive structure TPM2B_NAME *name, // IN: the name of the object OBJECT *parent, // IN: The parent object TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. This // parameter is used when parentHandle is // NULL, in which case the object is // temporary. TPM2B_PRIVATE *outPrivate // OUT: output private structure ); //*** PrivateToSensitive() // Unwrap a input private area. Check the integrity, decrypt and retrieve data // to a sensitive structure. // The operations in this function: // 1. check the integrity HMAC of the input private area // 2. decrypt the private buffer // 3. unmarshal TPMT_SENSITIVE structure into the buffer of TPMT_SENSITIVE // Return Type: TPM_RC // TPM_RCS_INTEGRITY if the private area integrity is bad // TPM_RC_SENSITIVE unmarshal errors while unmarshaling TPMS_ENCRYPT // from input private // TPM_RCS_SIZE error during sensitive data unmarshaling // TPM_RCS_VALUE outer wrapper does not have an iV of the correct // size TPM_RC PrivateToSensitive( TPM2B *inPrivate, // IN: input private structure TPM2B *name, // IN: the name of the object OBJECT *parent, // IN: parent object TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. It is // passed separately because we only pass // name, rather than the whole public area // of the object. This parameter is used in // the following two cases: 1. primary // objects. 2. duplication blob with inner // wrap. In other cases, this parameter // will be ignored TPMT_SENSITIVE *sensitive // OUT: sensitive structure ); //*** SensitiveToDuplicate() // This function prepare the duplication blob from the sensitive area. // The operations in this function: // 1. marshal TPMT_SENSITIVE structure into the buffer of TPM2B_PRIVATE // 2. apply inner wrap to the sensitive area if required // 3. apply outer wrap if required void SensitiveToDuplicate( TPMT_SENSITIVE *sensitive, // IN: sensitive structure TPM2B *name, // IN: the name of the object OBJECT *parent, // IN: The new parent object TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. It // is passed separately because we // only pass name, rather than the // whole public area of the object. TPM2B *seed, // IN: the external seed. If external // seed is provided with size of 0, // no outer wrap should be applied // to duplication blob. TPMT_SYM_DEF_OBJECT *symDef, // IN: Symmetric key definition. If the // symmetric key algorithm is NULL, // no inner wrap should be applied. TPM2B_DATA *innerSymKey, // IN/OUT: a symmetric key may be // provided to encrypt the inner // wrap of a duplication blob. May // be generated here if needed. TPM2B_PRIVATE *outPrivate // OUT: output private structure ); //*** DuplicateToSensitive() // Unwrap a duplication blob. Check the integrity, decrypt and retrieve data // to a sensitive structure. // The operations in this function: // 1. check the integrity HMAC of the input private area // 2. decrypt the private buffer // 3. unmarshal TPMT_SENSITIVE structure into the buffer of TPMT_SENSITIVE // // Return Type: TPM_RC // TPM_RC_INSUFFICIENT unmarshaling sensitive data from 'inPrivate' failed // TPM_RC_INTEGRITY 'inPrivate' data integrity is broken // TPM_RC_SIZE unmarshaling sensitive data from 'inPrivate' failed TPM_RC DuplicateToSensitive( TPM2B *inPrivate, // IN: input private structure TPM2B *name, // IN: the name of the object OBJECT *parent, // IN: the parent TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. TPM2B *seed, // IN: an external seed may be provided. // If external seed is provided with // size of 0, no outer wrap is // applied TPMT_SYM_DEF_OBJECT *symDef, // IN: Symmetric key definition. If the // symmetric key algorithm is NULL, // no inner wrap is applied TPM2B *innerSymKey, // IN: a symmetric key may be provided // to decrypt the inner wrap of a // duplication blob. TPMT_SENSITIVE *sensitive // OUT: sensitive structure ); //*** SecretToCredential() // This function prepare the credential blob from a secret (a TPM2B_DIGEST) // The operations in this function: // 1. marshal TPM2B_DIGEST structure into the buffer of TPM2B_ID_OBJECT // 2. encrypt the private buffer, excluding the leading integrity HMAC area // 3. compute integrity HMAC and append to the beginning of the buffer. // 4. Set the total size of TPM2B_ID_OBJECT buffer void SecretToCredential( TPM2B_DIGEST *secret, // IN: secret information TPM2B *name, // IN: the name of the object TPM2B *seed, // IN: an external seed. OBJECT *protector, // IN: the protector TPM2B_ID_OBJECT *outIDObject // OUT: output credential ); //*** CredentialToSecret() // Unwrap a credential. Check the integrity, decrypt and retrieve data // to a TPM2B_DIGEST structure. // The operations in this function: // 1. check the integrity HMAC of the input credential area // 2. decrypt the credential buffer // 3. unmarshal TPM2B_DIGEST structure into the buffer of TPM2B_DIGEST // // Return Type: TPM_RC // TPM_RC_INSUFFICIENT error during credential unmarshaling // TPM_RC_INTEGRITY credential integrity is broken // TPM_RC_SIZE error during credential unmarshaling // TPM_RC_VALUE IV size does not match the encryption algorithm // block size TPM_RC CredentialToSecret( TPM2B *inIDObject, // IN: input credential blob TPM2B *name, // IN: the name of the object TPM2B *seed, // IN: an external seed. OBJECT *protector, // IN: the protector TPM2B_DIGEST *secret // OUT: secret information ); //*** MemoryRemoveTrailingZeros() // This function is used to adjust the length of an authorization value. // It adjusts the size of the TPM2B so that it does not include octets // at the end of the buffer that contain zero. // The function returns the number of non-zero octets in the buffer. UINT16 MemoryRemoveTrailingZeros( TPM2B_AUTH *auth // IN/OUT: value to adjust ); //*** SetLabelAndContext() // This function sets the label and context for a derived key. It is possible // that 'label' or 'context' can end up being an Empty Buffer. TPM_RC SetLabelAndContext( TPMS_DERIVE *labelContext, // IN/OUT: the recovered label and // context TPM2B_SENSITIVE_DATA *sensitive // IN: the sensitive data ); //*** UnmarshalToPublic() // Support function to unmarshal the template. This is used because the // Input may be a TPMT_TEMPLATE and that structure does not have the same // size as a TPMT_PUBLIC because of the difference between the 'unique' and // 'seed' fields. // If 'derive' is not NULL, then the 'seed' field is assumed to contain // a 'label' and 'context' that are unmarshaled into 'derive'. TPM_RC UnmarshalToPublic( TPMT_PUBLIC *tOut, // OUT: output TPM2B_TEMPLATE *tIn, // IN: BOOL derivation, // IN: indicates if this is for a derivation TPMS_DERIVE *labelContext// OUT: label and context if derivation ); //*** ObjectSetExternal() // Set the external attributes for an object. void ObjectSetExternal( OBJECT *object ); #endif // _OBJECT_SPT_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Allocate_fp.h000066400000000000000000000053011510276467000311440ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_PCR_Allocate // Command must be enabled #ifndef _PCR_Allocate_FP_H_ #define _PCR_Allocate_FP_H_ // Input structure definition typedef struct { TPMI_RH_PLATFORM authHandle; TPML_PCR_SELECTION pcrAllocation; } PCR_Allocate_In; // Output structure definition typedef struct { TPMI_YES_NO allocationSuccess; UINT32 maxPCR; UINT32 sizeNeeded; UINT32 sizeAvailable; } PCR_Allocate_Out; // Response code modifiers #define RC_PCR_Allocate_authHandle (TPM_RC_H + TPM_RC_1) #define RC_PCR_Allocate_pcrAllocation (TPM_RC_P + TPM_RC_1) // Function prototype TPM_RC TPM2_PCR_Allocate( PCR_Allocate_In *in, PCR_Allocate_Out *out ); #endif // _PCR_Allocate_FP_H_ #endif // CC_PCR_Allocate go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Event_fp.h000066400000000000000000000050101510276467000304760ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_PCR_Event // Command must be enabled #ifndef _PCR_Event_FP_H_ #define _PCR_Event_FP_H_ // Input structure definition typedef struct { TPMI_DH_PCR pcrHandle; TPM2B_EVENT eventData; } PCR_Event_In; // Output structure definition typedef struct { TPML_DIGEST_VALUES digests; } PCR_Event_Out; // Response code modifiers #define RC_PCR_Event_pcrHandle (TPM_RC_H + TPM_RC_1) #define RC_PCR_Event_eventData (TPM_RC_P + TPM_RC_1) // Function prototype TPM_RC TPM2_PCR_Event( PCR_Event_In *in, PCR_Event_Out *out ); #endif // _PCR_Event_FP_H_ #endif // CC_PCR_Event go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Extend_fp.h000066400000000000000000000045661510276467000306630ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_PCR_Extend // Command must be enabled #ifndef _PCR_Extend_FP_H_ #define _PCR_Extend_FP_H_ // Input structure definition typedef struct { TPMI_DH_PCR pcrHandle; TPML_DIGEST_VALUES digests; } PCR_Extend_In; // Response code modifiers #define RC_PCR_Extend_pcrHandle (TPM_RC_H + TPM_RC_1) #define RC_PCR_Extend_digests (TPM_RC_P + TPM_RC_1) // Function prototype TPM_RC TPM2_PCR_Extend( PCR_Extend_In *in ); #endif // _PCR_Extend_FP_H_ #endif // CC_PCR_Extend go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Read_fp.h000066400000000000000000000050151510276467000302750ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_PCR_Read // Command must be enabled #ifndef _PCR_Read_FP_H_ #define _PCR_Read_FP_H_ // Input structure definition typedef struct { TPML_PCR_SELECTION pcrSelectionIn; } PCR_Read_In; // Output structure definition typedef struct { UINT32 pcrUpdateCounter; TPML_PCR_SELECTION pcrSelectionOut; TPML_DIGEST pcrValues; } PCR_Read_Out; // Response code modifiers #define RC_PCR_Read_pcrSelectionIn (TPM_RC_P + TPM_RC_1) // Function prototype TPM_RC TPM2_PCR_Read( PCR_Read_In *in, PCR_Read_Out *out ); #endif // _PCR_Read_FP_H_ #endif // CC_PCR_Read go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_Reset_fp.h000066400000000000000000000044161510276467000305100ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_PCR_Reset // Command must be enabled #ifndef _PCR_Reset_FP_H_ #define _PCR_Reset_FP_H_ // Input structure definition typedef struct { TPMI_DH_PCR pcrHandle; } PCR_Reset_In; // Response code modifiers #define RC_PCR_Reset_pcrHandle (TPM_RC_H + TPM_RC_1) // Function prototype TPM_RC TPM2_PCR_Reset( PCR_Reset_In *in ); #endif // _PCR_Reset_FP_H_ #endif // CC_PCR_Reset go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_SetAuthPolicy_fp.h000066400000000000000000000052421510276467000321610ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_PCR_SetAuthPolicy // Command must be enabled #ifndef _PCR_Set_Auth_Policy_FP_H_ #define _PCR_Set_Auth_Policy_FP_H_ // Input structure definition typedef struct { TPMI_RH_PLATFORM authHandle; TPM2B_DIGEST authPolicy; TPMI_ALG_HASH hashAlg; TPMI_DH_PCR pcrNum; } PCR_SetAuthPolicy_In; // Response code modifiers #define RC_PCR_SetAuthPolicy_authHandle (TPM_RC_H + TPM_RC_1) #define RC_PCR_SetAuthPolicy_authPolicy (TPM_RC_P + TPM_RC_1) #define RC_PCR_SetAuthPolicy_hashAlg (TPM_RC_P + TPM_RC_2) #define RC_PCR_SetAuthPolicy_pcrNum (TPM_RC_P + TPM_RC_3) // Function prototype TPM_RC TPM2_PCR_SetAuthPolicy( PCR_SetAuthPolicy_In *in ); #endif // _PCR_Set_Auth_Policy_FP_H_ #endif // CC_PCR_SetAuthPolicy go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_SetAuthValue_fp.h000066400000000000000000000046571510276467000320070ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_PCR_SetAuthValue // Command must be enabled #ifndef _PCR_Set_Auth_Value_FP_H_ #define _PCR_Set_Auth_Value_FP_H_ // Input structure definition typedef struct { TPMI_DH_PCR pcrHandle; TPM2B_DIGEST auth; } PCR_SetAuthValue_In; // Response code modifiers #define RC_PCR_SetAuthValue_pcrHandle (TPM_RC_H + TPM_RC_1) #define RC_PCR_SetAuthValue_auth (TPM_RC_P + TPM_RC_1) // Function prototype TPM_RC TPM2_PCR_SetAuthValue( PCR_SetAuthValue_In *in ); #endif // _PCR_Set_Auth_Value_FP_H_ #endif // CC_PCR_SetAuthValue go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PCR_fp.h000066400000000000000000000301231510276467000273400ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Apr 2, 2019 Time: 04:23:27PM */ #ifndef _PCR_FP_H_ #define _PCR_FP_H_ //*** PCRBelongsAuthGroup() // This function indicates if a PCR belongs to a group that requires an authValue // in order to modify the PCR. If it does, 'groupIndex' is set to value of // the group index. This feature of PCR is decided by the platform specification. // Return Type: BOOL // TRUE(1) PCR belongs an authorization group // FALSE(0) PCR does not belong an authorization group BOOL PCRBelongsAuthGroup( TPMI_DH_PCR handle, // IN: handle of PCR UINT32 *groupIndex // OUT: group index if PCR belongs a // group that allows authValue. If PCR // does not belong to an authorization // group, the value in this parameter is // invalid ); //*** PCRBelongsPolicyGroup() // This function indicates if a PCR belongs to a group that requires a policy // authorization in order to modify the PCR. If it does, 'groupIndex' is set // to value of the group index. This feature of PCR is decided by the platform // specification. // Return Type: BOOL // TRUE(1) PCR belongs a policy group // FALSE(0) PCR does not belong a policy group BOOL PCRBelongsPolicyGroup( TPMI_DH_PCR handle, // IN: handle of PCR UINT32 *groupIndex // OUT: group index if PCR belongs a group that // allows policy. If PCR does not belong to // a policy group, the value in this // parameter is invalid ); //*** PCRPolicyIsAvailable() // This function indicates if a policy is available for a PCR. // Return Type: BOOL // TRUE(1) the PCR should be authorized by policy // FALSE(0) the PCR does not allow policy BOOL PCRPolicyIsAvailable( TPMI_DH_PCR handle // IN: PCR handle ); //*** PCRGetAuthValue() // This function is used to access the authValue of a PCR. If PCR does not // belong to an authValue group, an EmptyAuth will be returned. TPM2B_AUTH * PCRGetAuthValue( TPMI_DH_PCR handle // IN: PCR handle ); //*** PCRGetAuthPolicy() // This function is used to access the authorization policy of a PCR. It sets // 'policy' to the authorization policy and returns the hash algorithm for policy // If the PCR does not allow a policy, TPM_ALG_NULL is returned. TPMI_ALG_HASH PCRGetAuthPolicy( TPMI_DH_PCR handle, // IN: PCR handle TPM2B_DIGEST *policy // OUT: policy of PCR ); //*** PCRSimStart() // This function is used to initialize the policies when a TPM is manufactured. // This function would only be called in a manufacturing environment or in // a TPM simulator. void PCRSimStart( void ); //*** PcrIsAllocated() // This function indicates if a PCR number for the particular hash algorithm // is allocated. // Return Type: BOOL // TRUE(1) PCR is allocated // FALSE(0) PCR is not allocated BOOL PcrIsAllocated( UINT32 pcr, // IN: The number of the PCR TPMI_ALG_HASH hashAlg // IN: The PCR algorithm ); //*** PcrDrtm() // This function does the DRTM and H-CRTM processing it is called from // _TPM_Hash_End. void PcrDrtm( const TPMI_DH_PCR pcrHandle, // IN: the index of the PCR to be // modified const TPMI_ALG_HASH hash, // IN: the bank identifier const TPM2B_DIGEST *digest // IN: the digest to modify the PCR ); //*** PCR_ClearAuth() // This function is used to reset the PCR authorization values. It is called // on TPM2_Startup(CLEAR) and TPM2_Clear(). void PCR_ClearAuth( void ); //*** PCRStartup() // This function initializes the PCR subsystem at TPM2_Startup(). BOOL PCRStartup( STARTUP_TYPE type, // IN: startup type BYTE locality // IN: startup locality ); //*** PCRStateSave() // This function is used to save the PCR values that will be restored on TPM Resume. void PCRStateSave( TPM_SU type // IN: startup type ); //*** PCRIsStateSaved() // This function indicates if the selected PCR is a PCR that is state saved // on TPM2_Shutdown(STATE). The return value is based on PCR attributes. // Return Type: BOOL // TRUE(1) PCR is state saved // FALSE(0) PCR is not state saved BOOL PCRIsStateSaved( TPMI_DH_PCR handle // IN: PCR handle to be extended ); //*** PCRIsResetAllowed() // This function indicates if a PCR may be reset by the current command locality. // The return value is based on PCR attributes, and not the PCR allocation. // Return Type: BOOL // TRUE(1) TPM2_PCR_Reset is allowed // FALSE(0) TPM2_PCR_Reset is not allowed BOOL PCRIsResetAllowed( TPMI_DH_PCR handle // IN: PCR handle to be extended ); //*** PCRChanged() // This function checks a PCR handle to see if the attributes for the PCR are set // so that any change to the PCR causes an increment of the pcrCounter. If it does, // then the function increments the counter. Will also bump the counter if the // handle is zero which means that PCR 0 can not be in the TCB group. Bump on zero // is used by TPM2_Clear(). void PCRChanged( TPM_HANDLE pcrHandle // IN: the handle of the PCR that changed. ); //*** PCRIsExtendAllowed() // This function indicates a PCR may be extended at the current command locality. // The return value is based on PCR attributes, and not the PCR allocation. // Return Type: BOOL // TRUE(1) extend is allowed // FALSE(0) extend is not allowed BOOL PCRIsExtendAllowed( TPMI_DH_PCR handle // IN: PCR handle to be extended ); //*** PCRExtend() // This function is used to extend a PCR in a specific bank. void PCRExtend( TPMI_DH_PCR handle, // IN: PCR handle to be extended TPMI_ALG_HASH hash, // IN: hash algorithm of PCR UINT32 size, // IN: size of data to be extended BYTE *data // IN: data to be extended ); //*** PCRComputeCurrentDigest() // This function computes the digest of the selected PCR. // // As a side-effect, 'selection' is modified so that only the implemented PCR // will have their bits still set. void PCRComputeCurrentDigest( TPMI_ALG_HASH hashAlg, // IN: hash algorithm to compute digest TPML_PCR_SELECTION *selection, // IN/OUT: PCR selection (filtered on // output) TPM2B_DIGEST *digest // OUT: digest ); //*** PCRRead() // This function is used to read a list of selected PCR. If the requested PCR // number exceeds the maximum number that can be output, the 'selection' is // adjusted to reflect the actual output PCR. void PCRRead( TPML_PCR_SELECTION *selection, // IN/OUT: PCR selection (filtered on // output) TPML_DIGEST *digest, // OUT: digest UINT32 *pcrCounter // OUT: the current value of PCR generation // number ); //*** PcrWrite() // This function is used by _TPM_Hash_End to set a PCR to the computed hash // of the H-CRTM event. void PcrWrite( TPMI_DH_PCR handle, // IN: PCR handle to be extended TPMI_ALG_HASH hash, // IN: hash algorithm of PCR TPM2B_DIGEST *digest // IN: the new value ); //*** PCRAllocate() // This function is used to change the PCR allocation. // Return Type: TPM_RC // TPM_RC_NO_RESULT allocate failed // TPM_RC_PCR improper allocation TPM_RC PCRAllocate( TPML_PCR_SELECTION *allocate, // IN: required allocation UINT32 *maxPCR, // OUT: Maximum number of PCR UINT32 *sizeNeeded, // OUT: required space UINT32 *sizeAvailable // OUT: available space ); //*** PCRSetValue() // This function is used to set the designated PCR in all banks to an initial value. // The initial value is signed and will be sign extended into the entire PCR. // void PCRSetValue( TPM_HANDLE handle, // IN: the handle of the PCR to set INT8 initialValue // IN: the value to set ); //*** PCRResetDynamics // This function is used to reset a dynamic PCR to 0. This function is used in // DRTM sequence. void PCRResetDynamics( void ); //*** PCRCapGetAllocation() // This function is used to get the current allocation of PCR banks. // Return Type: TPMI_YES_NO // YES if the return count is 0 // NO if the return count is not 0 TPMI_YES_NO PCRCapGetAllocation( UINT32 count, // IN: count of return TPML_PCR_SELECTION *pcrSelection // OUT: PCR allocation list ); //*** PCRCapGetProperties() // This function returns a list of PCR properties starting at 'property'. // Return Type: TPMI_YES_NO // YES if no more property is available // NO if there are more properties not reported TPMI_YES_NO PCRCapGetProperties( TPM_PT_PCR property, // IN: the starting PCR property UINT32 count, // IN: count of returned properties TPML_TAGGED_PCR_PROPERTY *select // OUT: PCR select ); //*** PCRCapGetHandles() // This function is used to get a list of handles of PCR, started from 'handle'. // If 'handle' exceeds the maximum PCR handle range, an empty list will be // returned and the return value will be NO. // Return Type: TPMI_YES_NO // YES if there are more handles available // NO all the available handles has been returned TPMI_YES_NO PCRCapGetHandles( TPMI_DH_PCR handle, // IN: start handle UINT32 count, // IN: count of returned handles TPML_HANDLE *handleList // OUT: list of handle ); #endif // _PCR_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PP_Commands_fp.h000066400000000000000000000047371510276467000310700ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_PP_Commands // Command must be enabled #ifndef _PP_Commands_FP_H_ #define _PP_Commands_FP_H_ // Input structure definition typedef struct { TPMI_RH_PLATFORM auth; TPML_CC setList; TPML_CC clearList; } PP_Commands_In; // Response code modifiers #define RC_PP_Commands_auth (TPM_RC_H + TPM_RC_1) #define RC_PP_Commands_setList (TPM_RC_P + TPM_RC_1) #define RC_PP_Commands_clearList (TPM_RC_P + TPM_RC_2) // Function prototype TPM_RC TPM2_PP_Commands( PP_Commands_In *in ); #endif // _PP_Commands_FP_H_ #endif // CC_PP_Commands go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PP_fp.h000066400000000000000000000074111510276467000272370ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Mar 28, 2019 Time: 08:25:19PM */ #ifndef _PP_FP_H_ #define _PP_FP_H_ //*** PhysicalPresencePreInstall_Init() // This function is used to initialize the array of commands that always require // confirmation with physical presence. The array is an array of bits that // has a correspondence with the command code. // // This command should only ever be executable in a manufacturing setting or in // a simulation. // // When set, these cannot be cleared. // void PhysicalPresencePreInstall_Init( void ); //*** PhysicalPresenceCommandSet() // This function is used to set the indicator that a command requires // PP confirmation. void PhysicalPresenceCommandSet( TPM_CC commandCode // IN: command code ); //*** PhysicalPresenceCommandClear() // This function is used to clear the indicator that a command requires PP // confirmation. void PhysicalPresenceCommandClear( TPM_CC commandCode // IN: command code ); //*** PhysicalPresenceIsRequired() // This function indicates if PP confirmation is required for a command. // Return Type: BOOL // TRUE(1) physical presence is required // FALSE(0) physical presence is not required BOOL PhysicalPresenceIsRequired( COMMAND_INDEX commandIndex // IN: command index ); //*** PhysicalPresenceCapGetCCList() // This function returns a list of commands that require PP confirmation. The // list starts from the first implemented command that has a command code that // the same or greater than 'commandCode'. // Return Type: TPMI_YES_NO // YES if there are more command codes available // NO all the available command codes have been returned TPMI_YES_NO PhysicalPresenceCapGetCCList( TPM_CC commandCode, // IN: start command code UINT32 count, // IN: count of returned TPM_CC TPML_CC *commandList // OUT: list of TPM_CC ); #endif // _PP_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyAuthValue_fp.h000066400000000000000000000045161510276467000320010ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_PolicyAuthValue // Command must be enabled #ifndef _Policy_Auth_Value_FP_H_ #define _Policy_Auth_Value_FP_H_ // Input structure definition typedef struct { TPMI_SH_POLICY policySession; } PolicyAuthValue_In; // Response code modifiers #define RC_PolicyAuthValue_policySession (TPM_RC_H + TPM_RC_1) // Function prototype TPM_RC TPM2_PolicyAuthValue( PolicyAuthValue_In *in ); #endif // _Policy_Auth_Value_FP_H_ #endif // CC_PolicyAuthValue go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyAuthorizeNV_fp.h000066400000000000000000000051011510276467000323100ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_PolicyAuthorizeNV // Command must be enabled #ifndef _Policy_Authorize_NV_FP_H_ #define _Policy_Authorize_NV_FP_H_ // Input structure definition typedef struct { TPMI_RH_NV_AUTH authHandle; TPMI_RH_NV_INDEX nvIndex; TPMI_SH_POLICY policySession; } PolicyAuthorizeNV_In; // Response code modifiers #define RC_PolicyAuthorizeNV_authHandle (TPM_RC_H + TPM_RC_1) #define RC_PolicyAuthorizeNV_nvIndex (TPM_RC_H + TPM_RC_2) #define RC_PolicyAuthorizeNV_policySession (TPM_RC_H + TPM_RC_3) // Function prototype TPM_RC TPM2_PolicyAuthorizeNV( PolicyAuthorizeNV_In *in ); #endif // _Policy_Authorize_NV_FP_H_ #endif // CC_PolicyAuthorizeNV go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyAuthorize_fp.h000066400000000000000000000053741510276467000320600ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_PolicyAuthorize // Command must be enabled #ifndef _Policy_Authorize_FP_H_ #define _Policy_Authorize_FP_H_ // Input structure definition typedef struct { TPMI_SH_POLICY policySession; TPM2B_DIGEST approvedPolicy; TPM2B_NONCE policyRef; TPM2B_NAME keySign; TPMT_TK_VERIFIED checkTicket; } PolicyAuthorize_In; // Response code modifiers #define RC_PolicyAuthorize_policySession (TPM_RC_H + TPM_RC_1) #define RC_PolicyAuthorize_approvedPolicy (TPM_RC_P + TPM_RC_1) #define RC_PolicyAuthorize_policyRef (TPM_RC_P + TPM_RC_2) #define RC_PolicyAuthorize_keySign (TPM_RC_P + TPM_RC_3) #define RC_PolicyAuthorize_checkTicket (TPM_RC_P + TPM_RC_4) // Function prototype TPM_RC TPM2_PolicyAuthorize( PolicyAuthorize_In *in ); #endif // _Policy_Authorize_FP_H_ #endif // CC_PolicyAuthorize go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyCommandCode_fp.h000066400000000000000000000047121510276467000322520ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_PolicyCommandCode // Command must be enabled #ifndef _Policy_Command_Code_FP_H_ #define _Policy_Command_Code_FP_H_ // Input structure definition typedef struct { TPMI_SH_POLICY policySession; TPM_CC code; } PolicyCommandCode_In; // Response code modifiers #define RC_PolicyCommandCode_policySession (TPM_RC_H + TPM_RC_1) #define RC_PolicyCommandCode_code (TPM_RC_P + TPM_RC_1) // Function prototype TPM_RC TPM2_PolicyCommandCode( PolicyCommandCode_In *in ); #endif // _Policy_Command_Code_FP_H_ #endif // CC_PolicyCommandCode go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyCounterTimer_fp.h000066400000000000000000000052641510276467000325240ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_PolicyCounterTimer // Command must be enabled #ifndef _Policy_Counter_Timer_FP_H_ #define _Policy_Counter_Timer_FP_H_ // Input structure definition typedef struct { TPMI_SH_POLICY policySession; TPM2B_OPERAND operandB; UINT16 offset; TPM_EO operation; } PolicyCounterTimer_In; // Response code modifiers #define RC_PolicyCounterTimer_policySession (TPM_RC_H + TPM_RC_1) #define RC_PolicyCounterTimer_operandB (TPM_RC_P + TPM_RC_1) #define RC_PolicyCounterTimer_offset (TPM_RC_P + TPM_RC_2) #define RC_PolicyCounterTimer_operation (TPM_RC_P + TPM_RC_3) // Function prototype TPM_RC TPM2_PolicyCounterTimer( PolicyCounterTimer_In *in ); #endif // _Policy_Counter_Timer_FP_H_ #endif // CC_PolicyCounterTimer go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyCpHash_fp.h000066400000000000000000000046261510276467000312530ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_PolicyCpHash // Command must be enabled #ifndef _Policy_Cp_Hash_FP_H_ #define _Policy_Cp_Hash_FP_H_ // Input structure definition typedef struct { TPMI_SH_POLICY policySession; TPM2B_DIGEST cpHashA; } PolicyCpHash_In; // Response code modifiers #define RC_PolicyCpHash_policySession (TPM_RC_H + TPM_RC_1) #define RC_PolicyCpHash_cpHashA (TPM_RC_P + TPM_RC_1) // Function prototype TPM_RC TPM2_PolicyCpHash( PolicyCpHash_In *in ); #endif // _Policy_Cp_Hash_FP_H_ #endif // CC_PolicyCpHash PolicyDuplicationSelect_fp.h000066400000000000000000000054401510276467000334340ustar00rootroot00000000000000go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_PolicyDuplicationSelect // Command must be enabled #ifndef _Policy_Duplication_Select_FP_H_ #define _Policy_Duplication_Select_FP_H_ // Input structure definition typedef struct { TPMI_SH_POLICY policySession; TPM2B_NAME objectName; TPM2B_NAME newParentName; TPMI_YES_NO includeObject; } PolicyDuplicationSelect_In; // Response code modifiers #define RC_PolicyDuplicationSelect_policySession (TPM_RC_H + TPM_RC_1) #define RC_PolicyDuplicationSelect_objectName (TPM_RC_P + TPM_RC_1) #define RC_PolicyDuplicationSelect_newParentName (TPM_RC_P + TPM_RC_2) #define RC_PolicyDuplicationSelect_includeObject (TPM_RC_P + TPM_RC_3) // Function prototype TPM_RC TPM2_PolicyDuplicationSelect( PolicyDuplicationSelect_In *in ); #endif // _Policy_Duplication_Select_FP_H_ #endif // CC_PolicyDuplicationSelect go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyGetDigest_fp.h000066400000000000000000000047601510276467000317630ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_PolicyGetDigest // Command must be enabled #ifndef _Policy_Get_Digest_FP_H_ #define _Policy_Get_Digest_FP_H_ // Input structure definition typedef struct { TPMI_SH_POLICY policySession; } PolicyGetDigest_In; // Output structure definition typedef struct { TPM2B_DIGEST policyDigest; } PolicyGetDigest_Out; // Response code modifiers #define RC_PolicyGetDigest_policySession (TPM_RC_H + TPM_RC_1) // Function prototype TPM_RC TPM2_PolicyGetDigest( PolicyGetDigest_In *in, PolicyGetDigest_Out *out ); #endif // _Policy_Get_Digest_FP_H_ #endif // CC_PolicyGetDigest go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyLocality_fp.h000066400000000000000000000046461510276467000316670ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_PolicyLocality // Command must be enabled #ifndef _Policy_Locality_FP_H_ #define _Policy_Locality_FP_H_ // Input structure definition typedef struct { TPMI_SH_POLICY policySession; TPMA_LOCALITY locality; } PolicyLocality_In; // Response code modifiers #define RC_PolicyLocality_policySession (TPM_RC_H + TPM_RC_1) #define RC_PolicyLocality_locality (TPM_RC_P + TPM_RC_1) // Function prototype TPM_RC TPM2_PolicyLocality( PolicyLocality_In *in ); #endif // _Policy_Locality_FP_H_ #endif // CC_PolicyLocality go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyNV_fp.h000066400000000000000000000053741510276467000304310ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_PolicyNV // Command must be enabled #ifndef _Policy_NV_FP_H_ #define _Policy_NV_FP_H_ // Input structure definition typedef struct { TPMI_RH_NV_AUTH authHandle; TPMI_RH_NV_INDEX nvIndex; TPMI_SH_POLICY policySession; TPM2B_OPERAND operandB; UINT16 offset; TPM_EO operation; } PolicyNV_In; // Response code modifiers #define RC_PolicyNV_authHandle (TPM_RC_H + TPM_RC_1) #define RC_PolicyNV_nvIndex (TPM_RC_H + TPM_RC_2) #define RC_PolicyNV_policySession (TPM_RC_H + TPM_RC_3) #define RC_PolicyNV_operandB (TPM_RC_P + TPM_RC_1) #define RC_PolicyNV_offset (TPM_RC_P + TPM_RC_2) #define RC_PolicyNV_operation (TPM_RC_P + TPM_RC_3) // Function prototype TPM_RC TPM2_PolicyNV( PolicyNV_In *in ); #endif // _Policy_NV_FP_H_ #endif // CC_PolicyNV go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyNameHash_fp.h000066400000000000000000000046511510276467000315670ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_PolicyNameHash // Command must be enabled #ifndef _Policy_Name_Hash_FP_H_ #define _Policy_Name_Hash_FP_H_ // Input structure definition typedef struct { TPMI_SH_POLICY policySession; TPM2B_DIGEST nameHash; } PolicyNameHash_In; // Response code modifiers #define RC_PolicyNameHash_policySession (TPM_RC_H + TPM_RC_1) #define RC_PolicyNameHash_nameHash (TPM_RC_P + TPM_RC_1) // Function prototype TPM_RC TPM2_PolicyNameHash( PolicyNameHash_In *in ); #endif // _Policy_Name_Hash_FP_H_ #endif // CC_PolicyNameHash go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyNvWritten_fp.h000066400000000000000000000046721510276467000320460ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_PolicyNvWritten // Command must be enabled #ifndef _Policy_Nv_Written_FP_H_ #define _Policy_Nv_Written_FP_H_ // Input structure definition typedef struct { TPMI_SH_POLICY policySession; TPMI_YES_NO writtenSet; } PolicyNvWritten_In; // Response code modifiers #define RC_PolicyNvWritten_policySession (TPM_RC_H + TPM_RC_1) #define RC_PolicyNvWritten_writtenSet (TPM_RC_P + TPM_RC_1) // Function prototype TPM_RC TPM2_PolicyNvWritten( PolicyNvWritten_In *in ); #endif // _Policy_Nv_Written_FP_H_ #endif // CC_PolicyNvWritten go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyOR_fp.h000066400000000000000000000045651510276467000304270ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_PolicyOR // Command must be enabled #ifndef _Policy_OR_FP_H_ #define _Policy_OR_FP_H_ // Input structure definition typedef struct { TPMI_SH_POLICY policySession; TPML_DIGEST pHashList; } PolicyOR_In; // Response code modifiers #define RC_PolicyOR_policySession (TPM_RC_H + TPM_RC_1) #define RC_PolicyOR_pHashList (TPM_RC_P + TPM_RC_1) // Function prototype TPM_RC TPM2_PolicyOR( PolicyOR_In *in ); #endif // _Policy_OR_FP_H_ #endif // CC_PolicyOR go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyPCR_fp.h000066400000000000000000000047321510276467000305270ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_PolicyPCR // Command must be enabled #ifndef _Policy_PCR_FP_H_ #define _Policy_PCR_FP_H_ // Input structure definition typedef struct { TPMI_SH_POLICY policySession; TPM2B_DIGEST pcrDigest; TPML_PCR_SELECTION pcrs; } PolicyPCR_In; // Response code modifiers #define RC_PolicyPCR_policySession (TPM_RC_H + TPM_RC_1) #define RC_PolicyPCR_pcrDigest (TPM_RC_P + TPM_RC_1) #define RC_PolicyPCR_pcrs (TPM_RC_P + TPM_RC_2) // Function prototype TPM_RC TPM2_PolicyPCR( PolicyPCR_In *in ); #endif // _Policy_PCR_FP_H_ #endif // CC_PolicyPCR go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyPassword_fp.h000066400000000000000000000045001510276467000316760ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_PolicyPassword // Command must be enabled #ifndef _Policy_Password_FP_H_ #define _Policy_Password_FP_H_ // Input structure definition typedef struct { TPMI_SH_POLICY policySession; } PolicyPassword_In; // Response code modifiers #define RC_PolicyPassword_policySession (TPM_RC_H + TPM_RC_1) // Function prototype TPM_RC TPM2_PolicyPassword( PolicyPassword_In *in ); #endif // _Policy_Password_FP_H_ #endif // CC_PolicyPassword go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyPhysicalPresence_fp.h000066400000000000000000000046231510276467000333430ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_PolicyPhysicalPresence // Command must be enabled #ifndef _Policy_Physical_Presence_FP_H_ #define _Policy_Physical_Presence_FP_H_ // Input structure definition typedef struct { TPMI_SH_POLICY policySession; } PolicyPhysicalPresence_In; // Response code modifiers #define RC_PolicyPhysicalPresence_policySession (TPM_RC_H + TPM_RC_1) // Function prototype TPM_RC TPM2_PolicyPhysicalPresence( PolicyPhysicalPresence_In *in ); #endif // _Policy_Physical_Presence_FP_H_ #endif // CC_PolicyPhysicalPresence go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyRestart_fp.h000066400000000000000000000044711510276467000315270ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_PolicyRestart // Command must be enabled #ifndef _Policy_Restart_FP_H_ #define _Policy_Restart_FP_H_ // Input structure definition typedef struct { TPMI_SH_POLICY sessionHandle; } PolicyRestart_In; // Response code modifiers #define RC_PolicyRestart_sessionHandle (TPM_RC_H + TPM_RC_1) // Function prototype TPM_RC TPM2_PolicyRestart( PolicyRestart_In *in ); #endif // _Policy_Restart_FP_H_ #endif // CC_PolicyRestart go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicySecret_fp.h000066400000000000000000000057711510276467000313340ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_PolicySecret // Command must be enabled #ifndef _Policy_Secret_FP_H_ #define _Policy_Secret_FP_H_ // Input structure definition typedef struct { TPMI_DH_ENTITY authHandle; TPMI_SH_POLICY policySession; TPM2B_NONCE nonceTPM; TPM2B_DIGEST cpHashA; TPM2B_NONCE policyRef; INT32 expiration; } PolicySecret_In; // Output structure definition typedef struct { TPM2B_TIMEOUT timeout; TPMT_TK_AUTH policyTicket; } PolicySecret_Out; // Response code modifiers #define RC_PolicySecret_authHandle (TPM_RC_H + TPM_RC_1) #define RC_PolicySecret_policySession (TPM_RC_H + TPM_RC_2) #define RC_PolicySecret_nonceTPM (TPM_RC_P + TPM_RC_1) #define RC_PolicySecret_cpHashA (TPM_RC_P + TPM_RC_2) #define RC_PolicySecret_policyRef (TPM_RC_P + TPM_RC_3) #define RC_PolicySecret_expiration (TPM_RC_P + TPM_RC_4) // Function prototype TPM_RC TPM2_PolicySecret( PolicySecret_In *in, PolicySecret_Out *out ); #endif // _Policy_Secret_FP_H_ #endif // CC_PolicySecret go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicySigned_fp.h000066400000000000000000000061271510276467000313140ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_PolicySigned // Command must be enabled #ifndef _Policy_Signed_FP_H_ #define _Policy_Signed_FP_H_ // Input structure definition typedef struct { TPMI_DH_OBJECT authObject; TPMI_SH_POLICY policySession; TPM2B_NONCE nonceTPM; TPM2B_DIGEST cpHashA; TPM2B_NONCE policyRef; INT32 expiration; TPMT_SIGNATURE auth; } PolicySigned_In; // Output structure definition typedef struct { TPM2B_TIMEOUT timeout; TPMT_TK_AUTH policyTicket; } PolicySigned_Out; // Response code modifiers #define RC_PolicySigned_authObject (TPM_RC_H + TPM_RC_1) #define RC_PolicySigned_policySession (TPM_RC_H + TPM_RC_2) #define RC_PolicySigned_nonceTPM (TPM_RC_P + TPM_RC_1) #define RC_PolicySigned_cpHashA (TPM_RC_P + TPM_RC_2) #define RC_PolicySigned_policyRef (TPM_RC_P + TPM_RC_3) #define RC_PolicySigned_expiration (TPM_RC_P + TPM_RC_4) #define RC_PolicySigned_auth (TPM_RC_P + TPM_RC_5) // Function prototype TPM_RC TPM2_PolicySigned( PolicySigned_In *in, PolicySigned_Out *out ); #endif // _Policy_Signed_FP_H_ #endif // CC_PolicySigned go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyTemplate_fp.h000066400000000000000000000046561510276467000316630ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_PolicyTemplate // Command must be enabled #ifndef _Policy_Template_FP_H_ #define _Policy_Template_FP_H_ // Input structure definition typedef struct { TPMI_SH_POLICY policySession; TPM2B_DIGEST templateHash; } PolicyTemplate_In; // Response code modifiers #define RC_PolicyTemplate_policySession (TPM_RC_H + TPM_RC_1) #define RC_PolicyTemplate_templateHash (TPM_RC_P + TPM_RC_1) // Function prototype TPM_RC TPM2_PolicyTemplate( PolicyTemplate_In *in ); #endif // _Policy_Template_FP_H_ #endif // CC_PolicyTemplate go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PolicyTicket_fp.h000066400000000000000000000054411510276467000313240ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_PolicyTicket // Command must be enabled #ifndef _Policy_Ticket_FP_H_ #define _Policy_Ticket_FP_H_ // Input structure definition typedef struct { TPMI_SH_POLICY policySession; TPM2B_TIMEOUT timeout; TPM2B_DIGEST cpHashA; TPM2B_NONCE policyRef; TPM2B_NAME authName; TPMT_TK_AUTH ticket; } PolicyTicket_In; // Response code modifiers #define RC_PolicyTicket_policySession (TPM_RC_H + TPM_RC_1) #define RC_PolicyTicket_timeout (TPM_RC_P + TPM_RC_1) #define RC_PolicyTicket_cpHashA (TPM_RC_P + TPM_RC_2) #define RC_PolicyTicket_policyRef (TPM_RC_P + TPM_RC_3) #define RC_PolicyTicket_authName (TPM_RC_P + TPM_RC_4) #define RC_PolicyTicket_ticket (TPM_RC_P + TPM_RC_5) // Function prototype TPM_RC TPM2_PolicyTicket( PolicyTicket_In *in ); #endif // _Policy_Ticket_FP_H_ #endif // CC_PolicyTicket go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Policy_AC_SendSelect_fp.h000066400000000000000000000055211510276467000326330ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_Policy_AC_SendSelect // Command must be enabled #ifndef _Policy_AC_Send_Select_FP_H_ #define _Policy_AC_Send_Select_FP_H_ // Input structure definition typedef struct { TPMI_SH_POLICY policySession; TPM2B_NAME objectName; TPM2B_NAME authHandleName; TPM2B_NAME acName; TPMI_YES_NO includeObject; } Policy_AC_SendSelect_In; // Response code modifiers #define RC_Policy_AC_SendSelect_policySession (TPM_RC_H + TPM_RC_1) #define RC_Policy_AC_SendSelect_objectName (TPM_RC_P + TPM_RC_1) #define RC_Policy_AC_SendSelect_authHandleName (TPM_RC_P + TPM_RC_2) #define RC_Policy_AC_SendSelect_acName (TPM_RC_P + TPM_RC_3) #define RC_Policy_AC_SendSelect_includeObject (TPM_RC_P + TPM_RC_4) // Function prototype TPM_RC TPM2_Policy_AC_SendSelect( Policy_AC_SendSelect_In *in ); #endif // _Policy_AC_Send_Select_FP_H_ #endif // CC_Policy_AC_SendSelect go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Policy_spt_fp.h000066400000000000000000000077151510276467000310540ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Mar 28, 2019 Time: 08:25:18PM */ #ifndef _POLICY_SPT_FP_H_ #define _POLICY_SPT_FP_H_ //** Functions //*** PolicyParameterChecks() // This function validates the common parameters of TPM2_PolicySiged() // and TPM2_PolicySecret(). The common parameters are 'nonceTPM', // 'expiration', and 'cpHashA'. TPM_RC PolicyParameterChecks( SESSION *session, UINT64 authTimeout, TPM2B_DIGEST *cpHashA, TPM2B_NONCE *nonce, TPM_RC blameNonce, TPM_RC blameCpHash, TPM_RC blameExpiration ); //*** PolicyContextUpdate() // Update policy hash // Update the policyDigest in policy session by extending policyRef and // objectName to it. This will also update the cpHash if it is present. // Return Type: void void PolicyContextUpdate( TPM_CC commandCode, // IN: command code TPM2B_NAME *name, // IN: name of entity TPM2B_NONCE *ref, // IN: the reference data TPM2B_DIGEST *cpHash, // IN: the cpHash (optional) UINT64 policyTimeout, // IN: the timeout value for the policy SESSION *session // IN/OUT: policy session to be updated ); //*** ComputeAuthTimeout() // This function is used to determine what the authorization timeout value for // the session should be. UINT64 ComputeAuthTimeout( SESSION *session, // IN: the session containing the time // values INT32 expiration, // IN: either the number of seconds from // the start of the session or the // time in g_timer; TPM2B_NONCE *nonce // IN: indicator of the time base ); //*** PolicyDigestClear() // Function to reset the policyDigest of a session void PolicyDigestClear( SESSION *session ); BOOL PolicySptCheckCondition( TPM_EO operation, BYTE *opA, BYTE *opB, UINT16 size ); #endif // _POLICY_SPT_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Power_fp.h000066400000000000000000000047671510276467000300270ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Apr 2, 2019 Time: 11:00:49AM */ #ifndef _POWER_FP_H_ #define _POWER_FP_H_ //*** TPMInit() // This function is used to process a power on event. void TPMInit( void ); //*** TPMRegisterStartup() // This function registers the fact that the TPM has been initialized // (a TPM2_Startup() has completed successfully). BOOL TPMRegisterStartup( void ); //*** TPMIsStarted() // Indicates if the TPM has been initialized (a TPM2_Startup() has completed // successfully after a _TPM_Init). // Return Type: BOOL // TRUE(1) TPM has been initialized // FALSE(0) TPM has not been initialized BOOL TPMIsStarted( void ); #endif // _POWER_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/PropertyCap_fp.h000066400000000000000000000052751510276467000311760ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Mar 28, 2019 Time: 08:25:19PM */ #ifndef _PROPERTY_CAP_FP_H_ #define _PROPERTY_CAP_FP_H_ //*** TPMCapGetProperties() // This function is used to get the TPM_PT values. The search of properties will // start at 'property' and continue until 'propertyList' has as many values as // will fit, or the last property has been reported, or the list has as many // values as requested in 'count'. // Return Type: TPMI_YES_NO // YES more properties are available // NO no more properties to be reported TPMI_YES_NO TPMCapGetProperties( TPM_PT property, // IN: the starting TPM property UINT32 count, // IN: maximum number of returned // properties TPML_TAGGED_TPM_PROPERTY *propertyList // OUT: property list ); #endif // _PROPERTY_CAP_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Quote_fp.h000066400000000000000000000053361510276467000300210ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_Quote // Command must be enabled #ifndef _Quote_FP_H_ #define _Quote_FP_H_ // Input structure definition typedef struct { TPMI_DH_OBJECT signHandle; TPM2B_DATA qualifyingData; TPMT_SIG_SCHEME inScheme; TPML_PCR_SELECTION PCRselect; } Quote_In; // Output structure definition typedef struct { TPM2B_ATTEST quoted; TPMT_SIGNATURE signature; } Quote_Out; // Response code modifiers #define RC_Quote_signHandle (TPM_RC_H + TPM_RC_1) #define RC_Quote_qualifyingData (TPM_RC_P + TPM_RC_1) #define RC_Quote_inScheme (TPM_RC_P + TPM_RC_2) #define RC_Quote_PCRselect (TPM_RC_P + TPM_RC_3) // Function prototype TPM_RC TPM2_Quote( Quote_In *in, Quote_Out *out ); #endif // _Quote_FP_H_ #endif // CC_Quote go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/RSA_Decrypt_fp.h000066400000000000000000000053421510276467000310400ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_RSA_Decrypt // Command must be enabled #ifndef _RSA_Decrypt_FP_H_ #define _RSA_Decrypt_FP_H_ // Input structure definition typedef struct { TPMI_DH_OBJECT keyHandle; TPM2B_PUBLIC_KEY_RSA cipherText; TPMT_RSA_DECRYPT inScheme; TPM2B_DATA label; } RSA_Decrypt_In; // Output structure definition typedef struct { TPM2B_PUBLIC_KEY_RSA message; } RSA_Decrypt_Out; // Response code modifiers #define RC_RSA_Decrypt_keyHandle (TPM_RC_H + TPM_RC_1) #define RC_RSA_Decrypt_cipherText (TPM_RC_P + TPM_RC_1) #define RC_RSA_Decrypt_inScheme (TPM_RC_P + TPM_RC_2) #define RC_RSA_Decrypt_label (TPM_RC_P + TPM_RC_3) // Function prototype TPM_RC TPM2_RSA_Decrypt( RSA_Decrypt_In *in, RSA_Decrypt_Out *out ); #endif // _RSA_Decrypt_FP_H_ #endif // CC_RSA_Decrypt go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/RSA_Encrypt_fp.h000066400000000000000000000053331510276467000310520ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_RSA_Encrypt // Command must be enabled #ifndef _RSA_Encrypt_FP_H_ #define _RSA_Encrypt_FP_H_ // Input structure definition typedef struct { TPMI_DH_OBJECT keyHandle; TPM2B_PUBLIC_KEY_RSA message; TPMT_RSA_DECRYPT inScheme; TPM2B_DATA label; } RSA_Encrypt_In; // Output structure definition typedef struct { TPM2B_PUBLIC_KEY_RSA outData; } RSA_Encrypt_Out; // Response code modifiers #define RC_RSA_Encrypt_keyHandle (TPM_RC_H + TPM_RC_1) #define RC_RSA_Encrypt_message (TPM_RC_P + TPM_RC_1) #define RC_RSA_Encrypt_inScheme (TPM_RC_P + TPM_RC_2) #define RC_RSA_Encrypt_label (TPM_RC_P + TPM_RC_3) // Function prototype TPM_RC TPM2_RSA_Encrypt( RSA_Encrypt_In *in, RSA_Encrypt_Out *out ); #endif // _RSA_Encrypt_FP_H_ #endif // CC_RSA_Encrypt go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ReadClock_fp.h000066400000000000000000000043031510276467000305440ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_ReadClock // Command must be enabled #ifndef _Read_Clock_FP_H_ #define _Read_Clock_FP_H_ // Output structure definition typedef struct { TPMS_TIME_INFO currentTime; } ReadClock_Out; // Function prototype TPM_RC TPM2_ReadClock( ReadClock_Out *out ); #endif // _Read_Clock_FP_H_ #endif // CC_ReadClock go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ReadPublic_fp.h000066400000000000000000000050201510276467000307240ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_ReadPublic // Command must be enabled #ifndef _Read_Public_FP_H_ #define _Read_Public_FP_H_ // Input structure definition typedef struct { TPMI_DH_OBJECT objectHandle; } ReadPublic_In; // Output structure definition typedef struct { TPM2B_PUBLIC outPublic; TPM2B_NAME name; TPM2B_NAME qualifiedName; } ReadPublic_Out; // Response code modifiers #define RC_ReadPublic_objectHandle (TPM_RC_H + TPM_RC_1) // Function prototype TPM_RC TPM2_ReadPublic( ReadPublic_In *in, ReadPublic_Out *out ); #endif // _Read_Public_FP_H_ #endif // CC_ReadPublic go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ResponseCodeProcessing_fp.h000066400000000000000000000043311510276467000333440ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Mar 28, 2019 Time: 08:25:19PM */ #ifndef _RESPONSE_CODE_PROCESSING_FP_H_ #define _RESPONSE_CODE_PROCESSING_FP_H_ //** RcSafeAddToResult() // Adds a modifier to a response code as long as the response code allows a modifier // and no modifier has already been added. TPM_RC RcSafeAddToResult( TPM_RC responseCode, TPM_RC modifier ); #endif // _RESPONSE_CODE_PROCESSING_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Response_fp.h000066400000000000000000000044541510276467000305220ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Mar 28, 2019 Time: 08:25:19PM */ #ifndef _RESPONSE_FP_H_ #define _RESPONSE_FP_H_ //** BuildResponseHeader() // Adds the response header to the response. It will update command->parameterSize // to indicate the total size of the response. void BuildResponseHeader( COMMAND *command, // IN: main control structure BYTE *buffer, // OUT: the output buffer TPM_RC result // IN: the response code ); #endif // _RESPONSE_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Rewrap_fp.h000066400000000000000000000055101510276467000301560ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_Rewrap // Command must be enabled #ifndef _Rewrap_FP_H_ #define _Rewrap_FP_H_ // Input structure definition typedef struct { TPMI_DH_OBJECT oldParent; TPMI_DH_OBJECT newParent; TPM2B_PRIVATE inDuplicate; TPM2B_NAME name; TPM2B_ENCRYPTED_SECRET inSymSeed; } Rewrap_In; // Output structure definition typedef struct { TPM2B_PRIVATE outDuplicate; TPM2B_ENCRYPTED_SECRET outSymSeed; } Rewrap_Out; // Response code modifiers #define RC_Rewrap_oldParent (TPM_RC_H + TPM_RC_1) #define RC_Rewrap_newParent (TPM_RC_H + TPM_RC_2) #define RC_Rewrap_inDuplicate (TPM_RC_P + TPM_RC_1) #define RC_Rewrap_name (TPM_RC_P + TPM_RC_2) #define RC_Rewrap_inSymSeed (TPM_RC_P + TPM_RC_3) // Function prototype TPM_RC TPM2_Rewrap( Rewrap_In *in, Rewrap_Out *out ); #endif // _Rewrap_FP_H_ #endif // CC_Rewrap go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/RsaKeyCache_fp.h000066400000000000000000000050311510276467000310360ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Mar 28, 2019 Time: 08:25:19PM */ #ifndef _RSA_KEY_CACHE_FP_H_ #define _RSA_KEY_CACHE_FP_H_ #if USE_RSA_KEY_CACHE //*** RsaKeyCacheControl() // Used to enable and disable the RSA key cache. LIB_EXPORT void RsaKeyCacheControl( int state ); //*** GetCachedRsaKey() // Return Type: BOOL // TRUE(1) key loaded // FALSE(0) key not loaded BOOL GetCachedRsaKey( TPMT_PUBLIC *publicArea, TPMT_SENSITIVE *sensitive, RAND_STATE *rand // IN: if not NULL, the deterministic // RNG state ); #endif // defined SIMULATION && defined USE_RSA_KEY_CACHE #endif // _RSA_KEY_CACHE_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SelfTest_fp.h000066400000000000000000000044111510276467000304460ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_SelfTest // Command must be enabled #ifndef _Self_Test_FP_H_ #define _Self_Test_FP_H_ // Input structure definition typedef struct { TPMI_YES_NO fullTest; } SelfTest_In; // Response code modifiers #define RC_SelfTest_fullTest (TPM_RC_P + TPM_RC_1) // Function prototype TPM_RC TPM2_SelfTest( SelfTest_In *in ); #endif // _Self_Test_FP_H_ #endif // CC_SelfTest go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SequenceComplete_fp.h000066400000000000000000000053541510276467000321650ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_SequenceComplete // Command must be enabled #ifndef _Sequence_Complete_FP_H_ #define _Sequence_Complete_FP_H_ // Input structure definition typedef struct { TPMI_DH_OBJECT sequenceHandle; TPM2B_MAX_BUFFER buffer; TPMI_RH_HIERARCHY hierarchy; } SequenceComplete_In; // Output structure definition typedef struct { TPM2B_DIGEST result; TPMT_TK_HASHCHECK validation; } SequenceComplete_Out; // Response code modifiers #define RC_SequenceComplete_sequenceHandle (TPM_RC_H + TPM_RC_1) #define RC_SequenceComplete_buffer (TPM_RC_P + TPM_RC_1) #define RC_SequenceComplete_hierarchy (TPM_RC_P + TPM_RC_2) // Function prototype TPM_RC TPM2_SequenceComplete( SequenceComplete_In *in, SequenceComplete_Out *out ); #endif // _Sequence_Complete_FP_H_ #endif // CC_SequenceComplete go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SequenceUpdate_fp.h000066400000000000000000000046511510276467000316360ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_SequenceUpdate // Command must be enabled #ifndef _Sequence_Update_FP_H_ #define _Sequence_Update_FP_H_ // Input structure definition typedef struct { TPMI_DH_OBJECT sequenceHandle; TPM2B_MAX_BUFFER buffer; } SequenceUpdate_In; // Response code modifiers #define RC_SequenceUpdate_sequenceHandle (TPM_RC_H + TPM_RC_1) #define RC_SequenceUpdate_buffer (TPM_RC_P + TPM_RC_1) // Function prototype TPM_RC TPM2_SequenceUpdate( SequenceUpdate_In *in ); #endif // _Sequence_Update_FP_H_ #endif // CC_SequenceUpdate go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SessionProcess_fp.h000066400000000000000000000113631510276467000317030ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Mar 28, 2019 Time: 08:25:19PM */ #ifndef _SESSION_PROCESS_FP_H_ #define _SESSION_PROCESS_FP_H_ //*** IsDAExempted() // This function indicates if a handle is exempted from DA logic. // A handle is exempted if it is // 1. a primary seed handle, // 2. an object with noDA bit SET, // 3. an NV Index with TPMA_NV_NO_DA bit SET, or // 4. a PCR handle. // // Return Type: BOOL // TRUE(1) handle is exempted from DA logic // FALSE(0) handle is not exempted from DA logic BOOL IsDAExempted( TPM_HANDLE handle // IN: entity handle ); //*** ClearCpRpHashes() void ClearCpRpHashes( COMMAND *command ); //*** CompareNameHash() // This function computes the name hash and compares it to the nameHash in the // session data. BOOL CompareNameHash( COMMAND *command, // IN: main parsing structure SESSION *session // IN: session structure with nameHash ); //*** ParseSessionBuffer() // This function is the entry function for command session processing. // It iterates sessions in session area and reports if the required authorization // has been properly provided. It also processes audit session and passes the // information of encryption sessions to parameter encryption module. // // Return Type: TPM_RC // various parsing failure or authorization failure // TPM_RC ParseSessionBuffer( COMMAND *command // IN: the structure that contains ); //*** CheckAuthNoSession() // Function to process a command with no session associated. // The function makes sure all the handles in the command require no authorization. // // Return Type: TPM_RC // TPM_RC_AUTH_MISSING failure - one or more handles require // authorization TPM_RC CheckAuthNoSession( COMMAND *command // IN: command parsing structure ); //*** BuildResponseSession() // Function to build Session buffer in a response. The authorization data is added // to the end of command->responseBuffer. The size of the authorization area is // accumulated in command->authSize. // When this is called, command->responseBuffer is pointing at the next location // in the response buffer to be filled. This is where the authorization sessions // will go, if any. command->parameterSize is the number of bytes that have been // marshaled as parameters in the output buffer. void BuildResponseSession( COMMAND *command // IN: structure that has relevant command // information ); //*** SessionRemoveAssociationToHandle() // This function deals with the case where an entity associated with an authorization // is deleted during command processing. The primary use of this is to support // UndefineSpaceSpecial(). void SessionRemoveAssociationToHandle( TPM_HANDLE handle ); #endif // _SESSION_PROCESS_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Session_fp.h000066400000000000000000000247171510276467000303530ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Apr 2, 2019 Time: 04:06:42PM */ #ifndef _SESSION_FP_H_ #define _SESSION_FP_H_ //** Startup Function -- SessionStartup() // This function initializes the session subsystem on TPM2_Startup(). BOOL SessionStartup( STARTUP_TYPE type ); //*** SessionIsLoaded() // This function test a session handle references a loaded session. The handle // must have previously been checked to make sure that it is a valid handle for // an authorization session. // NOTE: A PWAP authorization does not have a session. // // Return Type: BOOL // TRUE(1) session is loaded // FALSE(0) session is not loaded // BOOL SessionIsLoaded( TPM_HANDLE handle // IN: session handle ); //*** SessionIsSaved() // This function test a session handle references a saved session. The handle // must have previously been checked to make sure that it is a valid handle for // an authorization session. // NOTE: An password authorization does not have a session. // // This function requires that the handle be a valid session handle. // // Return Type: BOOL // TRUE(1) session is saved // FALSE(0) session is not saved // BOOL SessionIsSaved( TPM_HANDLE handle // IN: session handle ); //*** SequenceNumberForSavedContextIsValid() // This function validates that the sequence number and handle value within a // saved context are valid. BOOL SequenceNumberForSavedContextIsValid( TPMS_CONTEXT *context // IN: pointer to a context structure to be // validated ); //*** SessionPCRValueIsCurrent() // // This function is used to check if PCR values have been updated since the // last time they were checked in a policy session. // // This function requires the session is loaded. // Return Type: BOOL // TRUE(1) PCR value is current // FALSE(0) PCR value is not current BOOL SessionPCRValueIsCurrent( SESSION *session // IN: session structure ); //*** SessionGet() // This function returns a pointer to the session object associated with a // session handle. // // The function requires that the session is loaded. SESSION * SessionGet( TPM_HANDLE handle // IN: session handle ); //*** SessionCreate() // // This function does the detailed work for starting an authorization session. // This is done in a support routine rather than in the action code because // the session management may differ in implementations. This implementation // uses a fixed memory allocation to hold sessions and a fixed allocation // to hold the contextID for the saved contexts. // // Return Type: TPM_RC // TPM_RC_CONTEXT_GAP need to recycle sessions // TPM_RC_SESSION_HANDLE active session space is full // TPM_RC_SESSION_MEMORY loaded session space is full TPM_RC SessionCreate( TPM_SE sessionType, // IN: the session type TPMI_ALG_HASH authHash, // IN: the hash algorithm TPM2B_NONCE *nonceCaller, // IN: initial nonceCaller TPMT_SYM_DEF *symmetric, // IN: the symmetric algorithm TPMI_DH_ENTITY bind, // IN: the bind object TPM2B_DATA *seed, // IN: seed data TPM_HANDLE *sessionHandle, // OUT: the session handle TPM2B_NONCE *nonceTpm // OUT: the session nonce ); //*** SessionContextSave() // This function is called when a session context is to be saved. The // contextID of the saved session is returned. If no contextID can be // assigned, then the routine returns TPM_RC_CONTEXT_GAP. // If the function completes normally, the session slot will be freed. // // This function requires that 'handle' references a loaded session. // Otherwise, it should not be called at the first place. // // Return Type: TPM_RC // TPM_RC_CONTEXT_GAP a contextID could not be assigned. // TPM_RC_TOO_MANY_CONTEXTSthe counter maxed out // TPM_RC SessionContextSave( TPM_HANDLE handle, // IN: session handle CONTEXT_COUNTER *contextID // OUT: assigned contextID ); //*** SessionContextLoad() // This function is used to load a session from saved context. The session // handle must be for a saved context. // // If the gap is at a maximum, then the only session that can be loaded is // the oldest session, otherwise TPM_RC_CONTEXT_GAP is returned. /// // This function requires that 'handle' references a valid saved session. // // Return Type: TPM_RC // TPM_RC_SESSION_MEMORY no free session slots // TPM_RC_CONTEXT_GAP the gap count is maximum and this // is not the oldest saved context // TPM_RC SessionContextLoad( SESSION_BUF *session, // IN: session structure from saved context TPM_HANDLE *handle // IN/OUT: session handle ); //*** SessionFlush() // This function is used to flush a session referenced by its handle. If the // session associated with 'handle' is loaded, the session array entry is // marked as available. // // This function requires that 'handle' be a valid active session. // void SessionFlush( TPM_HANDLE handle // IN: loaded or saved session handle ); //*** SessionComputeBoundEntity() // This function computes the binding value for a session. The binding value // for a reserved handle is the handle itself. For all the other entities, // the authValue at the time of binding is included to prevent squatting. // For those values, the Name and the authValue are concatenated // into the bind buffer. If they will not both fit, the will be overlapped // by XORing bytes. If XOR is required, the bind value will be full. void SessionComputeBoundEntity( TPMI_DH_ENTITY entityHandle, // IN: handle of entity TPM2B_NAME *bind // OUT: binding value ); //*** SessionSetStartTime() // This function is used to initialize the session timing void SessionSetStartTime( SESSION *session // IN: the session to update ); //*** SessionResetPolicyData() // This function is used to reset the policy data without changing the nonce // or the start time of the session. void SessionResetPolicyData( SESSION *session // IN: the session to reset ); //*** SessionCapGetLoaded() // This function returns a list of handles of loaded session, started // from input 'handle' // // 'Handle' must be in valid loaded session handle range, but does not // have to point to a loaded session. // Return Type: TPMI_YES_NO // YES if there are more handles available // NO all the available handles has been returned TPMI_YES_NO SessionCapGetLoaded( TPMI_SH_POLICY handle, // IN: start handle UINT32 count, // IN: count of returned handles TPML_HANDLE *handleList // OUT: list of handle ); //*** SessionCapGetSaved() // This function returns a list of handles for saved session, starting at // 'handle'. // // 'Handle' must be in a valid handle range, but does not have to point to a // saved session // // Return Type: TPMI_YES_NO // YES if there are more handles available // NO all the available handles has been returned TPMI_YES_NO SessionCapGetSaved( TPMI_SH_HMAC handle, // IN: start handle UINT32 count, // IN: count of returned handles TPML_HANDLE *handleList // OUT: list of handle ); //*** SessionCapGetLoadedNumber() // This function return the number of authorization sessions currently // loaded into TPM RAM. UINT32 SessionCapGetLoadedNumber( void ); //*** SessionCapGetLoadedAvail() // This function returns the number of additional authorization sessions, of // any type, that could be loaded into TPM RAM. // NOTE: In other implementations, this number may just be an estimate. The only // requirement for the estimate is, if it is one or more, then at least one // session must be loadable. UINT32 SessionCapGetLoadedAvail( void ); //*** SessionCapGetActiveNumber() // This function returns the number of active authorization sessions currently // being tracked by the TPM. UINT32 SessionCapGetActiveNumber( void ); //*** SessionCapGetActiveAvail() // This function returns the number of additional authorization sessions, of any // type, that could be created. This not the number of slots for sessions, but // the number of additional sessions that the TPM is capable of tracking. UINT32 SessionCapGetActiveAvail( void ); #endif // _SESSION_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SetAlgorithmSet_fp.h000066400000000000000000000046651510276467000320060ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_SetAlgorithmSet // Command must be enabled #ifndef _Set_Algorithm_Set_FP_H_ #define _Set_Algorithm_Set_FP_H_ // Input structure definition typedef struct { TPMI_RH_PLATFORM authHandle; UINT32 algorithmSet; } SetAlgorithmSet_In; // Response code modifiers #define RC_SetAlgorithmSet_authHandle (TPM_RC_H + TPM_RC_1) #define RC_SetAlgorithmSet_algorithmSet (TPM_RC_P + TPM_RC_1) // Function prototype TPM_RC TPM2_SetAlgorithmSet( SetAlgorithmSet_In *in ); #endif // _Set_Algorithm_Set_FP_H_ #endif // CC_SetAlgorithmSet SetCommandCodeAuditStatus_fp.h000066400000000000000000000054431510276467000336640ustar00rootroot00000000000000go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_SetCommandCodeAuditStatus // Command must be enabled #ifndef _Set_Command_Code_Audit_Status_FP_H_ #define _Set_Command_Code_Audit_Status_FP_H_ // Input structure definition typedef struct { TPMI_RH_PROVISION auth; TPMI_ALG_HASH auditAlg; TPML_CC setList; TPML_CC clearList; } SetCommandCodeAuditStatus_In; // Response code modifiers #define RC_SetCommandCodeAuditStatus_auth (TPM_RC_H + TPM_RC_1) #define RC_SetCommandCodeAuditStatus_auditAlg (TPM_RC_P + TPM_RC_1) #define RC_SetCommandCodeAuditStatus_setList (TPM_RC_P + TPM_RC_2) #define RC_SetCommandCodeAuditStatus_clearList (TPM_RC_P + TPM_RC_3) // Function prototype TPM_RC TPM2_SetCommandCodeAuditStatus( SetCommandCodeAuditStatus_In *in ); #endif // _Set_Command_Code_Audit_Status_FP_H_ #endif // CC_SetCommandCodeAuditStatus go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/SetPrimaryPolicy_fp.h000066400000000000000000000050371510276467000322010ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_SetPrimaryPolicy // Command must be enabled #ifndef _Set_Primary_Policy_FP_H_ #define _Set_Primary_Policy_FP_H_ // Input structure definition typedef struct { TPMI_RH_HIERARCHY_AUTH authHandle; TPM2B_DIGEST authPolicy; TPMI_ALG_HASH hashAlg; } SetPrimaryPolicy_In; // Response code modifiers #define RC_SetPrimaryPolicy_authHandle (TPM_RC_H + TPM_RC_1) #define RC_SetPrimaryPolicy_authPolicy (TPM_RC_P + TPM_RC_1) #define RC_SetPrimaryPolicy_hashAlg (TPM_RC_P + TPM_RC_2) // Function prototype TPM_RC TPM2_SetPrimaryPolicy( SetPrimaryPolicy_In *in ); #endif // _Set_Primary_Policy_FP_H_ #endif // CC_SetPrimaryPolicy go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Shutdown_fp.h000066400000000000000000000044161510276467000305350ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_Shutdown // Command must be enabled #ifndef _Shutdown_FP_H_ #define _Shutdown_FP_H_ // Input structure definition typedef struct { TPM_SU shutdownType; } Shutdown_In; // Response code modifiers #define RC_Shutdown_shutdownType (TPM_RC_P + TPM_RC_1) // Function prototype TPM_RC TPM2_Shutdown( Shutdown_In *in ); #endif // _Shutdown_FP_H_ #endif // CC_Shutdown go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Sign_fp.h000066400000000000000000000052451510276467000276230ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_Sign // Command must be enabled #ifndef _Sign_FP_H_ #define _Sign_FP_H_ // Input structure definition typedef struct { TPMI_DH_OBJECT keyHandle; TPM2B_DIGEST digest; TPMT_SIG_SCHEME inScheme; TPMT_TK_HASHCHECK validation; } Sign_In; // Output structure definition typedef struct { TPMT_SIGNATURE signature; } Sign_Out; // Response code modifiers #define RC_Sign_keyHandle (TPM_RC_H + TPM_RC_1) #define RC_Sign_digest (TPM_RC_P + TPM_RC_1) #define RC_Sign_inScheme (TPM_RC_P + TPM_RC_2) #define RC_Sign_validation (TPM_RC_P + TPM_RC_3) // Function prototype TPM_RC TPM2_Sign( Sign_In *in, Sign_Out *out ); #endif // _Sign_FP_H_ #endif // CC_Sign go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/StartAuthSession_fp.h000066400000000000000000000062311510276467000322020ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_StartAuthSession // Command must be enabled #ifndef _Start_Auth_Session_FP_H_ #define _Start_Auth_Session_FP_H_ // Input structure definition typedef struct { TPMI_DH_OBJECT tpmKey; TPMI_DH_ENTITY bind; TPM2B_NONCE nonceCaller; TPM2B_ENCRYPTED_SECRET encryptedSalt; TPM_SE sessionType; TPMT_SYM_DEF symmetric; TPMI_ALG_HASH authHash; } StartAuthSession_In; // Output structure definition typedef struct { TPMI_SH_AUTH_SESSION sessionHandle; TPM2B_NONCE nonceTPM; } StartAuthSession_Out; // Response code modifiers #define RC_StartAuthSession_tpmKey (TPM_RC_H + TPM_RC_1) #define RC_StartAuthSession_bind (TPM_RC_H + TPM_RC_2) #define RC_StartAuthSession_nonceCaller (TPM_RC_P + TPM_RC_1) #define RC_StartAuthSession_encryptedSalt (TPM_RC_P + TPM_RC_2) #define RC_StartAuthSession_sessionType (TPM_RC_P + TPM_RC_3) #define RC_StartAuthSession_symmetric (TPM_RC_P + TPM_RC_4) #define RC_StartAuthSession_authHash (TPM_RC_P + TPM_RC_5) // Function prototype TPM_RC TPM2_StartAuthSession( StartAuthSession_In *in, StartAuthSession_Out *out ); #endif // _Start_Auth_Session_FP_H_ #endif // CC_StartAuthSession go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Startup_fp.h000066400000000000000000000044021510276467000303570ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_Startup // Command must be enabled #ifndef _Startup_FP_H_ #define _Startup_FP_H_ // Input structure definition typedef struct { TPM_SU startupType; } Startup_In; // Response code modifiers #define RC_Startup_startupType (TPM_RC_P + TPM_RC_1) // Function prototype TPM_RC TPM2_Startup( Startup_In *in ); #endif // _Startup_FP_H_ #endif // CC_Startup go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/StirRandom_fp.h000066400000000000000000000044251510276467000310040ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_StirRandom // Command must be enabled #ifndef _Stir_Random_FP_H_ #define _Stir_Random_FP_H_ // Input structure definition typedef struct { TPM2B_SENSITIVE_DATA inData; } StirRandom_In; // Response code modifiers #define RC_StirRandom_inData (TPM_RC_P + TPM_RC_1) // Function prototype TPM_RC TPM2_StirRandom( StirRandom_In *in ); #endif // _Stir_Random_FP_H_ #endif // CC_StirRandom go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TestParms_fp.h000066400000000000000000000044221510276467000306410ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_TestParms // Command must be enabled #ifndef _Test_Parms_FP_H_ #define _Test_Parms_FP_H_ // Input structure definition typedef struct { TPMT_PUBLIC_PARMS parameters; } TestParms_In; // Response code modifiers #define RC_TestParms_parameters (TPM_RC_P + TPM_RC_1) // Function prototype TPM_RC TPM2_TestParms( TestParms_In *in ); #endif // _Test_Parms_FP_H_ #endif // CC_TestParms go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Ticket_fp.h000066400000000000000000000103441510276467000301420ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Mar 28, 2019 Time: 08:25:19PM */ #ifndef _TICKET_FP_H_ #define _TICKET_FP_H_ //*** TicketIsSafe() // This function indicates if producing a ticket is safe. // It checks if the leading bytes of an input buffer is TPM_GENERATED_VALUE // or its substring of canonical form. If so, it is not safe to produce ticket // for an input buffer claiming to be TPM generated buffer // Return Type: BOOL // TRUE(1) safe to produce ticket // FALSE(0) not safe to produce ticket BOOL TicketIsSafe( TPM2B *buffer ); //*** TicketComputeVerified() // This function creates a TPMT_TK_VERIFIED ticket. void TicketComputeVerified( TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy constant for ticket TPM2B_DIGEST *digest, // IN: digest TPM2B_NAME *keyName, // IN: name of key that signed the values TPMT_TK_VERIFIED *ticket // OUT: verified ticket ); //*** TicketComputeAuth() // This function creates a TPMT_TK_AUTH ticket. void TicketComputeAuth( TPM_ST type, // IN: the type of ticket. TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy constant for ticket UINT64 timeout, // IN: timeout BOOL expiresOnReset,// IN: flag to indicate if ticket expires on // TPM Reset TPM2B_DIGEST *cpHashA, // IN: input cpHashA TPM2B_NONCE *policyRef, // IN: input policyRef TPM2B_NAME *entityName, // IN: name of entity TPMT_TK_AUTH *ticket // OUT: Created ticket ); //*** TicketComputeHashCheck() // This function creates a TPMT_TK_HASHCHECK ticket. void TicketComputeHashCheck( TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy constant for ticket TPM_ALG_ID hashAlg, // IN: the hash algorithm for 'digest' TPM2B_DIGEST *digest, // IN: input digest TPMT_TK_HASHCHECK *ticket // OUT: Created ticket ); //*** TicketComputeCreation() // This function creates a TPMT_TK_CREATION ticket. void TicketComputeCreation( TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy for ticket TPM2B_NAME *name, // IN: object name TPM2B_DIGEST *creation, // IN: creation hash TPMT_TK_CREATION *ticket // OUT: created ticket ); #endif // _TICKET_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Time_fp.h000066400000000000000000000125761510276467000276260ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Apr 2, 2019 Time: 04:23:27PM */ #ifndef _TIME_FP_H_ #define _TIME_FP_H_ //*** TimePowerOn() // This function initialize time info at _TPM_Init(). // // This function is called at _TPM_Init() so that the TPM time can start counting // as soon as the TPM comes out of reset and doesn't have to wait until // TPM2_Startup() in order to begin the new time epoch. This could be significant // for systems that could get powered up but not run any TPM commands for some // period of time. // void TimePowerOn( void ); //*** TimeStartup() // This function updates the resetCount and restartCount components of // TPMS_CLOCK_INFO structure at TPM2_Startup(). // // This function will deal with the deferred creation of a new epoch. // TimeUpdateToCurrent() will not start a new epoch even if one is due when // TPM_Startup() has not been run. This is because the state of NV is not known // until startup completes. When Startup is done, then it will create the epoch // nonce to complete the initializations by calling this function. BOOL TimeStartup( STARTUP_TYPE type // IN: start up type ); //*** TimeClockUpdate() // This function updates go.clock. If 'newTime' requires an update of NV, then // NV is checked for availability. If it is not available or is rate limiting, then // go.clock is not updated and the function returns an error. If 'newTime' would // not cause an NV write, then go.clock is updated. If an NV write occurs, then // go.safe is SET. void TimeClockUpdate( UINT64 newTime // IN: New time value in mS. ); //*** TimeUpdate() // This function is used to update the time and clock values. If the TPM // has run TPM2_Startup(), this function is called at the start of each command. // If the TPM has not run TPM2_Startup(), this is called from TPM2_Startup() to // get the clock values initialized. It is not called on command entry because, in // this implementation, the go structure is not read from NV until TPM2_Startup(). // The reason for this is that the initialization code (_TPM_Init()) may run before // NV is accessible. void TimeUpdate( void ); //*** TimeUpdateToCurrent() // This function updates the 'Time' and 'Clock' in the global // TPMS_TIME_INFO structure. // // In this implementation, 'Time' and 'Clock' are updated at the beginning // of each command and the values are unchanged for the duration of the // command. // // Because 'Clock' updates may require a write to NV memory, 'Time' and 'Clock' // are not allowed to advance if NV is not available. When clock is not advancing, // any function that uses 'Clock' will fail and return TPM_RC_NV_UNAVAILABLE or // TPM_RC_NV_RATE. // // This implementation does not do rate limiting. If the implementation does do // rate limiting, then the 'Clock' update should not be inhibited even when doing // rate limiting. void TimeUpdateToCurrent( void ); //*** TimeSetAdjustRate() // This function is used to perform rate adjustment on 'Time' and 'Clock'. void TimeSetAdjustRate( TPM_CLOCK_ADJUST adjust // IN: adjust constant ); //*** TimeGetMarshaled() // This function is used to access TPMS_TIME_INFO in canonical form. // The function collects the time information and marshals it into 'dataBuffer' // and returns the marshaled size UINT16 TimeGetMarshaled( TIME_INFO *dataBuffer // OUT: result buffer ); //*** TimeFillInfo // This function gathers information to fill in a TPMS_CLOCK_INFO structure. void TimeFillInfo( TPMS_CLOCK_INFO *clockInfo ); #endif // _TIME_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmASN1_fp.h000066400000000000000000000172461510276467000301120ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Apr 2, 2019 Time: 11:00:49AM */ #ifndef _TPM_ASN1_FP_H_ #define _TPM_ASN1_FP_H_ //*** ASN1UnmarshalContextInitialize() // Function does standard initialization of a context. // Return Type: BOOL // TRUE(1) success // FALSE(0) failure BOOL ASN1UnmarshalContextInitialize( ASN1UnmarshalContext *ctx, INT16 size, BYTE *buffer ); //***ASN1DecodeLength() // This function extracts the length of an element from 'buffer' starting at 'offset'. // Return Type: UINT16 // >=0 the extracted length // <0 an error INT16 ASN1DecodeLength( ASN1UnmarshalContext *ctx ); //***ASN1NextTag() // This function extracts the next type from 'buffer' starting at 'offset'. // It advances 'offset' as it parses the type and the length of the type. It returns // the length of the type. On return, the 'length' octets starting at 'offset' are the // octets of the type. // Return Type: UINT // >=0 the number of octets in 'type' // <0 an error INT16 ASN1NextTag( ASN1UnmarshalContext *ctx ); //*** ASN1GetBitStringValue() // Try to parse a bit string of up to 32 bits from a value that is expected to be // a bit string. // If there is a general parsing error, the context->size is set to -1. // Return Type: BOOL // TRUE(1) success // FALSE(0) failure BOOL ASN1GetBitStringValue( ASN1UnmarshalContext *ctx, UINT32 *val ); //*** ASN1InitialializeMarshalContext() // This creates a structure for handling marshaling of an ASN.1 formatted data // structure. void ASN1InitialializeMarshalContext( ASN1MarshalContext *ctx, INT16 length, BYTE *buffer ); //*** ASN1StartMarshalContext() // This starts a new constructed element. It is constructed on 'top' of the value // that was previously placed in the structure. void ASN1StartMarshalContext( ASN1MarshalContext *ctx ); //*** ASN1EndMarshalContext() // This function restores the end pointer for an encapsulating structure. // Return Type: INT16 // > 0 the size of the encapsulated structure that was just ended // <= 0 an error INT16 ASN1EndMarshalContext( ASN1MarshalContext *ctx ); //***ASN1EndEncapsulation() // This function puts a tag and length in the buffer. In this function, an embedded // BIT_STRING is assumed to be a collection of octets. To indicate that all bits // are used, a byte of zero is prepended. If a raw bit-string is needed, a new // function like ASN1PushInteger() would be needed. // Return Type: INT16 // > 0 number of octets in the encapsulation // == 0 failure UINT16 ASN1EndEncapsulation( ASN1MarshalContext *ctx, BYTE tag ); //*** ASN1PushByte() BOOL ASN1PushByte( ASN1MarshalContext *ctx, BYTE b ); //*** ASN1PushBytes() // Push some raw bytes onto the buffer. 'count' cannot be zero. // Return Type: IN16 // > 0 count bytes // == 0 failure unless count was zero INT16 ASN1PushBytes( ASN1MarshalContext *ctx, INT16 count, const BYTE *buffer ); //*** ASN1PushNull() // Return Type: IN16 // > 0 count bytes // == 0 failure unless count was zero INT16 ASN1PushNull( ASN1MarshalContext *ctx ); //*** ASN1PushLength() // Push a length value. This will only handle length values that fit in an INT16. // Return Type: UINT16 // > 0 number of bytes added // == 0 failure INT16 ASN1PushLength( ASN1MarshalContext *ctx, INT16 len ); //*** ASN1PushTagAndLength() // Return Type: INT16 // > 0 number of bytes added // == 0 failure INT16 ASN1PushTagAndLength( ASN1MarshalContext *ctx, BYTE tag, INT16 length ); //*** ASN1PushTaggedOctetString() // This function will push a random octet string. // Return Type: INT16 // > 0 number of bytes added // == 0 failure INT16 ASN1PushTaggedOctetString( ASN1MarshalContext *ctx, INT16 size, const BYTE *string, BYTE tag ); //*** ASN1PushUINT() // This function pushes an native-endian integer value. This just changes a // native-endian integer into a big-endian byte string and calls ASN1PushInteger(). // That function will remove leading zeros and make sure that the number is positive. // Return Type: IN16 // > 0 count bytes // == 0 failure unless count was zero INT16 ASN1PushUINT( ASN1MarshalContext *ctx, UINT32 integer ); //*** ASN1PushInteger // Push a big-endian integer on the end of the buffer // Return Type: UINT16 // > 0 the number of bytes marshaled for the integer // == 0 failure INT16 ASN1PushInteger( ASN1MarshalContext *ctx, // IN/OUT: buffer context INT16 iLen, // IN: octets of the integer BYTE *integer // IN: big-endian integer ); //*** ASN1PushOID() // This function is used to add an OID. An OID is 0x06 followed by a byte of size // followed by size bytes. This is used to avoid having to do anything special in the // definition of an OID. // Return Type: UINT16 // > 0 the number of bytes marshaled for the integer // == 0 failure INT16 ASN1PushOID( ASN1MarshalContext *ctx, const BYTE *OID ); #endif // _TPM_ASN1_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmFail_fp.h000066400000000000000000000067001510276467000302540ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Apr 2, 2019 Time: 03:18:00PM */ #ifndef _TPM_FAIL_FP_H_ #define _TPM_FAIL_FP_H_ //*** SetForceFailureMode() // This function is called by the simulator to enable failure mode testing. #if SIMULATION LIB_EXPORT void SetForceFailureMode( void ); #endif //*** TpmLogFailure() // This function saves the failure values when the code will continue to operate. It // if similar to TpmFail() but returns to the caller. The assumption is that the // caller will propagate a failure back up the stack. void TpmLogFailure( #if FAIL_TRACE const char *function, int line, #endif int code ); //*** TpmFail() // This function is called by TPM.lib when a failure occurs. It will set up the // failure values to be returned on TPM2_GetTestResult(). NORETURN void TpmFail( #if FAIL_TRACE const char *function, int line, #endif int code ); //*** TpmFailureMode( // This function is called by the interface code when the platform is in failure // mode. void TpmFailureMode( unsigned int inRequestSize, // IN: command buffer size unsigned char *inRequest, // IN: command buffer unsigned int *outResponseSize, // OUT: response buffer size unsigned char **outResponse // OUT: response buffer ); //*** UnmarshalFail() // This is a stub that is used to catch an attempt to unmarshal an entry // that is not defined. Don't ever expect this to be called but... void UnmarshalFail( void *type, BYTE **buffer, INT32 *size ); #endif // _TPM_FAIL_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmSizeChecks_fp.h000066400000000000000000000045611510276467000314370ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Mar 28, 2019 Time: 08:25:19PM */ #ifndef _TPM_SIZE_CHECKS_FP_H_ #define _TPM_SIZE_CHECKS_FP_H_ #if RUNTIME_SIZE_CHECKS //** TpmSizeChecks() // This function is used during the development process to make sure that the // vendor-specific values result in a consistent implementation. When possible, // the code contains #if to do compile-time checks. However, in some cases, the // values require the use of "sizeof()" and that can't be used in an #if. void TpmSizeChecks( void ); #endif // RUNTIME_SIZE_CHECKS #endif // _TPM_SIZE_CHECKS_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToLtcDesSupport_fp.h000066400000000000000000000046711510276467000324640ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or other * materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto) Automatically Generated by TpmPrototypes version 2.2 February 10, 2016 Date: Sep 9, 2016 Time: 01:03:57 PM */ #ifndef _TPMTOLTCDESSUPPORT_FP_H_ #define _TPMTOLTCDESSUPPORT_FP_H_ #if SYM_LIB == LTC && defined TPM_ALG_TDES //** TDES_setup // This function calls the LTC function to generate a TDES key schedule. If the // key is one DES key (8 bytes), then it is replicated two more times to create a // 24-byte TDES key. If the key is two key (16 bytes), then the first DES key is // replicated to the third key position. void TDES_setup( const BYTE *key, UINT32 keyBits, symmetric_key *skey ); #endif #endif // _TPMTOLTCDESSUPPORT_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToLtcMath_fp.h000066400000000000000000000124331510276467000312400ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or other * materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto) Automatically Generated by TpmPrototypes version 2.2 February 10, 2016 Date: Mar 23, 2017 Time: 03:31:51 PM */ #ifndef _TPMTOLTCMATH_FP_H_ #define _TPMTOLTCMATH_FP_H_ #if MATH_LIB == LTC //*** BnModMult() // Does multiply and divide returning the remainder of the divide. LIB_EXPORT BOOL BnModMult( bigNum result, bigConst op1, bigConst op2, bigConst modulus ); //*** BnMult() // Multiplies two numbers LIB_EXPORT BOOL BnMult( bigNum result, bigConst multiplicand, bigConst multiplier ); //*** BnDiv() // This function divides two BIGNUM values. The function always returns TRUE. LIB_EXPORT BOOL BnDiv( bigNum quotient, bigNum remainder, bigConst dividend, bigConst divisor ); #ifdef TPM_ALG_RSA //*** BnGcd() // Get the greatest common divisor of two numbers LIB_EXPORT BOOL BnGcd( bigNum gcd, // OUT: the common divisor bigConst number1, // IN: bigConst number2 // IN: ); //***BnModExp() // Do modular exponentiation using BIGNUM values. The conversion from a bignum_t // to a BIGNUM is trivial as they are based on the same structure LIB_EXPORT BOOL BnModExp( bigNum result, // OUT: the result bigConst number, // IN: number to exponentiate bigConst exponent, // IN: bigConst modulus // IN: ); //*** BnModInverse() // Modular multiplicative inverse LIB_EXPORT BOOL BnModInverse( bigNum result, bigConst number, bigConst modulus ); #endif // TPM_ALG_RSA #ifdef TPM_ALG_ECC //*** BnEccModMult() // This function does a point multiply of the form R = [d]S // return type: BOOL // FALSE failure in operation; treat as result being point at infinity LIB_EXPORT BOOL BnEccModMult( bigPoint R, // OUT: computed point pointConst S, // IN: point to multiply by 'd' bigConst d, // IN: scalar for [d]S bigCurve E ); //*** BnEccModMult2() // This function does a point multiply of the form R = [d]S + [u]Q // return type: BOOL // FALSE failure in operation; treat as result being point at infinity LIB_EXPORT BOOL BnEccModMult2( bigPoint R, // OUT: computed point pointConst S, // IN: first point (optional) bigConst d, // IN: scalar for [d]S or [d]G pointConst Q, // IN: second point bigConst u, // IN: second scalar bigCurve E // IN: curve ); //*** BnEccAdd() // This function does addition of two points. Since this is not implemented // in LibTomCrypt() will try to trick it by doing multiply with scalar of 1. // I have no idea if this will work and it's not needed unless MQV or the SM2 // variant is enabled. // return type: BOOL // FALSE failure in operation; treat as result being point at infinity LIB_EXPORT BOOL BnEccAdd( bigPoint R, // OUT: computed point pointConst S, // IN: point to multiply by 'd' pointConst Q, // IN: second point bigCurve E // IN: curve ); #endif // TPM_ALG_ECC #endif // MATH_LIB == LTC #endif // _TPMTOLTCMATH_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToLtcSupport_fp.h000066400000000000000000000053601510276467000320240ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or other * materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto) Automatically Generated by TpmPrototypes version 2.2 February 10, 2016 Date: Sep 9, 2016 Time: 01:03:57 PM */ #ifndef _TPMTOLTCSUPPORT_FP_H_ #define _TPMTOLTCSUPPORT_FP_H_ #if MATH_LIB == LTC //*** LtcRand() // This is a stub function that is called from the LibTomCrypt or libmpa code // to get a random number. In turn, this will call the random RandGenerate // function that was passed in LibraryInit(). This function will pass the pointer // to the current rand state along with the random byte request. uint32_t LtcRand( void *buf, size_t blen ); //*** SupportLibInit() // This does any initialization required by the support library. LIB_EXPORT int SupportLibInit( void ); //*** LtcPoolInit() // Function to initialize a pool. **** LIB_EXPORT mpa_scratch_mem LtcPoolInit( mpa_word_t *poolAddress, int vars, int bits ); #endif // MATH_LIB == LTC #endif // _TPMTOLTCSUPPORT_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToOsslDesSupport_fp.h000066400000000000000000000061221510276467000326530ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Apr 2, 2019 Time: 03:18:00PM */ #ifndef _TPM_TO_OSSL_DES_SUPPORT_FP_H_ #define _TPM_TO_OSSL_DES_SUPPORT_FP_H_ #if (defined SYM_LIB_OSSL) && ALG_TDES //**Functions //*** TDES_set_encyrpt_key() // This function makes creation of a TDES key look like the creation of a key for // any of the other OpenSSL block ciphers. It will create three key schedules, // one for each of the DES keys. If there are only two keys, then the third schedule // is a copy of the first. void TDES_set_encrypt_key( const BYTE *key, UINT16 keySizeInBits, tpmKeyScheduleTDES *keySchedule ); //*** TDES_encyrpt() // The TPM code uses one key schedule. For TDES, the schedule contains three // schedules. OpenSSL wants the schedules referenced separately. This function // does that. void TDES_encrypt( const BYTE *in, BYTE *out, tpmKeyScheduleTDES *ks ); //*** TDES_decrypt() // As with TDES_encypt() this function bridges between the TPM single schedule // model and the OpenSSL three schedule model. void TDES_decrypt( const BYTE *in, BYTE *out, tpmKeyScheduleTDES *ks ); #endif // SYM_LIB_OSSL #endif // _TPM_TO_OSSL_DES_SUPPORT_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToOsslMath_fp.h000066400000000000000000000172061510276467000314410ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Apr 2, 2019 Time: 03:18:00PM */ #ifndef _TPM_TO_OSSL_MATH_FP_H_ #define _TPM_TO_OSSL_MATH_FP_H_ #ifdef MATH_LIB_OSSL //*** OsslToTpmBn() // This function converts an OpenSSL BIGNUM to a TPM bignum. In this implementation // it is assumed that OpenSSL uses a different control structure but the same data // layout -- an array of native-endian words in little-endian order. // Return Type: BOOL // TRUE(1) success // FALSE(0) failure because value will not fit or OpenSSL variable doesn't // exist BOOL OsslToTpmBn( bigNum bn, BIGNUM *osslBn ); //*** BigInitialized() // This function initializes an OSSL BIGNUM from a TPM bigConst. Do not use this for // values that are passed to OpenSLL when they are not declared as const in the // function prototype. Instead, use BnNewVariable(). BIGNUM * BigInitialized( BIGNUM *toInit, bigConst initializer ); #if LIBRARY_COMPATIBILITY_CHECK //*** MathLibraryCompatibilityCheck() void MathLibraryCompatibilityCheck( void ); #endif //*** BnModMult() // This function does a modular multiply. It first does a multiply and then a divide // and returns the remainder of the divide. // Return Type: BOOL // TRUE(1) success // FALSE(0) failure in operation LIB_EXPORT BOOL BnModMult( bigNum result, bigConst op1, bigConst op2, bigConst modulus ); //*** BnMult() // Multiplies two numbers // Return Type: BOOL // TRUE(1) success // FALSE(0) failure in operation LIB_EXPORT BOOL BnMult( bigNum result, bigConst multiplicand, bigConst multiplier ); //*** BnDiv() // This function divides two bigNum values. The function returns FALSE if // there is an error in the operation. // Return Type: BOOL // TRUE(1) success // FALSE(0) failure in operation LIB_EXPORT BOOL BnDiv( bigNum quotient, bigNum remainder, bigConst dividend, bigConst divisor ); #if ALG_RSA //*** BnGcd() // Get the greatest common divisor of two numbers // Return Type: BOOL // TRUE(1) success // FALSE(0) failure in operation LIB_EXPORT BOOL BnGcd( bigNum gcd, // OUT: the common divisor bigConst number1, // IN: bigConst number2 // IN: ); //***BnModExp() // Do modular exponentiation using bigNum values. The conversion from a bignum_t to // a bigNum is trivial as they are based on the same structure // Return Type: BOOL // TRUE(1) success // FALSE(0) failure in operation LIB_EXPORT BOOL BnModExp( bigNum result, // OUT: the result bigConst number, // IN: number to exponentiate bigConst exponent, // IN: bigConst modulus // IN: ); //*** BnModInverse() // Modular multiplicative inverse // Return Type: BOOL // TRUE(1) success // FALSE(0) failure in operation LIB_EXPORT BOOL BnModInverse( bigNum result, bigConst number, bigConst modulus ); #endif // ALG_RSA #if ALG_ECC //*** BnCurveInitialize() // This function initializes the OpenSSL curve information structure. This // structure points to the TPM-defined values for the curve, to the context for the // number values in the frame, and to the OpenSSL-defined group values. // Return Type: bigCurve * // NULL the TPM_ECC_CURVE is not valid or there was a problem in // in initializing the curve data // non-NULL points to 'E' LIB_EXPORT bigCurve BnCurveInitialize( bigCurve E, // IN: curve structure to initialize TPM_ECC_CURVE curveId // IN: curve identifier ); //*** BnCurveFree() // This function will free the allocated components of the curve and end the // frame in which the curve data exists LIB_EXPORT void BnCurveFree( bigCurve E ); //*** BnEccModMult() // This function does a point multiply of the form R = [d]S // Return Type: BOOL // TRUE(1) success // FALSE(0) failure in operation; treat as result being point at infinity LIB_EXPORT BOOL BnEccModMult( bigPoint R, // OUT: computed point pointConst S, // IN: point to multiply by 'd' (optional) bigConst d, // IN: scalar for [d]S bigCurve E ); //*** BnEccModMult2() // This function does a point multiply of the form R = [d]G + [u]Q // Return Type: BOOL // TRUE(1) success // FALSE(0) failure in operation; treat as result being point at infinity LIB_EXPORT BOOL BnEccModMult2( bigPoint R, // OUT: computed point pointConst S, // IN: optional point bigConst d, // IN: scalar for [d]S or [d]G pointConst Q, // IN: second point bigConst u, // IN: second scalar bigCurve E // IN: curve ); //** BnEccAdd() // This function does addition of two points. // Return Type: BOOL // TRUE(1) success // FALSE(0) failure in operation; treat as result being point at infinity LIB_EXPORT BOOL BnEccAdd( bigPoint R, // OUT: computed point pointConst S, // IN: point to multiply by 'd' pointConst Q, // IN: second point bigCurve E // IN: curve ); #endif // ALG_ECC #endif // MATHLIB OSSL #endif // _TPM_TO_OSSL_MATH_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToOsslSupport_fp.h000066400000000000000000000056031510276467000322220ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Mar 28, 2019 Time: 08:25:19PM */ #ifndef _TPM_TO_OSSL_SUPPORT_FP_H_ #define _TPM_TO_OSSL_SUPPORT_FP_H_ #ifdef MATH_LIB_OSSL //*** SupportLibInit() // This does any initialization required by the support library. LIB_EXPORT int SupportLibInit( void ); //*** OsslContextEnter() // This function is used to initialize an OpenSSL context at the start of a function // that will call to an OpenSSL math function. BN_CTX * OsslContextEnter( void ); //*** OsslContextLeave() // This is the companion function to OsslContextEnter(). void OsslContextLeave( BN_CTX *CTX ); //*** OsslPushContext() // This function is used to create a frame in a context. All values allocated within // this context after the frame is started will be automatically freed when the // context (OsslPopContext() BN_CTX * OsslPushContext( BN_CTX *CTX ); //*** OsslPopContext() // This is the companion function to OsslPushContext(). void OsslPopContext( BN_CTX *CTX ); #endif // MATH_LIB_OSSL #endif // _TPM_TO_OSSL_SUPPORT_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToWolfDesSupport_fp.h000066400000000000000000000062571510276467000326530ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or other * materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto) Automatically Generated by TpmPrototypes version 2.2 February 10, 2016 Date: Sep 9, 2016 Time: 01:03:57 PM */ #ifndef _TPMTOWOLFDESSUPPORT_FP_H_ #define _TPMTOWOLFDESSUPPORT_FP_H_ #if SYM_LIB == WOLF && defined TPM_ALG_TDES //**Functions //** TDES_setup // This function calls the wolfcrypt function to generate a TDES key schedule. If the // If the key is two key (16 bytes), then the first DES key is replicated to the third // key position. int TDES_setup( const BYTE *key, UINT32 keyBits, tpmKeyScheduleTDES *skey, int dir ); //** TDES_setup_encrypt_key // This function calls into TDES_setup(), specifically for an encryption key. int TDES_setup_encrypt_key( const BYTE *key, UINT32 keyBits, tpmKeyScheduleTDES *skey ); //** TDES_setup_decrypt_key // This function calls into TDES_setup(), specifically for an decryption key. int TDES_setup_decrypt_key( const BYTE *key, UINT32 keyBits, tpmKeyScheduleTDES *skey ); //*** TDES_encyrpt() void TDES_encrypt( const BYTE *in, BYTE *out, tpmKeyScheduleTDES *ks ); //*** TDES_decrypt() void TDES_decrypt( const BYTE *in, BYTE *out, tpmKeyScheduleTDES *ks ); #endif // SYM_LIB == WOLF #endif // _TPMTOWOLFDESSUPPORT_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToWolfMath_fp.h000066400000000000000000000153211510276467000314240ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or other * materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto) Automatically Generated by TpmPrototypes version 2.2 February 10, 2016 Date: Sep 9, 2016 Time: 01:03:57 PM */ #ifndef _TPMTOWOLFMATH_FP_H_ #define _TPMTOWOLFMATH_FP_H_ #if MATH_LIB == WOLF //**Functions //*** BnFromWolf() // This function converts a wolfcrypt mp_int to a TPM bignum. In this implementation // it is assumed that wolfcrypt used the same format for a big number as does the // TPM -- an array of native-endian words in little-endian order. void BnFromWolf( bigNum bn, mp_int *wolfBn ); //*** BnToWolf() // This function converts a TPM bignum to a wolfcrypt mp_init, and has the same // assumptions as made by BnFromWolf() void BnToWolf( mp_int *toInit, bigConst initializer ); //*** MpInitialize() // This function initializes an wolfcrypt mp_int. mp_int * MpInitialize( mp_int *toInit ); //** MathLibraryCompatibililtyCheck() // This function is only used during development to make sure that the library // that is being referenced is using the same size of data structures as the TPM. void MathLibraryCompatibilityCheck( void ); //*** BnModMult() // Does multiply and divide returning the remainder of the divide. LIB_EXPORT BOOL BnModMult( bigNum result, bigConst op1, bigConst op2, bigConst modulus ); //*** BnMult() // Multiplies two numbers LIB_EXPORT BOOL BnMult( bigNum result, bigConst multiplicand, bigConst multiplier ); //*** BnDiv() // This function divides two bigNum values. The function returns FALSE if // there is an error in the operation. LIB_EXPORT BOOL BnDiv( bigNum quotient, bigNum remainder, bigConst dividend, bigConst divisor ); #ifdef TPM_ALG_RSA //*** BnGcd() // Get the greatest common divisor of two numbers LIB_EXPORT BOOL BnGcd( bigNum gcd, // OUT: the common divisor bigConst number1, // IN: bigConst number2 // IN: ); //***BnModExp() // Do modular exponentiation using bigNum values. The conversion from a mp_int to // a bigNum is trivial as they are based on the same structure LIB_EXPORT BOOL BnModExp( bigNum result, // OUT: the result bigConst number, // IN: number to exponentiate bigConst exponent, // IN: bigConst modulus // IN: ); //*** BnModInverse() // Modular multiplicative inverse LIB_EXPORT BOOL BnModInverse( bigNum result, bigConst number, bigConst modulus ); #endif // TPM_ALG_RSA #ifdef TPM_ALG_ECC //*** PointFromWolf() // Function to copy the point result from a wolf ecc_point to a bigNum void PointFromWolf( bigPoint pOut, // OUT: resulting point ecc_point *pIn // IN: the point to return ); //*** PointToWolf() // Function to copy the point result from a bigNum to a wolf ecc_point void PointToWolf( ecc_point *pOut, // OUT: resulting point pointConst pIn // IN: the point to return ); //*** EcPointInitialized() // Allocate and initialize a point. static ecc_point * EcPointInitialized( pointConst initializer ); //*** BnEccModMult() // This function does a point multiply of the form R = [d]S // return type: BOOL // FALSE failure in operation; treat as result being point at infinity LIB_EXPORT BOOL BnEccModMult( bigPoint R, // OUT: computed point pointConst S, // IN: point to multiply by 'd' (optional) bigConst d, // IN: scalar for [d]S bigCurve E ); //*** BnEccModMult2() // This function does a point multiply of the form R = [d]G + [u]Q // return type: BOOL // FALSE failure in operation; treat as result being point at infinity LIB_EXPORT BOOL BnEccModMult2( bigPoint R, // OUT: computed point pointConst S, // IN: optional point bigConst d, // IN: scalar for [d]S or [d]G pointConst Q, // IN: second point bigConst u, // IN: second scalar bigCurve E // IN: curve ); //** BnEccAdd() // This function does addition of two points. // return type: BOOL // FALSE failure in operation; treat as result being point at infinity LIB_EXPORT BOOL BnEccAdd( bigPoint R, // OUT: computed point pointConst S, // IN: point to multiply by 'd' pointConst Q, // IN: second point bigCurve E // IN: curve ); #endif // TPM_ALG_ECC #endif // MATH_LIB == WOLF #endif // _TPMTOWOLFMATH_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/TpmToWolfSupport_fp.h000066400000000000000000000042431510276467000322100ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or other * materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto) Automatically Generated by TpmPrototypes version 2.2 February 10, 2016 Date: Sep 9, 2016 Time: 01:03:57 PM */ #ifndef _TPMTOWOLFSUPPORT_FP_H_ #define _TPMTOWOLFSUPPORT_FP_H_ #ifdef MATH_LIB_WOLF //**Functions //*** SupportLibInit() // This does any initialization required by the support library. LIB_EXPORT int SupportLibInit( void ); #endif // MATH_LIB == WOLF #endif // _TPMTOWOLFSUPPORT_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Unseal_fp.h000066400000000000000000000046161510276467000301530ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_Unseal // Command must be enabled #ifndef _Unseal_FP_H_ #define _Unseal_FP_H_ // Input structure definition typedef struct { TPMI_DH_OBJECT itemHandle; } Unseal_In; // Output structure definition typedef struct { TPM2B_SENSITIVE_DATA outData; } Unseal_Out; // Response code modifiers #define RC_Unseal_itemHandle (TPM_RC_H + TPM_RC_1) // Function prototype TPM_RC TPM2_Unseal( Unseal_In *in, Unseal_Out *out ); #endif // _Unseal_FP_H_ #endif // CC_Unseal go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/Vendor_TCG_Test_fp.h000066400000000000000000000047401510276467000316530ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_Vendor_TCG_Test // Command must be enabled #ifndef _Vendor_TCG_Test_FP_H_ #define _Vendor_TCG_Test_FP_H_ // Input structure definition typedef struct { TPM2B_DATA inputData; } Vendor_TCG_Test_In; // Output structure definition typedef struct { TPM2B_DATA outputData; } Vendor_TCG_Test_Out; // Response code modifiers #define RC_Vendor_TCG_Test_inputData (TPM_RC_P + TPM_RC_1) // Function prototype TPM_RC TPM2_Vendor_TCG_Test( Vendor_TCG_Test_In *in, Vendor_TCG_Test_Out *out ); #endif // _Vendor_TCG_Test_FP_H_ #endif // CC_Vendor_TCG_Test go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/VerifySignature_fp.h000066400000000000000000000052621510276467000320500ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_VerifySignature // Command must be enabled #ifndef _Verify_Signature_FP_H_ #define _Verify_Signature_FP_H_ // Input structure definition typedef struct { TPMI_DH_OBJECT keyHandle; TPM2B_DIGEST digest; TPMT_SIGNATURE signature; } VerifySignature_In; // Output structure definition typedef struct { TPMT_TK_VERIFIED validation; } VerifySignature_Out; // Response code modifiers #define RC_VerifySignature_keyHandle (TPM_RC_H + TPM_RC_1) #define RC_VerifySignature_digest (TPM_RC_P + TPM_RC_1) #define RC_VerifySignature_signature (TPM_RC_P + TPM_RC_2) // Function prototype TPM_RC TPM2_VerifySignature( VerifySignature_In *in, VerifySignature_Out *out ); #endif // _Verify_Signature_FP_H_ #endif // CC_VerifySignature go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/X509_ECC_fp.h000066400000000000000000000056571510276467000300510ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Apr 2, 2019 Time: 11:00:49AM */ #ifndef _X509_ECC_FP_H_ #define _X509_ECC_FP_H_ //*** X509PushPoint() // This seems like it might be used more than once so... // Return Type: INT16 // > 0 number of bytes added // == 0 failure INT16 X509PushPoint( ASN1MarshalContext *ctx, TPMS_ECC_POINT *p ); //*** X509AddSigningAlgorithmECC() // This creates the singing algorithm data. // Return Type: INT16 // > 0 number of bytes added // == 0 failure INT16 X509AddSigningAlgorithmECC( OBJECT *signKey, TPMT_SIG_SCHEME *scheme, ASN1MarshalContext *ctx ); //*** X509AddPublicECC() // This function will add the publicKey description to the DER data. If ctx is // NULL, then no data is transferred and this function will indicate if the TPM // has the values for DER-encoding of the public key. // Return Type: INT16 // > 0 number of bytes added // == 0 failure INT16 X509AddPublicECC( OBJECT *object, ASN1MarshalContext *ctx ); #endif // _X509_ECC_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/X509_RSA_fp.h000066400000000000000000000053061510276467000300730ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Apr 2, 2019 Time: 11:00:49AM */ #ifndef _X509_RSA_FP_H_ #define _X509_RSA_FP_H_ #if ALG_RSA //*** X509AddSigningAlgorithmRSA() // This creates the singing algorithm data. // Return Type: INT16 // > 0 number of bytes added // == 0 failure INT16 X509AddSigningAlgorithmRSA( OBJECT *signKey, TPMT_SIG_SCHEME *scheme, ASN1MarshalContext *ctx ); //*** X509AddPublicRSA() // This function will add the publicKey description to the DER data. If fillPtr is // NULL, then no data is transferred and this function will indicate if the TPM // has the values for DER-encoding of the public key. // Return Type: INT16 // > 0 number of bytes added // == 0 failure INT16 X509AddPublicRSA( OBJECT *object, ASN1MarshalContext *ctx ); #endif // ALG_RSA #endif // _X509_RSA_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/X509_spt_fp.h000066400000000000000000000110271510276467000302510ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Apr 2, 2019 Time: 11:00:49AM */ #ifndef _X509_SPT_FP_H_ #define _X509_SPT_FP_H_ //*** X509FindExtensionOID() // This will search a list of X508 extensions to find an extension with the // requested OID. If the extension is found, the output context ('ctx') is set up // to point to the OID in the extension. // Return Type: BOOL // TRUE(1) success // FALSE(0) failure (could be catastrophic) BOOL X509FindExtensionByOID( ASN1UnmarshalContext *ctxIn, // IN: the context to search ASN1UnmarshalContext *ctx, // OUT: the extension context const BYTE *OID // IN: oid to search for ); //*** X509GetExtensionBits() // This function will extract a bit field from an extension. If the extension doesn't // contain a bit string, it will fail. // Return Type: BOOL // TRUE(1) success // FALSE(0) failure UINT32 X509GetExtensionBits( ASN1UnmarshalContext *ctx, UINT32 *value ); //***X509ProcessExtensions() // This function is used to process the TPMA_OBJECT and KeyUsage extensions. It is not // in the CertifyX509.c code because it makes the code harder to follow. // Return Type: TPM_RC // TPM_RCS_ATTRIBUTES the attributes of object are not consistent with // the extension setting // TPM_RC_VALUE problem parsing the extensions TPM_RC X509ProcessExtensions( OBJECT *object, // IN: The object with the attributes to // check stringRef *extension // IN: The start and length of the extensions ); //*** X509AddSigningAlgorithm() // This creates the singing algorithm data. // Return Type: INT16 // > 0 number of octets added // <= 0 failure INT16 X509AddSigningAlgorithm( ASN1MarshalContext *ctx, OBJECT *signKey, TPMT_SIG_SCHEME *scheme ); //*** X509AddPublicKey() // This function will add the publicKey description to the DER data. If fillPtr is // NULL, then no data is transferred and this function will indicate if the TPM // has the values for DER-encoding of the public key. // Return Type: INT16 // > 0 number of octets added // == 0 failure INT16 X509AddPublicKey( ASN1MarshalContext *ctx, OBJECT *object ); //*** X509PushAlgorithmIdentifierSequence() // Return Type: INT16 // > 0 number of bytes added // == 0 failure INT16 X509PushAlgorithmIdentifierSequence( ASN1MarshalContext *ctx, const BYTE *OID ); #endif // _X509_SPT_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/ZGen_2Phase_fp.h000066400000000000000000000055271510276467000307730ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.4 Mar 26, 2019 * Date: Mar 28, 2019 Time: 08:25:17PM */ #if CC_ZGen_2Phase // Command must be enabled #ifndef _ZGen_2Phase_FP_H_ #define _ZGen_2Phase_FP_H_ // Input structure definition typedef struct { TPMI_DH_OBJECT keyA; TPM2B_ECC_POINT inQsB; TPM2B_ECC_POINT inQeB; TPMI_ECC_KEY_EXCHANGE inScheme; UINT16 counter; } ZGen_2Phase_In; // Output structure definition typedef struct { TPM2B_ECC_POINT outZ1; TPM2B_ECC_POINT outZ2; } ZGen_2Phase_Out; // Response code modifiers #define RC_ZGen_2Phase_keyA (TPM_RC_H + TPM_RC_1) #define RC_ZGen_2Phase_inQsB (TPM_RC_P + TPM_RC_1) #define RC_ZGen_2Phase_inQeB (TPM_RC_P + TPM_RC_2) #define RC_ZGen_2Phase_inScheme (TPM_RC_P + TPM_RC_3) #define RC_ZGen_2Phase_counter (TPM_RC_P + TPM_RC_4) // Function prototype TPM_RC TPM2_ZGen_2Phase( ZGen_2Phase_In *in, ZGen_2Phase_Out *out ); #endif // _ZGen_2Phase_FP_H_ #endif // CC_ZGen_2Phase go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/_TPM_Hash_Data_fp.h000066400000000000000000000042461510276467000314160ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Mar 28, 2019 Time: 08:25:19PM */ #ifndef __TPM_HASH_DATA_FP_H_ #define __TPM_HASH_DATA_FP_H_ // This function is called to process a _TPM_Hash_Data indication. LIB_EXPORT void _TPM_Hash_Data( uint32_t dataSize, // IN: size of data to be extend unsigned char *data // IN: data buffer ); #endif // __TPM_HASH_DATA_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/_TPM_Hash_End_fp.h000066400000000000000000000040551510276467000312510ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Mar 28, 2019 Time: 08:25:19PM */ #ifndef __TPM_HASH_END_FP_H_ #define __TPM_HASH_END_FP_H_ // This function is called to process a _TPM_Hash_End indication. LIB_EXPORT void _TPM_Hash_End( void ); #endif // __TPM_HASH_END_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/_TPM_Hash_Start_fp.h000066400000000000000000000040671510276467000316430ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Mar 28, 2019 Time: 08:25:19PM */ #ifndef __TPM_HASH_START_FP_H_ #define __TPM_HASH_START_FP_H_ // This function is called to process a _TPM_Hash_Start indication. LIB_EXPORT void _TPM_Hash_Start( void ); #endif // __TPM_HASH_START_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/prototypes/_TPM_Init_fp.h000066400000000000000000000040271510276467000305020ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmPrototypes; Version 3.0 July 18, 2017 * Date: Mar 28, 2019 Time: 08:25:19PM */ #ifndef __TPM_INIT_FP_H_ #define __TPM_INIT_FP_H_ // This function is used to process a _TPM_Init indication. LIB_EXPORT void _TPM_Init( void ); #endif // __TPM_INIT_FP_H_ go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/include/swap.h000066400000000000000000000112011510276467000247450ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #ifndef _SWAP_H #define _SWAP_H #if LITTLE_ENDIAN_TPM #define TO_BIG_ENDIAN_UINT16(i) REVERSE_ENDIAN_16(i) #define FROM_BIG_ENDIAN_UINT16(i) REVERSE_ENDIAN_16(i) #define TO_BIG_ENDIAN_UINT32(i) REVERSE_ENDIAN_32(i) #define FROM_BIG_ENDIAN_UINT32(i) REVERSE_ENDIAN_32(i) #define TO_BIG_ENDIAN_UINT64(i) REVERSE_ENDIAN_64(i) #define FROM_BIG_ENDIAN_UINT64(i) REVERSE_ENDIAN_64(i) #else #define TO_BIG_ENDIAN_UINT16(i) (i) #define FROM_BIG_ENDIAN_UINT16(i) (i) #define TO_BIG_ENDIAN_UINT32(i) (i) #define FROM_BIG_ENDIAN_UINT32(i) (i) #define TO_BIG_ENDIAN_UINT64(i) (i) #define FROM_BIG_ENDIAN_UINT64(i) (i) #endif #if AUTO_ALIGN == NO // The aggregation macros for machines that do not allow unaligned access or for // little-endian machines. // Aggregate bytes into an UINT #define BYTE_ARRAY_TO_UINT8(b) (uint8_t)((b)[0]) #define BYTE_ARRAY_TO_UINT16(b) ByteArrayToUint16((BYTE *)(b)) #define BYTE_ARRAY_TO_UINT32(b) ByteArrayToUint32((BYTE *)(b)) #define BYTE_ARRAY_TO_UINT64(b) ByteArrayToUint64((BYTE *)(b)) #define UINT8_TO_BYTE_ARRAY(i, b) ((b)[0] = (uint8_t)(i)) #define UINT16_TO_BYTE_ARRAY(i, b) Uint16ToByteArray((i), (BYTE *)(b)) #define UINT32_TO_BYTE_ARRAY(i, b) Uint32ToByteArray((i), (BYTE *)(b)) #define UINT64_TO_BYTE_ARRAY(i, b) Uint64ToByteArray((i), (BYTE *)(b)) #else // AUTO_ALIGN #if BIG_ENDIAN_TPM // the big-endian macros for machines that allow unaligned memory access // Aggregate a byte array into a UINT #define BYTE_ARRAY_TO_UINT8(b) *((uint8_t *)(b)) #define BYTE_ARRAY_TO_UINT16(b) *((uint16_t *)(b)) #define BYTE_ARRAY_TO_UINT32(b) *((uint32_t *)(b)) #define BYTE_ARRAY_TO_UINT64(b) *((uint64_t *)(b)) // Disaggregate a UINT into a byte array #define UINT8_TO_BYTE_ARRAY(i, b) {*((uint8_t *)(b)) = (i);} #define UINT16_TO_BYTE_ARRAY(i, b) {*((uint16_t *)(b)) = (i);} #define UINT32_TO_BYTE_ARRAY(i, b) {*((uint32_t *)(b)) = (i);} #define UINT64_TO_BYTE_ARRAY(i, b) {*((uint64_t *)(b)) = (i);} #else // the little endian macros for machines that allow unaligned memory access // the big-endian macros for machines that allow unaligned memory access // Aggregate a byte array into a UINT #define BYTE_ARRAY_TO_UINT8(b) *((uint8_t *)(b)) #define BYTE_ARRAY_TO_UINT16(b) REVERSE_ENDIAN_16(*((uint16_t *)(b))) #define BYTE_ARRAY_TO_UINT32(b) REVERSE_ENDIAN_32(*((uint32_t *)(b))) #define BYTE_ARRAY_TO_UINT64(b) REVERSE_ENDIAN_64(*((uint64_t *)(b))) // Disaggregate a UINT into a byte array #define UINT8_TO_BYTE_ARRAY(i, b) {*((uint8_t *)(b)) = (i);} #define UINT16_TO_BYTE_ARRAY(i, b) {*((uint16_t *)(b)) = REVERSE_ENDIAN_16(i);} #define UINT32_TO_BYTE_ARRAY(i, b) {*((uint32_t *)(b)) = REVERSE_ENDIAN_32(i);} #define UINT64_TO_BYTE_ARRAY(i, b) {*((uint64_t *)(b)) = REVERSE_ENDIAN_64(i);} #endif // BIG_ENDIAN_TPM #endif // AUTO_ALIGN == NO #endif // _SWAP_H go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/000077500000000000000000000000001510276467000227735ustar00rootroot00000000000000go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/X509/000077500000000000000000000000001510276467000234405ustar00rootroot00000000000000go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/X509/TpmASN1.c000066400000000000000000000416411510276467000247750ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Includes #include "Tpm.h" #define _OIDS_ #include "OIDs.h" #include "TpmASN1.h" #include "TpmASN1_fp.h" //** Unmarshaling Functions //*** ASN1UnmarshalContextInitialize() // Function does standard initialization of a context. // Return Type: BOOL // TRUE(1) success // FALSE(0) failure BOOL ASN1UnmarshalContextInitialize( ASN1UnmarshalContext *ctx, INT16 size, BYTE *buffer ) { VERIFY(buffer != NULL); VERIFY(size > 0); ctx->buffer = buffer; ctx->size = size; ctx->offset = 0; ctx->tag = 0xFF; return TRUE; Error: return FALSE; } //***ASN1DecodeLength() // This function extracts the length of an element from 'buffer' starting at 'offset'. // Return Type: UINT16 // >=0 the extracted length // <0 an error INT16 ASN1DecodeLength( ASN1UnmarshalContext *ctx ) { BYTE first; // Next octet in buffer INT16 value; // VERIFY(ctx->offset < ctx->size); first = NEXT_OCTET(ctx); // If the number of octets of the entity is larger than 127, then the first octet // is the number of octets in the length specifier. if(first >= 0x80) { // Make sure that this length field is contained with the structure being // parsed CHECK_SIZE(ctx, (first & 0x7F)); if(first == 0x82) { // Two octets of size // get the next value value = (INT16)NEXT_OCTET(ctx); // Make sure that the result will fit in an INT16 VERIFY(value < 0x0080); // Shift up and add next octet value = (value << 8) + NEXT_OCTET(ctx); } else if(first == 0x81) value = NEXT_OCTET(ctx); // Sizes larger than will fit in a INT16 are an error else goto Error; } else value = first; // Make sure that the size defined something within the current context CHECK_SIZE(ctx, value); return value; Error: ctx->size = -1; // Makes everything fail from now on. return -1; } //***ASN1NextTag() // This function extracts the next type from 'buffer' starting at 'offset'. // It advances 'offset' as it parses the type and the length of the type. It returns // the length of the type. On return, the 'length' octets starting at 'offset' are the // octets of the type. // Return Type: UINT // >=0 the number of octets in 'type' // <0 an error INT16 ASN1NextTag( ASN1UnmarshalContext *ctx ) { // A tag to get? VERIFY(ctx->offset < ctx->size); // Get it ctx->tag = NEXT_OCTET(ctx); // Make sure that it is not an extended tag VERIFY((ctx->tag & 0x1F) != 0x1F); // Get the length field and return that return ASN1DecodeLength(ctx); Error: // Attempt to read beyond the end of the context or an illegal tag ctx->size = -1; // Persistent failure ctx->tag = 0xFF; return -1; } //*** ASN1GetBitStringValue() // Try to parse a bit string of up to 32 bits from a value that is expected to be // a bit string. // If there is a general parsing error, the context->size is set to -1. // Return Type: BOOL // TRUE(1) success // FALSE(0) failure BOOL ASN1GetBitStringValue( ASN1UnmarshalContext *ctx, UINT32 *val ) { int shift; INT16 length; UINT32 value = 0; // VERIFY((length = ASN1NextTag(ctx)) >= 1); VERIFY(ctx->tag == ASN1_BITSTRING); // Get the shift value for the bit field (how many bits to loop off of the end) shift = NEXT_OCTET(ctx); length--; // the shift count has to make sense VERIFY((shift < 8) && ((length > 0) || (shift == 0))); // if there are any bytes left for(; length > 0; length--) { if(length > 1) { // for all but the last octet, just shift and add the new octet VERIFY((value & 0xFF000000) == 0); // can't loose significant bits value = (value << 8) + NEXT_OCTET(ctx); } else { // for the last octet, just shift the accumulated value enough to // accept the significant bits in the last octet and shift the last // octet down VERIFY(((value & (0xFF000000 << (8 - shift)))) == 0); value = (value << (8 - shift)) + (NEXT_OCTET(ctx) >> shift); } } *val = value; return TRUE; Error: ctx->size = -1; return FALSE; } //******************************************************************* //** Marshaling Functions //******************************************************************* //*** Introduction // Marshaling of an ASN.1 structure is accomplished from the bottom up. That is, // the things that will be at the end of the structure are added last. To manage the // collecting of the relative sizes, start a context for the outermost container, if // there is one, and then placing items in from the bottom up. If the bottom-most // item is also within a structure, create a nested context by calling // ASN1StartMarshalingContext(). // // The context control structure contains a 'buffer' pointer, an 'offset', an 'end' // and a stack. 'offset' is the offset from the start of the buffer of the last added // byte. When 'offset' reaches 0, the buffer is full. 'offset' is a signed value so // that, when it becomes negative, there is an overflow. Only two functions are // allowed to move bytes into the buffer: ASN1PushByte() and ASN1PushBytes(). These // functions make sure that no data is written beyond the end of the buffer. // // When a new context is started, the current value of 'end' is pushed // on the stack and 'end' is set to 'offset. As bytes are added, offset gets smaller. // At any time, the count of bytes in the current context is simply 'end' - 'offset'. // // Since starting a new context involves setting 'end' = 'offset', the number of bytes // in the context starts at 0. The nominal way of ending a context is to use // 'end' - 'offset' to set the length value, and then a tag is added to the buffer. // Then the previous 'end' value is popped meaning that the context just ended // becomes a member of the now current context. // // The nominal strategy for building a completed ASN.1 structure is to push everything // into the buffer and then move everything to the start of the buffer. The move is // simple as the size of the move is the initial 'end' value minus the final 'offset' // value. The destination is 'buffer' and the source is 'buffer' + 'offset'. As Skippy // would say "Easy peasy, Joe." // // It is not necessary to provide a buffer into which the data is placed. If no buffer // is provided, then the marshaling process will return values needed for marshaling. // On strategy for filling the buffer would be to execute the process for building // the structure without using a buffer. This would return the overall size of the // structure. Then that amount of data could be allocated for the buffer and the fill // process executed again with the data going into the buffer. At the end, the data // would be in its final resting place. //*** ASN1InitialializeMarshalContext() // This creates a structure for handling marshaling of an ASN.1 formatted data // structure. void ASN1InitialializeMarshalContext( ASN1MarshalContext *ctx, INT16 length, BYTE *buffer ) { ctx->buffer = buffer; if(buffer) ctx->offset = length; else ctx->offset = INT16_MAX; ctx->end = ctx->offset; ctx->depth = -1; } //*** ASN1StartMarshalContext() // This starts a new constructed element. It is constructed on 'top' of the value // that was previously placed in the structure. void ASN1StartMarshalContext( ASN1MarshalContext *ctx ) { pAssert((ctx->depth + 1) < MAX_DEPTH); ctx->depth++; ctx->ends[ctx->depth] = ctx->end; ctx->end = ctx->offset; } //*** ASN1EndMarshalContext() // This function restores the end pointer for an encapsulating structure. // Return Type: INT16 // > 0 the size of the encapsulated structure that was just ended // <= 0 an error INT16 ASN1EndMarshalContext( ASN1MarshalContext *ctx ) { INT16 length; pAssert(ctx->depth >= 0); length = ctx->end - ctx->offset; ctx->end = ctx->ends[ctx->depth--]; if((ctx->depth == -1) && (ctx->buffer)) { MemoryCopy(ctx->buffer, ctx->buffer + ctx->offset, ctx->end - ctx->offset); } return length; } //***ASN1EndEncapsulation() // This function puts a tag and length in the buffer. In this function, an embedded // BIT_STRING is assumed to be a collection of octets. To indicate that all bits // are used, a byte of zero is prepended. If a raw bit-string is needed, a new // function like ASN1PushInteger() would be needed. // Return Type: INT16 // > 0 number of octets in the encapsulation // == 0 failure UINT16 ASN1EndEncapsulation( ASN1MarshalContext *ctx, BYTE tag ) { // only add a leading zero for an encapsulated BIT STRING if (tag == ASN1_BITSTRING) ASN1PushByte(ctx, 0); ASN1PushTagAndLength(ctx, tag, ctx->end - ctx->offset); return ASN1EndMarshalContext(ctx); } //*** ASN1PushByte() BOOL ASN1PushByte( ASN1MarshalContext *ctx, BYTE b ) { if(ctx->offset > 0) { ctx->offset -= 1; if(ctx->buffer) ctx->buffer[ctx->offset] = b; return TRUE; } ctx->offset = -1; return FALSE; } //*** ASN1PushBytes() // Push some raw bytes onto the buffer. 'count' cannot be zero. // Return Type: IN16 // > 0 count bytes // == 0 failure unless count was zero INT16 ASN1PushBytes( ASN1MarshalContext *ctx, INT16 count, const BYTE *buffer ) { // make sure that count is not negative which would mess up the math; and that // if there is a count, there is a buffer VERIFY((count >= 0) && ((buffer != NULL) || (count == 0))); // back up the offset to determine where the new octets will get pushed ctx->offset -= count; // can't go negative VERIFY(ctx->offset >= 0); // if there are buffers, move the data, otherwise, assume that this is just a // test. if(count && buffer && ctx->buffer) MemoryCopy(&ctx->buffer[ctx->offset], buffer, count); return count; Error: ctx->offset = -1; return 0; } //*** ASN1PushNull() // Return Type: IN16 // > 0 count bytes // == 0 failure unless count was zero INT16 ASN1PushNull( ASN1MarshalContext *ctx ) { ASN1PushByte(ctx, 0); ASN1PushByte(ctx, ASN1_NULL); return (ctx->offset >= 0) ? 2 : 0; } //*** ASN1PushLength() // Push a length value. This will only handle length values that fit in an INT16. // Return Type: UINT16 // > 0 number of bytes added // == 0 failure INT16 ASN1PushLength( ASN1MarshalContext *ctx, INT16 len ) { UINT16 start = ctx->offset; VERIFY(len >= 0); if(len <= 127) ASN1PushByte(ctx, (BYTE)len); else { ASN1PushByte(ctx, (BYTE)(len & 0xFF)); len >>= 8; if(len == 0) ASN1PushByte(ctx, 0x81); else { ASN1PushByte(ctx, (BYTE)(len)); ASN1PushByte(ctx, 0x82); } } goto Exit; Error: ctx->offset = -1; Exit: return (ctx->offset > 0) ? start - ctx->offset : 0; } //*** ASN1PushTagAndLength() // Return Type: INT16 // > 0 number of bytes added // == 0 failure INT16 ASN1PushTagAndLength( ASN1MarshalContext *ctx, BYTE tag, INT16 length ) { INT16 bytes; bytes = ASN1PushLength(ctx, length); bytes += (INT16)ASN1PushByte(ctx, tag); return (ctx->offset < 0) ? 0 : bytes; } //*** ASN1PushTaggedOctetString() // This function will push a random octet string. // Return Type: INT16 // > 0 number of bytes added // == 0 failure INT16 ASN1PushTaggedOctetString( ASN1MarshalContext *ctx, INT16 size, const BYTE *string, BYTE tag ) { ASN1PushBytes(ctx, size, string); // PushTagAndLenght just tells how many octets it added so the total size of this // element is the sum of those octets and input size. size += ASN1PushTagAndLength(ctx, tag, size); return size; } //*** ASN1PushUINT() // This function pushes an native-endian integer value. This just changes a // native-endian integer into a big-endian byte string and calls ASN1PushInteger(). // That function will remove leading zeros and make sure that the number is positive. // Return Type: IN16 // > 0 count bytes // == 0 failure unless count was zero INT16 ASN1PushUINT( ASN1MarshalContext *ctx, UINT32 integer ) { BYTE marshaled[4]; UINT32_TO_BYTE_ARRAY(integer, marshaled); return ASN1PushInteger(ctx, 4, marshaled); } //*** ASN1PushInteger // Push a big-endian integer on the end of the buffer // Return Type: UINT16 // > 0 the number of bytes marshaled for the integer // == 0 failure INT16 ASN1PushInteger( ASN1MarshalContext *ctx, // IN/OUT: buffer context INT16 iLen, // IN: octets of the integer BYTE *integer // IN: big-endian integer ) { // no leading 0's while((*integer == 0) && (--iLen > 0)) integer++; // Move the bytes to the buffer ASN1PushBytes(ctx, iLen, integer); // if needed, add a leading byte of 0 to make the number positive if(*integer & 0x80) iLen += (INT16)ASN1PushByte(ctx, 0); // PushTagAndLenght just tells how many octets it added so the total size of this // element is the sum of those octets and the adjusted input size. iLen += ASN1PushTagAndLength(ctx, ASN1_INTEGER, iLen); return iLen; } //*** ASN1PushOID() // This function is used to add an OID. An OID is 0x06 followed by a byte of size // followed by size bytes. This is used to avoid having to do anything special in the // definition of an OID. // Return Type: UINT16 // > 0 the number of bytes marshaled for the integer // == 0 failure INT16 ASN1PushOID( ASN1MarshalContext *ctx, const BYTE *OID ) { if((*OID == ASN1_OBJECT_IDENTIFIER) && ((OID[1] & 0x80) == 0)) { return ASN1PushBytes(ctx, OID[1] + 2, OID); } ctx->offset = -1; return 0; } go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/X509/X509_ECC.c000066400000000000000000000125051510276467000247260ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Includes #include "Tpm.h" #include "X509.h" #include "OIDs.h" #include "TpmASN1_fp.h" #include "X509_spt_fp.h" #include "CryptHash_fp.h" //** Functions //*** X509PushPoint() // This seems like it might be used more than once so... // Return Type: INT16 // > 0 number of bytes added // == 0 failure INT16 X509PushPoint( ASN1MarshalContext *ctx, TPMS_ECC_POINT *p ) { // Push a bit string containing the public key. For now, push the x, and y // coordinates of the public point, bottom up ASN1StartMarshalContext(ctx); // BIT STRING { ASN1PushBytes(ctx, p->y.t.size, p->y.t.buffer); ASN1PushBytes(ctx, p->x.t.size, p->x.t.buffer); ASN1PushByte(ctx, 0x04); } return ASN1EndEncapsulation(ctx, ASN1_BITSTRING); // Ends BIT STRING } //*** X509AddSigningAlgorithmECC() // This creates the singing algorithm data. // Return Type: INT16 // > 0 number of bytes added // == 0 failure INT16 X509AddSigningAlgorithmECC( OBJECT *signKey, TPMT_SIG_SCHEME *scheme, ASN1MarshalContext *ctx ) { PHASH_DEF hashDef = CryptGetHashDef(scheme->details.any.hashAlg); // NOT_REFERENCED(signKey); // If the desired hashAlg definition wasn't found... if(hashDef->hashAlg != scheme->details.any.hashAlg) return 0; switch(scheme->scheme) { case ALG_ECDSA_VALUE: // Make sure that we have an OID for this hash and ECC if((hashDef->ECDSA)[0] != ASN1_OBJECT_IDENTIFIER) break; // if this is just an implementation check, indicate that this // combination is supported if(!ctx) return 1; ASN1StartMarshalContext(ctx); ASN1PushOID(ctx, hashDef->ECDSA); return ASN1EndEncapsulation(ctx, ASN1_CONSTRUCTED_SEQUENCE); default: break; } return 0; } //*** X509AddPublicECC() // This function will add the publicKey description to the DER data. If ctx is // NULL, then no data is transferred and this function will indicate if the TPM // has the values for DER-encoding of the public key. // Return Type: INT16 // > 0 number of bytes added // == 0 failure INT16 X509AddPublicECC( OBJECT *object, ASN1MarshalContext *ctx ) { const BYTE *curveOid = CryptEccGetOID(object->publicArea.parameters.eccDetail.curveID); if((curveOid == NULL) || (*curveOid != ASN1_OBJECT_IDENTIFIER)) return 0; // // // SEQUENCE (2 elem) 1st // SEQUENCE (2 elem) 2nd // OBJECT IDENTIFIER 1.2.840.10045.2.1 ecPublicKey (ANSI X9.62 public key type) // OBJECT IDENTIFIER 1.2.840.10045.3.1.7 prime256v1 (ANSI X9.62 named curve) // BIT STRING (520 bit) 000001001010000111010101010111001001101101000100000010... // // If this is a check to see if the key can be encoded, it can. // Need to mark the end sequence if(ctx == NULL) return 1; ASN1StartMarshalContext(ctx); // SEQUENCE (2 elem) 1st { X509PushPoint(ctx, &object->publicArea.unique.ecc); // BIT STRING ASN1StartMarshalContext(ctx); // SEQUENCE (2 elem) 2nd { ASN1PushOID(ctx, curveOid); // curve dependent ASN1PushOID(ctx, OID_ECC_PUBLIC); // (1.2.840.10045.2.1) } ASN1EndEncapsulation(ctx, ASN1_CONSTRUCTED_SEQUENCE); // Ends SEQUENCE 2nd } return ASN1EndEncapsulation(ctx, ASN1_CONSTRUCTED_SEQUENCE); // Ends SEQUENCE 1st }go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/X509/X509_RSA.c000066400000000000000000000234171510276467000247650ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Includes #include "Tpm.h" #include "X509.h" #include "TpmASN1_fp.h" #include "X509_spt_fp.h" #include "CryptHash_fp.h" #include "CryptRsa_fp.h" //** Functions #if ALG_RSA //*** X509AddSigningAlgorithmRSA() // This creates the singing algorithm data. // Return Type: INT16 // > 0 number of bytes added // == 0 failure INT16 X509AddSigningAlgorithmRSA( OBJECT *signKey, TPMT_SIG_SCHEME *scheme, ASN1MarshalContext *ctx ) { TPM_ALG_ID hashAlg = scheme->details.any.hashAlg; PHASH_DEF hashDef = CryptGetHashDef(hashAlg); // NOT_REFERENCED(signKey); // return failure if hash isn't implemented if(hashDef->hashAlg != hashAlg) return 0; switch(scheme->scheme) { case ALG_RSASSA_VALUE: { // if the hash is implemented but there is no PKCS1 OID defined // then this is not a valid signing combination. if(hashDef->PKCS1[0] != ASN1_OBJECT_IDENTIFIER) break; if(ctx == NULL) return 1; ASN1StartMarshalContext(ctx); ASN1PushOID(ctx, hashDef->PKCS1); return ASN1EndEncapsulation(ctx, ASN1_CONSTRUCTED_SEQUENCE); } case ALG_RSAPSS_VALUE: // leave if this is just an implementation check if(ctx == NULL) return 1; // In the case of SHA1, everything is default and RFC4055 says that // implementations that do signature generation MUST omit the parameter // when defaults are used. )-: if(hashDef->hashAlg == ALG_SHA1_VALUE) { return X509PushAlgorithmIdentifierSequence(ctx, OID_RSAPSS); } else { // Going to build something that looks like: // SEQUENCE (2 elem) // OBJECT IDENTIFIER 1.2.840.113549.1.1.10 rsaPSS (PKCS #1) // SEQUENCE (3 elem) // [0] (1 elem) // SEQUENCE (2 elem) // OBJECT IDENTIFIER 2.16.840.1.101.3.4.2.1 sha-256 // NULL // [1] (1 elem) // SEQUENCE (2 elem) // OBJECT IDENTIFIER 1.2.840.113549.1.1.8 pkcs1-MGF // SEQUENCE (2 elem) // OBJECT IDENTIFIER 2.16.840.1.101.3.4.2.1 sha-256 // NULL // [2] (1 elem) salt length // INTEGER 32 // The indentation is just to keep track of where we are in the // structure ASN1StartMarshalContext(ctx); // SEQUENCE (2 elements) { ASN1StartMarshalContext(ctx); // SEQUENCE (3 elements) { // [2] (1 elem) salt length // INTEGER 32 ASN1StartMarshalContext(ctx); { INT16 saltSize = CryptRsaPssSaltSize((INT16)hashDef->digestSize, (INT16)signKey->publicArea.unique.rsa.t.size); ASN1PushUINT(ctx, saltSize); } ASN1EndEncapsulation(ctx, ASN1_APPLICAIION_SPECIFIC + 2); // Add the mask generation algorithm // [1] (1 elem) // SEQUENCE (2 elem) 1st // OBJECT IDENTIFIER 1.2.840.113549.1.1.8 pkcs1-MGF // SEQUENCE (2 elem) 2nd // OBJECT IDENTIFIER 2.16.840.1.101.3.4.2.1 sha-256 // NULL ASN1StartMarshalContext(ctx); // mask context [1] (1 elem) { ASN1StartMarshalContext(ctx); // SEQUENCE (2 elem) 1st // Handle the 2nd Sequence (sequence (object, null)) { X509PushAlgorithmIdentifierSequence(ctx, hashDef->OID); // add the pkcs1-MGF OID ASN1PushOID(ctx, OID_MGF1); } // End outer sequence ASN1EndEncapsulation(ctx, ASN1_CONSTRUCTED_SEQUENCE); } // End the [1] ASN1EndEncapsulation(ctx, ASN1_APPLICAIION_SPECIFIC + 1); // Add the hash algorithm // [0] (1 elem) // SEQUENCE (2 elem) (done by // X509PushAlgorithmIdentifierSequence) // OBJECT IDENTIFIER 2.16.840.1.101.3.4.2.1 sha-256 (NIST) // NULL ASN1StartMarshalContext(ctx); // [0] (1 elem) { X509PushAlgorithmIdentifierSequence(ctx, hashDef->OID); } ASN1EndEncapsulation(ctx, (ASN1_APPLICAIION_SPECIFIC + 0)); } // SEQUENCE (3 elements) end ASN1EndEncapsulation(ctx, ASN1_CONSTRUCTED_SEQUENCE); // RSA PSS OID // OBJECT IDENTIFIER 1.2.840.113549.1.1.10 rsaPSS (PKCS #1) ASN1PushOID(ctx, OID_RSAPSS); } // End Sequence (2 elements) return ASN1EndEncapsulation(ctx, ASN1_CONSTRUCTED_SEQUENCE); } default: break; } return 0; } //*** X509AddPublicRSA() // This function will add the publicKey description to the DER data. If fillPtr is // NULL, then no data is transferred and this function will indicate if the TPM // has the values for DER-encoding of the public key. // Return Type: INT16 // > 0 number of bytes added // == 0 failure INT16 X509AddPublicRSA( OBJECT *object, ASN1MarshalContext *ctx ) { UINT32 exp = object->publicArea.parameters.rsaDetail.exponent; // /* SEQUENCE (2 elem) 1st SEQUENCE (2 elem) 2nd OBJECT IDENTIFIER 1.2.840.113549.1.1.1 rsaEncryption (PKCS #1) NULL BIT STRING (1 elem) SEQUENCE (2 elem) 3rd INTEGER (2048 bit) 2197304513741227955725834199357401… INTEGER 65537 */ // If this is a check to see if the key can be encoded, it can. // Need to mark the end sequence if(ctx == NULL) return 1; ASN1StartMarshalContext(ctx); // SEQUENCE (2 elem) 1st ASN1StartMarshalContext(ctx); // BIT STRING ASN1StartMarshalContext(ctx); // SEQUENCE *(2 elem) 3rd // Get public exponent in big-endian byte order. if(exp == 0) exp = RSA_DEFAULT_PUBLIC_EXPONENT; // Push a 4 byte integer. This might get reduced if there are leading zeros or // extended if the high order byte is negative. ASN1PushUINT(ctx, exp); // Push the public key as an integer ASN1PushInteger(ctx, object->publicArea.unique.rsa.t.size, object->publicArea.unique.rsa.t.buffer); // Embed this in a SEQUENCE tag and length in for the key, exponent sequence ASN1EndEncapsulation(ctx, ASN1_CONSTRUCTED_SEQUENCE); // SEQUENCE (3rd) // Embed this in a BIT STRING ASN1EndEncapsulation(ctx, ASN1_BITSTRING); // Now add the formatted SEQUENCE for the RSA public key OID. This is a // fully constructed value so it doesn't need to have a context started X509PushAlgorithmIdentifierSequence(ctx, OID_PKCS1_PUB); return ASN1EndEncapsulation(ctx, ASN1_CONSTRUCTED_SEQUENCE); } #endif // ALG_RSAgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/X509/X509_spt.c000066400000000000000000000244201510276467000251410ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Includes #include "Tpm.h" #include "TpmASN1.h" #include "TpmASN1_fp.h" #define _X509_SPT_ #include "X509.h" #include "X509_spt_fp.h" #if ALG_RSA # include "X509_RSA_fp.h" #endif // ALG_RSA #if ALG_ECC # include "X509_ECC_fp.h" #endif // ALG_ECC #if ALG_SM2 //# include "X509_SM2_fp.h" #endif // ALG_RSA //** Unmarshaling Functions //*** X509FindExtensionOID() // This will search a list of X508 extensions to find an extension with the // requested OID. If the extension is found, the output context ('ctx') is set up // to point to the OID in the extension. // Return Type: BOOL // TRUE(1) success // FALSE(0) failure (could be catastrophic) BOOL X509FindExtensionByOID( ASN1UnmarshalContext *ctxIn, // IN: the context to search ASN1UnmarshalContext *ctx, // OUT: the extension context const BYTE *OID // IN: oid to search for ) { INT16 length; // pAssert(ctxIn != NULL); // Make the search non-destructive of the input if ctx provided. Otherwise, use // the provided context. if (ctx == NULL) ctx = ctxIn; else if(ctx != ctxIn) *ctx = *ctxIn; for(;ctx->size > ctx->offset; ctx->offset += length) { VERIFY((length = ASN1NextTag(ctx)) >= 0); // If this is not a constructed sequence, then it doesn't belong // in the extensions. VERIFY(ctx->tag == ASN1_CONSTRUCTED_SEQUENCE); // Make sure that this entry could hold the OID if (length >= OID_SIZE(OID)) { // See if this is a match for the provided object identifier. if (MemoryEqual(OID, &(ctx->buffer[ctx->offset]), OID_SIZE(OID))) { // Return with ' ctx' set to point to the start of the OID with the size // set to be the size of the SEQUENCE ctx->buffer += ctx->offset; ctx->offset = 0; ctx->size = length; return TRUE; } } } VERIFY(ctx->offset == ctx->size); return FALSE; Error: ctxIn->size = -1; ctx->size = -1; return FALSE; } //*** X509GetExtensionBits() // This function will extract a bit field from an extension. If the extension doesn't // contain a bit string, it will fail. // Return Type: BOOL // TRUE(1) success // FALSE(0) failure UINT32 X509GetExtensionBits( ASN1UnmarshalContext *ctx, UINT32 *value ) { INT16 length; // while (((length = ASN1NextTag(ctx)) > 0) && (ctx->size > ctx->offset)) { // Since this is an extension, the extension value will be in an OCTET STRING if (ctx->tag == ASN1_OCTET_STRING) { return ASN1GetBitStringValue(ctx, value); } ctx->offset += length; } ctx->size = -1; return FALSE; } //***X509ProcessExtensions() // This function is used to process the TPMA_OBJECT and KeyUsage extensions. It is not // in the CertifyX509.c code because it makes the code harder to follow. // Return Type: TPM_RC // TPM_RCS_ATTRIBUTES the attributes of object are not consistent with // the extension setting // TPM_RC_VALUE problem parsing the extensions TPM_RC X509ProcessExtensions( OBJECT *object, // IN: The object with the attributes to // check stringRef *extension // IN: The start and length of the extensions ) { ASN1UnmarshalContext ctx; ASN1UnmarshalContext extensionCtx; INT16 length; UINT32 value; // if(!ASN1UnmarshalContextInitialize(&ctx, extension->len, extension->buf) || ((length = ASN1NextTag(&ctx)) < 0) || (ctx.tag != X509_EXTENSIONS)) return TPM_RCS_VALUE; if( ((length = ASN1NextTag(&ctx)) < 0) || (ctx.tag != (ASN1_CONSTRUCTED_SEQUENCE))) return TPM_RCS_VALUE; // Get the extension for the TPMA_OBJECT if there is one if(X509FindExtensionByOID(&ctx, &extensionCtx, OID_TCG_TPMA_OBJECT) && X509GetExtensionBits(&extensionCtx, &value)) { // If an keyAttributes extension was found, it must be exactly the same as the // attributes of the object. // This cast will work because we know that a TPMA_OBJECT is in a UINT32. // Set RUNTIME_SIZE_CHECKS to YES to force a check to verify this assumption // during debug. Doing this is lot easier than having to revisit the code // any time a new attribute is added. // NOTE: MemoryEqual() is used to avoid type-punned pointer warning/error. if(!MemoryEqual(&value, &object->publicArea.objectAttributes, sizeof(value))) return TPM_RCS_ATTRIBUTES; } // Make sure the failure to find the value wasn't because of a fatal error else if(extensionCtx.size < 0) return TPM_RCS_VALUE; // Get the keyUsage extension. This one is required if(X509FindExtensionByOID(&ctx, &extensionCtx, OID_KEY_USAGE_EXTENSTION) && X509GetExtensionBits(&extensionCtx, &value)) { x509KeyUsageUnion keyUsage; TPMA_OBJECT attributes = object->publicArea.objectAttributes; // keyUsage.integer = value; // For KeyUsage: // the 'sign' attribute is SET if Key Usage includes signing if( ( (keyUsageSign.integer & keyUsage.integer) != 0 && !IS_ATTRIBUTE(attributes, TPMA_OBJECT, sign)) // OR the 'decrypt' attribute is Set if Key Usage includes decryption uses || ( (keyUsageDecrypt.integer & keyUsage.integer) != 0 && !IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt)) // OR that 'fixedTPM' is SET if Key Usage is non-repudiation || ( IS_ATTRIBUTE(keyUsage.x509, TPMA_X509_KEY_USAGE, nonrepudiation) && !IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedTPM)) // OR that 'restricted' is SET if Key Usage is key agreement || ( IS_ATTRIBUTE(keyUsage.x509, TPMA_X509_KEY_USAGE, keyAgreement) && !IS_ATTRIBUTE(attributes, TPMA_OBJECT, restricted)) ) return TPM_RCS_ATTRIBUTES; } else // The KeyUsage extension is required return TPM_RCS_VALUE; return TPM_RC_SUCCESS; } //** Marshaling Functions //*** X509AddSigningAlgorithm() // This creates the singing algorithm data. // Return Type: INT16 // > 0 number of octets added // <= 0 failure INT16 X509AddSigningAlgorithm( ASN1MarshalContext *ctx, OBJECT *signKey, TPMT_SIG_SCHEME *scheme ) { switch(signKey->publicArea.type) { #if ALG_RSA case ALG_RSA_VALUE: return X509AddSigningAlgorithmRSA(signKey, scheme, ctx); #endif // ALG_RSA #if ALG_ECC case ALG_ECC_VALUE: return X509AddSigningAlgorithmECC(signKey, scheme, ctx); #endif // ALG_ECC #if ALG_SM2 case ALG_SM2: return X509AddSigningAlgorithmSM2(signKey, scheme,ctx); #endif // ALG_SM2 default: break; } return 0; } //*** X509AddPublicKey() // This function will add the publicKey description to the DER data. If fillPtr is // NULL, then no data is transferred and this function will indicate if the TPM // has the values for DER-encoding of the public key. // Return Type: INT16 // > 0 number of octets added // == 0 failure INT16 X509AddPublicKey( ASN1MarshalContext *ctx, OBJECT *object ) { switch(object->publicArea.type) { #if ALG_RSA case ALG_RSA_VALUE: return X509AddPublicRSA(object, ctx); #endif #if ALG_ECC case ALG_ECC_VALUE: return X509AddPublicECC(object, ctx); #endif #if ALG_SM2 case ALG_SM2_VALUE: break; #endif default: break; } return FALSE; } //*** X509PushAlgorithmIdentifierSequence() // Return Type: INT16 // > 0 number of bytes added // == 0 failure INT16 X509PushAlgorithmIdentifierSequence( ASN1MarshalContext *ctx, const BYTE *OID ) { ASN1StartMarshalContext(ctx); // hash algorithm ASN1PushNull(ctx); ASN1PushOID(ctx, OID); return ASN1EndEncapsulation(ctx, ASN1_CONSTRUCTED_SEQUENCE); } go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/000077500000000000000000000000001510276467000244115ustar00rootroot00000000000000go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/000077500000000000000000000000001510276467000265265ustar00rootroot00000000000000go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/ECC_Parameters.c000066400000000000000000000047271510276467000314610ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "ECC_Parameters_fp.h" #if CC_ECC_Parameters // Conditional expansion of this file /*(See part 3 specification) // This command returns the parameters of an ECC curve identified by its TCG // assigned curveID */ // Return Type: TPM_RC // TPM_RC_VALUE Unsupported ECC curve ID TPM_RC TPM2_ECC_Parameters( ECC_Parameters_In *in, // IN: input parameter list ECC_Parameters_Out *out // OUT: output parameter list ) { // Command Output // Get ECC curve parameters if(CryptEccGetParameters(in->curveID, &out->parameters)) return TPM_RC_SUCCESS; else return TPM_RCS_VALUE + RC_ECC_Parameters_curveID; } #endif // CC_ECC_Parametersgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/ECDH_KeyGen.c000066400000000000000000000075631510276467000306520ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "ECDH_KeyGen_fp.h" #if CC_ECDH_KeyGen // Conditional expansion of this file /*(See part 3 specification) // This command uses the TPM to generate an ephemeral public key and the product // of the ephemeral private key and the public portion of an ECC key. */ // Return Type: TPM_RC // TPM_RC_KEY 'keyHandle' does not reference an ECC key TPM_RC TPM2_ECDH_KeyGen( ECDH_KeyGen_In *in, // IN: input parameter list ECDH_KeyGen_Out *out // OUT: output parameter list ) { OBJECT *eccKey; TPM2B_ECC_PARAMETER sensitive; TPM_RC result; // Input Validation eccKey = HandleToObject(in->keyHandle); // Referenced key must be an ECC key if(eccKey->publicArea.type != TPM_ALG_ECC) return TPM_RCS_KEY + RC_ECDH_KeyGen_keyHandle; // Command Output do { TPMT_PUBLIC *keyPublic = &eccKey->publicArea; // Create ephemeral ECC key result = CryptEccNewKeyPair(&out->pubPoint.point, &sensitive, keyPublic->parameters.eccDetail.curveID); if(result == TPM_RC_SUCCESS) { // Compute Z result = CryptEccPointMultiply(&out->zPoint.point, keyPublic->parameters.eccDetail.curveID, &keyPublic->unique.ecc, &sensitive, NULL, NULL); // The point in the key is not on the curve. Indicate // that the key is bad. if(result == TPM_RC_ECC_POINT) return TPM_RCS_KEY + RC_ECDH_KeyGen_keyHandle; // The other possible error from CryptEccPointMultiply is // TPM_RC_NO_RESULT indicating that the multiplication resulted in // the point at infinity, so get a new random key and start over // BTW, this never happens. } } while(result == TPM_RC_NO_RESULT); return result; } #endif // CC_ECDH_KeyGengo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/ECDH_ZGen.c000066400000000000000000000100241510276467000303150ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "ECDH_ZGen_fp.h" #if CC_ECDH_ZGen // Conditional expansion of this file /*(See part 3 specification) // This command uses the TPM to recover the Z value from a public point */ // Return Type: TPM_RC // TPM_RC_ATTRIBUTES key referenced by 'keyA' is restricted or // not a decrypt key // TPM_RC_KEY key referenced by 'keyA' is not an ECC key // TPM_RC_NO_RESULT multiplying 'inPoint' resulted in a // point at infinity // TPM_RC_SCHEME the scheme of the key referenced by 'keyA' // is not TPM_ALG_NULL, TPM_ALG_ECDH, TPM_RC TPM2_ECDH_ZGen( ECDH_ZGen_In *in, // IN: input parameter list ECDH_ZGen_Out *out // OUT: output parameter list ) { TPM_RC result; OBJECT *eccKey; // Input Validation eccKey = HandleToObject(in->keyHandle); // Selected key must be a non-restricted, decrypt ECC key if(eccKey->publicArea.type != TPM_ALG_ECC) return TPM_RCS_KEY + RC_ECDH_ZGen_keyHandle; // Selected key needs to be unrestricted with the 'decrypt' attribute if(IS_ATTRIBUTE(eccKey->publicArea.objectAttributes, TPMA_OBJECT, restricted) || !IS_ATTRIBUTE(eccKey->publicArea.objectAttributes, TPMA_OBJECT, decrypt)) return TPM_RCS_ATTRIBUTES + RC_ECDH_ZGen_keyHandle; // Make sure the scheme allows this use if(eccKey->publicArea.parameters.eccDetail.scheme.scheme != TPM_ALG_ECDH && eccKey->publicArea.parameters.eccDetail.scheme.scheme != TPM_ALG_NULL) return TPM_RCS_SCHEME + RC_ECDH_ZGen_keyHandle; // Command Output // Compute Z. TPM_RC_ECC_POINT or TPM_RC_NO_RESULT may be returned here. result = CryptEccPointMultiply(&out->outPoint.point, eccKey->publicArea.parameters.eccDetail.curveID, &in->inPoint.point, &eccKey->sensitive.sensitive.ecc, NULL, NULL); if(result != TPM_RC_SUCCESS) return RcSafeAddToResult(result, RC_ECDH_ZGen_inPoint); return result; } #endif // CC_ECDH_ZGengo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/EC_Ephemeral.c000066400000000000000000000061301510276467000311430ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "EC_Ephemeral_fp.h" #if CC_EC_Ephemeral // Conditional expansion of this file /*(See part 3 specification) // This command creates an ephemeral key using the commit mechanism */ // Return Type: TPM_RC // TPM_RC_NO_RESULT the TPM is not able to generate an 'r' value TPM_RC TPM2_EC_Ephemeral( EC_Ephemeral_In *in, // IN: input parameter list EC_Ephemeral_Out *out // OUT: output parameter list ) { TPM2B_ECC_PARAMETER r; TPM_RC result; // do { // Get the random value that will be used in the point multiplications // Note: this does not commit the count. if(!CryptGenerateR(&r, NULL, in->curveID, NULL)) return TPM_RC_NO_RESULT; // do a point multiply result = CryptEccPointMultiply(&out->Q.point, in->curveID, NULL, &r, NULL, NULL); // commit the count value if either the r value results in the point at // infinity or if the value is good. The commit on the r value for infinity // is so that the r value will be skipped. if((result == TPM_RC_SUCCESS) || (result == TPM_RC_NO_RESULT)) out->counter = CryptCommit(); } while(result == TPM_RC_NO_RESULT); return TPM_RC_SUCCESS; } #endif // CC_EC_Ephemeralgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/RSA_Decrypt.c000066400000000000000000000116221510276467000310130ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "RSA_Decrypt_fp.h" #if CC_RSA_Decrypt // Conditional expansion of this file /*(See part 3 specification) // decrypts the provided data block and removes the padding if applicable */ // Return Type: TPM_RC // TPM_RC_ATTRIBUTES 'decrypt' is not SET or if 'restricted' is SET in // the key referenced by 'keyHandle' // TPM_RC_BINDING The public an private parts of the key are not // properly bound // TPM_RC_KEY 'keyHandle' does not reference an unrestricted // decrypt key // TPM_RC_SCHEME incorrect input scheme, or the chosen // 'scheme' is not a valid RSA decrypt scheme // TPM_RC_SIZE 'cipherText' is not the size of the modulus // of key referenced by 'keyHandle' // TPM_RC_VALUE 'label' is not a null terminated string or the value // of 'cipherText' is greater that the modulus of // 'keyHandle' or the encoding of the data is not // valid TPM_RC TPM2_RSA_Decrypt( RSA_Decrypt_In *in, // IN: input parameter list RSA_Decrypt_Out *out // OUT: output parameter list ) { TPM_RC result; OBJECT *rsaKey; TPMT_RSA_DECRYPT *scheme; // Input Validation rsaKey = HandleToObject(in->keyHandle); // The selected key must be an RSA key if(rsaKey->publicArea.type != TPM_ALG_RSA) return TPM_RCS_KEY + RC_RSA_Decrypt_keyHandle; // The selected key must be an unrestricted decryption key if(IS_ATTRIBUTE(rsaKey->publicArea.objectAttributes, TPMA_OBJECT, restricted) || !IS_ATTRIBUTE(rsaKey->publicArea.objectAttributes, TPMA_OBJECT, decrypt)) return TPM_RCS_ATTRIBUTES + RC_RSA_Decrypt_keyHandle; // NOTE: Proper operation of this command requires that the sensitive area // of the key is loaded. This is assured because authorization is required // to use the sensitive area of the key. In order to check the authorization, // the sensitive area has to be loaded, even if authorization is with policy. // If label is present, make sure that it is a NULL-terminated string if(!IsLabelProperlyFormatted(&in->label.b)) return TPM_RCS_VALUE + RC_RSA_Decrypt_label; // Command Output // Select a scheme for decrypt. scheme = CryptRsaSelectScheme(in->keyHandle, &in->inScheme); if(scheme == NULL) return TPM_RCS_SCHEME + RC_RSA_Decrypt_inScheme; // Decryption. TPM_RC_VALUE, TPM_RC_SIZE, and TPM_RC_KEY error may be // returned by CryptRsaDecrypt. // NOTE: CryptRsaDecrypt can also return TPM_RC_ATTRIBUTES or TPM_RC_BINDING // when the key is not a decryption key but that was checked above. out->message.t.size = sizeof(out->message.t.buffer); result = CryptRsaDecrypt(&out->message.b, &in->cipherText.b, rsaKey, scheme, &in->label.b); return result; } #endif // CC_RSA_Decryptgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/RSA_Encrypt.c000066400000000000000000000077021510276467000310310ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "RSA_Encrypt_fp.h" #if CC_RSA_Encrypt // Conditional expansion of this file /*(See part 3 specification) // This command performs the padding and encryption of a data block */ // Return Type: TPM_RC // TPM_RC_ATTRIBUTES 'decrypt' attribute is not SET in key referenced // by 'keyHandle' // TPM_RC_KEY 'keyHandle' does not reference an RSA key // TPM_RC_SCHEME incorrect input scheme, or the chosen // scheme is not a valid RSA decrypt scheme // TPM_RC_VALUE the numeric value of 'message' is greater than // the public modulus of the key referenced by // 'keyHandle', or 'label' is not a null-terminated // string TPM_RC TPM2_RSA_Encrypt( RSA_Encrypt_In *in, // IN: input parameter list RSA_Encrypt_Out *out // OUT: output parameter list ) { TPM_RC result; OBJECT *rsaKey; TPMT_RSA_DECRYPT *scheme; // Input Validation rsaKey = HandleToObject(in->keyHandle); // selected key must be an RSA key if(rsaKey->publicArea.type != TPM_ALG_RSA) return TPM_RCS_KEY + RC_RSA_Encrypt_keyHandle; // selected key must have the decryption attribute if(!IS_ATTRIBUTE(rsaKey->publicArea.objectAttributes, TPMA_OBJECT, decrypt)) return TPM_RCS_ATTRIBUTES + RC_RSA_Encrypt_keyHandle; // Is there a label? if(!IsLabelProperlyFormatted(&in->label.b)) return TPM_RCS_VALUE + RC_RSA_Encrypt_label; // Command Output // Select a scheme for encryption scheme = CryptRsaSelectScheme(in->keyHandle, &in->inScheme); if(scheme == NULL) return TPM_RCS_SCHEME + RC_RSA_Encrypt_inScheme; // Encryption. TPM_RC_VALUE, or TPM_RC_SCHEME errors my be returned buy // CryptEncyptRSA. out->outData.t.size = sizeof(out->outData.t.buffer); result = CryptRsaEncrypt(&out->outData, &in->message.b, rsaKey, scheme, &in->label.b, NULL); return result; } #endif // CC_RSA_Encryptgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Asymmetric/ZGen_2Phase.c000066400000000000000000000121231510276467000307360ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "ZGen_2Phase_fp.h" #if CC_ZGen_2Phase // Conditional expansion of this file // This command uses the TPM to recover one or two Z values in a two phase key // exchange protocol // Return Type: TPM_RC // TPM_RC_ATTRIBUTES key referenced by 'keyA' is restricted or // not a decrypt key // TPM_RC_ECC_POINT 'inQsB' or 'inQeB' is not on the curve of // the key reference by 'keyA' // TPM_RC_KEY key referenced by 'keyA' is not an ECC key // TPM_RC_SCHEME the scheme of the key referenced by 'keyA' // is not TPM_ALG_NULL, TPM_ALG_ECDH, // ALG_ECMQV or TPM_ALG_SM2 TPM_RC TPM2_ZGen_2Phase( ZGen_2Phase_In *in, // IN: input parameter list ZGen_2Phase_Out *out // OUT: output parameter list ) { TPM_RC result; OBJECT *eccKey; TPM2B_ECC_PARAMETER r; TPM_ALG_ID scheme; // Input Validation eccKey = HandleToObject(in->keyA); // keyA must be an ECC key if(eccKey->publicArea.type != TPM_ALG_ECC) return TPM_RCS_KEY + RC_ZGen_2Phase_keyA; // keyA must not be restricted and must be a decrypt key if(IS_ATTRIBUTE(eccKey->publicArea.objectAttributes, TPMA_OBJECT, restricted) || !IS_ATTRIBUTE(eccKey->publicArea.objectAttributes, TPMA_OBJECT, decrypt)) return TPM_RCS_ATTRIBUTES + RC_ZGen_2Phase_keyA; // if the scheme of keyA is TPM_ALG_NULL, then use the input scheme; otherwise // the input scheme must be the same as the scheme of keyA scheme = eccKey->publicArea.parameters.asymDetail.scheme.scheme; if(scheme != TPM_ALG_NULL) { if(scheme != in->inScheme) return TPM_RCS_SCHEME + RC_ZGen_2Phase_inScheme; } else scheme = in->inScheme; if(scheme == TPM_ALG_NULL) return TPM_RCS_SCHEME + RC_ZGen_2Phase_inScheme; // Input points must be on the curve of keyA if(!CryptEccIsPointOnCurve(eccKey->publicArea.parameters.eccDetail.curveID, &in->inQsB.point)) return TPM_RCS_ECC_POINT + RC_ZGen_2Phase_inQsB; if(!CryptEccIsPointOnCurve(eccKey->publicArea.parameters.eccDetail.curveID, &in->inQeB.point)) return TPM_RCS_ECC_POINT + RC_ZGen_2Phase_inQeB; if(!CryptGenerateR(&r, &in->counter, eccKey->publicArea.parameters.eccDetail.curveID, NULL)) return TPM_RCS_VALUE + RC_ZGen_2Phase_counter; // Command Output result = CryptEcc2PhaseKeyExchange(&out->outZ1.point, &out->outZ2.point, eccKey->publicArea.parameters.eccDetail.curveID, scheme, &eccKey->sensitive.sensitive.ecc, &r, &in->inQsB.point, &in->inQeB.point); if(result == TPM_RC_SCHEME) return TPM_RCS_SCHEME + RC_ZGen_2Phase_inScheme; if(result == TPM_RC_SUCCESS) CryptEndCommit(in->counter); return result; } #endif // CC_ZGen_2Phasego-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/AttachedComponent/000077500000000000000000000000001510276467000300115ustar00rootroot00000000000000AC_GetCapability.c000066400000000000000000000044651510276467000331730ustar00rootroot00000000000000go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/AttachedComponent/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "AC_GetCapability_fp.h" #include "AC_spt_fp.h" #if CC_AC_GetCapability // Conditional expansion of this file /*(See part 3 specification) // This command returns various information regarding Attached Components */ TPM_RC TPM2_AC_GetCapability( AC_GetCapability_In *in, // IN: input parameter list AC_GetCapability_Out *out // OUT: output parameter list ) { // Command Output out->moreData = AcCapabilitiesGet(in->ac, in->count, &out->capabilitiesData); return TPM_RC_SUCCESS; } #endif // CC_AC_GetCapabilitygo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/AttachedComponent/AC_Send.c000066400000000000000000000116101510276467000314100ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "AC_Send_fp.h" #include "AC_spt_fp.h" #if CC_AC_Send // Conditional expansion of this file /*(See part 3 specification) // Duplicate a loaded object */ // Return Type: TPM_RC // TPM_RC_ATTRIBUTES key to duplicate has 'fixedParent' SET // TPM_RC_HASH for an RSA key, the nameAlg digest size for the // newParent is not compatible with the key size // TPM_RC_HIERARCHY 'encryptedDuplication' is SET and 'newParentHandle' // specifies Null Hierarchy // TPM_RC_KEY 'newParentHandle' references invalid ECC key (public // point not on the curve) // TPM_RC_SIZE input encryption key size does not match the // size specified in symmetric algorithm // TPM_RC_SYMMETRIC 'encryptedDuplication' is SET but no symmetric // algorithm is provided // TPM_RC_TYPE 'newParentHandle' is neither a storage key nor // TPM_RH_NULL; or the object has a NULL nameAlg // TPM_RC_VALUE for an RSA newParent, the sizes of the digest and // the encryption key are too large to be OAEP encoded TPM_RC TPM2_AC_Send( AC_Send_In *in, // IN: input parameter list AC_Send_Out *out // OUT: output parameter list ) { NV_REF locator; TPM_HANDLE nvAlias = ((in->ac - AC_FIRST) + NV_AC_FIRST); NV_INDEX *nvIndex = NvGetIndexInfo(nvAlias, &locator); OBJECT *object = HandleToObject(in->sendObject); TPM_RC result; // Input validation // If there is an NV alias, then the index must allow the authorization provided if(nvIndex != NULL) { // Common access checks, NvWriteAccessCheck() may return // TPM_RC_NV_AUTHORIZATION or TPM_RC_NV_LOCKED result = NvWriteAccessChecks(in->authHandle, nvAlias, nvIndex->publicArea.attributes); if(result != TPM_RC_SUCCESS) return result; } // If 'ac' did not have an alias then the authorization had to be with either // platform or owner authorization. The type of TPMI_RH_NV_AUTH only allows // owner or platform or an NV index. If it was a valid index, it would have had // an alias and be processed above, so only success here is if this is a // permanent handle. else if(HandleGetType(in->authHandle) != TPM_HT_PERMANENT) return TPM_RCS_HANDLE + RC_AC_Send_authHandle; // Make sure that the object to be duplicated has the right attributes if(IS_ATTRIBUTE(object->publicArea.objectAttributes, TPMA_OBJECT, encryptedDuplication) || IS_ATTRIBUTE(object->publicArea.objectAttributes, TPMA_OBJECT, fixedParent) || IS_ATTRIBUTE(object->publicArea.objectAttributes, TPMA_OBJECT, fixedTPM)) return TPM_RCS_ATTRIBUTES + RC_AC_Send_sendObject; // Command output // Do the implementation dependent send return AcSendObject(in->ac, object, &out->acDataOut); } #endif // TPM_CC_AC_Sendgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/AttachedComponent/AC_spt.c000066400000000000000000000117451510276467000313360ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Includes #include "Tpm.h" #include "AC_spt_fp.h" #if 1 // This is the simulated AC data. typedef struct { TPMI_RH_AC ac; TPML_AC_CAPABILITIES *acData; } acCapabilities; TPML_AC_CAPABILITIES acData0001 = {1, {{TPM_AT_PV1, 0x01234567}}}; acCapabilities ac[1] = { {0x0001, &acData0001} }; #define NUM_AC (sizeof(ac) / sizeof(acCapabilities)) #endif // 1 The simulated AC data //*** AcToCapabilities() // This function returns a pointer to a list of AC capabilities. TPML_AC_CAPABILITIES * AcToCapabilities( TPMI_RH_AC component // IN: component ) { UINT32 index; // for(index = 0; index < NUM_AC; index++) { if(ac[index].ac == component) return ac[index].acData; } return NULL; } //*** AcIsAccessible() // Function to determine if an AC handle references an actual AC // Return Type: BOOL BOOL AcIsAccessible( TPM_HANDLE acHandle ) { // In this implementation, the AC exists if there are some capabilities to go // with the handle return AcToCapabilities(acHandle) != NULL; } //*** AcCapabilitiesGet() // This function returns a list of capabilities associated with an AC // Return Type: TPMI_YES_NO // YES if there are more handles available // NO all the available handles has been returned TPMI_YES_NO AcCapabilitiesGet( TPMI_RH_AC component, // IN: the component TPM_AT type, // IN: start capability type TPML_AC_CAPABILITIES *capabilityList // OUT: list of handle ) { TPMI_YES_NO more = NO; UINT32 i; TPML_AC_CAPABILITIES *capabilities = AcToCapabilities(component); pAssert(HandleGetType(component) == TPM_HT_AC); // Initialize output handle list capabilityList->count = 0; if(capabilities != NULL) { // Find the first capability less than or equal to type for(i = 0; i < capabilities->count; i++) { if(capabilities->acCapabilities[i].tag >= type) { // copy the capabilities until we run out or fill the list for(; (capabilityList->count < MAX_AC_CAPABILITIES) && (i < capabilities->count); i++) { capabilityList->acCapabilities[capabilityList->count] = capabilities->acCapabilities[i]; capabilityList->count++; } more = i < capabilities->count; } } } return more; } //*** AcSendObject() // Stub to handle sending of an AC object // Return Type: TPM_RC TPM_RC AcSendObject( TPM_HANDLE acHandle, // IN: Handle of AC receiving object OBJECT *object, // IN: object structure to send TPMS_AC_OUTPUT *acDataOut // OUT: results of operation ) { NOT_REFERENCED(object); NOT_REFERENCED(acHandle); acDataOut->tag = TPM_AT_ERROR; // indicate that the response contains an // error code acDataOut->data = TPM_AE_NONE; // but there is no error. return TPM_RC_SUCCESS; } Policy_AC_SendSelect.c000066400000000000000000000103371510276467000340150ustar00rootroot00000000000000go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/AttachedComponent/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "Policy_AC_SendSelect_fp.h" #if CC_Policy_AC_SendSelect // Conditional expansion of this file /*(See part 3 specification) // allows qualification of attached component and object to be sent. */ // Return Type: TPM_RC // TPM_RC_COMMAND_CODE 'commandCode' of 'policySession; is not empty // TPM_RC_CPHASH 'cpHash' of 'policySession' is not empty TPM_RC TPM2_Policy_AC_SendSelect( Policy_AC_SendSelect_In *in // IN: input parameter list ) { SESSION *session; HASH_STATE hashState; TPM_CC commandCode = TPM_CC_Policy_AC_SendSelect; // Input Validation // Get pointer to the session structure session = SessionGet(in->policySession); // cpHash in session context must be empty if(session->u1.cpHash.t.size != 0) return TPM_RC_CPHASH; // commandCode in session context must be empty if(session->commandCode != 0) return TPM_RC_COMMAND_CODE; // Internal Data Update // Update name hash session->u1.cpHash.t.size = CryptHashStart(&hashState, session->authHashAlg); // add objectName CryptDigestUpdate2B(&hashState, &in->objectName.b); // add authHandleName CryptDigestUpdate2B(&hashState, &in->authHandleName.b); // add ac name CryptDigestUpdate2B(&hashState, &in->acName.b); // complete hash CryptHashEnd2B(&hashState, &session->u1.cpHash.b); // update policy hash // Old policyDigest size should be the same as the new policyDigest size since // they are using the same hash algorithm session->u2.policyDigest.t.size = CryptHashStart(&hashState, session->authHashAlg); // add old policy CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); // add command code CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode); // add objectName if(in->includeObject == YES) CryptDigestUpdate2B(&hashState, &in->objectName.b); // add authHandleName CryptDigestUpdate2B(&hashState, &in->authHandleName.b); // add acName CryptDigestUpdate2B(&hashState, &in->acName.b); // add includeObject CryptDigestUpdateInt(&hashState, sizeof(TPMI_YES_NO), in->includeObject); // complete digest CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); // set commandCode in session context session->commandCode = TPM_CC_AC_Send; return TPM_RC_SUCCESS; } #endif // CC_PolicyDuplicationSelectgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/000077500000000000000000000000001510276467000267105ustar00rootroot00000000000000go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/Attest_spt.c000066400000000000000000000201131510276467000312030ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Includes #include "Tpm.h" #include "Attest_spt_fp.h" //** Functions //***FillInAttestInfo() // Fill in common fields of TPMS_ATTEST structure. void FillInAttestInfo( TPMI_DH_OBJECT signHandle, // IN: handle of signing object TPMT_SIG_SCHEME *scheme, // IN/OUT: scheme to be used for signing TPM2B_DATA *data, // IN: qualifying data TPMS_ATTEST *attest // OUT: attest structure ) { OBJECT *signObject = HandleToObject(signHandle); // Magic number attest->magic = TPM_GENERATED_VALUE; if(signObject == NULL) { // The name for a null handle is TPM_RH_NULL // This is defined because UINT32_TO_BYTE_ARRAY does a cast. If the // size of the cast is smaller than a constant, the compiler warns // about the truncation of a constant value. TPM_HANDLE nullHandle = TPM_RH_NULL; attest->qualifiedSigner.t.size = sizeof(TPM_HANDLE); UINT32_TO_BYTE_ARRAY(nullHandle, attest->qualifiedSigner.t.name); } else { // Certifying object qualified name // if the scheme is anonymous, this is an empty buffer if(CryptIsSchemeAnonymous(scheme->scheme)) attest->qualifiedSigner.t.size = 0; else attest->qualifiedSigner = signObject->qualifiedName; } // current clock in plain text TimeFillInfo(&attest->clockInfo); // Firmware version in plain text attest->firmwareVersion = ((UINT64)gp.firmwareV1 << (sizeof(UINT32) * 8)); attest->firmwareVersion += gp.firmwareV2; // Check the hierarchy of sign object. For NULL sign handle, the hierarchy // will be TPM_RH_NULL if((signObject == NULL) || (!signObject->attributes.epsHierarchy && !signObject->attributes.ppsHierarchy)) { // For signing key that is not in platform or endorsement hierarchy, // obfuscate the reset, restart and firmware version information UINT64 obfuscation[2]; CryptKDFa(CONTEXT_INTEGRITY_HASH_ALG, &gp.shProof.b, OBFUSCATE_STRING, &attest->qualifiedSigner.b, NULL, 128, (BYTE *)&obfuscation[0], NULL, FALSE); // Obfuscate data attest->firmwareVersion += obfuscation[0]; attest->clockInfo.resetCount += (UINT32)(obfuscation[1] >> 32); attest->clockInfo.restartCount += (UINT32)obfuscation[1]; } // External data if(CryptIsSchemeAnonymous(scheme->scheme)) attest->extraData.t.size = 0; else { // If we move the data to the attestation structure, then it is not // used in the signing operation except as part of the signed data attest->extraData = *data; data->t.size = 0; } } //***SignAttestInfo() // Sign a TPMS_ATTEST structure. If signHandle is TPM_RH_NULL, a null signature // is returned. // // Return Type: TPM_RC // TPM_RC_ATTRIBUTES 'signHandle' references not a signing key // TPM_RC_SCHEME 'scheme' is not compatible with 'signHandle' type // TPM_RC_VALUE digest generated for the given 'scheme' is greater than // the modulus of 'signHandle' (for an RSA key); // invalid commit status or failed to generate "r" value // (for an ECC key) TPM_RC SignAttestInfo( OBJECT *signKey, // IN: sign object TPMT_SIG_SCHEME *scheme, // IN: sign scheme TPMS_ATTEST *certifyInfo, // IN: the data to be signed TPM2B_DATA *qualifyingData, // IN: extra data for the signing // process TPM2B_ATTEST *attest, // OUT: marshaled attest blob to be // signed TPMT_SIGNATURE *signature // OUT: signature ) { BYTE *buffer; HASH_STATE hashState; TPM2B_DIGEST digest; TPM_RC result; // Marshal TPMS_ATTEST structure for hash buffer = attest->t.attestationData; attest->t.size = TPMS_ATTEST_Marshal(certifyInfo, &buffer, NULL); if(signKey == NULL) { signature->sigAlg = TPM_ALG_NULL; result = TPM_RC_SUCCESS; } else { TPMI_ALG_HASH hashAlg; // Compute hash hashAlg = scheme->details.any.hashAlg; // need to set the receive buffer to get something put in it digest.t.size = sizeof(digest.t.buffer); digest.t.size = CryptHashBlock(hashAlg, attest->t.size, attest->t.attestationData, digest.t.size, digest.t.buffer); // If there is qualifying data, need to rehash the data // hash(qualifyingData || hash(attestationData)) if(qualifyingData->t.size != 0) { CryptHashStart(&hashState, hashAlg); CryptDigestUpdate2B(&hashState, &qualifyingData->b); CryptDigestUpdate2B(&hashState, &digest.b); CryptHashEnd2B(&hashState, &digest.b); } // Sign the hash. A TPM_RC_VALUE, TPM_RC_SCHEME, or // TPM_RC_ATTRIBUTES error may be returned at this point result = CryptSign(signKey, scheme, &digest, signature); // Since the clock is used in an attestation, the state in NV is no longer // "orderly" with respect to the data in RAM if the signature is valid if(result == TPM_RC_SUCCESS) { // Command uses the clock so need to clear the orderly state if it is // set. result = NvClearOrderly(); } } return result; } //*** IsSigningObject() // Checks to see if the object is OK for signing. This is here rather than in // Object_spt.c because all the attestation commands use this file but not // Object_spt.c. // Return Type: BOOL // TRUE(1) object may sign // FALSE(0) object may not sign BOOL IsSigningObject( OBJECT *object // IN: ) { return ((object == NULL) || ((IS_ATTRIBUTE(object->publicArea.objectAttributes, TPMA_OBJECT, sign) && object->publicArea.type != TPM_ALG_SYMCIPHER))); }go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/Certify.c000066400000000000000000000103671510276467000304700ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "Attest_spt_fp.h" #include "Certify_fp.h" #if CC_Certify // Conditional expansion of this file /*(See part 3 specification) // prove an object with a specific Name is loaded in the TPM */ // Return Type: TPM_RC // TPM_RC_KEY key referenced by 'signHandle' is not a signing key // TPM_RC_SCHEME 'inScheme' is not compatible with 'signHandle' // TPM_RC_VALUE digest generated for 'inScheme' is greater or has larger // size than the modulus of 'signHandle', or the buffer for // the result in 'signature' is too small (for an RSA key); // invalid commit status (for an ECC key with a split scheme) TPM_RC TPM2_Certify( Certify_In *in, // IN: input parameter list Certify_Out *out // OUT: output parameter list ) { TPMS_ATTEST certifyInfo; OBJECT *signObject = HandleToObject(in->signHandle); OBJECT *certifiedObject = HandleToObject(in->objectHandle); // Input validation if(!IsSigningObject(signObject)) return TPM_RCS_KEY + RC_Certify_signHandle; if(!CryptSelectSignScheme(signObject, &in->inScheme)) return TPM_RCS_SCHEME + RC_Certify_inScheme; // Command Output // Filling in attest information // Common fields FillInAttestInfo(in->signHandle, &in->inScheme, &in->qualifyingData, &certifyInfo); // Certify specific fields certifyInfo.type = TPM_ST_ATTEST_CERTIFY; // NOTE: the certified object is not allowed to be TPM_ALG_NULL so // 'certifiedObject' will never be NULL certifyInfo.attested.certify.name = certifiedObject->name; // When using an anonymous signing scheme, need to set the qualified Name to the // empty buffer to avoid correlation between keys if(CryptIsSchemeAnonymous(in->inScheme.scheme)) certifyInfo.attested.certify.qualifiedName.t.size = 0; else certifyInfo.attested.certify.qualifiedName = certifiedObject->qualifiedName; // Sign attestation structure. A NULL signature will be returned if // signHandle is TPM_RH_NULL. A TPM_RC_NV_UNAVAILABLE, TPM_RC_NV_RATE, // TPM_RC_VALUE, TPM_RC_SCHEME or TPM_RC_ATTRIBUTES error may be returned // by SignAttestInfo() return SignAttestInfo(signObject, &in->inScheme, &certifyInfo, &in->qualifyingData, &out->certifyInfo, &out->signature); } #endif // CC_Certifygo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/CertifyCreation.c000066400000000000000000000106661510276467000321570ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "Attest_spt_fp.h" #include "CertifyCreation_fp.h" #if CC_CertifyCreation // Conditional expansion of this file /*(See part 3 specification) // Prove the association between an object and its creation data */ // Return Type: TPM_RC // TPM_RC_KEY key referenced by 'signHandle' is not a signing key // TPM_RC_SCHEME 'inScheme' is not compatible with 'signHandle' // TPM_RC_TICKET 'creationTicket' does not match 'objectHandle' // TPM_RC_VALUE digest generated for 'inScheme' is greater or has larger // size than the modulus of 'signHandle', or the buffer for // the result in 'signature' is too small (for an RSA key); // invalid commit status (for an ECC key with a split scheme). TPM_RC TPM2_CertifyCreation( CertifyCreation_In *in, // IN: input parameter list CertifyCreation_Out *out // OUT: output parameter list ) { TPMT_TK_CREATION ticket; TPMS_ATTEST certifyInfo; OBJECT *certified = HandleToObject(in->objectHandle); OBJECT *signObject = HandleToObject(in->signHandle); // Input Validation if(!IsSigningObject(signObject)) return TPM_RCS_KEY + RC_CertifyCreation_signHandle; if(!CryptSelectSignScheme(signObject, &in->inScheme)) return TPM_RCS_SCHEME + RC_CertifyCreation_inScheme; // CertifyCreation specific input validation // Re-compute ticket TicketComputeCreation(in->creationTicket.hierarchy, &certified->name, &in->creationHash, &ticket); // Compare ticket if(!MemoryEqual2B(&ticket.digest.b, &in->creationTicket.digest.b)) return TPM_RCS_TICKET + RC_CertifyCreation_creationTicket; // Command Output // Common fields FillInAttestInfo(in->signHandle, &in->inScheme, &in->qualifyingData, &certifyInfo); // CertifyCreation specific fields // Attestation type certifyInfo.type = TPM_ST_ATTEST_CREATION; certifyInfo.attested.creation.objectName = certified->name; // Copy the creationHash certifyInfo.attested.creation.creationHash = in->creationHash; // Sign attestation structure. A NULL signature will be returned if // signObject is TPM_RH_NULL. A TPM_RC_NV_UNAVAILABLE, TPM_RC_NV_RATE, // TPM_RC_VALUE, TPM_RC_SCHEME or TPM_RC_ATTRIBUTES error may be returned at // this point return SignAttestInfo(signObject, &in->inScheme, &certifyInfo, &in->qualifyingData, &out->certifyInfo, &out->signature); } #endif // CC_CertifyCreationgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/CertifyX509.c000066400000000000000000000304561510276467000310570ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "CertifyX509_fp.h" #include "X509.h" #include "TpmASN1_fp.h" #include "X509_spt_fp.h" #include "Attest_spt_fp.h" #if CC_CertifyX509 // Conditional expansion of this file /*(See part 3 specification) // Certify */ // return type: TPM_RC // TPM_RC_ATTRIBUTES the attributes of 'objectHandle' are not compatible // with the KeyUsage or TPMA_OBJECT values in the // extensions fields // TPM_RC_BINDING the public and private portions of the key are not // properly bound. // TPM_RC_HASH the hash algorithm in the scheme is not supported // TPM_RC_KEY 'signHandle' does not reference a signing key; // TPM_RC_SCHEME the scheme is not compatible with sign key type, // or input scheme is not compatible with default // scheme, or the chosen scheme is not a valid // sign scheme // TPM_RC_VALUE most likely a problem with the format of // 'partialCertificate' TPM_RC TPM2_CertifyX509( CertifyX509_In *in, // IN: input parameter list CertifyX509_Out *out // OUT: output parameter list ) { TPM_RC result; OBJECT *signKey = HandleToObject(in->signHandle); OBJECT *object = HandleToObject(in->objectHandle); HASH_STATE hash; INT16 length; // length for a tagged element ASN1UnmarshalContext ctx; ASN1MarshalContext ctxOut; // certTBS holds an array of pointers and lengths. Each entry references the // corresponding value in a TBSCertificate structure. For example, the 1th // element references the version number stringRef certTBS[REF_COUNT] = {{0}}; #define ALLOWED_SEQUENCES (SUBJECT_PUBLIC_KEY_REF - SIGNATURE_REF) stringRef partial[ALLOWED_SEQUENCES] = {{0}}; INT16 countOfSequences = 0; INT16 i; // #if CERTIFYX509_DEBUG DebugFileOpen(); DebugDumpBuffer(in->partialCertificate.t.size, in->partialCertificate.t.buffer, "partialCertificate"); #endif // Input Validation // signing key must be able to sign if(!IsSigningObject(signKey)) return TPM_RCS_KEY + RC_CertifyX509_signHandle; // Pick a scheme for sign. If the input sign scheme is not compatible with // the default scheme, return an error. if(!CryptSelectSignScheme(signKey, &in->inScheme)) return TPM_RCS_SCHEME + RC_CertifyX509_inScheme; // Make sure that the public Key encoding is known if(X509AddPublicKey(NULL, object) == 0) return TPM_RCS_ASYMMETRIC + RC_CertifyX509_objectHandle; // Unbundle 'partialCertificate'. // Initialize the unmarshaling context if(!ASN1UnmarshalContextInitialize(&ctx, in->partialCertificate.t.size, in->partialCertificate.t.buffer)) return TPM_RCS_VALUE + RC_CertifyX509_partialCertificate; // Make sure that this is a constructed SEQUENCE length = ASN1NextTag(&ctx); // Must be a constructed SEQUENCE that uses all of the input parameter if((ctx.tag != (ASN1_CONSTRUCTED_SEQUENCE)) || ((ctx.offset + length) != in->partialCertificate.t.size)) return TPM_RCS_SIZE + RC_CertifyX509_partialCertificate; // This scans through the contents of the outermost SEQUENCE. This would be the // 'issuer', 'validity', 'subject', 'issuerUniqueID' (optional), // 'subjectUniqueID' (optional), and 'extensions.' while(ctx.offset < ctx.size) { INT16 startOfElement = ctx.offset; // // Read the next tag and length field. length = ASN1NextTag(&ctx); if(length < 0) break; if(ctx.tag == ASN1_CONSTRUCTED_SEQUENCE) { partial[countOfSequences].buf = &ctx.buffer[startOfElement]; ctx.offset += length; partial[countOfSequences].len = (INT16)ctx.offset - startOfElement; if(++countOfSequences > ALLOWED_SEQUENCES) break; } else if(ctx.tag == X509_EXTENSIONS) { if(certTBS[EXTENSIONS_REF].len != 0) return TPM_RCS_VALUE + RC_CertifyX509_partialCertificate; certTBS[EXTENSIONS_REF].buf = &ctx.buffer[startOfElement]; ctx.offset += length; certTBS[EXTENSIONS_REF].len = (INT16)ctx.offset - startOfElement; } else return TPM_RCS_VALUE + RC_CertifyX509_partialCertificate; } // Make sure that we used all of the data and found at least the required // number of elements. if((ctx.offset != ctx.size) || (countOfSequences < 3) || (countOfSequences > 4) || (certTBS[EXTENSIONS_REF].buf == NULL)) return TPM_RCS_VALUE + RC_CertifyX509_partialCertificate; // Now that we know how many sequences there were, we can put them where they // belong for(i = 0; i < countOfSequences; i++) certTBS[SUBJECT_KEY_REF - i] = partial[countOfSequences - 1 - i]; // If only three SEQUENCES, then the TPM needs to produce the signature algorithm. // See if it can if((countOfSequences == 3) && (X509AddSigningAlgorithm(NULL, signKey, &in->inScheme) == 0)) return TPM_RCS_SCHEME + RC_CertifyX509_signHandle; // Process the extensions result = X509ProcessExtensions(object, &certTBS[EXTENSIONS_REF]); if(result != TPM_RC_SUCCESS) // If the extension has the TPMA_OBJECT extension and the attributes don't // match, then the error code will be TPM_RCS_ATTRIBUTES. Otherwise, the error // indicates a malformed partialCertificate. return result + ((result == TPM_RCS_ATTRIBUTES) ? RC_CertifyX509_objectHandle : RC_CertifyX509_partialCertificate); // Command Output // Create the addedToCertificate values // Build the addedToCertificate from the bottom up. // Initialize the context structure ASN1InitialializeMarshalContext(&ctxOut, sizeof(out->addedToCertificate.t.buffer), out->addedToCertificate.t.buffer); // Place a marker for the overall context ASN1StartMarshalContext(&ctxOut); // SEQUENCE for addedToCertificate // Add the subject public key descriptor certTBS[SUBJECT_PUBLIC_KEY_REF].len = X509AddPublicKey(&ctxOut, object); certTBS[SUBJECT_PUBLIC_KEY_REF].buf = ctxOut.buffer + ctxOut.offset; // If the caller didn't provide the algorithm identifier, create it if(certTBS[SIGNATURE_REF].len == 0) { certTBS[SIGNATURE_REF].len = X509AddSigningAlgorithm(&ctxOut, signKey, &in->inScheme); certTBS[SIGNATURE_REF].buf = ctxOut.buffer + ctxOut.offset; } // Create the serial number value. Use the out->tbsDigest as scratch. { TPM2B *digest = &out->tbsDigest.b; // digest->size = (INT16)CryptHashStart(&hash, signKey->publicArea.nameAlg); pAssert(digest->size != 0); // The serial number size is the smaller of the digest and the vendor-defined // value digest->size = MIN(digest->size, SIZE_OF_X509_SERIAL_NUMBER); // Add all the parts of the certificate other than the serial number // and version number for(i = SIGNATURE_REF; i < REF_COUNT; i++) CryptDigestUpdate(&hash, certTBS[i].len, certTBS[i].buf); // throw in the Name of the signing key... CryptDigestUpdate2B(&hash, &signKey->name.b); // ...and the Name of the signed key. CryptDigestUpdate2B(&hash, &object->name.b); // Done CryptHashEnd2B(&hash, digest); } // Add the serial number certTBS[SERIAL_NUMBER_REF].len = ASN1PushInteger(&ctxOut, out->tbsDigest.t.size, out->tbsDigest.t.buffer); certTBS[SERIAL_NUMBER_REF].buf = ctxOut.buffer + ctxOut.offset; // Add the static version number ASN1StartMarshalContext(&ctxOut); ASN1PushUINT(&ctxOut, 2); certTBS[VERSION_REF].len = ASN1EndEncapsulation(&ctxOut, ASN1_APPLICAIION_SPECIFIC); certTBS[VERSION_REF].buf = ctxOut.buffer + ctxOut.offset; // Create a fake tag and length for the TBS in the space used for // 'addedToCertificate' { for(length = 0, i = 0; i < REF_COUNT; i++) length += certTBS[i].len; // Put a fake tag and length into the buffer for use in the tbsDigest certTBS[ENCODED_SIZE_REF].len = ASN1PushTagAndLength(&ctxOut, ASN1_CONSTRUCTED_SEQUENCE, length); certTBS[ENCODED_SIZE_REF].buf = ctxOut.buffer + ctxOut.offset; // Restore the buffer pointer to add back the number of octets used for the // tag and length ctxOut.offset += certTBS[ENCODED_SIZE_REF].len; } // sanity check if(ctxOut.offset < 0) return TPM_RC_FAILURE; // Create the tbsDigest to sign out->tbsDigest.t.size = CryptHashStart(&hash, in->inScheme.details.any.hashAlg); for(i = 0; i < REF_COUNT; i++) CryptDigestUpdate(&hash, certTBS[i].len, certTBS[i].buf); CryptHashEnd2B(&hash, &out->tbsDigest.b); #if CERTIFYX509_DEBUG { BYTE fullTBS[4096]; BYTE *fill = fullTBS; int j; for (j = 0; j < REF_COUNT; j++) { MemoryCopy(fill, certTBS[j].buf, certTBS[j].len); fill += certTBS[j].len; } DebugDumpBuffer((int)(fill - &fullTBS[0]), fullTBS, "\nfull TBS"); } #endif // Finish up the processing of addedToCertificate // Create the actual tag and length for the addedToCertificate structure out->addedToCertificate.t.size = ASN1EndEncapsulation(&ctxOut, ASN1_CONSTRUCTED_SEQUENCE); // Now move all the addedToContext to the start of the buffer MemoryCopy(out->addedToCertificate.t.buffer, ctxOut.buffer + ctxOut.offset, out->addedToCertificate.t.size); #if CERTIFYX509_DEBUG DebugDumpBuffer(out->addedToCertificate.t.size, out->addedToCertificate.t.buffer, "\naddedToCertificate"); #endif // only thing missing is the signature result = CryptSign(signKey, &in->inScheme, &out->tbsDigest, &out->signature); return result; } #endif // CC_CertifyX509 GetCommandAuditDigest.c000066400000000000000000000110351510276467000331420ustar00rootroot00000000000000go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "Attest_spt_fp.h" #include "GetCommandAuditDigest_fp.h" #if CC_GetCommandAuditDigest // Conditional expansion of this file /*(See part 3 specification) // Get current value of command audit log */ // Return Type: TPM_RC // TPM_RC_KEY key referenced by 'signHandle' is not a signing key // TPM_RC_SCHEME 'inScheme' is incompatible with 'signHandle' type; or // both 'scheme' and key's default scheme are empty; or // 'scheme' is empty while key's default scheme requires // explicit input scheme (split signing); or // non-empty default key scheme differs from 'scheme' // TPM_RC_VALUE digest generated for the given 'scheme' is greater than // the modulus of 'signHandle' (for an RSA key); // invalid commit status or failed to generate "r" value // (for an ECC key) TPM_RC TPM2_GetCommandAuditDigest( GetCommandAuditDigest_In *in, // IN: input parameter list GetCommandAuditDigest_Out *out // OUT: output parameter list ) { TPM_RC result; TPMS_ATTEST auditInfo; OBJECT *signObject = HandleToObject(in->signHandle); // Input validation if(!IsSigningObject(signObject)) return TPM_RCS_KEY + RC_GetCommandAuditDigest_signHandle; if(!CryptSelectSignScheme(signObject, &in->inScheme)) return TPM_RCS_SCHEME + RC_GetCommandAuditDigest_inScheme; // Command Output // Fill in attest information common fields FillInAttestInfo(in->signHandle, &in->inScheme, &in->qualifyingData, &auditInfo); // CommandAuditDigest specific fields auditInfo.type = TPM_ST_ATTEST_COMMAND_AUDIT; auditInfo.attested.commandAudit.digestAlg = gp.auditHashAlg; auditInfo.attested.commandAudit.auditCounter = gp.auditCounter; // Copy command audit log auditInfo.attested.commandAudit.auditDigest = gr.commandAuditDigest; CommandAuditGetDigest(&auditInfo.attested.commandAudit.commandDigest); // Sign attestation structure. A NULL signature will be returned if // signHandle is TPM_RH_NULL. A TPM_RC_NV_UNAVAILABLE, TPM_RC_NV_RATE, // TPM_RC_VALUE, TPM_RC_SCHEME or TPM_RC_ATTRIBUTES error may be returned at // this point result = SignAttestInfo(signObject, &in->inScheme, &auditInfo, &in->qualifyingData, &out->auditInfo, &out->signature); // Internal Data Update if(result == TPM_RC_SUCCESS && in->signHandle != TPM_RH_NULL) // Reset log gr.commandAuditDigest.t.size = 0; return result; } #endif // CC_GetCommandAuditDigestGetSessionAuditDigest.c000066400000000000000000000105631510276467000332140ustar00rootroot00000000000000go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "Attest_spt_fp.h" #include "GetSessionAuditDigest_fp.h" #if CC_GetSessionAuditDigest // Conditional expansion of this file /*(See part 3 specification) // Get audit session digest */ // Return Type: TPM_RC // TPM_RC_KEY key referenced by 'signHandle' is not a signing key // TPM_RC_SCHEME 'inScheme' is incompatible with 'signHandle' type; or // both 'scheme' and key's default scheme are empty; or // 'scheme' is empty while key's default scheme requires // explicit input scheme (split signing); or // non-empty default key scheme differs from 'scheme' // TPM_RC_TYPE 'sessionHandle' does not reference an audit session // TPM_RC_VALUE digest generated for the given 'scheme' is greater than // the modulus of 'signHandle' (for an RSA key); // invalid commit status or failed to generate "r" value // (for an ECC key) TPM_RC TPM2_GetSessionAuditDigest( GetSessionAuditDigest_In *in, // IN: input parameter list GetSessionAuditDigest_Out *out // OUT: output parameter list ) { SESSION *session = SessionGet(in->sessionHandle); TPMS_ATTEST auditInfo; OBJECT *signObject = HandleToObject(in->signHandle); // Input Validation if(!IsSigningObject(signObject)) return TPM_RCS_KEY + RC_GetSessionAuditDigest_signHandle; if(!CryptSelectSignScheme(signObject, &in->inScheme)) return TPM_RCS_SCHEME + RC_GetSessionAuditDigest_inScheme; // session must be an audit session if(session->attributes.isAudit == CLEAR) return TPM_RCS_TYPE + RC_GetSessionAuditDigest_sessionHandle; // Command Output // Fill in attest information common fields FillInAttestInfo(in->signHandle, &in->inScheme, &in->qualifyingData, &auditInfo); // SessionAuditDigest specific fields auditInfo.type = TPM_ST_ATTEST_SESSION_AUDIT; auditInfo.attested.sessionAudit.sessionDigest = session->u2.auditDigest; // Exclusive audit session auditInfo.attested.sessionAudit.exclusiveSession = (g_exclusiveAuditSession == in->sessionHandle); // Sign attestation structure. A NULL signature will be returned if // signObject is NULL. return SignAttestInfo(signObject, &in->inScheme, &auditInfo, &in->qualifyingData, &out->auditInfo, &out->signature); } #endif // CC_GetSessionAuditDigestgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/GetTime.c000066400000000000000000000076651510276467000304300ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "Attest_spt_fp.h" #include "GetTime_fp.h" #if CC_GetTime // Conditional expansion of this file /*(See part 3 specification) // Applies a time stamp to the passed blob (qualifyingData). */ // Return Type: TPM_RC // TPM_RC_KEY key referenced by 'signHandle' is not a signing key // TPM_RC_SCHEME 'inScheme' is incompatible with 'signHandle' type; or // both 'scheme' and key's default scheme are empty; or // 'scheme' is empty while key's default scheme requires // explicit input scheme (split signing); or // non-empty default key scheme differs from 'scheme' // TPM_RC_VALUE digest generated for the given 'scheme' is greater than // the modulus of 'signHandle' (for an RSA key); // invalid commit status or failed to generate "r" value // (for an ECC key) TPM_RC TPM2_GetTime( GetTime_In *in, // IN: input parameter list GetTime_Out *out // OUT: output parameter list ) { TPMS_ATTEST timeInfo; OBJECT *signObject = HandleToObject(in->signHandle); // Input Validation if(!IsSigningObject(signObject)) return TPM_RCS_KEY + RC_GetTime_signHandle; if(!CryptSelectSignScheme(signObject, &in->inScheme)) return TPM_RCS_SCHEME + RC_GetTime_inScheme; // Command Output // Fill in attest common fields FillInAttestInfo(in->signHandle, &in->inScheme, &in->qualifyingData, &timeInfo); // GetClock specific fields timeInfo.type = TPM_ST_ATTEST_TIME; timeInfo.attested.time.time.time = g_time; TimeFillInfo(&timeInfo.attested.time.time.clockInfo); // Firmware version in plain text timeInfo.attested.time.firmwareVersion = (((UINT64)gp.firmwareV1) << 32) + gp.firmwareV2; // Sign attestation structure. A NULL signature will be returned if // signObject is NULL. return SignAttestInfo(signObject, &in->inScheme, &timeInfo, &in->qualifyingData, &out->timeInfo, &out->signature); } #endif // CC_GetTimego-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Attestation/Quote.c000066400000000000000000000100001510276467000301400ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "Attest_spt_fp.h" #include "Quote_fp.h" #if CC_Quote // Conditional expansion of this file /*(See part 3 specification) // quote PCR values */ // Return Type: TPM_RC // TPM_RC_KEY 'signHandle' does not reference a signing key; // TPM_RC_SCHEME the scheme is not compatible with sign key type, // or input scheme is not compatible with default // scheme, or the chosen scheme is not a valid // sign scheme TPM_RC TPM2_Quote( Quote_In *in, // IN: input parameter list Quote_Out *out // OUT: output parameter list ) { TPMI_ALG_HASH hashAlg; TPMS_ATTEST quoted; OBJECT *signObject = HandleToObject(in->signHandle); // Input Validation if(!IsSigningObject(signObject)) return TPM_RCS_KEY + RC_Quote_signHandle; if(!CryptSelectSignScheme(signObject, &in->inScheme)) return TPM_RCS_SCHEME + RC_Quote_inScheme; // Command Output // Filling in attest information // Common fields // FillInAttestInfo may return TPM_RC_SCHEME or TPM_RC_KEY FillInAttestInfo(in->signHandle, &in->inScheme, &in->qualifyingData, "ed); // Quote specific fields // Attestation type quoted.type = TPM_ST_ATTEST_QUOTE; // Get hash algorithm in sign scheme. This hash algorithm is used to // compute PCR digest. If there is no algorithm, then the PCR cannot // be digested and this command returns TPM_RC_SCHEME hashAlg = in->inScheme.details.any.hashAlg; if(hashAlg == TPM_ALG_NULL) return TPM_RCS_SCHEME + RC_Quote_inScheme; // Compute PCR digest PCRComputeCurrentDigest(hashAlg, &in->PCRselect, "ed.attested.quote.pcrDigest); // Copy PCR select. "PCRselect" is modified in PCRComputeCurrentDigest // function quoted.attested.quote.pcrSelect = in->PCRselect; // Sign attestation structure. A NULL signature will be returned if // signObject is NULL. return SignAttestInfo(signObject, &in->inScheme, "ed, &in->qualifyingData, &out->quoted, &out->signature); } #endif // CC_Quotego-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Capability/000077500000000000000000000000001510276467000264725ustar00rootroot00000000000000go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Capability/GetCapability.c000066400000000000000000000206621510276467000313650ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "GetCapability_fp.h" #if CC_GetCapability // Conditional expansion of this file /*(See part 3 specification) // This command returns various information regarding the TPM and its current // state */ // Return Type: TPM_RC // TPM_RC_HANDLE value of 'property' is in an unsupported handle range // for the TPM_CAP_HANDLES 'capability' value // TPM_RC_VALUE invalid 'capability'; or 'property' is not 0 for the // TPM_CAP_PCRS 'capability' value TPM_RC TPM2_GetCapability( GetCapability_In *in, // IN: input parameter list GetCapability_Out *out // OUT: output parameter list ) { TPMU_CAPABILITIES *data = &out->capabilityData.data; // Command Output // Set output capability type the same as input type out->capabilityData.capability = in->capability; switch(in->capability) { case TPM_CAP_ALGS: out->moreData = AlgorithmCapGetImplemented((TPM_ALG_ID)in->property, in->propertyCount, &data->algorithms); break; case TPM_CAP_HANDLES: switch(HandleGetType((TPM_HANDLE)in->property)) { case TPM_HT_TRANSIENT: // Get list of handles of loaded transient objects out->moreData = ObjectCapGetLoaded((TPM_HANDLE)in->property, in->propertyCount, &data->handles); break; case TPM_HT_PERSISTENT: // Get list of handles of persistent objects out->moreData = NvCapGetPersistent((TPM_HANDLE)in->property, in->propertyCount, &data->handles); break; case TPM_HT_NV_INDEX: // Get list of defined NV index out->moreData = NvCapGetIndex((TPM_HANDLE)in->property, in->propertyCount, &data->handles); break; case TPM_HT_LOADED_SESSION: // Get list of handles of loaded sessions out->moreData = SessionCapGetLoaded((TPM_HANDLE)in->property, in->propertyCount, &data->handles); break; #ifdef TPM_HT_SAVED_SESSION case TPM_HT_SAVED_SESSION: #else case TPM_HT_ACTIVE_SESSION: #endif // Get list of handles of out->moreData = SessionCapGetSaved((TPM_HANDLE)in->property, in->propertyCount, &data->handles); break; case TPM_HT_PCR: // Get list of handles of PCR out->moreData = PCRCapGetHandles((TPM_HANDLE)in->property, in->propertyCount, &data->handles); break; case TPM_HT_PERMANENT: // Get list of permanent handles out->moreData = PermanentCapGetHandles((TPM_HANDLE)in->property, in->propertyCount, &data->handles); break; default: // Unsupported input handle type return TPM_RCS_HANDLE + RC_GetCapability_property; break; } break; case TPM_CAP_COMMANDS: out->moreData = CommandCapGetCCList((TPM_CC)in->property, in->propertyCount, &data->command); break; case TPM_CAP_PP_COMMANDS: out->moreData = PhysicalPresenceCapGetCCList((TPM_CC)in->property, in->propertyCount, &data->ppCommands); break; case TPM_CAP_AUDIT_COMMANDS: out->moreData = CommandAuditCapGetCCList((TPM_CC)in->property, in->propertyCount, &data->auditCommands); break; case TPM_CAP_PCRS: // Input property must be 0 if(in->property != 0) return TPM_RCS_VALUE + RC_GetCapability_property; out->moreData = PCRCapGetAllocation(in->propertyCount, &data->assignedPCR); break; case TPM_CAP_PCR_PROPERTIES: out->moreData = PCRCapGetProperties((TPM_PT_PCR)in->property, in->propertyCount, &data->pcrProperties); break; case TPM_CAP_TPM_PROPERTIES: out->moreData = TPMCapGetProperties((TPM_PT)in->property, in->propertyCount, &data->tpmProperties); break; #if ALG_ECC case TPM_CAP_ECC_CURVES: out->moreData = CryptCapGetECCCurve((TPM_ECC_CURVE)in->property, in->propertyCount, &data->eccCurves); break; #endif // ALG_ECC case TPM_CAP_AUTH_POLICIES: if(HandleGetType((TPM_HANDLE)in->property) != TPM_HT_PERMANENT) return TPM_RCS_VALUE + RC_GetCapability_property; out->moreData = PermanentHandleGetPolicy((TPM_HANDLE)in->property, in->propertyCount, &data->authPolicies); break; case TPM_CAP_VENDOR_PROPERTY: // vendor property is not implemented default: // Unsupported TPM_CAP value return TPM_RCS_VALUE + RC_GetCapability_capability; break; } return TPM_RC_SUCCESS; } #endif // CC_GetCapabilitygo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Capability/TestParms.c000066400000000000000000000043021510276467000305570ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "TestParms_fp.h" #if CC_TestParms // Conditional expansion of this file /*(See part 3 specification) // TestParms */ TPM_RC TPM2_TestParms( TestParms_In *in // IN: input parameter list ) { // Input parameter is not reference in command action NOT_REFERENCED(in); // The parameters are tested at unmarshal process. We do nothing in command // action return TPM_RC_SUCCESS; } #endif // CC_TestParmsgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/ClockTimer/000077500000000000000000000000001510276467000264455ustar00rootroot00000000000000go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/ClockTimer/ClockRateAdjust.c000066400000000000000000000043031510276467000316330ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "ClockRateAdjust_fp.h" #if CC_ClockRateAdjust // Conditional expansion of this file /*(See part 3 specification) // adjusts the rate of advance of Clock and Timer to provide a better // approximation to real time. */ TPM_RC TPM2_ClockRateAdjust( ClockRateAdjust_In *in // IN: input parameter list ) { // Internal Data Update TimeSetAdjustRate(in->rateAdjust); return TPM_RC_SUCCESS; } #endif // CC_ClockRateAdjustgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/ClockTimer/ClockSet.c000066400000000000000000000051731510276467000303260ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "ClockSet_fp.h" #if CC_ClockSet // Conditional expansion of this file // Read the current TPMS_TIMER_INFO structure settings // Return Type: TPM_RC // TPM_RC_NV_RATE NV is unavailable because of rate limit // TPM_RC_NV_UNAVAILABLE NV is inaccessible // TPM_RC_VALUE invalid new clock TPM_RC TPM2_ClockSet( ClockSet_In *in // IN: input parameter list ) { // Input Validation // new time can not be bigger than 0xFFFF000000000000 or smaller than // current clock if(in->newTime > 0xFFFF000000000000ULL || in->newTime < go.clock) return TPM_RCS_VALUE + RC_ClockSet_newTime; // Internal Data Update // Can't modify the clock if NV is not available. RETURN_IF_NV_IS_NOT_AVAILABLE; TimeClockUpdate(in->newTime); return TPM_RC_SUCCESS; } #endif // CC_ClockSetgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/ClockTimer/ReadClock.c000066400000000000000000000042431510276467000304430ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "ReadClock_fp.h" #if CC_ReadClock // Conditional expansion of this file /*(See part 3 specification) // read the current TPMS_TIMER_INFO structure settings */ TPM_RC TPM2_ReadClock( ReadClock_Out *out // OUT: output parameter list ) { // Command Output out->currentTime.time = g_time; TimeFillInfo(&out->currentTime.clockInfo); return TPM_RC_SUCCESS; } #endif // CC_ReadClockgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/CommandAudit/000077500000000000000000000000001510276467000267565ustar00rootroot00000000000000SetCommandCodeAuditStatus.c000066400000000000000000000077711510276467000340770ustar00rootroot00000000000000go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/CommandAudit/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "SetCommandCodeAuditStatus_fp.h" #if CC_SetCommandCodeAuditStatus // Conditional expansion of this file /*(See part 3 specification) // change the audit status of a command or to set the hash algorithm used for // the audit digest. */ TPM_RC TPM2_SetCommandCodeAuditStatus( SetCommandCodeAuditStatus_In *in // IN: input parameter list ) { // The command needs NV update. Check if NV is available. // A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may be returned at // this point RETURN_IF_NV_IS_NOT_AVAILABLE; // Internal Data Update // Update hash algorithm if(in->auditAlg != TPM_ALG_NULL && in->auditAlg != gp.auditHashAlg) { // Can't change the algorithm and command list at the same time if(in->setList.count != 0 || in->clearList.count != 0) return TPM_RCS_VALUE + RC_SetCommandCodeAuditStatus_auditAlg; // Change the hash algorithm for audit gp.auditHashAlg = in->auditAlg; // Set the digest size to a unique value that indicates that the digest // algorithm has been changed. The size will be cleared to zero in the // command audit processing on exit. gr.commandAuditDigest.t.size = 1; // Save the change of command audit data (this sets g_updateNV so that NV // will be updated on exit.) NV_SYNC_PERSISTENT(auditHashAlg); } else { UINT32 i; BOOL changed = FALSE; // Process set list for(i = 0; i < in->setList.count; i++) // If change is made in CommandAuditSet, set changed flag if(CommandAuditSet(in->setList.commandCodes[i])) changed = TRUE; // Process clear list for(i = 0; i < in->clearList.count; i++) // If change is made in CommandAuditClear, set changed flag if(CommandAuditClear(in->clearList.commandCodes[i])) changed = TRUE; // if change was made to command list, update NV if(changed) // this sets g_updateNV so that NV will be updated on exit. NV_SYNC_PERSISTENT(auditCommands); } return TPM_RC_SUCCESS; } #endif // CC_SetCommandCodeAuditStatusgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/000077500000000000000000000000001510276467000260355ustar00rootroot00000000000000go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/ContextLoad.c000066400000000000000000000175261510276467000304400ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "ContextLoad_fp.h" #if CC_ContextLoad // Conditional expansion of this file #include "Context_spt_fp.h" /*(See part 3 specification) // Load context */ // Return Type: TPM_RC // TPM_RC_CONTEXT_GAP there is only one available slot and this is not // the oldest saved session context // TPM_RC_HANDLE context.savedHandle' does not reference a saved // session // TPM_RC_HIERARCHY 'context.hierarchy' is disabled // TPM_RC_INTEGRITY 'context' integrity check fail // TPM_RC_OBJECT_MEMORY no free slot for an object // TPM_RC_SESSION_MEMORY no free session slots // TPM_RC_SIZE incorrect context blob size TPM_RC TPM2_ContextLoad( ContextLoad_In *in, // IN: input parameter list ContextLoad_Out *out // OUT: output parameter list ) { TPM_RC result; TPM2B_DIGEST integrityToCompare; TPM2B_DIGEST integrity; BYTE *buffer; // defined to save some typing INT32 size; // defined to save some typing TPM_HT handleType; TPM2B_SYM_KEY symKey; TPM2B_IV iv; // Input Validation // See discussion about the context format in TPM2_ContextSave Detailed Actions // IF this is a session context, make sure that the sequence number is // consistent with the version in the slot // Check context blob size handleType = HandleGetType(in->context.savedHandle); // Get integrity from context blob buffer = in->context.contextBlob.t.buffer; size = (INT32)in->context.contextBlob.t.size; result = TPM2B_DIGEST_Unmarshal(&integrity, &buffer, &size); if(result != TPM_RC_SUCCESS) return result; // the size of the integrity value has to match the size of digest produced // by the integrity hash if(integrity.t.size != CryptHashGetDigestSize(CONTEXT_INTEGRITY_HASH_ALG)) return TPM_RCS_SIZE + RC_ContextLoad_context; // Make sure that the context blob has enough space for the fingerprint. This // is elastic pants to go with the belt and suspenders we already have to make // sure that the context is complete and untampered. if((unsigned)size < sizeof(in->context.sequence)) return TPM_RCS_SIZE + RC_ContextLoad_context; // After unmarshaling the integrity value, 'buffer' is pointing at the first // byte of the integrity protected and encrypted buffer and 'size' is the number // of integrity protected and encrypted bytes. // Compute context integrity ComputeContextIntegrity(&in->context, &integrityToCompare); // Compare integrity if(!MemoryEqual2B(&integrity.b, &integrityToCompare.b)) return TPM_RCS_INTEGRITY + RC_ContextLoad_context; // Compute context encryption key ComputeContextProtectionKey(&in->context, &symKey, &iv); // Decrypt context data in place CryptSymmetricDecrypt(buffer, CONTEXT_ENCRYPT_ALG, CONTEXT_ENCRYPT_KEY_BITS, symKey.t.buffer, &iv, ALG_CFB_VALUE, size, buffer); // See if the fingerprint value matches. If not, it is symptomatic of either // a broken TPM or that the TPM is under attack so go into failure mode. if(!MemoryEqual(buffer, &in->context.sequence, sizeof(in->context.sequence))) FAIL(FATAL_ERROR_INTERNAL); // step over fingerprint buffer += sizeof(in->context.sequence); // set the remaining size of the context size -= sizeof(in->context.sequence); // Perform object or session specific input check switch(handleType) { case TPM_HT_TRANSIENT: { OBJECT *outObject; if(size > (INT32)sizeof(OBJECT)) FAIL(FATAL_ERROR_INTERNAL); // Discard any changes to the handle that the TRM might have made in->context.savedHandle = TRANSIENT_FIRST; // If hierarchy is disabled, no object context can be loaded in this // hierarchy if(!HierarchyIsEnabled(in->context.hierarchy)) return TPM_RCS_HIERARCHY + RC_ContextLoad_context; // Restore object. If there is no empty space, indicate as much outObject = ObjectContextLoad((ANY_OBJECT_BUFFER *)buffer, &out->loadedHandle); if(outObject == NULL) return TPM_RC_OBJECT_MEMORY; break; } case TPM_HT_POLICY_SESSION: case TPM_HT_HMAC_SESSION: { if(size != sizeof(SESSION)) FAIL(FATAL_ERROR_INTERNAL); // This command may cause the orderlyState to be cleared due to // the update of state reset data. If this is the case, check if NV is // available first RETURN_IF_ORDERLY; // Check if input handle points to a valid saved session and that the // sequence number makes sense if(!SequenceNumberForSavedContextIsValid(&in->context)) return TPM_RCS_HANDLE + RC_ContextLoad_context; // Restore session. A TPM_RC_SESSION_MEMORY, TPM_RC_CONTEXT_GAP error // may be returned at this point result = SessionContextLoad((SESSION_BUF *)buffer, &in->context.savedHandle); if(result != TPM_RC_SUCCESS) return result; out->loadedHandle = in->context.savedHandle; // orderly state should be cleared because of the update of state // reset and state clear data g_clearOrderly = TRUE; break; } default: // Context blob may only have an object handle or a session handle. // All the other handle type should be filtered out at unmarshal FAIL(FATAL_ERROR_INTERNAL); break; } return TPM_RC_SUCCESS; } #endif // CC_ContextLoadgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/ContextSave.c000066400000000000000000000244671510276467000304610ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "ContextSave_fp.h" #if CC_ContextSave // Conditional expansion of this file #include "Context_spt_fp.h" /*(See part 3 specification) Save context */ // Return Type: TPM_RC // TPM_RC_CONTEXT_GAP a contextID could not be assigned for a session // context save // TPM_RC_TOO_MANY_CONTEXTS no more contexts can be saved as the counter has // maxed out TPM_RC TPM2_ContextSave( ContextSave_In *in, // IN: input parameter list ContextSave_Out *out // OUT: output parameter list ) { TPM_RC result = TPM_RC_SUCCESS; UINT16 fingerprintSize; // The size of fingerprint in context // blob. UINT64 contextID = 0; // session context ID TPM2B_SYM_KEY symKey; TPM2B_IV iv; TPM2B_DIGEST integrity; UINT16 integritySize; BYTE *buffer; // This command may cause the orderlyState to be cleared due to // the update of state reset data. If the state is orderly and // cannot be changed, exit early. RETURN_IF_ORDERLY; // Internal Data Update // This implementation does not do things in quite the same way as described in // Part 2 of the specification. In Part 2, it indicates that the // TPMS_CONTEXT_DATA contains two TPM2B values. That is not how this is // implemented. Rather, the size field of the TPM2B_CONTEXT_DATA is used to // determine the amount of data in the encrypted data. That part is not // independently sized. This makes the actual size 2 bytes smaller than // calculated using Part 2. Since this is opaque to the caller, it is not // necessary to fix. The actual size is returned by TPM2_GetCapabilties(). // Initialize output handle. At the end of command action, the output // handle of an object will be replaced, while the output handle // for a session will be the same as input out->context.savedHandle = in->saveHandle; // Get the size of fingerprint in context blob. The sequence value in // TPMS_CONTEXT structure is used as the fingerprint fingerprintSize = sizeof(out->context.sequence); // Compute the integrity size at the beginning of context blob integritySize = sizeof(integrity.t.size) + CryptHashGetDigestSize(CONTEXT_INTEGRITY_HASH_ALG); // Perform object or session specific context save switch(HandleGetType(in->saveHandle)) { case TPM_HT_TRANSIENT: { OBJECT *object = HandleToObject(in->saveHandle); ANY_OBJECT_BUFFER *outObject; UINT16 objectSize = ObjectIsSequence(object) ? sizeof(HASH_OBJECT) : sizeof(OBJECT); outObject = (ANY_OBJECT_BUFFER *)(out->context.contextBlob.t.buffer + integritySize + fingerprintSize); // Set size of the context data. The contents of context blob is vendor // defined. In this implementation, the size is size of integrity // plus fingerprint plus the whole internal OBJECT structure out->context.contextBlob.t.size = integritySize + fingerprintSize + objectSize; #if ALG_RSA // For an RSA key, make sure that the key has had the private exponent // computed before saving. if(object->publicArea.type == TPM_ALG_RSA && !(object->attributes.publicOnly)) CryptRsaLoadPrivateExponent(&object->publicArea, &object->sensitive); #endif // Make sure things fit pAssert(out->context.contextBlob.t.size <= sizeof(out->context.contextBlob.t.buffer)); // Copy the whole internal OBJECT structure to context blob MemoryCopy(outObject, object, objectSize); // Increment object context ID gr.objectContextID++; // If object context ID overflows, TPM should be put in failure mode if(gr.objectContextID == 0) FAIL(FATAL_ERROR_INTERNAL); // Fill in other return values for an object. out->context.sequence = gr.objectContextID; // For regular object, savedHandle is 0x80000000. For sequence object, // savedHandle is 0x80000001. For object with stClear, savedHandle // is 0x80000002 if(ObjectIsSequence(object)) { out->context.savedHandle = 0x80000001; SequenceDataExport((HASH_OBJECT *)object, (HASH_OBJECT_BUFFER *)outObject); } else out->context.savedHandle = (object->attributes.stClear == SET) ? 0x80000002 : 0x80000000; // Get object hierarchy out->context.hierarchy = ObjectGetHierarchy(object); break; } case TPM_HT_HMAC_SESSION: case TPM_HT_POLICY_SESSION: { SESSION *session = SessionGet(in->saveHandle); // Set size of the context data. The contents of context blob is vendor // defined. In this implementation, the size of context blob is the // size of a internal session structure plus the size of // fingerprint plus the size of integrity out->context.contextBlob.t.size = integritySize + fingerprintSize + sizeof(*session); // Make sure things fit pAssert(out->context.contextBlob.t.size < sizeof(out->context.contextBlob.t.buffer)); // Copy the whole internal SESSION structure to context blob. // Save space for fingerprint at the beginning of the buffer // This is done before anything else so that the actual context // can be reclaimed after this call pAssert(sizeof(*session) <= sizeof(out->context.contextBlob.t.buffer) - integritySize - fingerprintSize); MemoryCopy(out->context.contextBlob.t.buffer + integritySize + fingerprintSize, session, sizeof(*session)); // Fill in the other return parameters for a session // Get a context ID and set the session tracking values appropriately // TPM_RC_CONTEXT_GAP is a possible error. // SessionContextSave() will flush the in-memory context // so no additional errors may occur after this call. result = SessionContextSave(out->context.savedHandle, &contextID); if(result != TPM_RC_SUCCESS) return result; // sequence number is the current session contextID out->context.sequence = contextID; // use TPM_RH_NULL as hierarchy for session context out->context.hierarchy = TPM_RH_NULL; break; } default: // SaveContext may only take an object handle or a session handle. // All the other handle type should be filtered out at unmarshal FAIL(FATAL_ERROR_INTERNAL); break; } // Save fingerprint at the beginning of encrypted area of context blob. // Reserve the integrity space pAssert(sizeof(out->context.sequence) <= sizeof(out->context.contextBlob.t.buffer) - integritySize); MemoryCopy(out->context.contextBlob.t.buffer + integritySize, &out->context.sequence, sizeof(out->context.sequence)); // Compute context encryption key ComputeContextProtectionKey(&out->context, &symKey, &iv); // Encrypt context blob CryptSymmetricEncrypt(out->context.contextBlob.t.buffer + integritySize, CONTEXT_ENCRYPT_ALG, CONTEXT_ENCRYPT_KEY_BITS, symKey.t.buffer, &iv, ALG_CFB_VALUE, out->context.contextBlob.t.size - integritySize, out->context.contextBlob.t.buffer + integritySize); // Compute integrity hash for the object // In this implementation, the same routine is used for both sessions // and objects. ComputeContextIntegrity(&out->context, &integrity); // add integrity at the beginning of context blob buffer = out->context.contextBlob.t.buffer; TPM2B_DIGEST_Marshal(&integrity, &buffer, NULL); // orderly state should be cleared because of the update of state reset and // state clear data g_clearOrderly = TRUE; return result; } #endif // CC_ContextSavego-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/Context_spt.c000066400000000000000000000250561510276467000305230ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Includes #include "Tpm.h" #include "Context_spt_fp.h" //** Functions //*** ComputeContextProtectionKey() // This function retrieves the symmetric protection key for context encryption // It is used by TPM2_ConextSave and TPM2_ContextLoad to create the symmetric // encryption key and iv /*(See part 1 specification) KDFa is used to generate the symmetric encryption key and IV. The parameters of the call are: Symkey = KDFa(hashAlg, hProof, vendorString, sequence, handle, bits) where hashAlg a vendor-defined hash algorithm hProof the hierarchy proof as selected by the hierarchy parameter of the TPMS_CONTEXT vendorString a value used to differentiate the uses of the KDF sequence the sequence parameter of the TPMS_CONTEXT handle the handle parameter of the TPMS_CONTEXT bits the number of bits needed for a symmetric key and IV for the context encryption */ // Return Type: void void ComputeContextProtectionKey( TPMS_CONTEXT *contextBlob, // IN: context blob TPM2B_SYM_KEY *symKey, // OUT: the symmetric key TPM2B_IV *iv // OUT: the IV. ) { UINT16 symKeyBits; // number of bits in the parent's // symmetric key TPM2B_PROOF *proof = NULL; // the proof value to use. Is null for // everything but a primary object in // the Endorsement Hierarchy BYTE kdfResult[sizeof(TPMU_HA) * 2];// Value produced by the KDF TPM2B_DATA sequence2B, handle2B; // Get proof value proof = HierarchyGetProof(contextBlob->hierarchy); // Get sequence value in 2B format sequence2B.t.size = sizeof(contextBlob->sequence); cAssert(sizeof(contextBlob->sequence) <= sizeof(sequence2B.t.buffer)); MemoryCopy(sequence2B.t.buffer, &contextBlob->sequence, sizeof(contextBlob->sequence)); // Get handle value in 2B format handle2B.t.size = sizeof(contextBlob->savedHandle); cAssert(sizeof(contextBlob->savedHandle) <= sizeof(handle2B.t.buffer)); MemoryCopy(handle2B.t.buffer, &contextBlob->savedHandle, sizeof(contextBlob->savedHandle)); // Get the symmetric encryption key size symKey->t.size = CONTEXT_ENCRYPT_KEY_BYTES; symKeyBits = CONTEXT_ENCRYPT_KEY_BITS; // Get the size of the IV for the algorithm iv->t.size = CryptGetSymmetricBlockSize(CONTEXT_ENCRYPT_ALG, symKeyBits); // KDFa to generate symmetric key and IV value CryptKDFa(CONTEXT_INTEGRITY_HASH_ALG, &proof->b, CONTEXT_KEY, &sequence2B.b, &handle2B.b, (symKey->t.size + iv->t.size) * 8, kdfResult, NULL, FALSE); // Copy part of the returned value as the key pAssert(symKey->t.size <= sizeof(symKey->t.buffer)); MemoryCopy(symKey->t.buffer, kdfResult, symKey->t.size); // Copy the rest as the IV pAssert(iv->t.size <= sizeof(iv->t.buffer)); MemoryCopy(iv->t.buffer, &kdfResult[symKey->t.size], iv->t.size); return; } //*** ComputeContextIntegrity() // Generate the integrity hash for a context // It is used by TPM2_ContextSave to create an integrity hash // and by TPM2_ContextLoad to compare an integrity hash /*(See part 1 specification) The HMAC integrity computation for a saved context is: HMACvendorAlg(hProof, resetValue {|| clearCount} || sequence || handle || encContext) where HMACvendorAlg HMAC using a vendor-defined hash algorithm hProof the hierarchy proof as selected by the hierarchy parameter of the TPMS_CONTEXT resetValue either a counter value that increments on each TPM Reset and is not reset over the lifetime of the TPM or a random value that changes on each TPM Reset and has the size of the digest produced by vendorAlg clearCount a counter value that is incremented on each TPM Reset or TPM Restart. This value is only included if the handle value is 0x80000002. sequence the sequence parameter of the TPMS_CONTEXT handle the handle parameter of the TPMS_CONTEXT encContext the encrypted context blob */ // Return Type: void void ComputeContextIntegrity( TPMS_CONTEXT *contextBlob, // IN: context blob TPM2B_DIGEST *integrity // OUT: integrity ) { HMAC_STATE hmacState; TPM2B_PROOF *proof; UINT16 integritySize; // Get proof value proof = HierarchyGetProof(contextBlob->hierarchy); // Start HMAC integrity->t.size = CryptHmacStart2B(&hmacState, CONTEXT_INTEGRITY_HASH_ALG, &proof->b); // Compute integrity size at the beginning of context blob integritySize = sizeof(integrity->t.size) + integrity->t.size; // Adding total reset counter so that the context cannot be // used after a TPM Reset CryptDigestUpdateInt(&hmacState.hashState, sizeof(gp.totalResetCount), gp.totalResetCount); // If this is a ST_CLEAR object, add the clear count // so that this contest cannot be loaded after a TPM Restart if(contextBlob->savedHandle == 0x80000002) CryptDigestUpdateInt(&hmacState.hashState, sizeof(gr.clearCount), gr.clearCount); // Adding sequence number to the HMAC to make sure that it doesn't // get changed CryptDigestUpdateInt(&hmacState.hashState, sizeof(contextBlob->sequence), contextBlob->sequence); // Protect the handle CryptDigestUpdateInt(&hmacState.hashState, sizeof(contextBlob->savedHandle), contextBlob->savedHandle); // Adding sensitive contextData, skip the leading integrity area CryptDigestUpdate(&hmacState.hashState, contextBlob->contextBlob.t.size - integritySize, contextBlob->contextBlob.t.buffer + integritySize); // Complete HMAC CryptHmacEnd2B(&hmacState, &integrity->b); return; } //*** SequenceDataExport(); // This function is used scan through the sequence object and // either modify the hash state data for export (contextSave) or to // import it into the internal format (contextLoad). // This function should only be called after the sequence object has been copied // to the context buffer (contextSave) or from the context buffer into the sequence // object. The presumption is that the context buffer version of the data is the // same size as the internal representation so nothing outsize of the hash context // area gets modified. void SequenceDataExport( HASH_OBJECT *object, // IN: an internal hash object HASH_OBJECT_BUFFER *exportObject // OUT: a sequence context in a buffer ) { // If the hash object is not an event, then only one hash context is needed int count = (object->attributes.eventSeq) ? HASH_COUNT : 1; for(count--; count >= 0; count--) { HASH_STATE *hash = &object->state.hashState[count]; size_t offset = (BYTE *)hash - (BYTE *)object; BYTE *exportHash = &((BYTE *)exportObject)[offset]; CryptHashExportState(hash, (EXPORT_HASH_STATE *)exportHash); } } //*** SequenceDataImport(); // This function is used scan through the sequence object and // either modify the hash state data for export (contextSave) or to // import it into the internal format (contextLoad). // This function should only be called after the sequence object has been copied // to the context buffer (contextSave) or from the context buffer into the sequence // object. The presumption is that the context buffer version of the data is the // same size as the internal representation so nothing outsize of the hash context // area gets modified. void SequenceDataImport( HASH_OBJECT *object, // IN/OUT: an internal hash object HASH_OBJECT_BUFFER *exportObject // IN/OUT: a sequence context in a buffer ) { // If the hash object is not an event, then only one hash context is needed int count = (object->attributes.eventSeq) ? HASH_COUNT : 1; for(count--; count >= 0; count--) { HASH_STATE *hash = &object->state.hashState[count]; size_t offset = (BYTE *)hash - (BYTE *)object; BYTE *importHash = &((BYTE *)exportObject)[offset]; // CryptHashImportState(hash, (EXPORT_HASH_STATE *)importHash); } }go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/EvictControl.c000066400000000000000000000127451510276467000306250ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "EvictControl_fp.h" #if CC_EvictControl // Conditional expansion of this file /*(See part 3 specification) // Make a transient object persistent or evict a persistent object */ // Return Type: TPM_RC // TPM_RC_ATTRIBUTES an object with 'temporary', 'stClear' or 'publicOnly' // attribute SET cannot be made persistent // TPM_RC_HIERARCHY 'auth' cannot authorize the operation in the hierarchy // of 'evictObject' // TPM_RC_HANDLE 'evictHandle' of the persistent object to be evicted is // not the same as the 'persistentHandle' argument // TPM_RC_NV_HANDLE 'persistentHandle' is unavailable // TPM_RC_NV_SPACE no space in NV to make 'evictHandle' persistent // TPM_RC_RANGE 'persistentHandle' is not in the range corresponding to // the hierarchy of 'evictObject' TPM_RC TPM2_EvictControl( EvictControl_In *in // IN: input parameter list ) { TPM_RC result; OBJECT *evictObject; // Input Validation // Get internal object pointer evictObject = HandleToObject(in->objectHandle); // Temporary, stClear or public only objects can not be made persistent if(evictObject->attributes.temporary == SET || evictObject->attributes.stClear == SET || evictObject->attributes.publicOnly == SET) return TPM_RCS_ATTRIBUTES + RC_EvictControl_objectHandle; // If objectHandle refers to a persistent object, it should be the same as // input persistentHandle if(evictObject->attributes.evict == SET && evictObject->evictHandle != in->persistentHandle) return TPM_RCS_HANDLE + RC_EvictControl_objectHandle; // Additional authorization validation if(in->auth == TPM_RH_PLATFORM) { // To make persistent if(evictObject->attributes.evict == CLEAR) { // PlatformAuth can not set evict object in storage or endorsement // hierarchy if(evictObject->attributes.ppsHierarchy == CLEAR) return TPM_RCS_HIERARCHY + RC_EvictControl_objectHandle; // Platform cannot use a handle outside of platform persistent range. if(!NvIsPlatformPersistentHandle(in->persistentHandle)) return TPM_RCS_RANGE + RC_EvictControl_persistentHandle; } // PlatformAuth can delete any persistent object } else if(in->auth == TPM_RH_OWNER) { // OwnerAuth can not set or clear evict object in platform hierarchy if(evictObject->attributes.ppsHierarchy == SET) return TPM_RCS_HIERARCHY + RC_EvictControl_objectHandle; // Owner cannot use a handle outside of owner persistent range. if(evictObject->attributes.evict == CLEAR && !NvIsOwnerPersistentHandle(in->persistentHandle)) return TPM_RCS_RANGE + RC_EvictControl_persistentHandle; } else { // Other authorization is not allowed in this command and should have been // filtered out in unmarshal process FAIL(FATAL_ERROR_INTERNAL); } // Internal Data Update // Change evict state if(evictObject->attributes.evict == CLEAR) { // Make object persistent if(NvFindHandle(in->persistentHandle) != 0) return TPM_RC_NV_DEFINED; // A TPM_RC_NV_HANDLE or TPM_RC_NV_SPACE error may be returned at this // point result = NvAddEvictObject(in->persistentHandle, evictObject); } else { // Delete the persistent object in NV result = NvDeleteEvict(evictObject->evictHandle); } return result; } #endif // CC_EvictControlgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Context/FlushContext.c000066400000000000000000000066061510276467000306370ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "FlushContext_fp.h" #if CC_FlushContext // Conditional expansion of this file /*(See part 3 specification) // Flush a specific object or session */ // Return Type: TPM_RC // TPM_RC_HANDLE 'flushHandle' does not reference a loaded object or session TPM_RC TPM2_FlushContext( FlushContext_In *in // IN: input parameter list ) { // Internal Data Update // Call object or session specific routine to flush switch(HandleGetType(in->flushHandle)) { case TPM_HT_TRANSIENT: if(!IsObjectPresent(in->flushHandle)) return TPM_RCS_HANDLE + RC_FlushContext_flushHandle; // Flush object FlushObject(in->flushHandle); break; case TPM_HT_HMAC_SESSION: case TPM_HT_POLICY_SESSION: if(!SessionIsLoaded(in->flushHandle) && !SessionIsSaved(in->flushHandle) ) return TPM_RCS_HANDLE + RC_FlushContext_flushHandle; // If the session to be flushed is the exclusive audit session, then // indicate that there is no exclusive audit session any longer. if(in->flushHandle == g_exclusiveAuditSession) g_exclusiveAuditSession = TPM_RH_UNASSIGNED; // Flush session SessionFlush(in->flushHandle); break; default: // This command only takes object or session handle. Other handles // should be filtered out at handle unmarshal FAIL(FATAL_ERROR_INTERNAL); break; } return TPM_RC_SUCCESS; } #endif // CC_FlushContextgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/DA/000077500000000000000000000000001510276467000246755ustar00rootroot00000000000000go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/DA/DictionaryAttackLockReset.c000066400000000000000000000051101510276467000321070ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "DictionaryAttackLockReset_fp.h" #if CC_DictionaryAttackLockReset // Conditional expansion of this file /*(See part 3 specification) // This command cancels the effect of a TPM lockout due to a number of // successive authorization failures. If this command is properly authorized, // the lockout counter is set to 0. */ TPM_RC TPM2_DictionaryAttackLockReset( DictionaryAttackLockReset_In *in // IN: input parameter list ) { // Input parameter is not reference in command action NOT_REFERENCED(in); // The command needs NV update. RETURN_IF_NV_IS_NOT_AVAILABLE; // Internal Data Update // Set failed tries to 0 gp.failedTries = 0; // Record the changes to NV NV_SYNC_PERSISTENT(failedTries); return TPM_RC_SUCCESS; } #endif // CC_DictionaryAttackLockResetgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/DA/DictionaryAttackParameters.c000066400000000000000000000057351510276467000323340ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "DictionaryAttackParameters_fp.h" #if CC_DictionaryAttackParameters // Conditional expansion of this file /*(See part 3 specification) // change the lockout parameters */ TPM_RC TPM2_DictionaryAttackParameters( DictionaryAttackParameters_In *in // IN: input parameter list ) { // The command needs NV update. RETURN_IF_NV_IS_NOT_AVAILABLE; // Internal Data Update // Set dictionary attack parameters gp.maxTries = in->newMaxTries; gp.recoveryTime = in->newRecoveryTime; gp.lockoutRecovery = in->lockoutRecovery; #if 0 // Errata eliminates this code // This functionality has been disabled. The preferred implementation is now // to leave failedTries unchanged when the parameters are changed. This could // have the effect of putting the TPM into DA lockout if in->newMaxTries is // not greater than the current value of gp.failedTries. // Set failed tries to 0 gp.failedTries = 0; #endif // Record the changes to NV NV_SYNC_PERSISTENT(failedTries); NV_SYNC_PERSISTENT(maxTries); NV_SYNC_PERSISTENT(recoveryTime); NV_SYNC_PERSISTENT(lockoutRecovery); return TPM_RC_SUCCESS; } #endif // CC_DictionaryAttackParametersgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Duplication/000077500000000000000000000000001510276467000266645ustar00rootroot00000000000000go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Duplication/Duplicate.c000066400000000000000000000150641510276467000307500ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "Duplicate_fp.h" #if CC_Duplicate // Conditional expansion of this file #include "Object_spt_fp.h" /*(See part 3 specification) // Duplicate a loaded object */ // Return Type: TPM_RC // TPM_RC_ATTRIBUTES key to duplicate has 'fixedParent' SET // TPM_RC_HASH for an RSA key, the nameAlg digest size for the // newParent is not compatible with the key size // TPM_RC_HIERARCHY 'encryptedDuplication' is SET and 'newParentHandle' // specifies Null Hierarchy // TPM_RC_KEY 'newParentHandle' references invalid ECC key (public // point not on the curve) // TPM_RC_SIZE input encryption key size does not match the // size specified in symmetric algorithm // TPM_RC_SYMMETRIC 'encryptedDuplication' is SET but no symmetric // algorithm is provided // TPM_RC_TYPE 'newParentHandle' is neither a storage key nor // TPM_RH_NULL; or the object has a NULL nameAlg // TPM_RC_VALUE for an RSA newParent, the sizes of the digest and // the encryption key are too large to be OAEP encoded TPM_RC TPM2_Duplicate( Duplicate_In *in, // IN: input parameter list Duplicate_Out *out // OUT: output parameter list ) { TPM_RC result = TPM_RC_SUCCESS; TPMT_SENSITIVE sensitive; UINT16 innerKeySize = 0; // encrypt key size for inner wrap OBJECT *object; OBJECT *newParent; TPM2B_DATA data; // Input Validation // Get duplicate object pointer object = HandleToObject(in->objectHandle); // Get new parent newParent = HandleToObject(in->newParentHandle); // duplicate key must have fixParent bit CLEAR. if(IS_ATTRIBUTE(object->publicArea.objectAttributes, TPMA_OBJECT, fixedParent)) return TPM_RCS_ATTRIBUTES + RC_Duplicate_objectHandle; // Do not duplicate object with NULL nameAlg if(object->publicArea.nameAlg == TPM_ALG_NULL) return TPM_RCS_TYPE + RC_Duplicate_objectHandle; // new parent key must be a storage object or TPM_RH_NULL if(in->newParentHandle != TPM_RH_NULL && !ObjectIsStorage(in->newParentHandle)) return TPM_RCS_TYPE + RC_Duplicate_newParentHandle; // If the duplicated object has encryptedDuplication SET, then there must be // an inner wrapper and the new parent may not be TPM_RH_NULL if(IS_ATTRIBUTE(object->publicArea.objectAttributes, TPMA_OBJECT, encryptedDuplication)) { if(in->symmetricAlg.algorithm == TPM_ALG_NULL) return TPM_RCS_SYMMETRIC + RC_Duplicate_symmetricAlg; if(in->newParentHandle == TPM_RH_NULL) return TPM_RCS_HIERARCHY + RC_Duplicate_newParentHandle; } if(in->symmetricAlg.algorithm == TPM_ALG_NULL) { // if algorithm is TPM_ALG_NULL, input key size must be 0 if(in->encryptionKeyIn.t.size != 0) return TPM_RCS_SIZE + RC_Duplicate_encryptionKeyIn; } else { // Get inner wrap key size innerKeySize = in->symmetricAlg.keyBits.sym; // If provided the input symmetric key must match the size of the algorithm if(in->encryptionKeyIn.t.size != 0 && in->encryptionKeyIn.t.size != (innerKeySize + 7) / 8) return TPM_RCS_SIZE + RC_Duplicate_encryptionKeyIn; } // Command Output if(in->newParentHandle != TPM_RH_NULL) { // Make encrypt key and its associated secret structure. A TPM_RC_KEY // error may be returned at this point out->outSymSeed.t.size = sizeof(out->outSymSeed.t.secret); result = CryptSecretEncrypt(newParent, DUPLICATE_STRING, &data, &out->outSymSeed); if(result != TPM_RC_SUCCESS) return result; } else { // Do not apply outer wrapper data.t.size = 0; out->outSymSeed.t.size = 0; } // Copy sensitive area sensitive = object->sensitive; // Prepare output private data from sensitive. // Note: If there is no encryption key, one will be provided by // SensitiveToDuplicate(). This is why the assignment of encryptionKeyIn to // encryptionKeyOut will work properly and is not conditional. SensitiveToDuplicate(&sensitive, &object->name.b, newParent, object->publicArea.nameAlg, &data.b, &in->symmetricAlg, &in->encryptionKeyIn, &out->duplicate); out->encryptionKeyOut = in->encryptionKeyIn; return TPM_RC_SUCCESS; } #endif // CC_Duplicatego-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Duplication/Import.c000066400000000000000000000251171510276467000303100ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "Import_fp.h" #if CC_Import // Conditional expansion of this file #include "Object_spt_fp.h" /*(See part 3 specification) // This command allows an asymmetrically encrypted blob, containing a duplicated // object to be re-encrypted using the group symmetric key associated with the // parent. */ // Return Type: TPM_RC // TPM_RC_ATTRIBUTES 'FixedTPM' and 'fixedParent' of 'objectPublic' are not // both CLEAR; or 'inSymSeed' is nonempty and // 'parentHandle' does not reference a decryption key; or // 'objectPublic' and 'parentHandle' have incompatible // or inconsistent attributes; or // encrytpedDuplication is SET in 'objectPublic' but the // inner or outer wrapper is missing. // Note that if the TPM provides parameter values, the // parameter number will indicate 'symmetricKey' (missing // inner wrapper) or 'inSymSeed' (missing outer wrapper) // TPM_RC_BINDING 'duplicate' and 'objectPublic' are not // cryptographically bound // TPM_RC_ECC_POINT 'inSymSeed' is nonempty and ECC point in 'inSymSeed' // is not on the curve // TPM_RC_HASH 'objectPublic' does not have a valid nameAlg // TPM_RC_INSUFFICIENT 'inSymSeed' is nonempty and failed to retrieve ECC // point from the secret; or unmarshaling sensitive value // from 'duplicate' failed the result of 'inSymSeed' // decryption // TPM_RC_INTEGRITY 'duplicate' integrity is broken // TPM_RC_KDF 'objectPublic' representing decrypting keyed hash // object specifies invalid KDF // TPM_RC_KEY inconsistent parameters of 'objectPublic'; or // 'inSymSeed' is nonempty and 'parentHandle' does not // reference a key of supported type; or // invalid key size in 'objectPublic' representing an // asymmetric key // TPM_RC_NO_RESULT 'inSymSeed' is nonempty and multiplication resulted in // ECC point at infinity // TPM_RC_OBJECT_MEMORY no available object slot // TPM_RC_SCHEME inconsistent attributes 'decrypt', 'sign', // 'restricted' and key's scheme ID in 'objectPublic'; // or hash algorithm is inconsistent with the scheme ID // for keyed hash object // TPM_RC_SIZE 'authPolicy' size does not match digest size of the // name algorithm in 'objectPublic'; or // 'symmetricAlg' and 'encryptionKey' have different // sizes; or // 'inSymSeed' is nonempty and it size is not // consistent with the type of 'parentHandle'; or // unmarshaling sensitive value from 'duplicate' failed // TPM_RC_SYMMETRIC 'objectPublic' is either a storage key with no // symmetric algorithm or a non-storage key with // symmetric algorithm different from TPM_ALG_NULL // TPM_RC_TYPE unsupported type of 'objectPublic'; or // 'parentHandle' is not a storage key; or // only the public portion of 'parentHandle' is loaded; // or 'objectPublic' and 'duplicate' are of different // types // TPM_RC_VALUE nonempty 'inSymSeed' and its numeric value is // greater than the modulus of the key referenced by // 'parentHandle' or 'inSymSeed' is larger than the // size of the digest produced by the name algorithm of // the symmetric key referenced by 'parentHandle' TPM_RC TPM2_Import( Import_In *in, // IN: input parameter list Import_Out *out // OUT: output parameter list ) { TPM_RC result = TPM_RC_SUCCESS; OBJECT *parentObject; TPM2B_DATA data; // symmetric key TPMT_SENSITIVE sensitive; TPM2B_NAME name; TPMA_OBJECT attributes; UINT16 innerKeySize = 0; // encrypt key size for inner // wrapper // Input Validation // to save typing attributes = in->objectPublic.publicArea.objectAttributes; // FixedTPM and fixedParent must be CLEAR if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedTPM) || IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedParent)) return TPM_RCS_ATTRIBUTES + RC_Import_objectPublic; // Get parent pointer parentObject = HandleToObject(in->parentHandle); if(!ObjectIsParent(parentObject)) return TPM_RCS_TYPE + RC_Import_parentHandle; if(in->symmetricAlg.algorithm != TPM_ALG_NULL) { // Get inner wrap key size innerKeySize = in->symmetricAlg.keyBits.sym; // Input symmetric key must match the size of algorithm. if(in->encryptionKey.t.size != (innerKeySize + 7) / 8) return TPM_RCS_SIZE + RC_Import_encryptionKey; } else { // If input symmetric algorithm is NULL, input symmetric key size must // be 0 as well if(in->encryptionKey.t.size != 0) return TPM_RCS_SIZE + RC_Import_encryptionKey; // If encryptedDuplication is SET, then the object must have an inner // wrapper if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, encryptedDuplication)) return TPM_RCS_ATTRIBUTES + RC_Import_encryptionKey; } // See if there is an outer wrapper if(in->inSymSeed.t.size != 0) { // in->inParentHandle is a parent, but in order to decrypt an outer wrapper, // it must be able to do key exchange and a symmetric key can't do that. if(parentObject->publicArea.type == TPM_ALG_SYMCIPHER) return TPM_RCS_TYPE + RC_Import_parentHandle; // Decrypt input secret data via asymmetric decryption. TPM_RC_ATTRIBUTES, // TPM_RC_ECC_POINT, TPM_RC_INSUFFICIENT, TPM_RC_KEY, TPM_RC_NO_RESULT, // TPM_RC_SIZE, TPM_RC_VALUE may be returned at this point result = CryptSecretDecrypt(parentObject, NULL, DUPLICATE_STRING, &in->inSymSeed, &data); pAssert(result != TPM_RC_BINDING); if(result != TPM_RC_SUCCESS) return RcSafeAddToResult(result, RC_Import_inSymSeed); } else { // If encrytpedDuplication is set, then the object must have an outer // wrapper if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, encryptedDuplication)) return TPM_RCS_ATTRIBUTES + RC_Import_inSymSeed; data.t.size = 0; } // Compute name of object PublicMarshalAndComputeName(&(in->objectPublic.publicArea), &name); if(name.t.size == 0) return TPM_RCS_HASH + RC_Import_objectPublic; // Retrieve sensitive from private. // TPM_RC_INSUFFICIENT, TPM_RC_INTEGRITY, TPM_RC_SIZE may be returned here. result = DuplicateToSensitive(&in->duplicate.b, &name.b, parentObject, in->objectPublic.publicArea.nameAlg, &data.b, &in->symmetricAlg, &in->encryptionKey.b, &sensitive); if(result != TPM_RC_SUCCESS) return RcSafeAddToResult(result, RC_Import_duplicate); // If the parent of this object has fixedTPM SET, then validate this // object as if it were being loaded so that validation can be skipped // when it is actually loaded. if(IS_ATTRIBUTE(parentObject->publicArea.objectAttributes, TPMA_OBJECT, fixedTPM)) { result = ObjectLoad(NULL, NULL, &in->objectPublic.publicArea, &sensitive, RC_Import_objectPublic, RC_Import_duplicate, NULL); } // Command output if(result == TPM_RC_SUCCESS) { // Prepare output private data from sensitive SensitiveToPrivate(&sensitive, &name, parentObject, in->objectPublic.publicArea.nameAlg, &out->outPrivate); } return result; } #endif // CC_Importgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Duplication/Rewrap.c000066400000000000000000000172121510276467000302730ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "Rewrap_fp.h" #if CC_Rewrap // Conditional expansion of this file #include "Object_spt_fp.h" /*(See part 3 specification) // This command allows the TPM to serve in the role as an MA. */ // Return Type: TPM_RC // TPM_RC_ATTRIBUTES 'newParent' is not a decryption key // TPM_RC_HANDLE 'oldParent' does not consistent with inSymSeed // TPM_RC_INTEGRITY the integrity check of 'inDuplicate' failed // TPM_RC_KEY for an ECC key, the public key is not on the curve // of the curve ID // TPM_RC_KEY_SIZE the decrypted input symmetric key size // does not matches the symmetric algorithm // key size of 'oldParent' // TPM_RC_TYPE 'oldParent' is not a storage key, or 'newParent // is not a storage key // TPM_RC_VALUE for an 'oldParent; RSA key, the data to be decrypted // is greater than the public exponent // Unmarshal errors errors during unmarshaling the input // encrypted buffer to a ECC public key, or // unmarshal the private buffer to sensitive TPM_RC TPM2_Rewrap( Rewrap_In *in, // IN: input parameter list Rewrap_Out *out // OUT: output parameter list ) { TPM_RC result = TPM_RC_SUCCESS; TPM2B_DATA data; // symmetric key UINT16 hashSize = 0; TPM2B_PRIVATE privateBlob; // A temporary private blob // to transit between old // and new wrappers // Input Validation if((in->inSymSeed.t.size == 0 && in->oldParent != TPM_RH_NULL) || (in->inSymSeed.t.size != 0 && in->oldParent == TPM_RH_NULL)) return TPM_RCS_HANDLE + RC_Rewrap_oldParent; if(in->oldParent != TPM_RH_NULL) { OBJECT *oldParent = HandleToObject(in->oldParent); // old parent key must be a storage object if(!ObjectIsStorage(in->oldParent)) return TPM_RCS_TYPE + RC_Rewrap_oldParent; // Decrypt input secret data via asymmetric decryption. A // TPM_RC_VALUE, TPM_RC_KEY or unmarshal errors may be returned at this // point result = CryptSecretDecrypt(oldParent, NULL, DUPLICATE_STRING, &in->inSymSeed, &data); if(result != TPM_RC_SUCCESS) return TPM_RCS_VALUE + RC_Rewrap_inSymSeed; // Unwrap Outer result = UnwrapOuter(oldParent, &in->name.b, oldParent->publicArea.nameAlg, &data.b, FALSE, in->inDuplicate.t.size, in->inDuplicate.t.buffer); if(result != TPM_RC_SUCCESS) return RcSafeAddToResult(result, RC_Rewrap_inDuplicate); // Copy unwrapped data to temporary variable, remove the integrity field hashSize = sizeof(UINT16) + CryptHashGetDigestSize(oldParent->publicArea.nameAlg); privateBlob.t.size = in->inDuplicate.t.size - hashSize; pAssert(privateBlob.t.size <= sizeof(privateBlob.t.buffer)); MemoryCopy(privateBlob.t.buffer, in->inDuplicate.t.buffer + hashSize, privateBlob.t.size); } else { // No outer wrap from input blob. Direct copy. privateBlob = in->inDuplicate; } if(in->newParent != TPM_RH_NULL) { OBJECT *newParent; newParent = HandleToObject(in->newParent); // New parent must be a storage object if(!ObjectIsStorage(in->newParent)) return TPM_RCS_TYPE + RC_Rewrap_newParent; // Make new encrypt key and its associated secret structure. A // TPM_RC_VALUE error may be returned at this point if RSA algorithm is // enabled in TPM out->outSymSeed.t.size = sizeof(out->outSymSeed.t.secret); result = CryptSecretEncrypt(newParent, DUPLICATE_STRING, &data, &out->outSymSeed); if(result != TPM_RC_SUCCESS) return result; // Copy temporary variable to output, reserve the space for integrity hashSize = sizeof(UINT16) + CryptHashGetDigestSize(newParent->publicArea.nameAlg); // Make sure that everything fits into the output buffer // Note: this is mostly only an issue if there was no outer wrapper on // 'inDuplicate'. It could be as large as a TPM2B_PRIVATE buffer. If we add // a digest for an outer wrapper, it won't fit anymore. if((privateBlob.t.size + hashSize) > sizeof(out->outDuplicate.t.buffer)) return TPM_RCS_VALUE + RC_Rewrap_inDuplicate; // Command output out->outDuplicate.t.size = privateBlob.t.size; pAssert(privateBlob.t.size <= sizeof(out->outDuplicate.t.buffer) - hashSize); MemoryCopy(out->outDuplicate.t.buffer + hashSize, privateBlob.t.buffer, privateBlob.t.size); // Produce outer wrapper for output out->outDuplicate.t.size = ProduceOuterWrap(newParent, &in->name.b, newParent->publicArea.nameAlg, &data.b, FALSE, out->outDuplicate.t.size, out->outDuplicate.t.buffer); } else // New parent is a null key so there is no seed { out->outSymSeed.t.size = 0; // Copy privateBlob directly out->outDuplicate = privateBlob; } return TPM_RC_SUCCESS; } #endif // CC_Rewrapgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/000077500000000000000000000000001510276467000246765ustar00rootroot00000000000000go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyAuthValue.c000066400000000000000000000060221510276467000301200ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "PolicyAuthValue_fp.h" #if CC_PolicyAuthValue // Conditional expansion of this file #include "Policy_spt_fp.h" /*(See part 3 specification) // allows a policy to be bound to the authorization value of the authorized // object */ TPM_RC TPM2_PolicyAuthValue( PolicyAuthValue_In *in // IN: input parameter list ) { SESSION *session; TPM_CC commandCode = TPM_CC_PolicyAuthValue; HASH_STATE hashState; // Internal Data Update // Get pointer to the session structure session = SessionGet(in->policySession); // Update policy hash // policyDigestnew = hash(policyDigestold || TPM_CC_PolicyAuthValue) // Start hash CryptHashStart(&hashState, session->authHashAlg); // add old digest CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); // add commandCode CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode); // complete the hash and get the results CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); // update isAuthValueNeeded bit in the session context session->attributes.isAuthValueNeeded = SET; session->attributes.isPasswordNeeded = CLEAR; return TPM_RC_SUCCESS; } #endif // CC_PolicyAuthValuego-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyAuthorize.c000066400000000000000000000116211510276467000301750ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "PolicyAuthorize_fp.h" #if CC_PolicyAuthorize // Conditional expansion of this file #include "Policy_spt_fp.h" /*(See part 3 specification) // Change policy by a signature from authority */ // Return Type: TPM_RC // TPM_RC_HASH hash algorithm in 'keyName' is not supported // TPM_RC_SIZE 'keyName' is not the correct size for its hash algorithm // TPM_RC_VALUE the current policyDigest of 'policySession' does not // match 'approvedPolicy'; or 'checkTicket' doesn't match // the provided values TPM_RC TPM2_PolicyAuthorize( PolicyAuthorize_In *in // IN: input parameter list ) { SESSION *session; TPM2B_DIGEST authHash; HASH_STATE hashState; TPMT_TK_VERIFIED ticket; TPM_ALG_ID hashAlg; UINT16 digestSize; // Input Validation // Get pointer to the session structure session = SessionGet(in->policySession); // Extract from the Name of the key, the algorithm used to compute it's Name hashAlg = BYTE_ARRAY_TO_UINT16(in->keySign.t.name); // 'keySign' parameter needs to use a supported hash algorithm, otherwise // can't tell how large the digest should be if(!CryptHashIsValidAlg(hashAlg, FALSE)) return TPM_RCS_HASH + RC_PolicyAuthorize_keySign; digestSize = CryptHashGetDigestSize(hashAlg); if(digestSize != (in->keySign.t.size - 2)) return TPM_RCS_SIZE + RC_PolicyAuthorize_keySign; //If this is a trial policy, skip all validations if(session->attributes.isTrialPolicy == CLEAR) { // Check that "approvedPolicy" matches the current value of the // policyDigest in policy session if(!MemoryEqual2B(&session->u2.policyDigest.b, &in->approvedPolicy.b)) return TPM_RCS_VALUE + RC_PolicyAuthorize_approvedPolicy; // Validate ticket TPMT_TK_VERIFIED // Compute aHash. The authorizing object sign a digest // aHash := hash(approvedPolicy || policyRef). // Start hash authHash.t.size = CryptHashStart(&hashState, hashAlg); // add approvedPolicy CryptDigestUpdate2B(&hashState, &in->approvedPolicy.b); // add policyRef CryptDigestUpdate2B(&hashState, &in->policyRef.b); // complete hash CryptHashEnd2B(&hashState, &authHash.b); // re-compute TPMT_TK_VERIFIED TicketComputeVerified(in->checkTicket.hierarchy, &authHash, &in->keySign, &ticket); // Compare ticket digest. If not match, return error if(!MemoryEqual2B(&in->checkTicket.digest.b, &ticket.digest.b)) return TPM_RCS_VALUE + RC_PolicyAuthorize_checkTicket; } // Internal Data Update // Set policyDigest to zero digest PolicyDigestClear(session); // Update policyDigest PolicyContextUpdate(TPM_CC_PolicyAuthorize, &in->keySign, &in->policyRef, NULL, 0, session); return TPM_RC_SUCCESS; } #endif // CC_PolicyAuthorizego-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyAuthorizeNV.c000066400000000000000000000116131510276467000304420ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #if CC_PolicyAuthorizeNV // Conditional expansion of this file #include "PolicyAuthorizeNV_fp.h" #include "Policy_spt_fp.h" /*(See part 3 specification) // Change policy by a signature from authority */ // Return Type: TPM_RC // TPM_RC_HASH hash algorithm in 'keyName' is not supported or is not // the same as the hash algorithm of the policy session // TPM_RC_SIZE 'keyName' is not the correct size for its hash algorithm // TPM_RC_VALUE the current policyDigest of 'policySession' does not // match 'approvedPolicy'; or 'checkTicket' doesn't match // the provided values TPM_RC TPM2_PolicyAuthorizeNV( PolicyAuthorizeNV_In *in ) { SESSION *session; TPM_RC result; NV_REF locator; NV_INDEX *nvIndex = NvGetIndexInfo(in->nvIndex, &locator); TPM2B_NAME name; TPMT_HA policyInNv; BYTE nvTemp[sizeof(TPMT_HA)]; BYTE *buffer = nvTemp; INT32 size; // Input Validation // Get pointer to the session structure session = SessionGet(in->policySession); // Skip checks if this is a trial policy if(!session->attributes.isTrialPolicy) { // Check the authorizations for reading // Common read access checks. NvReadAccessChecks() returns // TPM_RC_NV_AUTHORIZATION, TPM_RC_NV_LOCKED, or TPM_RC_NV_UNINITIALIZED // error may be returned at this point result = NvReadAccessChecks(in->authHandle, in->nvIndex, nvIndex->publicArea.attributes); if(result != TPM_RC_SUCCESS) return result; // Read the contents of the index into a temp buffer size = MIN(nvIndex->publicArea.dataSize, sizeof(TPMT_HA)); NvGetIndexData(nvIndex, locator, 0, (UINT16)size, nvTemp); // Unmarshal the contents of the buffer into the internal format of a // TPMT_HA so that the hash and digest elements can be accessed from the // structure rather than the byte array that is in the Index (written by // user of the Index). result = TPMT_HA_Unmarshal(&policyInNv, &buffer, &size, FALSE); if(result != TPM_RC_SUCCESS) return result; // Verify that the hash is the same if(policyInNv.hashAlg != session->authHashAlg) return TPM_RC_HASH; // See if the contents of the digest in the Index matches the value // in the policy if(!MemoryEqual(&policyInNv.digest, &session->u2.policyDigest.t.buffer, session->u2.policyDigest.t.size)) return TPM_RC_VALUE; } // Internal Data Update // Set policyDigest to zero digest PolicyDigestClear(session); // Update policyDigest PolicyContextUpdate(TPM_CC_PolicyAuthorizeNV, EntityGetName(in->nvIndex, &name), NULL, NULL, 0, session); return TPM_RC_SUCCESS; } #endif // CC_PolicyAuthorizego-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyCommandCode.c000066400000000000000000000066551510276467000304070ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "PolicyCommandCode_fp.h" #if CC_PolicyCommandCode // Conditional expansion of this file /*(See part 3 specification) // Add a Command Code restriction to the policyDigest */ // Return Type: TPM_RC // TPM_RC_VALUE 'commandCode' of 'policySession' previously set to // a different value TPM_RC TPM2_PolicyCommandCode( PolicyCommandCode_In *in // IN: input parameter list ) { SESSION *session; TPM_CC commandCode = TPM_CC_PolicyCommandCode; HASH_STATE hashState; // Input validation // Get pointer to the session structure session = SessionGet(in->policySession); if(session->commandCode != 0 && session->commandCode != in->code) return TPM_RCS_VALUE + RC_PolicyCommandCode_code; if(CommandCodeToCommandIndex(in->code) == UNIMPLEMENTED_COMMAND_INDEX) return TPM_RCS_POLICY_CC + RC_PolicyCommandCode_code; // Internal Data Update // Update policy hash // policyDigestnew = hash(policyDigestold || TPM_CC_PolicyCommandCode || code) // Start hash CryptHashStart(&hashState, session->authHashAlg); // add old digest CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); // add commandCode CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode); // add input commandCode CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), in->code); // complete the hash and get the results CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); // update commandCode value in session context session->commandCode = in->code; return TPM_RC_SUCCESS; } #endif // CC_PolicyCommandCodego-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyCounterTimer.c000066400000000000000000000125551510276467000306520ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "PolicyCounterTimer_fp.h" #if CC_PolicyCounterTimer // Conditional expansion of this file #include "Policy_spt_fp.h" /*(See part 3 specification) // Add a conditional gating of a policy based on the contents of the // TPMS_TIME_INFO structure. */ // Return Type: TPM_RC // TPM_RC_POLICY the comparison of the selected portion of the // TPMS_TIME_INFO with 'operandB' failed // TPM_RC_RANGE 'offset' + 'size' exceed size of TPMS_TIME_INFO // structure TPM_RC TPM2_PolicyCounterTimer( PolicyCounterTimer_In *in // IN: input parameter list ) { SESSION *session; TIME_INFO infoData; // data buffer of TPMS_TIME_INFO BYTE *pInfoData = (BYTE *)&infoData; UINT16 infoDataSize; TPM_CC commandCode = TPM_CC_PolicyCounterTimer; HASH_STATE hashState; TPM2B_DIGEST argHash; // Input Validation // Get a marshaled time structure infoDataSize = TimeGetMarshaled(&infoData); // Make sure that the referenced stays within the bounds of the structure. // NOTE: the offset checks are made even for a trial policy because the policy // will not make any sense if the references are out of bounds of the timer // structure. if(in->offset > infoDataSize) return TPM_RCS_VALUE + RC_PolicyCounterTimer_offset; if((UINT32)in->offset + (UINT32)in->operandB.t.size > infoDataSize) return TPM_RCS_RANGE; // Get pointer to the session structure session = SessionGet(in->policySession); //If this is a trial policy, skip the check to see if the condition is met. if(session->attributes.isTrialPolicy == CLEAR) { // If the command is going to use any part of the counter or timer, need // to verify that time is advancing. // The time and clock vales are the first two 64-bit values in the clock if(in->offset < sizeof(UINT64) + sizeof(UINT64)) { // Using Clock or Time so see if clock is running. Clock doesn't // run while NV is unavailable. // TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may be returned here. RETURN_IF_NV_IS_NOT_AVAILABLE; } // offset to the starting position pInfoData = (BYTE *)infoData; // Check to see if the condition is valid if(!PolicySptCheckCondition(in->operation, pInfoData + in->offset, in->operandB.t.buffer, in->operandB.t.size)) return TPM_RC_POLICY; } // Internal Data Update // Start argument list hash argHash.t.size = CryptHashStart(&hashState, session->authHashAlg); // add operandB CryptDigestUpdate2B(&hashState, &in->operandB.b); // add offset CryptDigestUpdateInt(&hashState, sizeof(UINT16), in->offset); // add operation CryptDigestUpdateInt(&hashState, sizeof(TPM_EO), in->operation); // complete argument hash CryptHashEnd2B(&hashState, &argHash.b); // update policyDigest // start hash CryptHashStart(&hashState, session->authHashAlg); // add old digest CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); // add commandCode CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode); // add argument digest CryptDigestUpdate2B(&hashState, &argHash.b); // complete the digest CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); return TPM_RC_SUCCESS; } #endif // CC_PolicyCounterTimergo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyCpHash.c000066400000000000000000000077321510276467000274010ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "PolicyCpHash_fp.h" #if CC_PolicyCpHash // Conditional expansion of this file /*(See part 3 specification) // Add a cpHash restriction to the policyDigest */ // Return Type: TPM_RC // TPM_RC_CPHASH cpHash of 'policySession' has previously been set // to a different value // TPM_RC_SIZE 'cpHashA' is not the size of a digest produced // by the hash algorithm associated with // 'policySession' TPM_RC TPM2_PolicyCpHash( PolicyCpHash_In *in // IN: input parameter list ) { SESSION *session; TPM_CC commandCode = TPM_CC_PolicyCpHash; HASH_STATE hashState; // Input Validation // Get pointer to the session structure session = SessionGet(in->policySession); // A valid cpHash must have the same size as session hash digest // NOTE: the size of the digest can't be zero because TPM_ALG_NULL // can't be used for the authHashAlg. if(in->cpHashA.t.size != CryptHashGetDigestSize(session->authHashAlg)) return TPM_RCS_SIZE + RC_PolicyCpHash_cpHashA; // error if the cpHash in session context is not empty and is not the same // as the input or is not a cpHash if((session->u1.cpHash.t.size != 0) && (!session->attributes.isCpHashDefined || !MemoryEqual2B(&in->cpHashA.b, &session->u1.cpHash.b))) return TPM_RC_CPHASH; // Internal Data Update // Update policy hash // policyDigestnew = hash(policyDigestold || TPM_CC_PolicyCpHash || cpHashA) // Start hash CryptHashStart(&hashState, session->authHashAlg); // add old digest CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); // add commandCode CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode); // add cpHashA CryptDigestUpdate2B(&hashState, &in->cpHashA.b); // complete the digest and get the results CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); // update cpHash in session context session->u1.cpHash = in->cpHashA; session->attributes.isCpHashDefined = SET; return TPM_RC_SUCCESS; } #endif // CC_PolicyCpHashgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyDuplicationSelect.c000066400000000000000000000102411510276467000316330ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "PolicyDuplicationSelect_fp.h" #if CC_PolicyDuplicationSelect // Conditional expansion of this file /*(See part 3 specification) // allows qualification of duplication so that it a specific new parent may be // selected or a new parent selected for a specific object. */ // Return Type: TPM_RC // TPM_RC_COMMAND_CODE 'commandCode' of 'policySession; is not empty // TPM_RC_CPHASH 'cpHash' of 'policySession' is not empty TPM_RC TPM2_PolicyDuplicationSelect( PolicyDuplicationSelect_In *in // IN: input parameter list ) { SESSION *session; HASH_STATE hashState; TPM_CC commandCode = TPM_CC_PolicyDuplicationSelect; // Input Validation // Get pointer to the session structure session = SessionGet(in->policySession); // cpHash in session context must be empty if(session->u1.cpHash.t.size != 0) return TPM_RC_CPHASH; // commandCode in session context must be empty if(session->commandCode != 0) return TPM_RC_COMMAND_CODE; // Internal Data Update // Update name hash session->u1.cpHash.t.size = CryptHashStart(&hashState, session->authHashAlg); // add objectName CryptDigestUpdate2B(&hashState, &in->objectName.b); // add new parent name CryptDigestUpdate2B(&hashState, &in->newParentName.b); // complete hash CryptHashEnd2B(&hashState, &session->u1.cpHash.b); // update policy hash // Old policyDigest size should be the same as the new policyDigest size since // they are using the same hash algorithm session->u2.policyDigest.t.size = CryptHashStart(&hashState, session->authHashAlg); // add old policy CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); // add command code CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode); // add objectName if(in->includeObject == YES) CryptDigestUpdate2B(&hashState, &in->objectName.b); // add new parent name CryptDigestUpdate2B(&hashState, &in->newParentName.b); // add includeObject CryptDigestUpdateInt(&hashState, sizeof(TPMI_YES_NO), in->includeObject); // complete digest CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); // set commandCode in session context session->commandCode = TPM_CC_Duplicate; return TPM_RC_SUCCESS; } #endif // CC_PolicyDuplicationSelectgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyGetDigest.c000066400000000000000000000045401510276467000301040ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "PolicyGetDigest_fp.h" #if CC_PolicyGetDigest // Conditional expansion of this file /*(See part 3 specification) // returns the current policyDigest of the session */ TPM_RC TPM2_PolicyGetDigest( PolicyGetDigest_In *in, // IN: input parameter list PolicyGetDigest_Out *out // OUT: output parameter list ) { SESSION *session; // Command Output // Get pointer to the session structure session = SessionGet(in->policySession); out->policyDigest = session->u2.policyDigest; return TPM_RC_SUCCESS; } #endif // CC_PolicyGetDigestgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyLocality.c000066400000000000000000000124351510276467000300070ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "PolicyLocality_fp.h" #if CC_PolicyLocality // Conditional expansion of this file // Return Type: TPM_RC // TPM_RC_RANGE all the locality values selected by // 'locality' have been disabled // by previous TPM2_PolicyLocality() calls. TPM_RC TPM2_PolicyLocality( PolicyLocality_In *in // IN: input parameter list ) { SESSION *session; BYTE marshalBuffer[sizeof(TPMA_LOCALITY)]; BYTE prevSetting[sizeof(TPMA_LOCALITY)]; UINT32 marshalSize; BYTE *buffer; TPM_CC commandCode = TPM_CC_PolicyLocality; HASH_STATE hashState; // Input Validation // Get pointer to the session structure session = SessionGet(in->policySession); // Get new locality setting in canonical form marshalBuffer[0] = 0; // Code analysis says that this is not initialized buffer = marshalBuffer; marshalSize = TPMA_LOCALITY_Marshal(&in->locality, &buffer, NULL); // Its an error if the locality parameter is zero if(marshalBuffer[0] == 0) return TPM_RCS_RANGE + RC_PolicyLocality_locality; // Get existing locality setting in canonical form prevSetting[0] = 0; // Code analysis says that this is not initialized buffer = prevSetting; TPMA_LOCALITY_Marshal(&session->commandLocality, &buffer, NULL); // If the locality has previously been set if(prevSetting[0] != 0 // then the current locality setting and the requested have to be the same // type (that is, either both normal or both extended && ((prevSetting[0] < 32) != (marshalBuffer[0] < 32))) return TPM_RCS_RANGE + RC_PolicyLocality_locality; // See if the input is a regular or extended locality if(marshalBuffer[0] < 32) { // if there was no previous setting, start with all normal localities // enabled if(prevSetting[0] == 0) prevSetting[0] = 0x1F; // AND the new setting with the previous setting and store it in prevSetting prevSetting[0] &= marshalBuffer[0]; // The result setting can not be 0 if(prevSetting[0] == 0) return TPM_RCS_RANGE + RC_PolicyLocality_locality; } else { // for extended locality // if the locality has already been set, then it must match the if(prevSetting[0] != 0 && prevSetting[0] != marshalBuffer[0]) return TPM_RCS_RANGE + RC_PolicyLocality_locality; // Setting is OK prevSetting[0] = marshalBuffer[0]; } // Internal Data Update // Update policy hash // policyDigestnew = hash(policyDigestold || TPM_CC_PolicyLocality || locality) // Start hash CryptHashStart(&hashState, session->authHashAlg); // add old digest CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); // add commandCode CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode); // add input locality CryptDigestUpdate(&hashState, marshalSize, marshalBuffer); // complete the digest CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); // update session locality by unmarshal function. The function must succeed // because both input and existing locality setting have been validated. buffer = prevSetting; TPMA_LOCALITY_Unmarshal(&session->commandLocality, &buffer, (INT32 *)&marshalSize); return TPM_RC_SUCCESS; } #endif // CC_PolicyLocalitygo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyNV.c000066400000000000000000000127651510276467000265600ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "PolicyNV_fp.h" #if CC_PolicyNV // Conditional expansion of this file #include "Policy_spt_fp.h" /*(See part 3 specification) // Do comparison to NV location */ // Return Type: TPM_RC // TPM_RC_AUTH_TYPE NV index authorization type is not correct // TPM_RC_NV_LOCKED NV index read locked // TPM_RC_NV_UNINITIALIZED the NV index has not been initialized // TPM_RC_POLICY the comparison to the NV contents failed // TPM_RC_SIZE the size of 'nvIndex' data starting at 'offset' // is less than the size of 'operandB' // TPM_RC_VALUE 'offset' is too large TPM_RC TPM2_PolicyNV( PolicyNV_In *in // IN: input parameter list ) { TPM_RC result; SESSION *session; NV_REF locator; NV_INDEX *nvIndex; BYTE nvBuffer[sizeof(in->operandB.t.buffer)]; TPM2B_NAME nvName; TPM_CC commandCode = TPM_CC_PolicyNV; HASH_STATE hashState; TPM2B_DIGEST argHash; // Input Validation // Get pointer to the session structure session = SessionGet(in->policySession); //If this is a trial policy, skip all validations and the operation if(session->attributes.isTrialPolicy == CLEAR) { // No need to access the actual NV index information for a trial policy. nvIndex = NvGetIndexInfo(in->nvIndex, &locator); // Common read access checks. NvReadAccessChecks() may return // TPM_RC_NV_AUTHORIZATION, TPM_RC_NV_LOCKED, or TPM_RC_NV_UNINITIALIZED result = NvReadAccessChecks(in->authHandle, in->nvIndex, nvIndex->publicArea.attributes); if(result != TPM_RC_SUCCESS) return result; // Make sure that offset is withing range if(in->offset > nvIndex->publicArea.dataSize) return TPM_RCS_VALUE + RC_PolicyNV_offset; // Valid NV data size should not be smaller than input operandB size if((nvIndex->publicArea.dataSize - in->offset) < in->operandB.t.size) return TPM_RCS_SIZE + RC_PolicyNV_operandB; // Get NV data. The size of NV data equals the input operand B size NvGetIndexData(nvIndex, locator, in->offset, in->operandB.t.size, nvBuffer); // Check to see if the condition is valid if(!PolicySptCheckCondition(in->operation, nvBuffer, in->operandB.t.buffer, in->operandB.t.size)) return TPM_RC_POLICY; } // Internal Data Update // Start argument hash argHash.t.size = CryptHashStart(&hashState, session->authHashAlg); // add operandB CryptDigestUpdate2B(&hashState, &in->operandB.b); // add offset CryptDigestUpdateInt(&hashState, sizeof(UINT16), in->offset); // add operation CryptDigestUpdateInt(&hashState, sizeof(TPM_EO), in->operation); // complete argument digest CryptHashEnd2B(&hashState, &argHash.b); // Update policyDigest // Start digest CryptHashStart(&hashState, session->authHashAlg); // add old digest CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); // add commandCode CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode); // add argument digest CryptDigestUpdate2B(&hashState, &argHash.b); // Adding nvName CryptDigestUpdate2B(&hashState, &EntityGetName(in->nvIndex, &nvName)->b); // complete the digest CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); return TPM_RC_SUCCESS; } #endif // CC_PolicyNVgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyNameHash.c000066400000000000000000000074721510276467000277200ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "PolicyNameHash_fp.h" #if CC_PolicyNameHash // Conditional expansion of this file /*(See part 3 specification) // Add a nameHash restriction to the policyDigest */ // Return Type: TPM_RC // TPM_RC_CPHASH 'nameHash' has been previously set to a different value // TPM_RC_SIZE 'nameHash' is not the size of the digest produced by the // hash algorithm associated with 'policySession' TPM_RC TPM2_PolicyNameHash( PolicyNameHash_In *in // IN: input parameter list ) { SESSION *session; TPM_CC commandCode = TPM_CC_PolicyNameHash; HASH_STATE hashState; // Input Validation // Get pointer to the session structure session = SessionGet(in->policySession); // A valid nameHash must have the same size as session hash digest // Since the authHashAlg for a session cannot be TPM_ALG_NULL, the digest size // is always non-zero. if(in->nameHash.t.size != CryptHashGetDigestSize(session->authHashAlg)) return TPM_RCS_SIZE + RC_PolicyNameHash_nameHash; // u1 in the policy session context cannot otherwise be occupied if(session->u1.cpHash.b.size != 0 || session->attributes.isBound || session->attributes.isCpHashDefined || session->attributes.isTemplateSet) return TPM_RC_CPHASH; // Internal Data Update // Update policy hash // policyDigestnew = hash(policyDigestold || TPM_CC_PolicyNameHash || nameHash) // Start hash CryptHashStart(&hashState, session->authHashAlg); // add old digest CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); // add commandCode CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode); // add nameHash CryptDigestUpdate2B(&hashState, &in->nameHash.b); // complete the digest CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); // update nameHash in session context session->u1.cpHash = in->nameHash; return TPM_RC_SUCCESS; } #endif // CC_PolicyNameHashgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyNvWritten.c000066400000000000000000000071721510276467000301710ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "PolicyNvWritten_fp.h" #if CC_PolicyNvWritten // Conditional expansion of this file // Make an NV Index policy dependent on the state of the TPMA_NV_WRITTEN // attribute of the index. // Return Type: TPM_RC // TPM_RC_VALUE a conflicting request for the attribute has // already been processed TPM_RC TPM2_PolicyNvWritten( PolicyNvWritten_In *in // IN: input parameter list ) { SESSION *session; TPM_CC commandCode = TPM_CC_PolicyNvWritten; HASH_STATE hashState; // Input Validation // Get pointer to the session structure session = SessionGet(in->policySession); // If already set is this a duplicate (the same setting)? If it // is a conflicting setting, it is an error if(session->attributes.checkNvWritten == SET) { if(((session->attributes.nvWrittenState == SET) != (in->writtenSet == YES))) return TPM_RCS_VALUE + RC_PolicyNvWritten_writtenSet; } // Internal Data Update // Set session attributes so that the NV Index needs to be checked session->attributes.checkNvWritten = SET; session->attributes.nvWrittenState = (in->writtenSet == YES); // Update policy hash // policyDigestnew = hash(policyDigestold || TPM_CC_PolicyNvWritten // || writtenSet) // Start hash CryptHashStart(&hashState, session->authHashAlg); // add old digest CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); // add commandCode CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode); // add the byte of writtenState CryptDigestUpdateInt(&hashState, sizeof(TPMI_YES_NO), in->writtenSet); // complete the digest CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); return TPM_RC_SUCCESS; } #endif // CC_PolicyNvWrittengo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyOR.c000066400000000000000000000074661510276467000265570ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "PolicyOR_fp.h" #if CC_PolicyOR // Conditional expansion of this file #include "Policy_spt_fp.h" /*(See part 3 specification) // PolicyOR command */ // Return Type: TPM_RC // TPM_RC_VALUE no digest in 'pHashList' matched the current // value of policyDigest for 'policySession' TPM_RC TPM2_PolicyOR( PolicyOR_In *in // IN: input parameter list ) { SESSION *session; UINT32 i; // Input Validation and Update // Get pointer to the session structure session = SessionGet(in->policySession); // Compare and Update Internal Session policy if match for(i = 0; i < in->pHashList.count; i++) { if(session->attributes.isTrialPolicy == SET || (MemoryEqual2B(&session->u2.policyDigest.b, &in->pHashList.digests[i].b))) { // Found a match HASH_STATE hashState; TPM_CC commandCode = TPM_CC_PolicyOR; // Start hash session->u2.policyDigest.t.size = CryptHashStart(&hashState, session->authHashAlg); // Set policyDigest to 0 string and add it to hash MemorySet(session->u2.policyDigest.t.buffer, 0, session->u2.policyDigest.t.size); CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); // add command code CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode); // Add each of the hashes in the list for(i = 0; i < in->pHashList.count; i++) { // Extend policyDigest CryptDigestUpdate2B(&hashState, &in->pHashList.digests[i].b); } // Complete digest CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); return TPM_RC_SUCCESS; } } // None of the values in the list matched the current policyDigest return TPM_RCS_VALUE + RC_PolicyOR_pHashList; } #endif // CC_PolicyORgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyPCR.c000066400000000000000000000112511510276467000266460ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "PolicyPCR_fp.h" #if CC_PolicyPCR // Conditional expansion of this file /*(See part 3 specification) // Add a PCR gate for a policy session */ // Return Type: TPM_RC // TPM_RC_VALUE if provided, 'pcrDigest' does not match the // current PCR settings // TPM_RC_PCR_CHANGED a previous TPM2_PolicyPCR() set // pcrCounter and it has changed TPM_RC TPM2_PolicyPCR( PolicyPCR_In *in // IN: input parameter list ) { SESSION *session; TPM2B_DIGEST pcrDigest; BYTE pcrs[sizeof(TPML_PCR_SELECTION)]; UINT32 pcrSize; BYTE *buffer; TPM_CC commandCode = TPM_CC_PolicyPCR; HASH_STATE hashState; // Input Validation // Get pointer to the session structure session = SessionGet(in->policySession); // Compute current PCR digest PCRComputeCurrentDigest(session->authHashAlg, &in->pcrs, &pcrDigest); // Do validation for non trial session if(session->attributes.isTrialPolicy == CLEAR) { // Make sure that this is not going to invalidate a previous PCR check if(session->pcrCounter != 0 && session->pcrCounter != gr.pcrCounter) return TPM_RC_PCR_CHANGED; // If the caller specified the PCR digest and it does not // match the current PCR settings, return an error.. if(in->pcrDigest.t.size != 0) { if(!MemoryEqual2B(&in->pcrDigest.b, &pcrDigest.b)) return TPM_RCS_VALUE + RC_PolicyPCR_pcrDigest; } } else { // For trial session, just use the input PCR digest if one provided // Note: It can't be too big because it is a TPM2B_DIGEST and the size // would have been checked during unmarshaling if(in->pcrDigest.t.size != 0) pcrDigest = in->pcrDigest; } // Internal Data Update // Update policy hash // policyDigestnew = hash( policyDigestold || TPM_CC_PolicyPCR // || PCRS || pcrDigest) // Start hash CryptHashStart(&hashState, session->authHashAlg); // add old digest CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); // add commandCode CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode); // add PCRS buffer = pcrs; pcrSize = TPML_PCR_SELECTION_Marshal(&in->pcrs, &buffer, NULL); CryptDigestUpdate(&hashState, pcrSize, pcrs); // add PCR digest CryptDigestUpdate2B(&hashState, &pcrDigest.b); // complete the hash and get the results CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); // update pcrCounter in session context for non trial session if(session->attributes.isTrialPolicy == CLEAR) { session->pcrCounter = gr.pcrCounter; } return TPM_RC_SUCCESS; } #endif // CC_PolicyPCRgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyPassword.c000066400000000000000000000057441510276467000300360ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "PolicyPassword_fp.h" #if CC_PolicyPassword // Conditional expansion of this file #include "Policy_spt_fp.h" /*(See part 3 specification) // allows a policy to be bound to the authorization value of the authorized // object */ TPM_RC TPM2_PolicyPassword( PolicyPassword_In *in // IN: input parameter list ) { SESSION *session; TPM_CC commandCode = TPM_CC_PolicyAuthValue; HASH_STATE hashState; // Internal Data Update // Get pointer to the session structure session = SessionGet(in->policySession); // Update policy hash // policyDigestnew = hash(policyDigestold || TPM_CC_PolicyAuthValue) // Start hash CryptHashStart(&hashState, session->authHashAlg); // add old digest CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); // add commandCode CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode); // complete the digest CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); // Update isPasswordNeeded bit session->attributes.isPasswordNeeded = SET; session->attributes.isAuthValueNeeded = CLEAR; return TPM_RC_SUCCESS; } #endif // CC_PolicyPasswordgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyPhysicalPresence.c000066400000000000000000000056721510276467000314750ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "PolicyPhysicalPresence_fp.h" #if CC_PolicyPhysicalPresence // Conditional expansion of this file /*(See part 3 specification) // indicate that physical presence will need to be asserted at the time the // authorization is performed */ TPM_RC TPM2_PolicyPhysicalPresence( PolicyPhysicalPresence_In *in // IN: input parameter list ) { SESSION *session; TPM_CC commandCode = TPM_CC_PolicyPhysicalPresence; HASH_STATE hashState; // Internal Data Update // Get pointer to the session structure session = SessionGet(in->policySession); // Update policy hash // policyDigestnew = hash(policyDigestold || TPM_CC_PolicyPhysicalPresence) // Start hash CryptHashStart(&hashState, session->authHashAlg); // add old digest CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); // add commandCode CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode); // complete the digest CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); // update session attribute session->attributes.isPPRequired = SET; return TPM_RC_SUCCESS; } #endif // CC_PolicyPhysicalPresencego-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicySecret.c000066400000000000000000000133051510276467000274510ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "PolicySecret_fp.h" #if CC_PolicySecret // Conditional expansion of this file #include "Policy_spt_fp.h" #include "NV_spt_fp.h" /*(See part 3 specification) // Add a secret-based authorization to the policy evaluation */ // Return Type: TPM_RC // TPM_RC_CPHASH cpHash for policy was previously set to a // value that is not the same as 'cpHashA' // TPM_RC_EXPIRED 'expiration' indicates a time in the past // TPM_RC_NONCE 'nonceTPM' does not match the nonce associated // with 'policySession' // TPM_RC_SIZE 'cpHashA' is not the size of a digest for the // hash associated with 'policySession' TPM_RC TPM2_PolicySecret( PolicySecret_In *in, // IN: input parameter list PolicySecret_Out *out // OUT: output parameter list ) { TPM_RC result; SESSION *session; TPM2B_NAME entityName; UINT64 authTimeout = 0; // Input Validation // Get pointer to the session structure session = SessionGet(in->policySession); //Only do input validation if this is not a trial policy session if(session->attributes.isTrialPolicy == CLEAR) { authTimeout = ComputeAuthTimeout(session, in->expiration, &in->nonceTPM); result = PolicyParameterChecks(session, authTimeout, &in->cpHashA, &in->nonceTPM, RC_PolicySecret_nonceTPM, RC_PolicySecret_cpHashA, RC_PolicySecret_expiration); if(result != TPM_RC_SUCCESS) return result; } // Internal Data Update // Update policy context with input policyRef and name of authorizing key // This value is computed even for trial sessions. Possibly update the cpHash PolicyContextUpdate(TPM_CC_PolicySecret, EntityGetName(in->authHandle, &entityName), &in->policyRef, &in->cpHashA, authTimeout, session); // Command Output // Create ticket and timeout buffer if in->expiration < 0 and this is not // a trial session. // NOTE: PolicyParameterChecks() makes sure that nonceTPM is present // when expiration is non-zero. if(in->expiration < 0 && session->attributes.isTrialPolicy == CLEAR && !NvIsPinPassIndex(in->authHandle)) { BOOL expiresOnReset = (in->nonceTPM.t.size == 0); // Compute policy ticket authTimeout &= ~EXPIRATION_BIT; TicketComputeAuth(TPM_ST_AUTH_SECRET, EntityGetHierarchy(in->authHandle), authTimeout, expiresOnReset, &in->cpHashA, &in->policyRef, &entityName, &out->policyTicket); // Generate timeout buffer. The format of output timeout buffer is // TPM-specific. // Note: In this implementation, the timeout buffer value is computed after // the ticket is produced so, when the ticket is checked, the expiration // flag needs to be extracted before the ticket is checked. out->timeout.t.size = sizeof(authTimeout); // In the Windows compatible version, the least-significant bit of the // timeout value is used as a flag to indicate if the authorization expires // on reset. The flag is the MSb. if(expiresOnReset) authTimeout |= EXPIRATION_BIT; UINT64_TO_BYTE_ARRAY(authTimeout, out->timeout.t.buffer); } else { // timeout buffer is null out->timeout.t.size = 0; // authorization ticket is null out->policyTicket.tag = TPM_ST_AUTH_SECRET; out->policyTicket.hierarchy = TPM_RH_NULL; out->policyTicket.digest.t.size = 0; } return TPM_RC_SUCCESS; } #endif // CC_PolicySecretgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicySigned.c000066400000000000000000000204021510276467000274310ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "Policy_spt_fp.h" #include "PolicySigned_fp.h" #if CC_PolicySigned // Conditional expansion of this file /*(See part 3 specification) // Include an asymmetrically signed authorization to the policy evaluation */ // Return Type: TPM_RC // TPM_RC_CPHASH cpHash was previously set to a different value // TPM_RC_EXPIRED 'expiration' indicates a time in the past or // 'expiration' is non-zero but no nonceTPM is present // TPM_RC_NONCE 'nonceTPM' is not the nonce associated with the // 'policySession' // TPM_RC_SCHEME the signing scheme of 'auth' is not supported by the // TPM // TPM_RC_SIGNATURE the signature is not genuine // TPM_RC_SIZE input cpHash has wrong size TPM_RC TPM2_PolicySigned( PolicySigned_In *in, // IN: input parameter list PolicySigned_Out *out // OUT: output parameter list ) { TPM_RC result = TPM_RC_SUCCESS; SESSION *session; TPM2B_NAME entityName; TPM2B_DIGEST authHash; HASH_STATE hashState; UINT64 authTimeout = 0; // Input Validation // Set up local pointers session = SessionGet(in->policySession); // the session structure // Only do input validation if this is not a trial policy session if(session->attributes.isTrialPolicy == CLEAR) { authTimeout = ComputeAuthTimeout(session, in->expiration, &in->nonceTPM); result = PolicyParameterChecks(session, authTimeout, &in->cpHashA, &in->nonceTPM, RC_PolicySigned_nonceTPM, RC_PolicySigned_cpHashA, RC_PolicySigned_expiration); if(result != TPM_RC_SUCCESS) return result; // Re-compute the digest being signed /*(See part 3 specification) // The digest is computed as: // aHash := hash ( nonceTPM | expiration | cpHashA | policyRef) // where: // hash() the hash associated with the signed authorization // nonceTPM the nonceTPM value from the TPM2_StartAuthSession . // response If the authorization is not limited to this // session, the size of this value is zero. // expiration time limit on authorization set by authorizing object. // This 32-bit value is set to zero if the expiration // time is not being set. // cpHashA hash of the command parameters for the command being // approved using the hash algorithm of the PSAP session. // Set to NULLauth if the authorization is not limited // to a specific command. // policyRef hash of an opaque value determined by the authorizing // object. Set to the NULLdigest if no hash is present. */ // Start hash authHash.t.size = CryptHashStart(&hashState, CryptGetSignHashAlg(&in->auth)); // If there is no digest size, then we don't have a verification function // for this algorithm (e.g. TPM_ALG_ECDAA) so indicate that it is a // bad scheme. if(authHash.t.size == 0) return TPM_RCS_SCHEME + RC_PolicySigned_auth; // nonceTPM CryptDigestUpdate2B(&hashState, &in->nonceTPM.b); // expiration CryptDigestUpdateInt(&hashState, sizeof(UINT32), in->expiration); // cpHashA CryptDigestUpdate2B(&hashState, &in->cpHashA.b); // policyRef CryptDigestUpdate2B(&hashState, &in->policyRef.b); // Complete digest CryptHashEnd2B(&hashState, &authHash.b); // Validate Signature. A TPM_RC_SCHEME, TPM_RC_HANDLE or TPM_RC_SIGNATURE // error may be returned at this point result = CryptValidateSignature(in->authObject, &authHash, &in->auth); if(result != TPM_RC_SUCCESS) return RcSafeAddToResult(result, RC_PolicySigned_auth); } // Internal Data Update // Update policy with input policyRef and name of authorization key // These values are updated even if the session is a trial session PolicyContextUpdate(TPM_CC_PolicySigned, EntityGetName(in->authObject, &entityName), &in->policyRef, &in->cpHashA, authTimeout, session); // Command Output // Create ticket and timeout buffer if in->expiration < 0 and this is not // a trial session. // NOTE: PolicyParameterChecks() makes sure that nonceTPM is present // when expiration is non-zero. if(in->expiration < 0 && session->attributes.isTrialPolicy == CLEAR) { BOOL expiresOnReset = (in->nonceTPM.t.size == 0); // Compute policy ticket authTimeout &= ~EXPIRATION_BIT; TicketComputeAuth(TPM_ST_AUTH_SIGNED, EntityGetHierarchy(in->authObject), authTimeout, expiresOnReset, &in->cpHashA, &in->policyRef, &entityName, &out->policyTicket); // Generate timeout buffer. The format of output timeout buffer is // TPM-specific. // Note: In this implementation, the timeout buffer value is computed after // the ticket is produced so, when the ticket is checked, the expiration // flag needs to be extracted before the ticket is checked. // In the Windows compatible version, the least-significant bit of the // timeout value is used as a flag to indicate if the authorization expires // on reset. The flag is the MSb. out->timeout.t.size = sizeof(authTimeout); if(expiresOnReset) authTimeout |= EXPIRATION_BIT; UINT64_TO_BYTE_ARRAY(authTimeout, out->timeout.t.buffer); } else { // Generate a null ticket. // timeout buffer is null out->timeout.t.size = 0; // authorization ticket is null out->policyTicket.tag = TPM_ST_AUTH_SIGNED; out->policyTicket.hierarchy = TPM_RH_NULL; out->policyTicket.digest.t.size = 0; } return TPM_RC_SUCCESS; } #endif // CC_PolicySignedgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyTemplate.c000066400000000000000000000100251510276467000277730ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "PolicyTemplate_fp.h" #if CC_PolicyTemplate // Conditional expansion of this file /*(See part 3 specification) // Add a cpHash restriction to the policyDigest */ // Return Type: TPM_RC // TPM_RC_CPHASH cpHash of 'policySession' has previously been set // to a different value // TPM_RC_SIZE 'templateHash' is not the size of a digest produced // by the hash algorithm associated with // 'policySession' TPM_RC TPM2_PolicyTemplate( PolicyTemplate_In *in // IN: input parameter list ) { SESSION *session; TPM_CC commandCode = TPM_CC_PolicyTemplate; HASH_STATE hashState; // Input Validation // Get pointer to the session structure session = SessionGet(in->policySession); // If the template is set, make sure that it is the same as the input value if(session->attributes.isTemplateSet) { if(!MemoryEqual2B(&in->templateHash.b, &session->u1.cpHash.b)) return TPM_RCS_VALUE + RC_PolicyTemplate_templateHash; } // error if cpHash contains something that is not a template else if(session->u1.templateHash.t.size != 0) return TPM_RC_CPHASH; // A valid templateHash must have the same size as session hash digest if(in->templateHash.t.size != CryptHashGetDigestSize(session->authHashAlg)) return TPM_RCS_SIZE + RC_PolicyTemplate_templateHash; // Internal Data Update // Update policy hash // policyDigestnew = hash(policyDigestold || TPM_CC_PolicyCpHash // || cpHashA.buffer) // Start hash CryptHashStart(&hashState, session->authHashAlg); // add old digest CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); // add commandCode CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), commandCode); // add cpHashA CryptDigestUpdate2B(&hashState, &in->templateHash.b); // complete the digest and get the results CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); // update cpHash in session context session->u1.templateHash = in->templateHash; session->attributes.isTemplateSet = SET; return TPM_RC_SUCCESS; } #endif // CC_PolicyTemplateHashgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/PolicyTicket.c000066400000000000000000000131241510276467000274460ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "PolicyTicket_fp.h" #if CC_PolicyTicket // Conditional expansion of this file #include "Policy_spt_fp.h" /*(See part 3 specification) // Include ticket to the policy evaluation */ // Return Type: TPM_RC // TPM_RC_CPHASH policy's cpHash was previously set to a different // value // TPM_RC_EXPIRED 'timeout' value in the ticket is in the past and the // ticket has expired // TPM_RC_SIZE 'timeout' or 'cpHash' has invalid size for the // TPM_RC_TICKET 'ticket' is not valid TPM_RC TPM2_PolicyTicket( PolicyTicket_In *in // IN: input parameter list ) { TPM_RC result; SESSION *session; UINT64 authTimeout; TPMT_TK_AUTH ticketToCompare; TPM_CC commandCode = TPM_CC_PolicySecret; BOOL expiresOnReset; // Input Validation // Get pointer to the session structure session = SessionGet(in->policySession); // NOTE: A trial policy session is not allowed to use this command. // A ticket is used in place of a previously given authorization. Since // a trial policy doesn't actually authenticate, the validated // ticket is not necessary and, in place of using a ticket, one // should use the intended authorization for which the ticket // would be a substitute. if(session->attributes.isTrialPolicy) return TPM_RCS_ATTRIBUTES + RC_PolicyTicket_policySession; // Restore timeout data. The format of timeout buffer is TPM-specific. // In this implementation, the most significant bit of the timeout value is // used as the flag to indicate that the ticket expires on TPM Reset or // TPM Restart. The flag has to be removed before the parameters and ticket // are checked. if(in->timeout.t.size != sizeof(UINT64)) return TPM_RCS_SIZE + RC_PolicyTicket_timeout; authTimeout = BYTE_ARRAY_TO_UINT64(in->timeout.t.buffer); // extract the flag expiresOnReset = (authTimeout & EXPIRATION_BIT) != 0; authTimeout &= ~EXPIRATION_BIT; // Do the normal checks on the cpHashA and timeout values result = PolicyParameterChecks(session, authTimeout, &in->cpHashA, NULL, // no nonce 0, // no bad nonce return RC_PolicyTicket_cpHashA, RC_PolicyTicket_timeout); if(result != TPM_RC_SUCCESS) return result; // Validate Ticket // Re-generate policy ticket by input parameters TicketComputeAuth(in->ticket.tag, in->ticket.hierarchy, authTimeout, expiresOnReset, &in->cpHashA, &in->policyRef, &in->authName, &ticketToCompare); // Compare generated digest with input ticket digest if(!MemoryEqual2B(&in->ticket.digest.b, &ticketToCompare.digest.b)) return TPM_RCS_TICKET + RC_PolicyTicket_ticket; // Internal Data Update // Is this ticket to take the place of a TPM2_PolicySigned() or // a TPM2_PolicySecret()? if(in->ticket.tag == TPM_ST_AUTH_SIGNED) commandCode = TPM_CC_PolicySigned; else if(in->ticket.tag == TPM_ST_AUTH_SECRET) commandCode = TPM_CC_PolicySecret; else // There could only be two possible tag values. Any other value should // be caught by the ticket validation process. FAIL(FATAL_ERROR_INTERNAL); // Update policy context PolicyContextUpdate(commandCode, &in->authName, &in->policyRef, &in->cpHashA, authTimeout, session); return TPM_RC_SUCCESS; } #endif // CC_PolicyTicketgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/EA/Policy_spt.c000066400000000000000000000246761510276467000272060ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Includes #include "Tpm.h" #include "Policy_spt_fp.h" #include "PolicySigned_fp.h" #include "PolicySecret_fp.h" #include "PolicyTicket_fp.h" //** Functions //*** PolicyParameterChecks() // This function validates the common parameters of TPM2_PolicySiged() // and TPM2_PolicySecret(). The common parameters are 'nonceTPM', // 'expiration', and 'cpHashA'. TPM_RC PolicyParameterChecks( SESSION *session, UINT64 authTimeout, TPM2B_DIGEST *cpHashA, TPM2B_NONCE *nonce, TPM_RC blameNonce, TPM_RC blameCpHash, TPM_RC blameExpiration ) { // Validate that input nonceTPM is correct if present if(nonce != NULL && nonce->t.size != 0) { if(!MemoryEqual2B(&nonce->b, &session->nonceTPM.b)) return TPM_RCS_NONCE + blameNonce; } // If authTimeout is set (expiration != 0... if(authTimeout != 0) { // Validate input expiration. // Cannot compare time if clock stop advancing. A TPM_RC_NV_UNAVAILABLE // or TPM_RC_NV_RATE error may be returned here. RETURN_IF_NV_IS_NOT_AVAILABLE; // if the time has already passed or the time epoch has changed then the // time value is no longer good. if((authTimeout < g_time) || (session->epoch != g_timeEpoch)) return TPM_RCS_EXPIRED + blameExpiration; } // If the cpHash is present, then check it if(cpHashA != NULL && cpHashA->t.size != 0) { // The cpHash input has to have the correct size if(cpHashA->t.size != session->u2.policyDigest.t.size) return TPM_RCS_SIZE + blameCpHash; // If the cpHash has already been set, then this input value // must match the current value. if(session->u1.cpHash.b.size != 0 && !MemoryEqual2B(&cpHashA->b, &session->u1.cpHash.b)) return TPM_RC_CPHASH; } return TPM_RC_SUCCESS; } //*** PolicyContextUpdate() // Update policy hash // Update the policyDigest in policy session by extending policyRef and // objectName to it. This will also update the cpHash if it is present. // Return Type: void void PolicyContextUpdate( TPM_CC commandCode, // IN: command code TPM2B_NAME *name, // IN: name of entity TPM2B_NONCE *ref, // IN: the reference data TPM2B_DIGEST *cpHash, // IN: the cpHash (optional) UINT64 policyTimeout, // IN: the timeout value for the policy SESSION *session // IN/OUT: policy session to be updated ) { HASH_STATE hashState; // Start hash CryptHashStart(&hashState, session->authHashAlg); // policyDigest size should always be the digest size of session hash algorithm. pAssert(session->u2.policyDigest.t.size == CryptHashGetDigestSize(session->authHashAlg)); // add old digest CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); // add commandCode CryptDigestUpdateInt(&hashState, sizeof(commandCode), commandCode); // add name if applicable if(name != NULL) CryptDigestUpdate2B(&hashState, &name->b); // Complete the digest and get the results CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); // If the policy reference is not null, do a second update to the digest. if(ref != NULL) { // Start second hash computation CryptHashStart(&hashState, session->authHashAlg); // add policyDigest CryptDigestUpdate2B(&hashState, &session->u2.policyDigest.b); // add policyRef CryptDigestUpdate2B(&hashState, &ref->b); // Complete second digest CryptHashEnd2B(&hashState, &session->u2.policyDigest.b); } // Deal with the cpHash. If the cpHash value is present // then it would have already been checked to make sure that // it is compatible with the current value so all we need // to do here is copy it and set the isCpHashDefined attribute if(cpHash != NULL && cpHash->t.size != 0) { session->u1.cpHash = *cpHash; session->attributes.isCpHashDefined = SET; } // update the timeout if it is specified if(policyTimeout != 0) { // If the timeout has not been set, then set it to the new value // than the current timeout then set it to the new value if(session->timeout == 0 || session->timeout > policyTimeout) session->timeout = policyTimeout; } return; } //*** ComputeAuthTimeout() // This function is used to determine what the authorization timeout value for // the session should be. UINT64 ComputeAuthTimeout( SESSION *session, // IN: the session containing the time // values INT32 expiration, // IN: either the number of seconds from // the start of the session or the // time in g_timer; TPM2B_NONCE *nonce // IN: indicator of the time base ) { UINT64 policyTime; // If no expiration, policy time is 0 if(expiration == 0) policyTime = 0; else { if(expiration < 0) expiration = -expiration; if(nonce->t.size == 0) // The input time is absolute Time (not Clock), but it is expressed // in seconds. To make sure that we don't time out too early, take the // current value of milliseconds in g_time and add that to the input // seconds value. policyTime = (((UINT64)expiration) * 1000) + g_time % 1000; else // The policy timeout is the absolute value of the expiration in seconds // added to the start time of the policy. policyTime = session->startTime + (((UINT64)expiration) * 1000); } return policyTime; } //*** PolicyDigestClear() // Function to reset the policyDigest of a session void PolicyDigestClear( SESSION *session ) { session->u2.policyDigest.t.size = CryptHashGetDigestSize(session->authHashAlg); MemorySet(session->u2.policyDigest.t.buffer, 0, session->u2.policyDigest.t.size); } BOOL PolicySptCheckCondition( TPM_EO operation, BYTE *opA, BYTE *opB, UINT16 size ) { // Arithmetic Comparison switch(operation) { case TPM_EO_EQ: // compare A = B return (UnsignedCompareB(size, opA, size, opB) == 0); break; case TPM_EO_NEQ: // compare A != B return (UnsignedCompareB(size, opA, size, opB) != 0); break; case TPM_EO_SIGNED_GT: // compare A > B signed return (SignedCompareB(size, opA, size, opB) > 0); break; case TPM_EO_UNSIGNED_GT: // compare A > B unsigned return (UnsignedCompareB(size, opA, size, opB) > 0); break; case TPM_EO_SIGNED_LT: // compare A < B signed return (SignedCompareB(size, opA, size, opB) < 0); break; case TPM_EO_UNSIGNED_LT: // compare A < B unsigned return (UnsignedCompareB(size, opA, size, opB) < 0); break; case TPM_EO_SIGNED_GE: // compare A >= B signed return (SignedCompareB(size, opA, size, opB) >= 0); break; case TPM_EO_UNSIGNED_GE: // compare A >= B unsigned return (UnsignedCompareB(size, opA, size, opB) >= 0); break; case TPM_EO_SIGNED_LE: // compare A <= B signed return (SignedCompareB(size, opA, size, opB) <= 0); break; case TPM_EO_UNSIGNED_LE: // compare A <= B unsigned return (UnsignedCompareB(size, opA, size, opB) <= 0); break; case TPM_EO_BITSET: // All bits SET in B are SET in A. ((A&B)=B) { UINT32 i; for(i = 0; i < size; i++) if((opA[i] & opB[i]) != opB[i]) return FALSE; } break; case TPM_EO_BITCLEAR: // All bits SET in B are CLEAR in A. ((A&B)=0) { UINT32 i; for(i = 0; i < size; i++) if((opA[i] & opB[i]) != 0) return FALSE; } break; default: FAIL(FATAL_ERROR_INTERNAL); break; } return TRUE; } go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Ecdaa/000077500000000000000000000000001510276467000254065ustar00rootroot00000000000000go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Ecdaa/Commit.c000066400000000000000000000157621510276467000270150ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "Commit_fp.h" #if CC_Commit // Conditional expansion of this file /*(See part 3 specification) // This command performs the point multiply operations for anonymous signing // scheme. */ // Return Type: TPM_RC // TPM_RC_ATTRIBUTES 'keyHandle' references a restricted key that is not a // signing key // TPM_RC_ECC_POINT either 'P1' or the point derived from 's2' is not on // the curve of 'keyHandle' // TPM_RC_HASH invalid name algorithm in 'keyHandle' // TPM_RC_KEY 'keyHandle' does not reference an ECC key // TPM_RC_SCHEME the scheme of 'keyHandle' is not an anonymous scheme // TPM_RC_NO_RESULT 'K', 'L' or 'E' was a point at infinity; or // failed to generate "r" value // TPM_RC_SIZE 's2' is empty but 'y2' is not or 's2' provided but // 'y2' is not TPM_RC TPM2_Commit( Commit_In *in, // IN: input parameter list Commit_Out *out // OUT: output parameter list ) { OBJECT *eccKey; TPMS_ECC_POINT P2; TPMS_ECC_POINT *pP2 = NULL; TPMS_ECC_POINT *pP1 = NULL; TPM2B_ECC_PARAMETER r; TPM2B_ECC_PARAMETER p; TPM_RC result; TPMS_ECC_PARMS *parms; // Input Validation eccKey = HandleToObject(in->signHandle); parms = &eccKey->publicArea.parameters.eccDetail; // Input key must be an ECC key if(eccKey->publicArea.type != TPM_ALG_ECC) return TPM_RCS_KEY + RC_Commit_signHandle; // This command may only be used with a sign-only key using an anonymous // scheme. // NOTE: a sign + decrypt key has no scheme so it will not be an anonymous one // and an unrestricted sign key might no have a signing scheme but it can't // be use in Commit() if(!CryptIsSchemeAnonymous(parms->scheme.scheme)) return TPM_RCS_SCHEME + RC_Commit_signHandle; // Make sure that both parts of P2 are present if either is present if((in->s2.t.size == 0) != (in->y2.t.size == 0)) return TPM_RCS_SIZE + RC_Commit_y2; // Get prime modulus for the curve. This is needed later but getting this now // allows confirmation that the curve exists. if(!CryptEccGetParameter(&p, 'p', parms->curveID)) return TPM_RCS_KEY + RC_Commit_signHandle; // Get the random value that will be used in the point multiplications // Note: this does not commit the count. if(!CryptGenerateR(&r, NULL, parms->curveID, &eccKey->name)) return TPM_RC_NO_RESULT; // Set up P2 if s2 and Y2 are provided if(in->s2.t.size != 0) { TPM2B_DIGEST x2; pP2 = &P2; // copy y2 for P2 P2.y = in->y2; // Compute x2 HnameAlg(s2) mod p // do the hash operation on s2 with the size of curve 'p' x2.t.size = CryptHashBlock(eccKey->publicArea.nameAlg, in->s2.t.size, in->s2.t.buffer, sizeof(x2.t.buffer), x2.t.buffer); // If there were error returns in the hash routine, indicate a problem // with the hash algorithm selection if(x2.t.size == 0) return TPM_RCS_HASH + RC_Commit_signHandle; // The size of the remainder will be same as the size of p. DivideB() will // pad the results (leading zeros) if necessary to make the size the same P2.x.t.size = p.t.size; // set p2.x = hash(s2) mod p if(DivideB(&x2.b, &p.b, NULL, &P2.x.b) != TPM_RC_SUCCESS) return TPM_RC_NO_RESULT; if(!CryptEccIsPointOnCurve(parms->curveID, pP2)) return TPM_RCS_ECC_POINT + RC_Commit_s2; if(eccKey->attributes.publicOnly == SET) return TPM_RCS_KEY + RC_Commit_signHandle; } // If there is a P1, make sure that it is on the curve // NOTE: an "empty" point has two UINT16 values which are the size values // for each of the coordinates. if(in->P1.size > 4) { pP1 = &in->P1.point; if(!CryptEccIsPointOnCurve(parms->curveID, pP1)) return TPM_RCS_ECC_POINT + RC_Commit_P1; } // Pass the parameters to CryptCommit. // The work is not done in-line because it does several point multiplies // with the same curve. It saves work by not having to reload the curve // parameters multiple times. result = CryptEccCommitCompute(&out->K.point, &out->L.point, &out->E.point, parms->curveID, pP1, pP2, &eccKey->sensitive.sensitive.ecc, &r); if(result != TPM_RC_SUCCESS) return result; // The commit computation was successful so complete the commit by setting // the bit out->counter = CryptCommit(); return TPM_RC_SUCCESS; } #endif // CC_Commitgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/FieldUpgrade/000077500000000000000000000000001510276467000267445ustar00rootroot00000000000000go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/FieldUpgrade/FieldUpgradeData.c000066400000000000000000000042651510276467000322440ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "FieldUpgradeData_fp.h" #if CC_FieldUpgradeData // Conditional expansion of this file /*(See part 3 specification) // FieldUpgradeData */ TPM_RC TPM2_FieldUpgradeData( FieldUpgradeData_In *in, // IN: input parameter list FieldUpgradeData_Out *out // OUT: output parameter list ) { // Not implemented UNUSED_PARAMETER(in); UNUSED_PARAMETER(out); return TPM_RC_SUCCESS; } #endifgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/FieldUpgrade/FieldUpgradeStart.c000066400000000000000000000041221510276467000324600ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "FieldUpgradeStart_fp.h" #if CC_FieldUpgradeStart // Conditional expansion of this file /*(See part 3 specification) // FieldUpgradeStart */ TPM_RC TPM2_FieldUpgradeStart( FieldUpgradeStart_In *in // IN: input parameter list ) { // Not implemented UNUSED_PARAMETER(in); return TPM_RC_SUCCESS; } #endifgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/FieldUpgrade/FirmwareRead.c000066400000000000000000000042641510276467000314660ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "FirmwareRead_fp.h" #if CC_FirmwareRead // Conditional expansion of this file /*(See part 3 specification) // FirmwareRead */ TPM_RC TPM2_FirmwareRead( FirmwareRead_In *in, // IN: input parameter list FirmwareRead_Out *out // OUT: output parameter list ) { // Not implemented UNUSED_PARAMETER(in); UNUSED_PARAMETER(out); return TPM_RC_SUCCESS; } #endif // CC_FirmwareReadgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/000077500000000000000000000000001510276467000257255ustar00rootroot00000000000000go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/EventSequenceComplete.c000066400000000000000000000114401510276467000323340ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "EventSequenceComplete_fp.h" #if CC_EventSequenceComplete // Conditional expansion of this file /*(See part 3 specification) Complete an event sequence and flush the object. */ // Return Type: TPM_RC // TPM_RC_LOCALITY PCR extension is not allowed at the current locality // TPM_RC_MODE input handle is not a valid event sequence object TPM_RC TPM2_EventSequenceComplete( EventSequenceComplete_In *in, // IN: input parameter list EventSequenceComplete_Out *out // OUT: output parameter list ) { HASH_OBJECT *hashObject; UINT32 i; TPM_ALG_ID hashAlg; // Input validation // get the event sequence object pointer hashObject = (HASH_OBJECT *)HandleToObject(in->sequenceHandle); // input handle must reference an event sequence object if(hashObject->attributes.eventSeq != SET) return TPM_RCS_MODE + RC_EventSequenceComplete_sequenceHandle; // see if a PCR extend is requested in call if(in->pcrHandle != TPM_RH_NULL) { // see if extend of the PCR is allowed at the locality of the command, if(!PCRIsExtendAllowed(in->pcrHandle)) return TPM_RC_LOCALITY; // if an extend is going to take place, then check to see if there has // been an orderly shutdown. If so, and the selected PCR is one of the // state saved PCR, then the orderly state has to change. The orderly state // does not change for PCR that are not preserved. // NOTE: This doesn't just check for Shutdown(STATE) because the orderly // state will have to change if this is a state-saved PCR regardless // of the current state. This is because a subsequent Shutdown(STATE) will // check to see if there was an orderly shutdown and not do anything if // there was. So, this must indicate that a future Shutdown(STATE) has // something to do. if(PCRIsStateSaved(in->pcrHandle)) RETURN_IF_ORDERLY; } // Command Output out->results.count = 0; for(i = 0; i < HASH_COUNT; i++) { hashAlg = CryptHashGetAlgByIndex(i); // Update last piece of data CryptDigestUpdate2B(&hashObject->state.hashState[i], &in->buffer.b); // Complete hash out->results.digests[out->results.count].hashAlg = hashAlg; CryptHashEnd(&hashObject->state.hashState[i], CryptHashGetDigestSize(hashAlg), (BYTE *)&out->results.digests[out->results.count].digest); // Extend PCR if(in->pcrHandle != TPM_RH_NULL) PCRExtend(in->pcrHandle, hashAlg, CryptHashGetDigestSize(hashAlg), (BYTE *)&out->results.digests[out->results.count].digest); out->results.count++; } // Internal Data Update // mark sequence object as evict so it will be flushed on the way out hashObject->attributes.evict = SET; return TPM_RC_SUCCESS; } #endif // CC_EventSequenceCompletego-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/HMAC_Start.c000066400000000000000000000105221510276467000277560ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "HMAC_Start_fp.h" #if CC_HMAC_Start // Conditional expansion of this file /*(See part 3 specification) // Initialize a HMAC sequence and create a sequence object */ // Return Type: TPM_RC // TPM_RC_ATTRIBUTES key referenced by 'handle' is not a signing key // or is restricted // TPM_RC_OBJECT_MEMORY no space to create an internal object // TPM_RC_KEY key referenced by 'handle' is not an HMAC key // TPM_RC_VALUE 'hashAlg' is not compatible with the hash algorithm // of the scheme of the object referenced by 'handle' TPM_RC TPM2_HMAC_Start( HMAC_Start_In *in, // IN: input parameter list HMAC_Start_Out *out // OUT: output parameter list ) { OBJECT *keyObject; TPMT_PUBLIC *publicArea; TPM_ALG_ID hashAlg; // Input Validation // Get HMAC key object and public area pointers keyObject = HandleToObject(in->handle); publicArea = &keyObject->publicArea; // Make sure that the key is an HMAC key if(publicArea->type != TPM_ALG_KEYEDHASH) return TPM_RCS_TYPE + RC_HMAC_Start_handle; // and that it is unrestricted if(IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, restricted)) return TPM_RCS_ATTRIBUTES + RC_HMAC_Start_handle; // and that it is a signing key if(!IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, sign)) return TPM_RCS_KEY + RC_HMAC_Start_handle; // See if the key has a default if(publicArea->parameters.keyedHashDetail.scheme.scheme == TPM_ALG_NULL) // it doesn't so use the input value hashAlg = in->hashAlg; else { // key has a default so use it hashAlg = publicArea->parameters.keyedHashDetail.scheme.details.hmac.hashAlg; // and verify that the input was either the TPM_ALG_NULL or the default if(in->hashAlg != TPM_ALG_NULL && in->hashAlg != hashAlg) hashAlg = TPM_ALG_NULL; } // if we ended up without a hash algorithm then return an error if(hashAlg == TPM_ALG_NULL) return TPM_RCS_VALUE + RC_HMAC_Start_hashAlg; // Internal Data Update // Create a HMAC sequence object. A TPM_RC_OBJECT_MEMORY error may be // returned at this point return ObjectCreateHMACSequence(hashAlg, keyObject, &in->auth, &out->sequenceHandle); } #endif // CC_HMAC_Startgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/HashSequenceStart.c000066400000000000000000000052171510276467000314700ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "HashSequenceStart_fp.h" #if CC_HashSequenceStart // Conditional expansion of this file /*(See part 3 specification) // Start a hash or an event sequence */ // Return Type: TPM_RC // TPM_RC_OBJECT_MEMORY no space to create an internal object TPM_RC TPM2_HashSequenceStart( HashSequenceStart_In *in, // IN: input parameter list HashSequenceStart_Out *out // OUT: output parameter list ) { // Internal Data Update if(in->hashAlg == TPM_ALG_NULL) // Start a event sequence. A TPM_RC_OBJECT_MEMORY error may be // returned at this point return ObjectCreateEventSequence(&in->auth, &out->sequenceHandle); // Start a hash sequence. A TPM_RC_OBJECT_MEMORY error may be // returned at this point return ObjectCreateHashSequence(in->hashAlg, &in->auth, &out->sequenceHandle); } #endif // CC_HashSequenceStartgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/MAC_Start.c000066400000000000000000000100101510276467000276360ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "MAC_Start_fp.h" #if CC_MAC_Start // Conditional expansion of this file /*(See part 3 specification) // Initialize a HMAC sequence and create a sequence object */ // Return Type: TPM_RC // TPM_RC_ATTRIBUTES key referenced by 'handle' is not a signing key // or is restricted // TPM_RC_OBJECT_MEMORY no space to create an internal object // TPM_RC_KEY key referenced by 'handle' is not an HMAC key // TPM_RC_VALUE 'hashAlg' is not compatible with the hash algorithm // of the scheme of the object referenced by 'handle' TPM_RC TPM2_MAC_Start( MAC_Start_In *in, // IN: input parameter list MAC_Start_Out *out // OUT: output parameter list ) { OBJECT *keyObject; TPMT_PUBLIC *publicArea; TPM_RC result; // Input Validation // Get HMAC key object and public area pointers keyObject = HandleToObject(in->handle); publicArea = &keyObject->publicArea; // Make sure that the key can do what is required result = CryptSelectMac(publicArea, &in->inScheme); // If the key is not able to do a MAC, indicate that the handle selects an // object that can't do a MAC if(result == TPM_RCS_TYPE) return TPM_RCS_TYPE + RC_MAC_Start_handle; // If there is another error type, indicate that the scheme and key are not // compatible if(result != TPM_RC_SUCCESS) return RcSafeAddToResult(result, RC_MAC_Start_inScheme); // Make sure that the key is not restricted if(IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, restricted)) return TPM_RCS_ATTRIBUTES + RC_MAC_Start_handle; // and that it is a signing key if(!IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, sign)) return TPM_RCS_KEY + RC_MAC_Start_handle; // Internal Data Update // Create a HMAC sequence object. A TPM_RC_OBJECT_MEMORY error may be // returned at this point return ObjectCreateHMACSequence(in->inScheme, keyObject, &in->auth, &out->sequenceHandle); } #endif // CC_MAC_Startgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/SequenceComplete.c000066400000000000000000000125461510276467000313420ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "SequenceComplete_fp.h" #if CC_SequenceComplete // Conditional expansion of this file /*(See part 3 specification) // Complete a sequence and flush the object. */ // Return Type: TPM_RC // TPM_RC_MODE 'sequenceHandle' does not reference a hash or HMAC // sequence object TPM_RC TPM2_SequenceComplete( SequenceComplete_In *in, // IN: input parameter list SequenceComplete_Out *out // OUT: output parameter list ) { HASH_OBJECT *hashObject; // Input validation // Get hash object pointer hashObject = (HASH_OBJECT *)HandleToObject(in->sequenceHandle); // input handle must be a hash or HMAC sequence object. if(hashObject->attributes.hashSeq == CLEAR && hashObject->attributes.hmacSeq == CLEAR) return TPM_RCS_MODE + RC_SequenceComplete_sequenceHandle; // Command Output if(hashObject->attributes.hashSeq == SET) // sequence object for hash { // Get the hash algorithm before the algorithm is lost in CryptHashEnd TPM_ALG_ID hashAlg = hashObject->state.hashState[0].hashAlg; // Update last piece of the data CryptDigestUpdate2B(&hashObject->state.hashState[0], &in->buffer.b); // Complete hash out->result.t.size = CryptHashEnd(&hashObject->state.hashState[0], sizeof(out->result.t.buffer), out->result.t.buffer); // Check if the first block of the sequence has been received if(hashObject->attributes.firstBlock == CLEAR) { // If not, then this is the first block so see if it is 'safe' // to sign. if(TicketIsSafe(&in->buffer.b)) hashObject->attributes.ticketSafe = SET; } // Output ticket out->validation.tag = TPM_ST_HASHCHECK; out->validation.hierarchy = in->hierarchy; if(in->hierarchy == TPM_RH_NULL) { // Ticket is not required out->validation.digest.t.size = 0; } else if(hashObject->attributes.ticketSafe == CLEAR) { // Ticket is not safe to generate out->validation.hierarchy = TPM_RH_NULL; out->validation.digest.t.size = 0; } else { // Compute ticket TicketComputeHashCheck(out->validation.hierarchy, hashAlg, &out->result, &out->validation); } } else { // Update last piece of data CryptDigestUpdate2B(&hashObject->state.hmacState.hashState, &in->buffer.b); #if !SMAC_IMPLEMENTED // Complete HMAC out->result.t.size = CryptHmacEnd(&(hashObject->state.hmacState), sizeof(out->result.t.buffer), out->result.t.buffer); #else // Complete the MAC out->result.t.size = CryptMacEnd(&hashObject->state.hmacState, sizeof(out->result.t.buffer), out->result.t.buffer); #endif // No ticket is generated for HMAC sequence out->validation.tag = TPM_ST_HASHCHECK; out->validation.hierarchy = TPM_RH_NULL; out->validation.digest.t.size = 0; } // Internal Data Update // mark sequence object as evict so it will be flushed on the way out hashObject->attributes.evict = SET; return TPM_RC_SUCCESS; } #endif // CC_SequenceCompletego-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/HashHMAC/SequenceUpdate.c000066400000000000000000000100241510276467000310010ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "SequenceUpdate_fp.h" #if CC_SequenceUpdate // Conditional expansion of this file /*(See part 3 specification) // This function is used to add data to a sequence object. */ // Return Type: TPM_RC // TPM_RC_MODE 'sequenceHandle' does not reference a hash or HMAC // sequence object TPM_RC TPM2_SequenceUpdate( SequenceUpdate_In *in // IN: input parameter list ) { OBJECT *object; HASH_OBJECT *hashObject; // Input Validation // Get sequence object pointer object = HandleToObject(in->sequenceHandle); hashObject = (HASH_OBJECT *)object; // Check that referenced object is a sequence object. if(!ObjectIsSequence(object)) return TPM_RCS_MODE + RC_SequenceUpdate_sequenceHandle; // Internal Data Update if(object->attributes.eventSeq == SET) { // Update event sequence object UINT32 i; for(i = 0; i < HASH_COUNT; i++) { // Update sequence object CryptDigestUpdate2B(&hashObject->state.hashState[i], &in->buffer.b); } } else { // Update hash/HMAC sequence object if(hashObject->attributes.hashSeq == SET) { // Is this the first block of the sequence if(hashObject->attributes.firstBlock == CLEAR) { // If so, indicate that first block was received hashObject->attributes.firstBlock = SET; // Check the first block to see if the first block can contain // the TPM_GENERATED_VALUE. If it does, it is not safe for // a ticket. if(TicketIsSafe(&in->buffer.b)) hashObject->attributes.ticketSafe = SET; } // Update sequence object hash/HMAC stack CryptDigestUpdate2B(&hashObject->state.hashState[0], &in->buffer.b); } else if(object->attributes.hmacSeq == SET) { // Update sequence object HMAC stack CryptDigestUpdate2B(&hashObject->state.hmacState.hashState, &in->buffer.b); } } return TPM_RC_SUCCESS; } #endif // CC_SequenceUpdatego-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/000077500000000000000000000000001510276467000263275ustar00rootroot00000000000000go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/ChangeEPS.c000066400000000000000000000067541510276467000302440ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "ChangeEPS_fp.h" #if CC_ChangeEPS // Conditional expansion of this file /*(See part 3 specification) // Reset current EPS value */ TPM_RC TPM2_ChangeEPS( ChangeEPS_In *in // IN: input parameter list ) { // The command needs NV update. Check if NV is available. // A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may be returned at // this point RETURN_IF_NV_IS_NOT_AVAILABLE; // Input parameter is not reference in command action NOT_REFERENCED(in); // Internal Data Update // Reset endorsement hierarchy seed from RNG CryptRandomGenerate(sizeof(gp.EPSeed.t.buffer), gp.EPSeed.t.buffer); // Create new ehProof value from RNG CryptRandomGenerate(sizeof(gp.ehProof.t.buffer), gp.ehProof.t.buffer); // Enable endorsement hierarchy gc.ehEnable = TRUE; // set authValue buffer to zeros MemorySet(gp.endorsementAuth.t.buffer, 0, gp.endorsementAuth.t.size); // Set endorsement authValue to null gp.endorsementAuth.t.size = 0; // Set endorsement authPolicy to null gp.endorsementAlg = TPM_ALG_NULL; gp.endorsementPolicy.t.size = 0; // Flush loaded object in endorsement hierarchy ObjectFlushHierarchy(TPM_RH_ENDORSEMENT); // Flush evict object of endorsement hierarchy stored in NV NvFlushHierarchy(TPM_RH_ENDORSEMENT); // Save hierarchy changes to NV NV_SYNC_PERSISTENT(EPSeed); NV_SYNC_PERSISTENT(ehProof); NV_SYNC_PERSISTENT(endorsementAuth); NV_SYNC_PERSISTENT(endorsementAlg); NV_SYNC_PERSISTENT(endorsementPolicy); // orderly state should be cleared because of the update to state clear data g_clearOrderly = TRUE; return TPM_RC_SUCCESS; } #endif // CC_ChangeEPSgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/ChangePPS.c000066400000000000000000000066661510276467000302610ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "ChangePPS_fp.h" #if CC_ChangePPS // Conditional expansion of this file /*(See part 3 specification) // Reset current PPS value */ TPM_RC TPM2_ChangePPS( ChangePPS_In *in // IN: input parameter list ) { UINT32 i; // Check if NV is available. A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE // error may be returned at this point RETURN_IF_NV_IS_NOT_AVAILABLE; // Input parameter is not reference in command action NOT_REFERENCED(in); // Internal Data Update // Reset platform hierarchy seed from RNG CryptRandomGenerate(sizeof(gp.PPSeed.t.buffer), gp.PPSeed.t.buffer); // Create a new phProof value from RNG to prevent the saved platform // hierarchy contexts being loaded CryptRandomGenerate(sizeof(gp.phProof.t.buffer), gp.phProof.t.buffer); // Set platform authPolicy to null gc.platformAlg = TPM_ALG_NULL; gc.platformPolicy.t.size = 0; // Flush loaded object in platform hierarchy ObjectFlushHierarchy(TPM_RH_PLATFORM); // Flush platform evict object and index in NV NvFlushHierarchy(TPM_RH_PLATFORM); // Save hierarchy changes to NV NV_SYNC_PERSISTENT(PPSeed); NV_SYNC_PERSISTENT(phProof); // Re-initialize PCR policies #if defined NUM_POLICY_PCR_GROUP && NUM_POLICY_PCR_GROUP > 0 for(i = 0; i < NUM_POLICY_PCR_GROUP; i++) { gp.pcrPolicies.hashAlg[i] = TPM_ALG_NULL; gp.pcrPolicies.policy[i].t.size = 0; } NV_SYNC_PERSISTENT(pcrPolicies); #endif // orderly state should be cleared because of the update to state clear data g_clearOrderly = TRUE; return TPM_RC_SUCCESS; } #endif // CC_ChangePPSgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/Clear.c000066400000000000000000000111211510276467000275150ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "Clear_fp.h" #if CC_Clear // Conditional expansion of this file /*(See part 3 specification) // Clear owner */ // Return Type: TPM_RC // TPM_RC_DISABLED Clear command has been disabled TPM_RC TPM2_Clear( Clear_In *in // IN: input parameter list ) { // Input parameter is not reference in command action NOT_REFERENCED(in); // The command needs NV update. Check if NV is available. // A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may be returned at // this point RETURN_IF_NV_IS_NOT_AVAILABLE; // Input Validation // If Clear command is disabled, return an error if(gp.disableClear) return TPM_RC_DISABLED; // Internal Data Update // Reset storage hierarchy seed from RNG CryptRandomGenerate(sizeof(gp.SPSeed.t.buffer), gp.SPSeed.t.buffer); // Create new shProof and ehProof value from RNG CryptRandomGenerate(sizeof(gp.shProof.t.buffer), gp.shProof.t.buffer); CryptRandomGenerate(sizeof(gp.ehProof.t.buffer), gp.ehProof.t.buffer); // Enable storage and endorsement hierarchy gc.shEnable = gc.ehEnable = TRUE; // set the authValue buffers to zero MemorySet(&gp.ownerAuth, 0, sizeof(gp.ownerAuth)); MemorySet(&gp.endorsementAuth, 0, sizeof(gp.endorsementAuth)); MemorySet(&gp.lockoutAuth, 0, sizeof(gp.lockoutAuth)); // Set storage, endorsement, and lockout authPolicy to null gp.ownerAlg = gp.endorsementAlg = gp.lockoutAlg = TPM_ALG_NULL; MemorySet(&gp.ownerPolicy, 0, sizeof(gp.ownerPolicy)); MemorySet(&gp.endorsementPolicy, 0, sizeof(gp.endorsementPolicy)); MemorySet(&gp.lockoutPolicy, 0, sizeof(gp.lockoutPolicy)); // Flush loaded object in storage and endorsement hierarchy ObjectFlushHierarchy(TPM_RH_OWNER); ObjectFlushHierarchy(TPM_RH_ENDORSEMENT); // Flush owner and endorsement object and owner index in NV NvFlushHierarchy(TPM_RH_OWNER); NvFlushHierarchy(TPM_RH_ENDORSEMENT); // Initialize dictionary attack parameters DAPreInstall_Init(); // Reset clock go.clock = 0; go.clockSafe = YES; NvWrite(NV_ORDERLY_DATA, sizeof(ORDERLY_DATA), &go); // Reset counters gp.resetCount = gr.restartCount = gr.clearCount = 0; gp.auditCounter = 0; // Save persistent data changes to NV // Note: since there are so many changes to the persistent data structure, the // entire PERSISTENT_DATA structure is written as a unit NvWrite(NV_PERSISTENT_DATA, sizeof(PERSISTENT_DATA), &gp); // Reset the PCR authValues (this does not change the PCRs) PCR_ClearAuth(); // Bump the PCR counter PCRChanged(0); // orderly state should be cleared because of the update to state clear data g_clearOrderly = TRUE; return TPM_RC_SUCCESS; } #endif // CC_Cleargo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/ClearControl.c000066400000000000000000000052131510276467000310630ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "ClearControl_fp.h" #if CC_ClearControl // Conditional expansion of this file /*(See part 3 specification) // Enable or disable the execution of TPM2_Clear command */ // Return Type: TPM_RC // TPM_RC_AUTH_FAIL authorization is not properly given TPM_RC TPM2_ClearControl( ClearControl_In *in // IN: input parameter list ) { // The command needs NV update. RETURN_IF_NV_IS_NOT_AVAILABLE; // Input Validation // LockoutAuth may be used to set disableLockoutClear to TRUE but not to FALSE if(in->auth == TPM_RH_LOCKOUT && in->disable == NO) return TPM_RC_AUTH_FAIL; // Internal Data Update if(in->disable == YES) gp.disableClear = TRUE; else gp.disableClear = FALSE; // Record the change to NV NV_SYNC_PERSISTENT(disableClear); return TPM_RC_SUCCESS; } #endif // CC_ClearControlgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/CreatePrimary.c000066400000000000000000000154721510276467000312530ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "CreatePrimary_fp.h" #if CC_CreatePrimary // Conditional expansion of this file /*(See part 3 specification) // Creates a primary or temporary object from a primary seed. */ // Return Type: TPM_RC // TPM_RC_ATTRIBUTES sensitiveDataOrigin is CLEAR when sensitive.data is an // Empty Buffer 'fixedTPM', 'fixedParent', or // 'encryptedDuplication' attributes are inconsistent // between themselves or with those of the parent object; // inconsistent 'restricted', 'decrypt' and 'sign' // attributes // attempt to inject sensitive data for an asymmetric // key; // TPM_RC_KDF incorrect KDF specified for decrypting keyed hash // object // TPM_RC_KEY a provided symmetric key value is not allowed // TPM_RC_OBJECT_MEMORY there is no free slot for the object // TPM_RC_SCHEME inconsistent attributes 'decrypt', 'sign', // 'restricted' and key's scheme ID; or hash algorithm is // inconsistent with the scheme ID for keyed hash object // TPM_RC_SIZE size of public authorization policy or sensitive // authorization value does not match digest size of the // name algorithm; or sensitive data size for the keyed // hash object is larger than is allowed for the scheme // TPM_RC_SYMMETRIC a storage key with no symmetric algorithm specified; // or non-storage key with symmetric algorithm different // from TPM_ALG_NULL // TPM_RC_TYPE unknown object type TPM_RC TPM2_CreatePrimary( CreatePrimary_In *in, // IN: input parameter list CreatePrimary_Out *out // OUT: output parameter list ) { TPM_RC result = TPM_RC_SUCCESS; TPMT_PUBLIC *publicArea; DRBG_STATE rand; OBJECT *newObject; TPM2B_NAME name; // Input Validation // Will need a place to put the result newObject = FindEmptyObjectSlot(&out->objectHandle); if(newObject == NULL) return TPM_RC_OBJECT_MEMORY; // Get the address of the public area in the new object // (this is just to save typing) publicArea = &newObject->publicArea; *publicArea = in->inPublic.publicArea; // Check attributes in input public area. CreateChecks() checks the things that // are unique to creation and then validates the attributes and values that are // common to create and load. result = CreateChecks(NULL, publicArea, in->inSensitive.sensitive.data.t.size); if(result != TPM_RC_SUCCESS) return RcSafeAddToResult(result, RC_CreatePrimary_inPublic); // Validate the sensitive area values if(!AdjustAuthSize(&in->inSensitive.sensitive.userAuth, publicArea->nameAlg)) return TPM_RCS_SIZE + RC_CreatePrimary_inSensitive; // Command output // Compute the name using out->name as a scratch area (this is not the value // that ultimately will be returned, then instantiate the state that will be // used as a random number generator during the object creation. // The caller does not know the seed values so the actual name does not have // to be over the input, it can be over the unmarshaled structure. result = DRBG_InstantiateSeeded(&rand, &HierarchyGetPrimarySeed(in->primaryHandle)->b, PRIMARY_OBJECT_CREATION, (TPM2B *)PublicMarshalAndComputeName(publicArea, &name), &in->inSensitive.sensitive.data.b); if(result == TPM_RC_SUCCESS) { newObject->attributes.primary = SET; if(in->primaryHandle == TPM_RH_ENDORSEMENT) newObject->attributes.epsHierarchy = SET; // Create the primary object. result = CryptCreateObject(newObject, &in->inSensitive.sensitive, (RAND_STATE *)&rand); } if(result != TPM_RC_SUCCESS) return result; // Set the publicArea and name from the computed values out->outPublic.publicArea = newObject->publicArea; out->name = newObject->name; // Fill in creation data FillInCreationData(in->primaryHandle, publicArea->nameAlg, &in->creationPCR, &in->outsideInfo, &out->creationData, &out->creationHash); // Compute creation ticket TicketComputeCreation(EntityGetHierarchy(in->primaryHandle), &out->name, &out->creationHash, &out->creationTicket); // Set the remaining attributes for a loaded object ObjectSetLoadedAttributes(newObject, in->primaryHandle); return result; } #endif // CC_CreatePrimarygo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/HierarchyChangeAuth.c000066400000000000000000000070061510276467000323440ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "HierarchyChangeAuth_fp.h" #if CC_HierarchyChangeAuth // Conditional expansion of this file #include "Object_spt_fp.h" /*(See part 3 specification) // Set a hierarchy authValue */ // Return Type: TPM_RC // TPM_RC_SIZE 'newAuth' size is greater than that of integrity hash // digest TPM_RC TPM2_HierarchyChangeAuth( HierarchyChangeAuth_In *in // IN: input parameter list ) { // The command needs NV update. RETURN_IF_NV_IS_NOT_AVAILABLE; // Make sure that the authorization value is a reasonable size (not larger than // the size of the digest produced by the integrity hash. The integrity // hash is assumed to produce the longest digest of any hash implemented // on the TPM. This will also remove trailing zeros from the authValue. if(MemoryRemoveTrailingZeros(&in->newAuth) > CONTEXT_INTEGRITY_HASH_SIZE) return TPM_RCS_SIZE + RC_HierarchyChangeAuth_newAuth; // Set hierarchy authValue switch(in->authHandle) { case TPM_RH_OWNER: gp.ownerAuth = in->newAuth; NV_SYNC_PERSISTENT(ownerAuth); break; case TPM_RH_ENDORSEMENT: gp.endorsementAuth = in->newAuth; NV_SYNC_PERSISTENT(endorsementAuth); break; case TPM_RH_PLATFORM: gc.platformAuth = in->newAuth; // orderly state should be cleared g_clearOrderly = TRUE; break; case TPM_RH_LOCKOUT: gp.lockoutAuth = in->newAuth; NV_SYNC_PERSISTENT(lockoutAuth); break; default: FAIL(FATAL_ERROR_INTERNAL); break; } return TPM_RC_SUCCESS; } #endif // CC_HierarchyChangeAuthgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/HierarchyControl.c000066400000000000000000000133051510276467000317540ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "HierarchyControl_fp.h" #if CC_HierarchyControl // Conditional expansion of this file /*(See part 3 specification) // Enable or disable use of a hierarchy */ // Return Type: TPM_RC // TPM_RC_AUTH_TYPE 'authHandle' is not applicable to 'hierarchy' in its // current state TPM_RC TPM2_HierarchyControl( HierarchyControl_In *in // IN: input parameter list ) { BOOL select = (in->state == YES); BOOL *selected = NULL; // Input Validation switch(in->enable) { // Platform hierarchy has to be disabled by PlatformAuth // If the platform hierarchy has already been disabled, only a reboot // can enable it again case TPM_RH_PLATFORM: case TPM_RH_PLATFORM_NV: if(in->authHandle != TPM_RH_PLATFORM) return TPM_RC_AUTH_TYPE; break; // ShEnable may be disabled if PlatformAuth/PlatformPolicy or // OwnerAuth/OwnerPolicy is provided. If ShEnable is disabled, then it // may only be enabled if PlatformAuth/PlatformPolicy is provided. case TPM_RH_OWNER: if(in->authHandle != TPM_RH_PLATFORM && in->authHandle != TPM_RH_OWNER) return TPM_RC_AUTH_TYPE; if(gc.shEnable == FALSE && in->state == YES && in->authHandle != TPM_RH_PLATFORM) return TPM_RC_AUTH_TYPE; break; // EhEnable may be disabled if either PlatformAuth/PlatformPolicy or // EndosementAuth/EndorsementPolicy is provided. If EhEnable is disabled, // then it may only be enabled if PlatformAuth/PlatformPolicy is // provided. case TPM_RH_ENDORSEMENT: if(in->authHandle != TPM_RH_PLATFORM && in->authHandle != TPM_RH_ENDORSEMENT) return TPM_RC_AUTH_TYPE; if(gc.ehEnable == FALSE && in->state == YES && in->authHandle != TPM_RH_PLATFORM) return TPM_RC_AUTH_TYPE; break; default: FAIL(FATAL_ERROR_INTERNAL); break; } // Internal Data Update // Enable or disable the selected hierarchy // Note: the authorization processing for this command may keep these // command actions from being executed. For example, if phEnable is // CLEAR, then platformAuth cannot be used for authorization. This // means that would not be possible to use platformAuth to change the // state of phEnable from CLEAR to SET. // If it is decided that platformPolicy can still be used when phEnable // is CLEAR, then this code could SET phEnable when proper platform // policy is provided. switch(in->enable) { case TPM_RH_OWNER: selected = &gc.shEnable; break; case TPM_RH_ENDORSEMENT: selected = &gc.ehEnable; break; case TPM_RH_PLATFORM: selected = &g_phEnable; break; case TPM_RH_PLATFORM_NV: selected = &gc.phEnableNV; break; default: FAIL(FATAL_ERROR_INTERNAL); break; } if(selected != NULL && *selected != select) { // Before changing the internal state, make sure that NV is available. // Only need to update NV if changing the orderly state RETURN_IF_ORDERLY; // state is changing and NV is available so modify *selected = select; // If a hierarchy was just disabled, flush it if(select == CLEAR && in->enable != TPM_RH_PLATFORM_NV) // Flush hierarchy ObjectFlushHierarchy(in->enable); // orderly state should be cleared because of the update to state clear data // This gets processed in ExecuteCommand() on the way out. g_clearOrderly = TRUE; } return TPM_RC_SUCCESS; } #endif // CC_HierarchyControlgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Hierarchy/SetPrimaryPolicy.c000066400000000000000000000076151510276467000317630ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "SetPrimaryPolicy_fp.h" #if CC_SetPrimaryPolicy // Conditional expansion of this file /*(See part 3 specification) // Set a hierarchy policy */ // Return Type: TPM_RC // TPM_RC_SIZE size of input authPolicy is not consistent with // input hash algorithm TPM_RC TPM2_SetPrimaryPolicy( SetPrimaryPolicy_In *in // IN: input parameter list ) { // Input Validation // Check the authPolicy consistent with hash algorithm. If the policy size is // zero, then the algorithm is required to be TPM_ALG_NULL if(in->authPolicy.t.size != CryptHashGetDigestSize(in->hashAlg)) return TPM_RCS_SIZE + RC_SetPrimaryPolicy_authPolicy; // The command need NV update for OWNER and ENDORSEMENT hierarchy, and // might need orderlyState update for PLATFROM hierarchy. // Check if NV is available. A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE // error may be returned at this point RETURN_IF_NV_IS_NOT_AVAILABLE; // Internal Data Update // Set hierarchy policy switch(in->authHandle) { case TPM_RH_OWNER: gp.ownerAlg = in->hashAlg; gp.ownerPolicy = in->authPolicy; NV_SYNC_PERSISTENT(ownerAlg); NV_SYNC_PERSISTENT(ownerPolicy); break; case TPM_RH_ENDORSEMENT: gp.endorsementAlg = in->hashAlg; gp.endorsementPolicy = in->authPolicy; NV_SYNC_PERSISTENT(endorsementAlg); NV_SYNC_PERSISTENT(endorsementPolicy); break; case TPM_RH_PLATFORM: gc.platformAlg = in->hashAlg; gc.platformPolicy = in->authPolicy; // need to update orderly state g_clearOrderly = TRUE; break; case TPM_RH_LOCKOUT: gp.lockoutAlg = in->hashAlg; gp.lockoutPolicy = in->authPolicy; NV_SYNC_PERSISTENT(lockoutAlg); NV_SYNC_PERSISTENT(lockoutPolicy); break; default: FAIL(FATAL_ERROR_INTERNAL); break; } return TPM_RC_SUCCESS; } #endif // CC_SetPrimaryPolicygo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Misc/000077500000000000000000000000001510276467000253045ustar00rootroot00000000000000go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Misc/PP_Commands.c000066400000000000000000000063771510276467000276250ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "PP_Commands_fp.h" #if CC_PP_Commands // Conditional expansion of this file /*(See part 3 specification) // This command is used to determine which commands require assertion of // Physical Presence in addition to platformAuth/platformPolicy. */ TPM_RC TPM2_PP_Commands( PP_Commands_In *in // IN: input parameter list ) { UINT32 i; // The command needs NV update. Check if NV is available. // A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may be returned at // this point RETURN_IF_NV_IS_NOT_AVAILABLE; // Internal Data Update // Process set list for(i = 0; i < in->setList.count; i++) // If command is implemented, set it as PP required. If the input // command is not a PP command, it will be ignored at // PhysicalPresenceCommandSet(). // Note: PhysicalPresenceCommandSet() checks if the command is implemented. PhysicalPresenceCommandSet(in->setList.commandCodes[i]); // Process clear list for(i = 0; i < in->clearList.count; i++) // If command is implemented, clear it as PP required. If the input // command is not a PP command, it will be ignored at // PhysicalPresenceCommandClear(). If the input command is // TPM2_PP_Commands, it will be ignored as well PhysicalPresenceCommandClear(in->clearList.commandCodes[i]); // Save the change of PP list NV_SYNC_PERSISTENT(ppList); return TPM_RC_SUCCESS; } #endif // CC_PP_Commandsgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Misc/SetAlgorithmSet.c000066400000000000000000000047141510276467000305340ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "SetAlgorithmSet_fp.h" #if CC_SetAlgorithmSet // Conditional expansion of this file /*(See part 3 specification) // This command allows the platform to change the algorithm set setting of the TPM */ TPM_RC TPM2_SetAlgorithmSet( SetAlgorithmSet_In *in // IN: input parameter list ) { // The command needs NV update. Check if NV is available. // A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may be returned at // this point RETURN_IF_NV_IS_NOT_AVAILABLE; // Internal Data Update gp.algorithmSet = in->algorithmSet; // Write the algorithm set changes to NV NV_SYNC_PERSISTENT(algorithmSet); return TPM_RC_SUCCESS; } #endif // CC_SetAlgorithmSetgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/000077500000000000000000000000001510276467000262615ustar00rootroot00000000000000go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Certify.c000066400000000000000000000144271510276467000304450ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "Attest_spt_fp.h" #include "NV_Certify_fp.h" #if CC_NV_Certify // Conditional expansion of this file /*(See part 3 specification) // certify the contents of an NV index or portion of an NV index */ // Return Type: TPM_RC // TPM_RC_NV_AUTHORIZATION the authorization was valid but the // authorizing entity ('authHandle') // is not allowed to read from the Index // referenced by 'nvIndex' // TPM_RC_KEY 'signHandle' does not reference a signing // key // TPM_RC_NV_LOCKED Index referenced by 'nvIndex' is locked // for reading // TPM_RC_NV_RANGE 'offset' plus 'size' extends outside of the // data range of the Index referenced by // 'nvIndex' // TPM_RC_NV_UNINITIALIZED Index referenced by 'nvIndex' has not been // written // TPM_RC_SCHEME 'inScheme' is not an allowed value for the // key definition TPM_RC TPM2_NV_Certify( NV_Certify_In *in, // IN: input parameter list NV_Certify_Out *out // OUT: output parameter list ) { TPM_RC result; NV_REF locator; NV_INDEX *nvIndex = NvGetIndexInfo(in->nvIndex, &locator); TPMS_ATTEST certifyInfo; OBJECT *signObject = HandleToObject(in->signHandle); // Input Validation if(!IsSigningObject(signObject)) return TPM_RCS_KEY + RC_NV_Certify_signHandle; if(!CryptSelectSignScheme(signObject, &in->inScheme)) return TPM_RCS_SCHEME + RC_NV_Certify_inScheme; // Common access checks, NvWriteAccessCheck() may return TPM_RC_NV_AUTHORIZATION // or TPM_RC_NV_LOCKED result = NvReadAccessChecks(in->authHandle, in->nvIndex, nvIndex->publicArea.attributes); if(result != TPM_RC_SUCCESS) return result; // make sure that the selection is within the range of the Index (cast to avoid // any wrap issues with addition) if((UINT32)in->size + (UINT32)in->offset > (UINT32)nvIndex->publicArea.dataSize) return TPM_RC_NV_RANGE; // Make sure the data will fit the return buffer. // NOTE: This check may be modified if the output buffer will not hold the // maximum sized NV buffer as part of the certified data. The difference in // size could be substantial if the signature scheme was produced a large // signature (e.g., RSA 4096). if(in->size > MAX_NV_BUFFER_SIZE) return TPM_RCS_VALUE + RC_NV_Certify_size; // Command Output // Fill in attest information common fields FillInAttestInfo(in->signHandle, &in->inScheme, &in->qualifyingData, &certifyInfo); // Get the name of the index NvGetIndexName(nvIndex, &certifyInfo.attested.nv.indexName); // See if this is old format or new format if ((in->size != 0) || (in->offset != 0)) { // NV certify specific fields // Attestation type certifyInfo.type = TPM_ST_ATTEST_NV; // Set the return size certifyInfo.attested.nv.nvContents.t.size = in->size; // Set the offset certifyInfo.attested.nv.offset = in->offset; // Perform the read NvGetIndexData(nvIndex, locator, in->offset, in->size, certifyInfo.attested.nv.nvContents.t.buffer); } else { HASH_STATE hashState; // This is to sign a digest of the data certifyInfo.type = TPM_ST_ATTEST_NV_DIGEST; // Initialize the hash before calling the function to add the Index data to // the hash. certifyInfo.attested.nvDigest.nvDigest.t.size = CryptHashStart(&hashState, in->inScheme.details.any.hashAlg); NvHashIndexData(&hashState, nvIndex, locator, 0, nvIndex->publicArea.dataSize); CryptHashEnd2B(&hashState, &certifyInfo.attested.nvDigest.nvDigest.b); } // Sign attestation structure. A NULL signature will be returned if // signObject is NULL. return SignAttestInfo(signObject, &in->inScheme, &certifyInfo, &in->qualifyingData, &out->certifyInfo, &out->signature); } #endif // CC_NV_Certifygo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_ChangeAuth.c000066400000000000000000000054421510276467000310440ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "NV_ChangeAuth_fp.h" #if CC_NV_ChangeAuth // Conditional expansion of this file /*(See part 3 specification) // change authorization value of a NV index */ // Return Type: TPM_RC // TPM_RC_SIZE 'newAuth' size is larger than the digest // size of the Name algorithm for the Index // referenced by 'nvIndex TPM_RC TPM2_NV_ChangeAuth( NV_ChangeAuth_In *in // IN: input parameter list ) { NV_REF locator; NV_INDEX *nvIndex = NvGetIndexInfo(in->nvIndex, &locator); // Input Validation // Remove trailing zeros and make sure that the result is not larger than the // digest of the nameAlg. if(MemoryRemoveTrailingZeros(&in->newAuth) > CryptHashGetDigestSize(nvIndex->publicArea.nameAlg)) return TPM_RCS_SIZE + RC_NV_ChangeAuth_newAuth; // Internal Data Update // Change authValue return NvWriteIndexAuth(locator, &in->newAuth); } #endif // CC_NV_ChangeAuthgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_DefineSpace.c000066400000000000000000000236731510276467000312110ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "NV_DefineSpace_fp.h" #if CC_NV_DefineSpace // Conditional expansion of this file /*(See part 3 specification) // Define a NV index space */ // Return Type: TPM_RC // TPM_RC_HIERARCHY for authorizations using TPM_RH_PLATFORM // phEnable_NV is clear preventing access to NV // data in the platform hierarchy. // TPM_RC_ATTRIBUTES attributes of the index are not consistent // TPM_RC_NV_DEFINED index already exists // TPM_RC_NV_SPACE insufficient space for the index // TPM_RC_SIZE 'auth->size' or 'publicInfo->authPolicy.size' is // larger than the digest size of // 'publicInfo->nameAlg'; or 'publicInfo->dataSize' // is not consistent with 'publicInfo->attributes' // (this includes the case when the index is // larger than a MAX_NV_BUFFER_SIZE but the // TPMA_NV_WRITEALL attribute is SET) TPM_RC TPM2_NV_DefineSpace( NV_DefineSpace_In *in // IN: input parameter list ) { TPMA_NV attributes = in->publicInfo.nvPublic.attributes; UINT16 nameSize; nameSize = CryptHashGetDigestSize(in->publicInfo.nvPublic.nameAlg); // Input Validation // Checks not specific to type // If the UndefineSpaceSpecial command is not implemented, then can't have // an index that can only be deleted with policy #if CC_NV_UndefineSpaceSpecial == NO if(IS_ATTRIBUTE(attributes, TPMA_NV, POLICY_DELETE)) return TPM_RCS_ATTRIBUTES + RC_NV_DefineSpace_publicInfo; #endif // check that the authPolicy consistent with hash algorithm if(in->publicInfo.nvPublic.authPolicy.t.size != 0 && in->publicInfo.nvPublic.authPolicy.t.size != nameSize) return TPM_RCS_SIZE + RC_NV_DefineSpace_publicInfo; // make sure that the authValue is not too large if(MemoryRemoveTrailingZeros(&in->auth) > CryptHashGetDigestSize(in->publicInfo.nvPublic.nameAlg)) return TPM_RCS_SIZE + RC_NV_DefineSpace_auth; // If an index is being created by the owner and shEnable is // clear, then we would not reach this point because ownerAuth // can't be given when shEnable is CLEAR. However, if phEnable // is SET but phEnableNV is CLEAR, we have to check here if(in->authHandle == TPM_RH_PLATFORM && gc.phEnableNV == CLEAR) return TPM_RCS_HIERARCHY + RC_NV_DefineSpace_authHandle; // Attribute checks // Eliminate the unsupported types switch(GET_TPM_NT(attributes)) { #if CC_NV_Increment == YES case TPM_NT_COUNTER: #endif #if CC_NV_SetBits == YES case TPM_NT_BITS: #endif #if CC_NV_Extend == YES case TPM_NT_EXTEND: #endif #if CC_PolicySecret == YES && defined TPM_NT_PIN_PASS case TPM_NT_PIN_PASS: case TPM_NT_PIN_FAIL: #endif case TPM_NT_ORDINARY: break; default: return TPM_RCS_ATTRIBUTES + RC_NV_DefineSpace_publicInfo; break; } // Check that the sizes are OK based on the type switch(GET_TPM_NT(attributes)) { case TPM_NT_ORDINARY: // Can't exceed the allowed size for the implementation if(in->publicInfo.nvPublic.dataSize > MAX_NV_INDEX_SIZE) return TPM_RCS_SIZE + RC_NV_DefineSpace_publicInfo; break; case TPM_NT_EXTEND: if(in->publicInfo.nvPublic.dataSize != nameSize) return TPM_RCS_SIZE + RC_NV_DefineSpace_publicInfo; break; default: // Everything else needs a size of 8 if(in->publicInfo.nvPublic.dataSize != 8) return TPM_RCS_SIZE + RC_NV_DefineSpace_publicInfo; break; } // Handle other specifics switch(GET_TPM_NT(attributes)) { case TPM_NT_COUNTER: // Counter can't have TPMA_NV_CLEAR_STCLEAR SET (don't clear counters) if(IS_ATTRIBUTE(attributes, TPMA_NV, CLEAR_STCLEAR)) return TPM_RCS_ATTRIBUTES + RC_NV_DefineSpace_publicInfo; break; #ifdef TPM_NT_PIN_FAIL case TPM_NT_PIN_FAIL: // NV_NO_DA must be SET and AUTHWRITE must be CLEAR // NOTE: As with a PIN_PASS index, the authValue of the index is not // available until the index is written. If AUTHWRITE is the only way to // write then index, it could never be written. Rather than go through // all of the other possible ways to write the Index, it is simply // prohibited to write the index with the authValue. Other checks // below will insure that there seems to be a way to write the index // (i.e., with platform authorization , owner authorization, // or with policyAuth.) // It is not allowed to create a PIN Index that can't be modified. if(!IS_ATTRIBUTE(attributes, TPMA_NV, NO_DA)) return TPM_RCS_ATTRIBUTES + RC_NV_DefineSpace_publicInfo; #endif #ifdef TPM_NT_PIN_PASS case TPM_NT_PIN_PASS: // AUTHWRITE must be CLEAR (see note above to TPM_NT_PIN_FAIL) if(IS_ATTRIBUTE(attributes, TPMA_NV, AUTHWRITE) || IS_ATTRIBUTE(attributes, TPMA_NV, GLOBALLOCK) || IS_ATTRIBUTE(attributes, TPMA_NV, WRITEDEFINE)) return TPM_RCS_ATTRIBUTES + RC_NV_DefineSpace_publicInfo; #endif // this comes before break because PIN_FAIL falls through break; default: break; } // Locks may not be SET and written cannot be SET if(IS_ATTRIBUTE(attributes, TPMA_NV, WRITTEN) || IS_ATTRIBUTE(attributes, TPMA_NV, WRITELOCKED) || IS_ATTRIBUTE(attributes, TPMA_NV, READLOCKED)) return TPM_RCS_ATTRIBUTES + RC_NV_DefineSpace_publicInfo; // There must be a way to read the index. if(!IS_ATTRIBUTE(attributes, TPMA_NV, OWNERREAD) && !IS_ATTRIBUTE(attributes, TPMA_NV, PPREAD) && !IS_ATTRIBUTE(attributes, TPMA_NV, AUTHREAD) && !IS_ATTRIBUTE(attributes, TPMA_NV, POLICYREAD)) return TPM_RCS_ATTRIBUTES + RC_NV_DefineSpace_publicInfo; // There must be a way to write the index if(!IS_ATTRIBUTE(attributes, TPMA_NV, OWNERWRITE) && !IS_ATTRIBUTE(attributes, TPMA_NV, PPWRITE) && !IS_ATTRIBUTE(attributes, TPMA_NV, AUTHWRITE) && !IS_ATTRIBUTE(attributes, TPMA_NV, POLICYWRITE)) return TPM_RCS_ATTRIBUTES + RC_NV_DefineSpace_publicInfo; // An index with TPMA_NV_CLEAR_STCLEAR can't have TPMA_NV_WRITEDEFINE SET if(IS_ATTRIBUTE(attributes, TPMA_NV, CLEAR_STCLEAR) && IS_ATTRIBUTE(attributes, TPMA_NV, WRITEDEFINE)) return TPM_RCS_ATTRIBUTES + RC_NV_DefineSpace_publicInfo; // Make sure that the creator of the index can delete the index if((IS_ATTRIBUTE(attributes, TPMA_NV, PLATFORMCREATE) && in->authHandle == TPM_RH_OWNER) || (!IS_ATTRIBUTE(attributes, TPMA_NV, PLATFORMCREATE) && in->authHandle == TPM_RH_PLATFORM)) return TPM_RCS_ATTRIBUTES + RC_NV_DefineSpace_authHandle; // If TPMA_NV_POLICY_DELETE is SET, then the index must be defined by // the platform if(IS_ATTRIBUTE(attributes, TPMA_NV, POLICY_DELETE) && TPM_RH_PLATFORM != in->authHandle) return TPM_RCS_ATTRIBUTES + RC_NV_DefineSpace_publicInfo; // Make sure that the TPMA_NV_WRITEALL is not set if the index size is larger // than the allowed NV buffer size. if(in->publicInfo.nvPublic.dataSize > MAX_NV_BUFFER_SIZE && IS_ATTRIBUTE(attributes, TPMA_NV, WRITEALL)) return TPM_RCS_SIZE + RC_NV_DefineSpace_publicInfo; // And finally, see if the index is already defined. if(NvIndexIsDefined(in->publicInfo.nvPublic.nvIndex)) return TPM_RC_NV_DEFINED; // Internal Data Update // define the space. A TPM_RC_NV_SPACE error may be returned at this point return NvDefineIndex(&in->publicInfo.nvPublic, &in->auth); } #endif // CC_NV_DefineSpacego-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Extend.c000066400000000000000000000105301510276467000302560ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "NV_Extend_fp.h" #if CC_NV_Extend // Conditional expansion of this file /*(See part 3 specification) // Write to a NV index */ // Return Type: TPM_RC // TPM_RC_ATTRIBUTES the TPMA_NV_EXTEND attribute is not SET in // the Index referenced by 'nvIndex' // TPM_RC_NV_AUTHORIZATION the authorization was valid but the // authorizing entity ('authHandle') // is not allowed to write to the Index // referenced by 'nvIndex' // TPM_RC_NV_LOCKED the Index referenced by 'nvIndex' is locked // for writing TPM_RC TPM2_NV_Extend( NV_Extend_In *in // IN: input parameter list ) { TPM_RC result; NV_REF locator; NV_INDEX *nvIndex = NvGetIndexInfo(in->nvIndex, &locator); TPM2B_DIGEST oldDigest; TPM2B_DIGEST newDigest; HASH_STATE hashState; // Input Validation // Common access checks, NvWriteAccessCheck() may return TPM_RC_NV_AUTHORIZATION // or TPM_RC_NV_LOCKED result = NvWriteAccessChecks(in->authHandle, in->nvIndex, nvIndex->publicArea.attributes); if(result != TPM_RC_SUCCESS) return result; // Make sure that this is an extend index if(!IsNvExtendIndex(nvIndex->publicArea.attributes)) return TPM_RCS_ATTRIBUTES + RC_NV_Extend_nvIndex; // Internal Data Update // Perform the write. oldDigest.t.size = CryptHashGetDigestSize(nvIndex->publicArea.nameAlg); pAssert(oldDigest.t.size <= sizeof(oldDigest.t.buffer)); if(IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, WRITTEN)) { NvGetIndexData(nvIndex, locator, 0, oldDigest.t.size, oldDigest.t.buffer); } else { MemorySet(oldDigest.t.buffer, 0, oldDigest.t.size); } // Start hash newDigest.t.size = CryptHashStart(&hashState, nvIndex->publicArea.nameAlg); // Adding old digest CryptDigestUpdate2B(&hashState, &oldDigest.b); // Adding new data CryptDigestUpdate2B(&hashState, &in->data.b); // Complete hash CryptHashEnd2B(&hashState, &newDigest.b); // Write extended hash back. // Note, this routine will SET the TPMA_NV_WRITTEN attribute if necessary return NvWriteIndexData(nvIndex, 0, newDigest.t.size, newDigest.t.buffer); } #endif // CC_NV_Extendgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_GlobalWriteLock.c000066400000000000000000000044431510276467000320610ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "NV_GlobalWriteLock_fp.h" #if CC_NV_GlobalWriteLock // Conditional expansion of this file /*(See part 3 specification) // Set global write lock for NV index */ TPM_RC TPM2_NV_GlobalWriteLock( NV_GlobalWriteLock_In *in // IN: input parameter list ) { // Input parameter (the authorization handle) is not reference in command action. NOT_REFERENCED(in); // Internal Data Update // Implementation dependent method of setting the global lock return NvSetGlobalLock(); } #endif // CC_NV_GlobalWriteLockgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Increment.c000066400000000000000000000100501510276467000307500ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "NV_Increment_fp.h" #if CC_NV_Increment // Conditional expansion of this file /*(See part 3 specification) // Increment a NV counter */ // Return Type: TPM_RC // TPM_RC_ATTRIBUTES NV index is not a counter // TPM_RC_NV_AUTHORIZATION authorization failure // TPM_RC_NV_LOCKED Index is write locked TPM_RC TPM2_NV_Increment( NV_Increment_In *in // IN: input parameter list ) { TPM_RC result; NV_REF locator; NV_INDEX *nvIndex = NvGetIndexInfo(in->nvIndex, &locator); UINT64 countValue; // Input Validation // Common access checks, NvWriteAccessCheck() may return TPM_RC_NV_AUTHORIZATION // or TPM_RC_NV_LOCKED result = NvWriteAccessChecks(in->authHandle, in->nvIndex, nvIndex->publicArea.attributes); if(result != TPM_RC_SUCCESS) return result; // Make sure that this is a counter if(!IsNvCounterIndex(nvIndex->publicArea.attributes)) return TPM_RCS_ATTRIBUTES + RC_NV_Increment_nvIndex; // Internal Data Update // If counter index is not been written, initialize it if(!IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, WRITTEN)) countValue = NvReadMaxCount(); else // Read NV data in native format for TPM CPU. countValue = NvGetUINT64Data(nvIndex, locator); // Do the increment countValue++; // Write NV data back. A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may // be returned at this point. If necessary, this function will set the // TPMA_NV_WRITTEN attribute result = NvWriteUINT64Data(nvIndex, countValue); if(result == TPM_RC_SUCCESS) { // If a counter just rolled over, then force the NV update. // Note, if this is an orderly counter, then the write-back needs to be // forced, for other counters, the write-back will happen anyway if(IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, ORDERLY) && (countValue & MAX_ORDERLY_COUNT) == 0 ) { // Need to force an NV update of orderly data SET_NV_UPDATE(UT_ORDERLY); } } return result; } #endif // CC_NV_Incrementgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Read.c000066400000000000000000000102101510276467000276750ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "NV_Read_fp.h" #if CC_NV_Read // Conditional expansion of this file /*(See part 3 specification) // Read of an NV index */ // Return Type: TPM_RC // TPM_RC_NV_AUTHORIZATION the authorization was valid but the // authorizing entity ('authHandle') // is not allowed to read from the Index // referenced by 'nvIndex' // TPM_RC_NV_LOCKED the Index referenced by 'nvIndex' is // read locked // TPM_RC_NV_RANGE read range defined by 'size' and 'offset' // is outside the range of the Index referenced // by 'nvIndex' // TPM_RC_NV_UNINITIALIZED the Index referenced by 'nvIndex' has // not been initialized (written) // TPM_RC_VALUE the read size is larger than the // MAX_NV_BUFFER_SIZE TPM_RC TPM2_NV_Read( NV_Read_In *in, // IN: input parameter list NV_Read_Out *out // OUT: output parameter list ) { NV_REF locator; NV_INDEX *nvIndex = NvGetIndexInfo(in->nvIndex, &locator); TPM_RC result; // Input Validation // Common read access checks. NvReadAccessChecks() may return // TPM_RC_NV_AUTHORIZATION, TPM_RC_NV_LOCKED, or TPM_RC_NV_UNINITIALIZED result = NvReadAccessChecks(in->authHandle, in->nvIndex, nvIndex->publicArea.attributes); if(result != TPM_RC_SUCCESS) return result; // Make sure the data will fit the return buffer if(in->size > MAX_NV_BUFFER_SIZE) return TPM_RCS_VALUE + RC_NV_Read_size; // Verify that the offset is not too large if(in->offset > nvIndex->publicArea.dataSize) return TPM_RCS_VALUE + RC_NV_Read_offset; // Make sure that the selection is within the range of the Index if(in->size > (nvIndex->publicArea.dataSize - in->offset)) return TPM_RC_NV_RANGE; // Command Output // Set the return size out->data.t.size = in->size; // Perform the read NvGetIndexData(nvIndex, locator, in->offset, in->size, out->data.t.buffer); return TPM_RC_SUCCESS; } #endif // CC_NV_Readgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_ReadLock.c000066400000000000000000000100071510276467000305120ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "NV_ReadLock_fp.h" #if CC_NV_ReadLock // Conditional expansion of this file /*(See part 3 specification) // Set read lock on a NV index */ // Return Type: TPM_RC // TPM_RC_ATTRIBUTES TPMA_NV_READ_STCLEAR is not SET so // Index referenced by 'nvIndex' may not be // write locked // TPM_RC_NV_AUTHORIZATION the authorization was valid but the // authorizing entity ('authHandle') // is not allowed to read from the Index // referenced by 'nvIndex' TPM_RC TPM2_NV_ReadLock( NV_ReadLock_In *in // IN: input parameter list ) { TPM_RC result; NV_REF locator; // The referenced index has been checked multiple times before this is called // so it must be present and will be loaded into cache NV_INDEX *nvIndex = NvGetIndexInfo(in->nvIndex, &locator); TPMA_NV nvAttributes = nvIndex->publicArea.attributes; // Input Validation // Common read access checks. NvReadAccessChecks() may return // TPM_RC_NV_AUTHORIZATION, TPM_RC_NV_LOCKED, or TPM_RC_NV_UNINITIALIZED result = NvReadAccessChecks(in->authHandle, in->nvIndex, nvAttributes); if(result == TPM_RC_NV_AUTHORIZATION) return TPM_RC_NV_AUTHORIZATION; // Index is already locked for write else if(result == TPM_RC_NV_LOCKED) return TPM_RC_SUCCESS; // If NvReadAccessChecks return TPM_RC_NV_UNINITALIZED, then continue. // It is not an error to read lock an uninitialized Index. // if TPMA_NV_READ_STCLEAR is not set, the index can not be read-locked if(!IS_ATTRIBUTE(nvAttributes, TPMA_NV, READ_STCLEAR)) return TPM_RCS_ATTRIBUTES + RC_NV_ReadLock_nvIndex; // Internal Data Update // Set the READLOCK attribute SET_ATTRIBUTE(nvAttributes, TPMA_NV, READLOCKED); // Write NV info back return NvWriteIndexAttributes(nvIndex->publicArea.nvIndex, locator, nvAttributes); } #endif // CC_NV_ReadLockgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_ReadPublic.c000066400000000000000000000046041510276467000310460ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "NV_ReadPublic_fp.h" #if CC_NV_ReadPublic // Conditional expansion of this file /*(See part 3 specification) // Read the public information of a NV index */ TPM_RC TPM2_NV_ReadPublic( NV_ReadPublic_In *in, // IN: input parameter list NV_ReadPublic_Out *out // OUT: output parameter list ) { NV_INDEX *nvIndex = NvGetIndexInfo(in->nvIndex, NULL); // Command Output // Copy index public data to output out->nvPublic.nvPublic = nvIndex->publicArea; // Compute NV name NvGetIndexName(nvIndex, &out->nvName); return TPM_RC_SUCCESS; } #endif // CC_NV_ReadPublicgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_SetBits.c000066400000000000000000000073261510276467000304150ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "NV_SetBits_fp.h" #if CC_NV_SetBits // Conditional expansion of this file /*(See part 3 specification) // Set bits in a NV index */ // Return Type: TPM_RC // TPM_RC_ATTRIBUTES the TPMA_NV_BITS attribute is not SET in the // Index referenced by 'nvIndex' // TPM_RC_NV_AUTHORIZATION the authorization was valid but the // authorizing entity ('authHandle') // is not allowed to write to the Index // referenced by 'nvIndex' // TPM_RC_NV_LOCKED the Index referenced by 'nvIndex' is locked // for writing TPM_RC TPM2_NV_SetBits( NV_SetBits_In *in // IN: input parameter list ) { TPM_RC result; NV_REF locator; NV_INDEX *nvIndex = NvGetIndexInfo(in->nvIndex, &locator); UINT64 oldValue; UINT64 newValue; // Input Validation // Common access checks, NvWriteAccessCheck() may return TPM_RC_NV_AUTHORIZATION // or TPM_RC_NV_LOCKED result = NvWriteAccessChecks(in->authHandle, in->nvIndex, nvIndex->publicArea.attributes); if(result != TPM_RC_SUCCESS) return result; // Make sure that this is a bit field if(!IsNvBitsIndex(nvIndex->publicArea.attributes)) return TPM_RCS_ATTRIBUTES + RC_NV_SetBits_nvIndex; // If index is not been written, initialize it if(!IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, WRITTEN)) oldValue = 0; else // Read index data oldValue = NvGetUINT64Data(nvIndex, locator); // Figure out what the new value is going to be newValue = oldValue | in->bits; // Internal Data Update return NvWriteUINT64Data(nvIndex, newValue); } #endif // CC_NV_SetBitsgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_UndefineSpace.c000066400000000000000000000065171510276467000315520ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "NV_UndefineSpace_fp.h" #if CC_NV_UndefineSpace // Conditional expansion of this file /*(See part 3 specification) // Delete an NV Index */ // Return Type: TPM_RC // TPM_RC_ATTRIBUTES TPMA_NV_POLICY_DELETE is SET in the Index // referenced by 'nvIndex' so this command may // not be used to delete this Index (see // TPM2_NV_UndefineSpaceSpecial()) // TPM_RC_NV_AUTHORIZATION attempt to use ownerAuth to delete an index // created by the platform // TPM_RC TPM2_NV_UndefineSpace( NV_UndefineSpace_In *in // IN: input parameter list ) { NV_REF locator; NV_INDEX *nvIndex = NvGetIndexInfo(in->nvIndex, &locator); // Input Validation // This command can't be used to delete an index with TPMA_NV_POLICY_DELETE SET if(IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, POLICY_DELETE)) return TPM_RCS_ATTRIBUTES + RC_NV_UndefineSpace_nvIndex; // The owner may only delete an index that was defined with ownerAuth. The // platform may delete an index that was created with either authorization. if(in->authHandle == TPM_RH_OWNER && IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, PLATFORMCREATE)) return TPM_RC_NV_AUTHORIZATION; // Internal Data Update // Call implementation dependent internal routine to delete NV index return NvDeleteIndex(nvIndex, locator); } #endif // CC_NV_UndefineSpaceNV_UndefineSpaceSpecial.c000066400000000000000000000062221510276467000327650ustar00rootroot00000000000000go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "NV_UndefineSpaceSpecial_fp.h" #include "SessionProcess_fp.h" #if CC_NV_UndefineSpaceSpecial // Conditional expansion of this file /*(See part 3 specification) // Delete a NV index that requires policy to delete. */ // Return Type: TPM_RC // TPM_RC_ATTRIBUTES TPMA_NV_POLICY_DELETE is not SET in the // Index referenced by 'nvIndex' TPM_RC TPM2_NV_UndefineSpaceSpecial( NV_UndefineSpaceSpecial_In *in // IN: input parameter list ) { TPM_RC result; NV_REF locator; NV_INDEX *nvIndex = NvGetIndexInfo(in->nvIndex, &locator); // Input Validation // This operation only applies when the TPMA_NV_POLICY_DELETE attribute is SET if(!IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, POLICY_DELETE)) return TPM_RCS_ATTRIBUTES + RC_NV_UndefineSpaceSpecial_nvIndex; // Internal Data Update // Call implementation dependent internal routine to delete NV index result = NvDeleteIndex(nvIndex, locator); // If we just removed the index providing the authorization, make sure that the // authorization session computation is modified so that it doesn't try to // access the authValue of the just deleted index if(result == TPM_RC_SUCCESS) SessionRemoveAssociationToHandle(in->nvIndex); return result; } #endif // CC_NV_UndefineSpaceSpecialgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_Write.c000066400000000000000000000114001510276467000301160ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "NV_Write_fp.h" #if CC_NV_Write // Conditional expansion of this file /*(See part 3 specification) // Write to a NV index */ // Return Type: TPM_RC // TPM_RC_ATTRIBUTES Index referenced by 'nvIndex' has either // TPMA_NV_BITS, TPMA_NV_COUNTER, or // TPMA_NV_EVENT attribute SET // TPM_RC_NV_AUTHORIZATION the authorization was valid but the // authorizing entity ('authHandle') // is not allowed to write to the Index // referenced by 'nvIndex' // TPM_RC_NV_LOCKED Index referenced by 'nvIndex' is write // locked // TPM_RC_NV_RANGE if TPMA_NV_WRITEALL is SET then the write // is not the size of the Index referenced by // 'nvIndex'; otherwise, the write extends // beyond the limits of the Index // TPM_RC TPM2_NV_Write( NV_Write_In *in // IN: input parameter list ) { NV_INDEX *nvIndex = NvGetIndexInfo(in->nvIndex, NULL); TPMA_NV attributes = nvIndex->publicArea.attributes; TPM_RC result; // Input Validation // Common access checks, NvWriteAccessCheck() may return TPM_RC_NV_AUTHORIZATION // or TPM_RC_NV_LOCKED result = NvWriteAccessChecks(in->authHandle, in->nvIndex, attributes); if(result != TPM_RC_SUCCESS) return result; // Bits index, extend index or counter index may not be updated by // TPM2_NV_Write if(IsNvCounterIndex(attributes) || IsNvBitsIndex(attributes) || IsNvExtendIndex(attributes)) return TPM_RC_ATTRIBUTES; // Make sure that the offset is not too large if(in->offset > nvIndex->publicArea.dataSize) return TPM_RCS_VALUE + RC_NV_Write_offset; // Make sure that the selection is within the range of the Index if(in->data.t.size > (nvIndex->publicArea.dataSize - in->offset)) return TPM_RC_NV_RANGE; // If this index requires a full sized write, make sure that input range is // full sized. // Note: if the requested size is the same as the Index data size, then offset // will have to be zero. Otherwise, the range check above would have failed. if(IS_ATTRIBUTE(attributes, TPMA_NV, WRITEALL) && in->data.t.size < nvIndex->publicArea.dataSize) return TPM_RC_NV_RANGE; // Internal Data Update // Perform the write. This called routine will SET the TPMA_NV_WRITTEN // attribute if it has not already been SET. If NV isn't available, an error // will be returned. return NvWriteIndexData(nvIndex, in->offset, in->data.t.size, in->data.t.buffer); } #endif // CC_NV_Writego-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_WriteLock.c000066400000000000000000000076521510276467000307450ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "NV_WriteLock_fp.h" #if CC_NV_WriteLock // Conditional expansion of this file /*(See part 3 specification) // Set write lock on a NV index */ // Return Type: TPM_RC // TPM_RC_ATTRIBUTES neither TPMA_NV_WRITEDEFINE nor // TPMA_NV_WRITE_STCLEAR is SET in Index // referenced by 'nvIndex' // TPM_RC_NV_AUTHORIZATION the authorization was valid but the // authorizing entity ('authHandle') // is not allowed to write to the Index // referenced by 'nvIndex' // TPM_RC TPM2_NV_WriteLock( NV_WriteLock_In *in // IN: input parameter list ) { TPM_RC result; NV_REF locator; NV_INDEX *nvIndex = NvGetIndexInfo(in->nvIndex, &locator); TPMA_NV nvAttributes = nvIndex->publicArea.attributes; // Input Validation: // Common access checks, NvWriteAccessCheck() may return TPM_RC_NV_AUTHORIZATION // or TPM_RC_NV_LOCKED result = NvWriteAccessChecks(in->authHandle, in->nvIndex, nvAttributes); if(result != TPM_RC_SUCCESS) { if(result == TPM_RC_NV_AUTHORIZATION) return result; // If write access failed because the index is already locked, then it is // no error. return TPM_RC_SUCCESS; } // if neither TPMA_NV_WRITEDEFINE nor TPMA_NV_WRITE_STCLEAR is set, the index // can not be write-locked if(!IS_ATTRIBUTE(nvAttributes, TPMA_NV, WRITEDEFINE) && !IS_ATTRIBUTE(nvAttributes, TPMA_NV, WRITE_STCLEAR)) return TPM_RCS_ATTRIBUTES + RC_NV_WriteLock_nvIndex; // Internal Data Update // Set the WRITELOCK attribute. // Note: if TPMA_NV_WRITELOCKED were already SET, then the write access check // above would have failed and this code isn't executed. SET_ATTRIBUTE(nvAttributes, TPMA_NV, WRITELOCKED); // Write index info back return NvWriteIndexAttributes(nvIndex->publicArea.nvIndex, locator, nvAttributes); } #endif // CC_NV_WriteLockgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/NVStorage/NV_spt.c000066400000000000000000000145001510276467000276360ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Includes #include "Tpm.h" #include "NV_spt_fp.h" //** Functions //*** NvReadAccessChecks() // Common routine for validating a read // Used by TPM2_NV_Read, TPM2_NV_ReadLock and TPM2_PolicyNV // Return Type: TPM_RC // TPM_RC_NV_AUTHORIZATION autHandle is not allowed to authorize read // of the index // TPM_RC_NV_LOCKED Read locked // TPM_RC_NV_UNINITIALIZED Try to read an uninitialized index // TPM_RC NvReadAccessChecks( TPM_HANDLE authHandle, // IN: the handle that provided the // authorization TPM_HANDLE nvHandle, // IN: the handle of the NV index to be read TPMA_NV attributes // IN: the attributes of 'nvHandle' ) { // If data is read locked, returns an error if(IS_ATTRIBUTE(attributes, TPMA_NV, READLOCKED)) return TPM_RC_NV_LOCKED; // If the authorization was provided by the owner or platform, then check // that the attributes allow the read. If the authorization handle // is the same as the index, then the checks were made when the authorization // was checked.. if(authHandle == TPM_RH_OWNER) { // If Owner provided authorization then ONWERWRITE must be SET if(!IS_ATTRIBUTE(attributes, TPMA_NV, OWNERREAD)) return TPM_RC_NV_AUTHORIZATION; } else if(authHandle == TPM_RH_PLATFORM) { // If Platform provided authorization then PPWRITE must be SET if(!IS_ATTRIBUTE(attributes, TPMA_NV, PPREAD)) return TPM_RC_NV_AUTHORIZATION; } // If neither Owner nor Platform provided authorization, make sure that it was // provided by this index. else if(authHandle != nvHandle) return TPM_RC_NV_AUTHORIZATION; // If the index has not been written, then the value cannot be read // NOTE: This has to come after other access checks to make sure that // the proper authorization is given to TPM2_NV_ReadLock() if(!IS_ATTRIBUTE(attributes, TPMA_NV, WRITTEN)) return TPM_RC_NV_UNINITIALIZED; return TPM_RC_SUCCESS; } //*** NvWriteAccessChecks() // Common routine for validating a write // Used by TPM2_NV_Write, TPM2_NV_Increment, TPM2_SetBits, and TPM2_NV_WriteLock // Return Type: TPM_RC // TPM_RC_NV_AUTHORIZATION Authorization fails // TPM_RC_NV_LOCKED Write locked // TPM_RC NvWriteAccessChecks( TPM_HANDLE authHandle, // IN: the handle that provided the // authorization TPM_HANDLE nvHandle, // IN: the handle of the NV index to be written TPMA_NV attributes // IN: the attributes of 'nvHandle' ) { // If data is write locked, returns an error if(IS_ATTRIBUTE(attributes, TPMA_NV, WRITELOCKED)) return TPM_RC_NV_LOCKED; // If the authorization was provided by the owner or platform, then check // that the attributes allow the write. If the authorization handle // is the same as the index, then the checks were made when the authorization // was checked.. if(authHandle == TPM_RH_OWNER) { // If Owner provided authorization then ONWERWRITE must be SET if(!IS_ATTRIBUTE(attributes, TPMA_NV, OWNERWRITE)) return TPM_RC_NV_AUTHORIZATION; } else if(authHandle == TPM_RH_PLATFORM) { // If Platform provided authorization then PPWRITE must be SET if(!IS_ATTRIBUTE(attributes, TPMA_NV, PPWRITE)) return TPM_RC_NV_AUTHORIZATION; } // If neither Owner nor Platform provided authorization, make sure that it was // provided by this index. else if(authHandle != nvHandle) return TPM_RC_NV_AUTHORIZATION; return TPM_RC_SUCCESS; } //*** NvClearOrderly() // This function is used to cause gp.orderlyState to be cleared to the // non-orderly state. TPM_RC NvClearOrderly( void ) { if(gp.orderlyState < SU_DA_USED_VALUE) RETURN_IF_NV_IS_NOT_AVAILABLE; g_clearOrderly = TRUE; return TPM_RC_SUCCESS; } //*** NvIsPinPassIndex() // Function to check to see if an NV index is a PIN Pass Index // Return Type: BOOL // TRUE(1) is pin pass // FALSE(0) is not pin pass BOOL NvIsPinPassIndex( TPM_HANDLE index // IN: Handle to check ) { if(HandleGetType(index) == TPM_HT_NV_INDEX) { NV_INDEX *nvIndex = NvGetIndexInfo(index, NULL); return IsNvPinPassIndex(nvIndex->publicArea.attributes); } return FALSE; } go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/000077500000000000000000000000001510276467000256175ustar00rootroot00000000000000go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/ActivateCredential.c000066400000000000000000000112551510276467000315220ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "ActivateCredential_fp.h" #if CC_ActivateCredential // Conditional expansion of this file #include "Object_spt_fp.h" /*(See part 3 specification) // Activate Credential with an object */ // Return Type: TPM_RC // TPM_RC_ATTRIBUTES 'keyHandle' does not reference a decryption key // TPM_RC_ECC_POINT 'secret' is invalid (when 'keyHandle' is an ECC key) // TPM_RC_INSUFFICIENT 'secret' is invalid (when 'keyHandle' is an ECC key) // TPM_RC_INTEGRITY 'credentialBlob' fails integrity test // TPM_RC_NO_RESULT 'secret' is invalid (when 'keyHandle' is an ECC key) // TPM_RC_SIZE 'secret' size is invalid or the 'credentialBlob' // does not unmarshal correctly // TPM_RC_TYPE 'keyHandle' does not reference an asymmetric key. // TPM_RC_VALUE 'secret' is invalid (when 'keyHandle' is an RSA key) TPM_RC TPM2_ActivateCredential( ActivateCredential_In *in, // IN: input parameter list ActivateCredential_Out *out // OUT: output parameter list ) { TPM_RC result = TPM_RC_SUCCESS; OBJECT *object; // decrypt key OBJECT *activateObject; // key associated with credential TPM2B_DATA data; // credential data // Input Validation // Get decrypt key pointer object = HandleToObject(in->keyHandle); // Get certificated object pointer activateObject = HandleToObject(in->activateHandle); // input decrypt key must be an asymmetric, restricted decryption key if(!CryptIsAsymAlgorithm(object->publicArea.type) || !IS_ATTRIBUTE(object->publicArea.objectAttributes, TPMA_OBJECT, decrypt) || !IS_ATTRIBUTE(object->publicArea.objectAttributes, TPMA_OBJECT, restricted)) return TPM_RCS_TYPE + RC_ActivateCredential_keyHandle; // Command output // Decrypt input credential data via asymmetric decryption. A // TPM_RC_VALUE, TPM_RC_KEY or unmarshal errors may be returned at this // point result = CryptSecretDecrypt(object, NULL, IDENTITY_STRING, &in->secret, &data); if(result != TPM_RC_SUCCESS) { if(result == TPM_RC_KEY) return TPM_RC_FAILURE; return RcSafeAddToResult(result, RC_ActivateCredential_secret); } // Retrieve secret data. A TPM_RC_INTEGRITY error or unmarshal // errors may be returned at this point result = CredentialToSecret(&in->credentialBlob.b, &activateObject->name.b, &data.b, object, &out->certInfo); if(result != TPM_RC_SUCCESS) return RcSafeAddToResult(result, RC_ActivateCredential_credentialBlob); return TPM_RC_SUCCESS; } #endif // CC_ActivateCredentialgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/Create.c000066400000000000000000000170621510276467000271740ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "Object_spt_fp.h" #include "Create_fp.h" #if CC_Create // Conditional expansion of this file /*(See part 3 specification) // Create a regular object */ // Return Type: TPM_RC // TPM_RC_ATTRIBUTES 'sensitiveDataOrigin' is CLEAR when 'sensitive.data' // is an Empty Buffer, or is SET when 'sensitive.data' is // not empty; // 'fixedTPM', 'fixedParent', or 'encryptedDuplication' // attributes are inconsistent between themselves or with // those of the parent object; // inconsistent 'restricted', 'decrypt' and 'sign' // attributes; // attempt to inject sensitive data for an asymmetric // key; // TPM_RC_HASH non-duplicable storage key and its parent have // different name algorithm // TPM_RC_KDF incorrect KDF specified for decrypting keyed hash // object // TPM_RC_KEY invalid key size values in an asymmetric key public // area or a provided symmetric key has a value that is // not allowed // TPM_RC_KEY_SIZE key size in public area for symmetric key differs from // the size in the sensitive creation area; may also be // returned if the TPM does not allow the key size to be // used for a Storage Key // TPM_RC_OBJECT_MEMORY a free slot is not available as scratch memory for // object creation // TPM_RC_RANGE the exponent value of an RSA key is not supported. // TPM_RC_SCHEME inconsistent attributes 'decrypt', 'sign', or // 'restricted' and key's scheme ID; or hash algorithm is // inconsistent with the scheme ID for keyed hash object // TPM_RC_SIZE size of public authPolicy or sensitive authValue does // not match digest size of the name algorithm // sensitive data size for the keyed hash object is // larger than is allowed for the scheme // TPM_RC_SYMMETRIC a storage key with no symmetric algorithm specified; // or non-storage key with symmetric algorithm different // from ALG_NULL // TPM_RC_TYPE unknown object type; // 'parentHandle' does not reference a restricted // decryption key in the storage hierarchy with both // public and sensitive portion loaded // TPM_RC_VALUE exponent is not prime or could not find a prime using // the provided parameters for an RSA key; // unsupported name algorithm for an ECC key // TPM_RC_OBJECT_MEMORY there is no free slot for the object TPM_RC TPM2_Create( Create_In *in, // IN: input parameter list Create_Out *out // OUT: output parameter list ) { TPM_RC result = TPM_RC_SUCCESS; OBJECT *parentObject; OBJECT *newObject; TPMT_PUBLIC *publicArea; // Input Validation parentObject = HandleToObject(in->parentHandle); pAssert(parentObject != NULL); // Does parent have the proper attributes? if(!ObjectIsParent(parentObject)) return TPM_RCS_TYPE + RC_Create_parentHandle; // Get a slot for the creation newObject = FindEmptyObjectSlot(NULL); if(newObject == NULL) return TPM_RC_OBJECT_MEMORY; // If the TPM2B_PUBLIC was passed as a structure, marshal it into is canonical // form for processing // to save typing. publicArea = &newObject->publicArea; // Copy the input structure to the allocated structure *publicArea = in->inPublic.publicArea; // Check attributes in input public area. CreateChecks() checks the things that // are unique to creation and then validates the attributes and values that are // common to create and load. result = CreateChecks(parentObject, publicArea, in->inSensitive.sensitive.data.t.size); if(result != TPM_RC_SUCCESS) return RcSafeAddToResult(result, RC_Create_inPublic); // Clean up the authValue if necessary if(!AdjustAuthSize(&in->inSensitive.sensitive.userAuth, publicArea->nameAlg)) return TPM_RCS_SIZE + RC_Create_inSensitive; // Command Output // Create the object using the default TPM random-number generator result = CryptCreateObject(newObject, &in->inSensitive.sensitive, NULL); if(result != TPM_RC_SUCCESS) return result; // Fill in creation data FillInCreationData(in->parentHandle, publicArea->nameAlg, &in->creationPCR, &in->outsideInfo, &out->creationData, &out->creationHash); // Compute creation ticket TicketComputeCreation(EntityGetHierarchy(in->parentHandle), &newObject->name, &out->creationHash, &out->creationTicket); // Prepare output private data from sensitive SensitiveToPrivate(&newObject->sensitive, &newObject->name, parentObject, publicArea->nameAlg, &out->outPrivate); // Finish by copying the remaining return values out->outPublic.publicArea = newObject->publicArea; return TPM_RC_SUCCESS; } #endif // CC_Creatego-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/CreateLoaded.c000066400000000000000000000255571510276467000303150ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "CreateLoaded_fp.h" #if CC_CreateLoaded // Conditional expansion of this file /*(See part 3 of specification) * Create and load any type of key, including a temporary key. * The input template is an marshaled public area rather than an unmarshaled one as * used in Create and CreatePrimary. This is so that the label and context that * could be in the template can be processed without changing the formats for the * calls to Create and CreatePrimary. */ // Return Type: TPM_RC // TPM_RC_ATTRIBUTES 'sensitiveDataOrigin' is CLEAR when 'sensitive.data' // is an Empty Buffer; // 'fixedTPM', 'fixedParent', or 'encryptedDuplication' // attributes are inconsistent between themselves or with // those of the parent object; // inconsistent 'restricted', 'decrypt' and 'sign' // attributes; // attempt to inject sensitive data for an asymmetric // key; // attempt to create a symmetric cipher key that is not // a decryption key // TPM_RC_KDF incorrect KDF specified for decrypting keyed hash // object // TPM_RC_KEY the value of a provided symmetric key is not allowed // TPM_RC_OBJECT_MEMORY there is no free slot for the object // TPM_RC_SCHEME inconsistent attributes 'decrypt', 'sign', // 'restricted' and key's scheme ID; or hash algorithm is // inconsistent with the scheme ID for keyed hash object // TPM_RC_SIZE size of public authorization policy or sensitive // authorization value does not match digest size of the // name algorithm sensitive data size for the keyed hash // object is larger than is allowed for the scheme // TPM_RC_SYMMETRIC a storage key with no symmetric algorithm specified; // or non-storage key with symmetric algorithm different // from TPM_ALG_NULL // TPM_RC_TYPE cannot create the object of the indicated type // (usually only occurs if trying to derive an RSA key). TPM_RC TPM2_CreateLoaded( CreateLoaded_In *in, // IN: input parameter list CreateLoaded_Out *out // OUT: output parameter list ) { TPM_RC result = TPM_RC_SUCCESS; OBJECT *parent = HandleToObject(in->parentHandle); OBJECT *newObject; BOOL derivation; TPMT_PUBLIC *publicArea; RAND_STATE randState; RAND_STATE *rand = &randState; TPMS_DERIVE labelContext; // Input Validation // How the public area is unmarshaled is determined by the parent, so // see if parent is a derivation parent derivation = (parent != NULL && parent->attributes.derivation); // If the parent is an object, then make sure that it is either a parent or // derivation parent if(parent != NULL && !parent->attributes.isParent && !derivation) return TPM_RCS_TYPE + RC_CreateLoaded_parentHandle; // Get a spot in which to create the newObject newObject = FindEmptyObjectSlot(&out->objectHandle); if(newObject == NULL) return TPM_RC_OBJECT_MEMORY; // Do this to save typing publicArea = &newObject->publicArea; // Unmarshal the template into the object space. TPM2_Create() and // TPM2_CreatePrimary() have the publicArea unmarshaled by CommandDispatcher. // This command is different because of an unfortunate property of the // unique field of an ECC key. It is a structure rather than a single TPM2B. If // if had been a TPM2B, then the label and context could be within a TPM2B and // unmarshaled like other public areas. Since it is not, this command needs its // on template that is a TPM2B that is unmarshaled as a BYTE array with a // its own unmarshal function. result = UnmarshalToPublic(publicArea, &in->inPublic, derivation, &labelContext); if(result != TPM_RC_SUCCESS) return result + RC_CreateLoaded_inPublic; // Validate that the authorization size is appropriate if(!AdjustAuthSize(&in->inSensitive.sensitive.userAuth, publicArea->nameAlg)) return TPM_RCS_SIZE + RC_CreateLoaded_inSensitive; // Command output if(derivation) { TPMT_KEYEDHASH_SCHEME *scheme; scheme = &parent->publicArea.parameters.keyedHashDetail.scheme; // SP800-108 is the only KDF supported by this implementation and there is // no default hash algorithm. pAssert(scheme->details.xor.hashAlg != TPM_ALG_NULL && scheme->details.xor.kdf == TPM_ALG_KDF1_SP800_108); // Don't derive RSA keys if(publicArea->type == ALG_RSA_VALUE) return TPM_RCS_TYPE + RC_CreateLoaded_inPublic; // sensitiveDataOrigin has to be CLEAR in a derived object. Since this // is specific to a derived object, it is checked here. if(IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, sensitiveDataOrigin)) return TPM_RCS_ATTRIBUTES; // Check the reset of the attributes result = PublicAttributesValidation(parent, publicArea); if(result != TPM_RC_SUCCESS) return RcSafeAddToResult(result, RC_CreateLoaded_inPublic); // Process the template and sensitive areas to get the actual 'label' and // 'context' values to be used for this derivation. result = SetLabelAndContext(&labelContext, &in->inSensitive.sensitive.data); if(result != TPM_RC_SUCCESS) return result; // Set up the KDF for object generation DRBG_InstantiateSeededKdf((KDF_STATE *)rand, scheme->details.xor.hashAlg, scheme->details.xor.kdf, &parent->sensitive.sensitive.bits.b, &labelContext.label.b, &labelContext.context.b, TPM_MAX_DERIVATION_BITS); // Clear the sensitive size so that the creation functions will not try // to use this value. in->inSensitive.sensitive.data.t.size = 0; } else { // Check attributes in input public area. CreateChecks() checks the things // that are unique to creation and then validates the attributes and values // that are common to create and load. result = CreateChecks(parent, publicArea, in->inSensitive.sensitive.data.t.size); if(result != TPM_RC_SUCCESS) return RcSafeAddToResult(result, RC_CreateLoaded_inPublic); // Creating a primary object if(parent == NULL) { TPM2B_NAME name; newObject->attributes.primary = SET; if(in->parentHandle == TPM_RH_ENDORSEMENT) newObject->attributes.epsHierarchy = SET; // If so, use the primary seed and the digest of the template // to seed the DRBG result = DRBG_InstantiateSeeded((DRBG_STATE *)rand, &HierarchyGetPrimarySeed(in->parentHandle)->b, PRIMARY_OBJECT_CREATION, (TPM2B *)PublicMarshalAndComputeName(publicArea, &name), &in->inSensitive.sensitive.data.b); if(result != TPM_RC_SUCCESS) return result; } else { // This is an ordinary object so use the normal random number generator rand = NULL; } } // Internal data update // Create the object result = CryptCreateObject(newObject, &in->inSensitive.sensitive, rand); if(result != TPM_RC_SUCCESS) return result; // if this is not a Primary key and not a derived key, then return the sensitive // area if(parent != NULL && !derivation) // Prepare output private data from sensitive SensitiveToPrivate(&newObject->sensitive, &newObject->name, parent, newObject->publicArea.nameAlg, &out->outPrivate); else out->outPrivate.t.size = 0; // Set the remaining return values out->outPublic.publicArea = newObject->publicArea; out->name = newObject->name; // Set the remaining attributes for a loaded object ObjectSetLoadedAttributes(newObject, in->parentHandle); return result; } #endif // CC_CreateLoadedgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/Load.c000066400000000000000000000124461510276467000266510ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "Load_fp.h" #if CC_Load // Conditional expansion of this file #include "Object_spt_fp.h" /*(See part 3 specification) // Load an ordinary or temporary object */ // Return Type: TPM_RC // TPM_RC_ATTRIBUTES 'inPulblic' attributes are not allowed with selected // parent // TPM_RC_BINDING 'inPrivate' and 'inPublic' are not // cryptographically bound // TPM_RC_HASH incorrect hash selection for signing key or // the 'nameAlg' for 'inPubic is not valid // TPM_RC_INTEGRITY HMAC on 'inPrivate' was not valid // TPM_RC_KDF KDF selection not allowed // TPM_RC_KEY the size of the object's 'unique' field is not // consistent with the indicated size in the object's // parameters // TPM_RC_OBJECT_MEMORY no available object slot // TPM_RC_SCHEME the signing scheme is not valid for the key // TPM_RC_SENSITIVE the 'inPrivate' did not unmarshal correctly // TPM_RC_SIZE 'inPrivate' missing, or 'authPolicy' size for // 'inPublic' or is not valid // TPM_RC_SYMMETRIC symmetric algorithm not provided when required // TPM_RC_TYPE 'parentHandle' is not a storage key, or the object // to load is a storage key but its parameters do not // match the parameters of the parent. // TPM_RC_VALUE decryption failure TPM_RC TPM2_Load( Load_In *in, // IN: input parameter list Load_Out *out // OUT: output parameter list ) { TPM_RC result = TPM_RC_SUCCESS; TPMT_SENSITIVE sensitive; OBJECT *parentObject; OBJECT *newObject; // Input Validation // Don't get invested in loading if there is no place to put it. newObject = FindEmptyObjectSlot(&out->objectHandle); if(newObject == NULL) return TPM_RC_OBJECT_MEMORY; if(in->inPrivate.t.size == 0) return TPM_RCS_SIZE + RC_Load_inPrivate; parentObject = HandleToObject(in->parentHandle); pAssert(parentObject != NULL); // Is the object that is being used as the parent actually a parent. if(!ObjectIsParent(parentObject)) return TPM_RCS_TYPE + RC_Load_parentHandle; // Compute the name of object. If there isn't one, it is because the nameAlg is // not valid. PublicMarshalAndComputeName(&in->inPublic.publicArea, &out->name); if(out->name.t.size == 0) return TPM_RCS_HASH + RC_Load_inPublic; // Retrieve sensitive data. result = PrivateToSensitive(&in->inPrivate.b, &out->name.b, parentObject, in->inPublic.publicArea.nameAlg, &sensitive); if(result != TPM_RC_SUCCESS) return RcSafeAddToResult(result, RC_Load_inPrivate); // Internal Data Update // Load and validate object result = ObjectLoad(newObject, parentObject, &in->inPublic.publicArea, &sensitive, RC_Load_inPublic, RC_Load_inPrivate, &out->name); if(result == TPM_RC_SUCCESS) { // Set the common OBJECT attributes for a loaded object. ObjectSetLoadedAttributes(newObject, in->parentHandle); } return result; } #endif // CC_Loadgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/LoadExternal.c000066400000000000000000000141211510276467000303440ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "LoadExternal_fp.h" #if CC_LoadExternal // Conditional expansion of this file #include "Object_spt_fp.h" /*(See part 3 specification) // to load an object that is not a Protected Object into the public portion // of an object into the TPM. The command allows loading of a public area or // both a public and sensitive area */ // Return Type: TPM_RC // TPM_RC_ATTRIBUTES 'fixedParent", 'fixedTPM', and 'restricted' must // be CLEAR if sensitive portion of an object is loaded // TPM_RC_BINDING the 'inPublic' and 'inPrivate' structures are not // cryptographically bound // TPM_RC_HASH incorrect hash selection for signing key // TPM_RC_HIERARCHY 'hierarchy' is turned off, or only NULL hierarchy // is allowed when loading public and private parts // of an object // TPM_RC_KDF incorrect KDF selection for decrypting // keyedHash object // TPM_RC_KEY the size of the object's 'unique' field is not // consistent with the indicated size in the object's // parameters // TPM_RC_OBJECT_MEMORY if there is no free slot for an object // TPM_RC_ECC_POINT for a public-only ECC key, the ECC point is not // on the curve // TPM_RC_SCHEME the signing scheme is not valid for the key // TPM_RC_SIZE 'authPolicy' is not zero and is not the size of a // digest produced by the object's 'nameAlg' // TPM_RH_NULL hierarchy // TPM_RC_SYMMETRIC symmetric algorithm not provided when required // TPM_RC_TYPE 'inPublic' and 'inPrivate' are not the same type TPM_RC TPM2_LoadExternal( LoadExternal_In *in, // IN: input parameter list LoadExternal_Out *out // OUT: output parameter list ) { TPM_RC result; OBJECT *object; TPMT_SENSITIVE *sensitive = NULL; // Input Validation // Don't get invested in loading if there is no place to put it. object = FindEmptyObjectSlot(&out->objectHandle); if(object == NULL) return TPM_RC_OBJECT_MEMORY; // If the hierarchy to be associated with this object is turned off, the object // cannot be loaded. if(!HierarchyIsEnabled(in->hierarchy)) return TPM_RCS_HIERARCHY + RC_LoadExternal_hierarchy; // For loading an object with both public and sensitive if(in->inPrivate.size != 0) { // An external object with a sensitive area can only be loaded in the // NULL hierarchy if(in->hierarchy != TPM_RH_NULL) return TPM_RCS_HIERARCHY + RC_LoadExternal_hierarchy; // An external object with a sensitive area must have fixedTPM == CLEAR // fixedParent == CLEAR so that it does not appear to be a key created by // this TPM. if(IS_ATTRIBUTE(in->inPublic.publicArea.objectAttributes, TPMA_OBJECT, fixedTPM) || IS_ATTRIBUTE(in->inPublic.publicArea.objectAttributes, TPMA_OBJECT, fixedParent) || IS_ATTRIBUTE(in->inPublic.publicArea.objectAttributes, TPMA_OBJECT, restricted)) return TPM_RCS_ATTRIBUTES + RC_LoadExternal_inPublic; // Have sensitive point to something other than NULL so that object // initialization will load the sensitive part too sensitive = &in->inPrivate.sensitiveArea; } // Need the name to initialize the object structure PublicMarshalAndComputeName(&in->inPublic.publicArea, &out->name); // Load and validate key result = ObjectLoad(object, NULL, &in->inPublic.publicArea, sensitive, RC_LoadExternal_inPublic, RC_LoadExternal_inPrivate, &out->name); if(result == TPM_RC_SUCCESS) { object->attributes.external = SET; // Set the common OBJECT attributes for a loaded object. ObjectSetLoadedAttributes(object, in->hierarchy); } return result; } #endif // CC_LoadExternalgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/MakeCredential.c000066400000000000000000000077261510276467000306470ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "MakeCredential_fp.h" #if CC_MakeCredential // Conditional expansion of this file #include "Object_spt_fp.h" /*(See part 3 specification) // Make Credential with an object */ // Return Type: TPM_RC // TPM_RC_KEY 'handle' referenced an ECC key that has a unique // field that is not a point on the curve of the key // TPM_RC_SIZE 'credential' is larger than the digest size of // Name algorithm of 'handle' // TPM_RC_TYPE 'handle' does not reference an asymmetric // decryption key TPM_RC TPM2_MakeCredential( MakeCredential_In *in, // IN: input parameter list MakeCredential_Out *out // OUT: output parameter list ) { TPM_RC result = TPM_RC_SUCCESS; OBJECT *object; TPM2B_DATA data; // Input Validation // Get object pointer object = HandleToObject(in->handle); // input key must be an asymmetric, restricted decryption key // NOTE: Needs to be restricted to have a symmetric value. if(!CryptIsAsymAlgorithm(object->publicArea.type) || !IS_ATTRIBUTE(object->publicArea.objectAttributes, TPMA_OBJECT, decrypt) || !IS_ATTRIBUTE(object->publicArea.objectAttributes, TPMA_OBJECT, restricted)) return TPM_RCS_TYPE + RC_MakeCredential_handle; // The credential information may not be larger than the digest size used for // the Name of the key associated with handle. if(in->credential.t.size > CryptHashGetDigestSize(object->publicArea.nameAlg)) return TPM_RCS_SIZE + RC_MakeCredential_credential; // Command Output // Make encrypt key and its associated secret structure. out->secret.t.size = sizeof(out->secret.t.secret); result = CryptSecretEncrypt(object, IDENTITY_STRING, &data, &out->secret); if(result != TPM_RC_SUCCESS) return result; // Prepare output credential data from secret SecretToCredential(&in->credential, &in->objectName.b, &data.b, object, &out->credentialBlob); return TPM_RC_SUCCESS; } #endif // CC_MakeCredentialgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/ObjectChangeAuth.c000066400000000000000000000077271510276467000311360ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "ObjectChangeAuth_fp.h" #if CC_ObjectChangeAuth // Conditional expansion of this file #include "Object_spt_fp.h" /*(See part 3 specification) // Create an object */ // Return Type: TPM_RC // TPM_RC_SIZE 'newAuth' is larger than the size of the digest // of the Name algorithm of 'objectHandle' // TPM_RC_TYPE the key referenced by 'parentHandle' is not the // parent of the object referenced by 'objectHandle'; // or 'objectHandle' is a sequence object. TPM_RC TPM2_ObjectChangeAuth( ObjectChangeAuth_In *in, // IN: input parameter list ObjectChangeAuth_Out *out // OUT: output parameter list ) { TPMT_SENSITIVE sensitive; OBJECT *object = HandleToObject(in->objectHandle); TPM2B_NAME QNCompare; // Input Validation // Can not change authorization on sequence object if(ObjectIsSequence(object)) return TPM_RCS_TYPE + RC_ObjectChangeAuth_objectHandle; // Make sure that the authorization value is consistent with the nameAlg if(!AdjustAuthSize(&in->newAuth, object->publicArea.nameAlg)) return TPM_RCS_SIZE + RC_ObjectChangeAuth_newAuth; // Parent handle should be the parent of object handle. In this // implementation we verify this by checking the QN of object. Other // implementation may choose different method to verify this attribute. ComputeQualifiedName(in->parentHandle, object->publicArea.nameAlg, &object->name, &QNCompare); if(!MemoryEqual2B(&object->qualifiedName.b, &QNCompare.b)) return TPM_RCS_TYPE + RC_ObjectChangeAuth_parentHandle; // Command Output // Prepare the sensitive area with the new authorization value sensitive = object->sensitive; sensitive.authValue = in->newAuth; // Protect the sensitive area SensitiveToPrivate(&sensitive, &object->name, HandleToObject(in->parentHandle), object->publicArea.nameAlg, &out->outPrivate); return TPM_RC_SUCCESS; } #endif // CC_ObjectChangeAuthgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/Object_spt.c000066400000000000000000002074221510276467000300660ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Includes #include "Tpm.h" #include "Object_spt_fp.h" //** Local Functions //*** GetIV2BSize() // Get the size of TPM2B_IV in canonical form that will be append to the start of // the sensitive data. It includes both size of size field and size of iv data static UINT16 GetIV2BSize( OBJECT *protector // IN: the protector handle ) { TPM_ALG_ID symAlg; UINT16 keyBits; // Determine the symmetric algorithm and size of key if(protector == NULL) { // Use the context encryption algorithm and key size symAlg = CONTEXT_ENCRYPT_ALG; keyBits = CONTEXT_ENCRYPT_KEY_BITS; } else { symAlg = protector->publicArea.parameters.asymDetail.symmetric.algorithm; keyBits = protector->publicArea.parameters.asymDetail.symmetric.keyBits.sym; } // The IV size is a UINT16 size field plus the block size of the symmetric // algorithm return sizeof(UINT16) + CryptGetSymmetricBlockSize(symAlg, keyBits); } //*** ComputeProtectionKeyParms() // This function retrieves the symmetric protection key parameters for // the sensitive data // The parameters retrieved from this function include encryption algorithm, // key size in bit, and a TPM2B_SYM_KEY containing the key material as well as // the key size in bytes // This function is used for any action that requires encrypting or decrypting of // the sensitive area of an object or a credential blob // /*(See part 1 specification) KDF for generating the protection key material: KDFa(hashAlg, seed, "STORAGE", Name, NULL , bits) where hashAlg for a Primary Object, an algorithm chosen by the TPM vendor for derivations from Primary Seeds. For all other objects, the nameAlg of the object's parent. seed for a Primary Object in the Platform Hierarchy, the PPS. For Primary Objects in either Storage or Endorsement Hierarchy, the SPS. For Temporary Objects, the context encryption seed. For all other objects, the symmetric seed value in the sensitive area of the object's parent. STORAGE label to differentiate use of KDFa() (see 4.7) Name the Name of the object being encrypted bits the number of bits required for a symmetric key and IV */ // Return Type: void static void ComputeProtectionKeyParms( OBJECT *protector, // IN: the protector object TPM_ALG_ID hashAlg, // IN: hash algorithm for KDFa TPM2B *name, // IN: name of the object TPM2B *seedIn, // IN: optional seed for duplication blob. // For non duplication blob, this // parameter should be NULL TPM_ALG_ID *symAlg, // OUT: the symmetric algorithm UINT16 *keyBits, // OUT: the symmetric key size in bits TPM2B_SYM_KEY *symKey // OUT: the symmetric key ) { const TPM2B *seed = seedIn; // Determine the algorithms for the KDF and the encryption/decryption // For TPM_RH_NULL, using context settings if(protector == NULL) { // Use the context encryption algorithm and key size *symAlg = CONTEXT_ENCRYPT_ALG; symKey->t.size = CONTEXT_ENCRYPT_KEY_BYTES; *keyBits = CONTEXT_ENCRYPT_KEY_BITS; } else { TPMT_SYM_DEF_OBJECT *symDef; symDef = &protector->publicArea.parameters.asymDetail.symmetric; *symAlg = symDef->algorithm; *keyBits = symDef->keyBits.sym; symKey->t.size = (*keyBits + 7) / 8; } // Get seed for KDF if(seed == NULL) seed = GetSeedForKDF(protector); // KDFa to generate symmetric key and IV value CryptKDFa(hashAlg, seed, STORAGE_KEY, name, NULL, symKey->t.size * 8, symKey->t.buffer, NULL, FALSE); return; } //*** ComputeOuterIntegrity() // The sensitive area parameter is a buffer that holds a space for // the integrity value and the marshaled sensitive area. The caller should // skip over the area set aside for the integrity value // and compute the hash of the remainder of the object. // The size field of sensitive is in unmarshaled form and the // sensitive area contents is an array of bytes. /*(See part 1 specification) KDFa(hashAlg, seed, "INTEGRITY", NULL, NULL , bits) (38) where hashAlg for a Primary Object, the nameAlg of the object. For all other objects the nameAlg of the object's parent. seed for a Primary Object in the Platform Hierarchy, the PPS. For Primary Objects in either Storage or Endorsement Hierarchy, the SPS. For a Temporary Object, the context encryption key. For all other objects, the symmetric seed value in the sensitive area of the object's parent. "INTEGRITY" a value used to differentiate the uses of the KDF. bits the number of bits in the digest produced by hashAlg. Key is then used in the integrity computation. HMACnameAlg(HMACkey, encSensitive || Name ) where HMACnameAlg() the HMAC function using nameAlg of the object's parent HMACkey value derived from the parent symmetric protection value encSensitive symmetrically encrypted sensitive area Name the Name of the object being protected */ // Return Type: void static void ComputeOuterIntegrity( TPM2B *name, // IN: the name of the object OBJECT *protector, // IN: the object that // provides protection. For an object, // it is a parent. For a credential, it // is the encrypt object. For // a Temporary Object, it is NULL TPMI_ALG_HASH hashAlg, // IN: algorithm to use for integrity TPM2B *seedIn, // IN: an external seed may be provided for // duplication blob. For non duplication // blob, this parameter should be NULL UINT32 sensitiveSize, // IN: size of the marshaled sensitive data BYTE *sensitiveData, // IN: sensitive area TPM2B_DIGEST *integrity // OUT: integrity ) { HMAC_STATE hmacState; TPM2B_DIGEST hmacKey; const TPM2B *seed = seedIn; // // Get seed for KDF if(seed == NULL) seed = GetSeedForKDF(protector); // Determine the HMAC key bits hmacKey.t.size = CryptHashGetDigestSize(hashAlg); // KDFa to generate HMAC key CryptKDFa(hashAlg, seed, INTEGRITY_KEY, NULL, NULL, hmacKey.t.size * 8, hmacKey.t.buffer, NULL, FALSE); // Start HMAC and get the size of the digest which will become the integrity integrity->t.size = CryptHmacStart2B(&hmacState, hashAlg, &hmacKey.b); // Adding the marshaled sensitive area to the integrity value CryptDigestUpdate(&hmacState.hashState, sensitiveSize, sensitiveData); // Adding name CryptDigestUpdate2B(&hmacState.hashState, name); // Compute HMAC CryptHmacEnd2B(&hmacState, &integrity->b); return; } //*** ComputeInnerIntegrity() // This function computes the integrity of an inner wrap static void ComputeInnerIntegrity( TPM_ALG_ID hashAlg, // IN: hash algorithm for inner wrap TPM2B *name, // IN: the name of the object UINT16 dataSize, // IN: the size of sensitive data BYTE *sensitiveData, // IN: sensitive data TPM2B_DIGEST *integrity // OUT: inner integrity ) { HASH_STATE hashState; // // Start hash and get the size of the digest which will become the integrity integrity->t.size = CryptHashStart(&hashState, hashAlg); // Adding the marshaled sensitive area to the integrity value CryptDigestUpdate(&hashState, dataSize, sensitiveData); // Adding name CryptDigestUpdate2B(&hashState, name); // Compute hash CryptHashEnd2B(&hashState, &integrity->b); return; } //*** ProduceInnerIntegrity() // This function produces an inner integrity for regular private, credential or // duplication blob // It requires the sensitive data being marshaled to the innerBuffer, with the // leading bytes reserved for integrity hash. It assume the sensitive data // starts at address (innerBuffer + integrity size). // This function integrity at the beginning of the inner buffer // It returns the total size of buffer with the inner wrap static UINT16 ProduceInnerIntegrity( TPM2B *name, // IN: the name of the object TPM_ALG_ID hashAlg, // IN: hash algorithm for inner wrap UINT16 dataSize, // IN: the size of sensitive data, excluding the // leading integrity buffer size BYTE *innerBuffer // IN/OUT: inner buffer with sensitive data in // it. At input, the leading bytes of this // buffer is reserved for integrity ) { BYTE *sensitiveData; // pointer to the sensitive data TPM2B_DIGEST integrity; UINT16 integritySize; BYTE *buffer; // Auxiliary buffer pointer // // sensitiveData points to the beginning of sensitive data in innerBuffer integritySize = sizeof(UINT16) + CryptHashGetDigestSize(hashAlg); sensitiveData = innerBuffer + integritySize; ComputeInnerIntegrity(hashAlg, name, dataSize, sensitiveData, &integrity); // Add integrity at the beginning of inner buffer buffer = innerBuffer; TPM2B_DIGEST_Marshal(&integrity, &buffer, NULL); return dataSize + integritySize; } //*** CheckInnerIntegrity() // This function check integrity of inner blob // Return Type: TPM_RC // TPM_RC_INTEGRITY if the outer blob integrity is bad // unmarshal errors unmarshal errors while unmarshaling integrity static TPM_RC CheckInnerIntegrity( TPM2B *name, // IN: the name of the object TPM_ALG_ID hashAlg, // IN: hash algorithm for inner wrap UINT16 dataSize, // IN: the size of sensitive data, including the // leading integrity buffer size BYTE *innerBuffer // IN/OUT: inner buffer with sensitive data in // it ) { TPM_RC result; TPM2B_DIGEST integrity; TPM2B_DIGEST integrityToCompare; BYTE *buffer; // Auxiliary buffer pointer INT32 size; // // Unmarshal integrity buffer = innerBuffer; size = (INT32)dataSize; result = TPM2B_DIGEST_Unmarshal(&integrity, &buffer, &size); if(result == TPM_RC_SUCCESS) { // Compute integrity to compare ComputeInnerIntegrity(hashAlg, name, (UINT16)size, buffer, &integrityToCompare); // Compare outer blob integrity if(!MemoryEqual2B(&integrity.b, &integrityToCompare.b)) result = TPM_RC_INTEGRITY; } return result; } //** Public Functions //*** AdjustAuthSize() // This function will validate that the input authValue is no larger than the // digestSize for the nameAlg. It will then pad with zeros to the size of the // digest. BOOL AdjustAuthSize( TPM2B_AUTH *auth, // IN/OUT: value to adjust TPMI_ALG_HASH nameAlg // IN: ) { UINT16 digestSize; // // If there is no nameAlg, then this is a LoadExternal and the authVale can // be any size up to the maximum allowed by the digestSize = (nameAlg == TPM_ALG_NULL) ? sizeof(TPMU_HA) : CryptHashGetDigestSize(nameAlg); if(digestSize < MemoryRemoveTrailingZeros(auth)) return FALSE; else if(digestSize > auth->t.size) MemoryPad2B(&auth->b, digestSize); auth->t.size = digestSize; return TRUE; } //*** AreAttributesForParent() // This function is called by create, load, and import functions. // Note: The 'isParent' attribute is SET when an object is loaded and it has // attributes that are suitable for a parent object. // Return Type: BOOL // TRUE(1) properties are those of a parent // FALSE(0) properties are not those of a parent BOOL ObjectIsParent( OBJECT *parentObject // IN: parent handle ) { return parentObject->attributes.isParent; } //*** CreateChecks() // Attribute checks that are unique to creation. // Return Type: TPM_RC // TPM_RC_ATTRIBUTES sensitiveDataOrigin is not consistent with the // object type // other returns from PublicAttributesValidation() TPM_RC CreateChecks( OBJECT *parentObject, TPMT_PUBLIC *publicArea, UINT16 sensitiveDataSize ) { TPMA_OBJECT attributes = publicArea->objectAttributes; TPM_RC result = TPM_RC_SUCCESS; // // If the caller indicates that they have provided the data, then make sure that // they have provided some data. if((!IS_ATTRIBUTE(attributes, TPMA_OBJECT, sensitiveDataOrigin)) && (sensitiveDataSize == 0)) return TPM_RCS_ATTRIBUTES; // For an ordinary object, data can only be provided when sensitiveDataOrigin // is CLEAR if((parentObject != NULL) && (IS_ATTRIBUTE(attributes, TPMA_OBJECT, sensitiveDataOrigin)) && (sensitiveDataSize != 0)) return TPM_RCS_ATTRIBUTES; switch(publicArea->type) { case ALG_KEYEDHASH_VALUE: // if this is a data object (sign == decrypt == CLEAR) then the // TPM cannot be the data source. if(!IS_ATTRIBUTE(attributes, TPMA_OBJECT, sign) && !IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt) && IS_ATTRIBUTE(attributes, TPMA_OBJECT, sensitiveDataOrigin)) result = TPM_RC_ATTRIBUTES; // comment out the next line in order to prevent a fixedTPM derivation // parent // break; case ALG_SYMCIPHER_VALUE: // A restricted key symmetric key (SYMCIPHER and KEYEDHASH) // must have sensitiveDataOrigin SET unless it has fixedParent and // fixedTPM CLEAR. if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, restricted)) if(!IS_ATTRIBUTE(attributes, TPMA_OBJECT, sensitiveDataOrigin)) if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedParent) || IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedTPM)) result = TPM_RCS_ATTRIBUTES; break; default: // Asymmetric keys cannot have the sensitive portion provided if(!IS_ATTRIBUTE(attributes, TPMA_OBJECT, sensitiveDataOrigin)) result = TPM_RCS_ATTRIBUTES; break; } if(TPM_RC_SUCCESS == result) { result = PublicAttributesValidation(parentObject, publicArea); } return result; } //*** SchemeChecks // This function is called by TPM2_LoadExternal() and PublicAttributesValidation(). // This function validates the schemes in the public area of an object. // Return Type: TPM_RC // TPM_RC_HASH non-duplicable storage key and its parent have different // name algorithm // TPM_RC_KDF incorrect KDF specified for decrypting keyed hash object // TPM_RC_KEY invalid key size values in an asymmetric key public area // TPM_RCS_SCHEME inconsistent attributes 'decrypt', 'sign', 'restricted' // and key's scheme ID; or hash algorithm is inconsistent // with the scheme ID for keyed hash object // TPM_RC_SYMMETRIC a storage key with no symmetric algorithm specified; or // non-storage key with symmetric algorithm different from // ALG_NULL TPM_RC SchemeChecks( OBJECT *parentObject, // IN: parent (null if primary seed) TPMT_PUBLIC *publicArea // IN: public area of the object ) { TPMT_SYM_DEF_OBJECT *symAlgs = NULL; TPM_ALG_ID scheme = TPM_ALG_NULL; TPMA_OBJECT attributes = publicArea->objectAttributes; TPMU_PUBLIC_PARMS *parms = &publicArea->parameters; // switch(publicArea->type) { case ALG_SYMCIPHER_VALUE: symAlgs = &parms->symDetail.sym; // If this is a decrypt key, then only the block cipher modes (not // SMAC) are valid. TPM_ALG_NULL is OK too. If this is a 'sign' key, // then any mode that got through the unmarshaling is OK. if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt) && !CryptSymModeIsValid(symAlgs->mode.sym, TRUE)) return TPM_RCS_SCHEME; break; case ALG_KEYEDHASH_VALUE: scheme = parms->keyedHashDetail.scheme.scheme; // if both sign and decrypt if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, sign) == IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt)) { // if both sign and decrypt are set or clear, then need // ALG_NULL as scheme if(scheme != TPM_ALG_NULL) return TPM_RCS_SCHEME; } else if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, sign) && scheme != TPM_ALG_HMAC) return TPM_RCS_SCHEME; else if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt)) { if(scheme != TPM_ALG_XOR) return TPM_RCS_SCHEME; // If this is a derivation parent, then the KDF needs to be // SP800-108 for this implementation. This is the only derivation // supported by this implementation. Other implementations could // support additional schemes. There is no default. if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, restricted)) { if(parms->keyedHashDetail.scheme.details.xor.kdf != TPM_ALG_KDF1_SP800_108) return TPM_RCS_SCHEME; // Must select a digest. if(CryptHashGetDigestSize( parms->keyedHashDetail.scheme.details.xor.hashAlg) == 0) return TPM_RCS_HASH; } } break; default: // handling for asymmetric scheme = parms->asymDetail.scheme.scheme; symAlgs = &parms->asymDetail.symmetric; // if the key is both sign and decrypt, then the scheme must be // ALG_NULL because there is no way to specify both a sign and a // decrypt scheme in the key. if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, sign) == IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt)) { // scheme must be TPM_ALG_NULL if(scheme != TPM_ALG_NULL) return TPM_RCS_SCHEME; } else if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, sign)) { // If this is a signing key, see if it has a signing scheme if(CryptIsAsymSignScheme(publicArea->type, scheme)) { // if proper signing scheme then it needs a proper hash if(parms->asymDetail.scheme.details.anySig.hashAlg == TPM_ALG_NULL) return TPM_RCS_SCHEME; } else { // signing key that does not have a proper signing scheme. // This is OK if the key is not restricted and its scheme // is TPM_ALG_NULL if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, restricted) || scheme != TPM_ALG_NULL) return TPM_RCS_SCHEME; } } else if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt)) { if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, restricted)) { // for a restricted decryption key (a parent), scheme // is required to be TPM_ALG_NULL if(scheme != TPM_ALG_NULL) return TPM_RCS_SCHEME; } else { // For an unrestricted decryption key, the scheme has to // be a valid scheme or TPM_ALG_NULL if(scheme != TPM_ALG_NULL && !CryptIsAsymDecryptScheme(publicArea->type, scheme)) return TPM_RCS_SCHEME; } } if(!IS_ATTRIBUTE(attributes, TPMA_OBJECT, restricted) || !IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt)) { // For an asymmetric key that is not a parent, the symmetric // algorithms must be TPM_ALG_NULL if(symAlgs->algorithm != TPM_ALG_NULL) return TPM_RCS_SYMMETRIC; } // Special checks for an ECC key #if ALG_ECC if(publicArea->type == TPM_ALG_ECC) { TPM_ECC_CURVE curveID; const TPMT_ECC_SCHEME *curveScheme; curveID = publicArea->parameters.eccDetail.curveID; curveScheme = CryptGetCurveSignScheme(curveID); // The curveId must be valid or the unmarshaling is busted. pAssert(curveScheme != NULL); // If the curveID requires a specific scheme, then the key must // select the same scheme if(curveScheme->scheme != TPM_ALG_NULL) { TPMS_ECC_PARMS *ecc = &publicArea->parameters.eccDetail; if(scheme != curveScheme->scheme) return TPM_RCS_SCHEME; // The scheme can allow any hash, or not... if(curveScheme->details.anySig.hashAlg != TPM_ALG_NULL && (ecc->scheme.details.anySig.hashAlg != curveScheme->details.anySig.hashAlg)) return TPM_RCS_SCHEME; } // For now, the KDF must be TPM_ALG_NULL if(publicArea->parameters.eccDetail.kdf.scheme != TPM_ALG_NULL) return TPM_RCS_KDF; } #endif break; } // If this is a restricted decryption key with symmetric algorithms, then it // is an ordinary parent (not a derivation parent). It needs to specific // symmetric algorithms other than TPM_ALG_NULL if(symAlgs != NULL && IS_ATTRIBUTE(attributes, TPMA_OBJECT, restricted) && IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt)) { if(symAlgs->algorithm == TPM_ALG_NULL) return TPM_RCS_SYMMETRIC; #if 0 //?? // This next check is under investigation. Need to see if it will break Windows // before it is enabled. If it does not, then it should be default because a // the mode used with a parent is always CFB and Part 2 indicates as much. if(symAlgs->mode.sym != TPM_ALG_CFB) return TPM_RCS_MODE; #endif // If this parent is not duplicable, then the symmetric algorithms // (encryption and hash) must match those of its parent if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedParent) && (parentObject != NULL)) { if(publicArea->nameAlg != parentObject->publicArea.nameAlg) return TPM_RCS_HASH; if(!MemoryEqual(symAlgs, &parentObject->publicArea.parameters, sizeof(TPMT_SYM_DEF_OBJECT))) return TPM_RCS_SYMMETRIC; } } return TPM_RC_SUCCESS; } //*** PublicAttributesValidation() // This function validates the values in the public area of an object. // This function is used in the processing of TPM2_Create, TPM2_CreatePrimary, // TPM2_CreateLoaded(), TPM2_Load(), TPM2_Import(), and TPM2_LoadExternal(). // For TPM2_Import() this is only used if the new parent has fixedTPM SET. For // TPM2_LoadExternal(), this is not used for a public-only key // Return Type: TPM_RC // TPM_RC_ATTRIBUTES 'fixedTPM', 'fixedParent', or 'encryptedDuplication' // attributes are inconsistent between themselves or with // those of the parent object; // inconsistent 'restricted', 'decrypt' and 'sign' // attributes; // attempt to inject sensitive data for an asymmetric key; // attempt to create a symmetric cipher key that is not // a decryption key // TPM_RC_HASH nameAlg is TPM_ALG_NULL // TPM_RC_SIZE 'authPolicy' size does not match digest size of the name // algorithm in 'publicArea' // other returns from SchemeChecks() TPM_RC PublicAttributesValidation( OBJECT *parentObject, // IN: input parent object TPMT_PUBLIC *publicArea // IN: public area of the object ) { TPMA_OBJECT attributes = publicArea->objectAttributes; TPMA_OBJECT parentAttributes = TPMA_ZERO_INITIALIZER(); // if(parentObject != NULL) parentAttributes = parentObject->publicArea.objectAttributes; if(publicArea->nameAlg == TPM_ALG_NULL) return TPM_RCS_HASH; // If there is an authPolicy, it needs to be the size of the digest produced // by the nameAlg of the object if((publicArea->authPolicy.t.size != 0 && (publicArea->authPolicy.t.size != CryptHashGetDigestSize(publicArea->nameAlg)))) return TPM_RCS_SIZE; // If the parent is fixedTPM (including a Primary Object) the object must have // the same value for fixedTPM and fixedParent if(parentObject == NULL || IS_ATTRIBUTE(parentAttributes, TPMA_OBJECT, fixedTPM)) { if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedParent) != IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedTPM)) return TPM_RCS_ATTRIBUTES; } else { // The parent is not fixedTPM so the object can't be fixedTPM if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedTPM)) return TPM_RCS_ATTRIBUTES; } // See if sign and decrypt are the same if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, sign) == IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt)) { // a restricted key cannot have both SET or both CLEAR if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, restricted)) return TPM_RC_ATTRIBUTES; // only a data object may have both sign and decrypt CLEAR // BTW, since we know that decrypt==sign, no need to check both if(publicArea->type != TPM_ALG_KEYEDHASH && !IS_ATTRIBUTE(attributes, TPMA_OBJECT, sign)) return TPM_RC_ATTRIBUTES; } // If the object can't be duplicated (directly or indirectly) then there // is no justification for having encryptedDuplication SET if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedTPM) && IS_ATTRIBUTE(attributes, TPMA_OBJECT, encryptedDuplication)) return TPM_RCS_ATTRIBUTES; // If a parent object has fixedTPM CLEAR, the child must have the // same encryptedDuplication value as its parent. // Primary objects are considered to have a fixedTPM parent (the seeds). if(parentObject != NULL && !IS_ATTRIBUTE(parentAttributes, TPMA_OBJECT, fixedTPM)) { if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, encryptedDuplication) != IS_ATTRIBUTE(parentAttributes, TPMA_OBJECT, encryptedDuplication)) return TPM_RCS_ATTRIBUTES; } // Special checks for derived objects if((parentObject != NULL) && (parentObject->attributes.derivation == SET)) { // A derived object has the same settings for fixedTPM as its parent if(IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedTPM) != IS_ATTRIBUTE(parentAttributes, TPMA_OBJECT, fixedTPM)) return TPM_RCS_ATTRIBUTES; // A derived object is required to be fixedParent if(!IS_ATTRIBUTE(attributes, TPMA_OBJECT, fixedParent)) return TPM_RCS_ATTRIBUTES; } return SchemeChecks(parentObject, publicArea); } //*** FillInCreationData() // Fill in creation data for an object. // Return Type: void void FillInCreationData( TPMI_DH_OBJECT parentHandle, // IN: handle of parent TPMI_ALG_HASH nameHashAlg, // IN: name hash algorithm TPML_PCR_SELECTION *creationPCR, // IN: PCR selection TPM2B_DATA *outsideData, // IN: outside data TPM2B_CREATION_DATA *outCreation, // OUT: creation data for output TPM2B_DIGEST *creationDigest // OUT: creation digest ) { BYTE creationBuffer[sizeof(TPMS_CREATION_DATA)]; BYTE *buffer; HASH_STATE hashState; // // Fill in TPMS_CREATION_DATA in outCreation // Compute PCR digest PCRComputeCurrentDigest(nameHashAlg, creationPCR, &outCreation->creationData.pcrDigest); // Put back PCR selection list outCreation->creationData.pcrSelect = *creationPCR; // Get locality outCreation->creationData.locality = LocalityGetAttributes(_plat__LocalityGet()); outCreation->creationData.parentNameAlg = TPM_ALG_NULL; // If the parent is either a primary seed or TPM_ALG_NULL, then the Name // and QN of the parent are the parent's handle. if(HandleGetType(parentHandle) == TPM_HT_PERMANENT) { buffer = &outCreation->creationData.parentName.t.name[0]; outCreation->creationData.parentName.t.size = TPM_HANDLE_Marshal(&parentHandle, &buffer, NULL); // For a primary or temporary object, the parent name (a handle) and the // parent's QN are the same outCreation->creationData.parentQualifiedName = outCreation->creationData.parentName; } else // Regular object { OBJECT *parentObject = HandleToObject(parentHandle); // // Set name algorithm outCreation->creationData.parentNameAlg = parentObject->publicArea.nameAlg; // Copy parent name outCreation->creationData.parentName = parentObject->name; // Copy parent qualified name outCreation->creationData.parentQualifiedName = parentObject->qualifiedName; } // Copy outside information outCreation->creationData.outsideInfo = *outsideData; // Marshal creation data to canonical form buffer = creationBuffer; outCreation->size = TPMS_CREATION_DATA_Marshal(&outCreation->creationData, &buffer, NULL); // Compute hash for creation field in public template creationDigest->t.size = CryptHashStart(&hashState, nameHashAlg); CryptDigestUpdate(&hashState, outCreation->size, creationBuffer); CryptHashEnd2B(&hashState, &creationDigest->b); return; } //*** GetSeedForKDF() // Get a seed for KDF. The KDF for encryption and HMAC key use the same seed. const TPM2B * GetSeedForKDF( OBJECT *protector // IN: the protector handle ) { // Get seed for encryption key. Use input seed if provided. // Otherwise, using protector object's seedValue. TPM_RH_NULL is the only // exception that we may not have a loaded object as protector. In such a // case, use nullProof as seed. if(protector == NULL) return &gr.nullProof.b; else return &protector->sensitive.seedValue.b; } //*** ProduceOuterWrap() // This function produce outer wrap for a buffer containing the sensitive data. // It requires the sensitive data being marshaled to the outerBuffer, with the // leading bytes reserved for integrity hash. If iv is used, iv space should // be reserved at the beginning of the buffer. It assumes the sensitive data // starts at address (outerBuffer + integrity size {+ iv size}). // This function performs: // 1. Add IV before sensitive area if required // 2. encrypt sensitive data, if iv is required, encrypt by iv. otherwise, // encrypted by a NULL iv // 3. add HMAC integrity at the beginning of the buffer // It returns the total size of blob with outer wrap UINT16 ProduceOuterWrap( OBJECT *protector, // IN: The handle of the object that provides // protection. For object, it is parent // handle. For credential, it is the handle // of encrypt object. TPM2B *name, // IN: the name of the object TPM_ALG_ID hashAlg, // IN: hash algorithm for outer wrap TPM2B *seed, // IN: an external seed may be provided for // duplication blob. For non duplication // blob, this parameter should be NULL BOOL useIV, // IN: indicate if an IV is used UINT16 dataSize, // IN: the size of sensitive data, excluding the // leading integrity buffer size or the // optional iv size BYTE *outerBuffer // IN/OUT: outer buffer with sensitive data in // it ) { TPM_ALG_ID symAlg; UINT16 keyBits; TPM2B_SYM_KEY symKey; TPM2B_IV ivRNG; // IV from RNG TPM2B_IV *iv = NULL; UINT16 ivSize = 0; // size of iv area, including the size field BYTE *sensitiveData; // pointer to the sensitive data TPM2B_DIGEST integrity; UINT16 integritySize; BYTE *buffer; // Auxiliary buffer pointer // // Compute the beginning of sensitive data. The outer integrity should // always exist if this function is called to make an outer wrap integritySize = sizeof(UINT16) + CryptHashGetDigestSize(hashAlg); sensitiveData = outerBuffer + integritySize; // If iv is used, adjust the pointer of sensitive data and add iv before it if(useIV) { ivSize = GetIV2BSize(protector); // Generate IV from RNG. The iv data size should be the total IV area // size minus the size of size field ivRNG.t.size = ivSize - sizeof(UINT16); CryptRandomGenerate(ivRNG.t.size, ivRNG.t.buffer); // Marshal IV to buffer buffer = sensitiveData; TPM2B_IV_Marshal(&ivRNG, &buffer, NULL); // adjust sensitive data starting after IV area sensitiveData += ivSize; // Use iv for encryption iv = &ivRNG; } // Compute symmetric key parameters for outer buffer encryption ComputeProtectionKeyParms(protector, hashAlg, name, seed, &symAlg, &keyBits, &symKey); // Encrypt inner buffer in place CryptSymmetricEncrypt(sensitiveData, symAlg, keyBits, symKey.t.buffer, iv, TPM_ALG_CFB, dataSize, sensitiveData); // Compute outer integrity. Integrity computation includes the optional IV // area ComputeOuterIntegrity(name, protector, hashAlg, seed, dataSize + ivSize, outerBuffer + integritySize, &integrity); // Add integrity at the beginning of outer buffer buffer = outerBuffer; TPM2B_DIGEST_Marshal(&integrity, &buffer, NULL); // return the total size in outer wrap return dataSize + integritySize + ivSize; } //*** UnwrapOuter() // This function remove the outer wrap of a blob containing sensitive data // This function performs: // 1. check integrity of outer blob // 2. decrypt outer blob // // Return Type: TPM_RC // TPM_RCS_INSUFFICIENT error during sensitive data unmarshaling // TPM_RCS_INTEGRITY sensitive data integrity is broken // TPM_RCS_SIZE error during sensitive data unmarshaling // TPM_RCS_VALUE IV size for CFB does not match the encryption // algorithm block size TPM_RC UnwrapOuter( OBJECT *protector, // IN: The object that provides // protection. For object, it is parent // handle. For credential, it is the // encrypt object. TPM2B *name, // IN: the name of the object TPM_ALG_ID hashAlg, // IN: hash algorithm for outer wrap TPM2B *seed, // IN: an external seed may be provided for // duplication blob. For non duplication // blob, this parameter should be NULL. BOOL useIV, // IN: indicates if an IV is used UINT16 dataSize, // IN: size of sensitive data in outerBuffer, // including the leading integrity buffer // size, and an optional iv area BYTE *outerBuffer // IN/OUT: sensitive data ) { TPM_RC result; TPM_ALG_ID symAlg = TPM_ALG_NULL; TPM2B_SYM_KEY symKey; UINT16 keyBits = 0; TPM2B_IV ivIn; // input IV retrieved from input buffer TPM2B_IV *iv = NULL; BYTE *sensitiveData; // pointer to the sensitive data TPM2B_DIGEST integrityToCompare; TPM2B_DIGEST integrity; INT32 size; // // Unmarshal integrity sensitiveData = outerBuffer; size = (INT32)dataSize; result = TPM2B_DIGEST_Unmarshal(&integrity, &sensitiveData, &size); if(result == TPM_RC_SUCCESS) { // Compute integrity to compare ComputeOuterIntegrity(name, protector, hashAlg, seed, (UINT16)size, sensitiveData, &integrityToCompare); // Compare outer blob integrity if(!MemoryEqual2B(&integrity.b, &integrityToCompare.b)) return TPM_RCS_INTEGRITY; // Get the symmetric algorithm parameters used for encryption ComputeProtectionKeyParms(protector, hashAlg, name, seed, &symAlg, &keyBits, &symKey); // Retrieve IV if it is used if(useIV) { result = TPM2B_IV_Unmarshal(&ivIn, &sensitiveData, &size); if(result == TPM_RC_SUCCESS) { // The input iv size for CFB must match the encryption algorithm // block size if(ivIn.t.size != CryptGetSymmetricBlockSize(symAlg, keyBits)) result = TPM_RC_VALUE; else iv = &ivIn; } } } // If no errors, decrypt private in place. Since this function uses CFB, // CryptSymmetricDecrypt() will not return any errors. It may fail but it will // not return an error. if(result == TPM_RC_SUCCESS) CryptSymmetricDecrypt(sensitiveData, symAlg, keyBits, symKey.t.buffer, iv, TPM_ALG_CFB, (UINT16)size, sensitiveData); return result; } //*** MarshalSensitive() // This function is used to marshal a sensitive area. Among other things, it // adjusts the size of the authValue to be no smaller than the digest of // 'nameAlg'. It will also make sure that the RSA sensitive contains the right number // of values. // Returns the size of the marshaled area. static UINT16 MarshalSensitive( OBJECT *parent, // IN: the object parent (optional) BYTE *buffer, // OUT: receiving buffer TPMT_SENSITIVE *sensitive, // IN: the sensitive area to marshal TPMI_ALG_HASH nameAlg // IN: ) { BYTE *sizeField = buffer; // saved so that size can be // marshaled after it is known UINT16 retVal; // // Pad the authValue if needed MemoryPad2B(&sensitive->authValue.b, CryptHashGetDigestSize(nameAlg)); buffer += 2; // Marshal the structure #if ALG_RSA // If the sensitive size is the special case for a prime in the type if((sensitive->sensitive.rsa.t.size & RSA_prime_flag) > 0) { UINT16 sizeSave = sensitive->sensitive.rsa.t.size; // // Turn off the flag that indicates that the sensitive->sensitive contains // the CRT form of the exponent. sensitive->sensitive.rsa.t.size &= ~(RSA_prime_flag); // If the parent isn't fixedTPM, then truncate the sensitive data to be // the size of the prime. Otherwise, leave it at the current size which // is the full CRT size. if(parent == NULL || !IS_ATTRIBUTE(parent->publicArea.objectAttributes, TPMA_OBJECT, fixedTPM)) sensitive->sensitive.rsa.t.size /= 5; retVal = TPMT_SENSITIVE_Marshal(sensitive, &buffer, NULL); // Restore the flag and the size. sensitive->sensitive.rsa.t.size = sizeSave; } else #endif retVal = TPMT_SENSITIVE_Marshal(sensitive, &buffer, NULL); // Marshal the size retVal = (UINT16)(retVal + UINT16_Marshal(&retVal, &sizeField, NULL)); return retVal; } //*** SensitiveToPrivate() // This function prepare the private blob for off the chip storage // The operations in this function: // 1. marshal TPM2B_SENSITIVE structure into the buffer of TPM2B_PRIVATE // 2. apply encryption to the sensitive area. // 3. apply outer integrity computation. void SensitiveToPrivate( TPMT_SENSITIVE *sensitive, // IN: sensitive structure TPM2B_NAME *name, // IN: the name of the object OBJECT *parent, // IN: The parent object TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. This // parameter is used when parentHandle is // NULL, in which case the object is // temporary. TPM2B_PRIVATE *outPrivate // OUT: output private structure ) { BYTE *sensitiveData; // pointer to the sensitive data UINT16 dataSize; // data blob size TPMI_ALG_HASH hashAlg; // hash algorithm for integrity UINT16 integritySize; UINT16 ivSize; // pAssert(name != NULL && name->t.size != 0); // Find the hash algorithm for integrity computation if(parent == NULL) { // For Temporary Object, using self name algorithm hashAlg = nameAlg; } else { // Otherwise, using parent's name algorithm hashAlg = parent->publicArea.nameAlg; } // Starting of sensitive data without wrappers sensitiveData = outPrivate->t.buffer; // Compute the integrity size integritySize = sizeof(UINT16) + CryptHashGetDigestSize(hashAlg); // Reserve space for integrity sensitiveData += integritySize; // Get iv size ivSize = GetIV2BSize(parent); // Reserve space for iv sensitiveData += ivSize; // Marshal the sensitive area including authValue size adjustments. dataSize = MarshalSensitive(parent, sensitiveData, sensitive, nameAlg); //Produce outer wrap, including encryption and HMAC outPrivate->t.size = ProduceOuterWrap(parent, &name->b, hashAlg, NULL, TRUE, dataSize, outPrivate->t.buffer); return; } //*** PrivateToSensitive() // Unwrap a input private area. Check the integrity, decrypt and retrieve data // to a sensitive structure. // The operations in this function: // 1. check the integrity HMAC of the input private area // 2. decrypt the private buffer // 3. unmarshal TPMT_SENSITIVE structure into the buffer of TPMT_SENSITIVE // Return Type: TPM_RC // TPM_RCS_INTEGRITY if the private area integrity is bad // TPM_RC_SENSITIVE unmarshal errors while unmarshaling TPMS_ENCRYPT // from input private // TPM_RCS_SIZE error during sensitive data unmarshaling // TPM_RCS_VALUE outer wrapper does not have an iV of the correct // size TPM_RC PrivateToSensitive( TPM2B *inPrivate, // IN: input private structure TPM2B *name, // IN: the name of the object OBJECT *parent, // IN: parent object TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. It is // passed separately because we only pass // name, rather than the whole public area // of the object. This parameter is used in // the following two cases: 1. primary // objects. 2. duplication blob with inner // wrap. In other cases, this parameter // will be ignored TPMT_SENSITIVE *sensitive // OUT: sensitive structure ) { TPM_RC result; BYTE *buffer; INT32 size; BYTE *sensitiveData; // pointer to the sensitive data UINT16 dataSize; UINT16 dataSizeInput; TPMI_ALG_HASH hashAlg; // hash algorithm for integrity UINT16 integritySize; UINT16 ivSize; // // Make sure that name is provided pAssert(name != NULL && name->size != 0); // Find the hash algorithm for integrity computation // For Temporary Object (parent == NULL) use self name algorithm; // Otherwise, using parent's name algorithm hashAlg = (parent == NULL) ? nameAlg : parent->publicArea.nameAlg; // unwrap outer result = UnwrapOuter(parent, name, hashAlg, NULL, TRUE, inPrivate->size, inPrivate->buffer); if(result != TPM_RC_SUCCESS) return result; // Compute the inner integrity size. integritySize = sizeof(UINT16) + CryptHashGetDigestSize(hashAlg); // Get iv size ivSize = GetIV2BSize(parent); // The starting of sensitive data and data size without outer wrapper sensitiveData = inPrivate->buffer + integritySize + ivSize; dataSize = inPrivate->size - integritySize - ivSize; // Unmarshal input data size buffer = sensitiveData; size = (INT32)dataSize; result = UINT16_Unmarshal(&dataSizeInput, &buffer, &size); if(result == TPM_RC_SUCCESS) { if((dataSizeInput + sizeof(UINT16)) != dataSize) result = TPM_RC_SENSITIVE; else { // Unmarshal sensitive buffer to sensitive structure result = TPMT_SENSITIVE_Unmarshal(sensitive, &buffer, &size); if(result != TPM_RC_SUCCESS || size != 0) { result = TPM_RC_SENSITIVE; } } } return result; } //*** SensitiveToDuplicate() // This function prepare the duplication blob from the sensitive area. // The operations in this function: // 1. marshal TPMT_SENSITIVE structure into the buffer of TPM2B_PRIVATE // 2. apply inner wrap to the sensitive area if required // 3. apply outer wrap if required void SensitiveToDuplicate( TPMT_SENSITIVE *sensitive, // IN: sensitive structure TPM2B *name, // IN: the name of the object OBJECT *parent, // IN: The new parent object TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. It // is passed separately because we // only pass name, rather than the // whole public area of the object. TPM2B *seed, // IN: the external seed. If external // seed is provided with size of 0, // no outer wrap should be applied // to duplication blob. TPMT_SYM_DEF_OBJECT *symDef, // IN: Symmetric key definition. If the // symmetric key algorithm is NULL, // no inner wrap should be applied. TPM2B_DATA *innerSymKey, // IN/OUT: a symmetric key may be // provided to encrypt the inner // wrap of a duplication blob. May // be generated here if needed. TPM2B_PRIVATE *outPrivate // OUT: output private structure ) { BYTE *sensitiveData; // pointer to the sensitive data TPMI_ALG_HASH outerHash = TPM_ALG_NULL;// The hash algorithm for outer wrap TPMI_ALG_HASH innerHash = TPM_ALG_NULL;// The hash algorithm for inner wrap UINT16 dataSize; // data blob size BOOL doInnerWrap = FALSE; BOOL doOuterWrap = FALSE; // // Make sure that name is provided pAssert(name != NULL && name->size != 0); // Make sure symDef and innerSymKey are not NULL pAssert(symDef != NULL && innerSymKey != NULL); // Starting of sensitive data without wrappers sensitiveData = outPrivate->t.buffer; // Find out if inner wrap is required if(symDef->algorithm != TPM_ALG_NULL) { doInnerWrap = TRUE; // Use self nameAlg as inner hash algorithm innerHash = nameAlg; // Adjust sensitive data pointer sensitiveData += sizeof(UINT16) + CryptHashGetDigestSize(innerHash); } // Find out if outer wrap is required if(seed->size != 0) { doOuterWrap = TRUE; // Use parent nameAlg as outer hash algorithm outerHash = parent->publicArea.nameAlg; // Adjust sensitive data pointer sensitiveData += sizeof(UINT16) + CryptHashGetDigestSize(outerHash); } // Marshal sensitive area dataSize = MarshalSensitive(NULL, sensitiveData, sensitive, nameAlg); // Apply inner wrap for duplication blob. It includes both integrity and // encryption if(doInnerWrap) { BYTE *innerBuffer = NULL; BOOL symKeyInput = TRUE; innerBuffer = outPrivate->t.buffer; // Skip outer integrity space if(doOuterWrap) innerBuffer += sizeof(UINT16) + CryptHashGetDigestSize(outerHash); dataSize = ProduceInnerIntegrity(name, innerHash, dataSize, innerBuffer); // Generate inner encryption key if needed if(innerSymKey->t.size == 0) { innerSymKey->t.size = (symDef->keyBits.sym + 7) / 8; CryptRandomGenerate(innerSymKey->t.size, innerSymKey->t.buffer); // TPM generates symmetric encryption. Set the flag to FALSE symKeyInput = FALSE; } else { // assume the input key size should matches the symmetric definition pAssert(innerSymKey->t.size == (symDef->keyBits.sym + 7) / 8); } // Encrypt inner buffer in place CryptSymmetricEncrypt(innerBuffer, symDef->algorithm, symDef->keyBits.sym, innerSymKey->t.buffer, NULL, TPM_ALG_CFB, dataSize, innerBuffer); // If the symmetric encryption key is imported, clear the buffer for // output if(symKeyInput) innerSymKey->t.size = 0; } // Apply outer wrap for duplication blob. It includes both integrity and // encryption if(doOuterWrap) { dataSize = ProduceOuterWrap(parent, name, outerHash, seed, FALSE, dataSize, outPrivate->t.buffer); } // Data size for output outPrivate->t.size = dataSize; return; } //*** DuplicateToSensitive() // Unwrap a duplication blob. Check the integrity, decrypt and retrieve data // to a sensitive structure. // The operations in this function: // 1. check the integrity HMAC of the input private area // 2. decrypt the private buffer // 3. unmarshal TPMT_SENSITIVE structure into the buffer of TPMT_SENSITIVE // // Return Type: TPM_RC // TPM_RC_INSUFFICIENT unmarshaling sensitive data from 'inPrivate' failed // TPM_RC_INTEGRITY 'inPrivate' data integrity is broken // TPM_RC_SIZE unmarshaling sensitive data from 'inPrivate' failed TPM_RC DuplicateToSensitive( TPM2B *inPrivate, // IN: input private structure TPM2B *name, // IN: the name of the object OBJECT *parent, // IN: the parent TPM_ALG_ID nameAlg, // IN: hash algorithm in public area. TPM2B *seed, // IN: an external seed may be provided. // If external seed is provided with // size of 0, no outer wrap is // applied TPMT_SYM_DEF_OBJECT *symDef, // IN: Symmetric key definition. If the // symmetric key algorithm is NULL, // no inner wrap is applied TPM2B *innerSymKey, // IN: a symmetric key may be provided // to decrypt the inner wrap of a // duplication blob. TPMT_SENSITIVE *sensitive // OUT: sensitive structure ) { TPM_RC result; BYTE *buffer; INT32 size; BYTE *sensitiveData; // pointer to the sensitive data UINT16 dataSize; UINT16 dataSizeInput; // // Make sure that name is provided pAssert(name != NULL && name->size != 0); // Make sure symDef and innerSymKey are not NULL pAssert(symDef != NULL && innerSymKey != NULL); // Starting of sensitive data sensitiveData = inPrivate->buffer; dataSize = inPrivate->size; // Find out if outer wrap is applied if(seed->size != 0) { // Use parent nameAlg as outer hash algorithm TPMI_ALG_HASH outerHash = parent->publicArea.nameAlg; result = UnwrapOuter(parent, name, outerHash, seed, FALSE, dataSize, sensitiveData); if(result != TPM_RC_SUCCESS) return result; // Adjust sensitive data pointer and size sensitiveData += sizeof(UINT16) + CryptHashGetDigestSize(outerHash); dataSize -= sizeof(UINT16) + CryptHashGetDigestSize(outerHash); } // Find out if inner wrap is applied if(symDef->algorithm != TPM_ALG_NULL) { // assume the input key size matches the symmetric definition pAssert(innerSymKey->size == (symDef->keyBits.sym + 7) / 8); // Decrypt inner buffer in place CryptSymmetricDecrypt(sensitiveData, symDef->algorithm, symDef->keyBits.sym, innerSymKey->buffer, NULL, TPM_ALG_CFB, dataSize, sensitiveData); // Check inner integrity result = CheckInnerIntegrity(name, nameAlg, dataSize, sensitiveData); if(result != TPM_RC_SUCCESS) return result; // Adjust sensitive data pointer and size sensitiveData += sizeof(UINT16) + CryptHashGetDigestSize(nameAlg); dataSize -= sizeof(UINT16) + CryptHashGetDigestSize(nameAlg); } // Unmarshal input data size buffer = sensitiveData; size = (INT32)dataSize; result = UINT16_Unmarshal(&dataSizeInput, &buffer, &size); if(result == TPM_RC_SUCCESS) { if((dataSizeInput + sizeof(UINT16)) != dataSize) result = TPM_RC_SIZE; else { // Unmarshal sensitive buffer to sensitive structure result = TPMT_SENSITIVE_Unmarshal(sensitive, &buffer, &size); // if the results is OK make sure that all the data was unmarshaled if(result == TPM_RC_SUCCESS && size != 0) result = TPM_RC_SIZE; } } return result; } //*** SecretToCredential() // This function prepare the credential blob from a secret (a TPM2B_DIGEST) // The operations in this function: // 1. marshal TPM2B_DIGEST structure into the buffer of TPM2B_ID_OBJECT // 2. encrypt the private buffer, excluding the leading integrity HMAC area // 3. compute integrity HMAC and append to the beginning of the buffer. // 4. Set the total size of TPM2B_ID_OBJECT buffer void SecretToCredential( TPM2B_DIGEST *secret, // IN: secret information TPM2B *name, // IN: the name of the object TPM2B *seed, // IN: an external seed. OBJECT *protector, // IN: the protector TPM2B_ID_OBJECT *outIDObject // OUT: output credential ) { BYTE *buffer; // Auxiliary buffer pointer BYTE *sensitiveData; // pointer to the sensitive data TPMI_ALG_HASH outerHash; // The hash algorithm for outer wrap UINT16 dataSize; // data blob size // pAssert(secret != NULL && outIDObject != NULL); // use protector's name algorithm as outer hash ???? outerHash = protector->publicArea.nameAlg; // Marshal secret area to credential buffer, leave space for integrity sensitiveData = outIDObject->t.credential + sizeof(UINT16) + CryptHashGetDigestSize(outerHash); // Marshal secret area buffer = sensitiveData; dataSize = TPM2B_DIGEST_Marshal(secret, &buffer, NULL); // Apply outer wrap outIDObject->t.size = ProduceOuterWrap(protector, name, outerHash, seed, FALSE, dataSize, outIDObject->t.credential); return; } //*** CredentialToSecret() // Unwrap a credential. Check the integrity, decrypt and retrieve data // to a TPM2B_DIGEST structure. // The operations in this function: // 1. check the integrity HMAC of the input credential area // 2. decrypt the credential buffer // 3. unmarshal TPM2B_DIGEST structure into the buffer of TPM2B_DIGEST // // Return Type: TPM_RC // TPM_RC_INSUFFICIENT error during credential unmarshaling // TPM_RC_INTEGRITY credential integrity is broken // TPM_RC_SIZE error during credential unmarshaling // TPM_RC_VALUE IV size does not match the encryption algorithm // block size TPM_RC CredentialToSecret( TPM2B *inIDObject, // IN: input credential blob TPM2B *name, // IN: the name of the object TPM2B *seed, // IN: an external seed. OBJECT *protector, // IN: the protector TPM2B_DIGEST *secret // OUT: secret information ) { TPM_RC result; BYTE *buffer; INT32 size; TPMI_ALG_HASH outerHash; // The hash algorithm for outer wrap BYTE *sensitiveData; // pointer to the sensitive data UINT16 dataSize; // // use protector's name algorithm as outer hash outerHash = protector->publicArea.nameAlg; // Unwrap outer, a TPM_RC_INTEGRITY error may be returned at this point result = UnwrapOuter(protector, name, outerHash, seed, FALSE, inIDObject->size, inIDObject->buffer); if(result == TPM_RC_SUCCESS) { // Compute the beginning of sensitive data sensitiveData = inIDObject->buffer + sizeof(UINT16) + CryptHashGetDigestSize(outerHash); dataSize = inIDObject->size - (sizeof(UINT16) + CryptHashGetDigestSize(outerHash)); // Unmarshal secret buffer to TPM2B_DIGEST structure buffer = sensitiveData; size = (INT32)dataSize; result = TPM2B_DIGEST_Unmarshal(secret, &buffer, &size); // If there were no other unmarshaling errors, make sure that the // expected amount of data was recovered if(result == TPM_RC_SUCCESS && size != 0) return TPM_RC_SIZE; } return result; } //*** MemoryRemoveTrailingZeros() // This function is used to adjust the length of an authorization value. // It adjusts the size of the TPM2B so that it does not include octets // at the end of the buffer that contain zero. // The function returns the number of non-zero octets in the buffer. UINT16 MemoryRemoveTrailingZeros( TPM2B_AUTH *auth // IN/OUT: value to adjust ) { while((auth->t.size > 0) && (auth->t.buffer[auth->t.size - 1] == 0)) auth->t.size--; return auth->t.size; } //*** SetLabelAndContext() // This function sets the label and context for a derived key. It is possible // that 'label' or 'context' can end up being an Empty Buffer. TPM_RC SetLabelAndContext( TPMS_DERIVE *labelContext, // IN/OUT: the recovered label and // context TPM2B_SENSITIVE_DATA *sensitive // IN: the sensitive data ) { TPMS_DERIVE sensitiveValue; TPM_RC result; INT32 size; BYTE *buff; // // Unmarshal a TPMS_DERIVE from the TPM2B_SENSITIVE_DATA buffer // If there is something to unmarshal... if(sensitive->t.size != 0) { size = sensitive->t.size; buff = sensitive->t.buffer; result = TPMS_DERIVE_Unmarshal(&sensitiveValue, &buff, &size); if(result != TPM_RC_SUCCESS) return result; // If there was a label in the public area leave it there, otherwise, copy // the new value if(labelContext->label.t.size == 0) MemoryCopy2B(&labelContext->label.b, &sensitiveValue.label.b, sizeof(labelContext->label.t.buffer)); // if there was a context string in publicArea, it overrides if(labelContext->context.t.size == 0) MemoryCopy2B(&labelContext->context.b, &sensitiveValue.context.b, sizeof(labelContext->label.t.buffer)); } return TPM_RC_SUCCESS; } //*** UnmarshalToPublic() // Support function to unmarshal the template. This is used because the // Input may be a TPMT_TEMPLATE and that structure does not have the same // size as a TPMT_PUBLIC because of the difference between the 'unique' and // 'seed' fields. // If 'derive' is not NULL, then the 'seed' field is assumed to contain // a 'label' and 'context' that are unmarshaled into 'derive'. TPM_RC UnmarshalToPublic( TPMT_PUBLIC *tOut, // OUT: output TPM2B_TEMPLATE *tIn, // IN: BOOL derivation, // IN: indicates if this is for a derivation TPMS_DERIVE *labelContext// OUT: label and context if derivation ) { BYTE *buffer = tIn->t.buffer; INT32 size = tIn->t.size; TPM_RC result; // // make sure that tOut is zeroed so that there are no remnants from previous // uses MemorySet(tOut, 0, sizeof(TPMT_PUBLIC)); // Unmarshal the components of the TPMT_PUBLIC up to the unique field result = TPMI_ALG_PUBLIC_Unmarshal(&tOut->type, &buffer, &size); if(result != TPM_RC_SUCCESS) return result; result = TPMI_ALG_HASH_Unmarshal(&tOut->nameAlg, &buffer, &size, FALSE); if(result != TPM_RC_SUCCESS) return result; result = TPMA_OBJECT_Unmarshal(&tOut->objectAttributes, &buffer, &size); if(result != TPM_RC_SUCCESS) return result; result = TPM2B_DIGEST_Unmarshal(&tOut->authPolicy, &buffer, &size); if(result != TPM_RC_SUCCESS) return result; result = TPMU_PUBLIC_PARMS_Unmarshal(&tOut->parameters, &buffer, &size, tOut->type); if(result != TPM_RC_SUCCESS) return result; // Now unmarshal a TPMS_DERIVE if this is for derivation if(derivation) result = TPMS_DERIVE_Unmarshal(labelContext, &buffer, &size); else // otherwise, unmarshal a TPMU_PUBLIC_ID result = TPMU_PUBLIC_ID_Unmarshal(&tOut->unique, &buffer, &size, tOut->type); // Make sure the template was used up if((result == TPM_RC_SUCCESS) && (size != 0)) result = TPM_RC_SIZE; return result; } //*** ObjectSetExternal() // Set the external attributes for an object. void ObjectSetExternal( OBJECT *object ) { object->attributes.external = SET; }go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/ReadPublic.c000066400000000000000000000051661510276467000300050ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "ReadPublic_fp.h" #if CC_ReadPublic // Conditional expansion of this file /*(See part 3 specification) // read public area of a loaded object */ // Return Type: TPM_RC // TPM_RC_SEQUENCE can not read the public area of a sequence // object TPM_RC TPM2_ReadPublic( ReadPublic_In *in, // IN: input parameter list ReadPublic_Out *out // OUT: output parameter list ) { OBJECT *object = HandleToObject(in->objectHandle); // Input Validation // Can not read public area of a sequence object if(ObjectIsSequence(object)) return TPM_RC_SEQUENCE; // Command Output out->outPublic.publicArea = object->publicArea; out->name = object->name; out->qualifiedName = object->qualifiedName; return TPM_RC_SUCCESS; } #endif // CC_ReadPublicgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Object/Unseal.c000066400000000000000000000055621510276467000272220ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "Unseal_fp.h" #if CC_Unseal // Conditional expansion of this file /*(See part 3 specification) // return data in a sealed data blob */ // Return Type: TPM_RC // TPM_RC_ATTRIBUTES 'itemHandle' has wrong attributes // TPM_RC_TYPE 'itemHandle' is not a KEYEDHASH data object TPM_RC TPM2_Unseal( Unseal_In *in, Unseal_Out *out ) { OBJECT *object; // Input Validation // Get pointer to loaded object object = HandleToObject(in->itemHandle); // Input handle must be a data object if(object->publicArea.type != TPM_ALG_KEYEDHASH) return TPM_RCS_TYPE + RC_Unseal_itemHandle; if(IS_ATTRIBUTE(object->publicArea.objectAttributes, TPMA_OBJECT, decrypt) || IS_ATTRIBUTE(object->publicArea.objectAttributes, TPMA_OBJECT, sign) || IS_ATTRIBUTE(object->publicArea.objectAttributes, TPMA_OBJECT, restricted)) return TPM_RCS_ATTRIBUTES + RC_Unseal_itemHandle; // Command Output // Copy data out->outData = object->sensitive.sensitive.bits; return TPM_RC_SUCCESS; } #endif // CC_Unsealgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/000077500000000000000000000000001510276467000250355ustar00rootroot00000000000000go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Allocate.c000066400000000000000000000065241510276467000274400ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "PCR_Allocate_fp.h" #if CC_PCR_Allocate // Conditional expansion of this file /*(See part 3 specification) // Allocate PCR banks */ // Return Type: TPM_RC // TPM_RC_PCR the allocation did not have required PCR // TPM_RC_NV_UNAVAILABLE NV is not accessible // TPM_RC_NV_RATE NV is in a rate-limiting mode TPM_RC TPM2_PCR_Allocate( PCR_Allocate_In *in, // IN: input parameter list PCR_Allocate_Out *out // OUT: output parameter list ) { TPM_RC result; // The command needs NV update. Check if NV is available. // A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may be returned at // this point. // Note: These codes are not listed in the return values above because it is // an implementation choice to check in this routine rather than in a common // function that is called before these actions are called. These return values // are described in the Response Code section of Part 3. RETURN_IF_NV_IS_NOT_AVAILABLE; // Command Output // Call PCR Allocation function. result = PCRAllocate(&in->pcrAllocation, &out->maxPCR, &out->sizeNeeded, &out->sizeAvailable); if(result == TPM_RC_PCR) return result; // out->allocationSuccess = (result == TPM_RC_SUCCESS); // if re-configuration succeeds, set the flag to indicate PCR configuration is // going to be changed in next boot if(out->allocationSuccess == YES) g_pcrReConfig = TRUE; return TPM_RC_SUCCESS; } #endif // CC_PCR_Allocatego-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Event.c000066400000000000000000000066531510276467000270000ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "PCR_Event_fp.h" #if CC_PCR_Event // Conditional expansion of this file /*(See part 3 specification) // Update PCR */ // Return Type: TPM_RC // TPM_RC_LOCALITY current command locality is not allowed to // extend the PCR referenced by 'pcrHandle' TPM_RC TPM2_PCR_Event( PCR_Event_In *in, // IN: input parameter list PCR_Event_Out *out // OUT: output parameter list ) { HASH_STATE hashState; UINT32 i; UINT16 size; // Input Validation // If a PCR extend is required if(in->pcrHandle != TPM_RH_NULL) { // If the PCR is not allow to extend, return error if(!PCRIsExtendAllowed(in->pcrHandle)) return TPM_RC_LOCALITY; // If PCR is state saved and we need to update orderlyState, check NV // availability if(PCRIsStateSaved(in->pcrHandle)) RETURN_IF_ORDERLY; } // Internal Data Update out->digests.count = HASH_COUNT; // Iterate supported PCR bank algorithms to extend for(i = 0; i < HASH_COUNT; i++) { TPM_ALG_ID hash = CryptHashGetAlgByIndex(i); out->digests.digests[i].hashAlg = hash; size = CryptHashStart(&hashState, hash); CryptDigestUpdate2B(&hashState, &in->eventData.b); CryptHashEnd(&hashState, size, (BYTE *)&out->digests.digests[i].digest); if(in->pcrHandle != TPM_RH_NULL) PCRExtend(in->pcrHandle, hash, size, (BYTE *)&out->digests.digests[i].digest); } return TPM_RC_SUCCESS; } #endif // CC_PCR_Eventgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Extend.c000066400000000000000000000070501510276467000271360ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "PCR_Extend_fp.h" #if CC_PCR_Extend // Conditional expansion of this file /*(See part 3 specification) // Update PCR */ // Return Type: TPM_RC // TPM_RC_LOCALITY current command locality is not allowed to // extend the PCR referenced by 'pcrHandle' TPM_RC TPM2_PCR_Extend( PCR_Extend_In *in // IN: input parameter list ) { UINT32 i; // Input Validation // NOTE: This function assumes that the unmarshaling function for 'digests' will // have validated that all of the indicated hash algorithms are valid. If the // hash algorithms are correct, the unmarshaling code will unmarshal a digest // of the size indicated by the hash algorithm. If the overall size is not // consistent, the unmarshaling code will run out of input data or have input // data left over. In either case, it will cause an unmarshaling error and this // function will not be called. // For NULL handle, do nothing and return success if(in->pcrHandle == TPM_RH_NULL) return TPM_RC_SUCCESS; // Check if the extend operation is allowed by the current command locality if(!PCRIsExtendAllowed(in->pcrHandle)) return TPM_RC_LOCALITY; // If PCR is state saved and we need to update orderlyState, check NV // availability if(PCRIsStateSaved(in->pcrHandle)) RETURN_IF_ORDERLY; // Internal Data Update // Iterate input digest list to extend for(i = 0; i < in->digests.count; i++) { PCRExtend(in->pcrHandle, in->digests.digests[i].hashAlg, CryptHashGetDigestSize(in->digests.digests[i].hashAlg), (BYTE *)&in->digests.digests[i].digest); } return TPM_RC_SUCCESS; } #endif // CC_PCR_Extendgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Read.c000066400000000000000000000045511510276467000265650ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "PCR_Read_fp.h" #if CC_PCR_Read // Conditional expansion of this file /*(See part 3 specification) // Read a set of PCR */ TPM_RC TPM2_PCR_Read( PCR_Read_In *in, // IN: input parameter list PCR_Read_Out *out // OUT: output parameter list ) { // Command Output // Call PCR read function. input pcrSelectionIn parameter could be changed // to reflect the actual PCR being returned PCRRead(&in->pcrSelectionIn, &out->pcrValues, &out->pcrUpdateCounter); out->pcrSelectionOut = in->pcrSelectionIn; return TPM_RC_SUCCESS; } #endif // CC_PCR_Readgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_Reset.c000066400000000000000000000054171510276467000267760ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "PCR_Reset_fp.h" #if CC_PCR_Reset // Conditional expansion of this file /*(See part 3 specification) // Reset PCR */ // Return Type: TPM_RC // TPM_RC_LOCALITY current command locality is not allowed to // reset the PCR referenced by 'pcrHandle' TPM_RC TPM2_PCR_Reset( PCR_Reset_In *in // IN: input parameter list ) { // Input Validation // Check if the reset operation is allowed by the current command locality if(!PCRIsResetAllowed(in->pcrHandle)) return TPM_RC_LOCALITY; // If PCR is state saved and we need to update orderlyState, check NV // availability if(PCRIsStateSaved(in->pcrHandle)) RETURN_IF_ORDERLY; // Internal Data Update // Reset selected PCR in all banks to 0 PCRSetValue(in->pcrHandle, 0); // Indicate that the PCR changed so that pcrCounter will be incremented if // necessary. PCRChanged(in->pcrHandle); return TPM_RC_SUCCESS; } #endif // CC_PCR_Resetgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_SetAuthPolicy.c000066400000000000000000000063531510276467000304510ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "PCR_SetAuthPolicy_fp.h" #if CC_PCR_SetAuthPolicy // Conditional expansion of this file /*(See part 3 specification) // Set authPolicy to a group of PCR */ // Return Type: TPM_RC // TPM_RC_SIZE size of 'authPolicy' is not the size of a digest // produced by 'policyDigest' // TPM_RC_VALUE PCR referenced by 'pcrNum' is not a member // of a PCR policy group TPM_RC TPM2_PCR_SetAuthPolicy( PCR_SetAuthPolicy_In *in // IN: input parameter list ) { UINT32 groupIndex; // The command needs NV update. Check if NV is available. // A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may be returned at // this point RETURN_IF_NV_IS_NOT_AVAILABLE; // Input Validation: // Check the authPolicy consistent with hash algorithm if(in->authPolicy.t.size != CryptHashGetDigestSize(in->hashAlg)) return TPM_RCS_SIZE + RC_PCR_SetAuthPolicy_authPolicy; // If PCR does not belong to a policy group, return TPM_RC_VALUE if(!PCRBelongsPolicyGroup(in->pcrNum, &groupIndex)) return TPM_RCS_VALUE + RC_PCR_SetAuthPolicy_pcrNum; // Internal Data Update // Set PCR policy gp.pcrPolicies.hashAlg[groupIndex] = in->hashAlg; gp.pcrPolicies.policy[groupIndex] = in->authPolicy; // Save new policy to NV NV_SYNC_PERSISTENT(pcrPolicies); return TPM_RC_SUCCESS; } #endif // CC_PCR_SetAuthPolicygo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/PCR/PCR_SetAuthValue.c000066400000000000000000000055601510276467000302650ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "PCR_SetAuthValue_fp.h" #if CC_PCR_SetAuthValue // Conditional expansion of this file /*(See part 3 specification) // Set authValue to a group of PCR */ // Return Type: TPM_RC // TPM_RC_VALUE PCR referenced by 'pcrHandle' is not a member // of a PCR authorization group TPM_RC TPM2_PCR_SetAuthValue( PCR_SetAuthValue_In *in // IN: input parameter list ) { UINT32 groupIndex; // Input Validation: // If PCR does not belong to an auth group, return TPM_RC_VALUE if(!PCRBelongsAuthGroup(in->pcrHandle, &groupIndex)) return TPM_RC_VALUE; // The command may cause the orderlyState to be cleared due to the update of // state clear data. If this is the case, Check if NV is available. // A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may be returned at // this point RETURN_IF_ORDERLY; // Internal Data Update // Set PCR authValue MemoryRemoveTrailingZeros(&in->auth); gc.pcrAuthValues.auth[groupIndex] = in->auth; return TPM_RC_SUCCESS; } #endif // CC_PCR_SetAuthValuego-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Random/000077500000000000000000000000001510276467000256315ustar00rootroot00000000000000go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Random/GetRandom.c000066400000000000000000000047461510276467000276700ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "GetRandom_fp.h" #if CC_GetRandom // Conditional expansion of this file /*(See part 3 specification) // random number generator */ TPM_RC TPM2_GetRandom( GetRandom_In *in, // IN: input parameter list GetRandom_Out *out // OUT: output parameter list ) { // Command Output // if the requested bytes exceed the output buffer size, generates the // maximum bytes that the output buffer allows if(in->bytesRequested > sizeof(TPMU_HA)) out->randomBytes.t.size = sizeof(TPMU_HA); else out->randomBytes.t.size = in->bytesRequested; CryptRandomGenerate(out->randomBytes.t.size, out->randomBytes.t.buffer); return TPM_RC_SUCCESS; } #endif // CC_GetRandomgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Random/StirRandom.c000066400000000000000000000041731510276467000300640ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "StirRandom_fp.h" #if CC_StirRandom // Conditional expansion of this file /*(See part 3 specification) // add entropy to the RNG state */ TPM_RC TPM2_StirRandom( StirRandom_In *in // IN: input parameter list ) { // Internal Data Update CryptRandomStir(in->inData.t.size, in->inData.t.buffer); return TPM_RC_SUCCESS; } #endif // CC_StirRandomgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Session/000077500000000000000000000000001510276467000260345ustar00rootroot00000000000000go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Session/PolicyRestart.c000066400000000000000000000042501510276467000310050ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "PolicyRestart_fp.h" #if CC_PolicyRestart // Conditional expansion of this file /*(See part 3 specification) // Restore a policy session to its initial state */ TPM_RC TPM2_PolicyRestart( PolicyRestart_In *in // IN: input parameter list ) { // Initialize policy session data SessionResetPolicyData(SessionGet(in->sessionHandle)); return TPM_RC_SUCCESS; } #endif // CC_PolicyRestartgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Session/StartAuthSession.c000066400000000000000000000174671510276467000315020ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "StartAuthSession_fp.h" #if CC_StartAuthSession // Conditional expansion of this file /*(See part 3 specification) // Start an authorization session */ // Return Type: TPM_RC // TPM_RC_ATTRIBUTES 'tpmKey' does not reference a decrypt key // TPM_RC_CONTEXT_GAP the difference between the most recently created // active context and the oldest active context is at // the limits of the TPM // TPM_RC_HANDLE input decrypt key handle only has public portion // loaded // TPM_RC_MODE 'symmetric' specifies a block cipher but the mode // is not TPM_ALG_CFB. // TPM_RC_SESSION_HANDLES no session handle is available // TPM_RC_SESSION_MEMORY no more slots for loading a session // TPM_RC_SIZE nonce less than 16 octets or greater than the size // of the digest produced by 'authHash' // TPM_RC_VALUE secret size does not match decrypt key type; or the // recovered secret is larger than the digest size of // the nameAlg of 'tpmKey'; or, for an RSA decrypt key, // if 'encryptedSecret' is greater than the // public modulus of 'tpmKey'. TPM_RC TPM2_StartAuthSession( StartAuthSession_In *in, // IN: input parameter buffer StartAuthSession_Out *out // OUT: output parameter buffer ) { TPM_RC result = TPM_RC_SUCCESS; OBJECT *tpmKey; // TPM key for decrypt salt TPM2B_DATA salt; // Input Validation // Check input nonce size. IT should be at least 16 bytes but not larger // than the digest size of session hash. if(in->nonceCaller.t.size < 16 || in->nonceCaller.t.size > CryptHashGetDigestSize(in->authHash)) return TPM_RCS_SIZE + RC_StartAuthSession_nonceCaller; // If an decrypt key is passed in, check its validation if(in->tpmKey != TPM_RH_NULL) { // Get pointer to loaded decrypt key tpmKey = HandleToObject(in->tpmKey); // key must be asymmetric with its sensitive area loaded. Since this // command does not require authorization, the presence of the sensitive // area was not already checked as it is with most other commands that // use the sensitive are so check it here if(!CryptIsAsymAlgorithm(tpmKey->publicArea.type)) return TPM_RCS_KEY + RC_StartAuthSession_tpmKey; // secret size cannot be 0 if(in->encryptedSalt.t.size == 0) return TPM_RCS_VALUE + RC_StartAuthSession_encryptedSalt; // Decrypting salt requires accessing the private portion of a key. // Therefore, tmpKey can not be a key with only public portion loaded if(tpmKey->attributes.publicOnly) return TPM_RCS_HANDLE + RC_StartAuthSession_tpmKey; // HMAC session input handle check. // tpmKey should be a decryption key if(!IS_ATTRIBUTE(tpmKey->publicArea.objectAttributes, TPMA_OBJECT, decrypt)) return TPM_RCS_ATTRIBUTES + RC_StartAuthSession_tpmKey; // Secret Decryption. A TPM_RC_VALUE, TPM_RC_KEY or Unmarshal errors // may be returned at this point result = CryptSecretDecrypt(tpmKey, &in->nonceCaller, SECRET_KEY, &in->encryptedSalt, &salt); if(result != TPM_RC_SUCCESS) return TPM_RCS_VALUE + RC_StartAuthSession_encryptedSalt; } else { // secret size must be 0 if(in->encryptedSalt.t.size != 0) return TPM_RCS_VALUE + RC_StartAuthSession_encryptedSalt; salt.t.size = 0; } switch(HandleGetType(in->bind)) { case TPM_HT_TRANSIENT: { OBJECT *object = HandleToObject(in->bind); // If the bind handle references a transient object, make sure that we // can get to the authorization value. Also, make sure that the object // has a proper Name (nameAlg != TPM_ALG_NULL). If it doesn't, then // it might be possible to bind to an object where the authValue is // known. This does not create a real issue in that, if you know the // authorization value, you can actually bind to the object. However, // there is a potential if(object->attributes.publicOnly == SET) return TPM_RCS_HANDLE + RC_StartAuthSession_bind; break; } case TPM_HT_NV_INDEX: // a PIN index can't be a bind object { NV_INDEX *nvIndex = NvGetIndexInfo(in->bind, NULL); if(IsNvPinPassIndex(nvIndex->publicArea.attributes) || IsNvPinFailIndex(nvIndex->publicArea.attributes)) return TPM_RCS_HANDLE + RC_StartAuthSession_bind; break; } default: break; } // If 'symmetric' is a symmetric block cipher (not TPM_ALG_NULL or TPM_ALG_XOR) // then the mode must be CFB. if(in->symmetric.algorithm != TPM_ALG_NULL && in->symmetric.algorithm != TPM_ALG_XOR && in->symmetric.mode.sym != TPM_ALG_CFB) return TPM_RCS_MODE + RC_StartAuthSession_symmetric; // Internal Data Update and command output // Create internal session structure. TPM_RC_CONTEXT_GAP, TPM_RC_NO_HANDLES // or TPM_RC_SESSION_MEMORY errors may be returned at this point. // // The detailed actions for creating the session context are not shown here // as the details are implementation dependent // SessionCreate sets the output handle and nonceTPM result = SessionCreate(in->sessionType, in->authHash, &in->nonceCaller, &in->symmetric, in->bind, &salt, &out->sessionHandle, &out->nonceTPM); return result; } #endif // CC_StartAuthSessiongo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Signature/000077500000000000000000000000001510276467000263525ustar00rootroot00000000000000go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Signature/Sign.c000066400000000000000000000114371510276467000274240ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "Sign_fp.h" #if CC_Sign // Conditional expansion of this file #include "Attest_spt_fp.h" /*(See part 3 specification) // sign an externally provided hash using an asymmetric signing key */ // Return Type: TPM_RC // TPM_RC_BINDING The public and private portions of the key are not // properly bound. // TPM_RC_KEY 'signHandle' does not reference a signing key; // TPM_RC_SCHEME the scheme is not compatible with sign key type, // or input scheme is not compatible with default // scheme, or the chosen scheme is not a valid // sign scheme // TPM_RC_TICKET 'validation' is not a valid ticket // TPM_RC_VALUE the value to sign is larger than allowed for the // type of 'keyHandle' TPM_RC TPM2_Sign( Sign_In *in, // IN: input parameter list Sign_Out *out // OUT: output parameter list ) { TPM_RC result; TPMT_TK_HASHCHECK ticket; OBJECT *signObject = HandleToObject(in->keyHandle); // // Input Validation if(!IsSigningObject(signObject)) return TPM_RCS_KEY + RC_Sign_keyHandle; // A key that will be used for x.509 signatures can't be used in TPM2_Sign(). if(IS_ATTRIBUTE(signObject->publicArea.objectAttributes, TPMA_OBJECT, x509sign)) return TPM_RCS_ATTRIBUTES + RC_Sign_keyHandle; // pick a scheme for sign. If the input sign scheme is not compatible with // the default scheme, return an error. if(!CryptSelectSignScheme(signObject, &in->inScheme)) return TPM_RCS_SCHEME + RC_Sign_inScheme; // If validation is provided, or the key is restricted, check the ticket if(in->validation.digest.t.size != 0 || IS_ATTRIBUTE(signObject->publicArea.objectAttributes, TPMA_OBJECT, restricted)) { // Compute and compare ticket TicketComputeHashCheck(in->validation.hierarchy, in->inScheme.details.any.hashAlg, &in->digest, &ticket); if(!MemoryEqual2B(&in->validation.digest.b, &ticket.digest.b)) return TPM_RCS_TICKET + RC_Sign_validation; } else // If we don't have a ticket, at least verify that the provided 'digest' // is the size of the scheme hashAlg digest. // NOTE: this does not guarantee that the 'digest' is actually produced using // the indicated hash algorithm, but at least it might be. { if(in->digest.t.size != CryptHashGetDigestSize(in->inScheme.details.any.hashAlg)) return TPM_RCS_SIZE + RC_Sign_digest; } // Command Output // Sign the hash. A TPM_RC_VALUE or TPM_RC_SCHEME // error may be returned at this point result = CryptSign(signObject, &in->inScheme, &in->digest, &out->signature); return result; } #endif // CC_Signgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Signature/VerifySignature.c000066400000000000000000000075771510276467000316640ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "VerifySignature_fp.h" #if CC_VerifySignature // Conditional expansion of this file /*(See part 3 specification) // This command uses loaded key to validate an asymmetric signature on a message // with the message digest passed to the TPM. */ // Return Type: TPM_RC // TPM_RC_ATTRIBUTES 'keyHandle' does not reference a signing key // TPM_RC_SIGNATURE signature is not genuine // TPM_RC_SCHEME CryptValidateSignature() // TPM_RC_HANDLE the input handle is references an HMAC key but // the private portion is not loaded TPM_RC TPM2_VerifySignature( VerifySignature_In *in, // IN: input parameter list VerifySignature_Out *out // OUT: output parameter list ) { TPM_RC result; OBJECT *signObject = HandleToObject(in->keyHandle); TPMI_RH_HIERARCHY hierarchy; // Input Validation // The object to validate the signature must be a signing key. if(!IS_ATTRIBUTE(signObject->publicArea.objectAttributes, TPMA_OBJECT, sign)) return TPM_RCS_ATTRIBUTES + RC_VerifySignature_keyHandle; // Validate Signature. TPM_RC_SCHEME, TPM_RC_HANDLE or TPM_RC_SIGNATURE // error may be returned by CryptCVerifySignatrue() result = CryptValidateSignature(in->keyHandle, &in->digest, &in->signature); if(result != TPM_RC_SUCCESS) return RcSafeAddToResult(result, RC_VerifySignature_signature); // Command Output hierarchy = GetHeriarchy(in->keyHandle); if(hierarchy == TPM_RH_NULL || signObject->publicArea.nameAlg == TPM_ALG_NULL) { // produce empty ticket if hierarchy is TPM_RH_NULL or nameAlg is // ALG_NULL out->validation.tag = TPM_ST_VERIFIED; out->validation.hierarchy = TPM_RH_NULL; out->validation.digest.t.size = 0; } else { // Compute ticket TicketComputeVerified(hierarchy, &in->digest, &signObject->name, &out->validation); } return TPM_RC_SUCCESS; } #endif // CC_VerifySignaturego-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Startup/000077500000000000000000000000001510276467000260535ustar00rootroot00000000000000go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Startup/Shutdown.c000066400000000000000000000072151510276467000300370ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "Shutdown_fp.h" #if CC_Shutdown // Conditional expansion of this file /*(See part 3 specification) // Shut down TPM for power off */ // Return Type: TPM_RC // TPM_RC_TYPE if PCR bank has been re-configured, a // CLEAR StateSave is required TPM_RC TPM2_Shutdown( Shutdown_In *in // IN: input parameter list ) { // The command needs NV update. Check if NV is available. // A TPM_RC_NV_UNAVAILABLE or TPM_RC_NV_RATE error may be returned at // this point RETURN_IF_NV_IS_NOT_AVAILABLE; // Input Validation // If PCR bank has been reconfigured, a CLEAR state save is required if(g_pcrReConfig && in->shutdownType == TPM_SU_STATE) return TPM_RCS_TYPE + RC_Shutdown_shutdownType; // Internal Data Update gp.orderlyState = in->shutdownType; // PCR private date state save PCRStateSave(in->shutdownType); // Save RAM backed NV index data NvUpdateIndexOrderlyData(); #if ACCUMULATE_SELF_HEAL_TIMER // Save the current time value go.time = g_time; #endif // Save all orderly data NvWrite(NV_ORDERLY_DATA, sizeof(ORDERLY_DATA), &go); if(in->shutdownType == TPM_SU_STATE) { // Save STATE_RESET and STATE_CLEAR data NvWrite(NV_STATE_CLEAR_DATA, sizeof(STATE_CLEAR_DATA), &gc); NvWrite(NV_STATE_RESET_DATA, sizeof(STATE_RESET_DATA), &gr); // Save the startup flags for resume if(g_DrtmPreStartup) gp.orderlyState = TPM_SU_STATE | PRE_STARTUP_FLAG; else if(g_StartupLocality3) gp.orderlyState = TPM_SU_STATE | STARTUP_LOCALITY_3; } // only two shutdown options. else if(in->shutdownType != TPM_SU_CLEAR) return TPM_RCS_VALUE + RC_Shutdown_shutdownType; NV_SYNC_PERSISTENT(orderlyState); return TPM_RC_SUCCESS; } #endif // CC_Shutdowngo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Startup/Startup.c000066400000000000000000000233311510276467000276630ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "Startup_fp.h" #if CC_Startup // Conditional expansion of this file /*(See part 3 specification) // Initialize TPM because a system-wide reset */ // Return Type: TPM_RC // TPM_RC_LOCALITY a Startup(STATE) does not have the same H-CRTM // state as the previous Startup() or the locality // of the startup is not 0 pr 3 // TPM_RC_NV_UNINITIALIZED the saved state cannot be recovered and a // Startup(CLEAR) is required. // TPM_RC_VALUE start up type is not compatible with previous // shutdown sequence TPM_RC TPM2_Startup( Startup_In *in // IN: input parameter list ) { STARTUP_TYPE startup; BYTE locality = _plat__LocalityGet(); BOOL OK = TRUE; // // The command needs NV update. RETURN_IF_NV_IS_NOT_AVAILABLE; // Get the flags for the current startup locality and the H-CRTM. // Rather than generalizing the locality setting, this code takes advantage // of the fact that the PC Client specification only allows Startup() // from locality 0 and 3. To generalize this probably would require a // redo of the NV space and since this is a feature that is hardly ever used // outside of the PC Client, this code just support the PC Client needs. // Input Validation // Check that the locality is a supported value if(locality != 0 && locality != 3) return TPM_RC_LOCALITY; // If there was a H-CRTM, then treat the locality as being 3 // regardless of what the Startup() was. This is done to preserve the // H-CRTM PCR so that they don't get overwritten with the normal // PCR startup initialization. This basically means that g_StartupLocality3 // and g_DrtmPreStartup can't both be SET at the same time. if(g_DrtmPreStartup) locality = 0; g_StartupLocality3 = (locality == 3); #if USE_DA_USED // If there was no orderly shutdown, then their might have been a write to // failedTries that didn't get recorded but only if g_daUsed was SET in the // shutdown state g_daUsed = (gp.orderlyState == SU_DA_USED_VALUE); if(g_daUsed) gp.orderlyState = SU_NONE_VALUE; #endif g_prevOrderlyState = gp.orderlyState; // If there was a proper shutdown, then the startup modifiers are in the // orderlyState. Turn them off in the copy. if(IS_ORDERLY(g_prevOrderlyState)) g_prevOrderlyState &= ~(PRE_STARTUP_FLAG | STARTUP_LOCALITY_3); // If this is a Resume, if(in->startupType == TPM_SU_STATE) { // then there must have been a prior TPM2_ShutdownState(STATE) if(g_prevOrderlyState != TPM_SU_STATE) return TPM_RCS_VALUE + RC_Startup_startupType; // and the part of NV used for state save must have been recovered // correctly. // NOTE: if this fails, then the caller will need to do Startup(CLEAR). The // code for Startup(Clear) cannot fail if the NV can't be read correctly // because that would prevent the TPM from ever getting unstuck. if(g_nvOk == FALSE) return TPM_RC_NV_UNINITIALIZED; // For Resume, the H-CRTM has to be the same as the previous boot if(g_DrtmPreStartup != ((gp.orderlyState & PRE_STARTUP_FLAG) != 0)) return TPM_RCS_VALUE + RC_Startup_startupType; if(g_StartupLocality3 != ((gp.orderlyState & STARTUP_LOCALITY_3) != 0)) return TPM_RC_LOCALITY; } // Clean up the gp state gp.orderlyState = g_prevOrderlyState; // Internal Date Update if((gp.orderlyState == TPM_SU_STATE) && (g_nvOk == TRUE)) { // Always read the data that is only cleared on a Reset because this is not // a reset NvRead(&gr, NV_STATE_RESET_DATA, sizeof(gr)); if(in->startupType == TPM_SU_STATE) { // If this is a startup STATE (a Resume) need to read the data // that is cleared on a startup CLEAR because this is not a Reset // or Restart. NvRead(&gc, NV_STATE_CLEAR_DATA, sizeof(gc)); startup = SU_RESUME; } else startup = SU_RESTART; } else // Will do a TPM reset if Shutdown(CLEAR) and Startup(CLEAR) or no shutdown // or there was a failure reading the NV data. startup = SU_RESET; // Startup for cryptographic library. Don't do this until after the orderly // state has been read in from NV. OK = OK && CryptStartup(startup); // When the cryptographic library has been started, indicate that a TPM2_Startup // command has been received. OK = OK && TPMRegisterStartup(); #ifdef VENDOR_PERMANENT // Read the platform unique value that is used as VENDOR_PERMANENT // authorization value g_platformUniqueDetails.t.size = (UINT16)_plat__GetUnique(1, sizeof(g_platformUniqueDetails.t.buffer), g_platformUniqueDetails.t.buffer); #endif // Start up subsystems // Start set the safe flag OK = OK && TimeStartup(startup); // Start dictionary attack subsystem OK = OK && DAStartup(startup); // Enable hierarchies OK = OK && HierarchyStartup(startup); // Restore/Initialize PCR OK = OK && PCRStartup(startup, locality); // Restore/Initialize command audit information OK = OK && CommandAuditStartup(startup); //// The following code was moved from Time.c where it made no sense if(OK) { switch(startup) { case SU_RESUME: // Resume sequence gr.restartCount++; break; case SU_RESTART: // Hibernate sequence gr.clearCount++; gr.restartCount++; break; default: // Reset object context ID to 0 gr.objectContextID = 0; // Reset clearCount to 0 gr.clearCount = 0; // Reset sequence // Increase resetCount gp.resetCount++; // Write resetCount to NV NV_SYNC_PERSISTENT(resetCount); gp.totalResetCount++; // We do not expect the total reset counter overflow during the life // time of TPM. if it ever happens, TPM will be put to failure mode // and there is no way to recover it. // The reason that there is no recovery is that we don't increment // the NV totalResetCount when incrementing would make it 0. When the // TPM starts up again, the old value of totalResetCount will be read // and we will get right back to here with the increment failing. if(gp.totalResetCount == 0) FAIL(FATAL_ERROR_INTERNAL); // Write total reset counter to NV NV_SYNC_PERSISTENT(totalResetCount); // Reset restartCount gr.restartCount = 0; break; } } // Initialize session table OK = OK && SessionStartup(startup); // Initialize object table OK = OK && ObjectStartup(); // Initialize index/evict data. This function clears read/write locks // in NV index OK = OK && NvEntityStartup(startup); // Initialize the orderly shut down flag for this cycle to SU_NONE_VALUE. gp.orderlyState = SU_NONE_VALUE; OK = OK && NV_SYNC_PERSISTENT(orderlyState); // This can be reset after the first completion of a TPM2_Startup() after // a power loss. It can probably be reset earlier but this is an OK place. if(OK) g_powerWasLost = FALSE; return (OK) ? TPM_RC_SUCCESS : TPM_RC_FAILURE; } #endif // CC_Startupgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/000077500000000000000000000000001510276467000263655ustar00rootroot00000000000000go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/EncryptDecrypt.c000066400000000000000000000157521510276467000315220ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "EncryptDecrypt_fp.h" #if CC_EncryptDecrypt2 #include "EncryptDecrypt_spt_fp.h" #endif #if CC_EncryptDecrypt // Conditional expansion of this file /*(See part 3 specification) // symmetric encryption or decryption */ // Return Type: TPM_RC // TPM_RC_KEY is not a symmetric decryption key with both // public and private portions loaded // TPM_RC_SIZE 'IvIn' size is incompatible with the block cipher mode; // or 'inData' size is not an even multiple of the block // size for CBC or ECB mode // TPM_RC_VALUE 'keyHandle' is restricted and the argument 'mode' does // not match the key's mode TPM_RC TPM2_EncryptDecrypt( EncryptDecrypt_In *in, // IN: input parameter list EncryptDecrypt_Out *out // OUT: output parameter list ) { #if CC_EncryptDecrypt2 return EncryptDecryptShared(in->keyHandle, in->decrypt, in->mode, &in->ivIn, &in->inData, out); #else OBJECT *symKey; UINT16 keySize; UINT16 blockSize; BYTE *key; TPM_ALG_ID alg; TPM_ALG_ID mode; TPM_RC result; BOOL OK; TPMA_OBJECT attributes; // Input Validation symKey = HandleToObject(in->keyHandle); mode = symKey->publicArea.parameters.symDetail.sym.mode.sym; attributes = symKey->publicArea.objectAttributes; // The input key should be a symmetric key if(symKey->publicArea.type != TPM_ALG_SYMCIPHER) return TPM_RCS_KEY + RC_EncryptDecrypt_keyHandle; // The key must be unrestricted and allow the selected operation OK = IS_ATTRIBUTE(attributes, TPMA_OBJECT, restricted) if(YES == in->decrypt) OK = OK && IS_ATTRIBUTE(attributes, TPMA_OBJECT, decrypt); else OK = OK && IS_ATTRIBUTE(attributes, TPMA_OBJECT, sign); if(!OK) return TPM_RCS_ATTRIBUTES + RC_EncryptDecrypt_keyHandle; // If the key mode is not TPM_ALG_NULL... // or TPM_ALG_NULL if(mode != TPM_ALG_NULL) { // then the input mode has to be TPM_ALG_NULL or the same as the key if((in->mode != TPM_ALG_NULL) && (in->mode != mode)) return TPM_RCS_MODE + RC_EncryptDecrypt_mode; } else { // if the key mode is null, then the input can't be null if(in->mode == TPM_ALG_NULL) return TPM_RCS_MODE + RC_EncryptDecrypt_mode; mode = in->mode; } // The input iv for ECB mode should be an Empty Buffer. All the other modes // should have an iv size same as encryption block size keySize = symKey->publicArea.parameters.symDetail.sym.keyBits.sym; alg = symKey->publicArea.parameters.symDetail.sym.algorithm; blockSize = CryptGetSymmetricBlockSize(alg, keySize); // reverify the algorithm. This is mainly to keep static analysis tools happy if(blockSize == 0) return TPM_RCS_KEY + RC_EncryptDecrypt_keyHandle; // Note: When an algorithm is not supported by a TPM, the TPM_ALG_xxx for that // algorithm is not defined. However, it is assumed that the ALG_xxx_VALUE for // the algorithm is always defined. Both have the same numeric value. // ALG_xxx_VALUE is used here so that the code does not get cluttered with // #ifdef's. Having this check does not mean that the algorithm is supported. // If it was not supported the unmarshaling code would have rejected it before // this function were called. This means that, depending on the implementation, // the check could be redundant but it doesn't hurt. if(((mode == ALG_ECB_VALUE) && (in->ivIn.t.size != 0)) || ((mode != ALG_ECB_VALUE) && (in->ivIn.t.size != blockSize))) return TPM_RCS_SIZE + RC_EncryptDecrypt_ivIn; // The input data size of CBC mode or ECB mode must be an even multiple of // the symmetric algorithm's block size if(((mode == ALG_CBC_VALUE) || (mode == ALG_ECB_VALUE)) && ((in->inData.t.size % blockSize) != 0)) return TPM_RCS_SIZE + RC_EncryptDecrypt_inData; // Copy IV // Note: This is copied here so that the calls to the encrypt/decrypt functions // will modify the output buffer, not the input buffer out->ivOut = in->ivIn; // Command Output key = symKey->sensitive.sensitive.sym.t.buffer; // For symmetric encryption, the cipher data size is the same as plain data // size. out->outData.t.size = in->inData.t.size; if(in->decrypt == YES) { // Decrypt data to output result = CryptSymmetricDecrypt(out->outData.t.buffer, alg, keySize, key, &(out->ivOut), mode, in->inData.t.size, in->inData.t.buffer); } else { // Encrypt data to output result = CryptSymmetricEncrypt(out->outData.t.buffer, alg, keySize, key, &(out->ivOut), mode, in->inData.t.size, in->inData.t.buffer); } return result; #endif // CC_EncryptDecrypt2 } #endif // CC_EncryptDecryptgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/EncryptDecrypt2.c000066400000000000000000000070731510276467000316010ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "EncryptDecrypt2_fp.h" #include "EncryptDecrypt_fp.h" #include "EncryptDecrypt_spt_fp.h" #if CC_EncryptDecrypt2 // Conditional expansion of this file /*(See part 3 specification) // symmetric encryption or decryption using modified parameter list */ // Return Type: TPM_RC // TPM_RC_KEY is not a symmetric decryption key with both // public and private portions loaded // TPM_RC_SIZE 'IvIn' size is incompatible with the block cipher mode; // or 'inData' size is not an even multiple of the block // size for CBC or ECB mode // TPM_RC_VALUE 'keyHandle' is restricted and the argument 'mode' does // not match the key's mode TPM_RC TPM2_EncryptDecrypt2( EncryptDecrypt2_In *in, // IN: input parameter list EncryptDecrypt2_Out *out // OUT: output parameter list ) { TPM_RC result; // EncryptDecyrptShared() performs the operations as shown in // TPM2_EncrypDecrypt result = EncryptDecryptShared(in->keyHandle, in->decrypt, in->mode, &in->ivIn, &in->inData, (EncryptDecrypt_Out *)out); // Handle response code swizzle. switch(result) { case TPM_RCS_MODE + RC_EncryptDecrypt_mode: result = TPM_RCS_MODE + RC_EncryptDecrypt2_mode; break; case TPM_RCS_SIZE + RC_EncryptDecrypt_ivIn: result = TPM_RCS_SIZE + RC_EncryptDecrypt2_ivIn; break; case TPM_RCS_SIZE + RC_EncryptDecrypt_inData: result = TPM_RCS_SIZE + RC_EncryptDecrypt2_inData; break; default: break; } return result; } #endif // CC_EncryptDecrypt2go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/EncryptDecrypt_spt.c000066400000000000000000000157621510276467000324110ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "EncryptDecrypt_fp.h" #include "EncryptDecrypt_spt_fp.h" #if CC_EncryptDecrypt2 /*(See part 3 specification) // symmetric encryption or decryption */ // Return Type: TPM_RC // TPM_RC_KEY is not a symmetric decryption key with both // public and private portions loaded // TPM_RC_SIZE 'IvIn' size is incompatible with the block cipher mode; // or 'inData' size is not an even multiple of the block // size for CBC or ECB mode // TPM_RC_VALUE 'keyHandle' is restricted and the argument 'mode' does // not match the key's mode TPM_RC EncryptDecryptShared( TPMI_DH_OBJECT keyHandleIn, TPMI_YES_NO decryptIn, TPMI_ALG_SYM_MODE modeIn, TPM2B_IV *ivIn, TPM2B_MAX_BUFFER *inData, EncryptDecrypt_Out *out ) { OBJECT *symKey; UINT16 keySize; UINT16 blockSize; BYTE *key; TPM_ALG_ID alg; TPM_ALG_ID mode; TPM_RC result; BOOL OK; // Input Validation symKey = HandleToObject(keyHandleIn); mode = symKey->publicArea.parameters.symDetail.sym.mode.sym; // The input key should be a symmetric key if(symKey->publicArea.type != TPM_ALG_SYMCIPHER) return TPM_RCS_KEY + RC_EncryptDecrypt_keyHandle; // The key must be unrestricted and allow the selected operation OK = !IS_ATTRIBUTE(symKey->publicArea.objectAttributes, TPMA_OBJECT, restricted); if(YES == decryptIn) OK = OK && IS_ATTRIBUTE(symKey->publicArea.objectAttributes, TPMA_OBJECT, decrypt); else OK = OK && IS_ATTRIBUTE(symKey->publicArea.objectAttributes, TPMA_OBJECT, sign); if(!OK) return TPM_RCS_ATTRIBUTES + RC_EncryptDecrypt_keyHandle; // Make sure that key is an encrypt/decrypt key and not SMAC if(!CryptSymModeIsValid(mode, TRUE)) return TPM_RCS_MODE + RC_EncryptDecrypt_keyHandle; // If the key mode is not TPM_ALG_NULL... // or TPM_ALG_NULL if(mode != TPM_ALG_NULL) { // then the input mode has to be TPM_ALG_NULL or the same as the key if((modeIn != TPM_ALG_NULL) && (modeIn != mode)) return TPM_RCS_MODE + RC_EncryptDecrypt_mode; } else { // if the key mode is null, then the input can't be null if(modeIn == TPM_ALG_NULL) return TPM_RCS_MODE + RC_EncryptDecrypt_mode; mode = modeIn; } // The input iv for ECB mode should be an Empty Buffer. All the other modes // should have an iv size same as encryption block size keySize = symKey->publicArea.parameters.symDetail.sym.keyBits.sym; alg = symKey->publicArea.parameters.symDetail.sym.algorithm; blockSize = CryptGetSymmetricBlockSize(alg, keySize); // reverify the algorithm. This is mainly to keep static analysis tools happy if(blockSize == 0) return TPM_RCS_KEY + RC_EncryptDecrypt_keyHandle; // Note: When an algorithm is not supported by a TPM, the TPM_ALG_xxx for that // algorithm is not defined. However, it is assumed that the ALG_xxx_VALUE for // the algorithm is always defined. Both have the same numeric value. // ALG_xxx_VALUE is used here so that the code does not get cluttered with // #ifdef's. Having this check does not mean that the algorithm is supported. // If it was not supported the unmarshaling code would have rejected it before // this function were called. This means that, depending on the implementation, // the check could be redundant but it doesn't hurt. if(((mode == ALG_ECB_VALUE) && (ivIn->t.size != 0)) || ((mode != ALG_ECB_VALUE) && (ivIn->t.size != blockSize))) return TPM_RCS_SIZE + RC_EncryptDecrypt_ivIn; // The input data size of CBC mode or ECB mode must be an even multiple of // the symmetric algorithm's block size if(((mode == ALG_CBC_VALUE) || (mode == ALG_ECB_VALUE)) && ((inData->t.size % blockSize) != 0)) return TPM_RCS_SIZE + RC_EncryptDecrypt_inData; // Copy IV // Note: This is copied here so that the calls to the encrypt/decrypt functions // will modify the output buffer, not the input buffer out->ivOut = *ivIn; // Command Output key = symKey->sensitive.sensitive.sym.t.buffer; // For symmetric encryption, the cipher data size is the same as plain data // size. out->outData.t.size = inData->t.size; if(decryptIn == YES) { // Decrypt data to output result = CryptSymmetricDecrypt(out->outData.t.buffer, alg, keySize, key, &(out->ivOut), mode, inData->t.size, inData->t.buffer); } else { // Encrypt data to output result = CryptSymmetricEncrypt(out->outData.t.buffer, alg, keySize, key, &(out->ivOut), mode, inData->t.size, inData->t.buffer); } return result; } #endif // CC_EncryptDecryptgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/HMAC.c000066400000000000000000000104701510276467000272430ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "HMAC_fp.h" #if CC_HMAC // Conditional expansion of this file /*(See part 3 specification) // Compute HMAC on a data buffer */ // Return Type: TPM_RC // TPM_RC_ATTRIBUTES key referenced by 'handle' is a restricted key // TPM_RC_KEY 'handle' does not reference a signing key // TPM_RC_TYPE key referenced by 'handle' is not an HMAC key // TPM_RC_VALUE 'hashAlg' is not compatible with the hash algorithm // of the scheme of the object referenced by 'handle' TPM_RC TPM2_HMAC( HMAC_In *in, // IN: input parameter list HMAC_Out *out // OUT: output parameter list ) { HMAC_STATE hmacState; OBJECT *hmacObject; TPMI_ALG_HASH hashAlg; TPMT_PUBLIC *publicArea; // Input Validation // Get HMAC key object and public area pointers hmacObject = HandleToObject(in->handle); publicArea = &hmacObject->publicArea; // Make sure that the key is an HMAC key if(publicArea->type != TPM_ALG_KEYEDHASH) return TPM_RCS_TYPE + RC_HMAC_handle; // and that it is unrestricted if(IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, restricted)) return TPM_RCS_ATTRIBUTES + RC_HMAC_handle; // and that it is a signing key if(!IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, sign)) return TPM_RCS_KEY + RC_HMAC_handle; // See if the key has a default if(publicArea->parameters.keyedHashDetail.scheme.scheme == TPM_ALG_NULL) // it doesn't so use the input value hashAlg = in->hashAlg; else { // key has a default so use it hashAlg = publicArea->parameters.keyedHashDetail.scheme.details.hmac.hashAlg; // and verify that the input was either the TPM_ALG_NULL or the default if(in->hashAlg != TPM_ALG_NULL && in->hashAlg != hashAlg) hashAlg = TPM_ALG_NULL; } // if we ended up without a hash algorithm then return an error if(hashAlg == TPM_ALG_NULL) return TPM_RCS_VALUE + RC_HMAC_hashAlg; // Command Output // Start HMAC stack out->outHMAC.t.size = CryptHmacStart2B(&hmacState, hashAlg, &hmacObject->sensitive.sensitive.bits.b); // Adding HMAC data CryptDigestUpdate2B(&hmacState.hashState, &in->buffer.b); // Complete HMAC CryptHmacEnd2B(&hmacState, &out->outHMAC.b); return TPM_RC_SUCCESS; } #endif // CC_HMACgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/Hash.c000066400000000000000000000061331510276467000274170ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "Hash_fp.h" #if CC_Hash // Conditional expansion of this file /*(See part 3 specification) // Hash a data buffer */ TPM_RC TPM2_Hash( Hash_In *in, // IN: input parameter list Hash_Out *out // OUT: output parameter list ) { HASH_STATE hashState; // Command Output // Output hash // Start hash stack out->outHash.t.size = CryptHashStart(&hashState, in->hashAlg); // Adding hash data CryptDigestUpdate2B(&hashState, &in->data.b); // Complete hash CryptHashEnd2B(&hashState, &out->outHash.b); // Output ticket out->validation.tag = TPM_ST_HASHCHECK; out->validation.hierarchy = in->hierarchy; if(in->hierarchy == TPM_RH_NULL) { // Ticket is not required out->validation.hierarchy = TPM_RH_NULL; out->validation.digest.t.size = 0; } else if(in->data.t.size >= sizeof(TPM_GENERATED) && !TicketIsSafe(&in->data.b)) { // Ticket is not safe out->validation.hierarchy = TPM_RH_NULL; out->validation.digest.t.size = 0; } else { // Compute ticket TicketComputeHashCheck(in->hierarchy, in->hashAlg, &out->outHash, &out->validation); } return TPM_RC_SUCCESS; } #endif // CC_Hashgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Symmetric/MAC.c000066400000000000000000000102041510276467000271260ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "MAC_fp.h" #if CC_MAC // Conditional expansion of this file /*(See part 3 specification) // Compute MAC on a data buffer */ // Return Type: TPM_RC // TPM_RC_ATTRIBUTES key referenced by 'handle' is a restricted key // TPM_RC_KEY 'handle' does not reference a signing key // TPM_RC_TYPE key referenced by 'handle' is not an HMAC key // TPM_RC_VALUE 'hashAlg' is not compatible with the hash algorithm // of the scheme of the object referenced by 'handle' TPM_RC TPM2_MAC( MAC_In *in, // IN: input parameter list MAC_Out *out // OUT: output parameter list ) { OBJECT *keyObject; HMAC_STATE state; TPMT_PUBLIC *publicArea; TPM_RC result; // Input Validation // Get MAC key object and public area pointers keyObject = HandleToObject(in->handle); publicArea = &keyObject->publicArea; // If the key is not able to do a MAC, indicate that the handle selects an // object that can't do a MAC result = CryptSelectMac(publicArea, &in->inScheme); if(result == TPM_RCS_TYPE) return TPM_RCS_TYPE + RC_MAC_handle; // If there is another error type, indicate that the scheme and key are not // compatible if(result != TPM_RC_SUCCESS) return RcSafeAddToResult(result, RC_MAC_inScheme); // Make sure that the key is not restricted if(IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, restricted)) return TPM_RCS_ATTRIBUTES + RC_MAC_handle; // and that it is a signing key if(!IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, sign)) return TPM_RCS_KEY + RC_MAC_handle; // Command Output out->outMAC.t.size = CryptMacStart(&state, &publicArea->parameters, in->inScheme, &keyObject->sensitive.sensitive.any.b); // If the mac can't start, treat it as a fatal error if(out->outMAC.t.size == 0) return TPM_RC_FAILURE; CryptDigestUpdate2B(&state.hashState, &in->buffer.b); // If the MAC result is not what was expected, it is a fatal error if(CryptHmacEnd2B(&state, &out->outMAC.b) != out->outMAC.t.size) return TPM_RC_FAILURE; return TPM_RC_SUCCESS; } #endif // CC_MACgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Testing/000077500000000000000000000000001510276467000260265ustar00rootroot00000000000000go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Testing/GetTestResult.c000066400000000000000000000050241510276467000307510ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "GetTestResult_fp.h" #if CC_GetTestResult // Conditional expansion of this file /*(See part 3 specification) // returns manufacturer-specific information regarding the results of a self- // test and an indication of the test status. */ // In the reference implementation, this function is only reachable if the TPM is // not in failure mode meaning that all tests that have been run have completed // successfully. There is not test data and the test result is TPM_RC_SUCCESS. TPM_RC TPM2_GetTestResult( GetTestResult_Out *out // OUT: output parameter list ) { // Command Output // Call incremental self test function in crypt module out->testResult = CryptGetTestResult(&out->outData); return TPM_RC_SUCCESS; } #endif // CC_GetTestResultgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Testing/IncrementalSelfTest.c000066400000000000000000000054451510276467000321150ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "IncrementalSelfTest_fp.h" #if CC_IncrementalSelfTest // Conditional expansion of this file /*(See part 3 specification) // perform a test of selected algorithms */ // Return Type: TPM_RC // TPM_RC_CANCELED the command was canceled (some tests may have // completed) // TPM_RC_VALUE an algorithm in the toTest list is not implemented TPM_RC TPM2_IncrementalSelfTest( IncrementalSelfTest_In *in, // IN: input parameter list IncrementalSelfTest_Out *out // OUT: output parameter list ) { TPM_RC result; // Command Output // Call incremental self test function in crypt module. If this function // returns TPM_RC_VALUE, it means that an algorithm on the 'toTest' list is // not implemented. result = CryptIncrementalSelfTest(&in->toTest, &out->toDoList); if(result == TPM_RC_VALUE) return TPM_RCS_VALUE + RC_IncrementalSelfTest_toTest; return result; } #endif // CC_IncrementalSelfTestgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Testing/SelfTest.c000066400000000000000000000045261510276467000277320ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "SelfTest_fp.h" #if CC_SelfTest // Conditional expansion of this file /*(See part 3 specification) // perform a test of TPM capabilities */ // Return Type: TPM_RC // TPM_RC_CANCELED the command was canceled (some incremental // process may have been made) // TPM_RC_TESTING self test in process TPM_RC TPM2_SelfTest( SelfTest_In *in // IN: input parameter list ) { // Command Output // Call self test function in crypt module return CryptSelfTest(in->fullTest); } #endif // CC_SelfTestgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Vendor/000077500000000000000000000000001510276467000256465ustar00rootroot00000000000000go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/command/Vendor/Vendor_TCG_Test.c000066400000000000000000000041641510276467000307500ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #if CC_Vendor_TCG_Test // Conditional expansion of this file #include "Vendor_TCG_Test_fp.h" TPM_RC TPM2_Vendor_TCG_Test( Vendor_TCG_Test_In *in, // IN: input parameter list Vendor_TCG_Test_Out *out // OUT: output parameter list ) { out->outputData = in->inputData; return TPM_RC_SUCCESS; } #endif // CC_Vendor_TCG_Testgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/000077500000000000000000000000001510276467000241345ustar00rootroot00000000000000go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/AlgorithmTests.c000066400000000000000000001065641510276467000272650ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Introduction // This file contains the code to perform the various self-test functions. // // NOTE: In this implementation, large local variables are made static to minimize // stack usage, which is critical for stack-constrained platforms. //** Includes and Defines #include "Tpm.h" #define SELF_TEST_DATA #if SELF_TEST // These includes pull in the data structures. They contain data definitions for the // various tests. #include "SelfTest.h" #include "SymmetricTest.h" #include "RsaTestData.h" #include "EccTestData.h" #include "HashTestData.h" #include "KdfTestData.h" #define TEST_DEFAULT_TEST_HASH(vector) \ if(TEST_BIT(DEFAULT_TEST_HASH, g_toTest)) \ TestHash(DEFAULT_TEST_HASH, vector); // Make sure that the algorithm has been tested #define CLEAR_BOTH(alg) { CLEAR_BIT(alg, *toTest); \ if(toTest != &g_toTest) \ CLEAR_BIT(alg, g_toTest); } #define SET_BOTH(alg) { SET_BIT(alg, *toTest); \ if(toTest != &g_toTest) \ SET_BIT(alg, g_toTest); } #define TEST_BOTH(alg) ((toTest != &g_toTest) \ ? TEST_BIT(alg, *toTest) || TEST_BIT(alg, g_toTest) \ : TEST_BIT(alg, *toTest)) // Can only cancel if doing a list. #define CHECK_CANCELED \ if(_plat__IsCanceled() && toTest != &g_toTest) \ return TPM_RC_CANCELED; //** Hash Tests //*** Description // The hash test does a known-value HMAC using the specified hash algorithm. //*** TestHash() // The hash test function. static TPM_RC TestHash( TPM_ALG_ID hashAlg, ALGORITHM_VECTOR *toTest ) { static TPM2B_DIGEST computed; // value computed static HMAC_STATE state; UINT16 digestSize; const TPM2B *testDigest = NULL; // TPM2B_TYPE(HMAC_BLOCK, DEFAULT_TEST_HASH_BLOCK_SIZE); pAssert(hashAlg != ALG_NULL_VALUE); switch(hashAlg) { #if ALG_SHA1 case ALG_SHA1_VALUE: testDigest = &c_SHA1_digest.b; break; #endif #if ALG_SHA256 case ALG_SHA256_VALUE: testDigest = &c_SHA256_digest.b; break; #endif #if ALG_SHA384 case ALG_SHA384_VALUE: testDigest = &c_SHA384_digest.b; break; #endif #if ALG_SHA512 case ALG_SHA512_VALUE: testDigest = &c_SHA512_digest.b; break; #endif #if ALG_SM3_256 case ALG_SM3_256_VALUE: testDigest = &c_SM3_256_digest.b; break; #endif default: FAIL(FATAL_ERROR_INTERNAL); } // Clear the to-test bits CLEAR_BOTH(hashAlg); // Set the HMAC key to twice the digest size digestSize = CryptHashGetDigestSize(hashAlg); CryptHmacStart(&state, hashAlg, digestSize * 2, (BYTE *)c_hashTestKey.t.buffer); CryptDigestUpdate(&state.hashState, 2 * CryptHashGetBlockSize(hashAlg), (BYTE *)c_hashTestData.t.buffer); computed.t.size = digestSize; CryptHmacEnd(&state, digestSize, computed.t.buffer); if((testDigest->size != computed.t.size) || (memcmp(testDigest->buffer, computed.t.buffer, computed.b.size) != 0)) SELF_TEST_FAILURE; return TPM_RC_SUCCESS; } //** Symmetric Test Functions //*** MakeIv() // Internal function to make the appropriate IV depending on the mode. static UINT32 MakeIv( TPM_ALG_ID mode, // IN: symmetric mode UINT32 size, // IN: block size of the algorithm BYTE *iv // OUT: IV to fill in ) { BYTE i; if(mode == ALG_ECB_VALUE) return 0; if(mode == ALG_CTR_VALUE) { // The test uses an IV that has 0xff in the last byte for(i = 1; i <= size; i++) *iv++ = 0xff - (BYTE)(size - i); } else { for(i = 0; i < size; i++) *iv++ = i; } return size; } //*** TestSymmetricAlgorithm() // Function to test a specific algorithm, key size, and mode. static void TestSymmetricAlgorithm( const SYMMETRIC_TEST_VECTOR *test, // TPM_ALG_ID mode // ) { static BYTE encrypted[MAX_SYM_BLOCK_SIZE * 2]; static BYTE decrypted[MAX_SYM_BLOCK_SIZE * 2]; static TPM2B_IV iv; // // Get the appropriate IV iv.t.size = (UINT16)MakeIv(mode, test->ivSize, iv.t.buffer); // Encrypt known data CryptSymmetricEncrypt(encrypted, test->alg, test->keyBits, test->key, &iv, mode, test->dataInOutSize, test->dataIn); // Check that it matches the expected value if(!MemoryEqual(encrypted, test->dataOut[mode - ALG_CTR_VALUE], test->dataInOutSize)) SELF_TEST_FAILURE; // Reinitialize the iv for decryption MakeIv(mode, test->ivSize, iv.t.buffer); CryptSymmetricDecrypt(decrypted, test->alg, test->keyBits, test->key, &iv, mode, test->dataInOutSize, test->dataOut[mode - ALG_CTR_VALUE]); // Make sure that it matches what we started with if(!MemoryEqual(decrypted, test->dataIn, test->dataInOutSize)) SELF_TEST_FAILURE; } //*** AllSymsAreDone() // Checks if both symmetric algorithms have been tested. This is put here // so that addition of a symmetric algorithm will be relatively easy to handle // Return Type: BOOL // TRUE(1) all symmetric algorithms tested // FALSE(0) not all symmetric algorithms tested static BOOL AllSymsAreDone( ALGORITHM_VECTOR *toTest ) { return (!TEST_BOTH(ALG_AES_VALUE) && !TEST_BOTH(ALG_SM4_VALUE)); } //*** AllModesAreDone() // Checks if all the modes have been tested // Return Type: BOOL // TRUE(1) all modes tested // FALSE(0) all modes not tested static BOOL AllModesAreDone( ALGORITHM_VECTOR *toTest ) { TPM_ALG_ID alg; for(alg = TPM_SYM_MODE_FIRST; alg <= TPM_SYM_MODE_LAST; alg++) if(TEST_BOTH(alg)) return FALSE; return TRUE; } //*** TestSymmetric() // If 'alg' is a symmetric block cipher, then all of the modes that are selected are // tested. If 'alg' is a mode, then all algorithms of that mode are tested. static TPM_RC TestSymmetric( TPM_ALG_ID alg, ALGORITHM_VECTOR *toTest ) { SYM_INDEX index; TPM_ALG_ID mode; // if(!TEST_BIT(alg, *toTest)) return TPM_RC_SUCCESS; if(alg == ALG_AES_VALUE || alg == ALG_SM4_VALUE || alg == ALG_CAMELLIA_VALUE) { // Will test the algorithm for all modes and key sizes CLEAR_BOTH(alg); // A test this algorithm for all modes for(index = 0; index < NUM_SYMS; index++) { if(c_symTestValues[index].alg == alg) { for(mode = TPM_SYM_MODE_FIRST; mode <= TPM_SYM_MODE_LAST; mode++) { if(TEST_BIT(mode, *toTest)) TestSymmetricAlgorithm(&c_symTestValues[index], mode); } } } // if all the symmetric tests are done if(AllSymsAreDone(toTest)) { // all symmetric algorithms tested so no modes should be set for(alg = TPM_SYM_MODE_FIRST; alg <= TPM_SYM_MODE_LAST; alg++) CLEAR_BOTH(alg); } } else if(TPM_SYM_MODE_FIRST <= alg && alg <= TPM_SYM_MODE_LAST) { // Test this mode for all key sizes and algorithms for(index = 0; index < NUM_SYMS; index++) { // The mode testing only comes into play when doing self tests // by command. When doing self tests by command, the block ciphers are // tested first. That means that all of their modes would have been // tested for all key sizes. If there is no block cipher left to // test, then clear this mode bit. if(!TEST_BIT(ALG_AES_VALUE, *toTest) && !TEST_BIT(ALG_SM4_VALUE, *toTest)) { CLEAR_BOTH(alg); } else { for(index = 0; index < NUM_SYMS; index++) { if(TEST_BIT(c_symTestValues[index].alg, *toTest)) TestSymmetricAlgorithm(&c_symTestValues[index], alg); } // have tested this mode for all algorithms CLEAR_BOTH(alg); } } if(AllModesAreDone(toTest)) { CLEAR_BOTH(ALG_AES_VALUE); CLEAR_BOTH(ALG_SM4_VALUE); } } else pAssert(alg == 0 && alg != 0); return TPM_RC_SUCCESS; } //** RSA Tests #if ALG_RSA //*** Introduction // The tests are for public key only operations and for private key operations. // Signature verification and encryption are public key operations. They are tested // by using a KVT. For signature verification, this means that a known good // signature is checked by CryptRsaValidateSignature(). If it fails, then the // TPM enters failure mode. For encryption, the TPM encrypts known values using // the selected scheme and checks that the returned value matches the expected // value. // // For private key operations, a full scheme check is used. For a signing key, a // known key is used to sign a known message. Then that signature is verified. // since the signature may involve use of random values, the signature will be // different each time and we can't always check that the signature matches a // known value. The same technique is used for decryption (RSADP/RSAEP). // // When an operation uses the public key and the verification has not been // tested, the TPM will do a KVT. // // The test for the signing algorithm is built into the call for the algorithm //*** RsaKeyInitialize() // The test key is defined by a public modulus and a private prime. The TPM's RSA // code computes the second prime and the private exponent. static void RsaKeyInitialize( OBJECT *testObject ) { MemoryCopy2B(&testObject->publicArea.unique.rsa.b, (P2B)&c_rsaPublicModulus, sizeof(c_rsaPublicModulus)); MemoryCopy2B(&testObject->sensitive.sensitive.rsa.b, (P2B)&c_rsaPrivatePrime, sizeof(testObject->sensitive.sensitive.rsa.t.buffer)); testObject->publicArea.parameters.rsaDetail.keyBits = RSA_TEST_KEY_SIZE * 8; // Use the default exponent testObject->publicArea.parameters.rsaDetail.exponent = 0; } //*** TestRsaEncryptDecrypt() // These tests are for a public key encryption that uses a random value. static TPM_RC TestRsaEncryptDecrypt( TPM_ALG_ID scheme, // IN: the scheme ALGORITHM_VECTOR *toTest // ) { static TPM2B_PUBLIC_KEY_RSA testInput; static TPM2B_PUBLIC_KEY_RSA testOutput; static OBJECT testObject; const TPM2B_RSA_TEST_KEY *kvtValue = NULL; TPM_RC result = TPM_RC_SUCCESS; const TPM2B *testLabel = NULL; TPMT_RSA_DECRYPT rsaScheme; // // Don't need to initialize much of the test object RsaKeyInitialize(&testObject); rsaScheme.scheme = scheme; rsaScheme.details.anySig.hashAlg = DEFAULT_TEST_HASH; CLEAR_BOTH(scheme); CLEAR_BOTH(ALG_NULL_VALUE); if(scheme == ALG_NULL_VALUE) { // This is an encryption scheme using the private key without any encoding. memcpy(testInput.t.buffer, c_RsaTestValue, sizeof(c_RsaTestValue)); testInput.t.size = sizeof(c_RsaTestValue); if(TPM_RC_SUCCESS != CryptRsaEncrypt(&testOutput, &testInput.b, &testObject, &rsaScheme, NULL, NULL)) SELF_TEST_FAILURE; if(!MemoryEqual(testOutput.t.buffer, c_RsaepKvt.buffer, c_RsaepKvt.size)) SELF_TEST_FAILURE; MemoryCopy2B(&testInput.b, &testOutput.b, sizeof(testInput.t.buffer)); if(TPM_RC_SUCCESS != CryptRsaDecrypt(&testOutput.b, &testInput.b, &testObject, &rsaScheme, NULL)) SELF_TEST_FAILURE; if(!MemoryEqual(testOutput.t.buffer, c_RsaTestValue, sizeof(c_RsaTestValue))) SELF_TEST_FAILURE; } else { // ALG_RSAES_VALUE: // This is an decryption scheme using padding according to // PKCS#1v2.1, 7.2. This padding uses random bits. To test a public // key encryption that uses random data, encrypt a value and then // decrypt the value and see that we get the encrypted data back. // The hash is not used by this encryption so it can be TMP_ALG_NULL // ALG_OAEP_VALUE: // This is also an decryption scheme and it also uses a // pseudo-random // value. However, this also uses a hash algorithm. So, we may need // to test that algorithm before use. if(scheme == ALG_OAEP_VALUE) { TEST_DEFAULT_TEST_HASH(toTest); kvtValue = &c_OaepKvt; testLabel = OAEP_TEST_STRING; } else if(scheme == ALG_RSAES_VALUE) { kvtValue = &c_RsaesKvt; testLabel = NULL; } else SELF_TEST_FAILURE; // Only use a digest-size portion of the test value memcpy(testInput.t.buffer, c_RsaTestValue, DEFAULT_TEST_DIGEST_SIZE); testInput.t.size = DEFAULT_TEST_DIGEST_SIZE; // See if the encryption works if(TPM_RC_SUCCESS != CryptRsaEncrypt(&testOutput, &testInput.b, &testObject, &rsaScheme, testLabel, NULL)) SELF_TEST_FAILURE; MemoryCopy2B(&testInput.b, &testOutput.b, sizeof(testInput.t.buffer)); // see if we can decrypt this value and get the original data back if(TPM_RC_SUCCESS != CryptRsaDecrypt(&testOutput.b, &testInput.b, &testObject, &rsaScheme, testLabel)) SELF_TEST_FAILURE; // See if the results compare if(testOutput.t.size != DEFAULT_TEST_DIGEST_SIZE || !MemoryEqual(testOutput.t.buffer, c_RsaTestValue, DEFAULT_TEST_DIGEST_SIZE)) SELF_TEST_FAILURE; // Now check that the decryption works on a known value MemoryCopy2B(&testInput.b, (P2B)kvtValue, sizeof(testInput.t.buffer)); if(TPM_RC_SUCCESS != CryptRsaDecrypt(&testOutput.b, &testInput.b, &testObject, &rsaScheme, testLabel)) SELF_TEST_FAILURE; if(testOutput.t.size != DEFAULT_TEST_DIGEST_SIZE || !MemoryEqual(testOutput.t.buffer, c_RsaTestValue, DEFAULT_TEST_DIGEST_SIZE)) SELF_TEST_FAILURE; } return result; } //*** TestRsaSignAndVerify() // This function does the testing of the RSA sign and verification functions. This // test does a KVT. static TPM_RC TestRsaSignAndVerify( TPM_ALG_ID scheme, ALGORITHM_VECTOR *toTest ) { TPM_RC result = TPM_RC_SUCCESS; static OBJECT testObject; static TPM2B_DIGEST testDigest; static TPMT_SIGNATURE testSig; // Do a sign and signature verification. // RSASSA: // This is a signing scheme according to PKCS#1-v2.1 8.2. It does not // use random data so there is a KVT for the signing operation. On // first use of the scheme for signing, use the TPM's RSA key to // sign a portion of c_RsaTestData and compare the results to c_RsassaKvt. Then // decrypt the data to see that it matches the starting value. This verifies // the signature with a KVT // Clear the bits indicating that the function has not been checked. This is to // prevent looping CLEAR_BOTH(scheme); CLEAR_BOTH(ALG_NULL_VALUE); CLEAR_BOTH(ALG_RSA_VALUE); RsaKeyInitialize(&testObject); memcpy(testDigest.t.buffer, (BYTE *)c_RsaTestValue, DEFAULT_TEST_DIGEST_SIZE); testDigest.t.size = DEFAULT_TEST_DIGEST_SIZE; testSig.sigAlg = scheme; testSig.signature.rsapss.hash = DEFAULT_TEST_HASH; // RSAPSS: // This is a signing scheme a according to PKCS#1-v2.2 8.1 it uses // random data in the signature so there is no KVT for the signing // operation. To test signing, the TPM will use the TPM's RSA key // to sign a portion of c_RsaTestValue and then it will verify the // signature. For verification, c_RsapssKvt is verified before the // user signature blob is verified. The worst case for testing of this // algorithm is two private and one public key operation. // The process is to sign known data. If RSASSA is being done, verify that the // signature matches the precomputed value. For both, use the signed value and // see that the verification says that it is a good signature. Then // if testing RSAPSS, do a verify of a known good signature. This ensures that // the validation function works. if(TPM_RC_SUCCESS != CryptRsaSign(&testSig, &testObject, &testDigest, NULL)) SELF_TEST_FAILURE; // For RSASSA, make sure the results is what we are looking for if(testSig.sigAlg == ALG_RSASSA_VALUE) { if(testSig.signature.rsassa.sig.t.size != RSA_TEST_KEY_SIZE || !MemoryEqual(c_RsassaKvt.buffer, testSig.signature.rsassa.sig.t.buffer, RSA_TEST_KEY_SIZE)) SELF_TEST_FAILURE; } // See if the TPM will validate its own signatures if(TPM_RC_SUCCESS != CryptRsaValidateSignature(&testSig, &testObject, &testDigest)) SELF_TEST_FAILURE; // If this is RSAPSS, check the verification with known signature // Have to copy because CrytpRsaValidateSignature() eats the signature if(ALG_RSAPSS_VALUE == scheme) { MemoryCopy2B(&testSig.signature.rsapss.sig.b, (P2B)&c_RsapssKvt, sizeof(testSig.signature.rsapss.sig.t.buffer)); if(TPM_RC_SUCCESS != CryptRsaValidateSignature(&testSig, &testObject, &testDigest)) SELF_TEST_FAILURE; } return result; } //*** TestRSA() // Function uses the provided vector to indicate which tests to run. It will clear // the vector after each test is run and also clear g_toTest static TPM_RC TestRsa( TPM_ALG_ID alg, ALGORITHM_VECTOR *toTest ) { TPM_RC result = TPM_RC_SUCCESS; // switch(alg) { case ALG_NULL_VALUE: // This is the RSAEP/RSADP function. If we are processing a list, don't // need to test these now because any other test will validate // RSAEP/RSADP. Can tell this is list of test by checking to see if // 'toTest' is pointing at g_toTest. If so, this is an isolated test // an need to go ahead and do the test; if((toTest == &g_toTest) || (!TEST_BIT(ALG_RSASSA_VALUE, *toTest) && !TEST_BIT(ALG_RSAES_VALUE, *toTest) && !TEST_BIT(ALG_RSAPSS_VALUE, *toTest) && !TEST_BIT(ALG_OAEP_VALUE, *toTest))) // Not running a list of tests or no other tests on the list // so run the test now result = TestRsaEncryptDecrypt(alg, toTest); // if not running the test now, leave the bit on, just in case things // get interrupted break; case ALG_OAEP_VALUE: case ALG_RSAES_VALUE: result = TestRsaEncryptDecrypt(alg, toTest); break; case ALG_RSAPSS_VALUE: case ALG_RSASSA_VALUE: result = TestRsaSignAndVerify(alg, toTest); break; default: SELF_TEST_FAILURE; } return result; } #endif // ALG_RSA //** ECC Tests #if ALG_ECC //*** LoadEccParameter() // This function is mostly for readability and type checking static void LoadEccParameter( TPM2B_ECC_PARAMETER *to, // target const TPM2B_EC_TEST *from // source ) { MemoryCopy2B(&to->b, &from->b, sizeof(to->t.buffer)); } //*** LoadEccPoint() static void LoadEccPoint( TPMS_ECC_POINT *point, // target const TPM2B_EC_TEST *x, // source const TPM2B_EC_TEST *y ) { MemoryCopy2B(&point->x.b, (TPM2B *)x, sizeof(point->x.t.buffer)); MemoryCopy2B(&point->y.b, (TPM2B *)y, sizeof(point->y.t.buffer)); } //*** TestECDH() // This test does a KVT on a point multiply. static TPM_RC TestECDH( TPM_ALG_ID scheme, // IN: for consistency ALGORITHM_VECTOR *toTest // IN/OUT: modified after test is run ) { static TPMS_ECC_POINT Z; static TPMS_ECC_POINT Qe; static TPM2B_ECC_PARAMETER ds; TPM_RC result = TPM_RC_SUCCESS; // NOT_REFERENCED(scheme); CLEAR_BOTH(ALG_ECDH_VALUE); LoadEccParameter(&ds, &c_ecTestKey_ds); LoadEccPoint(&Qe, &c_ecTestKey_QeX, &c_ecTestKey_QeY); if(TPM_RC_SUCCESS != CryptEccPointMultiply(&Z, c_testCurve, &Qe, &ds, NULL, NULL)) SELF_TEST_FAILURE; if(!MemoryEqual2B(&c_ecTestEcdh_X.b, &Z.x.b) || !MemoryEqual2B(&c_ecTestEcdh_Y.b, &Z.y.b)) SELF_TEST_FAILURE; return result; } //*** TestEccSignAndVerify() static TPM_RC TestEccSignAndVerify( TPM_ALG_ID scheme, ALGORITHM_VECTOR *toTest ) { static OBJECT testObject; static TPMT_SIGNATURE testSig; static TPMT_ECC_SCHEME eccScheme; testSig.sigAlg = scheme; testSig.signature.ecdsa.hash = DEFAULT_TEST_HASH; eccScheme.scheme = scheme; eccScheme.details.anySig.hashAlg = DEFAULT_TEST_HASH; CLEAR_BOTH(scheme); CLEAR_BOTH(ALG_ECDH_VALUE); // ECC signature verification testing uses a KVT. switch(scheme) { case ALG_ECDSA_VALUE: LoadEccParameter(&testSig.signature.ecdsa.signatureR, &c_TestEcDsa_r); LoadEccParameter(&testSig.signature.ecdsa.signatureS, &c_TestEcDsa_s); break; case ALG_ECSCHNORR_VALUE: LoadEccParameter(&testSig.signature.ecschnorr.signatureR, &c_TestEcSchnorr_r); LoadEccParameter(&testSig.signature.ecschnorr.signatureS, &c_TestEcSchnorr_s); break; case ALG_SM2_VALUE: // don't have a test for SM2 return TPM_RC_SUCCESS; default: SELF_TEST_FAILURE; break; } TEST_DEFAULT_TEST_HASH(toTest); // Have to copy the key. This is because the size used in the test vectors // is the size of the ECC parameter for the test key while the size of a point // is TPM dependent MemoryCopy2B(&testObject.sensitive.sensitive.ecc.b, &c_ecTestKey_ds.b, sizeof(testObject.sensitive.sensitive.ecc.t.buffer)); LoadEccPoint(&testObject.publicArea.unique.ecc, &c_ecTestKey_QsX, &c_ecTestKey_QsY); testObject.publicArea.parameters.eccDetail.curveID = c_testCurve; if(TPM_RC_SUCCESS != CryptEccValidateSignature(&testSig, &testObject, (TPM2B_DIGEST *)&c_ecTestValue.b)) { SELF_TEST_FAILURE; } CHECK_CANCELED; // Now sign and verify some data if(TPM_RC_SUCCESS != CryptEccSign(&testSig, &testObject, (TPM2B_DIGEST *)&c_ecTestValue, &eccScheme, NULL)) SELF_TEST_FAILURE; CHECK_CANCELED; if(TPM_RC_SUCCESS != CryptEccValidateSignature(&testSig, &testObject, (TPM2B_DIGEST *)&c_ecTestValue)) SELF_TEST_FAILURE; CHECK_CANCELED; return TPM_RC_SUCCESS; } //*** TestKDFa() static TPM_RC TestKDFa( ALGORITHM_VECTOR *toTest ) { static TPM2B_KDF_TEST_KEY keyOut; UINT32 counter = 0; // CLEAR_BOTH(ALG_KDF1_SP800_108_VALUE); keyOut.t.size = CryptKDFa(KDF_TEST_ALG, &c_kdfTestKeyIn.b, &c_kdfTestLabel.b, &c_kdfTestContextU.b, &c_kdfTestContextV.b, TEST_KDF_KEY_SIZE * 8, keyOut.t.buffer, &counter, FALSE); if ( keyOut.t.size != TEST_KDF_KEY_SIZE || !MemoryEqual(keyOut.t.buffer, c_kdfTestKeyOut.t.buffer, TEST_KDF_KEY_SIZE)) SELF_TEST_FAILURE; return TPM_RC_SUCCESS; } //*** TestEcc() static TPM_RC TestEcc( TPM_ALG_ID alg, ALGORITHM_VECTOR *toTest ) { TPM_RC result = TPM_RC_SUCCESS; NOT_REFERENCED(toTest); switch(alg) { case ALG_ECC_VALUE: case ALG_ECDH_VALUE: // If this is in a loop then see if another test is going to deal with // this. // If toTest is not a self-test list if((toTest == &g_toTest) // or this is the only ECC test in the list || !(TEST_BIT(ALG_ECDSA_VALUE, *toTest) || TEST_BIT(ALG_ECSCHNORR, *toTest) || TEST_BIT(ALG_SM2_VALUE, *toTest))) { result = TestECDH(alg, toTest); } break; case ALG_ECDSA_VALUE: case ALG_ECSCHNORR_VALUE: case ALG_SM2_VALUE: result = TestEccSignAndVerify(alg, toTest); break; default: SELF_TEST_FAILURE; break; } return result; } #endif // ALG_ECC //*** TestAlgorithm() // Dispatches to the correct test function for the algorithm or gets a list of // testable algorithms. // // If 'toTest' is not NULL, then the test decisions are based on the algorithm // selections in 'toTest'. Otherwise, 'g_toTest' is used. When bits are clear in // 'g_toTest' they will also be cleared 'toTest'. // // If there doesn't happen to be a test for the algorithm, its associated bit is // quietly cleared. // // If 'alg' is zero (TPM_ALG_ERROR), then the toTest vector is cleared of any bits // for which there is no test (i.e. no tests are actually run but the vector is // cleared). // // Note: 'toTest' will only ever have bits set for implemented algorithms but 'alg' // can be anything. // Return Type: TPM_RC // TPM_RC_CANCELED test was canceled LIB_EXPORT TPM_RC TestAlgorithm( TPM_ALG_ID alg, ALGORITHM_VECTOR *toTest ) { TPM_ALG_ID first = (alg == ALG_ERROR_VALUE) ? ALG_FIRST_VALUE : alg; TPM_ALG_ID last = (alg == ALG_ERROR_VALUE) ? ALG_LAST_VALUE : alg; BOOL doTest = (alg != ALG_ERROR_VALUE); TPM_RC result = TPM_RC_SUCCESS; if(toTest == NULL) toTest = &g_toTest; // This is kind of strange. This function will either run a test of the selected // algorithm or just clear a bit if there is no test for the algorithm. So, // either this loop will be executed once for the selected algorithm or once for // each of the possible algorithms. If it is executed more than once ('alg' == // ALG_ERROR), then no test will be run but bits will be cleared for // unimplemented algorithms. This was done this way so that there is only one // case statement with all of the algorithms. It was easier to have one case // statement than to have multiple ones to manage whenever an algorithm ID is // added. for(alg = first; (alg <= last); alg++) { // if 'alg' was TPM_ALG_ERROR, then we will be cycling through // values, some of which may not be implemented. If the bit in toTest // happens to be set, then we could either generated an assert, or just // silently CLEAR it. Decided to just clear. if(!TEST_BIT(alg, g_implementedAlgorithms)) { CLEAR_BIT(alg, *toTest); continue; } // Process whatever is left. // NOTE: since this switch will only be called if the algorithm is // implemented, it is not necessary to modify this list except to comment // out the algorithms for which there is no test switch(alg) { // Symmetric block ciphers #if ALG_AES case ALG_AES_VALUE: #endif // ALG_AES #if ALG_SM4 // if SM4 is implemented, its test is like other block ciphers but there // aren't any test vectors for it yet // case ALG_SM4_VALUE: #endif // ALG_SM4 #if ALG_CAMELLIA // no test vectors for camellia // case ALG_CAMELLIA_VALUE: #endif // Symmetric modes #if !ALG_CFB # error CFB is required in all TPM implementations #endif // !ALG_CFB case ALG_CFB_VALUE: if(doTest) result = TestSymmetric(alg, toTest); break; #if ALG_CTR case ALG_CTR_VALUE: #endif // ALG_CRT #if ALG_OFB case ALG_OFB_VALUE: #endif // ALG_OFB #if ALG_CBC case ALG_CBC_VALUE: #endif // ALG_CBC #if ALG_ECB case ALG_ECB_VALUE: #endif if(doTest) result = TestSymmetric(alg, toTest); else // If doing the initialization of g_toTest vector, only need // to test one of the modes for the symmetric algorithms. If // initializing for a SelfTest(FULL_TEST), allow all the modes. if(toTest == &g_toTest) CLEAR_BIT(alg, *toTest); break; #if !ALG_HMAC # error HMAC is required in all TPM implementations #endif case ALG_HMAC_VALUE: // Clear the bit that indicates that HMAC is required because // HMAC is used as the basic test for all hash algorithms. CLEAR_BOTH(alg); // Testing HMAC means test the default hash if(doTest) TestHash(DEFAULT_TEST_HASH, toTest); else // If not testing, then indicate that the hash needs to be // tested because this uses HMAC SET_BOTH(DEFAULT_TEST_HASH); break; #if ALG_SHA1 case ALG_SHA1_VALUE: #endif // ALG_SHA1 #if ALG_SHA256 case ALG_SHA256_VALUE: #endif // ALG_SHA256 #if ALG_SHA384 case ALG_SHA384_VALUE: #endif // ALG_SHA384 #if ALG_SHA512 case ALG_SHA512_VALUE: #endif // ALG_SHA512 // if SM3 is implemented its test is like any other hash, but there // aren't any test vectors yet. #if ALG_SM3_256 // case ALG_SM3_256_VALUE: #endif // ALG_SM3_256 if(doTest) result = TestHash(alg, toTest); break; // RSA-dependent #if ALG_RSA case ALG_RSA_VALUE: CLEAR_BOTH(alg); if(doTest) result = TestRsa(ALG_NULL_VALUE, toTest); else SET_BOTH(ALG_NULL_VALUE); break; case ALG_RSASSA_VALUE: case ALG_RSAES_VALUE: case ALG_RSAPSS_VALUE: case ALG_OAEP_VALUE: case ALG_NULL_VALUE: // used or RSADP if(doTest) result = TestRsa(alg, toTest); break; #endif // ALG_RSA #if ALG_KDF1_SP800_108 case ALG_KDF1_SP800_108_VALUE: if(doTest) result = TestKDFa(toTest); break; #endif // ALG_KDF1_SP800_108 #if ALG_ECC // ECC dependent but no tests // case ALG_ECDAA_VALUE: // case ALG_ECMQV_VALUE: // case ALG_KDF1_SP800_56a_VALUE: // case ALG_KDF2_VALUE: // case ALG_MGF1_VALUE: case ALG_ECC_VALUE: CLEAR_BOTH(alg); if(doTest) result = TestEcc(ALG_ECDH_VALUE, toTest); else SET_BOTH(ALG_ECDH_VALUE); break; case ALG_ECDSA_VALUE: case ALG_ECDH_VALUE: case ALG_ECSCHNORR_VALUE: // case ALG_SM2_VALUE: if(doTest) result = TestEcc(alg, toTest); break; #endif // ALG_ECC default: CLEAR_BIT(alg, *toTest); break; } if(result != TPM_RC_SUCCESS) break; } return result; } #endif // SELF_TESTSgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/BnConvert.c000066400000000000000000000243501510276467000262040ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Introduction // This file contains the basic conversion functions that will convert TPM2B // to/from the internal format. The internal format is a bigNum, // //** Includes #include "Tpm.h" //** Functions //*** BnFromBytes() // This function will convert a big-endian byte array to the internal number // format. If bn is NULL, then the output is NULL. If bytes is null or the // required size is 0, then the output is set to zero LIB_EXPORT bigNum BnFromBytes( bigNum bn, const BYTE *bytes, NUMBYTES nBytes ) { const BYTE *pFrom; // 'p' points to the least significant bytes of source BYTE *pTo; // points to least significant bytes of destination crypt_uword_t size; // size = (bytes != NULL) ? BYTES_TO_CRYPT_WORDS(nBytes) : 0; // If nothing in, nothing out if(bn == NULL) return NULL; // make sure things fit pAssert(BnGetAllocated(bn) >= size); if(size > 0) { // Clear the topmost word in case it is not filled with data bn->d[size - 1] = 0; // Moving the input bytes from the end of the list (LSB) end pFrom = bytes + nBytes - 1; // To the LS0 of the LSW of the bigNum. pTo = (BYTE *)bn->d; for(; nBytes != 0; nBytes--) *pTo++ = *pFrom--; // For a little-endian machine, the conversion is a straight byte // reversal. For a big-endian machine, we have to put the words in // big-endian byte order #if BIG_ENDIAN_TPM { crypt_word_t t; for(t = (crypt_word_t)size - 1; t >= 0; t--) bn->d[t] = SWAP_CRYPT_WORD(bn->d[t]); } #endif } BnSetTop(bn, size); return bn; } //*** BnFrom2B() // Convert an TPM2B to a BIG_NUM. // If the input value does not exist, or the output does not exist, or the input // will not fit into the output the function returns NULL LIB_EXPORT bigNum BnFrom2B( bigNum bn, // OUT: const TPM2B *a2B // IN: number to convert ) { if(a2B != NULL) return BnFromBytes(bn, a2B->buffer, a2B->size); // Make sure that the number has an initialized value rather than whatever // was there before BnSetTop(bn, 0); // Function accepts NULL return NULL; } //*** BnFromHex() // Convert a hex string into a bigNum. This is primarily used in debugging. LIB_EXPORT bigNum BnFromHex( bigNum bn, // OUT: const char *hex // IN: ) { #define FromHex(a) ((a) - (((a) > 'a') ? ('a' + 10) \ : ((a) > 'A') ? ('A' - 10) : '0')) unsigned i; unsigned wordCount; const char *p; BYTE *d = (BYTE *)&(bn->d[0]); // pAssert(bn && hex); i = (unsigned)strlen(hex); wordCount = BYTES_TO_CRYPT_WORDS((i + 1) / 2); if((i == 0) || (wordCount >= BnGetAllocated(bn))) BnSetWord(bn, 0); else { bn->d[wordCount - 1] = 0; p = hex + i - 1; for(;i > 1; i -= 2) { BYTE a; a = FromHex(*p); p--; *d++ = a + (FromHex(*p) << 4); p--; } if(i == 1) *d = FromHex(*p); } #if !BIG_ENDIAN_TPM for(i = 0; i < wordCount; i++) bn->d[i] = SWAP_CRYPT_WORD(bn->d[i]); #endif // BIG_ENDIAN_TPM BnSetTop(bn, wordCount); return bn; } //*** BnToBytes() // This function converts a BIG_NUM to a byte array. It converts the bigNum to a // big-endian byte string and sets 'size' to the normalized value. If 'size' is an // input 0, then the receiving buffer is guaranteed to be large enough for the result // and the size will be set to the size required for bigNum (leading zeros // suppressed). // // The conversion for a little-endian machine simply requires that all significant // bytes of the bigNum be reversed. For a big-endian machine, rather than // unpack each word individually, the bigNum is converted to little-endian words, // copied, and then converted back to big-endian. LIB_EXPORT BOOL BnToBytes( bigConst bn, BYTE *buffer, NUMBYTES *size // This the number of bytes that are // available in the buffer. The result // should be this big. ) { crypt_uword_t requiredSize; BYTE *pFrom; BYTE *pTo; crypt_uword_t count; // // validate inputs pAssert(bn && buffer && size); requiredSize = (BnSizeInBits(bn) + 7) / 8; if(requiredSize == 0) { // If the input value is 0, return a byte of zero *size = 1; *buffer = 0; } else { #if BIG_ENDIAN_TPM // Copy the constant input value into a modifiable value BN_VAR(bnL, LARGEST_NUMBER_BITS * 2); BnCopy(bnL, bn); // byte swap the words in the local value to make them little-endian for(count = 0; count < bnL->size; count++) bnL->d[count] = SWAP_CRYPT_WORD(bnL->d[count]); bn = (bigConst)bnL; #endif if(*size == 0) *size = (NUMBYTES)requiredSize; pAssert(requiredSize <= *size); // Byte swap the number (not words but the whole value) count = *size; // Start from the least significant word and offset to the most significant // byte which is in some high word pFrom = (BYTE *)(&bn->d[0]) + requiredSize - 1; pTo = buffer; // If the number of output bytes is larger than the number bytes required // for the input number, pad with zeros for(count = *size; count > requiredSize; count--) *pTo++ = 0; // Move the most significant byte at the end of the BigNum to the next most // significant byte position of the 2B and repeat for all significant bytes. for(; requiredSize > 0; requiredSize--) *pTo++ = *pFrom--; } return TRUE; } //*** BnTo2B() // Function to convert a BIG_NUM to TPM2B. // The TPM2B size is set to the requested 'size' which may require padding. // If 'size' is non-zero and less than required by the value in 'bn' then an error // is returned. If 'size' is zero, then the TPM2B is assumed to be large enough // for the data and a2b->size will be adjusted accordingly. LIB_EXPORT BOOL BnTo2B( bigConst bn, // IN: TPM2B *a2B, // OUT: NUMBYTES size // IN: the desired size ) { // Set the output size if(bn && a2B) { a2B->size = size; return BnToBytes(bn, a2B->buffer, &a2B->size); } return FALSE; } #if ALG_ECC //*** BnPointFrom2B() // Function to create a BIG_POINT structure from a 2B point. // A point is going to be two ECC values in the same buffer. The values are going // to be the size of the modulus. They are in modular form. LIB_EXPORT bn_point_t * BnPointFrom2B( bigPoint ecP, // OUT: the preallocated point structure TPMS_ECC_POINT *p // IN: the number to convert ) { if(p == NULL) return NULL; if(NULL != ecP) { BnFrom2B(ecP->x, &p->x.b); BnFrom2B(ecP->y, &p->y.b); BnSetWord(ecP->z, 1); } return ecP; } //*** BnPointTo2B() // This function converts a BIG_POINT into a TPMS_ECC_POINT. A TPMS_ECC_POINT // contains two TPM2B_ECC_PARAMETER values. The maximum size of the parameters // is dependent on the maximum EC key size used in an implementation. // The presumption is that the TPMS_ECC_POINT is large enough to hold 2 TPM2B // values, each as large as a MAX_ECC_PARAMETER_BYTES LIB_EXPORT BOOL BnPointTo2B( TPMS_ECC_POINT *p, // OUT: the converted 2B structure bigPoint ecP, // IN: the values to be converted bigCurve E // IN: curve descriptor for the point ) { UINT16 size; // pAssert(p && ecP && E); pAssert(BnEqualWord(ecP->z, 1)); // BnMsb is the bit number of the MSB. This is one less than the number of bits size = (UINT16)BITS_TO_BYTES(BnSizeInBits(CurveGetOrder(AccessCurveData(E)))); BnTo2B(ecP->x, &p->x.b, size); BnTo2B(ecP->y, &p->y.b, size); return TRUE; } #endif // ALG_ECCgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/BnMath.c000066400000000000000000000454511510276467000254620ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Introduction // The simulator code uses the canonical form whenever possible in order to make // the code in Part 3 more accessible. The canonical data formats are simple and // not well suited for complex big number computations. When operating on big // numbers, the data format is changed for easier manipulation. The format is native // words in little-endian format. As the magnitude of the number decreases, the // length of the array containing the number decreases but the starting address // doesn't change. // // The functions in this file perform simple operations on these big numbers. Only // the more complex operations are passed to the underlying support library. // Although the support library would have most of these functions, the interface // code to convert the format for the values is greater than the size of the // code to implement the functions here. So, rather than incur the overhead of // conversion, they are done here. // // If an implementer would prefer, the underlying library can be used simply by // making code substitutions here. // // NOTE: There is an intention to continue to augment these functions so that there // would be no need to use an external big number library. // // Many of these functions have no error returns and will always return TRUE. This // is to allow them to be used in "guarded" sequences. That is: // OK = OK || BnSomething(s); // where the BnSomething function should not be called if OK isn't true. //** Includes #include "Tpm.h" // A constant value of zero as a stand in for NULL bigNum values const bignum_t BnConstZero = {1, 0, {0}}; //** Functions //*** AddSame() // Adds two values that are the same size. This function allows 'result' to be // the same as either of the addends. This is a nice function to put into assembly // because handling the carry for multi-precision stuff is not as easy in C // (unless there is a REALLY smart compiler). It would be nice if there were idioms // in a language that a compiler could recognize what is going on and optimize // loops like this. // Return Type: int // 0 no carry out // 1 carry out static BOOL AddSame( crypt_uword_t *result, const crypt_uword_t *op1, const crypt_uword_t *op2, int count ) { int carry = 0; int i; for(i = 0; i < count; i++) { crypt_uword_t a = op1[i]; crypt_uword_t sum = a + op2[i]; result[i] = sum + carry; // generate a carry if the sum is less than either of the inputs // propagate a carry if there was a carry and the sum + carry is zero // do this using bit operations rather than logical operations so that // the time is about the same. // propagate term | generate term carry = ((result[i] == 0) & carry) | (sum < a); } return carry; } //*** CarryProp() // Propagate a carry static int CarryProp( crypt_uword_t *result, const crypt_uword_t *op, int count, int carry ) { for(; count; count--) carry = ((*result++ = *op++ + carry) == 0) & carry; return carry; } static void CarryResolve( bigNum result, int stop, int carry ) { if(carry) { pAssert((unsigned)stop < result->allocated); result->d[stop++] = 1; } BnSetTop(result, stop); } //*** BnAdd() // This function adds two bigNum values. This function always returns TRUE. LIB_EXPORT BOOL BnAdd( bigNum result, bigConst op1, bigConst op2 ) { crypt_uword_t stop; int carry; const bignum_t *n1 = op1; const bignum_t *n2 = op2; // if(n2->size > n1->size) { n1 = op2; n2 = op1; } pAssert(result->allocated >= n1->size); stop = MIN(n1->size, n2->allocated); carry = (int)AddSame(result->d, n1->d, n2->d, (int)stop); if(n1->size > stop) carry = CarryProp(&result->d[stop], &n1->d[stop], (int)(n1->size - stop), carry); CarryResolve(result, (int)n1->size, carry); return TRUE; } //*** BnAddWord() // This function adds a word value to a bigNum. This function always returns TRUE. LIB_EXPORT BOOL BnAddWord( bigNum result, bigConst op, crypt_uword_t word ) { int carry; // carry = (result->d[0] = op->d[0] + word) < word; carry = CarryProp(&result->d[1], &op->d[1], (int)(op->size - 1), carry); CarryResolve(result, (int)op->size, carry); return TRUE; } //*** SubSame() // This function subtracts two values that have the same size. static int SubSame( crypt_uword_t *result, const crypt_uword_t *op1, const crypt_uword_t *op2, int count ) { int borrow = 0; int i; for(i = 0; i < count; i++) { crypt_uword_t a = op1[i]; crypt_uword_t diff = a - op2[i]; result[i] = diff - borrow; // generate | propagate borrow = (diff > a) | ((diff == 0) & borrow); } return borrow; } //*** BorrowProp() // This propagates a borrow. If borrow is true when the end // of the array is reached, then it means that op2 was larger than // op1 and we don't handle that case so an assert is generated. // This design choice was made because our only bigNum computations // are on large positive numbers (primes) or on fields. // Propagate a borrow. static int BorrowProp( crypt_uword_t *result, const crypt_uword_t *op, int size, int borrow ) { for(; size > 0; size--) borrow = ((*result++ = *op++ - borrow) == MAX_CRYPT_UWORD) && borrow; return borrow; } //*** BnSub() // This function does subtraction of two bigNum values and returns result = op1 - op2 // when op1 is greater than op2. If op2 is greater than op1, then a fault is // generated. This function always returns TRUE. LIB_EXPORT BOOL BnSub( bigNum result, bigConst op1, bigConst op2 ) { int borrow; int stop = (int)MIN(op1->size, op2->allocated); // // Make sure that op2 is not obviously larger than op1 pAssert(op1->size >= op2->size); borrow = SubSame(result->d, op1->d, op2->d, stop); if(op1->size > (crypt_uword_t)stop) borrow = BorrowProp(&result->d[stop], &op1->d[stop], (int)(op1->size - stop), borrow); pAssert(!borrow); BnSetTop(result, op1->size); return TRUE; } //*** BnSubWord() // This function subtracts a word value from a bigNum. This function always // returns TRUE. LIB_EXPORT BOOL BnSubWord( bigNum result, bigConst op, crypt_uword_t word ) { int borrow; // pAssert(op->size > 1 || word <= op->d[0]); borrow = word > op->d[0]; result->d[0] = op->d[0] - word; borrow = BorrowProp(&result->d[1], &op->d[1], (int)(op->size - 1), borrow); pAssert(!borrow); BnSetTop(result, op->size); return TRUE; } //*** BnUnsignedCmp() // This function performs a comparison of op1 to op2. The compare is approximately // constant time if the size of the values used in the compare is consistent // across calls (from the same line in the calling code). // Return Type: int // < 0 op1 is less than op2 // 0 op1 is equal to op2 // > 0 op1 is greater than op2 LIB_EXPORT int BnUnsignedCmp( bigConst op1, bigConst op2 ) { int retVal; int diff; int i; // pAssert((op1 != NULL) && (op2 != NULL)); retVal = (int)(op1->size - op2->size); if(retVal == 0) { for(i = (int)(op1->size - 1); i >= 0; i--) { diff = (op1->d[i] < op2->d[i]) ? -1 : (op1->d[i] != op2->d[i]); retVal = retVal == 0 ? diff : retVal; } } else retVal = (retVal < 0) ? -1 : 1; return retVal; } //*** BnUnsignedCmpWord() // Compare a bigNum to a crypt_uword_t. // Return Type: int // -1 op1 is less that word // 0 op1 is equal to word // 1 op1 is greater than word LIB_EXPORT int BnUnsignedCmpWord( bigConst op1, crypt_uword_t word ) { if(op1->size > 1) return 1; else if(op1->size == 1) return (op1->d[0] < word) ? -1 : (op1->d[0] > word); else // op1 is zero // equal if word is zero return (word == 0) ? 0 : -1; } //*** BnModWord() // This function does modular division of a big number when the modulus is a // word value. LIB_EXPORT crypt_word_t BnModWord( bigConst numerator, crypt_word_t modulus ) { BN_MAX(remainder); BN_VAR(mod, RADIX_BITS); // mod->d[0] = modulus; mod->size = (modulus != 0); BnDiv(NULL, remainder, numerator, mod); return remainder->d[0]; } //*** Msb() // This function returns the bit number of the most significant bit of a // crypt_uword_t. The number for the least significant bit of any bigNum value is 0. // The maximum return value is RADIX_BITS - 1, // Return Type: int // -1 the word was zero // n the bit number of the most significant bit in the word LIB_EXPORT int Msb( crypt_uword_t word ) { int retVal = -1; // #if RADIX_BITS == 64 if(word & 0xffffffff00000000) { retVal += 32; word >>= 32; } #endif if(word & 0xffff0000) { retVal += 16; word >>= 16; } if(word & 0x0000ff00) { retVal += 8; word >>= 8; } if(word & 0x000000f0) { retVal += 4; word >>= 4; } if(word & 0x0000000c) { retVal += 2; word >>= 2; } if(word & 0x00000002) { retVal += 1; word >>= 1; } return retVal + (int)word; } //*** BnMsb() // This function returns the number of the MSb of a bigNum value. // Return Type: int // -1 the word was zero or 'bn' was NULL // n the bit number of the most significant bit in the word LIB_EXPORT int BnMsb( bigConst bn ) { // If the value is NULL, or the size is zero then treat as zero and return -1 if(bn != NULL && bn->size > 0) { int retVal = Msb(bn->d[bn->size - 1]); retVal += (int)(bn->size - 1) * RADIX_BITS; return retVal; } else return -1; } //*** BnSizeInBits() // This function returns the number of bits required to hold a number. It is one // greater than the Msb. // LIB_EXPORT unsigned BnSizeInBits( bigConst n ) { int bits = BnMsb(n) + 1; // return bits < 0? 0 : (unsigned)bits; } //*** BnSetWord() // Change the value of a bignum_t to a word value. LIB_EXPORT bigNum BnSetWord( bigNum n, crypt_uword_t w ) { if(n != NULL) { pAssert(n->allocated > 1); n->d[0] = w; BnSetTop(n, (w != 0) ? 1 : 0); } return n; } //*** BnSetBit() // This function will SET a bit in a bigNum. Bit 0 is the least-significant bit in // the 0th digit_t. The function always return TRUE LIB_EXPORT BOOL BnSetBit( bigNum bn, // IN/OUT: big number to modify unsigned int bitNum // IN: Bit number to SET ) { crypt_uword_t offset = bitNum / RADIX_BITS; pAssert(bn->allocated * RADIX_BITS >= bitNum); // Grow the number if necessary to set the bit. while(bn->size <= offset) bn->d[bn->size++] = 0; bn->d[offset] |= ((crypt_uword_t)1 << RADIX_MOD(bitNum)); return TRUE; } //*** BnTestBit() // This function is used to check to see if a bit is SET in a bignum_t. The 0th bit // is the LSb of d[0]. // Return Type: BOOL // TRUE(1) the bit is set // FALSE(0) the bit is not set or the number is out of range LIB_EXPORT BOOL BnTestBit( bigNum bn, // IN: number to check unsigned int bitNum // IN: bit to test ) { crypt_uword_t offset = RADIX_DIV(bitNum); // if(bn->size > offset) return ((bn->d[offset] & (((crypt_uword_t)1) << RADIX_MOD(bitNum))) != 0); else return FALSE; } //***BnMaskBits() // This function is used to mask off high order bits of a big number. // The returned value will have no more than 'maskBit' bits // set. // Note: There is a requirement that unused words of a bignum_t are set to zero. // Return Type: BOOL // TRUE(1) result masked // FALSE(0) the input was not as large as the mask LIB_EXPORT BOOL BnMaskBits( bigNum bn, // IN/OUT: number to mask crypt_uword_t maskBit // IN: the bit number for the mask. ) { crypt_uword_t finalSize; BOOL retVal; finalSize = BITS_TO_CRYPT_WORDS(maskBit); retVal = (finalSize <= bn->allocated); if(retVal && (finalSize > 0)) { crypt_uword_t mask; mask = ~((crypt_uword_t)0) >> RADIX_MOD(maskBit); bn->d[finalSize - 1] &= mask; } BnSetTop(bn, finalSize); return retVal; } //*** BnShiftRight() // This function will shift a bigNum to the right by the shiftAmount. // This function always returns TRUE. LIB_EXPORT BOOL BnShiftRight( bigNum result, bigConst toShift, uint32_t shiftAmount ) { uint32_t offset = (shiftAmount >> RADIX_LOG2); uint32_t i; uint32_t shiftIn; crypt_uword_t finalSize; // shiftAmount = shiftAmount & RADIX_MASK; shiftIn = RADIX_BITS - shiftAmount; // The end size is toShift->size - offset less one additional // word if the shiftAmount would make the upper word == 0 if(toShift->size > offset) { finalSize = toShift->size - offset; finalSize -= (toShift->d[toShift->size - 1] >> shiftAmount) == 0 ? 1 : 0; } else finalSize = 0; pAssert(finalSize <= result->allocated); if(finalSize != 0) { for(i = 0; i < finalSize; i++) { result->d[i] = (toShift->d[i + offset] >> shiftAmount) | (toShift->d[i + offset + 1] << shiftIn); } if(offset == 0) result->d[i] = toShift->d[i] >> shiftAmount; } BnSetTop(result, finalSize); return TRUE; } //*** BnGetRandomBits() // This function gets random bits for use in various places. To make sure that the // number is generated in a portable format, it is created as a TPM2B and then // converted to the internal format. // // One consequence of the generation scheme is that, if the number of bits requested // is not a multiple of 8, then the high-order bits are set to zero. This would come // into play when generating a 521-bit ECC key. A 66-byte (528-bit) value is // generated an the high order 7 bits are masked off (CLEAR). // Return Type: BOOL // TRUE(1) success // FALSE(0) failure LIB_EXPORT BOOL BnGetRandomBits( bigNum n, size_t bits, RAND_STATE *rand ) { // Since this could be used for ECC key generation using the extra bits method, // make sure that the value is large enough TPM2B_TYPE(LARGEST, LARGEST_NUMBER + 8); TPM2B_LARGEST large; // large.b.size = (UINT16)BITS_TO_BYTES(bits); if(DRBG_Generate(rand, large.t.buffer, large.t.size) == large.t.size) { if(BnFrom2B(n, &large.b) != NULL) { if(BnMaskBits(n, bits)) return TRUE; } } return FALSE; } //*** BnGenerateRandomInRange() // This function is used to generate a random number r in the range 1 <= r < limit. // The function gets a random number of bits that is the size of limit. There is some // some probability that the returned number is going to be greater than or equal // to the limit. If it is, try again. There is no more than 50% chance that the // next number is also greater, so try again. We keep trying until we get a // value that meets the criteria. Since limit is very often a number with a LOT of // high order ones, this rarely would need a second try. // Return Type: BOOL // TRUE(1) success // FALSE(0) failure ('limit' is too small) LIB_EXPORT BOOL BnGenerateRandomInRange( bigNum dest, bigConst limit, RAND_STATE *rand ) { size_t bits = BnSizeInBits(limit); // if(bits < 2) { BnSetWord(dest, 0); return FALSE; } else { while(BnGetRandomBits(dest, bits, rand) && (BnEqualZero(dest) || (BnUnsignedCmp(dest, limit) >= 0))); } return !g_inFailureMode; }go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/BnMemory.c000066400000000000000000000130051510276467000260270ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Introduction // This file contains the memory setup functions used by the bigNum functions // in CryptoEngine //** Includes #include "Tpm.h" //** Functions //*** BnSetTop() // This function is used when the size of a bignum_t is changed. It // makes sure that the unused words are set to zero and that any significant // words of zeros are eliminated from the used size indicator. LIB_EXPORT bigNum BnSetTop( bigNum bn, // IN/OUT: number to clean crypt_uword_t top // IN: the new top ) { if(bn != NULL) { pAssert(top <= bn->allocated); // If forcing the size to be decreased, make sure that the words being // discarded are being set to 0 while(bn->size > top) bn->d[--bn->size] = 0; bn->size = top; // Now make sure that the words that are left are 'normalized' (no high-order // words of zero. while((bn->size > 0) && (bn->d[bn->size - 1] == 0)) bn->size -= 1; } return bn; } //*** BnClearTop() // This function will make sure that all unused words are zero. LIB_EXPORT bigNum BnClearTop( bigNum bn ) { crypt_uword_t i; // if(bn != NULL) { for(i = bn->size; i < bn->allocated; i++) bn->d[i] = 0; while((bn->size > 0) && (bn->d[bn->size] == 0)) bn->size -= 1; } return bn; } //*** BnInitializeWord() // This function is used to initialize an allocated bigNum with a word value. The // bigNum does not have to be allocated with a single word. LIB_EXPORT bigNum BnInitializeWord( bigNum bn, // IN: crypt_uword_t allocated, // IN: crypt_uword_t word // IN: ) { bn->allocated = allocated; bn->size = (word != 0); bn->d[0] = word; while(allocated > 1) bn->d[--allocated] = 0; return bn; } //*** BnInit() // This function initializes a stack allocated bignum_t. It initializes // 'allocated' and 'size' and zeros the words of 'd'. LIB_EXPORT bigNum BnInit( bigNum bn, crypt_uword_t allocated ) { if(bn != NULL) { bn->allocated = allocated; bn->size = 0; while(allocated != 0) bn->d[--allocated] = 0; } return bn; } //*** BnCopy() // Function to copy a bignum_t. If the output is NULL, then // nothing happens. If the input is NULL, the output is set // to zero. LIB_EXPORT BOOL BnCopy( bigNum out, bigConst in ) { if(in == out) BnSetTop(out, BnGetSize(out)); else if(out != NULL) { if(in != NULL) { unsigned int i; pAssert(BnGetAllocated(out) >= BnGetSize(in)); for(i = 0; i < BnGetSize(in); i++) out->d[i] = in->d[i]; BnSetTop(out, BnGetSize(in)); } else BnSetTop(out, 0); } return TRUE; } #if ALG_ECC //*** BnPointCopy() // Function to copy a bn point. LIB_EXPORT BOOL BnPointCopy( bigPoint pOut, pointConst pIn ) { return BnCopy(pOut->x, pIn->x) && BnCopy(pOut->y, pIn->y) && BnCopy(pOut->z, pIn->z); } //*** BnInitializePoint() // This function is used to initialize a point structure with the addresses // of the coordinates. LIB_EXPORT bn_point_t * BnInitializePoint( bigPoint p, // OUT: structure to receive pointers bigNum x, // IN: x coordinate bigNum y, // IN: y coordinate bigNum z // IN: x coordinate ) { p->x = x; p->y = y; p->z = z; BnSetWord(z, 1); return p; } #endif // ALG_ECCgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptCmac.c000066400000000000000000000157121510276467000261730ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Introduction // // This file contains the implementation of the message authentication codes based // on a symmetric block cipher. These functions only use the single block // encryption functions of the selected symmetric cryptographic library. //** Includes, Defines, and Typedefs #define _CRYPT_HASH_C_ #include "Tpm.h" #include "CryptSym.h" #if ALG_CMAC //** Functions //*** CryptCmacStart() // This is the function to start the CMAC sequence operation. It initializes the // dispatch functions for the data and end operations for CMAC and initializes the // parameters that are used for the processing of data, including the key, key size // and block cipher algorithm. UINT16 CryptCmacStart( SMAC_STATE *state, TPMU_PUBLIC_PARMS *keyParms, TPM_ALG_ID macAlg, TPM2B *key ) { tpmCmacState_t *cState = &state->state.cmac; TPMT_SYM_DEF_OBJECT *def = &keyParms->symDetail.sym; // if(macAlg != TPM_ALG_CMAC) return 0; // set up the encryption algorithm and parameters cState->symAlg = def->algorithm; cState->keySizeBits = def->keyBits.sym; cState->iv.t.size = CryptGetSymmetricBlockSize(def->algorithm, def->keyBits.sym); MemoryCopy2B(&cState->symKey.b, key, sizeof(cState->symKey.t.buffer)); // Set up the dispatch methods for the CMAC state->smacMethods.data = CryptCmacData; state->smacMethods.end = CryptCmacEnd; return cState->iv.t.size; } //*** CryptCmacData() // This function is used to add data to the CMAC sequence computation. The function // will XOR new data into the IV. If the buffer is full, and there is additional // input data, the data is encrypted into the IV buffer, the new data is then // XOR into the IV. When the data runs out, the function returns without encrypting // even if the buffer is full. The last data block of a sequence will not be // encrypted until the call to CryptCmacEnd(). This is to allow the proper subkey // to be computed and applied before the last block is encrypted. void CryptCmacData( SMAC_STATES *state, UINT32 size, const BYTE *buffer ) { tpmCmacState_t *cmacState = &state->cmac; TPM_ALG_ID algorithm = cmacState->symAlg; BYTE *key = cmacState->symKey.t.buffer; UINT16 keySizeInBits = cmacState->keySizeBits; tpmCryptKeySchedule_t keySchedule; TpmCryptSetSymKeyCall_t encrypt; // SELECT(ENCRYPT); while(size > 0) { if(cmacState->bcount == cmacState->iv.t.size) { ENCRYPT(&keySchedule, cmacState->iv.t.buffer, cmacState->iv.t.buffer); cmacState->bcount = 0; } for(;(size > 0) && (cmacState->bcount < cmacState->iv.t.size); size--, cmacState->bcount++) { cmacState->iv.t.buffer[cmacState->bcount] ^= *buffer++; } } } //*** CryptCmacEnd() // This is the completion function for the CMAC. It does padding, if needed, and // selects the subkey to be applied before the last block is encrypted. UINT16 CryptCmacEnd( SMAC_STATES *state, UINT32 outSize, BYTE *outBuffer ) { tpmCmacState_t *cState = &state->cmac; // Need to set algorithm, key, and keySizeInBits in the local context so that // the SELECT and ENCRYPT macros will work here TPM_ALG_ID algorithm = cState->symAlg; BYTE *key = cState->symKey.t.buffer; UINT16 keySizeInBits = cState->keySizeBits; tpmCryptKeySchedule_t keySchedule; TpmCryptSetSymKeyCall_t encrypt; TPM2B_IV subkey = {{0, {0}}}; BOOL xorVal; UINT16 i; subkey.t.size = cState->iv.t.size; // Encrypt a block of zero SELECT(ENCRYPT); ENCRYPT(&keySchedule, subkey.t.buffer, subkey.t.buffer); // shift left by 1 and XOR with 0x0...87 if the MSb was 0 xorVal = ((subkey.t.buffer[0] & 0x80) == 0) ? 0 : 0x87; ShiftLeft(&subkey.b); subkey.t.buffer[subkey.t.size - 1] ^= xorVal; // this is a sanity check to make sure that the algorithm is working properly. // remove this check when debug is done pAssert(cState->bcount <= cState->iv.t.size); // If the buffer is full then no need to compute subkey 2. if(cState->bcount < cState->iv.t.size) { //Pad the data cState->iv.t.buffer[cState->bcount++] ^= 0x80; // The rest of the data is a pad of zero which would simply be XORed // with the iv value so nothing to do... // Now compute K2 xorVal = ((subkey.t.buffer[0] & 0x80) == 0) ? 0 : 0x87; ShiftLeft(&subkey.b); subkey.t.buffer[subkey.t.size - 1] ^= xorVal; } // XOR the subkey into the IV for(i = 0; i < subkey.t.size; i++) cState->iv.t.buffer[i] ^= subkey.t.buffer[i]; ENCRYPT(&keySchedule, cState->iv.t.buffer, cState->iv.t.buffer); i = (UINT16)MIN(cState->iv.t.size, outSize); MemoryCopy(outBuffer, cState->iv.t.buffer, i); return i; } #endif go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptDes.c000066400000000000000000000160331510276467000260400ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Introduction // // This file contains the extra functions required for TDES. //** Includes, Defines, and Typedefs #include "Tpm.h" #if ALG_TDES #define DES_NUM_WEAK 64 const UINT64 DesWeakKeys[DES_NUM_WEAK] = { 0x0101010101010101ULL, 0xFEFEFEFEFEFEFEFEULL, 0xE0E0E0E0F1F1F1F1ULL, 0x1F1F1F1F0E0E0E0EULL, 0x011F011F010E010EULL, 0x1F011F010E010E01ULL, 0x01E001E001F101F1ULL, 0xE001E001F101F101ULL, 0x01FE01FE01FE01FEULL, 0xFE01FE01FE01FE01ULL, 0x1FE01FE00EF10EF1ULL, 0xE01FE01FF10EF10EULL, 0x1FFE1FFE0EFE0EFEULL, 0xFE1FFE1FFE0EFE0EULL, 0xE0FEE0FEF1FEF1FEULL, 0xFEE0FEE0FEF1FEF1ULL, 0x01011F1F01010E0EULL, 0x1F1F01010E0E0101ULL, 0xE0E01F1FF1F10E0EULL, 0x0101E0E00101F1F1ULL, 0x1F1FE0E00E0EF1F1ULL, 0xE0E0FEFEF1F1FEFEULL, 0x0101FEFE0101FEFEULL, 0x1F1FFEFE0E0EFEFEULL, 0xE0FE011FF1FE010EULL, 0x011F1F01010E0E01ULL, 0x1FE001FE0EF101FEULL, 0xE0FE1F01F1FE0E01ULL, 0x011FE0FE010EF1FEULL, 0x1FE0E01F0EF1F10EULL, 0xE0FEFEE0F1FEFEF1ULL, 0x011FFEE0010EFEF1ULL, 0x1FE0FE010EF1FE01ULL, 0xFE0101FEFE0101FEULL, 0x01E01FFE01F10EFEULL, 0x1FFE01E00EFE01F1ULL, 0xFE011FE0FE010EF1ULL, 0xFE01E01FFE01F10EULL, 0x1FFEE0010EFEF101ULL, 0xFE1F01E0FE0E01F1ULL, 0x01E0E00101F1F101ULL, 0x1FFEFE1F0EFEFE0EULL, 0xFE1FE001FE0EF101ULL, 0x01E0FE1F01F1FE0EULL, 0xE00101E0F10101F1ULL, 0xFE1F1FFEFE0E0EFEULL, 0x01FE1FE001FE0EF1ULL, 0xE0011FFEF1010EFEULL, 0xFEE0011FFEF1010EULL, 0x01FEE01F01FEF10EULL, 0xE001FE1FF101FE0EULL, 0xFEE01F01FEF10E01ULL, 0x01FEFE0101FEFE01ULL, 0xE01F01FEF10E01FEULL, 0xFEE0E0FEFEF1F1FEULL, 0x1F01011F0E01010EULL, 0xE01F1FE0F10E0EF1ULL, 0xFEFE0101FEFE0101ULL, 0x1F01E0FE0E01F1FEULL, 0xE01FFE01F10EFE01ULL, 0xFEFE1F1FFEFE0E0EULL, 0x1F01FEE00E01FEF1ULL, 0xE0E00101F1F10101ULL, 0xFEFEE0E0FEFEF1F1ULL}; //*** CryptSetOddByteParity() // This function sets the per byte parity of a 64-bit value. The least-significant // bit is of each byte is replaced with the odd parity of the other 7 bits in the // byte. With odd parity, no byte will ever be 0x00. UINT64 CryptSetOddByteParity( UINT64 k ) { #define PMASK 0x0101010101010101ULL UINT64 out; k |= PMASK; // set the parity bit out = k; k ^= k >> 4; k ^= k >> 2; k ^= k >> 1; k &= PMASK; // odd parity extracted out ^= k; // out is now even parity because parity bit was already set out ^= PMASK; // out is now even parity return out; } //*** CryptDesIsWeakKey() // Check to see if a DES key is on the list of weak, semi-weak, or possibly weak // keys. // Return Type: BOOL // TRUE(1) DES key is weak // FALSE(0) DES key is not weak static BOOL CryptDesIsWeakKey( UINT64 k ) { int i; // for(i = 0; i < DES_NUM_WEAK; i++) { if(k == DesWeakKeys[i]) return TRUE; } return FALSE; } //*** CryptDesValidateKey() // Function to check to see if the input key is a valid DES key where the definition // of valid is that none of the elements are on the list of weak, semi-weak, or // possibly weak keys; and that for two keys, K1!=K2, and for three keys that // K1!=K2 and K2!=K3. BOOL CryptDesValidateKey( TPM2B_SYM_KEY *desKey // IN: key to validate ) { UINT64 k[3]; int i; int keys = (desKey->t.size + 7) / 8; BYTE *pk = desKey->t.buffer; BOOL ok; // // Note: 'keys' is the number of keys, not the maximum index for 'k' ok = ((keys == 2) || (keys == 3)) && ((desKey->t.size % 8) == 0); for(i = 0; ok && i < keys; pk += 8, i++) { k[i] = CryptSetOddByteParity(BYTE_ARRAY_TO_UINT64(pk)); ok = !CryptDesIsWeakKey(k[i]); } ok = ok && k[0] != k[1]; if(keys == 3) ok = ok && k[1] != k[2]; return ok; } //*** CryptGenerateKeyDes() // This function is used to create a DES key of the appropriate size. The key will // have odd parity in the bytes. TPM_RC CryptGenerateKeyDes( TPMT_PUBLIC *publicArea, // IN/OUT: The public area template // for the new key. TPMT_SENSITIVE *sensitive, // OUT: sensitive area RAND_STATE *rand // IN: the "entropy" source for ) { // Assume that the publicArea key size has been validated and is a supported // number of bits. sensitive->sensitive.sym.t.size = BITS_TO_BYTES(publicArea->parameters.symDetail.sym.keyBits.sym); do { BYTE *pK = sensitive->sensitive.sym.t.buffer; int i = (sensitive->sensitive.sym.t.size + 7) / 8; // Use the random number generator to generate the required number of bits if(DRBG_Generate(rand, pK, sensitive->sensitive.sym.t.size) == 0) return TPM_RC_NO_RESULT; for(; i > 0; pK += 8, i--) { UINT64 k = BYTE_ARRAY_TO_UINT64(pK); k = CryptSetOddByteParity(k); UINT64_TO_BYTE_ARRAY(k, pK); } } while(!CryptDesValidateKey(&sensitive->sensitive.sym)); return TPM_RC_SUCCESS; } #endif //*** go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptEccData.c000066400000000000000000000677471510276467000266330ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmStructures; Version 4.1 Dec 8, 2018 * Date: Jan 28, 2019 Time: 01:24:09AM */ #include "Tpm.h" #include "OIDs.h" // This file contains the ECC curve data. The format of the data depends on the // setting of USE_BN_ECC_DATA. If it is defined, then the TPM's BigNum format is // used. Otherwise, it is kept in TPM2B format. The purpose of having the data in // BigNum format is so that it does not have to be reformatted before being used // by the crypto library. #if ALG_ECC #if USE_BN_ECC_DATA # define TO_ECC_64 TO_CRYPT_WORD_64 # define TO_ECC_56(a, b, c, d, e, f, g) TO_ECC_64(0, a, b, c, d, e, f, g) # define TO_ECC_48(a, b, c, d, e, f) TO_ECC_64(0, 0, a, b, c, d, e, f) # define TO_ECC_40(a, b, c, d, e) TO_ECC_64(0, 0, 0, a, b, c, d, e) # if RADIX_BITS > 32 # define TO_ECC_32(a, b, c, d) TO_ECC_64(0, 0, 0, 0, a, b, c, d) # define TO_ECC_24(a, b, c) TO_ECC_64(0, 0, 0, 0, 0, a, b, c) # define TO_ECC_16(a, b) TO_ECC_64(0, 0, 0, 0, 0, 0, a, b) # define TO_ECC_8(a) TO_ECC_64(0, 0, 0, 0, 0, 0, 0, a) # else // RADIX_BITS == 32 # define TO_ECC_32 BIG_ENDIAN_BYTES_TO_UINT32 # define TO_ECC_24(a, b, c) TO_ECC_32(0, a, b, c) # define TO_ECC_16(a, b) TO_ECC_32(0, 0, a, b) # define TO_ECC_8(a) TO_ECC_32(0, 0, 0, a) # endif #else // TPM2B_ # define TO_ECC_64(a, b, c, d, e, f, g, h) a, b, c, d, e, f, g, h # define TO_ECC_56(a, b, c, d, e, f, g) a, b, c, d, e, f, g # define TO_ECC_48(a, b, c, d, e, f) a, b, c, d, e, f # define TO_ECC_40(a, b, c, d, e) a, b, c, d, e # define TO_ECC_32(a, b, c, d) a, b, c, d # define TO_ECC_24(a, b, c) a, b, c # define TO_ECC_16(a, b) a, b # define TO_ECC_8(a) a #endif #if USE_BN_ECC_DATA #define BN_MIN_ALLOC(bytes) \ (BYTES_TO_CRYPT_WORDS(bytes) == 0) ? 1 : BYTES_TO_CRYPT_WORDS(bytes) # define ECC_CONST(NAME, bytes, initializer) \ const struct { \ crypt_uword_t allocate, size, d[BN_MIN_ALLOC(bytes)]; \ } NAME = {BN_MIN_ALLOC(bytes), BYTES_TO_CRYPT_WORDS(bytes),{initializer}} ECC_CONST(ECC_ZERO, 0, 0); #else # define ECC_CONST(NAME, bytes, initializer) \ const TPM2B_##bytes##_BYTE_VALUE NAME = {bytes, {initializer}} // Have to special case ECC_ZERO TPM2B_BYTE_VALUE(1); TPM2B_1_BYTE_VALUE ECC_ZERO = {1, {0}}; #endif ECC_CONST(ECC_ONE, 1, 1); #if !USE_BN_ECC_DATA TPM2B_BYTE_VALUE(24); #define TO_ECC_192(a, b, c) a, b, c TPM2B_BYTE_VALUE(28); #define TO_ECC_224(a, b, c, d) a, b, c, d TPM2B_BYTE_VALUE(32); #define TO_ECC_256(a, b, c, d) a, b, c, d TPM2B_BYTE_VALUE(48); #define TO_ECC_384(a, b, c, d, e, f) a, b, c, d, e, f TPM2B_BYTE_VALUE(66); #define TO_ECC_528(a, b, c, d, e, f, g, h, i) a, b, c, d, e, f, g, h, i TPM2B_BYTE_VALUE(80); #define TO_ECC_640(a, b, c, d, e, f, g, h, i, j) a, b, c, d, e, f, g, h, i, j #else #define TO_ECC_192(a, b, c) c, b, a #define TO_ECC_224(a, b, c, d) d, c, b, a #define TO_ECC_256(a, b, c, d) d, c, b, a #define TO_ECC_384(a, b, c, d, e, f) f, e, d, c, b, a #define TO_ECC_528(a, b, c, d, e, f, g, h, i) i, h, g, f, e, d, c, b, a #define TO_ECC_640(a, b, c, d, e, f, g, h, i, j) j, i, h, g, f, e, d, c, b, a #endif // !USE_BN_ECC_DATA #if ECC_NIST_P192 ECC_CONST(NIST_P192_p, 24, TO_ECC_192( TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE), TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF))); ECC_CONST(NIST_P192_a, 24, TO_ECC_192( TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE), TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC))); ECC_CONST(NIST_P192_b, 24, TO_ECC_192( TO_ECC_64(0x64, 0x21, 0x05, 0x19, 0xE5, 0x9C, 0x80, 0xE7), TO_ECC_64(0x0F, 0xA7, 0xE9, 0xAB, 0x72, 0x24, 0x30, 0x49), TO_ECC_64(0xFE, 0xB8, 0xDE, 0xEC, 0xC1, 0x46, 0xB9, 0xB1))); ECC_CONST(NIST_P192_gX, 24, TO_ECC_192( TO_ECC_64(0x18, 0x8D, 0xA8, 0x0E, 0xB0, 0x30, 0x90, 0xF6), TO_ECC_64(0x7C, 0xBF, 0x20, 0xEB, 0x43, 0xA1, 0x88, 0x00), TO_ECC_64(0xF4, 0xFF, 0x0A, 0xFD, 0x82, 0xFF, 0x10, 0x12))); ECC_CONST(NIST_P192_gY, 24, TO_ECC_192( TO_ECC_64(0x07, 0x19, 0x2B, 0x95, 0xFF, 0xC8, 0xDA, 0x78), TO_ECC_64(0x63, 0x10, 0x11, 0xED, 0x6B, 0x24, 0xCD, 0xD5), TO_ECC_64(0x73, 0xF9, 0x77, 0xA1, 0x1E, 0x79, 0x48, 0x11))); ECC_CONST(NIST_P192_n, 24, TO_ECC_192( TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0x99, 0xDE, 0xF8, 0x36), TO_ECC_64(0x14, 0x6B, 0xC9, 0xB1, 0xB4, 0xD2, 0x28, 0x31))); #define NIST_P192_h ECC_ONE #define NIST_P192_gZ ECC_ONE #if USE_BN_ECC_DATA const ECC_CURVE_DATA NIST_P192 = { (bigNum)&NIST_P192_p, (bigNum)&NIST_P192_n, (bigNum)&NIST_P192_h, (bigNum)&NIST_P192_a, (bigNum)&NIST_P192_b, {(bigNum)&NIST_P192_gX, (bigNum)&NIST_P192_gY, (bigNum)&NIST_P192_gZ}}; #else const ECC_CURVE_DATA NIST_P192 = { &NIST_P192_p.b, &NIST_P192_n.b, &NIST_P192_h.b, &NIST_P192_a.b, &NIST_P192_b.b, {&NIST_P192_gX.b, &NIST_P192_gY.b, &NIST_P192_gZ.b}}; #endif // USE_BN_ECC_DATA #endif // ECC_NIST_P192 #if ECC_NIST_P224 ECC_CONST(NIST_P224_p, 28, TO_ECC_224( TO_ECC_32(0xFF, 0xFF, 0xFF, 0xFF), TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00), TO_ECC_64(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01))); ECC_CONST(NIST_P224_a, 28, TO_ECC_224( TO_ECC_32(0xFF, 0xFF, 0xFF, 0xFF), TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF), TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE))); ECC_CONST(NIST_P224_b, 28, TO_ECC_224( TO_ECC_32(0xB4, 0x05, 0x0A, 0x85), TO_ECC_64(0x0C, 0x04, 0xB3, 0xAB, 0xF5, 0x41, 0x32, 0x56), TO_ECC_64(0x50, 0x44, 0xB0, 0xB7, 0xD7, 0xBF, 0xD8, 0xBA), TO_ECC_64(0x27, 0x0B, 0x39, 0x43, 0x23, 0x55, 0xFF, 0xB4))); ECC_CONST(NIST_P224_gX, 28, TO_ECC_224( TO_ECC_32(0xB7, 0x0E, 0x0C, 0xBD), TO_ECC_64(0x6B, 0xB4, 0xBF, 0x7F, 0x32, 0x13, 0x90, 0xB9), TO_ECC_64(0x4A, 0x03, 0xC1, 0xD3, 0x56, 0xC2, 0x11, 0x22), TO_ECC_64(0x34, 0x32, 0x80, 0xD6, 0x11, 0x5C, 0x1D, 0x21))); ECC_CONST(NIST_P224_gY, 28, TO_ECC_224( TO_ECC_32(0xBD, 0x37, 0x63, 0x88), TO_ECC_64(0xB5, 0xF7, 0x23, 0xFB, 0x4C, 0x22, 0xDF, 0xE6), TO_ECC_64(0xCD, 0x43, 0x75, 0xA0, 0x5A, 0x07, 0x47, 0x64), TO_ECC_64(0x44, 0xD5, 0x81, 0x99, 0x85, 0x00, 0x7E, 0x34))); ECC_CONST(NIST_P224_n, 28, TO_ECC_224( TO_ECC_32(0xFF, 0xFF, 0xFF, 0xFF), TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), TO_ECC_64(0xFF, 0xFF, 0x16, 0xA2, 0xE0, 0xB8, 0xF0, 0x3E), TO_ECC_64(0x13, 0xDD, 0x29, 0x45, 0x5C, 0x5C, 0x2A, 0x3D))); #define NIST_P224_h ECC_ONE #define NIST_P224_gZ ECC_ONE #if USE_BN_ECC_DATA const ECC_CURVE_DATA NIST_P224 = { (bigNum)&NIST_P224_p, (bigNum)&NIST_P224_n, (bigNum)&NIST_P224_h, (bigNum)&NIST_P224_a, (bigNum)&NIST_P224_b, {(bigNum)&NIST_P224_gX, (bigNum)&NIST_P224_gY, (bigNum)&NIST_P224_gZ}}; #else const ECC_CURVE_DATA NIST_P224 = { &NIST_P224_p.b, &NIST_P224_n.b, &NIST_P224_h.b, &NIST_P224_a.b, &NIST_P224_b.b, {&NIST_P224_gX.b, &NIST_P224_gY.b, &NIST_P224_gZ.b}}; #endif // USE_BN_ECC_DATA #endif // ECC_NIST_P224 #if ECC_NIST_P256 ECC_CONST(NIST_P256_p, 32, TO_ECC_256( TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01), TO_ECC_64(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), TO_ECC_64(0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF), TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF))); ECC_CONST(NIST_P256_a, 32, TO_ECC_256( TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01), TO_ECC_64(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00), TO_ECC_64(0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF), TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC))); ECC_CONST(NIST_P256_b, 32, TO_ECC_256( TO_ECC_64(0x5A, 0xC6, 0x35, 0xD8, 0xAA, 0x3A, 0x93, 0xE7), TO_ECC_64(0xB3, 0xEB, 0xBD, 0x55, 0x76, 0x98, 0x86, 0xBC), TO_ECC_64(0x65, 0x1D, 0x06, 0xB0, 0xCC, 0x53, 0xB0, 0xF6), TO_ECC_64(0x3B, 0xCE, 0x3C, 0x3E, 0x27, 0xD2, 0x60, 0x4B))); ECC_CONST(NIST_P256_gX, 32, TO_ECC_256( TO_ECC_64(0x6B, 0x17, 0xD1, 0xF2, 0xE1, 0x2C, 0x42, 0x47), TO_ECC_64(0xF8, 0xBC, 0xE6, 0xE5, 0x63, 0xA4, 0x40, 0xF2), TO_ECC_64(0x77, 0x03, 0x7D, 0x81, 0x2D, 0xEB, 0x33, 0xA0), TO_ECC_64(0xF4, 0xA1, 0x39, 0x45, 0xD8, 0x98, 0xC2, 0x96))); ECC_CONST(NIST_P256_gY, 32, TO_ECC_256( TO_ECC_64(0x4F, 0xE3, 0x42, 0xE2, 0xFE, 0x1A, 0x7F, 0x9B), TO_ECC_64(0x8E, 0xE7, 0xEB, 0x4A, 0x7C, 0x0F, 0x9E, 0x16), TO_ECC_64(0x2B, 0xCE, 0x33, 0x57, 0x6B, 0x31, 0x5E, 0xCE), TO_ECC_64(0xCB, 0xB6, 0x40, 0x68, 0x37, 0xBF, 0x51, 0xF5))); ECC_CONST(NIST_P256_n, 32, TO_ECC_256( TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00), TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), TO_ECC_64(0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84), TO_ECC_64(0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51))); #define NIST_P256_h ECC_ONE #define NIST_P256_gZ ECC_ONE #if USE_BN_ECC_DATA const ECC_CURVE_DATA NIST_P256 = { (bigNum)&NIST_P256_p, (bigNum)&NIST_P256_n, (bigNum)&NIST_P256_h, (bigNum)&NIST_P256_a, (bigNum)&NIST_P256_b, {(bigNum)&NIST_P256_gX, (bigNum)&NIST_P256_gY, (bigNum)&NIST_P256_gZ}}; #else const ECC_CURVE_DATA NIST_P256 = { &NIST_P256_p.b, &NIST_P256_n.b, &NIST_P256_h.b, &NIST_P256_a.b, &NIST_P256_b.b, {&NIST_P256_gX.b, &NIST_P256_gY.b, &NIST_P256_gZ.b}}; #endif // USE_BN_ECC_DATA #endif // ECC_NIST_P256 #if ECC_NIST_P384 ECC_CONST(NIST_P384_p, 48, TO_ECC_384( TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE), TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00), TO_ECC_64(0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF))); ECC_CONST(NIST_P384_a, 48, TO_ECC_384( TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE), TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00), TO_ECC_64(0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFC))); ECC_CONST(NIST_P384_b, 48, TO_ECC_384( TO_ECC_64(0xB3, 0x31, 0x2F, 0xA7, 0xE2, 0x3E, 0xE7, 0xE4), TO_ECC_64(0x98, 0x8E, 0x05, 0x6B, 0xE3, 0xF8, 0x2D, 0x19), TO_ECC_64(0x18, 0x1D, 0x9C, 0x6E, 0xFE, 0x81, 0x41, 0x12), TO_ECC_64(0x03, 0x14, 0x08, 0x8F, 0x50, 0x13, 0x87, 0x5A), TO_ECC_64(0xC6, 0x56, 0x39, 0x8D, 0x8A, 0x2E, 0xD1, 0x9D), TO_ECC_64(0x2A, 0x85, 0xC8, 0xED, 0xD3, 0xEC, 0x2A, 0xEF))); ECC_CONST(NIST_P384_gX, 48, TO_ECC_384( TO_ECC_64(0xAA, 0x87, 0xCA, 0x22, 0xBE, 0x8B, 0x05, 0x37), TO_ECC_64(0x8E, 0xB1, 0xC7, 0x1E, 0xF3, 0x20, 0xAD, 0x74), TO_ECC_64(0x6E, 0x1D, 0x3B, 0x62, 0x8B, 0xA7, 0x9B, 0x98), TO_ECC_64(0x59, 0xF7, 0x41, 0xE0, 0x82, 0x54, 0x2A, 0x38), TO_ECC_64(0x55, 0x02, 0xF2, 0x5D, 0xBF, 0x55, 0x29, 0x6C), TO_ECC_64(0x3A, 0x54, 0x5E, 0x38, 0x72, 0x76, 0x0A, 0xB7))); ECC_CONST(NIST_P384_gY, 48, TO_ECC_384( TO_ECC_64(0x36, 0x17, 0xDE, 0x4A, 0x96, 0x26, 0x2C, 0x6F), TO_ECC_64(0x5D, 0x9E, 0x98, 0xBF, 0x92, 0x92, 0xDC, 0x29), TO_ECC_64(0xF8, 0xF4, 0x1D, 0xBD, 0x28, 0x9A, 0x14, 0x7C), TO_ECC_64(0xE9, 0xDA, 0x31, 0x13, 0xB5, 0xF0, 0xB8, 0xC0), TO_ECC_64(0x0A, 0x60, 0xB1, 0xCE, 0x1D, 0x7E, 0x81, 0x9D), TO_ECC_64(0x7A, 0x43, 0x1D, 0x7C, 0x90, 0xEA, 0x0E, 0x5F))); ECC_CONST(NIST_P384_n, 48, TO_ECC_384( TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), TO_ECC_64(0xC7, 0x63, 0x4D, 0x81, 0xF4, 0x37, 0x2D, 0xDF), TO_ECC_64(0x58, 0x1A, 0x0D, 0xB2, 0x48, 0xB0, 0xA7, 0x7A), TO_ECC_64(0xEC, 0xEC, 0x19, 0x6A, 0xCC, 0xC5, 0x29, 0x73))); #define NIST_P384_h ECC_ONE #define NIST_P384_gZ ECC_ONE #if USE_BN_ECC_DATA const ECC_CURVE_DATA NIST_P384 = { (bigNum)&NIST_P384_p, (bigNum)&NIST_P384_n, (bigNum)&NIST_P384_h, (bigNum)&NIST_P384_a, (bigNum)&NIST_P384_b, {(bigNum)&NIST_P384_gX, (bigNum)&NIST_P384_gY, (bigNum)&NIST_P384_gZ}}; #else const ECC_CURVE_DATA NIST_P384 = { &NIST_P384_p.b, &NIST_P384_n.b, &NIST_P384_h.b, &NIST_P384_a.b, &NIST_P384_b.b, {&NIST_P384_gX.b, &NIST_P384_gY.b, &NIST_P384_gZ.b}}; #endif // USE_BN_ECC_DATA #endif // ECC_NIST_P384 #if ECC_NIST_P521 ECC_CONST(NIST_P521_p, 66, TO_ECC_528( TO_ECC_16(0x01, 0xFF), TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF))); ECC_CONST(NIST_P521_a, 66, TO_ECC_528( TO_ECC_16(0x01, 0xFF), TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC))); ECC_CONST(NIST_P521_b, 66, TO_ECC_528( TO_ECC_16(0x00, 0x51), TO_ECC_64(0x95, 0x3E, 0xB9, 0x61, 0x8E, 0x1C, 0x9A, 0x1F), TO_ECC_64(0x92, 0x9A, 0x21, 0xA0, 0xB6, 0x85, 0x40, 0xEE), TO_ECC_64(0xA2, 0xDA, 0x72, 0x5B, 0x99, 0xB3, 0x15, 0xF3), TO_ECC_64(0xB8, 0xB4, 0x89, 0x91, 0x8E, 0xF1, 0x09, 0xE1), TO_ECC_64(0x56, 0x19, 0x39, 0x51, 0xEC, 0x7E, 0x93, 0x7B), TO_ECC_64(0x16, 0x52, 0xC0, 0xBD, 0x3B, 0xB1, 0xBF, 0x07), TO_ECC_64(0x35, 0x73, 0xDF, 0x88, 0x3D, 0x2C, 0x34, 0xF1), TO_ECC_64(0xEF, 0x45, 0x1F, 0xD4, 0x6B, 0x50, 0x3F, 0x00))); ECC_CONST(NIST_P521_gX, 66, TO_ECC_528( TO_ECC_16(0x00, 0xC6), TO_ECC_64(0x85, 0x8E, 0x06, 0xB7, 0x04, 0x04, 0xE9, 0xCD), TO_ECC_64(0x9E, 0x3E, 0xCB, 0x66, 0x23, 0x95, 0xB4, 0x42), TO_ECC_64(0x9C, 0x64, 0x81, 0x39, 0x05, 0x3F, 0xB5, 0x21), TO_ECC_64(0xF8, 0x28, 0xAF, 0x60, 0x6B, 0x4D, 0x3D, 0xBA), TO_ECC_64(0xA1, 0x4B, 0x5E, 0x77, 0xEF, 0xE7, 0x59, 0x28), TO_ECC_64(0xFE, 0x1D, 0xC1, 0x27, 0xA2, 0xFF, 0xA8, 0xDE), TO_ECC_64(0x33, 0x48, 0xB3, 0xC1, 0x85, 0x6A, 0x42, 0x9B), TO_ECC_64(0xF9, 0x7E, 0x7E, 0x31, 0xC2, 0xE5, 0xBD, 0x66))); ECC_CONST(NIST_P521_gY, 66, TO_ECC_528( TO_ECC_16(0x01, 0x18), TO_ECC_64(0x39, 0x29, 0x6A, 0x78, 0x9A, 0x3B, 0xC0, 0x04), TO_ECC_64(0x5C, 0x8A, 0x5F, 0xB4, 0x2C, 0x7D, 0x1B, 0xD9), TO_ECC_64(0x98, 0xF5, 0x44, 0x49, 0x57, 0x9B, 0x44, 0x68), TO_ECC_64(0x17, 0xAF, 0xBD, 0x17, 0x27, 0x3E, 0x66, 0x2C), TO_ECC_64(0x97, 0xEE, 0x72, 0x99, 0x5E, 0xF4, 0x26, 0x40), TO_ECC_64(0xC5, 0x50, 0xB9, 0x01, 0x3F, 0xAD, 0x07, 0x61), TO_ECC_64(0x35, 0x3C, 0x70, 0x86, 0xA2, 0x72, 0xC2, 0x40), TO_ECC_64(0x88, 0xBE, 0x94, 0x76, 0x9F, 0xD1, 0x66, 0x50))); ECC_CONST(NIST_P521_n, 66, TO_ECC_528( TO_ECC_16(0x01, 0xFF), TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFA), TO_ECC_64(0x51, 0x86, 0x87, 0x83, 0xBF, 0x2F, 0x96, 0x6B), TO_ECC_64(0x7F, 0xCC, 0x01, 0x48, 0xF7, 0x09, 0xA5, 0xD0), TO_ECC_64(0x3B, 0xB5, 0xC9, 0xB8, 0x89, 0x9C, 0x47, 0xAE), TO_ECC_64(0xBB, 0x6F, 0xB7, 0x1E, 0x91, 0x38, 0x64, 0x09))); #define NIST_P521_h ECC_ONE #define NIST_P521_gZ ECC_ONE #if USE_BN_ECC_DATA const ECC_CURVE_DATA NIST_P521 = { (bigNum)&NIST_P521_p, (bigNum)&NIST_P521_n, (bigNum)&NIST_P521_h, (bigNum)&NIST_P521_a, (bigNum)&NIST_P521_b, {(bigNum)&NIST_P521_gX, (bigNum)&NIST_P521_gY, (bigNum)&NIST_P521_gZ}}; #else const ECC_CURVE_DATA NIST_P521 = { &NIST_P521_p.b, &NIST_P521_n.b, &NIST_P521_h.b, &NIST_P521_a.b, &NIST_P521_b.b, {&NIST_P521_gX.b, &NIST_P521_gY.b, &NIST_P521_gZ.b}}; #endif // USE_BN_ECC_DATA #endif // ECC_NIST_P521 #if ECC_BN_P256 ECC_CONST(BN_P256_p, 32, TO_ECC_256( TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, 0xF0, 0xCD), TO_ECC_64(0x46, 0xE5, 0xF2, 0x5E, 0xEE, 0x71, 0xA4, 0x9F), TO_ECC_64(0x0C, 0xDC, 0x65, 0xFB, 0x12, 0x98, 0x0A, 0x82), TO_ECC_64(0xD3, 0x29, 0x2D, 0xDB, 0xAE, 0xD3, 0x30, 0x13))); #define BN_P256_a ECC_ZERO ECC_CONST(BN_P256_b, 1, TO_ECC_8(3)); #define BN_P256_gX ECC_ONE ECC_CONST(BN_P256_gY, 1, TO_ECC_8(2)); ECC_CONST(BN_P256_n, 32, TO_ECC_256( TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, 0xF0, 0xCD), TO_ECC_64(0x46, 0xE5, 0xF2, 0x5E, 0xEE, 0x71, 0xA4, 0x9E), TO_ECC_64(0x0C, 0xDC, 0x65, 0xFB, 0x12, 0x99, 0x92, 0x1A), TO_ECC_64(0xF6, 0x2D, 0x53, 0x6C, 0xD1, 0x0B, 0x50, 0x0D))); #define BN_P256_h ECC_ONE #define BN_P256_gZ ECC_ONE #if USE_BN_ECC_DATA const ECC_CURVE_DATA BN_P256 = { (bigNum)&BN_P256_p, (bigNum)&BN_P256_n, (bigNum)&BN_P256_h, (bigNum)&BN_P256_a, (bigNum)&BN_P256_b, {(bigNum)&BN_P256_gX, (bigNum)&BN_P256_gY, (bigNum)&BN_P256_gZ}}; #else const ECC_CURVE_DATA BN_P256 = { &BN_P256_p.b, &BN_P256_n.b, &BN_P256_h.b, &BN_P256_a.b, &BN_P256_b.b, {&BN_P256_gX.b, &BN_P256_gY.b, &BN_P256_gZ.b}}; #endif // USE_BN_ECC_DATA #endif // ECC_BN_P256 #if ECC_BN_P638 ECC_CONST(BN_P638_p, 80, TO_ECC_640( TO_ECC_64(0x23, 0xFF, 0xFF, 0xFD, 0xC0, 0x00, 0x00, 0x0D), TO_ECC_64(0x7F, 0xFF, 0xFF, 0xB8, 0x00, 0x00, 0x01, 0xD3), TO_ECC_64(0xFF, 0xFF, 0xF9, 0x42, 0xD0, 0x00, 0x16, 0x5E), TO_ECC_64(0x3F, 0xFF, 0x94, 0x87, 0x00, 0x00, 0xD5, 0x2F), TO_ECC_64(0xFF, 0xFD, 0xD0, 0xE0, 0x00, 0x08, 0xDE, 0x55), TO_ECC_64(0xC0, 0x00, 0x86, 0x52, 0x00, 0x21, 0xE5, 0x5B), TO_ECC_64(0xFF, 0xFF, 0xF5, 0x1F, 0xFF, 0xF4, 0xEB, 0x80), TO_ECC_64(0x00, 0x00, 0x00, 0x4C, 0x80, 0x01, 0x5A, 0xCD), TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xEC, 0xE0), TO_ECC_64(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x67))); #define BN_P638_a ECC_ZERO ECC_CONST(BN_P638_b, 2, TO_ECC_16(0x01,0x01)); ECC_CONST(BN_P638_gX, 80, TO_ECC_640( TO_ECC_64(0x23, 0xFF, 0xFF, 0xFD, 0xC0, 0x00, 0x00, 0x0D), TO_ECC_64(0x7F, 0xFF, 0xFF, 0xB8, 0x00, 0x00, 0x01, 0xD3), TO_ECC_64(0xFF, 0xFF, 0xF9, 0x42, 0xD0, 0x00, 0x16, 0x5E), TO_ECC_64(0x3F, 0xFF, 0x94, 0x87, 0x00, 0x00, 0xD5, 0x2F), TO_ECC_64(0xFF, 0xFD, 0xD0, 0xE0, 0x00, 0x08, 0xDE, 0x55), TO_ECC_64(0xC0, 0x00, 0x86, 0x52, 0x00, 0x21, 0xE5, 0x5B), TO_ECC_64(0xFF, 0xFF, 0xF5, 0x1F, 0xFF, 0xF4, 0xEB, 0x80), TO_ECC_64(0x00, 0x00, 0x00, 0x4C, 0x80, 0x01, 0x5A, 0xCD), TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xEC, 0xE0), TO_ECC_64(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x66))); ECC_CONST(BN_P638_gY, 1, TO_ECC_8(0x10)); ECC_CONST(BN_P638_n, 80, TO_ECC_640( TO_ECC_64(0x23, 0xFF, 0xFF, 0xFD, 0xC0, 0x00, 0x00, 0x0D), TO_ECC_64(0x7F, 0xFF, 0xFF, 0xB8, 0x00, 0x00, 0x01, 0xD3), TO_ECC_64(0xFF, 0xFF, 0xF9, 0x42, 0xD0, 0x00, 0x16, 0x5E), TO_ECC_64(0x3F, 0xFF, 0x94, 0x87, 0x00, 0x00, 0xD5, 0x2F), TO_ECC_64(0xFF, 0xFD, 0xD0, 0xE0, 0x00, 0x08, 0xDE, 0x55), TO_ECC_64(0x60, 0x00, 0x86, 0x55, 0x00, 0x21, 0xE5, 0x55), TO_ECC_64(0xFF, 0xFF, 0xF5, 0x4F, 0xFF, 0xF4, 0xEA, 0xC0), TO_ECC_64(0x00, 0x00, 0x00, 0x49, 0x80, 0x01, 0x54, 0xD9), TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xED, 0xA0), TO_ECC_64(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x61))); #define BN_P638_h ECC_ONE #define BN_P638_gZ ECC_ONE #if USE_BN_ECC_DATA const ECC_CURVE_DATA BN_P638 = { (bigNum)&BN_P638_p, (bigNum)&BN_P638_n, (bigNum)&BN_P638_h, (bigNum)&BN_P638_a, (bigNum)&BN_P638_b, {(bigNum)&BN_P638_gX, (bigNum)&BN_P638_gY, (bigNum)&BN_P638_gZ}}; #else const ECC_CURVE_DATA BN_P638 = { &BN_P638_p.b, &BN_P638_n.b, &BN_P638_h.b, &BN_P638_a.b, &BN_P638_b.b, {&BN_P638_gX.b, &BN_P638_gY.b, &BN_P638_gZ.b}}; #endif // USE_BN_ECC_DATA #endif // ECC_BN_P638 #if ECC_SM2_P256 ECC_CONST(SM2_P256_p, 32, TO_ECC_256( TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF), TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00), TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF))); ECC_CONST(SM2_P256_a, 32, TO_ECC_256( TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF), TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00), TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC))); ECC_CONST(SM2_P256_b, 32, TO_ECC_256( TO_ECC_64(0x28, 0xE9, 0xFA, 0x9E, 0x9D, 0x9F, 0x5E, 0x34), TO_ECC_64(0x4D, 0x5A, 0x9E, 0x4B, 0xCF, 0x65, 0x09, 0xA7), TO_ECC_64(0xF3, 0x97, 0x89, 0xF5, 0x15, 0xAB, 0x8F, 0x92), TO_ECC_64(0xDD, 0xBC, 0xBD, 0x41, 0x4D, 0x94, 0x0E, 0x93))); ECC_CONST(SM2_P256_gX, 32, TO_ECC_256( TO_ECC_64(0x32, 0xC4, 0xAE, 0x2C, 0x1F, 0x19, 0x81, 0x19), TO_ECC_64(0x5F, 0x99, 0x04, 0x46, 0x6A, 0x39, 0xC9, 0x94), TO_ECC_64(0x8F, 0xE3, 0x0B, 0xBF, 0xF2, 0x66, 0x0B, 0xE1), TO_ECC_64(0x71, 0x5A, 0x45, 0x89, 0x33, 0x4C, 0x74, 0xC7))); ECC_CONST(SM2_P256_gY, 32, TO_ECC_256( TO_ECC_64(0xBC, 0x37, 0x36, 0xA2, 0xF4, 0xF6, 0x77, 0x9C), TO_ECC_64(0x59, 0xBD, 0xCE, 0xE3, 0x6B, 0x69, 0x21, 0x53), TO_ECC_64(0xD0, 0xA9, 0x87, 0x7C, 0xC6, 0x2A, 0x47, 0x40), TO_ECC_64(0x02, 0xDF, 0x32, 0xE5, 0x21, 0x39, 0xF0, 0xA0))); ECC_CONST(SM2_P256_n, 32, TO_ECC_256( TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF), TO_ECC_64(0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF), TO_ECC_64(0x72, 0x03, 0xDF, 0x6B, 0x21, 0xC6, 0x05, 0x2B), TO_ECC_64(0x53, 0xBB, 0xF4, 0x09, 0x39, 0xD5, 0x41, 0x23))); #define SM2_P256_h ECC_ONE #define SM2_P256_gZ ECC_ONE #if USE_BN_ECC_DATA const ECC_CURVE_DATA SM2_P256 = { (bigNum)&SM2_P256_p, (bigNum)&SM2_P256_n, (bigNum)&SM2_P256_h, (bigNum)&SM2_P256_a, (bigNum)&SM2_P256_b, {(bigNum)&SM2_P256_gX, (bigNum)&SM2_P256_gY, (bigNum)&SM2_P256_gZ}}; #else const ECC_CURVE_DATA SM2_P256 = { &SM2_P256_p.b, &SM2_P256_n.b, &SM2_P256_h.b, &SM2_P256_a.b, &SM2_P256_b.b, {&SM2_P256_gX.b, &SM2_P256_gY.b, &SM2_P256_gZ.b}}; #endif // USE_BN_ECC_DATA #endif // ECC_SM2_P256 #define comma const ECC_CURVE eccCurves[] = { #if ECC_NIST_P192 comma {TPM_ECC_NIST_P192, 192, {ALG_KDF1_SP800_56A_VALUE, {{ALG_SHA256_VALUE}}}, {ALG_NULL_VALUE, {{ALG_NULL_VALUE}}}, &NIST_P192, OID_ECC_NIST_P192 CURVE_NAME("NIST_P192")} # undef comma # define comma , #endif // ECC_NIST_P192 #if ECC_NIST_P224 comma {TPM_ECC_NIST_P224, 224, {ALG_KDF1_SP800_56A_VALUE, {{ALG_SHA256_VALUE}}}, {ALG_NULL_VALUE, {{ALG_NULL_VALUE}}}, &NIST_P224, OID_ECC_NIST_P224 CURVE_NAME("NIST_P224")} # undef comma # define comma , #endif // ECC_NIST_P224 #if ECC_NIST_P256 comma {TPM_ECC_NIST_P256, 256, {ALG_KDF1_SP800_56A_VALUE, {{ALG_SHA256_VALUE}}}, {ALG_NULL_VALUE, {{ALG_NULL_VALUE}}}, &NIST_P256, OID_ECC_NIST_P256 CURVE_NAME("NIST_P256")} # undef comma # define comma , #endif // ECC_NIST_P256 #if ECC_NIST_P384 comma {TPM_ECC_NIST_P384, 384, {ALG_KDF1_SP800_56A_VALUE, {{ALG_SHA384_VALUE}}}, {ALG_NULL_VALUE, {{ALG_NULL_VALUE}}}, &NIST_P384, OID_ECC_NIST_P384 CURVE_NAME("NIST_P384")} # undef comma # define comma , #endif // ECC_NIST_P384 #if ECC_NIST_P521 comma {TPM_ECC_NIST_P521, 521, {ALG_KDF1_SP800_56A_VALUE, {{ALG_SHA512_VALUE}}}, {ALG_NULL_VALUE, {{ALG_NULL_VALUE}}}, &NIST_P521, OID_ECC_NIST_P521 CURVE_NAME("NIST_P521")} # undef comma # define comma , #endif // ECC_NIST_P521 #if ECC_BN_P256 comma {TPM_ECC_BN_P256, 256, {ALG_NULL_VALUE, {{ALG_NULL_VALUE}}}, {ALG_NULL_VALUE, {{ALG_NULL_VALUE}}}, &BN_P256, OID_ECC_BN_P256 CURVE_NAME("BN_P256")} # undef comma # define comma , #endif // ECC_BN_P256 #if ECC_BN_P638 comma {TPM_ECC_BN_P638, 638, {ALG_NULL_VALUE, {{ALG_NULL_VALUE}}}, {ALG_NULL_VALUE, {{ALG_NULL_VALUE}}}, &BN_P638, OID_ECC_BN_P638 CURVE_NAME("BN_P638")} # undef comma # define comma , #endif // ECC_BN_P638 #if ECC_SM2_P256 comma {TPM_ECC_SM2_P256, 256, {ALG_KDF1_SP800_56A_VALUE, {{ALG_SM3_256_VALUE}}}, {ALG_NULL_VALUE, {{ALG_NULL_VALUE}}}, &SM2_P256, OID_ECC_SM2_P256 CURVE_NAME("SM2_P256")} # undef comma # define comma , #endif // ECC_SM2_P256 }; #endif // TPM_ALG_ECC go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptEccKeyExchange.c000066400000000000000000000334471510276467000301430ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Introduction // This file contains the functions that are used for the two-phase, ECC, // key-exchange protocols #include "Tpm.h" #if CC_ZGen_2Phase == YES //** Functions #if ALG_ECMQV //*** avf1() // This function does the associated value computation required by MQV key // exchange. // Process: // 1. Convert 'xQ' to an integer 'xqi' using the convention specified in Appendix C.3. // 2. Calculate // xqm = xqi mod 2^ceil(f/2) (where f = ceil(log2(n)). // 3. Calculate the associate value function // avf(Q) = xqm + 2ceil(f / 2) // Always returns TRUE(1). static BOOL avf1( bigNum bnX, // IN/OUT: the reduced value bigNum bnN // IN: the order of the curve ) { // compute f = 2^(ceil(ceil(log2(n)) / 2)) int f = (BnSizeInBits(bnN) + 1) / 2; // x' = 2^f + (x mod 2^f) BnMaskBits(bnX, f); // This is mod 2*2^f but it doesn't matter because // the next operation will SET the extra bit anyway BnSetBit(bnX, f); return TRUE; } //*** C_2_2_MQV() // This function performs the key exchange defined in SP800-56A // 6.1.1.4 Full MQV, C(2, 2, ECC MQV). // // CAUTION: Implementation of this function may require use of essential claims in // patents not owned by TCG members. // // Points 'QsB' and 'QeB' are required to be on the curve of 'inQsA'. The function // will fail, possibly catastrophically, if this is not the case. // Return Type: TPM_RC // TPM_RC_NO_RESULT the value for dsA does not give a valid point on the // curve static TPM_RC C_2_2_MQV( TPMS_ECC_POINT *outZ, // OUT: the computed point TPM_ECC_CURVE curveId, // IN: the curve for the computations TPM2B_ECC_PARAMETER *dsA, // IN: static private TPM key TPM2B_ECC_PARAMETER *deA, // IN: ephemeral private TPM key TPMS_ECC_POINT *QsB, // IN: static public party B key TPMS_ECC_POINT *QeB // IN: ephemeral public party B key ) { CURVE_INITIALIZED(E, curveId); const ECC_CURVE_DATA *C; POINT(pQeA); POINT_INITIALIZED(pQeB, QeB); POINT_INITIALIZED(pQsB, QsB); ECC_NUM(bnTa); ECC_INITIALIZED(bnDeA, deA); ECC_INITIALIZED(bnDsA, dsA); ECC_NUM(bnN); ECC_NUM(bnXeB); TPM_RC retVal; // // Parameter checks if(E == NULL) ERROR_RETURN(TPM_RC_VALUE); pAssert(outZ != NULL && pQeB != NULL && pQsB != NULL && deA != NULL && dsA != NULL); C = AccessCurveData(E); // Process: // 1. implicitsigA = (de,A + avf(Qe,A)ds,A ) mod n. // 2. P = h(implicitsigA)(Qe,B + avf(Qe,B)Qs,B). // 3. If P = O, output an error indicator. // 4. Z=xP, where xP is the x-coordinate of P. // Compute the public ephemeral key pQeA = [de,A]G if((retVal = BnPointMult(pQeA, CurveGetG(C), bnDeA, NULL, NULL, E)) != TPM_RC_SUCCESS) goto Exit; // 1. implicitsigA = (de,A + avf(Qe,A)ds,A ) mod n. // tA := (ds,A + de,A avf(Xe,A)) mod n (3) // Compute 'tA' = ('deA' + 'dsA' avf('XeA')) mod n // Ta = avf(XeA); BnCopy(bnTa, pQeA->x); avf1(bnTa, bnN); // do Ta = ds,A * Ta mod n = dsA * avf(XeA) mod n BnModMult(bnTa, bnDsA, bnTa, bnN); // now Ta = deA + Ta mod n = deA + dsA * avf(XeA) mod n BnAdd(bnTa, bnTa, bnDeA); BnMod(bnTa, bnN); // 2. P = h(implicitsigA)(Qe,B + avf(Qe,B)Qs,B). // Put this in because almost every case of h is == 1 so skip the call when // not necessary. if(!BnEqualWord(CurveGetCofactor(C), 1)) // Cofactor is not 1 so compute Ta := Ta * h mod n BnModMult(bnTa, bnTa, CurveGetCofactor(C), CurveGetOrder(C)); // Now that 'tA' is (h * 'tA' mod n) // 'outZ' = (tA)(Qe,B + avf(Qe,B)Qs,B). // first, compute XeB = avf(XeB) avf1(bnXeB, bnN); // QsB := [XeB]QsB BnPointMult(pQsB, pQsB, bnXeB, NULL, NULL, E); BnEccAdd(pQeB, pQeB, pQsB, E); // QeB := [tA]QeB = [tA](QsB + [Xe,B]QeB) and check for at infinity // If the result is not the point at infinity, return QeB BnPointMult(pQeB, pQeB, bnTa, NULL, NULL, E); if(BnEqualZero(pQeB->z)) ERROR_RETURN(TPM_RC_NO_RESULT); // Convert BIGNUM E to TPM2B E BnPointTo2B(outZ, pQeB, E); Exit: CURVE_FREE(E); return retVal; } #endif // ALG_ECMQV //*** C_2_2_ECDH() // This function performs the two phase key exchange defined in SP800-56A, // 6.1.1.2 Full Unified Model, C(2, 2, ECC CDH). // static TPM_RC C_2_2_ECDH( TPMS_ECC_POINT *outZs, // OUT: Zs TPMS_ECC_POINT *outZe, // OUT: Ze TPM_ECC_CURVE curveId, // IN: the curve for the computations TPM2B_ECC_PARAMETER *dsA, // IN: static private TPM key TPM2B_ECC_PARAMETER *deA, // IN: ephemeral private TPM key TPMS_ECC_POINT *QsB, // IN: static public party B key TPMS_ECC_POINT *QeB // IN: ephemeral public party B key ) { CURVE_INITIALIZED(E, curveId); ECC_INITIALIZED(bnAs, dsA); ECC_INITIALIZED(bnAe, deA); POINT_INITIALIZED(ecBs, QsB); POINT_INITIALIZED(ecBe, QeB); POINT(ecZ); TPM_RC retVal; // // Parameter checks if(E == NULL) ERROR_RETURN(TPM_RC_CURVE); pAssert(outZs != NULL && dsA != NULL && deA != NULL && QsB != NULL && QeB != NULL); // Do the point multiply for the Zs value ([dsA]QsB) retVal = BnPointMult(ecZ, ecBs, bnAs, NULL, NULL, E); if(retVal == TPM_RC_SUCCESS) { // Convert the Zs value. BnPointTo2B(outZs, ecZ, E); // Do the point multiply for the Ze value ([deA]QeB) retVal = BnPointMult(ecZ, ecBe, bnAe, NULL, NULL, E); if(retVal == TPM_RC_SUCCESS) BnPointTo2B(outZe, ecZ, E); } Exit: CURVE_FREE(E); return retVal; } //*** CryptEcc2PhaseKeyExchange() // This function is the dispatch routine for the EC key exchange functions that use // two ephemeral and two static keys. // Return Type: TPM_RC // TPM_RC_SCHEME scheme is not defined LIB_EXPORT TPM_RC CryptEcc2PhaseKeyExchange( TPMS_ECC_POINT *outZ1, // OUT: a computed point TPMS_ECC_POINT *outZ2, // OUT: and optional second point TPM_ECC_CURVE curveId, // IN: the curve for the computations TPM_ALG_ID scheme, // IN: the key exchange scheme TPM2B_ECC_PARAMETER *dsA, // IN: static private TPM key TPM2B_ECC_PARAMETER *deA, // IN: ephemeral private TPM key TPMS_ECC_POINT *QsB, // IN: static public party B key TPMS_ECC_POINT *QeB // IN: ephemeral public party B key ) { pAssert(outZ1 != NULL && dsA != NULL && deA != NULL && QsB != NULL && QeB != NULL); // Initialize the output points so that they are empty until one of the // functions decides otherwise outZ1->x.b.size = 0; outZ1->y.b.size = 0; if(outZ2 != NULL) { outZ2->x.b.size = 0; outZ2->y.b.size = 0; } switch(scheme) { case ALG_ECDH_VALUE: return C_2_2_ECDH(outZ1, outZ2, curveId, dsA, deA, QsB, QeB); break; #if ALG_ECMQV case ALG_ECMQV_VALUE: return C_2_2_MQV(outZ1, curveId, dsA, deA, QsB, QeB); break; #endif #if ALG_SM2 case ALG_SM2_VALUE: return SM2KeyExchange(outZ1, curveId, dsA, deA, QsB, QeB); break; #endif default: return TPM_RC_SCHEME; } } #if ALG_SM2 //*** ComputeWForSM2() // Compute the value for w used by SM2 static UINT32 ComputeWForSM2( bigCurve E ) { // w := ceil(ceil(log2(n)) / 2) - 1 return (BnMsb(CurveGetOrder(AccessCurveData(E))) / 2 - 1); } //*** avfSm2() // This function does the associated value computation required by SM2 key // exchange. This is different from the avf() in the international standards // because it returns a value that is half the size of the value returned by the // standard avf(). For example, if 'n' is 15, 'Ws' ('w' in the standard) is 2 but // the 'W' here is 1. This means that an input value of 14 (1110b) would return a // value of 110b with the standard but 10b with the scheme in SM2. static bigNum avfSm2( bigNum bn, // IN/OUT: the reduced value UINT32 w // IN: the value of w ) { // a) set w := ceil(ceil(log2(n)) / 2) - 1 // b) set x' := 2^w + ( x & (2^w - 1)) // This is just like the avf for MQV where x' = 2^w + (x mod 2^w) BnMaskBits(bn, w); // as with avf1, this is too big by a factor of 2 but // it doesn't matter because we SET the extra bit // anyway BnSetBit(bn, w); return bn; } //*** SM2KeyExchange() // This function performs the key exchange defined in SM2. // The first step is to compute // 'tA' = ('dsA' + 'deA' avf(Xe,A)) mod 'n' // Then, compute the 'Z' value from // 'outZ' = ('h' 'tA' mod 'n') ('QsA' + [avf('QeB.x')]('QeB')). // The function will compute the ephemeral public key from the ephemeral // private key. // All points are required to be on the curve of 'inQsA'. The function will fail // catastrophically if this is not the case // Return Type: TPM_RC // TPM_RC_NO_RESULT the value for dsA does not give a valid point on the // curve LIB_EXPORT TPM_RC SM2KeyExchange( TPMS_ECC_POINT *outZ, // OUT: the computed point TPM_ECC_CURVE curveId, // IN: the curve for the computations TPM2B_ECC_PARAMETER *dsAIn, // IN: static private TPM key TPM2B_ECC_PARAMETER *deAIn, // IN: ephemeral private TPM key TPMS_ECC_POINT *QsBIn, // IN: static public party B key TPMS_ECC_POINT *QeBIn // IN: ephemeral public party B key ) { CURVE_INITIALIZED(E, curveId); const ECC_CURVE_DATA *C; ECC_INITIALIZED(dsA, dsAIn); ECC_INITIALIZED(deA, deAIn); POINT_INITIALIZED(QsB, QsBIn); POINT_INITIALIZED(QeB, QeBIn); BN_WORD_INITIALIZED(One, 1); POINT(QeA); ECC_NUM(XeB); POINT(Z); ECC_NUM(Ta); UINT32 w; TPM_RC retVal = TPM_RC_NO_RESULT; // // Parameter checks if(E == NULL) ERROR_RETURN(TPM_RC_CURVE); C = AccessCurveData(E); pAssert(outZ != NULL && dsA != NULL && deA != NULL && QsB != NULL && QeB != NULL); // Compute the value for w w = ComputeWForSM2(E); // Compute the public ephemeral key pQeA = [de,A]G if(!BnEccModMult(QeA, CurveGetG(C), deA, E)) goto Exit; // tA := (ds,A + de,A avf(Xe,A)) mod n (3) // Compute 'tA' = ('dsA' + 'deA' avf('XeA')) mod n // Ta = avf(XeA); // do Ta = de,A * Ta = deA * avf(XeA) BnMult(Ta, deA, avfSm2(QeA->x, w)); // now Ta = dsA + Ta = dsA + deA * avf(XeA) BnAdd(Ta, dsA, Ta); BnMod(Ta, CurveGetOrder(C)); // outZ = [h tA mod n] (Qs,B + [avf(Xe,B)](Qe,B)) (4) // Put this in because almost every case of h is == 1 so skip the call when // not necessary. if(!BnEqualWord(CurveGetCofactor(C), 1)) // Cofactor is not 1 so compute Ta := Ta * h mod n BnModMult(Ta, Ta, CurveGetCofactor(C), CurveGetOrder(C)); // Now that 'tA' is (h * 'tA' mod n) // 'outZ' = ['tA'](QsB + [avf(QeB.x)](QeB)). BnCopy(XeB, QeB->x); if(!BnEccModMult2(Z, QsB, One, QeB, avfSm2(XeB, w), E)) goto Exit; // QeB := [tA]QeB = [tA](QsB + [Xe,B]QeB) and check for at infinity if(!BnEccModMult(Z, Z, Ta, E)) goto Exit; // Convert BIGNUM E to TPM2B E BnPointTo2B(outZ, Z, E); retVal = TPM_RC_SUCCESS; Exit: CURVE_FREE(E); return retVal; } #endif #endif // CC_ZGen_2Phasego-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptEccMain.c000066400000000000000000000672551510276467000266400ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Includes and Defines #include "Tpm.h" #if ALG_ECC // This version requires that the new format for ECC data be used #if !USE_BN_ECC_DATA #error "Need to SET USE_BN_ECC_DATA to YES in Implementaion.h" #endif //** Functions #if SIMULATION void EccSimulationEnd( void ) { #if SIMULATION // put things to be printed at the end of the simulation here #endif } #endif // SIMULATION //*** CryptEccInit() // This function is called at _TPM_Init BOOL CryptEccInit( void ) { return TRUE; } //*** CryptEccStartup() // This function is called at TPM2_Startup(). BOOL CryptEccStartup( void ) { return TRUE; } //*** ClearPoint2B(generic) // Initialize the size values of a TPMS_ECC_POINT structure. void ClearPoint2B( TPMS_ECC_POINT *p // IN: the point ) { if(p != NULL) { p->x.t.size = 0; p->y.t.size = 0; } } //*** CryptEccGetParametersByCurveId() // This function returns a pointer to the curve data that is associated with // the indicated curveId. // If there is no curve with the indicated ID, the function returns NULL. This // function is in this module so that it can be called by GetCurve data. // Return Type: const ECC_CURVE_DATA // NULL curve with the indicated TPM_ECC_CURVE is not implemented // != NULL pointer to the curve data LIB_EXPORT const ECC_CURVE * CryptEccGetParametersByCurveId( TPM_ECC_CURVE curveId // IN: the curveID ) { int i; for(i = 0; i < ECC_CURVE_COUNT; i++) { if(eccCurves[i].curveId == curveId) return &eccCurves[i]; } return NULL; } //*** CryptEccGetKeySizeForCurve() // This function returns the key size in bits of the indicated curve. LIB_EXPORT UINT16 CryptEccGetKeySizeForCurve( TPM_ECC_CURVE curveId // IN: the curve ) { const ECC_CURVE *curve = CryptEccGetParametersByCurveId(curveId); UINT16 keySizeInBits; // keySizeInBits = (curve != NULL) ? curve->keySizeBits : 0; return keySizeInBits; } //*** GetCurveData() // This function returns the a pointer for the parameter data // associated with a curve. const ECC_CURVE_DATA * GetCurveData( TPM_ECC_CURVE curveId // IN: the curveID ) { const ECC_CURVE *curve = CryptEccGetParametersByCurveId(curveId); return (curve != NULL) ? curve->curveData : NULL; } //***CryptEccGetOID() const BYTE * CryptEccGetOID( TPM_ECC_CURVE curveId ) { const ECC_CURVE *curve = CryptEccGetParametersByCurveId(curveId); return (curve != NULL) ? curve->OID : NULL; } //*** CryptEccGetCurveByIndex() // This function returns the number of the 'i'-th implemented curve. The normal // use would be to call this function with 'i' starting at 0. When the 'i' is greater // than or equal to the number of implemented curves, TPM_ECC_NONE is returned. LIB_EXPORT TPM_ECC_CURVE CryptEccGetCurveByIndex( UINT16 i ) { if(i >= ECC_CURVE_COUNT) return TPM_ECC_NONE; return eccCurves[i].curveId; } //*** CryptEccGetParameter() // This function returns an ECC curve parameter. The parameter is // selected by a single character designator from the set of ""PNABXYH"". // Return Type: BOOL // TRUE(1) curve exists and parameter returned // FALSE(0) curve does not exist or parameter selector LIB_EXPORT BOOL CryptEccGetParameter( TPM2B_ECC_PARAMETER *out, // OUT: place to put parameter char p, // IN: the parameter selector TPM_ECC_CURVE curveId // IN: the curve id ) { const ECC_CURVE_DATA *curve = GetCurveData(curveId); bigConst parameter = NULL; if(curve != NULL) { switch(p) { case 'p': parameter = CurveGetPrime(curve); break; case 'n': parameter = CurveGetOrder(curve); break; case 'a': parameter = CurveGet_a(curve); break; case 'b': parameter = CurveGet_b(curve); break; case 'x': parameter = CurveGetGx(curve); break; case 'y': parameter = CurveGetGy(curve); break; case 'h': parameter = CurveGetCofactor(curve); break; default: FAIL(FATAL_ERROR_INTERNAL); break; } } // If not debugging and we get here with parameter still NULL, had better // not try to convert so just return FALSE instead. return (parameter != NULL) ? BnTo2B(parameter, &out->b, 0) : 0; } //*** CryptCapGetECCCurve() // This function returns the list of implemented ECC curves. // Return Type: TPMI_YES_NO // YES if no more ECC curve is available // NO if there are more ECC curves not reported TPMI_YES_NO CryptCapGetECCCurve( TPM_ECC_CURVE curveID, // IN: the starting ECC curve UINT32 maxCount, // IN: count of returned curves TPML_ECC_CURVE *curveList // OUT: ECC curve list ) { TPMI_YES_NO more = NO; UINT16 i; UINT32 count = ECC_CURVE_COUNT; TPM_ECC_CURVE curve; // Initialize output property list curveList->count = 0; // The maximum count of curves we may return is MAX_ECC_CURVES if(maxCount > MAX_ECC_CURVES) maxCount = MAX_ECC_CURVES; // Scan the eccCurveValues array for(i = 0; i < count; i++) { curve = CryptEccGetCurveByIndex(i); // If curveID is less than the starting curveID, skip it if(curve < curveID) continue; if(curveList->count < maxCount) { // If we have not filled up the return list, add more curves to // it curveList->eccCurves[curveList->count] = curve; curveList->count++; } else { // If the return list is full but we still have curves // available, report this and stop iterating more = YES; break; } } return more; } //*** CryptGetCurveSignScheme() // This function will return a pointer to the scheme of the curve. const TPMT_ECC_SCHEME * CryptGetCurveSignScheme( TPM_ECC_CURVE curveId // IN: The curve selector ) { const ECC_CURVE *curve = CryptEccGetParametersByCurveId(curveId); if(curve != NULL) return &(curve->sign); else return NULL; } //*** CryptGenerateR() // This function computes the commit random value for a split signing scheme. // // If 'c' is NULL, it indicates that 'r' is being generated // for TPM2_Commit. // If 'c' is not NULL, the TPM will validate that the 'gr.commitArray' // bit associated with the input value of 'c' is SET. If not, the TPM // returns FALSE and no 'r' value is generated. // Return Type: BOOL // TRUE(1) r value computed // FALSE(0) no r value computed BOOL CryptGenerateR( TPM2B_ECC_PARAMETER *r, // OUT: the generated random value UINT16 *c, // IN/OUT: count value. TPMI_ECC_CURVE curveID, // IN: the curve for the value TPM2B_NAME *name // IN: optional name of a key to // associate with 'r' ) { // This holds the marshaled g_commitCounter. TPM2B_TYPE(8B, 8); TPM2B_8B cntr = {{8,{0}}}; UINT32 iterations; TPM2B_ECC_PARAMETER n; UINT64 currentCount = gr.commitCounter; UINT16 t1; // if(!CryptEccGetParameter(&n, 'n', curveID)) return FALSE; // If this is the commit phase, use the current value of the commit counter if(c != NULL) { // if the array bit is not set, can't use the value. if(!TEST_BIT((*c & COMMIT_INDEX_MASK), gr.commitArray)) return FALSE; // If it is the sign phase, figure out what the counter value was // when the commitment was made. // // When gr.commitArray has less than 64K bits, the extra // bits of 'c' are used as a check to make sure that the // signing operation is not using an out of range count value t1 = (UINT16)currentCount; // If the lower bits of c are greater or equal to the lower bits of t1 // then the upper bits of t1 must be one more than the upper bits // of c if((*c & COMMIT_INDEX_MASK) >= (t1 & COMMIT_INDEX_MASK)) // Since the counter is behind, reduce the current count currentCount = currentCount - (COMMIT_INDEX_MASK + 1); t1 = (UINT16)currentCount; if((t1 & ~COMMIT_INDEX_MASK) != (*c & ~COMMIT_INDEX_MASK)) return FALSE; // set the counter to the value that was // present when the commitment was made currentCount = (currentCount & 0xffffffffffff0000) | *c; } // Marshal the count value to a TPM2B buffer for the KDF cntr.t.size = sizeof(currentCount); UINT64_TO_BYTE_ARRAY(currentCount, cntr.t.buffer); // Now can do the KDF to create the random value for the signing operation // During the creation process, we may generate an r that does not meet the // requirements of the random value. // want to generate a new r. r->t.size = n.t.size; for(iterations = 1; iterations < 1000000;) { int i; CryptKDFa(CONTEXT_INTEGRITY_HASH_ALG, &gr.commitNonce.b, COMMIT_STRING, &name->b, &cntr.b, n.t.size * 8, r->t.buffer, &iterations, FALSE); // "random" value must be less than the prime if(UnsignedCompareB(r->b.size, r->b.buffer, n.t.size, n.t.buffer) >= 0) continue; // in this implementation it is required that at least bit // in the upper half of the number be set for(i = n.t.size / 2; i >= 0; i--) if(r->b.buffer[i] != 0) return TRUE; } return FALSE; } //*** CryptCommit() // This function is called when the count value is committed. The 'gr.commitArray' // value associated with the current count value is SET and g_commitCounter is // incremented. The low-order 16 bits of old value of the counter is returned. UINT16 CryptCommit( void ) { UINT16 oldCount = (UINT16)gr.commitCounter; gr.commitCounter++; SET_BIT(oldCount & COMMIT_INDEX_MASK, gr.commitArray); return oldCount; } //*** CryptEndCommit() // This function is called when the signing operation using the committed value // is completed. It clears the gr.commitArray bit associated with the count // value so that it can't be used again. void CryptEndCommit( UINT16 c // IN: the counter value of the commitment ) { ClearBit((c & COMMIT_INDEX_MASK), gr.commitArray, sizeof(gr.commitArray)); } //*** CryptEccGetParameters() // This function returns the ECC parameter details of the given curve. // Return Type: BOOL // TRUE(1) success // FALSE(0) unsupported ECC curve ID BOOL CryptEccGetParameters( TPM_ECC_CURVE curveId, // IN: ECC curve ID TPMS_ALGORITHM_DETAIL_ECC *parameters // OUT: ECC parameters ) { const ECC_CURVE *curve = CryptEccGetParametersByCurveId(curveId); const ECC_CURVE_DATA *data; BOOL found = curve != NULL; if(found) { data = curve->curveData; parameters->curveID = curve->curveId; parameters->keySize = curve->keySizeBits; parameters->kdf = curve->kdf; parameters->sign = curve->sign; // BnTo2B(data->prime, ¶meters->p.b, 0); BnTo2B(data->prime, ¶meters->p.b, parameters->p.t.size); BnTo2B(data->a, ¶meters->a.b, 0); BnTo2B(data->b, ¶meters->b.b, 0); BnTo2B(data->base.x, ¶meters->gX.b, parameters->p.t.size); BnTo2B(data->base.y, ¶meters->gY.b, parameters->p.t.size); // BnTo2B(data->base.x, ¶meters->gX.b, 0); // BnTo2B(data->base.y, ¶meters->gY.b, 0); BnTo2B(data->order, ¶meters->n.b, 0); BnTo2B(data->h, ¶meters->h.b, 0); } return found; } //*** BnGetCurvePrime() // This function is used to get just the prime modulus associated with a curve. const bignum_t * BnGetCurvePrime( TPM_ECC_CURVE curveId ) { const ECC_CURVE_DATA *C = GetCurveData(curveId); return (C != NULL) ? CurveGetPrime(C) : NULL; } //*** BnGetCurveOrder() // This function is used to get just the curve order const bignum_t * BnGetCurveOrder( TPM_ECC_CURVE curveId ) { const ECC_CURVE_DATA *C = GetCurveData(curveId); return (C != NULL) ? CurveGetOrder(C) : NULL; } //*** BnIsOnCurve() // This function checks if a point is on the curve. BOOL BnIsOnCurve( pointConst Q, const ECC_CURVE_DATA *C ) { BN_VAR(right, (MAX_ECC_KEY_BITS * 3)); BN_VAR(left, (MAX_ECC_KEY_BITS * 2)); bigConst prime = CurveGetPrime(C); // // Show that point is on the curve y^2 = x^3 + ax + b; // Or y^2 = x(x^2 + a) + b // y^2 BnMult(left, Q->y, Q->y); BnMod(left, prime); // x^2 BnMult(right, Q->x, Q->x); // x^2 + a BnAdd(right, right, CurveGet_a(C)); // BnMod(right, CurveGetPrime(C)); // x(x^2 + a) BnMult(right, right, Q->x); // x(x^2 + a) + b BnAdd(right, right, CurveGet_b(C)); BnMod(right, prime); if(BnUnsignedCmp(left, right) == 0) return TRUE; else return FALSE; } //*** BnIsValidPrivateEcc() // Checks that 0 < 'x' < 'q' BOOL BnIsValidPrivateEcc( bigConst x, // IN: private key to check bigCurve E // IN: the curve to check ) { BOOL retVal; retVal = (!BnEqualZero(x) && (BnUnsignedCmp(x, CurveGetOrder(AccessCurveData(E))) < 0)); return retVal; } LIB_EXPORT BOOL CryptEccIsValidPrivateKey( TPM2B_ECC_PARAMETER *d, TPM_ECC_CURVE curveId ) { BN_INITIALIZED(bnD, MAX_ECC_PARAMETER_BYTES * 8, d); return !BnEqualZero(bnD) && (BnUnsignedCmp(bnD, BnGetCurveOrder(curveId)) < 0); } //*** BnPointMul() // This function does a point multiply of the form 'R' = ['d']'S' + ['u']'Q' where the // parameters are bigNum values. If 'S' is NULL and d is not NULL, then it computes // 'R' = ['d']'G' + ['u']'Q' or just 'R' = ['d']'G' if 'u' and 'Q' are NULL. // If 'skipChecks' is TRUE, then the function will not verify that the inputs are // correct for the domain. This would be the case when the values were created by the // CryptoEngine code. // It will return TPM_RC_NO_RESULT if the resulting point is the point at infinity. // Return Type: TPM_RC // TPM_RC_NO_RESULT result of multiplication is a point at infinity // TPM_RC_ECC_POINT 'S' or 'Q' is not on the curve // TPM_RC_VALUE 'd' or 'u' is not < n TPM_RC BnPointMult( bigPoint R, // OUT: computed point pointConst S, // IN: optional point to multiply by 'd' bigConst d, // IN: scalar for [d]S or [d]G pointConst Q, // IN: optional second point bigConst u, // IN: optional second scalar bigCurve E // IN: curve parameters ) { BOOL OK; // TEST(TPM_ALG_ECDH); // Need one scalar OK = (d != NULL || u != NULL); // If S is present, then d has to be present. If S is not // present, then d may or may not be present OK = OK && (((S == NULL) == (d == NULL)) || (d != NULL)); // either both u and Q have to be provided or neither can be provided (don't // know what to do if only one is provided. OK = OK && ((u == NULL) == (Q == NULL)); OK = OK && (E != NULL); if(!OK) return TPM_RC_VALUE; OK = (S == NULL) || BnIsOnCurve(S, AccessCurveData(E)); OK = OK && ((Q == NULL) || BnIsOnCurve(Q, AccessCurveData(E))); if(!OK) return TPM_RC_ECC_POINT; if((d != NULL) && (S == NULL)) S = CurveGetG(AccessCurveData(E)); // If only one scalar, don't need Shamir's trick if((d == NULL) || (u == NULL)) { if(d == NULL) OK = BnEccModMult(R, Q, u, E); else OK = BnEccModMult(R, S, d, E); } else { OK = BnEccModMult2(R, S, d, Q, u, E); } return (OK ? TPM_RC_SUCCESS : TPM_RC_NO_RESULT); } //***BnEccGetPrivate() // This function gets random values that are the size of the key plus 64 bits. The // value is reduced (mod ('q' - 1)) and incremented by 1 ('q' is the order of the // curve. This produces a value ('d') such that 1 <= 'd' < 'q'. This is the method // of FIPS 186-4 Section B.4.1 ""Key Pair Generation Using Extra Random Bits"". // Return Type: BOOL // TRUE(1) success // FALSE(0) failure generating private key BOOL BnEccGetPrivate( bigNum dOut, // OUT: the qualified random value const ECC_CURVE_DATA *C, // IN: curve for which the private key // needs to be appropriate RAND_STATE *rand // IN: state for DRBG ) { bigConst order = CurveGetOrder(C); BOOL OK; UINT32 orderBits = BnSizeInBits(order); UINT32 orderBytes = BITS_TO_BYTES(orderBits); BN_VAR(bnExtraBits, MAX_ECC_KEY_BITS + 64); BN_VAR(nMinus1, MAX_ECC_KEY_BITS); // OK = BnGetRandomBits(bnExtraBits, (orderBytes * 8) + 64, rand); OK = OK && BnSubWord(nMinus1, order, 1); OK = OK && BnMod(bnExtraBits, nMinus1); OK = OK && BnAddWord(dOut, bnExtraBits, 1); return OK && !g_inFailureMode; } //*** BnEccGenerateKeyPair() // This function gets a private scalar from the source of random bits and does // the point multiply to get the public key. BOOL BnEccGenerateKeyPair( bigNum bnD, // OUT: private scalar bn_point_t *ecQ, // OUT: public point bigCurve E, // IN: curve for the point RAND_STATE *rand // IN: DRBG state to use ) { BOOL OK = FALSE; // Get a private scalar OK = BnEccGetPrivate(bnD, AccessCurveData(E), rand); // Do a point multiply OK = OK && BnEccModMult(ecQ, NULL, bnD, E); if(!OK) BnSetWord(ecQ->z, 0); else BnSetWord(ecQ->z, 1); return OK; } //***CryptEccNewKeyPair(***) // This function creates an ephemeral ECC. It is ephemeral in that // is expected that the private part of the key will be discarded LIB_EXPORT TPM_RC CryptEccNewKeyPair( TPMS_ECC_POINT *Qout, // OUT: the public point TPM2B_ECC_PARAMETER *dOut, // OUT: the private scalar TPM_ECC_CURVE curveId // IN: the curve for the key ) { CURVE_INITIALIZED(E, curveId); POINT(ecQ); ECC_NUM(bnD); BOOL OK; if(E == NULL) return TPM_RC_CURVE; TEST(TPM_ALG_ECDH); OK = BnEccGenerateKeyPair(bnD, ecQ, E, NULL); if(OK) { BnPointTo2B(Qout, ecQ, E); BnTo2B(bnD, &dOut->b, Qout->x.t.size); } else { Qout->x.t.size = Qout->y.t.size = dOut->t.size = 0; } CURVE_FREE(E); return OK ? TPM_RC_SUCCESS : TPM_RC_NO_RESULT; } //*** CryptEccPointMultiply() // This function computes 'R' := ['dIn']'G' + ['uIn']'QIn'. Where 'dIn' and // 'uIn' are scalars, 'G' and 'QIn' are points on the specified curve and 'G' is the // default generator of the curve. // // The 'xOut' and 'yOut' parameters are optional and may be set to NULL if not // used. // // It is not necessary to provide 'uIn' if 'QIn' is specified but one of 'uIn' and // 'dIn' must be provided. If 'dIn' and 'QIn' are specified but 'uIn' is not // provided, then 'R' = ['dIn']'QIn'. // // If the multiply produces the point at infinity, the TPM_RC_NO_RESULT is returned. // // The sizes of 'xOut' and yOut' will be set to be the size of the degree of // the curve // // It is a fatal error if 'dIn' and 'uIn' are both unspecified (NULL) or if 'Qin' // or 'Rout' is unspecified. // // Return Type: TPM_RC // TPM_RC_ECC_POINT the point 'Pin' or 'Qin' is not on the curve // TPM_RC_NO_RESULT the product point is at infinity // TPM_RC_CURVE bad curve // TPM_RC_VALUE 'dIn' or 'uIn' out of range // LIB_EXPORT TPM_RC CryptEccPointMultiply( TPMS_ECC_POINT *Rout, // OUT: the product point R TPM_ECC_CURVE curveId, // IN: the curve to use TPMS_ECC_POINT *Pin, // IN: first point (can be null) TPM2B_ECC_PARAMETER *dIn, // IN: scalar value for [dIn]Qin // the Pin TPMS_ECC_POINT *Qin, // IN: point Q TPM2B_ECC_PARAMETER *uIn // IN: scalar value for the multiplier // of Q ) { CURVE_INITIALIZED(E, curveId); POINT_INITIALIZED(ecP, Pin); ECC_INITIALIZED(bnD, dIn); // If dIn is null, then bnD is null ECC_INITIALIZED(bnU, uIn); POINT_INITIALIZED(ecQ, Qin); POINT(ecR); TPM_RC retVal; // retVal = BnPointMult(ecR, ecP, bnD, ecQ, bnU, E); if(retVal == TPM_RC_SUCCESS) BnPointTo2B(Rout, ecR, E); else ClearPoint2B(Rout); CURVE_FREE(E); return retVal; } //*** CryptEccIsPointOnCurve() // This function is used to test if a point is on a defined curve. It does this // by checking that 'y'^2 mod 'p' = 'x'^3 + 'a'*'x' + 'b' mod 'p'. // // It is a fatal error if 'Q' is not specified (is NULL). // Return Type: BOOL // TRUE(1) point is on curve // FALSE(0) point is not on curve or curve is not supported LIB_EXPORT BOOL CryptEccIsPointOnCurve( TPM_ECC_CURVE curveId, // IN: the curve selector TPMS_ECC_POINT *Qin // IN: the point. ) { const ECC_CURVE_DATA *C = GetCurveData(curveId); POINT_INITIALIZED(ecQ, Qin); BOOL OK; // pAssert(Qin != NULL); OK = (C != NULL && (BnIsOnCurve(ecQ, C))); return OK; } //*** CryptEccGenerateKey() // This function generates an ECC key pair based on the input parameters. // This routine uses KDFa to produce candidate numbers. The method is according // to FIPS 186-3, section B.1.2 "Key Pair Generation by Testing Candidates." // According to the method in FIPS 186-3, the resulting private value 'd' should be // 1 <= 'd' < 'n' where 'n' is the order of the base point. // // It is a fatal error if 'Qout', 'dOut', is not provided (is NULL). // // If the curve is not supported // If 'seed' is not provided, then a random number will be used for the key // Return Type: TPM_RC // TPM_RC_CURVE curve is not supported // TPM_RC_NO_RESULT could not verify key with signature (FIPS only) LIB_EXPORT TPM_RC CryptEccGenerateKey( TPMT_PUBLIC *publicArea, // IN/OUT: The public area template for // the new key. The public key // area will be replaced computed // ECC public key TPMT_SENSITIVE *sensitive, // OUT: the sensitive area will be // updated to contain the private // ECC key and the symmetric // encryption key RAND_STATE *rand // IN: if not NULL, the deterministic // RNG state ) { CURVE_INITIALIZED(E, publicArea->parameters.eccDetail.curveID); ECC_NUM(bnD); POINT(ecQ); BOOL OK; TPM_RC retVal; // TEST(TPM_ALG_ECDSA); // ECDSA is used to verify each key // Validate parameters if(E == NULL) ERROR_RETURN(TPM_RC_CURVE); publicArea->unique.ecc.x.t.size = 0; publicArea->unique.ecc.y.t.size = 0; sensitive->sensitive.ecc.t.size = 0; OK = BnEccGenerateKeyPair(bnD, ecQ, E, rand); if(OK) { BnPointTo2B(&publicArea->unique.ecc, ecQ, E); BnTo2B(bnD, &sensitive->sensitive.ecc.b, publicArea->unique.ecc.x.t.size); } #if FIPS_COMPLIANT // See if PWCT is required if(OK && IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, sign)) { ECC_NUM(bnT); ECC_NUM(bnS); TPM2B_DIGEST digest; // TEST(TPM_ALG_ECDSA); digest.t.size = MIN(sensitive->sensitive.ecc.t.size, sizeof(digest.t.buffer)); // Get a random value to sign using the built in DRBG state DRBG_Generate(NULL, digest.t.buffer, digest.t.size); if(g_inFailureMode) return TPM_RC_FAILURE; BnSignEcdsa(bnT, bnS, E, bnD, &digest, NULL); // and make sure that we can validate the signature OK = BnValidateSignatureEcdsa(bnT, bnS, E, ecQ, &digest) == TPM_RC_SUCCESS; } #endif retVal = (OK) ? TPM_RC_SUCCESS : TPM_RC_NO_RESULT; Exit: CURVE_FREE(E); return retVal; } #endif // ALG_ECCgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptEccSignature.c000066400000000000000000001064631510276467000277100ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Includes and Defines #include "Tpm.h" #include "CryptEccSignature_fp.h" #if ALG_ECC //** Utility Functions //*** EcdsaDigest() // Function to adjust the digest so that it is no larger than the order of the // curve. This is used for ECDSA sign and verification. static bigNum EcdsaDigest( bigNum bnD, // OUT: the adjusted digest const TPM2B_DIGEST *digest, // IN: digest to adjust bigConst max // IN: value that indicates the maximum // number of bits in the results ) { int bitsInMax = BnSizeInBits(max); int shift; // if(digest == NULL) BnSetWord(bnD, 0); else { BnFromBytes(bnD, digest->t.buffer, (NUMBYTES)MIN(digest->t.size, BITS_TO_BYTES(bitsInMax))); shift = BnSizeInBits(bnD) - bitsInMax; if(shift > 0) BnShiftRight(bnD, bnD, shift); } return bnD; } //*** BnSchnorrSign() // This contains the Schnorr signature computation. It is used by both ECDSA and // Schnorr signing. The result is computed as: ['s' = 'k' + 'r' * 'd' (mod 'n')] // where // 1) 's' is the signature // 2) 'k' is a random value // 3) 'r' is the value to sign // 4) 'd' is the private EC key // 5) 'n' is the order of the curve // Return Type: TPM_RC // TPM_RC_NO_RESULT the result of the operation was zero or 'r' (mod 'n') // is zero static TPM_RC BnSchnorrSign( bigNum bnS, // OUT: 's' component of the signature bigConst bnK, // IN: a random value bigNum bnR, // IN: the signature 'r' value bigConst bnD, // IN: the private key bigConst bnN // IN: the order of the curve ) { // Need a local temp value to store the intermediate computation because product // size can be larger than will fit in bnS. BN_VAR(bnT1, MAX_ECC_PARAMETER_BYTES * 2 * 8); // // Reduce bnR without changing the input value BnDiv(NULL, bnT1, bnR, bnN); if(BnEqualZero(bnT1)) return TPM_RC_NO_RESULT; // compute s = (k + r * d)(mod n) // r * d BnMult(bnT1, bnT1, bnD); // k * r * d BnAdd(bnT1, bnT1, bnK); // k + r * d (mod n) BnDiv(NULL, bnS, bnT1, bnN); return (BnEqualZero(bnS)) ? TPM_RC_NO_RESULT : TPM_RC_SUCCESS; } //** Signing Functions //*** BnSignEcdsa() // This function implements the ECDSA signing algorithm. The method is described // in the comments below. TPM_RC BnSignEcdsa( bigNum bnR, // OUT: 'r' component of the signature bigNum bnS, // OUT: 's' component of the signature bigCurve E, // IN: the curve used in the signature // process bigNum bnD, // IN: private signing key const TPM2B_DIGEST *digest, // IN: the digest to sign RAND_STATE *rand // IN: used in debug of signing ) { ECC_NUM(bnK); ECC_NUM(bnIk); BN_VAR(bnE, MAX(MAX_ECC_KEY_BYTES, MAX_DIGEST_SIZE) * 8); POINT(ecR); bigConst order = CurveGetOrder(AccessCurveData(E)); TPM_RC retVal = TPM_RC_SUCCESS; INT32 tries = 10; BOOL OK = FALSE; // pAssert(digest != NULL); // The algorithm as described in "Suite B Implementer's Guide to FIPS // 186-3(ECDSA)" // 1. Use one of the routines in Appendix A.2 to generate (k, k^-1), a // per-message secret number and its inverse modulo n. Since n is prime, // the output will be invalid only if there is a failure in the RBG. // 2. Compute the elliptic curve point R = [k]G = (xR, yR) using EC scalar // multiplication (see [Routines]), where G is the base point included in // the set of domain parameters. // 3. Compute r = xR mod n. If r = 0, then return to Step 1. 1. // 4. Use the selected hash function to compute H = Hash(M). // 5. Convert the bit string H to an integer e as described in Appendix B.2. // 6. Compute s = (k^-1 * (e + d * r)) mod q. If s = 0, return to Step 1.2. // 7. Return (r, s). // In the code below, q is n (that it, the order of the curve is p) do // This implements the loop at step 6. If s is zero, start over. { for(; tries > 0; tries--) { // Step 1 and 2 -- generate an ephemeral key and the modular inverse // of the private key. if(!BnEccGenerateKeyPair(bnK, ecR, E, rand)) continue; // x coordinate is mod p. Make it mod q BnMod(ecR->x, order); // Make sure that it is not zero; if(BnEqualZero(ecR->x)) continue; // write the modular reduced version of r as part of the signature BnCopy(bnR, ecR->x); // Make sure that a modular inverse exists and try again if not OK = (BnModInverse(bnIk, bnK, order)); if(OK) break; } if(!OK) goto Exit; EcdsaDigest(bnE, digest, order); // now have inverse of K (bnIk), e (bnE), r (bnR), d (bnD) and // CurveGetOrder(E) // Compute s = k^-1 (e + r*d)(mod q) // first do s = r*d mod q BnModMult(bnS, bnR, bnD, order); // s = e + s = e + r * d BnAdd(bnS, bnE, bnS); // s = k^(-1)s (mod n) = k^(-1)(e + r * d)(mod n) BnModMult(bnS, bnIk, bnS, order); // If S is zero, try again } while(BnEqualZero(bnS)); Exit: return retVal; } #if ALG_ECDAA //*** BnSignEcdaa() // // This function performs 's' = 'r' + 'T' * 'd' mod 'q' where // 1) 'r is a random, or pseudo-random value created in the commit phase // 2) 'nonceK' is a TPM-generated, random value 0 < 'nonceK' < 'n' // 3) 'T' is mod 'q' of "Hash"('nonceK' || 'digest'), and // 4) 'd' is a private key. // // The signature is the tuple ('nonceK', 's') // // Regrettably, the parameters in this function kind of collide with the parameter // names used in ECSCHNORR making for a lot of confusion. // Return Type: TPM_RC // TPM_RC_SCHEME unsupported hash algorithm // TPM_RC_NO_RESULT cannot get values from random number generator static TPM_RC BnSignEcdaa( TPM2B_ECC_PARAMETER *nonceK, // OUT: 'nonce' component of the signature bigNum bnS, // OUT: 's' component of the signature bigCurve E, // IN: the curve used in signing bigNum bnD, // IN: the private key const TPM2B_DIGEST *digest, // IN: the value to sign (mod 'q') TPMT_ECC_SCHEME *scheme, // IN: signing scheme (contains the // commit count value). OBJECT *eccKey, // IN: The signing key RAND_STATE *rand // IN: a random number state ) { TPM_RC retVal; TPM2B_ECC_PARAMETER r; HASH_STATE state; TPM2B_DIGEST T; BN_MAX(bnT); // NOT_REFERENCED(rand); if(!CryptGenerateR(&r, &scheme->details.ecdaa.count, eccKey->publicArea.parameters.eccDetail.curveID, &eccKey->name)) retVal = TPM_RC_VALUE; else { // This allocation is here because 'r' doesn't have a value until // CrypGenerateR() is done. ECC_INITIALIZED(bnR, &r); do { // generate nonceK such that 0 < nonceK < n // use bnT as a temp. if(!BnEccGetPrivate(bnT, AccessCurveData(E), rand)) { retVal = TPM_RC_NO_RESULT; break; } BnTo2B(bnT, &nonceK->b, 0); T.t.size = CryptHashStart(&state, scheme->details.ecdaa.hashAlg); if(T.t.size == 0) { retVal = TPM_RC_SCHEME; } else { CryptDigestUpdate2B(&state, &nonceK->b); CryptDigestUpdate2B(&state, &digest->b); CryptHashEnd2B(&state, &T.b); BnFrom2B(bnT, &T.b); // Watch out for the name collisions in this call!! retVal = BnSchnorrSign(bnS, bnR, bnT, bnD, AccessCurveData(E)->order); } } while(retVal == TPM_RC_NO_RESULT); // Because the rule is that internal state is not modified if the command // fails, only end the commit if the command succeeds. // NOTE that if the result of the Schnorr computation was zero // it will probably not be worthwhile to run the same command again because // the result will still be zero. This means that the Commit command will // need to be run again to get a new commit value for the signature. if(retVal == TPM_RC_SUCCESS) CryptEndCommit(scheme->details.ecdaa.count); } return retVal; } #endif // ALG_ECDAA #if ALG_ECSCHNORR //*** SchnorrReduce() // Function to reduce a hash result if it's magnitude is too large. The size of // 'number' is set so that it has no more bytes of significance than 'reference' // value. If the resulting number can have more bits of significance than // 'reference'. static void SchnorrReduce( TPM2B *number, // IN/OUT: Value to reduce bigConst reference // IN: the reference value ) { UINT16 maxBytes = (UINT16)BITS_TO_BYTES(BnSizeInBits(reference)); if(number->size > maxBytes) number->size = maxBytes; } //*** SchnorrEcc() // This function is used to perform a modified Schnorr signature. // // This function will generate a random value 'k' and compute // a) ('xR', 'yR') = ['k']'G' // b) 'r' = "Hash"('xR' || 'P')(mod 'q') // c) 'rT' = truncated 'r' // d) 's'= 'k' + 'rT' * 'ds' (mod 'q') // e) return the tuple 'rT', 's' // // Return Type: TPM_RC // TPM_RC_NO_RESULT failure in the Schnorr sign process // TPM_RC_SCHEME hashAlg can't produce zero-length digest static TPM_RC BnSignEcSchnorr( bigNum bnR, // OUT: 'r' component of the signature bigNum bnS, // OUT: 's' component of the signature bigCurve E, // IN: the curve used in signing bigNum bnD, // IN: the signing key const TPM2B_DIGEST *digest, // IN: the digest to sign TPM_ALG_ID hashAlg, // IN: signing scheme (contains a hash) RAND_STATE *rand // IN: non-NULL when testing ) { HASH_STATE hashState; UINT16 digestSize = CryptHashGetDigestSize(hashAlg); TPM2B_TYPE(T, MAX(MAX_DIGEST_SIZE, MAX_ECC_KEY_BYTES)); TPM2B_T T2b; TPM2B *e = &T2b.b; TPM_RC retVal = TPM_RC_NO_RESULT; const ECC_CURVE_DATA *C; bigConst order; bigConst prime; ECC_NUM(bnK); POINT(ecR); // // Parameter checks if(E == NULL) ERROR_RETURN(TPM_RC_VALUE); C = AccessCurveData(E); order = CurveGetOrder(C); prime = CurveGetOrder(C); // If the digest does not produce a hash, then null the signature and return // a failure. if(digestSize == 0) { BnSetWord(bnR, 0); BnSetWord(bnS, 0); ERROR_RETURN(TPM_RC_SCHEME); } do { // Generate a random key pair if(!BnEccGenerateKeyPair(bnK, ecR, E, rand)) break; // Convert R.x to a string BnTo2B(ecR->x, e, (NUMBYTES)BITS_TO_BYTES(BnSizeInBits(prime))); // f) compute r = Hash(e || P) (mod n) CryptHashStart(&hashState, hashAlg); CryptDigestUpdate2B(&hashState, e); CryptDigestUpdate2B(&hashState, &digest->b); e->size = CryptHashEnd(&hashState, digestSize, e->buffer); // Reduce the hash size if it is larger than the curve order SchnorrReduce(e, order); // Convert hash to number BnFrom2B(bnR, e); // Do the Schnorr computation retVal = BnSchnorrSign(bnS, bnK, bnR, bnD, CurveGetOrder(C)); } while(retVal == TPM_RC_NO_RESULT); Exit: return retVal; } #endif // ALG_ECSCHNORR #if ALG_SM2 #ifdef _SM2_SIGN_DEBUG //*** BnHexEqual() // This function compares a bignum value to a hex string. // Return Type: BOOL // TRUE(1) values equal // FALSE(0) values not equal static BOOL BnHexEqual( bigNum bn, //IN: big number value const char *c //IN: character string number ) { ECC_NUM(bnC); BnFromHex(bnC, c); return (BnUnsignedCmp(bn, bnC) == 0); } #endif // _SM2_SIGN_DEBUG //*** BnSignEcSm2() // This function signs a digest using the method defined in SM2 Part 2. The method // in the standard will add a header to the message to be signed that is a hash of // the values that define the key. This then hashed with the message to produce a // digest ('e'). This function signs 'e'. // Return Type: TPM_RC // TPM_RC_VALUE bad curve static TPM_RC BnSignEcSm2( bigNum bnR, // OUT: 'r' component of the signature bigNum bnS, // OUT: 's' component of the signature bigCurve E, // IN: the curve used in signing bigNum bnD, // IN: the private key const TPM2B_DIGEST *digest, // IN: the digest to sign RAND_STATE *rand // IN: random number generator (mostly for // debug) ) { BN_MAX_INITIALIZED(bnE, digest); // Don't know how big digest might be ECC_NUM(bnN); ECC_NUM(bnK); ECC_NUM(bnT); // temp POINT(Q1); bigConst order = (E != NULL) ? CurveGetOrder(AccessCurveData(E)) : NULL; // #ifdef _SM2_SIGN_DEBUG BnFromHex(bnE, "B524F552CD82B8B028476E005C377FB1" "9A87E6FC682D48BB5D42E3D9B9EFFE76"); BnFromHex(bnD, "128B2FA8BD433C6C068C8D803DFF7979" "2A519A55171B1B650C23661D15897263"); #endif // A3: Use random number generator to generate random number 1 <= k <= n-1; // NOTE: Ax: numbers are from the SM2 standard loop: { // Get a random number 0 < k < n BnGenerateRandomInRange(bnK, order, rand); #ifdef _SM2_SIGN_DEBUG BnFromHex(bnK, "6CB28D99385C175C94F94E934817663F" "C176D925DD72B727260DBAAE1FB2F96F"); #endif // A4: Figure out the point of elliptic curve (x1, y1)=[k]G, and according // to details specified in 4.2.7 in Part 1 of this document, transform the // data type of x1 into an integer; if(!BnEccModMult(Q1, NULL, bnK, E)) goto loop; // A5: Figure out 'r' = ('e' + 'x1') mod 'n', BnAdd(bnR, bnE, Q1->x); BnMod(bnR, order); #ifdef _SM2_SIGN_DEBUG pAssert(BnHexEqual(bnR, "40F1EC59F793D9F49E09DCEF49130D41" "94F79FB1EED2CAA55BACDB49C4E755D1")); #endif // if r=0 or r+k=n, return to A3; if(BnEqualZero(bnR)) goto loop; BnAdd(bnT, bnK, bnR); if(BnUnsignedCmp(bnT, bnN) == 0) goto loop; // A6: Figure out s = ((1 + dA)^-1 (k - r dA)) mod n, // if s=0, return to A3; // compute t = (1+dA)^-1 BnAddWord(bnT, bnD, 1); BnModInverse(bnT, bnT, order); #ifdef _SM2_SIGN_DEBUG pAssert(BnHexEqual(bnT, "79BFCF3052C80DA7B939E0C6914A18CB" "B2D96D8555256E83122743A7D4F5F956")); #endif // compute s = t * (k - r * dA) mod n BnModMult(bnS, bnR, bnD, order); // k - r * dA mod n = k + n - ((r * dA) mod n) BnSub(bnS, order, bnS); BnAdd(bnS, bnK, bnS); BnModMult(bnS, bnS, bnT, order); #ifdef _SM2_SIGN_DEBUG pAssert(BnHexEqual(bnS, "6FC6DAC32C5D5CF10C77DFB20F7C2EB6" "67A457872FB09EC56327A67EC7DEEBE7")); #endif if(BnEqualZero(bnS)) goto loop; } // A7: According to details specified in 4.2.1 in Part 1 of this document, // transform the data type of r, s into bit strings, signature of message M // is (r, s). // This is handled by the common return code #ifdef _SM2_SIGN_DEBUG pAssert(BnHexEqual(bnR, "40F1EC59F793D9F49E09DCEF49130D41" "94F79FB1EED2CAA55BACDB49C4E755D1")); pAssert(BnHexEqual(bnS, "6FC6DAC32C5D5CF10C77DFB20F7C2EB6" "67A457872FB09EC56327A67EC7DEEBE7")); #endif return TPM_RC_SUCCESS; } #endif // ALG_SM2 //*** CryptEccSign() // This function is the dispatch function for the various ECC-based // signing schemes. // There is a bit of ugliness to the parameter passing. In order to test this, // we sometime would like to use a deterministic RNG so that we can get the same // signatures during testing. The easiest way to do this for most schemes is to // pass in a deterministic RNG and let it return canned values during testing. // There is a competing need for a canned parameter to use in ECDAA. To accommodate // both needs with minimal fuss, a special type of RAND_STATE is defined to carry // the address of the commit value. The setup and handling of this is not very // different for the caller than what was in previous versions of the code. // Return Type: TPM_RC // TPM_RC_SCHEME 'scheme' is not supported LIB_EXPORT TPM_RC CryptEccSign( TPMT_SIGNATURE *signature, // OUT: signature OBJECT *signKey, // IN: ECC key to sign the hash const TPM2B_DIGEST *digest, // IN: digest to sign TPMT_ECC_SCHEME *scheme, // IN: signing scheme RAND_STATE *rand ) { CURVE_INITIALIZED(E, signKey->publicArea.parameters.eccDetail.curveID); ECC_INITIALIZED(bnD, &signKey->sensitive.sensitive.ecc.b); ECC_NUM(bnR); ECC_NUM(bnS); const ECC_CURVE_DATA *C; TPM_RC retVal = TPM_RC_SCHEME; // NOT_REFERENCED(scheme); if(E == NULL) ERROR_RETURN(TPM_RC_VALUE); C = AccessCurveData(E); signature->signature.ecdaa.signatureR.t.size = sizeof(signature->signature.ecdaa.signatureR.t.buffer); signature->signature.ecdaa.signatureS.t.size = sizeof(signature->signature.ecdaa.signatureS.t.buffer); TEST(signature->sigAlg); switch(signature->sigAlg) { case ALG_ECDSA_VALUE: retVal = BnSignEcdsa(bnR, bnS, E, bnD, digest, rand); break; #if ALG_ECDAA case ALG_ECDAA_VALUE: retVal = BnSignEcdaa(&signature->signature.ecdaa.signatureR, bnS, E, bnD, digest, scheme, signKey, rand); bnR = NULL; break; #endif #if ALG_ECSCHNORR case ALG_ECSCHNORR_VALUE: retVal = BnSignEcSchnorr(bnR, bnS, E, bnD, digest, signature->signature.ecschnorr.hash, rand); break; #endif #if ALG_SM2 case ALG_SM2_VALUE: retVal = BnSignEcSm2(bnR, bnS, E, bnD, digest, rand); break; #endif default: break; } // If signature generation worked, convert the results. if(retVal == TPM_RC_SUCCESS) { NUMBYTES orderBytes = (NUMBYTES)BITS_TO_BYTES(BnSizeInBits(CurveGetOrder(C))); if(bnR != NULL) BnTo2B(bnR, &signature->signature.ecdaa.signatureR.b, orderBytes); if(bnS != NULL) BnTo2B(bnS, &signature->signature.ecdaa.signatureS.b, orderBytes); } Exit: CURVE_FREE(E); return retVal; } //********************* Signature Validation ******************** #if ALG_ECDSA //*** BnValidateSignatureEcdsa() // This function validates an ECDSA signature. rIn and sIn should have been checked // to make sure that they are in the range 0 < 'v' < 'n' // Return Type: TPM_RC // TPM_RC_SIGNATURE signature not valid TPM_RC BnValidateSignatureEcdsa( bigNum bnR, // IN: 'r' component of the signature bigNum bnS, // IN: 's' component of the signature bigCurve E, // IN: the curve used in the signature // process bn_point_t *ecQ, // IN: the public point of the key const TPM2B_DIGEST *digest // IN: the digest that was signed ) { // Make sure that the allocation for the digest is big enough for a maximum // digest BN_VAR(bnE, MAX(MAX_ECC_KEY_BYTES, MAX_DIGEST_SIZE) * 8); POINT(ecR); ECC_NUM(bnU1); ECC_NUM(bnU2); ECC_NUM(bnW); bigConst order = CurveGetOrder(AccessCurveData(E)); TPM_RC retVal = TPM_RC_SIGNATURE; // // Get adjusted digest EcdsaDigest(bnE, digest, order); // 1. If r and s are not both integers in the interval [1, n - 1], output // INVALID. // bnR and bnS were validated by the caller // 2. Use the selected hash function to compute H0 = Hash(M0). // This is an input parameter // 3. Convert the bit string H0 to an integer e as described in Appendix B.2. // Done at entry // 4. Compute w = (s')^-1 mod n, using the routine in Appendix B.1. if(!BnModInverse(bnW, bnS, order)) goto Exit; // 5. Compute u1 = (e' * w) mod n, and compute u2 = (r' * w) mod n. BnModMult(bnU1, bnE, bnW, order); BnModMult(bnU2, bnR, bnW, order); // 6. Compute the elliptic curve point R = (xR, yR) = u1G+u2Q, using EC // scalar multiplication and EC addition (see [Routines]). If R is equal to // the point at infinity O, output INVALID. if(BnPointMult(ecR, CurveGetG(AccessCurveData(E)), bnU1, ecQ, bnU2, E) != TPM_RC_SUCCESS) goto Exit; // 7. Compute v = Rx mod n. BnMod(ecR->x, order); // 8. Compare v and r0. If v = r0, output VALID; otherwise, output INVALID if(BnUnsignedCmp(ecR->x, bnR) != 0) goto Exit; retVal = TPM_RC_SUCCESS; Exit: return retVal; } #endif // ALG_ECDSA #if ALG_SM2 //*** BnValidateSignatureEcSm2() // This function is used to validate an SM2 signature. // Return Type: TPM_RC // TPM_RC_SIGNATURE signature not valid static TPM_RC BnValidateSignatureEcSm2( bigNum bnR, // IN: 'r' component of the signature bigNum bnS, // IN: 's' component of the signature bigCurve E, // IN: the curve used in the signature // process bigPoint ecQ, // IN: the public point of the key const TPM2B_DIGEST *digest // IN: the digest that was signed ) { POINT(P); ECC_NUM(bnRp); ECC_NUM(bnT); BN_MAX_INITIALIZED(bnE, digest); BOOL OK; bigConst order = CurveGetOrder(AccessCurveData(E)); #ifdef _SM2_SIGN_DEBUG // Make sure that the input signature is the test signature pAssert(BnHexEqual(bnR, "40F1EC59F793D9F49E09DCEF49130D41" "94F79FB1EED2CAA55BACDB49C4E755D1")); pAssert(BnHexEqual(bnS, "6FC6DAC32C5D5CF10C77DFB20F7C2EB6" "67A457872FB09EC56327A67EC7DEEBE7")); #endif // b) compute t := (r + s) mod n BnAdd(bnT, bnR, bnS); BnMod(bnT, order); #ifdef _SM2_SIGN_DEBUG pAssert(BnHexEqual(bnT, "2B75F07ED7ECE7CCC1C8986B991F441A" "D324D6D619FE06DD63ED32E0C997C801")); #endif // c) verify that t > 0 OK = !BnEqualZero(bnT); if(!OK) // set T to a value that should allow rest of the computations to run // without trouble BnCopy(bnT, bnS); // d) compute (x, y) := [s]G + [t]Q OK = BnEccModMult2(P, NULL, bnS, ecQ, bnT, E); #ifdef _SM2_SIGN_DEBUG pAssert(OK && BnHexEqual(P->x, "110FCDA57615705D5E7B9324AC4B856D" "23E6D9188B2AE47759514657CE25D112")); #endif // e) compute r' := (e + x) mod n (the x coordinate is in bnT) OK = OK && BnAdd(bnRp, bnE, P->x); OK = OK && BnMod(bnRp, order); // f) verify that r' = r OK = OK && (BnUnsignedCmp(bnR, bnRp) == 0); if(!OK) return TPM_RC_SIGNATURE; else return TPM_RC_SUCCESS; } #endif // ALG_SM2 #if ALG_ECSCHNORR //*** BnValidateSignatureEcSchnorr() // This function is used to validate an EC Schnorr signature. // Return Type: TPM_RC // TPM_RC_SIGNATURE signature not valid static TPM_RC BnValidateSignatureEcSchnorr( bigNum bnR, // IN: 'r' component of the signature bigNum bnS, // IN: 's' component of the signature TPM_ALG_ID hashAlg, // IN: hash algorithm of the signature bigCurve E, // IN: the curve used in the signature // process bigPoint ecQ, // IN: the public point of the key const TPM2B_DIGEST *digest // IN: the digest that was signed ) { BN_MAX(bnRn); POINT(ecE); BN_MAX(bnEx); const ECC_CURVE_DATA *C = AccessCurveData(E); bigConst order = CurveGetOrder(C); UINT16 digestSize = CryptHashGetDigestSize(hashAlg); HASH_STATE hashState; TPM2B_TYPE(BUFFER, MAX(MAX_ECC_PARAMETER_BYTES, MAX_DIGEST_SIZE)); TPM2B_BUFFER Ex2 = {{sizeof(Ex2.t.buffer),{ 0 }}}; BOOL OK; // // E = [s]G - [r]Q BnMod(bnR, order); // Make -r = n - r BnSub(bnRn, order, bnR); // E = [s]G + [-r]Q OK = BnPointMult(ecE, CurveGetG(C), bnS, ecQ, bnRn, E) == TPM_RC_SUCCESS; // // reduce the x portion of E mod q // OK = OK && BnMod(ecE->x, order); // Convert to byte string OK = OK && BnTo2B(ecE->x, &Ex2.b, (NUMBYTES)(BITS_TO_BYTES(BnSizeInBits(order)))); if(OK) { // Ex = h(pE.x || digest) CryptHashStart(&hashState, hashAlg); CryptDigestUpdate(&hashState, Ex2.t.size, Ex2.t.buffer); CryptDigestUpdate(&hashState, digest->t.size, digest->t.buffer); Ex2.t.size = CryptHashEnd(&hashState, digestSize, Ex2.t.buffer); SchnorrReduce(&Ex2.b, order); BnFrom2B(bnEx, &Ex2.b); // see if Ex matches R OK = BnUnsignedCmp(bnEx, bnR) == 0; } return (OK) ? TPM_RC_SUCCESS : TPM_RC_SIGNATURE; } #endif // ALG_ECSCHNORR //*** CryptEccValidateSignature() // This function validates an EcDsa or EcSchnorr signature. // The point 'Qin' needs to have been validated to be on the curve of 'curveId'. // Return Type: TPM_RC // TPM_RC_SIGNATURE not a valid signature LIB_EXPORT TPM_RC CryptEccValidateSignature( TPMT_SIGNATURE *signature, // IN: signature to be verified OBJECT *signKey, // IN: ECC key signed the hash const TPM2B_DIGEST *digest // IN: digest that was signed ) { CURVE_INITIALIZED(E, signKey->publicArea.parameters.eccDetail.curveID); ECC_NUM(bnR); ECC_NUM(bnS); POINT_INITIALIZED(ecQ, &signKey->publicArea.unique.ecc); bigConst order; TPM_RC retVal; if(E == NULL) ERROR_RETURN(TPM_RC_VALUE); order = CurveGetOrder(AccessCurveData(E)); // // Make sure that the scheme is valid switch(signature->sigAlg) { case ALG_ECDSA_VALUE: #if ALG_ECSCHNORR case ALG_ECSCHNORR_VALUE: #endif #if ALG_SM2 case ALG_SM2_VALUE: #endif break; default: ERROR_RETURN(TPM_RC_SCHEME); break; } // Can convert r and s after determining that the scheme is an ECC scheme. If // this conversion doesn't work, it means that the unmarshaling code for // an ECC signature is broken. BnFrom2B(bnR, &signature->signature.ecdsa.signatureR.b); BnFrom2B(bnS, &signature->signature.ecdsa.signatureS.b); // r and s have to be greater than 0 but less than the curve order if(BnEqualZero(bnR) || BnEqualZero(bnS)) ERROR_RETURN(TPM_RC_SIGNATURE); if((BnUnsignedCmp(bnS, order) >= 0) || (BnUnsignedCmp(bnR, order) >= 0)) ERROR_RETURN(TPM_RC_SIGNATURE); switch(signature->sigAlg) { case ALG_ECDSA_VALUE: retVal = BnValidateSignatureEcdsa(bnR, bnS, E, ecQ, digest); break; #if ALG_ECSCHNORR case ALG_ECSCHNORR_VALUE: retVal = BnValidateSignatureEcSchnorr(bnR, bnS, signature->signature.any.hashAlg, E, ecQ, digest); break; #endif #if ALG_SM2 case ALG_SM2_VALUE: retVal = BnValidateSignatureEcSm2(bnR, bnS, E, ecQ, digest); break; #endif default: FAIL(FATAL_ERROR_INTERNAL); } Exit: CURVE_FREE(E); return retVal; } //***CryptEccCommitCompute() // This function performs the point multiply operations required by TPM2_Commit. // // If 'B' or 'M' is provided, they must be on the curve defined by 'curveId'. This // routine does not check that they are on the curve and results are unpredictable // if they are not. // // It is a fatal error if 'r' is NULL. If 'B' is not NULL, then it is a // fatal error if 'd' is NULL or if 'K' and 'L' are both NULL. // If 'M' is not NULL, then it is a fatal error if 'E' is NULL. // // Return Type: TPM_RC // TPM_RC_NO_RESULT if 'K', 'L' or 'E' was computed to be the point // at infinity // TPM_RC_CANCELED a cancel indication was asserted during this // function LIB_EXPORT TPM_RC CryptEccCommitCompute( TPMS_ECC_POINT *K, // OUT: [d]B or [r]Q TPMS_ECC_POINT *L, // OUT: [r]B TPMS_ECC_POINT *E, // OUT: [r]M TPM_ECC_CURVE curveId, // IN: the curve for the computations TPMS_ECC_POINT *M, // IN: M (optional) TPMS_ECC_POINT *B, // IN: B (optional) TPM2B_ECC_PARAMETER *d, // IN: d (optional) TPM2B_ECC_PARAMETER *r // IN: the computed r value (required) ) { CURVE_INITIALIZED(curve, curveId); // Normally initialize E as the curve, but // E means something else in this function ECC_INITIALIZED(bnR, r); TPM_RC retVal = TPM_RC_SUCCESS; // // Validate that the required parameters are provided. // Note: E has to be provided if computing E := [r]Q or E := [r]M. Will do // E := [r]Q if both M and B are NULL. pAssert(r != NULL && E != NULL); // Initialize the output points in case they are not computed ClearPoint2B(K); ClearPoint2B(L); ClearPoint2B(E); // Sizes of the r parameter may not be zero pAssert(r->t.size > 0); // If B is provided, compute K=[d]B and L=[r]B if(B != NULL) { ECC_INITIALIZED(bnD, d); POINT_INITIALIZED(pB, B); POINT(pK); POINT(pL); // pAssert(d != NULL && K != NULL && L != NULL); if(!BnIsOnCurve(pB, AccessCurveData(curve))) ERROR_RETURN(TPM_RC_VALUE); // do the math for K = [d]B if((retVal = BnPointMult(pK, pB, bnD, NULL, NULL, curve)) != TPM_RC_SUCCESS) goto Exit; // Convert BN K to TPM2B K BnPointTo2B(K, pK, curve); // compute L= [r]B after checking for cancel if(_plat__IsCanceled()) ERROR_RETURN(TPM_RC_CANCELED); // compute L = [r]B if(!BnIsValidPrivateEcc(bnR, curve)) ERROR_RETURN(TPM_RC_VALUE); if((retVal = BnPointMult(pL, pB, bnR, NULL, NULL, curve)) != TPM_RC_SUCCESS) goto Exit; // Convert BN L to TPM2B L BnPointTo2B(L, pL, curve); } if((M != NULL) || (B == NULL)) { POINT_INITIALIZED(pM, M); POINT(pE); // // Make sure that a place was provided for the result pAssert(E != NULL); // if this is the third point multiply, check for cancel first if((B != NULL) && _plat__IsCanceled()) ERROR_RETURN(TPM_RC_CANCELED); // If M provided, then pM will not be NULL and will compute E = [r]M. // However, if M was not provided, then pM will be NULL and E = [r]G // will be computed if((retVal = BnPointMult(pE, pM, bnR, NULL, NULL, curve)) != TPM_RC_SUCCESS) goto Exit; // Convert E to 2B format BnPointTo2B(E, pE, curve); } Exit: CURVE_FREE(curve); return retVal; } #endif // ALG_ECCgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptHash.c000066400000000000000000001027771510276467000262230ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Description // // This file contains implementation of cryptographic functions for hashing. // //** Includes, Defines, and Types #define _CRYPT_HASH_C_ #include "Tpm.h" #include "CryptHash_fp.h" #include "CryptHash.h" #include "OIDs.h" #define HASH_TABLE_SIZE (HASH_COUNT + 1) #if ALG_SHA1 HASH_DEF_TEMPLATE(SHA1, Sha1); #endif #if ALG_SHA256 HASH_DEF_TEMPLATE(SHA256, Sha256); #endif #if ALG_SHA384 HASH_DEF_TEMPLATE(SHA384, Sha384); #endif #if ALG_SHA512 HASH_DEF_TEMPLATE(SHA512, Sha512); #endif #if ALG_SM3_256 HASH_DEF_TEMPLATE(SM3_256, Sm3_256); #endif HASH_DEF NULL_Def = {{0}}; PHASH_DEF HashDefArray[] = { #if ALG_SHA1 &Sha1_Def, #endif #if ALG_SHA256 &Sha256_Def, #endif #if ALG_SHA384 &Sha384_Def, #endif #if ALG_SHA512 &Sha512_Def, #endif #if ALG_SM3_256 &Sm3_256_Def, #endif &NULL_Def }; //** Obligatory Initialization Functions //*** CryptHashInit() // This function is called by _TPM_Init do perform the initialization operations for // the library. BOOL CryptHashInit( void ) { LibHashInit(); return TRUE; } //*** CryptHashStartup() // This function is called by TPM2_Startup(). It checks that the size of the // HashDefArray is consistent with the HASH_COUNT. BOOL CryptHashStartup( void ) { int i = sizeof(HashDefArray) / sizeof(PHASH_DEF) - 1; return (i == HASH_COUNT); } //** Hash Information Access Functions //*** Introduction // These functions provide access to the hash algorithm description information. //*** CryptGetHashDef() // This function accesses the hash descriptor associated with a hash a // algorithm. The function returns a pointer to a 'null' descriptor if hashAlg is // TPM_ALG_NULL or not a defined algorithm. PHASH_DEF CryptGetHashDef( TPM_ALG_ID hashAlg ) { size_t i; #define HASHES (sizeof(HashDefArray) / sizeof(PHASH_DEF)) for(i = 0; i < HASHES; i++) { PHASH_DEF p = HashDefArray[i]; if(p->hashAlg == hashAlg) return p; } return &NULL_Def; } //*** CryptHashIsValidAlg() // This function tests to see if an algorithm ID is a valid hash algorithm. If // flag is true, then TPM_ALG_NULL is a valid hash. // Return Type: BOOL // TRUE(1) hashAlg is a valid, implemented hash on this TPM // FALSE(0) hashAlg is not valid for this TPM BOOL CryptHashIsValidAlg( TPM_ALG_ID hashAlg, // IN: the algorithm to check BOOL flag // IN: TRUE if TPM_ALG_NULL is to be treated // as a valid hash ) { if(hashAlg == TPM_ALG_NULL) return flag; return CryptGetHashDef(hashAlg) != &NULL_Def; } //*** CryptHashGetAlgByIndex() // This function is used to iterate through the hashes. TPM_ALG_NULL // is returned for all indexes that are not valid hashes. // If the TPM implements 3 hashes, then an 'index' value of 0 will // return the first implemented hash and an 'index' of 2 will return the // last. All other index values will return TPM_ALG_NULL. // // Return Type: TPM_ALG_ID // TPM_ALG_xxx a hash algorithm // TPM_ALG_NULL this can be used as a stop value LIB_EXPORT TPM_ALG_ID CryptHashGetAlgByIndex( UINT32 index // IN: the index ) { TPM_ALG_ID hashAlg; if(index >= HASH_COUNT) hashAlg = TPM_ALG_NULL; else hashAlg = HashDefArray[index]->hashAlg; return hashAlg; } //*** CryptHashGetDigestSize() // Returns the size of the digest produced by the hash. If 'hashAlg' is not a hash // algorithm, the TPM will FAIL. // Return Type: UINT16 // 0 TPM_ALG_NULL // > 0 the digest size // LIB_EXPORT UINT16 CryptHashGetDigestSize( TPM_ALG_ID hashAlg // IN: hash algorithm to look up ) { return CryptGetHashDef(hashAlg)->digestSize; } //*** CryptHashGetBlockSize() // Returns the size of the block used by the hash. If 'hashAlg' is not a hash // algorithm, the TPM will FAIL. // Return Type: UINT16 // 0 TPM_ALG_NULL // > 0 the digest size // LIB_EXPORT UINT16 CryptHashGetBlockSize( TPM_ALG_ID hashAlg // IN: hash algorithm to look up ) { return CryptGetHashDef(hashAlg)->blockSize; } //*** CryptHashGetOid() // This function returns a pointer to DER=encoded OID for a hash algorithm. All OIDs // are full OID values including the Tag (0x06) and length byte. LIB_EXPORT const BYTE * CryptHashGetOid( TPM_ALG_ID hashAlg ) { return CryptGetHashDef(hashAlg)->OID; } //*** CryptHashGetContextAlg() // This function returns the hash algorithm associated with a hash context. TPM_ALG_ID CryptHashGetContextAlg( PHASH_STATE state // IN: the context to check ) { return state->hashAlg; } //** State Import and Export //*** CryptHashCopyState // This function is used to clone a HASH_STATE. LIB_EXPORT void CryptHashCopyState( HASH_STATE *out, // OUT: destination of the state const HASH_STATE *in // IN: source of the state ) { pAssert(out->type == in->type); out->hashAlg = in->hashAlg; out->def = in->def; if(in->hashAlg != TPM_ALG_NULL) { HASH_STATE_COPY(out, in); } if(in->type == HASH_STATE_HMAC) { const HMAC_STATE *hIn = (HMAC_STATE *)in; HMAC_STATE *hOut = (HMAC_STATE *)out; hOut->hmacKey = hIn->hmacKey; } return; } //*** CryptHashExportState() // This function is used to export a hash or HMAC hash state. This function // would be called when preparing to context save a sequence object. void CryptHashExportState( PCHASH_STATE internalFmt, // IN: the hash state formatted for use by // library PEXPORT_HASH_STATE externalFmt // OUT: the exported hash state ) { BYTE *outBuf = (BYTE *)externalFmt; // cAssert(sizeof(HASH_STATE) <= sizeof(EXPORT_HASH_STATE)); // the following #define is used to move data from an aligned internal data // structure to a byte buffer (external format data. #define CopyToOffset(value) \ memcpy(&outBuf[offsetof(HASH_STATE,value)], &internalFmt->value, \ sizeof(internalFmt->value)) // Copy the hashAlg CopyToOffset(hashAlg); CopyToOffset(type); #ifdef HASH_STATE_SMAC if(internalFmt->type == HASH_STATE_SMAC) { memcpy(outBuf, internalFmt, sizeof(HASH_STATE)); return; } #endif if(internalFmt->type == HASH_STATE_HMAC) { HMAC_STATE *from = (HMAC_STATE *)internalFmt; memcpy(&outBuf[offsetof(HMAC_STATE, hmacKey)], &from->hmacKey, sizeof(from->hmacKey)); } if(internalFmt->hashAlg != TPM_ALG_NULL) HASH_STATE_EXPORT(externalFmt, internalFmt); } //*** CryptHashImportState() // This function is used to import the hash state. This function // would be called to import a hash state when the context of a sequence object // was being loaded. void CryptHashImportState( PHASH_STATE internalFmt, // OUT: the hash state formatted for use by // the library PCEXPORT_HASH_STATE externalFmt // IN: the exported hash state ) { BYTE *inBuf = (BYTE *)externalFmt; // #define CopyFromOffset(value) \ memcpy(&internalFmt->value, &inBuf[offsetof(HASH_STATE,value)], \ sizeof(internalFmt->value)) // Copy the hashAlg of the byte-aligned input structure to the structure-aligned // internal structure. CopyFromOffset(hashAlg); CopyFromOffset(type); if(internalFmt->hashAlg != TPM_ALG_NULL) { #ifdef HASH_STATE_SMAC if(internalFmt->type == HASH_STATE_SMAC) { memcpy(internalFmt, inBuf, sizeof(HASH_STATE)); return; } #endif internalFmt->def = CryptGetHashDef(internalFmt->hashAlg); HASH_STATE_IMPORT(internalFmt, inBuf); if(internalFmt->type == HASH_STATE_HMAC) { HMAC_STATE *to = (HMAC_STATE *)internalFmt; memcpy(&to->hmacKey, &inBuf[offsetof(HMAC_STATE, hmacKey)], sizeof(to->hmacKey)); } } } //** State Modification Functions //***HashEnd() // Local function to complete a hash that uses the hashDef instead of an algorithm // ID. This function is used to complete the hash and only return a partial digest. // The return value is the size of the data copied. static UINT16 HashEnd( PHASH_STATE hashState, // IN: the hash state UINT32 dOutSize, // IN: the size of receive buffer PBYTE dOut // OUT: the receive buffer ) { BYTE temp[MAX_DIGEST_SIZE]; if((hashState->hashAlg == TPM_ALG_NULL) || (hashState->type != HASH_STATE_HASH)) dOutSize = 0; if(dOutSize > 0) { hashState->def = CryptGetHashDef(hashState->hashAlg); // Set the final size dOutSize = MIN(dOutSize, hashState->def->digestSize); // Complete into the temp buffer and then copy HASH_END(hashState, temp); // Don't want any other functions calling the HASH_END method // directly. #undef HASH_END memcpy(dOut, &temp, dOutSize); } hashState->type = HASH_STATE_EMPTY; return (UINT16)dOutSize; } //*** CryptHashStart() // Functions starts a hash stack // Start a hash stack and returns the digest size. As a side effect, the // value of 'stateSize' in hashState is updated to indicate the number of bytes // of state that were saved. This function calls GetHashServer() and that function // will put the TPM into failure mode if the hash algorithm is not supported. // // This function does not use the sequence parameter. If it is necessary to import // or export context, this will start the sequence in a local state // and export the state to the input buffer. Will need to add a flag to the state // structure to indicate that it needs to be imported before it can be used. // (BLEH). // Return Type: UINT16 // 0 hash is TPM_ALG_NULL // >0 digest size LIB_EXPORT UINT16 CryptHashStart( PHASH_STATE hashState, // OUT: the running hash state TPM_ALG_ID hashAlg // IN: hash algorithm ) { UINT16 retVal; TEST(hashAlg); hashState->hashAlg = hashAlg; if(hashAlg == TPM_ALG_NULL) { retVal = 0; } else { hashState->def = CryptGetHashDef(hashAlg); HASH_START(hashState); retVal = hashState->def->digestSize; } #undef HASH_START hashState->type = HASH_STATE_HASH; return retVal; } //*** CryptDigestUpdate() // Add data to a hash or HMAC, SMAC stack. // void CryptDigestUpdate( PHASH_STATE hashState, // IN: the hash context information UINT32 dataSize, // IN: the size of data to be added const BYTE *data // IN: data to be hashed ) { if(hashState->hashAlg != TPM_ALG_NULL) { if((hashState->type == HASH_STATE_HASH) || (hashState->type == HASH_STATE_HMAC)) HASH_DATA(hashState, dataSize, (BYTE *)data); #if SMAC_IMPLEMENTED else if(hashState->type == HASH_STATE_SMAC) (hashState->state.smac.smacMethods.data)(&hashState->state.smac.state, dataSize, data); #endif // SMAC_IMPLEMENTED else FAIL(FATAL_ERROR_INTERNAL); } return; } //*** CryptHashEnd() // Complete a hash or HMAC computation. This function will place the smaller of // 'digestSize' or the size of the digest in 'dOut'. The number of bytes in the // placed in the buffer is returned. If there is a failure, the returned value // is <= 0. // Return Type: UINT16 // 0 no data returned // > 0 the number of bytes in the digest or dOutSize, whichever is smaller LIB_EXPORT UINT16 CryptHashEnd( PHASH_STATE hashState, // IN: the state of hash stack UINT32 dOutSize, // IN: size of digest buffer BYTE *dOut // OUT: hash digest ) { pAssert(hashState->type == HASH_STATE_HASH); return HashEnd(hashState, dOutSize, dOut); } //*** CryptHashBlock() // Start a hash, hash a single block, update 'digest' and return the size of // the results. // // The 'digestSize' parameter can be smaller than the digest. If so, only the more // significant bytes are returned. // Return Type: UINT16 // >= 0 number of bytes placed in 'dOut' LIB_EXPORT UINT16 CryptHashBlock( TPM_ALG_ID hashAlg, // IN: The hash algorithm UINT32 dataSize, // IN: size of buffer to hash const BYTE *data, // IN: the buffer to hash UINT32 dOutSize, // IN: size of the digest buffer BYTE *dOut // OUT: digest buffer ) { HASH_STATE state; CryptHashStart(&state, hashAlg); CryptDigestUpdate(&state, dataSize, data); return HashEnd(&state, dOutSize, dOut); } //*** CryptDigestUpdate2B() // This function updates a digest (hash or HMAC) with a TPM2B. // // This function can be used for both HMAC and hash functions so the // 'digestState' is void so that either state type can be passed. LIB_EXPORT void CryptDigestUpdate2B( PHASH_STATE state, // IN: the digest state const TPM2B *bIn // IN: 2B containing the data ) { // Only compute the digest if a pointer to the 2B is provided. // In CryptDigestUpdate(), if size is zero or buffer is NULL, then no change // to the digest occurs. This function should not provide a buffer if bIn is // not provided. pAssert(bIn != NULL); CryptDigestUpdate(state, bIn->size, bIn->buffer); return; } //*** CryptHashEnd2B() // This function is the same as CryptCompleteHash() but the digest is // placed in a TPM2B. This is the most common use and this is provided // for specification clarity. 'digest.size' should be set to indicate the number of // bytes to place in the buffer // Return Type: UINT16 // >=0 the number of bytes placed in 'digest.buffer' LIB_EXPORT UINT16 CryptHashEnd2B( PHASH_STATE state, // IN: the hash state P2B digest // IN: the size of the buffer Out: requested // number of bytes ) { return CryptHashEnd(state, digest->size, digest->buffer); } //*** CryptDigestUpdateInt() // This function is used to include an integer value to a hash stack. The function // marshals the integer into its canonical form before calling CryptDigestUpdate(). LIB_EXPORT void CryptDigestUpdateInt( void *state, // IN: the state of hash stack UINT32 intSize, // IN: the size of 'intValue' in bytes UINT64 intValue // IN: integer value to be hashed ) { #if LITTLE_ENDIAN_TPM intValue = REVERSE_ENDIAN_64(intValue); #endif CryptDigestUpdate(state, intSize, &((BYTE *)&intValue)[8 - intSize]); } //** HMAC Functions //*** CryptHmacStart() // This function is used to start an HMAC using a temp // hash context. The function does the initialization // of the hash with the HMAC key XOR iPad and updates the // HMAC key XOR oPad. // // The function returns the number of bytes in a digest produced by 'hashAlg'. // Return Type: UINT16 // >= 0 number of bytes in digest produced by 'hashAlg' (may be zero) // LIB_EXPORT UINT16 CryptHmacStart( PHMAC_STATE state, // IN/OUT: the state buffer TPM_ALG_ID hashAlg, // IN: the algorithm to use UINT16 keySize, // IN: the size of the HMAC key const BYTE *key // IN: the HMAC key ) { PHASH_DEF hashDef; BYTE * pb; UINT32 i; // hashDef = CryptGetHashDef(hashAlg); if(hashDef->digestSize != 0) { // If the HMAC key is larger than the hash block size, it has to be reduced // to fit. The reduction is a digest of the hashKey. if(keySize > hashDef->blockSize) { // if the key is too big, reduce it to a digest of itself state->hmacKey.t.size = CryptHashBlock(hashAlg, keySize, key, hashDef->digestSize, state->hmacKey.t.buffer); } else { memcpy(state->hmacKey.t.buffer, key, keySize); state->hmacKey.t.size = keySize; } // XOR the key with iPad (0x36) pb = state->hmacKey.t.buffer; for(i = state->hmacKey.t.size; i > 0; i--) *pb++ ^= 0x36; // if the keySize is smaller than a block, fill the rest with 0x36 for(i = hashDef->blockSize - state->hmacKey.t.size; i > 0; i--) *pb++ = 0x36; // Increase the oPadSize to a full block state->hmacKey.t.size = hashDef->blockSize; // Start a new hash with the HMAC key // This will go in the caller's state structure and may be a sequence or not CryptHashStart((PHASH_STATE)state, hashAlg); CryptDigestUpdate((PHASH_STATE)state, state->hmacKey.t.size, state->hmacKey.t.buffer); // XOR the key block with 0x5c ^ 0x36 for(pb = state->hmacKey.t.buffer, i = hashDef->blockSize; i > 0; i--) *pb++ ^= (0x5c ^ 0x36); } // Set the hash algorithm state->hashState.hashAlg = hashAlg; // Set the hash state type state->hashState.type = HASH_STATE_HMAC; return hashDef->digestSize; } //*** CryptHmacEnd() // This function is called to complete an HMAC. It will finish the current // digest, and start a new digest. It will then add the oPadKey and the // completed digest and return the results in dOut. It will not return more // than dOutSize bytes. // Return Type: UINT16 // >= 0 number of bytes in 'dOut' (may be zero) LIB_EXPORT UINT16 CryptHmacEnd( PHMAC_STATE state, // IN: the hash state buffer UINT32 dOutSize, // IN: size of digest buffer BYTE *dOut // OUT: hash digest ) { BYTE temp[MAX_DIGEST_SIZE]; PHASH_STATE hState = (PHASH_STATE)&state->hashState; #if SMAC_IMPLEMENTED if(hState->type == HASH_STATE_SMAC) return (state->hashState.state.smac.smacMethods.end) (&state->hashState.state.smac.state, dOutSize, dOut); #endif pAssert(hState->type == HASH_STATE_HMAC); hState->def = CryptGetHashDef(hState->hashAlg); // Change the state type for completion processing hState->type = HASH_STATE_HASH; if(hState->hashAlg == TPM_ALG_NULL) dOutSize = 0; else { // Complete the current hash HashEnd(hState, hState->def->digestSize, temp); // Do another hash starting with the oPad CryptHashStart(hState, hState->hashAlg); CryptDigestUpdate(hState, state->hmacKey.t.size, state->hmacKey.t.buffer); CryptDigestUpdate(hState, hState->def->digestSize, temp); } return HashEnd(hState, dOutSize, dOut); } //*** CryptHmacStart2B() // This function starts an HMAC and returns the size of the digest // that will be produced. // // This function is provided to support the most common use of starting an HMAC // with a TPM2B key. // // The caller must provide a block of memory in which the hash sequence state // is kept. The caller should not alter the contents of this buffer until the // hash sequence is completed or abandoned. // // Return Type: UINT16 // > 0 the digest size of the algorithm // = 0 the hashAlg was TPM_ALG_NULL LIB_EXPORT UINT16 CryptHmacStart2B( PHMAC_STATE hmacState, // OUT: the state of HMAC stack. It will be used // in HMAC update and completion TPMI_ALG_HASH hashAlg, // IN: hash algorithm P2B key // IN: HMAC key ) { return CryptHmacStart(hmacState, hashAlg, key->size, key->buffer); } //*** CryptHmacEnd2B() // This function is the same as CryptHmacEnd() but the HMAC result // is returned in a TPM2B which is the most common use. // Return Type: UINT16 // >=0 the number of bytes placed in 'digest' LIB_EXPORT UINT16 CryptHmacEnd2B( PHMAC_STATE hmacState, // IN: the state of HMAC stack P2B digest // OUT: HMAC ) { return CryptHmacEnd(hmacState, digest->size, digest->buffer); } //** Mask and Key Generation Functions //*** CryptMGF1() // This function performs MGF1 using the selected hash. MGF1 is // T(n) = T(n-1) || H(seed || counter). // This function returns the length of the mask produced which // could be zero if the digest algorithm is not supported // Return Type: UINT16 // 0 hash algorithm was TPM_ALG_NULL // > 0 should be the same as 'mSize' LIB_EXPORT UINT16 CryptMGF1( UINT32 mSize, // IN: length of the mask to be produced BYTE *mask, // OUT: buffer to receive the mask TPM_ALG_ID hashAlg, // IN: hash to use UINT32 seedSize, // IN: size of the seed BYTE *seed // IN: seed size ) { HASH_STATE hashState; PHASH_DEF hDef = CryptGetHashDef(hashAlg); UINT32 remaining; UINT32 counter = 0; BYTE swappedCounter[4]; // If there is no digest to compute return if((hashAlg == TPM_ALG_NULL) || (mSize == 0)) return 0; for(remaining = mSize; ; remaining -= hDef->digestSize) { // Because the system may be either Endian... UINT32_TO_BYTE_ARRAY(counter, swappedCounter); // Start the hash and include the seed and counter CryptHashStart(&hashState, hashAlg); CryptDigestUpdate(&hashState, seedSize, seed); CryptDigestUpdate(&hashState, 4, swappedCounter); // Handling the completion depends on how much space remains in the mask // buffer. If it can hold the entire digest, put it there. If not // put the digest in a temp buffer and only copy the amount that // will fit into the mask buffer. HashEnd(&hashState, remaining, mask); if(remaining <= hDef->digestSize) break; mask = &mask[hDef->digestSize]; counter++; } return (UINT16)mSize; } //*** CryptKDFa() // This function performs the key generation according to Part 1 of the // TPM specification. // // This function returns the number of bytes generated which may be zero. // // The 'key' and 'keyStream' pointers are not allowed to be NULL. The other // pointer values may be NULL. The value of 'sizeInBits' must be no larger // than (2^18)-1 = 256K bits (32385 bytes). // // The 'once' parameter is set to allow incremental generation of a large // value. If this flag is TRUE, 'sizeInBits' will be used in the HMAC computation // but only one iteration of the KDF is performed. This would be used for // XOR obfuscation so that the mask value can be generated in digest-sized // chunks rather than having to be generated all at once in an arbitrarily // large buffer and then XORed into the result. If 'once' is TRUE, then // 'sizeInBits' must be a multiple of 8. // // Any error in the processing of this command is considered fatal. // Return Type: UINT16 // 0 hash algorithm is not supported or is TPM_ALG_NULL // > 0 the number of bytes in the 'keyStream' buffer LIB_EXPORT UINT16 CryptKDFa( TPM_ALG_ID hashAlg, // IN: hash algorithm used in HMAC const TPM2B *key, // IN: HMAC key const TPM2B *label, // IN: a label for the KDF const TPM2B *contextU, // IN: context U const TPM2B *contextV, // IN: context V UINT32 sizeInBits, // IN: size of generated key in bits BYTE *keyStream, // OUT: key buffer UINT32 *counterInOut, // IN/OUT: caller may provide the iteration // counter for incremental operations to // avoid large intermediate buffers. UINT16 blocks // IN: If non-zero, this is the maximum number // of blocks to be returned, regardless // of sizeInBits ) { UINT32 counter = 0; // counter value INT16 bytes; // number of bytes to produce UINT16 generated; // number of bytes generated BYTE *stream = keyStream; HMAC_STATE hState; UINT16 digestSize = CryptHashGetDigestSize(hashAlg); pAssert(key != NULL && keyStream != NULL); TEST(TPM_ALG_KDF1_SP800_108); if(digestSize == 0) return 0; if(counterInOut != NULL) counter = *counterInOut; // If the size of the request is larger than the numbers will handle, // it is a fatal error. pAssert(((sizeInBits + 7) / 8) <= INT16_MAX); // The number of bytes to be generated is the smaller of the sizeInBits bytes or // the number of requested blocks. The number of blocks is the smaller of the // number requested or the number allowed by sizeInBits. A partial block is // a full block. bytes = (blocks > 0) ? blocks * digestSize : (UINT16)BITS_TO_BYTES(sizeInBits); generated = bytes; // Generate required bytes for(; bytes > 0; bytes -= digestSize) { counter++; // Start HMAC if(CryptHmacStart(&hState, hashAlg, key->size, key->buffer) == 0) return 0; // Adding counter CryptDigestUpdateInt(&hState.hashState, 4, counter); // Adding label if(label != NULL) HASH_DATA(&hState.hashState, label->size, (BYTE *)label->buffer); // Add a null. SP108 is not very clear about when the 0 is needed but to // make this like the previous version that did not add an 0x00 after // a null-terminated string, this version will only add a null byte // if the label parameter did not end in a null byte, or if no label // is present. if((label == NULL) || (label->size == 0) || (label->buffer[label->size - 1] != 0)) CryptDigestUpdateInt(&hState.hashState, 1, 0); // Adding contextU if(contextU != NULL) HASH_DATA(&hState.hashState, contextU->size, contextU->buffer); // Adding contextV if(contextV != NULL) HASH_DATA(&hState.hashState, contextV->size, contextV->buffer); // Adding size in bits CryptDigestUpdateInt(&hState.hashState, 4, sizeInBits); // Complete and put the data in the buffer CryptHmacEnd(&hState, bytes, stream); stream = &stream[digestSize]; } // Masking in the KDF is disabled. If the calling function wants something // less than even number of bytes, then the caller should do the masking // because there is no universal way to do it here if(counterInOut != NULL) *counterInOut = counter; return generated; } //*** CryptKDFe() // This function implements KDFe() as defined in TPM specification part 1. // // This function returns the number of bytes generated which may be zero. // // The 'Z' and 'keyStream' pointers are not allowed to be NULL. The other // pointer values may be NULL. The value of 'sizeInBits' must be no larger // than (2^18)-1 = 256K bits (32385 bytes). // Any error in the processing of this command is considered fatal. // Return Type: UINT16 // 0 hash algorithm is not supported or is TPM_ALG_NULL // > 0 the number of bytes in the 'keyStream' buffer // LIB_EXPORT UINT16 CryptKDFe( TPM_ALG_ID hashAlg, // IN: hash algorithm used in HMAC TPM2B *Z, // IN: Z const TPM2B *label, // IN: a label value for the KDF TPM2B *partyUInfo, // IN: PartyUInfo TPM2B *partyVInfo, // IN: PartyVInfo UINT32 sizeInBits, // IN: size of generated key in bits BYTE *keyStream // OUT: key buffer ) { HASH_STATE hashState; PHASH_DEF hashDef = CryptGetHashDef(hashAlg); UINT32 counter = 0; // counter value UINT16 hLen; BYTE *stream = keyStream; INT16 bytes; // number of bytes to generate pAssert(keyStream != NULL && Z != NULL && ((sizeInBits + 7) / 8) < INT16_MAX); // hLen = hashDef->digestSize; bytes = (INT16)((sizeInBits + 7) / 8); if(hashAlg == TPM_ALG_NULL || bytes == 0) return 0; // Generate required bytes //The inner loop of that KDF uses: // Hash[i] := H(counter | Z | OtherInfo) (5) // Where: // Hash[i] the hash generated on the i-th iteration of the loop. // H() an approved hash function // counter a 32-bit counter that is initialized to 1 and incremented // on each iteration // Z the X coordinate of the product of a public ECC key and a // different private ECC key. // OtherInfo a collection of qualifying data for the KDF defined below. // In this specification, OtherInfo will be constructed by: // OtherInfo := Use | PartyUInfo | PartyVInfo for(; bytes > 0; stream = &stream[hLen], bytes = bytes - hLen) { if(bytes < hLen) hLen = bytes; counter++; // Do the hash CryptHashStart(&hashState, hashAlg); // Add counter CryptDigestUpdateInt(&hashState, 4, counter); // Add Z if(Z != NULL) CryptDigestUpdate2B(&hashState, Z); // Add label if(label != NULL) CryptDigestUpdate2B(&hashState, label); // Add a null. SP108 is not very clear about when the 0 is needed but to // make this like the previous version that did not add an 0x00 after // a null-terminated string, this version will only add a null byte // if the label parameter did not end in a null byte, or if no label // is present. if((label == NULL) || (label->size == 0) || (label->buffer[label->size - 1] != 0)) CryptDigestUpdateInt(&hashState, 1, 0); // Add PartyUInfo if(partyUInfo != NULL) CryptDigestUpdate2B(&hashState, partyUInfo); // Add PartyVInfo if(partyVInfo != NULL) CryptDigestUpdate2B(&hashState, partyVInfo); // Compute Hash. hLen was changed to be the smaller of bytes or hLen // at the start of each iteration. CryptHashEnd(&hashState, hLen, stream); } // Mask off bits if the required bits is not a multiple of byte size if((sizeInBits % 8) != 0) keyStream[0] &= ((1 << (sizeInBits % 8)) - 1); return (UINT16)((sizeInBits + 7) / 8); }go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptPrime.c000066400000000000000000000330721510276467000264030ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Introduction // This file contains the code for prime validation. #include "Tpm.h" #include "CryptPrime_fp.h" //#define CPRI_PRIME //#include "PrimeTable.h" #include "CryptPrimeSieve_fp.h" extern const uint32_t s_LastPrimeInTable; extern const uint32_t s_PrimeTableSize; extern const uint32_t s_PrimesInTable; extern const unsigned char s_PrimeTable[]; extern bigConst s_CompositeOfSmallPrimes; //** Functions //*** Root2() // This finds ceil(sqrt(n)) to use as a stopping point for searching the prime // table. static uint32_t Root2( uint32_t n ) { int32_t last = (int32_t)(n >> 2); int32_t next = (int32_t)(n >> 1); int32_t diff; int32_t stop = 10; // // get a starting point for(; next != 0; last >>= 1, next >>= 2); last++; do { next = (last + (n / last)) >> 1; diff = next - last; last = next; if(stop-- == 0) FAIL(FATAL_ERROR_INTERNAL); } while(diff < -1 || diff > 1); if((n / next) > (unsigned)next) next++; pAssert(next != 0); pAssert(((n / next) <= (unsigned)next) && (n / (next + 1) < (unsigned)next)); return next; } //*** IsPrimeInt() // This will do a test of a word of up to 32-bits in size. BOOL IsPrimeInt( uint32_t n ) { uint32_t i; uint32_t stop; if(n < 3 || ((n & 1) == 0)) return (n == 2); if(n <= s_LastPrimeInTable) { n >>= 1; return ((s_PrimeTable[n >> 3] >> (n & 7)) & 1); } // Need to search stop = Root2(n) >> 1; // starting at 1 is equivalent to staring at (1 << 1) + 1 = 3 for(i = 1; i < stop; i++) { if((s_PrimeTable[i >> 3] >> (i & 7)) & 1) // see if this prime evenly divides the number if((n % ((i << 1) + 1)) == 0) return FALSE; } return TRUE; } //*** BnIsProbablyPrime() // This function is used when the key sieve is not implemented. This function // Will try to eliminate some of the obvious things before going on // to perform MillerRabin as a final verification of primeness. BOOL BnIsProbablyPrime( bigNum prime, // IN: RAND_STATE *rand // IN: the random state just // in case Miller-Rabin is required ) { #if RADIX_BITS > 32 if(BnUnsignedCmpWord(prime, UINT32_MAX) <= 0) #else if(BnGetSize(prime) == 1) #endif return IsPrimeInt((uint32_t)prime->d[0]); if(BnIsEven(prime)) return FALSE; if(BnUnsignedCmpWord(prime, s_LastPrimeInTable) <= 0) { crypt_uword_t temp = prime->d[0] >> 1; return ((s_PrimeTable[temp >> 3] >> (temp & 7)) & 1); } { BN_VAR(n, LARGEST_NUMBER_BITS); BnGcd(n, prime, s_CompositeOfSmallPrimes); if(!BnEqualWord(n, 1)) return FALSE; } return MillerRabin(prime, rand); } //*** MillerRabinRounds() // Function returns the number of Miller-Rabin rounds necessary to give an // error probability equal to the security strength of the prime. These values // are from FIPS 186-3. UINT32 MillerRabinRounds( UINT32 bits // IN: Number of bits in the RSA prime ) { if(bits < 511) return 8; // don't really expect this if(bits < 1536) return 5; // for 512 and 1K primes return 4; // for 3K public modulus and greater } //*** MillerRabin() // This function performs a Miller-Rabin test from FIPS 186-3. It does // 'iterations' trials on the number. In all likelihood, if the number // is not prime, the first test fails. // Return Type: BOOL // TRUE(1) probably prime // FALSE(0) composite BOOL MillerRabin( bigNum bnW, RAND_STATE *rand ) { BN_MAX(bnWm1); BN_PRIME(bnM); BN_PRIME(bnB); BN_PRIME(bnZ); BOOL ret = FALSE; // Assumed composite for easy exit unsigned int a; unsigned int j; int wLen; int i; int iterations = MillerRabinRounds(BnSizeInBits(bnW)); // INSTRUMENT_INC(MillerRabinTrials[PrimeIndex]); pAssert(bnW->size > 1); // Let a be the largest integer such that 2^a divides w1. BnSubWord(bnWm1, bnW, 1); pAssert(bnWm1->size != 0); // Since w is odd (w-1) is even so start at bit number 1 rather than 0 // Get the number of bits in bnWm1 so that it doesn't have to be recomputed // on each iteration. i = (int)(bnWm1->size * RADIX_BITS); // Now find the largest power of 2 that divides w1 for(a = 1; (a < (bnWm1->size * RADIX_BITS)) && (BnTestBit(bnWm1, a) == 0); a++); // 2. m = (w1) / 2^a BnShiftRight(bnM, bnWm1, a); // 3. wlen = len (w). wLen = BnSizeInBits(bnW); // 4. For i = 1 to iterations do for(i = 0; i < iterations; i++) { // 4.1 Obtain a string b of wlen bits from an RBG. // Ensure that 1 < b < w1. // 4.2 If ((b <= 1) or (b >= w1)), then go to step 4.1. while(BnGetRandomBits(bnB, wLen, rand) && ((BnUnsignedCmpWord(bnB, 1) <= 0) || (BnUnsignedCmp(bnB, bnWm1) >= 0))); if(g_inFailureMode) return FALSE; // 4.3 z = b^m mod w. // if ModExp fails, then say this is not // prime and bail out. BnModExp(bnZ, bnB, bnM, bnW); // 4.4 If ((z == 1) or (z = w == 1)), then go to step 4.7. if((BnUnsignedCmpWord(bnZ, 1) == 0) || (BnUnsignedCmp(bnZ, bnWm1) == 0)) goto step4point7; // 4.5 For j = 1 to a 1 do. for(j = 1; j < a; j++) { // 4.5.1 z = z^2 mod w. BnModMult(bnZ, bnZ, bnZ, bnW); // 4.5.2 If (z = w1), then go to step 4.7. if(BnUnsignedCmp(bnZ, bnWm1) == 0) goto step4point7; // 4.5.3 If (z = 1), then go to step 4.6. if(BnEqualWord(bnZ, 1)) goto step4point6; } // 4.6 Return COMPOSITE. step4point6: INSTRUMENT_INC(failedAtIteration[i]); goto end; // 4.7 Continue. Comment: Increment i for the do-loop in step 4. step4point7: continue; } // 5. Return PROBABLY PRIME ret = TRUE; end: return ret; } #if ALG_RSA //*** RsaCheckPrime() // This will check to see if a number is prime and appropriate for an // RSA prime. // // This has different functionality based on whether we are using key // sieving or not. If not, the number checked to see if it is divisible by // the public exponent, then the number is adjusted either up or down // in order to make it a better candidate. It is then checked for being // probably prime. // // If sieving is used, the number is used to root a sieving process. // TPM_RC RsaCheckPrime( bigNum prime, UINT32 exponent, RAND_STATE *rand ) { #if !RSA_KEY_SIEVE TPM_RC retVal = TPM_RC_SUCCESS; UINT32 modE = BnModWord(prime, exponent); NOT_REFERENCED(rand); if(modE == 0) // evenly divisible so add two keeping the number odd BnAddWord(prime, prime, 2); // want 0 != (p - 1) mod e // which is 1 != p mod e else if(modE == 1) // subtract 2 keeping number odd and insuring that // 0 != (p - 1) mod e BnSubWord(prime, prime, 2); if(BnIsProbablyPrime(prime, rand) == 0) ERROR_RETURN(g_inFailureMode ? TPM_RC_FAILURE : TPM_RC_VALUE); Exit: return retVal; #else return PrimeSelectWithSieve(prime, exponent, rand); #endif } //*** AdjustPrimeCandiate() // For this math, we assume that the RSA numbers are fixed-point numbers with // the decimal point to the "left" of the most significant bit. This approach helps // make it clear what is happening with the MSb of the values. // The two RSA primes have to be large enough so that their product will be a number // with the necessary number of significant bits. For example, we want to be able // to multiply two 1024-bit numbers to produce a number with 2028 significant bits. If // we accept any 1024-bit prime that has its MSb set, then it is possible to produce a // product that does not have the MSb SET. For example, if we use tiny keys of 16 bits // and have two 8-bit 'primes' of 0x80, then the public key would be 0x4000 which is // only 15-bits. So, what we need to do is made sure that each of the primes is large // enough so that the product of the primes is twice as large as each prime. A little // arithmetic will show that the only way to do this is to make sure that each of the // primes is no less than root(2)/2. That's what this functions does. // This function adjusts the candidate prime so that it is odd and >= root(2)/2. // This allows the product of these two numbers to be .5, which, in fixed point // notation means that the most significant bit is 1. // For this routine, the root(2)/2 (0.7071067811865475) approximated with 0xB505 // which is, in fixed point, 0.7071075439453125 or an error of 0.000108%. Just setting // the upper two bits would give a value > 0.75 which is an error of > 6%. Given the // amount of time all the other computations take, reducing the error is not much of // a cost, but it isn't totally required either. // // This function can be replaced with a function that just sets the two most // significant bits of each prime candidate without introducing any computational // issues. // // LIB_EXPORT void RsaAdjustPrimeCandidate( bigNum prime ) { UINT32 msw; UINT32 adjusted; // If the radix is 32, the compiler should turn this into a simple assignment msw = prime->d[prime->size - 1] >> ((RADIX_BITS == 64) ? 32 : 0); // Multiplying 0xff...f by 0x4AFB gives 0xff..f - 0xB5050...0 adjusted = (msw >> 16) * 0x4AFB; adjusted += ((msw & 0xFFFF) * 0x4AFB) >> 16; adjusted += 0xB5050000UL; #if RADIX_BITS == 64 // Save the low-order 32 bits prime->d[prime->size - 1] &= 0xFFFFFFFFUL; // replace the upper 32-bits prime->d[prime->size -1] |= ((crypt_uword_t)adjusted << 32); #else prime->d[prime->size - 1] = (crypt_uword_t)adjusted; #endif // make sure the number is odd prime->d[0] |= 1; } //***BnGeneratePrimeForRSA() // Function to generate a prime of the desired size with the proper attributes // for an RSA prime. TPM_RC BnGeneratePrimeForRSA( bigNum prime, // IN/OUT: points to the BN that will get the // random value UINT32 bits, // IN: number of bits to get UINT32 exponent, // IN: the exponent RAND_STATE *rand // IN: the random state ) { BOOL found = FALSE; // // Make sure that the prime is large enough pAssert(prime->allocated >= BITS_TO_CRYPT_WORDS(bits)); // Only try to handle specific sizes of keys in order to save overhead pAssert((bits % 32) == 0); prime->size = BITS_TO_CRYPT_WORDS(bits); while(!found) { // The change below is to make sure that all keys that are generated from the same // seed value will be the same regardless of the endianess or word size of the CPU. // DRBG_Generate(rand, (BYTE *)prime->d, (UINT16)BITS_TO_BYTES(bits));// old // if(g_inFailureMode) // old if(!BnGetRandomBits(prime, bits, rand)) // new return TPM_RC_FAILURE; RsaAdjustPrimeCandidate(prime); found = RsaCheckPrime(prime, exponent, rand) == TPM_RC_SUCCESS; } return TPM_RC_SUCCESS; } #endif // ALG_RSAgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptPrimeSieve.c000066400000000000000000000535521510276467000274040ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Includes and defines #include "Tpm.h" #if RSA_KEY_SIEVE #include "CryptPrimeSieve_fp.h" // This determines the number of bits in the largest sieve field. #define MAX_FIELD_SIZE 2048 extern const uint32_t s_LastPrimeInTable; extern const uint32_t s_PrimeTableSize; extern const uint32_t s_PrimesInTable; extern const unsigned char s_PrimeTable[]; // This table is set of prime markers. Each entry is the prime value // for the ((n + 1) * 1024) prime. That is, the entry in s_PrimeMarkers[1] // is the value for the 2,048th prime. This is used in the PrimeSieve // to adjust the limit for the prime search. When processing smaller // prime candidates, fewer primes are checked directly before going to // Miller-Rabin. As the prime grows, it is worth spending more time eliminating // primes as, a) the density is lower, and b) the cost of Miller-Rabin is // higher. const uint32_t s_PrimeMarkersCount = 6; const uint32_t s_PrimeMarkers[] = { 8167, 17881, 28183, 38891, 49871, 60961 }; uint32_t primeLimit; //** Functions //*** RsaAdjustPrimeLimit() // This used during the sieve process. The iterator for getting the // next prime (RsaNextPrime()) will return primes until it hits the // limit (primeLimit) set up by this function. This causes the sieve // process to stop when an appropriate number of primes have been // sieved. LIB_EXPORT void RsaAdjustPrimeLimit( uint32_t requestedPrimes ) { if(requestedPrimes == 0 || requestedPrimes > s_PrimesInTable) requestedPrimes = s_PrimesInTable; requestedPrimes = (requestedPrimes - 1) / 1024; if(requestedPrimes < s_PrimeMarkersCount) primeLimit = s_PrimeMarkers[requestedPrimes]; else primeLimit = s_LastPrimeInTable; primeLimit >>= 1; } //*** RsaNextPrime() // This the iterator used during the sieve process. The input is the // last prime returned (or any starting point) and the output is the // next higher prime. The function returns 0 when the primeLimit is // reached. LIB_EXPORT uint32_t RsaNextPrime( uint32_t lastPrime ) { if(lastPrime == 0) return 0; lastPrime >>= 1; for(lastPrime += 1; lastPrime <= primeLimit; lastPrime++) { if(((s_PrimeTable[lastPrime >> 3] >> (lastPrime & 0x7)) & 1) == 1) return ((lastPrime << 1) + 1); } return 0; } // This table contains a previously sieved table. It has // the bits for 3, 5, and 7 removed. Because of the // factors, it needs to be aligned to 105 and has // a repeat of 105. const BYTE seedValues[] = { 0x16, 0x29, 0xcb, 0xa4, 0x65, 0xda, 0x30, 0x6c, 0x99, 0x96, 0x4c, 0x53, 0xa2, 0x2d, 0x52, 0x96, 0x49, 0xcb, 0xb4, 0x61, 0xd8, 0x32, 0x2d, 0x99, 0xa6, 0x44, 0x5b, 0xa4, 0x2c, 0x93, 0x96, 0x69, 0xc3, 0xb0, 0x65, 0x5a, 0x32, 0x4d, 0x89, 0xb6, 0x48, 0x59, 0x26, 0x2d, 0xd3, 0x86, 0x61, 0xcb, 0xb4, 0x64, 0x9a, 0x12, 0x6d, 0x91, 0xb2, 0x4c, 0x5a, 0xa6, 0x0d, 0xc3, 0x96, 0x69, 0xc9, 0x34, 0x25, 0xda, 0x22, 0x65, 0x99, 0xb4, 0x4c, 0x1b, 0x86, 0x2d, 0xd3, 0x92, 0x69, 0x4a, 0xb4, 0x45, 0xca, 0x32, 0x69, 0x99, 0x36, 0x0c, 0x5b, 0xa6, 0x25, 0xd3, 0x94, 0x68, 0x8b, 0x94, 0x65, 0xd2, 0x32, 0x6d, 0x18, 0xb6, 0x4c, 0x4b, 0xa6, 0x29, 0xd1}; #define USE_NIBBLE #ifndef USE_NIBBLE static const BYTE bitsInByte[256] = { 0x00, 0x01, 0x01, 0x02, 0x01, 0x02, 0x02, 0x03, 0x01, 0x02, 0x02, 0x03, 0x02, 0x03, 0x03, 0x04, 0x01, 0x02, 0x02, 0x03, 0x02, 0x03, 0x03, 0x04, 0x02, 0x03, 0x03, 0x04, 0x03, 0x04, 0x04, 0x05, 0x01, 0x02, 0x02, 0x03, 0x02, 0x03, 0x03, 0x04, 0x02, 0x03, 0x03, 0x04, 0x03, 0x04, 0x04, 0x05, 0x02, 0x03, 0x03, 0x04, 0x03, 0x04, 0x04, 0x05, 0x03, 0x04, 0x04, 0x05, 0x04, 0x05, 0x05, 0x06, 0x01, 0x02, 0x02, 0x03, 0x02, 0x03, 0x03, 0x04, 0x02, 0x03, 0x03, 0x04, 0x03, 0x04, 0x04, 0x05, 0x02, 0x03, 0x03, 0x04, 0x03, 0x04, 0x04, 0x05, 0x03, 0x04, 0x04, 0x05, 0x04, 0x05, 0x05, 0x06, 0x02, 0x03, 0x03, 0x04, 0x03, 0x04, 0x04, 0x05, 0x03, 0x04, 0x04, 0x05, 0x04, 0x05, 0x05, 0x06, 0x03, 0x04, 0x04, 0x05, 0x04, 0x05, 0x05, 0x06, 0x04, 0x05, 0x05, 0x06, 0x05, 0x06, 0x06, 0x07, 0x01, 0x02, 0x02, 0x03, 0x02, 0x03, 0x03, 0x04, 0x02, 0x03, 0x03, 0x04, 0x03, 0x04, 0x04, 0x05, 0x02, 0x03, 0x03, 0x04, 0x03, 0x04, 0x04, 0x05, 0x03, 0x04, 0x04, 0x05, 0x04, 0x05, 0x05, 0x06, 0x02, 0x03, 0x03, 0x04, 0x03, 0x04, 0x04, 0x05, 0x03, 0x04, 0x04, 0x05, 0x04, 0x05, 0x05, 0x06, 0x03, 0x04, 0x04, 0x05, 0x04, 0x05, 0x05, 0x06, 0x04, 0x05, 0x05, 0x06, 0x05, 0x06, 0x06, 0x07, 0x02, 0x03, 0x03, 0x04, 0x03, 0x04, 0x04, 0x05, 0x03, 0x04, 0x04, 0x05, 0x04, 0x05, 0x05, 0x06, 0x03, 0x04, 0x04, 0x05, 0x04, 0x05, 0x05, 0x06, 0x04, 0x05, 0x05, 0x06, 0x05, 0x06, 0x06, 0x07, 0x03, 0x04, 0x04, 0x05, 0x04, 0x05, 0x05, 0x06, 0x04, 0x05, 0x05, 0x06, 0x05, 0x06, 0x06, 0x07, 0x04, 0x05, 0x05, 0x06, 0x05, 0x06, 0x06, 0x07, 0x05, 0x06, 0x06, 0x07, 0x06, 0x07, 0x07, 0x08 }; #define BitsInByte(x) bitsInByte[(unsigned char)x] #else const BYTE bitsInNibble[16] = { 0x00, 0x01, 0x01, 0x02, 0x01, 0x02, 0x02, 0x03, 0x01, 0x02, 0x02, 0x03, 0x02, 0x03, 0x03, 0x04}; #define BitsInByte(x) \ (bitsInNibble[(unsigned char)(x) & 0xf] \ + bitsInNibble[((unsigned char)(x) >> 4) & 0xf]) #endif //*** BitsInArry() // This function counts the number of bits set in an array of bytes. static int BitsInArray( const unsigned char *a, // IN: A pointer to an array of bytes unsigned int aSize // IN: the number of bytes to sum ) { int j = 0; for(; aSize; a++, aSize--) j += BitsInByte(*a); return j; } //*** FindNthSetBit() // This function finds the nth SET bit in a bit array. The 'n' parameter is // between 1 and the number of bits in the array (always a multiple of 8). // If called when the array does not have n bits set, it will return -1 // Return Type: unsigned int // <0 no bit is set or no bit with the requested number is set // >=0 the number of the bit in the array that is the nth set LIB_EXPORT int FindNthSetBit( const UINT16 aSize, // IN: the size of the array to check const BYTE *a, // IN: the array to check const UINT32 n // IN, the number of the SET bit ) { UINT16 i; int retValue; UINT32 sum = 0; BYTE sel; //find the bit for(i = 0; (i < (int)aSize) && (sum < n); i++) sum += BitsInByte(a[i]); i--; // The chosen bit is in the byte that was just accessed // Compute the offset to the start of that byte retValue = i * 8 - 1; sel = a[i]; // Subtract the bits in the last byte added. sum -= BitsInByte(sel); // Now process the byte, one bit at a time. for(; (sel != 0) && (sum != n); retValue++, sel = sel >> 1) sum += (sel & 1) != 0; return (sum == n) ? retValue : -1; } typedef struct { UINT16 prime; UINT16 count; } SIEVE_MARKS; const SIEVE_MARKS sieveMarks[5] = { {31, 7}, {73, 5}, {241, 4}, {1621, 3}, {UINT16_MAX, 2}}; //*** PrimeSieve() // This function does a prime sieve over the input 'field' which has as its // starting address the value in bnN. Since this initializes the Sieve // using a precomputed field with the bits associated with 3, 5 and 7 already // turned off, the value of pnN may need to be adjusted by a few counts to allow // the precomputed field to be used without modification. // // To get better performance, one could address the issue of developing the // composite numbers. When the size of the prime gets large, the time for doing // the divisions goes up, noticeably. It could be better to develop larger composite // numbers even if they need to be bigNum's themselves. The object would be to // reduce the number of times that the large prime is divided into a few large // divides and then use smaller divides to get to the final 16 bit (or smaller) // remainders. LIB_EXPORT UINT32 PrimeSieve( bigNum bnN, // IN/OUT: number to sieve UINT32 fieldSize, // IN: size of the field area in bytes BYTE *field // IN: field ) { UINT32 i; UINT32 j; UINT32 fieldBits = fieldSize * 8; UINT32 r; BYTE *pField; INT32 iter; UINT32 adjust; UINT32 mark = 0; UINT32 count = sieveMarks[0].count; UINT32 stop = sieveMarks[0].prime; UINT32 composite; UINT32 pList[8]; UINT32 next; pAssert(field != NULL && bnN != NULL); // If the remainder is odd, then subtracting the value will give an even number, // but we want an odd number, so subtract the 105+rem. Otherwise, just subtract // the even remainder. adjust = (UINT32)BnModWord(bnN, 105); if(adjust & 1) adjust += 105; // Adjust the input number so that it points to the first number in a // aligned field. BnSubWord(bnN, bnN, adjust); // pAssert(BnModWord(bnN, 105) == 0); pField = field; for(i = fieldSize; i >= sizeof(seedValues); pField += sizeof(seedValues), i -= sizeof(seedValues)) { memcpy(pField, seedValues, sizeof(seedValues)); } if(i != 0) memcpy(pField, seedValues, i); // Cycle through the primes, clearing bits // Have already done 3, 5, and 7 iter = 7; #define NEXT_PRIME(iter) (iter = RsaNextPrime(iter)) // Get the next N primes where N is determined by the mark in the sieveMarks while((composite = NEXT_PRIME(iter)) != 0) { next = 0; i = count; pList[i--] = composite; for(; i > 0; i--) { next = NEXT_PRIME(iter); pList[i] = next; if(next != 0) composite *= next; } // Get the remainder when dividing the base field address // by the composite composite = (UINT32)BnModWord(bnN, composite); // 'composite' is divisible by the composite components. for each of the // composite components, divide 'composite'. That remainder (r) is used to // pick a starting point for clearing the array. The stride is equal to the // composite component. Note, the field only contains odd numbers. If the // field were expanded to contain all numbers, then half of the bits would // have already been cleared. We can save the trouble of clearing them a // second time by having a stride of 2*next. Or we can take all of the even // numbers out of the field and use a stride of 'next' for(i = count; i > 0; i--) { next = pList[i]; if(next == 0) goto done; r = composite % next; // these computations deal with the fact that we have picked a field-sized // range that is aligned to a 105 count boundary. The problem is, this field // only contains odd numbers. If we take our prime guess and walk through all // the numbers using that prime as the 'stride', then every other 'stride' is // going to be an even number. So, we are actually counting by 2 * the stride // We want the count to start on an odd number at the start of our field. That // is, we want to assume that we have counted up to the edge of the field by // the 'stride' and now we are going to start flipping bits in the field as we // continue to count up by 'stride'. If we take the base of our field and // divide by the stride, we find out how much we find out how short the last // count was from reaching the edge of the bit field. Say we get a quotient of // 3 and remainder of 1. This means that after 3 strides, we are 1 short of // the start of the field and the next stride will either land within the // field or step completely over it. The confounding factor is that our field // only contains odd numbers and our stride is actually 2 * stride. If the // quoitent is even, then that means that when we add 2 * stride, we are going // to hit another even number. So, we have to know if we need to back off // by 1 stride before we start couting by 2 * stride. // We can tell from the remainder whether we are on an even or odd // stride when we hit the beginning of the table. If we are on an odd stride // (r & 1), we would start half a stride in (next - r)/2. If we are on an // even stride, we need 0.5 strides (next - r/2) because the table only has // odd numbers. If the remainder happens to be zero, then the start of the // table is on stride so no adjustment is necessary. if(r & 1) j = (next - r) / 2; else if(r == 0) j = 0; else j = next - (r / 2); for(; j < fieldBits; j += next) ClearBit(j, field, fieldSize); } if(next >= stop) { mark++; count = sieveMarks[mark].count; stop = sieveMarks[mark].prime; } } done: INSTRUMENT_INC(totalFieldsSieved[PrimeIndex]); i = BitsInArray(field, fieldSize); INSTRUMENT_ADD(bitsInFieldAfterSieve[PrimeIndex], i); INSTRUMENT_ADD(emptyFieldsSieved[PrimeIndex], (i == 0)); return i; } #ifdef SIEVE_DEBUG static uint32_t fieldSize = 210; //***SetFieldSize() // Function to set the field size used for prime generation. Used for tuning. LIB_EXPORT uint32_t SetFieldSize( uint32_t newFieldSize ) { if(newFieldSize == 0 || newFieldSize > MAX_FIELD_SIZE) fieldSize = MAX_FIELD_SIZE; else fieldSize = newFieldSize; return fieldSize; } #endif // SIEVE_DEBUG //*** PrimeSelectWithSieve() // This function will sieve the field around the input prime candidate. If the // sieve field is not empty, one of the one bits in the field is chosen for testing // with Miller-Rabin. If the value is prime, 'pnP' is updated with this value // and the function returns success. If this value is not prime, another // pseudo-random candidate is chosen and tested. This process repeats until // all values in the field have been checked. If all bits in the field have // been checked and none is prime, the function returns FALSE and a new random // value needs to be chosen. // Return Type: TPM_RC // TPM_RC_FAILURE TPM in failure mode, probably due to entropy source // TPM_RC_SUCCESS candidate is probably prime // TPM_RC_NO_RESULT candidate is not prime and couldn't find and alternative // in the field LIB_EXPORT TPM_RC PrimeSelectWithSieve( bigNum candidate, // IN/OUT: The candidate to filter UINT32 e, // IN: the exponent RAND_STATE *rand // IN: the random number generator state ) { BYTE field[MAX_FIELD_SIZE]; UINT32 first; UINT32 ones; INT32 chosen; BN_PRIME(test); UINT32 modE; #ifndef SIEVE_DEBUG UINT32 fieldSize = MAX_FIELD_SIZE; #endif UINT32 primeSize; // // Adjust the field size and prime table list to fit the size of the prime // being tested. This is done to try to optimize the trade-off between the // dividing done for sieving and the time for Miller-Rabin. When the size // of the prime is large, the cost of Miller-Rabin is fairly high, as is the // cost of the sieving. However, the time for Miller-Rabin goes up considerably // faster than the cost of dividing by a number of primes. primeSize = BnSizeInBits(candidate); if(primeSize <= 512) { RsaAdjustPrimeLimit(1024); // Use just the first 1024 primes } else if(primeSize <= 1024) { RsaAdjustPrimeLimit(4096); // Use just the first 4K primes } else { RsaAdjustPrimeLimit(0); // Use all available } // Save the low-order word to use as a search generator and make sure that // it has some interesting range to it first = (UINT32)(candidate->d[0] | 0x80000000); // Sieve the field ones = PrimeSieve(candidate, fieldSize, field); pAssert(ones > 0 && ones < (fieldSize * 8)); for(; ones > 0; ones--) { // Decide which bit to look at and find its offset chosen = FindNthSetBit((UINT16)fieldSize, field, ((first % ones) + 1)); if((chosen < 0) || (chosen >= (INT32)(fieldSize * 8))) FAIL(FATAL_ERROR_INTERNAL); // Set this as the trial prime BnAddWord(test, candidate, (crypt_uword_t)(chosen * 2)); // The exponent might not have been one of the tested primes so // make sure that it isn't divisible and make sure that 0 != (p-1) mod e // Note: This is the same as 1 != p mod e modE = (UINT32)BnModWord(test, e); if((modE != 0) && (modE != 1) && MillerRabin(test, rand)) { BnCopy(candidate, test); return TPM_RC_SUCCESS; } // Clear the bit just tested ClearBit(chosen, field, fieldSize); } // Ran out of bits and couldn't find a prime in this field INSTRUMENT_INC(noPrimeFields[PrimeIndex]); return (g_inFailureMode ? TPM_RC_FAILURE : TPM_RC_NO_RESULT); } #if RSA_INSTRUMENT static char a[256]; //*** PrintTuple() char * PrintTuple( UINT32 *i ) { sprintf(a, "{%d, %d, %d}", i[0], i[1], i[2]); return a; } #define CLEAR_VALUE(x) memset(x, 0, sizeof(x)) //*** RsaSimulationEnd() void RsaSimulationEnd( void ) { int i; UINT32 averages[3]; UINT32 nonFirst = 0; if((PrimeCounts[0] + PrimeCounts[1] + PrimeCounts[2]) != 0) { printf("Primes generated = %s\n", PrintTuple(PrimeCounts)); printf("Fields sieved = %s\n", PrintTuple(totalFieldsSieved)); printf("Fields with no primes = %s\n", PrintTuple(noPrimeFields)); printf("Primes checked with Miller-Rabin = %s\n", PrintTuple(MillerRabinTrials)); for(i = 0; i < 3; i++) averages[i] = (totalFieldsSieved[i] != 0 ? bitsInFieldAfterSieve[i] / totalFieldsSieved[i] : 0); printf("Average candidates in field %s\n", PrintTuple(averages)); for(i = 1; i < (sizeof(failedAtIteration) / sizeof(failedAtIteration[0])); i++) nonFirst += failedAtIteration[i]; printf("Miller-Rabin failures not in first round = %d\n", nonFirst); } CLEAR_VALUE(PrimeCounts); CLEAR_VALUE(totalFieldsSieved); CLEAR_VALUE(noPrimeFields); CLEAR_VALUE(MillerRabinTrials); CLEAR_VALUE(bitsInFieldAfterSieve); } //*** GetSieveStats() LIB_EXPORT void GetSieveStats( uint32_t *trials, uint32_t *emptyFields, uint32_t *averageBits ) { uint32_t totalBits; uint32_t fields; *trials = MillerRabinTrials[0] + MillerRabinTrials[1] + MillerRabinTrials[2]; *emptyFields = noPrimeFields[0] + noPrimeFields[1] + noPrimeFields[2]; fields = totalFieldsSieved[0] + totalFieldsSieved[1] + totalFieldsSieved[2]; totalBits = bitsInFieldAfterSieve[0] + bitsInFieldAfterSieve[1] + bitsInFieldAfterSieve[2]; if(fields != 0) *averageBits = totalBits / fields; else *averageBits = 0; CLEAR_VALUE(PrimeCounts); CLEAR_VALUE(totalFieldsSieved); CLEAR_VALUE(noPrimeFields); CLEAR_VALUE(MillerRabinTrials); CLEAR_VALUE(bitsInFieldAfterSieve); } #endif #endif // RSA_KEY_SIEVE #if !RSA_INSTRUMENT //*** RsaSimulationEnd() // Stub for call when not doing instrumentation. void RsaSimulationEnd( void ) { return; } #endifgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptRand.c000066400000000000000000001047541510276467000262210ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Introduction // This file implements a DRBG with a behavior according to SP800-90A using // a block cypher. This is also compliant to ISO/IEC 18031:2011(E) C.3.2. // // A state structure is created for use by TPM.lib and functions // within the CryptoEngine my use their own state structures when they need to have // deterministic values. // // A debug mode is available that allows the random numbers generated for TPM.lib // to be repeated during runs of the simulator. The switch for it is in // TpmBuildSwitches.h. It is USE_DEBUG_RNG. // // // This is the implementation layer of CTR DRGB mechanism as defined in SP800-90A // and the functions are organized as closely as practical to the organization in // SP800-90A. It is intended to be compiled as a separate module that is linked // with a secure application so that both reside inside the same boundary // [SP 800-90A 8.5]. The secure application in particular manages the accesses // protected storage for the state of the DRBG instantiations, and supplies the // implementation functions here with a valid pointer to the working state of the // given instantiations (as a DRBG_STATE structure). // // This DRBG mechanism implementation does not support prediction resistance. Thus // 'prediction_resistance_flag' is omitted from Instantiate_function(), // Reseed_function(), Generate_function() argument lists [SP 800-90A 9.1, 9.2, // 9.3], as well as from the working state data structure DRBG_STATE [SP 800-90A // 9.1]. // // This DRBG mechanism implementation always uses the highest security strength of // available in the block ciphers. Thus 'requested_security_strength' parameter is // omitted from Instantiate_function() and Generate_function() argument lists // [SP 800-90A 9.1, 9.2, 9.3], as well as from the working state data structure // DRBG_STATE [SP 800-90A 9.1]. // // Internal functions (ones without Crypt prefix) expect validated arguments and // therefore use assertions instead of runtime parameter checks and mostly return // void instead of a status value. #include "Tpm.h" // Pull in the test vector definitions and define the space #include "PRNG_TestVectors.h" const BYTE DRBG_NistTestVector_Entropy[] = {DRBG_TEST_INITIATE_ENTROPY}; const BYTE DRBG_NistTestVector_GeneratedInterm[] = {DRBG_TEST_GENERATED_INTERM}; const BYTE DRBG_NistTestVector_EntropyReseed[] = {DRBG_TEST_RESEED_ENTROPY}; const BYTE DRBG_NistTestVector_Generated[] = {DRBG_TEST_GENERATED}; //** Derivation Functions //*** Description // The functions in this section are used to reduce the personalization input values // to make them usable as input for reseeding and instantiation. The overall // behavior is intended to produce the same results as described in SP800-90A, // section 10.4.2 "Derivation Function Using a Block Cipher Algorithm // (Block_Cipher_df)." The code is broken into several subroutines to deal with the // fact that the data used for personalization may come in several separate blocks // such as a Template hash and a proof value and a primary seed. //*** Derivation Function Defines and Structures #define DF_COUNT (DRBG_KEY_SIZE_WORDS / DRBG_IV_SIZE_WORDS + 1) #if DRBG_KEY_SIZE_BITS != 128 && DRBG_KEY_SIZE_BITS != 256 # error "CryptRand.c only written for AES with 128- or 256-bit keys." #endif typedef struct { DRBG_KEY_SCHEDULE keySchedule; DRBG_IV iv[DF_COUNT]; DRBG_IV out1; DRBG_IV buf; int contents; } DF_STATE, *PDF_STATE; //*** DfCompute() // This function does the incremental update of the derivation function state. It // encrypts the 'iv' value and XOR's the results into each of the blocks of the // output. This is equivalent to processing all of input data for each output block. static void DfCompute( PDF_STATE dfState ) { int i; int iv; crypt_uword_t *pIv; crypt_uword_t temp[DRBG_IV_SIZE_WORDS] = {0}; // for(iv = 0; iv < DF_COUNT; iv++) { pIv = (crypt_uword_t *)&dfState->iv[iv].words[0]; for(i = 0; i < DRBG_IV_SIZE_WORDS; i++) { temp[i] ^= pIv[i] ^ dfState->buf.words[i]; } DRBG_ENCRYPT(&dfState->keySchedule, &temp, pIv); } for(i = 0; i < DRBG_IV_SIZE_WORDS; i++) dfState->buf.words[i] = 0; dfState->contents = 0; } //*** DfStart() // This initializes the output blocks with an encrypted counter value and // initializes the key schedule. static void DfStart( PDF_STATE dfState, uint32_t inputLength ) { BYTE init[8]; int i; UINT32 drbgSeedSize = sizeof(DRBG_SEED); const BYTE dfKey[DRBG_KEY_SIZE_BYTES] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f #if DRBG_KEY_SIZE_BYTES > 16 ,0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f #endif }; memset(dfState, 0, sizeof(DF_STATE)); DRBG_ENCRYPT_SETUP(&dfKey[0], DRBG_KEY_SIZE_BITS, &dfState->keySchedule); // Create the first chaining values for(i = 0; i < DF_COUNT; i++) ((BYTE *)&dfState->iv[i])[3] = (BYTE)i; DfCompute(dfState); // initialize the first 64 bits of the IV in a way that doesn't depend // on the size of the words used. UINT32_TO_BYTE_ARRAY(inputLength, init); UINT32_TO_BYTE_ARRAY(drbgSeedSize, &init[4]); memcpy(&dfState->iv[0], init, 8); dfState->contents = 4; } //*** DfUpdate() // This updates the state with the input data. A byte at a time is moved into the // state buffer until it is full and then that block is encrypted by DfCompute(). static void DfUpdate( PDF_STATE dfState, int size, const BYTE *data ) { while(size > 0) { int toFill = DRBG_IV_SIZE_BYTES - dfState->contents; if(size < toFill) toFill = size; // Copy as many bytes as there are or until the state buffer is full memcpy(&dfState->buf.bytes[dfState->contents], data, toFill); // Reduce the size left by the amount copied size -= toFill; // Advance the data pointer by the amount copied data += toFill; // increase the buffer contents count by the amount copied dfState->contents += toFill; pAssert(dfState->contents <= DRBG_IV_SIZE_BYTES); // If we have a full buffer, do a computation pass. if(dfState->contents == DRBG_IV_SIZE_BYTES) DfCompute(dfState); } } //*** DfEnd() // This function is called to get the result of the derivation function computation. // If the buffer is not full, it is padded with zeros. The output buffer is // structured to be the same as a DRBG_SEED value so that the function can return // a pointer to the DRBG_SEED value in the DF_STATE structure. static DRBG_SEED * DfEnd( PDF_STATE dfState ) { // Since DfCompute is always called when a buffer is full, there is always // space in the buffer for the terminator dfState->buf.bytes[dfState->contents++] = 0x80; // If the buffer is not full, pad with zeros while(dfState->contents < DRBG_IV_SIZE_BYTES) dfState->buf.bytes[dfState->contents++] = 0; // Do a final state update DfCompute(dfState); return (DRBG_SEED *)&dfState->iv; } //*** DfBuffer() // Function to take an input buffer and do the derivation function to produce a // DRBG_SEED value that can be used in DRBG_Reseed(); static DRBG_SEED * DfBuffer( DRBG_SEED *output, // OUT: receives the result int size, // IN: size of the buffer to add BYTE *buf // IN: address of the buffer ) { DF_STATE dfState; if(size == 0 || buf == NULL) return NULL; // Initialize the derivation function DfStart(&dfState, size); DfUpdate(&dfState, size, buf); DfEnd(&dfState); memcpy(output, &dfState.iv[0], sizeof(DRBG_SEED)); return output; } //*** DRBG_GetEntropy() // Even though this implementation never fails, it may get blocked // indefinitely long in the call to get entropy from the platform // (DRBG_GetEntropy32()). // This function is only used during instantiation of the DRBG for // manufacturing and on each start-up after an non-orderly shutdown. // Return Type: BOOL // TRUE(1) requested entropy returned // FALSE(0) entropy Failure BOOL DRBG_GetEntropy( UINT32 requiredEntropy, // IN: requested number of bytes of full // entropy BYTE *entropy // OUT: buffer to return collected entropy ) { #if !USE_DEBUG_RNG UINT32 obtainedEntropy; INT32 returnedEntropy; // If in debug mode, always use the self-test values for initialization if(IsSelfTest()) { #endif // If doing simulated DRBG, then check to see if the // entropyFailure condition is being tested if(!IsEntropyBad()) { // In self-test, the caller should be asking for exactly the seed // size of entropy. pAssert(requiredEntropy == sizeof(DRBG_NistTestVector_Entropy)); memcpy(entropy, DRBG_NistTestVector_Entropy, sizeof(DRBG_NistTestVector_Entropy)); } #if !USE_DEBUG_RNG } else if(!IsEntropyBad()) { // Collect entropy // Note: In debug mode, the only "entropy" value ever returned // is the value of the self-test vector. for(returnedEntropy = 1, obtainedEntropy = 0; obtainedEntropy < requiredEntropy && !IsEntropyBad(); obtainedEntropy += returnedEntropy) { returnedEntropy = _plat__GetEntropy(&entropy[obtainedEntropy], requiredEntropy - obtainedEntropy); if(returnedEntropy <= 0) SetEntropyBad(); } } #endif return !IsEntropyBad(); } //*** IncrementIv() // This function increments the IV value by 1. It is used by EncryptDRBG(). void IncrementIv( DRBG_IV *iv ) { BYTE *ivP = ((BYTE *)iv) + DRBG_IV_SIZE_BYTES; while((--ivP >= (BYTE *)iv) && ((*ivP = ((*ivP + 1) & 0xFF)) == 0)); } //*** EncryptDRBG() // This does the encryption operation for the DRBG. It will encrypt // the input state counter (IV) using the state key. Into the output // buffer for as many times as it takes to generate the required // number of bytes. static BOOL EncryptDRBG( BYTE *dOut, UINT32 dOutBytes, DRBG_KEY_SCHEDULE *keySchedule, DRBG_IV *iv, UINT32 *lastValue // Points to the last output value ) { #if FIPS_COMPLIANT // For FIPS compliance, the DRBG has to do a continuous self-test to make sure that // no two consecutive values are the same. This overhead is not incurred if the TPM // is not required to be FIPS compliant // UINT32 temp[DRBG_IV_SIZE_BYTES / sizeof(UINT32)]; int i; BYTE *p; for(; dOutBytes > 0;) { // Increment the IV before each encryption (this is what makes this // different from normal counter-mode encryption IncrementIv(iv); DRBG_ENCRYPT(keySchedule, iv, temp); // Expect a 16 byte block #if DRBG_IV_SIZE_BITS != 128 #error "Unsuppored IV size in DRBG" #endif if((lastValue[0] == temp[0]) && (lastValue[1] == temp[1]) && (lastValue[2] == temp[2]) && (lastValue[3] == temp[3]) ) { LOG_FAILURE(FATAL_ERROR_ENTROPY); return FALSE; } lastValue[0] = temp[0]; lastValue[1] = temp[1]; lastValue[2] = temp[2]; lastValue[3] = temp[3]; i = MIN(dOutBytes, DRBG_IV_SIZE_BYTES); dOutBytes -= i; for(p = (BYTE *)temp; i > 0; i--) *dOut++ = *p++; } #else // version without continuous self-test NOT_REFERENCED(lastValue); for(; dOutBytes >= DRBG_IV_SIZE_BYTES; dOut = &dOut[DRBG_IV_SIZE_BYTES], dOutBytes -= DRBG_IV_SIZE_BYTES) { // Increment the IV IncrementIv(iv); DRBG_ENCRYPT(keySchedule, iv, dOut); } // If there is a partial, generate into a block-sized // temp buffer and copy to the output. if(dOutBytes != 0) { BYTE temp[DRBG_IV_SIZE_BYTES]; // Increment the IV IncrementIv(iv); DRBG_ENCRYPT(keySchedule, iv, temp); memcpy(dOut, temp, dOutBytes); } #endif return TRUE; } //*** DRBG_Update() // This function performs the state update function. // According to SP800-90A, a temp value is created by doing CTR mode // encryption of 'providedData' and replacing the key and IV with // these values. The one difference is that, with counter mode, the // IV is incremented after each block is encrypted and in this // operation, the counter is incremented before each block is // encrypted. This function implements an 'optimized' version // of the algorithm in that it does the update of the drbgState->seed // in place and then 'providedData' is XORed into drbgState->seed // to complete the encryption of 'providedData'. This works because // the IV is the last thing that gets encrypted. // static BOOL DRBG_Update( DRBG_STATE *drbgState, // IN:OUT state to update DRBG_KEY_SCHEDULE *keySchedule, // IN: the key schedule (optional) DRBG_SEED *providedData // IN: additional data ) { UINT32 i; BYTE *temp = (BYTE *)&drbgState->seed; DRBG_KEY *key = pDRBG_KEY(&drbgState->seed); DRBG_IV *iv = pDRBG_IV(&drbgState->seed); DRBG_KEY_SCHEDULE localKeySchedule; // pAssert(drbgState->magic == DRBG_MAGIC); // If an key schedule was not provided, make one if(keySchedule == NULL) { if(DRBG_ENCRYPT_SETUP((BYTE *)key, DRBG_KEY_SIZE_BITS, &localKeySchedule) != 0) { LOG_FAILURE(FATAL_ERROR_INTERNAL); return FALSE; } keySchedule = &localKeySchedule; } // Encrypt the temp value EncryptDRBG(temp, sizeof(DRBG_SEED), keySchedule, iv, drbgState->lastValue); if(providedData != NULL) { BYTE *pP = (BYTE *)providedData; for(i = DRBG_SEED_SIZE_BYTES; i != 0; i--) *temp++ ^= *pP++; } // Since temp points to the input key and IV, we are done and // don't need to copy the resulting 'temp' to drbgState->seed return TRUE; } //*** DRBG_Reseed() // This function is used when reseeding of the DRBG is required. If // entropy is provided, it is used in lieu of using hardware entropy. // Note: the provided entropy must be the required size. // Return Type: BOOL // TRUE(1) reseed succeeded // FALSE(0) reseed failed, probably due to the entropy generation BOOL DRBG_Reseed( DRBG_STATE *drbgState, // IN: the state to update DRBG_SEED *providedEntropy, // IN: entropy DRBG_SEED *additionalData // IN: ) { DRBG_SEED seed; pAssert((drbgState != NULL) && (drbgState->magic == DRBG_MAGIC)); if(providedEntropy == NULL) { providedEntropy = &seed; if(!DRBG_GetEntropy(sizeof(DRBG_SEED), (BYTE *)providedEntropy)) return FALSE; } if(additionalData != NULL) { unsigned int i; // XOR the provided data into the provided entropy for(i = 0; i < sizeof(DRBG_SEED); i++) ((BYTE *)providedEntropy)[i] ^= ((BYTE *)additionalData)[i]; } DRBG_Update(drbgState, NULL, providedEntropy); drbgState->reseedCounter = 1; return TRUE; } //*** DRBG_SelfTest() // This is run when the DRBG is instantiated and at startup // Return Type: BOOL // TRUE(1) test OK // FALSE(0) test failed BOOL DRBG_SelfTest( void ) { BYTE buf[sizeof(DRBG_NistTestVector_Generated)]; DRBG_SEED seed; UINT32 i; BYTE *p; DRBG_STATE testState; // pAssert(!IsSelfTest()); SetSelfTest(); SetDrbgTested(); // Do an instantiate if(!DRBG_Instantiate(&testState, 0, NULL)) return FALSE; #if DRBG_DEBUG_PRINT dbgDumpMemBlock(pDRBG_KEY(&testState), DRBG_KEY_SIZE_BYTES, "Key after Instantiate"); dbgDumpMemBlock(pDRBG_IV(&testState), DRBG_IV_SIZE_BYTES, "Value after Instantiate"); #endif if(DRBG_Generate((RAND_STATE *)&testState, buf, sizeof(buf)) == 0) return FALSE; #if DRBG_DEBUG_PRINT dbgDumpMemBlock(pDRBG_KEY(&testState.seed), DRBG_KEY_SIZE_BYTES, "Key after 1st Generate"); dbgDumpMemBlock(pDRBG_IV(&testState.seed), DRBG_IV_SIZE_BYTES, "Value after 1st Generate"); #endif if(memcmp(buf, DRBG_NistTestVector_GeneratedInterm, sizeof(buf)) != 0) return FALSE; memcpy(seed.bytes, DRBG_NistTestVector_EntropyReseed, sizeof(seed)); DRBG_Reseed(&testState, &seed, NULL); #if DRBG_DEBUG_PRINT dbgDumpMemBlock((BYTE *)pDRBG_KEY(&testState.seed), DRBG_KEY_SIZE_BYTES, "Key after 2nd Generate"); dbgDumpMemBlock((BYTE *)pDRBG_IV(&testState.seed), DRBG_IV_SIZE_BYTES, "Value after 2nd Generate"); dbgDumpMemBlock(buf, sizeof(buf), "2nd Generated"); #endif if(DRBG_Generate((RAND_STATE *)&testState, buf, sizeof(buf)) == 0) return FALSE; if(memcmp(buf, DRBG_NistTestVector_Generated, sizeof(buf)) != 0) return FALSE; ClearSelfTest(); DRBG_Uninstantiate(&testState); for(p = (BYTE *)&testState, i = 0; i < sizeof(DRBG_STATE); i++) { if(*p++) return FALSE; } // Simulate hardware failure to make sure that we get an error when // trying to instantiate SetEntropyBad(); if(DRBG_Instantiate(&testState, 0, NULL)) return FALSE; ClearEntropyBad(); return TRUE; } //** Public Interface //*** Description // The functions in this section are the interface to the RNG. These // are the functions that are used by TPM.lib. //*** CryptRandomStir() // This function is used to cause a reseed. A DRBG_SEED amount of entropy is // collected from the hardware and then additional data is added. // Return Type: TPM_RC // TPM_RC_NO_RESULT failure of the entropy generator LIB_EXPORT TPM_RC CryptRandomStir( UINT16 additionalDataSize, BYTE *additionalData ) { #if !USE_DEBUG_RNG DRBG_SEED tmpBuf; DRBG_SEED dfResult; // // All reseed with outside data starts with a buffer full of entropy if(!DRBG_GetEntropy(sizeof(tmpBuf), (BYTE *)&tmpBuf)) return TPM_RC_NO_RESULT; DRBG_Reseed(&drbgDefault, &tmpBuf, DfBuffer(&dfResult, additionalDataSize, additionalData)); drbgDefault.reseedCounter = 1; return TPM_RC_SUCCESS; #else // If doing debug, use the input data as the initial setting for the RNG state // so that the test can be reset at any time. // Note: If this is called with a data size of 0 or less, nothing happens. The // presumption is that, in a debug environment, the caller will have specific // values for initialization, so this check is just a simple way to prevent // inadvertent programming errors from screwing things up. This doesn't use an // pAssert() because the non-debug version of this function will accept these // parameters as meaning that there is no additionalData and only hardware // entropy is used. if((additionalDataSize > 0) && (additionalData != NULL)) { memset(drbgDefault.seed.bytes, 0, sizeof(drbgDefault.seed.bytes)); memcpy(drbgDefault.seed.bytes, additionalData, MIN(additionalDataSize, sizeof(drbgDefault.seed.bytes))); } drbgDefault.reseedCounter = 1; return TPM_RC_SUCCESS; #endif } //*** CryptRandomGenerate() // Generate a 'randomSize' number or random bytes. LIB_EXPORT UINT16 CryptRandomGenerate( UINT16 randomSize, BYTE *buffer ) { return DRBG_Generate((RAND_STATE *)&drbgDefault, buffer, randomSize); } //*** DRBG_InstantiateSeededKdf() // This function is used to instantiate a KDF-based RNG. This is used for derivations. // This function always returns TRUE. LIB_EXPORT BOOL DRBG_InstantiateSeededKdf( KDF_STATE *state, // OUT: buffer to hold the state TPM_ALG_ID hashAlg, // IN: hash algorithm TPM_ALG_ID kdf, // IN: the KDF to use TPM2B *seed, // IN: the seed to use const TPM2B *label, // IN: a label for the generation process. TPM2B *context, // IN: the context value UINT32 limit // IN: Maximum number of bits from the KDF ) { state->magic = KDF_MAGIC; state->limit = limit; state->seed = seed; state->hash = hashAlg; state->kdf = kdf; state->label = label; state->context = context; state->digestSize = CryptHashGetDigestSize(hashAlg); state->counter = 0; state->residual.t.size = 0; return TRUE; } //*** DRBG_AdditionalData() // Function to reseed the DRBG with additional entropy. This is normally called // before computing the protection value of a primary key in the Endorsement // hierarchy. LIB_EXPORT void DRBG_AdditionalData( DRBG_STATE *drbgState, // IN:OUT state to update TPM2B *additionalData // IN: value to incorporate ) { DRBG_SEED dfResult; if(drbgState->magic == DRBG_MAGIC) { DfBuffer(&dfResult, additionalData->size, additionalData->buffer); DRBG_Reseed(drbgState, &dfResult, NULL); } } //*** DRBG_InstantiateSeeded() // This function is used to instantiate a random number generator from seed values. // The nominal use of this generator is to create sequences of pseudo-random // numbers from a seed value. // Return Type: TPM_RC // TPM_RC_FAILURE DRBG self-test failure LIB_EXPORT TPM_RC DRBG_InstantiateSeeded( DRBG_STATE *drbgState, // IN/OUT: buffer to hold the state const TPM2B *seed, // IN: the seed to use const TPM2B *purpose, // IN: a label for the generation process. const TPM2B *name, // IN: name of the object const TPM2B *additional // IN: additional data ) { DF_STATE dfState; int totalInputSize; // DRBG should have been tested, but... if(!IsDrbgTested() && !DRBG_SelfTest()) { LOG_FAILURE(FATAL_ERROR_SELF_TEST); return TPM_RC_FAILURE; } // Initialize the DRBG state memset(drbgState, 0, sizeof(DRBG_STATE)); drbgState->magic = DRBG_MAGIC; // Size all of the values totalInputSize = (seed != NULL) ? seed->size : 0; totalInputSize += (purpose != NULL) ? purpose->size : 0; totalInputSize += (name != NULL) ? name->size : 0; totalInputSize += (additional != NULL) ? additional->size : 0; // Initialize the derivation DfStart(&dfState, totalInputSize); // Run all the input strings through the derivation function if(seed != NULL) DfUpdate(&dfState, seed->size, seed->buffer); if(purpose != NULL) DfUpdate(&dfState, purpose->size, purpose->buffer); if(name != NULL) DfUpdate(&dfState, name->size, name->buffer); if(additional != NULL) DfUpdate(&dfState, additional->size, additional->buffer); // Used the derivation function output as the "entropy" input. This is not // how it is described in SP800-90A but this is the equivalent function DRBG_Reseed(((DRBG_STATE *)drbgState), DfEnd(&dfState), NULL); return TPM_RC_SUCCESS; } //*** CryptRandStartup() // This function is called when TPM_Startup is executed. This function always returns // TRUE. LIB_EXPORT BOOL CryptRandStartup( void ) { #if ! _DRBG_STATE_SAVE // If not saved in NV, re-instantiate on each startup DRBG_Instantiate(&drbgDefault, 0, NULL); #else // If the running state is saved in NV, NV has to be loaded before it can // be updated if(go.drbgState.magic == DRBG_MAGIC) DRBG_Reseed(&go.drbgState, NULL, NULL); else DRBG_Instantiate(&go.drbgState, 0, NULL); #endif return TRUE; } //**** CryptRandInit() // This function is called when _TPM_Init is being processed. // Return Type: BOOL // TRUE(1) success // FALSE(0) failure LIB_EXPORT BOOL CryptRandInit( void ) { #if !USE_DEBUG_RNG _plat__GetEntropy(NULL, 0); #endif return DRBG_SelfTest(); } //*** DRBG_Generate() // This function generates a random sequence according SP800-90A. // If 'random' is not NULL, then 'randomSize' bytes of random values are generated. // If 'random' is NULL or 'randomSize' is zero, then the function returns // zero without generating any bits or updating the reseed counter. // This function returns the number of bytes produced which could be less than the // number requested if the request is too large ("too large" is implementation // dependent.) LIB_EXPORT UINT16 DRBG_Generate( RAND_STATE *state, BYTE *random, // OUT: buffer to receive the random values UINT16 randomSize // IN: the number of bytes to generate ) { if(state == NULL) state = (RAND_STATE *)&drbgDefault; if(random == NULL) return 0; // If the caller used a KDF state, generate a sequence from the KDF not to // exceed the limit. if(state->kdf.magic == KDF_MAGIC) { KDF_STATE *kdf = (KDF_STATE *)state; UINT32 counter = (UINT32)kdf->counter; INT32 bytesLeft = randomSize; // // If the number of bytes to be returned would put the generator // over the limit, then return 0 if((((kdf->counter * kdf->digestSize) + randomSize) * 8) > kdf->limit) return 0; // Process partial and full blocks until all requested bytes provided while(bytesLeft > 0) { // If there is any residual data in the buffer, copy it to the output // buffer if(kdf->residual.t.size > 0) { INT32 size; // // Don't use more of the residual than will fit or more than are // available size = MIN(kdf->residual.t.size, bytesLeft); // Copy some or all of the residual to the output. The residual is // at the end of the buffer. The residual might be a full buffer. MemoryCopy(random, &kdf->residual.t.buffer [kdf->digestSize - kdf->residual.t.size], size); // Advance the buffer pointer random += size; // Reduce the number of bytes left to get bytesLeft -= size; // And reduce the residual size appropriately kdf->residual.t.size -= (UINT16)size; } else { UINT16 blocks = (UINT16)(bytesLeft / kdf->digestSize); // // Get the number of required full blocks if(blocks > 0) { UINT16 size = blocks * kdf->digestSize; // Get some number of full blocks and put them in the return buffer CryptKDFa(kdf->hash, kdf->seed, kdf->label, kdf->context, NULL, kdf->limit, random, &counter, blocks); // reduce the size remaining to be moved and advance the pointer bytesLeft -= size; random += size; } else { // Fill the residual buffer with a full block and then loop to // top to get part of it copied to the output. kdf->residual.t.size = CryptKDFa(kdf->hash, kdf->seed, kdf->label, kdf->context, NULL, kdf->limit, kdf->residual.t.buffer, &counter, 1); } } } kdf->counter = counter; return randomSize; } else if(state->drbg.magic == DRBG_MAGIC) { DRBG_STATE *drbgState = (DRBG_STATE *)state; DRBG_KEY_SCHEDULE keySchedule; DRBG_SEED *seed = &drbgState->seed; if(drbgState->reseedCounter >= CTR_DRBG_MAX_REQUESTS_PER_RESEED) { if(drbgState == &drbgDefault) { DRBG_Reseed(drbgState, NULL, NULL); if(IsEntropyBad() && !IsSelfTest()) return 0; } else { // If this is a PRNG then the only way to get // here is if the SW has run away. LOG_FAILURE(FATAL_ERROR_INTERNAL); return 0; } } // if the allowed number of bytes in a request is larger than the // less than the number of bytes that can be requested, then check #if UINT16_MAX >= CTR_DRBG_MAX_BYTES_PER_REQUEST if(randomSize > CTR_DRBG_MAX_BYTES_PER_REQUEST) randomSize = CTR_DRBG_MAX_BYTES_PER_REQUEST; #endif // Create encryption schedule if(DRBG_ENCRYPT_SETUP((BYTE *)pDRBG_KEY(seed), DRBG_KEY_SIZE_BITS, &keySchedule) != 0) { LOG_FAILURE(FATAL_ERROR_INTERNAL); return 0; } // Generate the random data EncryptDRBG(random, randomSize, &keySchedule, pDRBG_IV(seed), drbgState->lastValue); // Do a key update DRBG_Update(drbgState, &keySchedule, NULL); // Increment the reseed counter drbgState->reseedCounter += 1; } else { LOG_FAILURE(FATAL_ERROR_INTERNAL); return FALSE; } return randomSize; } //*** DRBG_Instantiate() // This is CTR_DRBG_Instantiate_algorithm() from [SP 800-90A 10.2.1.3.1]. // This is called when a the TPM DRBG is to be instantiated. This is // called to instantiate a DRBG used by the TPM for normal // operations. // Return Type: BOOL // TRUE(1) instantiation succeeded // FALSE(0) instantiation failed LIB_EXPORT BOOL DRBG_Instantiate( DRBG_STATE *drbgState, // OUT: the instantiated value UINT16 pSize, // IN: Size of personalization string BYTE *personalization // IN: The personalization string ) { DRBG_SEED seed; DRBG_SEED dfResult; // pAssert((pSize == 0) || (pSize <= sizeof(seed)) || (personalization != NULL)); // If the DRBG has not been tested, test when doing an instantiation. Since // Instantiation is called during self test, make sure we don't get stuck in a // loop. if(!IsDrbgTested() && !IsSelfTest() && !DRBG_SelfTest()) return FALSE; // If doing a self test, DRBG_GetEntropy will return the NIST // test vector value. if(!DRBG_GetEntropy(sizeof(seed), (BYTE *)&seed)) return FALSE; // set everything to zero memset(drbgState, 0, sizeof(DRBG_STATE)); drbgState->magic = DRBG_MAGIC; // Steps 1, 2, 3, 6, 7 of SP 800-90A 10.2.1.3.1 are exactly what // reseeding does. So, do a reduction on the personalization value (if any) // and do a reseed. DRBG_Reseed(drbgState, &seed, DfBuffer(&dfResult, pSize, personalization)); return TRUE; } //*** DRBG_Uninstantiate() // This is Uninstantiate_function() from [SP 800-90A 9.4]. // // Return Type: TPM_RC // TPM_RC_VALUE not a valid state LIB_EXPORT TPM_RC DRBG_Uninstantiate( DRBG_STATE *drbgState // IN/OUT: working state to erase ) { if((drbgState == NULL) || (drbgState->magic != DRBG_MAGIC)) return TPM_RC_VALUE; memset(drbgState, 0, sizeof(DRBG_STATE)); return TPM_RC_SUCCESS; } go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptRsa.c000066400000000000000000001505001510276467000260500ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Introduction // // This file contains implementation of cryptographic primitives for RSA. // Vendors may replace the implementation in this file with their own library // functions. //** Includes // Need this define to get the 'private' defines for this function #define CRYPT_RSA_C #include "Tpm.h" #if ALG_RSA //** Obligatory Initialization Functions //*** CryptRsaInit() // Function called at _TPM_Init(). BOOL CryptRsaInit( void ) { return TRUE; } //*** CryptRsaStartup() // Function called at TPM2_Startup() BOOL CryptRsaStartup( void ) { return TRUE; } //** Internal Functions //*** RsaInitializeExponent() // This function initializes the bignum data structure that holds the private // exponent. This function returns the pointer to the private exponent value so that // it can be used in an initializer for a data declaration. static privateExponent * RsaInitializeExponent( privateExponent *Z ) { bigNum *bn = (bigNum *)&Z->P; int i; // for(i = 0; i < 5; i++) { bn[i] = (bigNum)&Z->entries[i]; BnInit(bn[i], BYTES_TO_CRYPT_WORDS(sizeof(Z->entries[0].d))); } return Z; } //*** MakePgreaterThanQ() // This function swaps the pointers for P and Q if Q happens to be larger than Q. static void MakePgreaterThanQ( privateExponent *Z ) { if(BnUnsignedCmp(Z->P, Z->Q) < 0) { bigNum bnT = Z->P; Z->P = Z->Q; Z->Q = bnT; } } //*** PackExponent() // This function takes the bignum private exponent and converts it into TPM2B form. // In this form, the size field contains the overall size of the packed data. The // buffer contains 5, equal sized values in P, Q, dP, dQ, qInv order. For example, if // a key has a 2Kb public key, then the packed private key will contain 5, 1Kb values. // This form makes it relatively easy to load and save the values without changing // the normal unmarshaling to do anything more than allow a larger TPM2B for the // private key. Also, when exporting the value, all that is needed is to change the // size field of the private key in order to save just the P value. // Return Type: BOOL // TRUE(1) success // FALSE(0) failure // The data is too big to fit static BOOL PackExponent( TPM2B_PRIVATE_KEY_RSA *packed, privateExponent *Z ) { int i; UINT16 primeSize = (UINT16)BITS_TO_BYTES(BnMsb(Z->P)); UINT16 pS = primeSize; // pAssert((primeSize * 5) <= sizeof(packed->t.buffer)); packed->t.size = (primeSize * 5) + RSA_prime_flag; for(i = 0; i < 5; i++) if(!BnToBytes((bigNum)&Z->entries[i], &packed->t.buffer[primeSize * i], &pS)) return FALSE; if(pS != primeSize) return FALSE; return TRUE; } //*** UnpackExponent() // This function unpacks the private exponent from its TPM2B form into its bignum // form. // Return Type: BOOL // TRUE(1) success // FALSE(0) TPM2B is not the correct size static BOOL UnpackExponent( TPM2B_PRIVATE_KEY_RSA *b, privateExponent *Z ) { UINT16 primeSize = b->t.size & ~RSA_prime_flag; int i; bigNum *bn = &Z->P; // VERIFY(b->t.size & RSA_prime_flag); RsaInitializeExponent(Z); VERIFY((primeSize % 5) == 0); primeSize /= 5; for(i = 0; i < 5; i++) VERIFY(BnFromBytes(bn[i], &b->t.buffer[primeSize * i], primeSize) != NULL); MakePgreaterThanQ(Z); return TRUE; Error: return FALSE; } //*** ComputePrivateExponent() // This function computes the private exponent from the primes. // Return Type: BOOL // TRUE(1) success // FALSE(0) failure static BOOL ComputePrivateExponent( bigNum pubExp, // IN: the public exponent privateExponent *Z // IN/OUT: on input, has primes P and Q. On // output, has P, Q, dP, dQ, and pInv ) { BOOL pOK; BOOL qOK; BN_PRIME(pT); // // make p the larger value so that m2 is always less than p MakePgreaterThanQ(Z); //dP = (1/e) mod (p-1) pOK = BnSubWord(pT, Z->P, 1); pOK = pOK && BnModInverse(Z->dP, pubExp, pT); //dQ = (1/e) mod (q-1) qOK = BnSubWord(pT, Z->Q, 1); qOK = qOK && BnModInverse(Z->dQ, pubExp, pT); // qInv = (1/q) mod p if(pOK && qOK) pOK = qOK = BnModInverse(Z->qInv, Z->Q, Z->P); if(!pOK) BnSetWord(Z->P, 0); if(!qOK) BnSetWord(Z->Q, 0); return pOK && qOK; } //*** RsaPrivateKeyOp() // This function is called to do the exponentiation with the private key. Compile // options allow use of the simple (but slow) private exponent, or the more complex // but faster CRT method. // Return Type: BOOL // TRUE(1) success // FALSE(0) failure static BOOL RsaPrivateKeyOp( bigNum inOut, // IN/OUT: number to be exponentiated privateExponent *Z ) { BN_RSA(M1); BN_RSA(M2); BN_RSA(M); BN_RSA(H); // MakePgreaterThanQ(Z); // m1 = cdP mod p VERIFY(BnModExp(M1, inOut, Z->dP, Z->P)); // m2 = cdQ mod q VERIFY(BnModExp(M2, inOut, Z->dQ, Z->Q)); // h = qInv * (m1 - m2) mod p = qInv * (m1 + P - m2) mod P because Q < P // so m2 < P VERIFY(BnSub(H, Z->P, M2)); VERIFY(BnAdd(H, H, M1)); VERIFY(BnModMult(H, H, Z->qInv, Z->P)); // m = m2 + h * q VERIFY(BnMult(M, H, Z->Q)); VERIFY(BnAdd(inOut, M2, M)); return TRUE; Error: return FALSE; } //*** RSAEP() // This function performs the RSAEP operation defined in PKCS#1v2.1. It is // an exponentiation of a value ('m') with the public exponent ('e'), modulo // the public ('n'). // // Return Type: TPM_RC // TPM_RC_VALUE number to exponentiate is larger than the modulus // static TPM_RC RSAEP( TPM2B *dInOut, // IN: size of the encrypted block and the size of // the encrypted value. It must be the size of // the modulus. // OUT: the encrypted data. Will receive the // decrypted value OBJECT *key // IN: the key to use ) { TPM2B_TYPE(4BYTES, 4); TPM2B_4BYTES e2B; UINT32 e = key->publicArea.parameters.rsaDetail.exponent; // if(e == 0) e = RSA_DEFAULT_PUBLIC_EXPONENT; UINT32_TO_BYTE_ARRAY(e, e2B.t.buffer); e2B.t.size = 4; return ModExpB(dInOut->size, dInOut->buffer, dInOut->size, dInOut->buffer, e2B.t.size, e2B.t.buffer, key->publicArea.unique.rsa.t.size, key->publicArea.unique.rsa.t.buffer); } //*** RSADP() // This function performs the RSADP operation defined in PKCS#1v2.1. It is // an exponentiation of a value ('c') with the private exponent ('d'), modulo // the public modulus ('n'). The decryption is in place. // // This function also checks the size of the private key. If the size indicates // that only a prime value is present, the key is converted to being a private // exponent. // // Return Type: TPM_RC // TPM_RC_SIZE the value to decrypt is larger than the modulus // static TPM_RC RSADP( TPM2B *inOut, // IN/OUT: the value to encrypt OBJECT *key // IN: the key ) { BN_RSA_INITIALIZED(bnM, inOut); NEW_PRIVATE_EXPONENT(Z); if(UnsignedCompareB(inOut->size, inOut->buffer, key->publicArea.unique.rsa.t.size, key->publicArea.unique.rsa.t.buffer) >= 0) return TPM_RC_SIZE; // private key operation requires that private exponent be loaded // During self-test, this might not be the case so load it up if it hasn't // already done // been done if((key->sensitive.sensitive.rsa.t.size & RSA_prime_flag) == 0) { if(CryptRsaLoadPrivateExponent(&key->publicArea, &key->sensitive) != TPM_RC_SUCCESS) return TPM_RC_BINDING; } VERIFY(UnpackExponent(&key->sensitive.sensitive.rsa, Z)); VERIFY(RsaPrivateKeyOp(bnM, Z)); VERIFY(BnTo2B(bnM, inOut, inOut->size)); return TPM_RC_SUCCESS; Error: return TPM_RC_FAILURE; } //*** OaepEncode() // This function performs OAEP padding. The size of the buffer to receive the // OAEP padded data must equal the size of the modulus // // Return Type: TPM_RC // TPM_RC_VALUE 'hashAlg' is not valid or message size is too large // static TPM_RC OaepEncode( TPM2B *padded, // OUT: the pad data TPM_ALG_ID hashAlg, // IN: algorithm to use for padding const TPM2B *label, // IN: null-terminated string (may be NULL) TPM2B *message, // IN: the message being padded RAND_STATE *rand // IN: the random number generator to use ) { INT32 padLen; INT32 dbSize; INT32 i; BYTE mySeed[MAX_DIGEST_SIZE]; BYTE *seed = mySeed; UINT16 hLen = CryptHashGetDigestSize(hashAlg); BYTE mask[MAX_RSA_KEY_BYTES]; BYTE *pp; BYTE *pm; TPM_RC retVal = TPM_RC_SUCCESS; pAssert(padded != NULL && message != NULL); // A value of zero is not allowed because the KDF can't produce a result // if the digest size is zero. if(hLen == 0) return TPM_RC_VALUE; // Basic size checks // make sure digest isn't too big for key size if(padded->size < (2 * hLen) + 2) ERROR_RETURN(TPM_RC_HASH); // and that message will fit messageSize <= k - 2hLen - 2 if(message->size > (padded->size - (2 * hLen) - 2)) ERROR_RETURN(TPM_RC_VALUE); // Hash L even if it is null // Offset into padded leaving room for masked seed and byte of zero pp = &padded->buffer[hLen + 1]; if(CryptHashBlock(hashAlg, label->size, (BYTE *)label->buffer, hLen, pp) != hLen) ERROR_RETURN(TPM_RC_FAILURE); // concatenate PS of k mLen 2hLen 2 padLen = padded->size - message->size - (2 * hLen) - 2; MemorySet(&pp[hLen], 0, padLen); pp[hLen + padLen] = 0x01; padLen += 1; memcpy(&pp[hLen + padLen], message->buffer, message->size); // The total size of db = hLen + pad + mSize; dbSize = hLen + padLen + message->size; // If testing, then use the provided seed. Otherwise, use values // from the RNG CryptRandomGenerate(hLen, mySeed); DRBG_Generate(rand, mySeed, (UINT16)hLen); if(g_inFailureMode) ERROR_RETURN(TPM_RC_FAILURE); // mask = MGF1 (seed, nSize hLen 1) CryptMGF1(dbSize, mask, hashAlg, hLen, seed); // Create the masked db pm = mask; for(i = dbSize; i > 0; i--) *pp++ ^= *pm++; pp = &padded->buffer[hLen + 1]; // Run the masked data through MGF1 if(CryptMGF1(hLen, &padded->buffer[1], hashAlg, dbSize, pp) != (unsigned)hLen) ERROR_RETURN(TPM_RC_VALUE); // Now XOR the seed to create masked seed pp = &padded->buffer[1]; pm = seed; for(i = hLen; i > 0; i--) *pp++ ^= *pm++; // Set the first byte to zero padded->buffer[0] = 0x00; Exit: return retVal; } //*** OaepDecode() // This function performs OAEP padding checking. The size of the buffer to receive // the recovered data. If the padding is not valid, the 'dSize' size is set to zero // and the function returns TPM_RC_VALUE. // // The 'dSize' parameter is used as an input to indicate the size available in the // buffer. // If insufficient space is available, the size is not changed and the return code // is TPM_RC_VALUE. // // Return Type: TPM_RC // TPM_RC_VALUE the value to decode was larger than the modulus, or // the padding is wrong or the buffer to receive the // results is too small // // static TPM_RC OaepDecode( TPM2B *dataOut, // OUT: the recovered data TPM_ALG_ID hashAlg, // IN: algorithm to use for padding const TPM2B *label, // IN: null-terminated string (may be NULL) TPM2B *padded // IN: the padded data ) { UINT32 i; BYTE seedMask[MAX_DIGEST_SIZE]; UINT32 hLen = CryptHashGetDigestSize(hashAlg); BYTE mask[MAX_RSA_KEY_BYTES]; BYTE *pp; BYTE *pm; TPM_RC retVal = TPM_RC_SUCCESS; // Strange size (anything smaller can't be an OAEP padded block) // Also check for no leading 0 if((padded->size < (unsigned)((2 * hLen) + 2)) || (padded->buffer[0] != 0)) ERROR_RETURN(TPM_RC_VALUE); // Use the hash size to determine what to put through MGF1 in order // to recover the seedMask CryptMGF1(hLen, seedMask, hashAlg, padded->size - hLen - 1, &padded->buffer[hLen + 1]); // Recover the seed into seedMask pAssert(hLen <= sizeof(seedMask)); pp = &padded->buffer[1]; pm = seedMask; for(i = hLen; i > 0; i--) *pm++ ^= *pp++; // Use the seed to generate the data mask CryptMGF1(padded->size - hLen - 1, mask, hashAlg, hLen, seedMask); // Use the mask generated from seed to recover the padded data pp = &padded->buffer[hLen + 1]; pm = mask; for(i = (padded->size - hLen - 1); i > 0; i--) *pm++ ^= *pp++; // Make sure that the recovered data has the hash of the label // Put trial value in the seed mask if((CryptHashBlock(hashAlg, label->size, (BYTE *)label->buffer, hLen, seedMask)) != hLen) FAIL(FATAL_ERROR_INTERNAL); if(memcmp(seedMask, mask, hLen) != 0) ERROR_RETURN(TPM_RC_VALUE); // find the start of the data pm = &mask[hLen]; for(i = (UINT32)padded->size - (2 * hLen) - 1; i > 0; i--) { if(*pm++ != 0) break; } // If we ran out of data or didn't end with 0x01, then return an error if(i == 0 || pm[-1] != 0x01) ERROR_RETURN(TPM_RC_VALUE); // pm should be pointing at the first part of the data // and i is one greater than the number of bytes to move i--; if(i > dataOut->size) // Special exit to preserve the size of the output buffer return TPM_RC_VALUE; memcpy(dataOut->buffer, pm, i); dataOut->size = (UINT16)i; Exit: if(retVal != TPM_RC_SUCCESS) dataOut->size = 0; return retVal; } //*** PKCS1v1_5Encode() // This function performs the encoding for RSAES-PKCS1-V1_5-ENCRYPT as defined in // PKCS#1V2.1 // Return Type: TPM_RC // TPM_RC_VALUE message size is too large // static TPM_RC RSAES_PKCS1v1_5Encode( TPM2B *padded, // OUT: the pad data TPM2B *message, // IN: the message being padded RAND_STATE *rand ) { UINT32 ps = padded->size - message->size - 3; // if(message->size > padded->size - 11) return TPM_RC_VALUE; // move the message to the end of the buffer memcpy(&padded->buffer[padded->size - message->size], message->buffer, message->size); // Set the first byte to 0x00 and the second to 0x02 padded->buffer[0] = 0; padded->buffer[1] = 2; // Fill with random bytes DRBG_Generate(rand, &padded->buffer[2], (UINT16)ps); if(g_inFailureMode) return TPM_RC_FAILURE; // Set the delimiter for the random field to 0 padded->buffer[2 + ps] = 0; // Now, the only messy part. Make sure that all the 'ps' bytes are non-zero // In this implementation, use the value of the current index for(ps++; ps > 1; ps--) { if(padded->buffer[ps] == 0) padded->buffer[ps] = 0x55; // In the < 0.5% of the cases that the // random value is 0, just pick a value to // put into the spot. } return TPM_RC_SUCCESS; } //*** RSAES_Decode() // This function performs the decoding for RSAES-PKCS1-V1_5-ENCRYPT as defined in // PKCS#1V2.1 // // Return Type: TPM_RC // TPM_RC_FAIL decoding error or results would no fit into provided buffer // static TPM_RC RSAES_Decode( TPM2B *message, // OUT: the recovered message TPM2B *coded // IN: the encoded message ) { BOOL fail = FALSE; UINT16 pSize; fail = (coded->size < 11); fail = (coded->buffer[0] != 0x00) | fail; fail = (coded->buffer[1] != 0x02) | fail; for(pSize = 2; pSize < coded->size; pSize++) { if(coded->buffer[pSize] == 0) break; } pSize++; // Make sure that pSize has not gone over the end and that there are at least 8 // bytes of pad data. fail = (pSize > coded->size) | fail; fail = ((pSize - 2) < 8) | fail; if((message->size < (UINT16)(coded->size - pSize)) || fail) return TPM_RC_VALUE; message->size = coded->size - pSize; memcpy(message->buffer, &coded->buffer[pSize], coded->size - pSize); return TPM_RC_SUCCESS; } //*** CryptRsaPssSaltSize() // This function computes the salt size used in PSS. It is broken out so that // the X509 code can get the same value that is used by the encoding function in this // module. INT16 CryptRsaPssSaltSize( INT16 hashSize, INT16 outSize ) { INT16 saltSize; // // (Mask Length) = (outSize - hashSize - 1); // Max saltSize is (Mask Length) - 1 saltSize = (outSize - hashSize - 1) - 1; // Use the maximum salt size allowed by FIPS 186-4 if(saltSize > hashSize) saltSize = hashSize; else if(saltSize < 0) saltSize = 0; return saltSize; } //*** PssEncode() // This function creates an encoded block of data that is the size of modulus. // The function uses the maximum salt size that will fit in the encoded block. // // Returns TPM_RC_SUCCESS or goes into failure mode. static TPM_RC PssEncode( TPM2B *out, // OUT: the encoded buffer TPM_ALG_ID hashAlg, // IN: hash algorithm for the encoding TPM2B *digest, // IN: the digest RAND_STATE *rand // IN: random number source ) { UINT32 hLen = CryptHashGetDigestSize(hashAlg); BYTE salt[MAX_RSA_KEY_BYTES - 1]; UINT16 saltSize; BYTE *ps = salt; BYTE *pOut; UINT16 mLen; HASH_STATE hashState; // These are fatal errors indicating bad TPM firmware pAssert(out != NULL && hLen > 0 && digest != NULL); // Get the size of the mask mLen = (UINT16)(out->size - hLen - 1); // Set the salt size saltSize = CryptRsaPssSaltSize((INT16)hLen, (INT16)out->size); //using eOut for scratch space // Set the first 8 bytes to zero pOut = out->buffer; memset(pOut, 0, 8); // Get set the salt DRBG_Generate(rand, salt, saltSize); if(g_inFailureMode) return TPM_RC_FAILURE; // Create the hash of the pad || input hash || salt CryptHashStart(&hashState, hashAlg); CryptDigestUpdate(&hashState, 8, pOut); CryptDigestUpdate2B(&hashState, digest); CryptDigestUpdate(&hashState, saltSize, salt); CryptHashEnd(&hashState, hLen, &pOut[out->size - hLen - 1]); // Create a mask if(CryptMGF1(mLen, pOut, hashAlg, hLen, &pOut[mLen]) != mLen) FAIL(FATAL_ERROR_INTERNAL); // Since this implementation uses key sizes that are all even multiples of // 8, just need to make sure that the most significant bit is CLEAR *pOut &= 0x7f; // Before we mess up the pOut value, set the last byte to 0xbc pOut[out->size - 1] = 0xbc; // XOR a byte of 0x01 at the position just before where the salt will be XOR'ed pOut = &pOut[mLen - saltSize - 1]; *pOut++ ^= 0x01; // XOR the salt data into the buffer for(; saltSize > 0; saltSize--) *pOut++ ^= *ps++; // and we are done return TPM_RC_SUCCESS; } //*** PssDecode() // This function checks that the PSS encoded block was built from the // provided digest. If the check is successful, TPM_RC_SUCCESS is returned. // Any other value indicates an error. // // This implementation of PSS decoding is intended for the reference TPM // implementation and is not at all generalized. It is used to check // signatures over hashes and assumptions are made about the sizes of values. // Those assumptions are enforce by this implementation. // This implementation does allow for a variable size salt value to have been // used by the creator of the signature. // // Return Type: TPM_RC // TPM_RC_SCHEME 'hashAlg' is not a supported hash algorithm // TPM_RC_VALUE decode operation failed // static TPM_RC PssDecode( TPM_ALG_ID hashAlg, // IN: hash algorithm to use for the encoding TPM2B *dIn, // In: the digest to compare TPM2B *eIn // IN: the encoded data ) { UINT32 hLen = CryptHashGetDigestSize(hashAlg); BYTE mask[MAX_RSA_KEY_BYTES]; BYTE *pm = mask; BYTE *pe; BYTE pad[8] = {0}; UINT32 i; UINT32 mLen; BYTE fail; TPM_RC retVal = TPM_RC_SUCCESS; HASH_STATE hashState; // These errors are indicative of failures due to programmer error pAssert(dIn != NULL && eIn != NULL); pe = eIn->buffer; // check the hash scheme if(hLen == 0) ERROR_RETURN(TPM_RC_SCHEME); // most significant bit must be zero fail = pe[0] & 0x80; // last byte must be 0xbc fail |= pe[eIn->size - 1] ^ 0xbc; // Use the hLen bytes at the end of the buffer to generate a mask // Doesn't start at the end which is a flag byte mLen = eIn->size - hLen - 1; CryptMGF1(mLen, mask, hashAlg, hLen, &pe[mLen]); // Clear the MSO of the mask to make it consistent with the encoding. mask[0] &= 0x7F; pAssert(mLen <= sizeof(mask)); // XOR the data into the mask to recover the salt. This sequence // advances eIn so that it will end up pointing to the seed data // which is the hash of the signature data for(i = mLen; i > 0; i--) *pm++ ^= *pe++; // Find the first byte of 0x01 after a string of all 0x00 for(pm = mask, i = mLen; i > 0; i--) { if(*pm == 0x01) break; else fail |= *pm++; } // i should not be zero fail |= (i == 0); // if we have failed, will continue using the entire mask as the salt value so // that the timing attacks will not disclose anything (I don't think that this // is a problem for TPM applications but, usually, we don't fail so this // doesn't cost anything). if(fail) { i = mLen; pm = mask; } else { pm++; i--; } // i contains the salt size and pm points to the salt. Going to use the input // hash and the seed to recreate the hash in the lower portion of eIn. CryptHashStart(&hashState, hashAlg); // add the pad of 8 zeros CryptDigestUpdate(&hashState, 8, pad); // add the provided digest value CryptDigestUpdate(&hashState, dIn->size, dIn->buffer); // and the salt CryptDigestUpdate(&hashState, i, pm); // get the result fail |= (CryptHashEnd(&hashState, hLen, mask) != hLen); // Compare all bytes for(pm = mask; hLen > 0; hLen--) // don't use fail = because that could skip the increment and compare // operations after the first failure and that gives away timing // information. fail |= *pm++ ^ *pe++; retVal = (fail != 0) ? TPM_RC_VALUE : TPM_RC_SUCCESS; Exit: return retVal; } //*** MakeDerTag() // Construct the DER value that is used in RSASSA // Return Type: INT16 // > 0 size of value // <= 0 no hash exists INT16 MakeDerTag( TPM_ALG_ID hashAlg, INT16 sizeOfBuffer, BYTE *buffer ) { // 0x30, 0x31, // SEQUENCE (2 elements) 1st // 0x30, 0x0D, // SEQUENCE (2 elements) // 0x06, 0x09, // HASH OID // 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, // 0x05, 0x00, // NULL // 0x04, 0x20 // OCTET STRING HASH_DEF *info = CryptGetHashDef(hashAlg); INT16 oidSize; // If no OID, can't do encode VERIFY(info != NULL); oidSize = 2 + (info->OID)[1]; // make sure this fits in the buffer VERIFY(sizeOfBuffer >= (oidSize + 8)); *buffer++ = 0x30; // 1st SEQUENCE // Size of the 1st SEQUENCE is 6 bytes + size of the hash OID + size of the // digest size *buffer++ = (BYTE)(6 + oidSize + info->digestSize); // *buffer++ = 0x30; // 2nd SEQUENCE // size is 4 bytes of overhead plus the side of the OID *buffer++ = (BYTE)(2 + oidSize); MemoryCopy(buffer, info->OID, oidSize); buffer += oidSize; *buffer++ = 0x05; // Add a NULL *buffer++ = 0x00; *buffer++ = 0x04; *buffer++ = (BYTE)(info->digestSize); return oidSize + 8; Error: return 0; } //*** RSASSA_Encode() // Encode a message using PKCS1v1.5 method. // // Return Type: TPM_RC // TPM_RC_SCHEME 'hashAlg' is not a supported hash algorithm // TPM_RC_SIZE 'eOutSize' is not large enough // TPM_RC_VALUE 'hInSize' does not match the digest size of hashAlg static TPM_RC RSASSA_Encode( TPM2B *pOut, // IN:OUT on in, the size of the public key // on out, the encoded area TPM_ALG_ID hashAlg, // IN: hash algorithm for PKCS1v1_5 TPM2B *hIn // IN: digest value to encode ) { BYTE DER[20]; BYTE *der = DER; INT32 derSize = MakeDerTag(hashAlg, sizeof(DER), DER); BYTE *eOut; INT32 fillSize; TPM_RC retVal = TPM_RC_SUCCESS; // Can't use this scheme if the algorithm doesn't have a DER string defined. if(derSize == 0) ERROR_RETURN(TPM_RC_SCHEME); // If the digest size of 'hashAl' doesn't match the input digest size, then // the DER will misidentify the digest so return an error if(CryptHashGetDigestSize(hashAlg) != hIn->size) ERROR_RETURN(TPM_RC_VALUE); fillSize = pOut->size - derSize - hIn->size - 3; eOut = pOut->buffer; // Make sure that this combination will fit in the provided space if(fillSize < 8) ERROR_RETURN(TPM_RC_SIZE); // Start filling *eOut++ = 0; // initial byte of zero *eOut++ = 1; // byte of 0x01 for(; fillSize > 0; fillSize--) *eOut++ = 0xff; // bunch of 0xff *eOut++ = 0; // another 0 for(; derSize > 0; derSize--) *eOut++ = *der++; // copy the DER der = hIn->buffer; for(fillSize = hIn->size; fillSize > 0; fillSize--) *eOut++ = *der++; // copy the hash Exit: return retVal; } //*** RSASSA_Decode() // This function performs the RSASSA decoding of a signature. // // Return Type: TPM_RC // TPM_RC_VALUE decode unsuccessful // TPM_RC_SCHEME 'haslAlg' is not supported // static TPM_RC RSASSA_Decode( TPM_ALG_ID hashAlg, // IN: hash algorithm to use for the encoding TPM2B *hIn, // In: the digest to compare TPM2B *eIn // IN: the encoded data ) { BYTE fail; BYTE DER[20]; BYTE *der = DER; INT32 derSize = MakeDerTag(hashAlg, sizeof(DER), DER); BYTE *pe; INT32 hashSize = CryptHashGetDigestSize(hashAlg); INT32 fillSize; TPM_RC retVal; BYTE *digest; UINT16 digestSize; pAssert(hIn != NULL && eIn != NULL); pe = eIn->buffer; // Can't use this scheme if the algorithm doesn't have a DER string // defined or if the provided hash isn't the right size if(derSize == 0 || (unsigned)hashSize != hIn->size) ERROR_RETURN(TPM_RC_SCHEME); // Make sure that this combination will fit in the provided space // Since no data movement takes place, can just walk though this // and accept nearly random values. This can only be called from // CryptValidateSignature() so eInSize is known to be in range. fillSize = eIn->size - derSize - hashSize - 3; // Start checking (fail will become non-zero if any of the bytes do not have // the expected value. fail = *pe++; // initial byte of zero fail |= *pe++ ^ 1; // byte of 0x01 for(; fillSize > 0; fillSize--) fail |= *pe++ ^ 0xff; // bunch of 0xff fail |= *pe++; // another 0 for(; derSize > 0; derSize--) fail |= *pe++ ^ *der++; // match the DER digestSize = hIn->size; digest = hIn->buffer; for(; digestSize > 0; digestSize--) fail |= *pe++ ^ *digest++; // match the hash retVal = (fail != 0) ? TPM_RC_VALUE : TPM_RC_SUCCESS; Exit: return retVal; } //** Externally Accessible Functions //*** CryptRsaSelectScheme() // This function is used by TPM2_RSA_Decrypt and TPM2_RSA_Encrypt. It sets up // the rules to select a scheme between input and object default. // This function assume the RSA object is loaded. // If a default scheme is defined in object, the default scheme should be chosen, // otherwise, the input scheme should be chosen. // In the case that both the object and 'scheme' are not TPM_ALG_NULL, then // if the schemes are the same, the input scheme will be chosen. // if the scheme are not compatible, a NULL pointer will be returned. // // The return pointer may point to a TPM_ALG_NULL scheme. TPMT_RSA_DECRYPT* CryptRsaSelectScheme( TPMI_DH_OBJECT rsaHandle, // IN: handle of an RSA key TPMT_RSA_DECRYPT *scheme // IN: a sign or decrypt scheme ) { OBJECT *rsaObject; TPMT_ASYM_SCHEME *keyScheme; TPMT_RSA_DECRYPT *retVal = NULL; // Get sign object pointer rsaObject = HandleToObject(rsaHandle); keyScheme = &rsaObject->publicArea.parameters.asymDetail.scheme; // if the default scheme of the object is TPM_ALG_NULL, then select the // input scheme if(keyScheme->scheme == TPM_ALG_NULL) { retVal = scheme; } // if the object scheme is not TPM_ALG_NULL and the input scheme is // TPM_ALG_NULL, then select the default scheme of the object. else if(scheme->scheme == TPM_ALG_NULL) { // if input scheme is NULL retVal = (TPMT_RSA_DECRYPT *)keyScheme; } // get here if both the object scheme and the input scheme are // not TPM_ALG_NULL. Need to insure that they are the same. // IMPLEMENTATION NOTE: This could cause problems if future versions have // schemes that have more values than just a hash algorithm. A new function // (IsSchemeSame()) might be needed then. else if(keyScheme->scheme == scheme->scheme && keyScheme->details.anySig.hashAlg == scheme->details.anySig.hashAlg) { retVal = scheme; } // two different, incompatible schemes specified will return NULL return retVal; } //*** CryptRsaLoadPrivateExponent() // This function is called to generate the private exponent of an RSA key. // Return Type: TPM_RC // TPM_RC_BINDING public and private parts of 'rsaKey' are not matched TPM_RC CryptRsaLoadPrivateExponent( TPMT_PUBLIC *publicArea, TPMT_SENSITIVE *sensitive ) { // if((sensitive->sensitive.rsa.t.size & RSA_prime_flag) == 0) { if((sensitive->sensitive.rsa.t.size * 2) == publicArea->unique.rsa.t.size) { NEW_PRIVATE_EXPONENT(Z); BN_RSA_INITIALIZED(bnN, &publicArea->unique.rsa); BN_RSA(bnQr); BN_VAR(bnE, RADIX_BITS); TEST(ALG_NULL_VALUE); VERIFY((sensitive->sensitive.rsa.t.size * 2) == publicArea->unique.rsa.t.size); // Initialize the exponent BnSetWord(bnE, publicArea->parameters.rsaDetail.exponent); if(BnEqualZero(bnE)) BnSetWord(bnE, RSA_DEFAULT_PUBLIC_EXPONENT); // Convert first prime to 2B VERIFY(BnFrom2B(Z->P, &sensitive->sensitive.rsa.b) != NULL); // Find the second prime by division. This uses 'bQ' rather than Z->Q // because the division could make the quotient larger than a prime during // some intermediate step. VERIFY(BnDiv(Z->Q, bnQr, bnN, Z->P)); VERIFY(BnEqualZero(bnQr)); // Compute the private exponent and return it if found VERIFY(ComputePrivateExponent(bnE, Z)); VERIFY(PackExponent(&sensitive->sensitive.rsa, Z)); } else VERIFY(((sensitive->sensitive.rsa.t.size / 5) * 2) == publicArea->unique.rsa.t.size); sensitive->sensitive.rsa.t.size |= RSA_prime_flag; } return TPM_RC_SUCCESS; Error: return TPM_RC_BINDING; } //*** CryptRsaEncrypt() // This is the entry point for encryption using RSA. Encryption is // use of the public exponent. The padding parameter determines what // padding will be used. // // The 'cOutSize' parameter must be at least as large as the size of the key. // // If the padding is RSA_PAD_NONE, 'dIn' is treated as a number. It must be // lower in value than the key modulus. // NOTE: If dIn has fewer bytes than cOut, then we don't add low-order zeros to // dIn to make it the size of the RSA key for the call to RSAEP. This is // because the high order bytes of dIn might have a numeric value that is // greater than the value of the key modulus. If this had low-order zeros // added, it would have a numeric value larger than the modulus even though // it started out with a lower numeric value. // // Return Type: TPM_RC // TPM_RC_VALUE 'cOutSize' is too small (must be the size // of the modulus) // TPM_RC_SCHEME 'padType' is not a supported scheme // LIB_EXPORT TPM_RC CryptRsaEncrypt( TPM2B_PUBLIC_KEY_RSA *cOut, // OUT: the encrypted data TPM2B *dIn, // IN: the data to encrypt OBJECT *key, // IN: the key used for encryption TPMT_RSA_DECRYPT *scheme, // IN: the type of padding and hash // if needed const TPM2B *label, // IN: in case it is needed RAND_STATE *rand // IN: random number generator // state (mostly for testing) ) { TPM_RC retVal = TPM_RC_SUCCESS; TPM2B_PUBLIC_KEY_RSA dataIn; // // if the input and output buffers are the same, copy the input to a scratch // buffer so that things don't get messed up. if(dIn == &cOut->b) { MemoryCopy2B(&dataIn.b, dIn, sizeof(dataIn.t.buffer)); dIn = &dataIn.b; } // All encryption schemes return the same size of data cOut->t.size = key->publicArea.unique.rsa.t.size; TEST(scheme->scheme); switch(scheme->scheme) { case ALG_NULL_VALUE: // 'raw' encryption { INT32 i; INT32 dSize = dIn->size; // dIn can have more bytes than cOut as long as the extra bytes // are zero. Note: the more significant bytes of a number in a byte // buffer are the bytes at the start of the array. for(i = 0; (i < dSize) && (dIn->buffer[i] == 0); i++); dSize -= i; if(dSize > cOut->t.size) ERROR_RETURN(TPM_RC_VALUE); // Pad cOut with zeros if dIn is smaller memset(cOut->t.buffer, 0, cOut->t.size - dSize); // And copy the rest of the value memcpy(&cOut->t.buffer[cOut->t.size - dSize], &dIn->buffer[i], dSize); // If the size of dIn is the same as cOut dIn could be larger than // the modulus. If it is, then RSAEP() will catch it. } break; case ALG_RSAES_VALUE: retVal = RSAES_PKCS1v1_5Encode(&cOut->b, dIn, rand); break; case ALG_OAEP_VALUE: retVal = OaepEncode(&cOut->b, scheme->details.oaep.hashAlg, label, dIn, rand); break; default: ERROR_RETURN(TPM_RC_SCHEME); break; } // All the schemes that do padding will come here for the encryption step // Check that the Encoding worked if(retVal == TPM_RC_SUCCESS) // Padding OK so do the encryption retVal = RSAEP(&cOut->b, key); Exit: return retVal; } //*** CryptRsaDecrypt() // This is the entry point for decryption using RSA. Decryption is // use of the private exponent. The 'padType' parameter determines what // padding was used. // // Return Type: TPM_RC // TPM_RC_SIZE 'cInSize' is not the same as the size of the public // modulus of 'key'; or numeric value of the encrypted // data is greater than the modulus // TPM_RC_VALUE 'dOutSize' is not large enough for the result // TPM_RC_SCHEME 'padType' is not supported // LIB_EXPORT TPM_RC CryptRsaDecrypt( TPM2B *dOut, // OUT: the decrypted data TPM2B *cIn, // IN: the data to decrypt OBJECT *key, // IN: the key to use for decryption TPMT_RSA_DECRYPT *scheme, // IN: the padding scheme const TPM2B *label // IN: in case it is needed for the scheme ) { TPM_RC retVal; // Make sure that the necessary parameters are provided pAssert(cIn != NULL && dOut != NULL && key != NULL); // Size is checked to make sure that the encrypted value is the right size if(cIn->size != key->publicArea.unique.rsa.t.size) ERROR_RETURN(TPM_RC_SIZE); TEST(scheme->scheme); // For others that do padding, do the decryption in place and then // go handle the decoding. retVal = RSADP(cIn, key); if(retVal == TPM_RC_SUCCESS) { // Remove padding switch(scheme->scheme) { case ALG_NULL_VALUE: if(dOut->size < cIn->size) return TPM_RC_VALUE; MemoryCopy2B(dOut, cIn, dOut->size); break; case ALG_RSAES_VALUE: retVal = RSAES_Decode(dOut, cIn); break; case ALG_OAEP_VALUE: retVal = OaepDecode(dOut, scheme->details.oaep.hashAlg, label, cIn); break; default: retVal = TPM_RC_SCHEME; break; } } Exit: return retVal; } //*** CryptRsaSign() // This function is used to generate an RSA signature of the type indicated in // 'scheme'. // // Return Type: TPM_RC // TPM_RC_SCHEME 'scheme' or 'hashAlg' are not supported // TPM_RC_VALUE 'hInSize' does not match 'hashAlg' (for RSASSA) // LIB_EXPORT TPM_RC CryptRsaSign( TPMT_SIGNATURE *sigOut, OBJECT *key, // IN: key to use TPM2B_DIGEST *hIn, // IN: the digest to sign RAND_STATE *rand // IN: the random number generator // to use (mostly for testing) ) { TPM_RC retVal = TPM_RC_SUCCESS; UINT16 modSize; // parameter checks pAssert(sigOut != NULL && key != NULL && hIn != NULL); modSize = key->publicArea.unique.rsa.t.size; // for all non-null signatures, the size is the size of the key modulus sigOut->signature.rsapss.sig.t.size = modSize; TEST(sigOut->sigAlg); switch(sigOut->sigAlg) { case ALG_NULL_VALUE: sigOut->signature.rsapss.sig.t.size = 0; return TPM_RC_SUCCESS; case ALG_RSAPSS_VALUE: retVal = PssEncode(&sigOut->signature.rsapss.sig.b, sigOut->signature.rsapss.hash, &hIn->b, rand); break; case ALG_RSASSA_VALUE: retVal = RSASSA_Encode(&sigOut->signature.rsassa.sig.b, sigOut->signature.rsassa.hash, &hIn->b); break; default: retVal = TPM_RC_SCHEME; } if(retVal == TPM_RC_SUCCESS) { // Do the encryption using the private key retVal = RSADP(&sigOut->signature.rsapss.sig.b, key); } return retVal; } //*** CryptRsaValidateSignature() // This function is used to validate an RSA signature. If the signature is valid // TPM_RC_SUCCESS is returned. If the signature is not valid, TPM_RC_SIGNATURE is // returned. Other return codes indicate either parameter problems or fatal errors. // // Return Type: TPM_RC // TPM_RC_SIGNATURE the signature does not check // TPM_RC_SCHEME unsupported scheme or hash algorithm // LIB_EXPORT TPM_RC CryptRsaValidateSignature( TPMT_SIGNATURE *sig, // IN: signature OBJECT *key, // IN: public modulus TPM2B_DIGEST *digest // IN: The digest being validated ) { TPM_RC retVal; // // Fatal programming errors pAssert(key != NULL && sig != NULL && digest != NULL); switch(sig->sigAlg) { case ALG_RSAPSS_VALUE: case ALG_RSASSA_VALUE: break; default: return TPM_RC_SCHEME; } // Errors that might be caused by calling parameters if(sig->signature.rsassa.sig.t.size != key->publicArea.unique.rsa.t.size) ERROR_RETURN(TPM_RC_SIGNATURE); TEST(sig->sigAlg); // Decrypt the block retVal = RSAEP(&sig->signature.rsassa.sig.b, key); if(retVal == TPM_RC_SUCCESS) { switch(sig->sigAlg) { case ALG_RSAPSS_VALUE: retVal = PssDecode(sig->signature.any.hashAlg, &digest->b, &sig->signature.rsassa.sig.b); break; case ALG_RSASSA_VALUE: retVal = RSASSA_Decode(sig->signature.any.hashAlg, &digest->b, &sig->signature.rsassa.sig.b); break; default: return TPM_RC_SCHEME; } } Exit: return (retVal != TPM_RC_SUCCESS) ? TPM_RC_SIGNATURE : TPM_RC_SUCCESS; } #if SIMULATION && USE_RSA_KEY_CACHE extern int s_rsaKeyCacheEnabled; int GetCachedRsaKey(TPMT_PUBLIC *publicArea, TPMT_SENSITIVE *sensitive, RAND_STATE *rand); #define GET_CACHED_KEY(publicArea, sensitive, rand) \ (s_rsaKeyCacheEnabled && GetCachedRsaKey(publicArea, sensitive, rand)) #else #define GET_CACHED_KEY(key, rand) #endif //*** CryptRsaGenerateKey() // Generate an RSA key from a provided seed /*(See part 1 specification) // The formulation is: // KDFa(hash, seed, label, Name, Counter, bits) // Where: // hash the nameAlg from the public template // seed a seed (will be a primary seed for a primary key) // label a distinguishing label including vendor ID and // vendor-assigned part number for the TPM. // Name the nameAlg from the template and the hash of the template // using nameAlg. // Counter a 32-bit integer that is incremented each time the KDF is // called in order to produce a specific key. This value // can be a 32-bit integer in host format and does not need // to be put in canonical form. // bits the number of bits needed for the key. // The following process is implemented to find a RSA key pair: // 1. pick a random number with enough bits from KDFa as a prime candidate // 2. set the first two significant bits and the least significant bit of the // prime candidate // 3. check if the number is a prime. if not, pick another random number // 4. Make sure the difference between the two primes are more than 2^104. // Otherwise, restart the process for the second prime // 5. If the counter has reached its maximum but we still can not find a valid // RSA key pair, return an internal error. This is an artificial bound. // Other implementation may choose a smaller number to indicate how many // times they are willing to try. */ // Return Type: TPM_RC // TPM_RC_CANCELED operation was canceled // TPM_RC_RANGE public exponent is not supported // TPM_RC_VALUE could not find a prime using the provided parameters LIB_EXPORT TPM_RC CryptRsaGenerateKey( TPMT_PUBLIC *publicArea, TPMT_SENSITIVE *sensitive, RAND_STATE *rand // IN: if not NULL, the deterministic // RNG state ) { UINT32 i; BN_RSA(bnD); BN_RSA(bnN); BN_WORD(bnPubExp); UINT32 e = publicArea->parameters.rsaDetail.exponent; int keySizeInBits; TPM_RC retVal = TPM_RC_NO_RESULT; NEW_PRIVATE_EXPONENT(Z); // // Need to make sure that the caller did not specify an exponent that is // not supported e = publicArea->parameters.rsaDetail.exponent; if(e == 0) e = RSA_DEFAULT_PUBLIC_EXPONENT; else { if(e < 65537) ERROR_RETURN(TPM_RC_RANGE); // Check that e is prime if(!IsPrimeInt(e)) ERROR_RETURN(TPM_RC_RANGE); } BnSetWord(bnPubExp, e); // check for supported key size. keySizeInBits = publicArea->parameters.rsaDetail.keyBits; if(((keySizeInBits % 1024) != 0) || (keySizeInBits > MAX_RSA_KEY_BITS) // this might be redundant, but... || (keySizeInBits == 0)) ERROR_RETURN(TPM_RC_VALUE); // Set the prime size for instrumentation purposes INSTRUMENT_SET(PrimeIndex, PRIME_INDEX(keySizeInBits / 2)); #if SIMULATION && USE_RSA_KEY_CACHE if(GET_CACHED_KEY(publicArea, sensitive, rand)) return TPM_RC_SUCCESS; #endif // Make sure that key generation has been tested TEST(ALG_NULL_VALUE); // The prime is computed in P. When a new prime is found, Q is checked to // see if it is zero. If so, P is copied to Q and a new P is found. // When both P and Q are non-zero, the modulus and // private exponent are computed and a trial encryption/decryption is // performed. If the encrypt/decrypt fails, assume that at least one of the // primes is composite. Since we don't know which one, set Q to zero and start // over and find a new pair of primes. for(i = 1; (retVal == TPM_RC_NO_RESULT) && (i != 100); i++) { if(_plat__IsCanceled()) ERROR_RETURN(TPM_RC_CANCELED); if(BnGeneratePrimeForRSA(Z->P, keySizeInBits / 2, e, rand) == TPM_RC_FAILURE) { retVal = TPM_RC_FAILURE; goto Exit; } INSTRUMENT_INC(PrimeCounts[PrimeIndex]); // If this is the second prime, make sure that it differs from the // first prime by at least 2^100 if(BnEqualZero(Z->Q)) { // copy p to q and compute another prime in p BnCopy(Z->Q, Z->P); continue; } // Make sure that the difference is at least 100 bits. Need to do it this // way because the big numbers are only positive values if(BnUnsignedCmp(Z->P, Z->Q) < 0) BnSub(bnD, Z->Q, Z->P); else BnSub(bnD, Z->P, Z->Q); if(BnMsb(bnD) < 100) continue; //Form the public modulus and set the unique value BnMult(bnN, Z->P, Z->Q); BnTo2B(bnN, &publicArea->unique.rsa.b, (NUMBYTES)BITS_TO_BYTES(keySizeInBits)); // Make sure everything came out right. The MSb of the values must be one if(((publicArea->unique.rsa.t.buffer[0] & 0x80) == 0) || (publicArea->unique.rsa.t.size != (NUMBYTES)BITS_TO_BYTES(keySizeInBits))) FAIL(FATAL_ERROR_INTERNAL); // Make sure that we can form the private exponent values if(ComputePrivateExponent(bnPubExp, Z) != TRUE) { // If ComputePrivateExponent could not find an inverse for // Q, then copy P and recompute P. This might // cause both to be recomputed if P is also zero if(BnEqualZero(Z->Q)) BnCopy(Z->Q, Z->P); continue; } // Pack the private exponent into the sensitive area PackExponent(&sensitive->sensitive.rsa, Z); // Make sure everything came out right. The MSb of the values must be one if(((publicArea->unique.rsa.t.buffer[0] & 0x80) == 0) || ((sensitive->sensitive.rsa.t.buffer[0] & 0x80) == 0)) FAIL(FATAL_ERROR_INTERNAL); retVal = TPM_RC_SUCCESS; // Do a trial encryption decryption if this is a signing key if(IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, sign)) { BN_RSA(temp1); BN_RSA(temp2); BnGenerateRandomInRange(temp1, bnN, rand); // Encrypt with public exponent... BnModExp(temp2, temp1, bnPubExp, bnN); // ... then decrypt with private exponent RsaPrivateKeyOp(temp2, Z); // If the starting and ending values are not the same, // start over )-; if(BnUnsignedCmp(temp2, temp1) != 0) { BnSetWord(Z->Q, 0); retVal = TPM_RC_NO_RESULT; } } } Exit: return retVal; } #endif // ALG_RSAgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptSelfTest.c000066400000000000000000000210241510276467000270520ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Introduction // The functions in this file are designed to support self-test of cryptographic // functions in the TPM. The TPM allows the user to decide whether to run self-test // on a demand basis or to run all the self-tests before proceeding. // // The self-tests are controlled by a set of bit vectors. The // 'g_untestedDecryptionAlgorithms' vector has a bit for each decryption algorithm // that needs to be tested and 'g_untestedEncryptionAlgorithms' has a bit for // each encryption algorithm that needs to be tested. Before an algorithm // is used, the appropriate vector is checked (indexed using the algorithm ID). // If the bit is 1, then the test function should be called. // // For more information, see TpmSelfTests.txt #include "Tpm.h" //** Functions //*** RunSelfTest() // Local function to run self-test static TPM_RC CryptRunSelfTests( ALGORITHM_VECTOR *toTest // IN: the vector of the algorithms to test ) { TPM_ALG_ID alg; // For each of the algorithms that are in the toTestVecor, need to run a // test for(alg = TPM_ALG_FIRST; alg <= TPM_ALG_LAST; alg++) { if(TEST_BIT(alg, *toTest)) { TPM_RC result = CryptTestAlgorithm(alg, toTest); if(result != TPM_RC_SUCCESS) return result; } } return TPM_RC_SUCCESS; } //*** CryptSelfTest() // This function is called to start/complete a full self-test. // If 'fullTest' is NO, then only the untested algorithms will be run. If // 'fullTest' is YES, then 'g_untestedDecryptionAlgorithms' is reinitialized and then // all tests are run. // This implementation of the reference design does not support processing outside // the framework of a TPM command. As a consequence, this command does not // complete until all tests are done. Since this can take a long time, the TPM // will check after each test to see if the command is canceled. If so, then the // TPM will returned TPM_RC_CANCELLED. To continue with the self-tests, call // TPM2_SelfTest(fullTest == No) and the TPM will complete the testing. // Return Type: TPM_RC // TPM_RC_CANCELED if the command is canceled LIB_EXPORT TPM_RC CryptSelfTest( TPMI_YES_NO fullTest // IN: if full test is required ) { #if SIMULATION if(g_forceFailureMode) FAIL(FATAL_ERROR_FORCED); #endif // If the caller requested a full test, then reset the to test vector so that // all the tests will be run if(fullTest == YES) { MemoryCopy(g_toTest, g_implementedAlgorithms, sizeof(g_toTest)); } return CryptRunSelfTests(&g_toTest); } //*** CryptIncrementalSelfTest() // This function is used to perform an incremental self-test. This implementation // will perform the toTest values before returning. That is, it assumes that the // TPM cannot perform background tasks between commands. // // This command may be canceled. If it is, then there is no return result. // However, this command can be run again and the incremental progress will not // be lost. // Return Type: TPM_RC // TPM_RC_CANCELED processing of this command was canceled // TPM_RC_TESTING if toTest list is not empty // TPM_RC_VALUE an algorithm in the toTest list is not implemented TPM_RC CryptIncrementalSelfTest( TPML_ALG *toTest, // IN: list of algorithms to be tested TPML_ALG *toDoList // OUT: list of algorithms needing test ) { ALGORITHM_VECTOR toTestVector = {0}; TPM_ALG_ID alg; UINT32 i; pAssert(toTest != NULL && toDoList != NULL); if(toTest->count > 0) { // Transcribe the toTest list into the toTestVector for(i = 0; i < toTest->count; i++) { alg = toTest->algorithms[i]; // make sure that the algorithm value is not out of range if((alg > TPM_ALG_LAST) || !TEST_BIT(alg, g_implementedAlgorithms)) return TPM_RC_VALUE; SET_BIT(alg, toTestVector); } // Run the test if(CryptRunSelfTests(&toTestVector) == TPM_RC_CANCELED) return TPM_RC_CANCELED; } // Fill in the toDoList with the algorithms that are still untested toDoList->count = 0; for(alg = TPM_ALG_FIRST; toDoList->count < MAX_ALG_LIST_SIZE && alg <= TPM_ALG_LAST; alg++) { if(TEST_BIT(alg, g_toTest)) toDoList->algorithms[toDoList->count++] = alg; } return TPM_RC_SUCCESS; } //*** CryptInitializeToTest() // This function will initialize the data structures for testing all the // algorithms. This should not be called unless CryptAlgsSetImplemented() has // been called void CryptInitializeToTest( void ) { // Indicate that nothing has been tested memset(&g_cryptoSelfTestState, 0, sizeof(g_cryptoSelfTestState)); // Copy the implemented algorithm vector MemoryCopy(g_toTest, g_implementedAlgorithms, sizeof(g_toTest)); // Setting the algorithm to null causes the test function to just clear // out any algorithms for which there is no test. CryptTestAlgorithm(TPM_ALG_ERROR, &g_toTest); return; } //*** CryptTestAlgorithm() // Only point of contact with the actual self tests. If a self-test fails, there // is no return and the TPM goes into failure mode. // The call to TestAlgorithm uses an algorithm selector and a bit vector. When the // test is run, the corresponding bit in 'toTest' and in 'g_toTest' is CLEAR. If // 'toTest' is NULL, then only the bit in 'g_toTest' is CLEAR. // There is a special case for the call to TestAlgorithm(). When 'alg' is // ALG_ERROR, TestAlgorithm() will CLEAR any bit in 'toTest' for which it has // no test. This allows the knowledge about which algorithms have test to be // accessed through the interface that provides the test. // Return Type: TPM_RC // TPM_RC_CANCELED test was canceled LIB_EXPORT TPM_RC CryptTestAlgorithm( TPM_ALG_ID alg, ALGORITHM_VECTOR *toTest ) { TPM_RC result; #if SELF_TEST result = TestAlgorithm(alg, toTest); #else // If this is an attempt to determine the algorithms for which there is a // self test, pretend that all of them do. We do that by not clearing any // of the algorithm bits. When/if this function is called to run tests, it // will over report. This can be changed so that any call to check on which // algorithms have tests, 'toTest' can be cleared. if(alg != TPM_ALG_ERROR) { CLEAR_BIT(alg, g_toTest); if(toTest != NULL) CLEAR_BIT(alg, *toTest); } result = TPM_RC_SUCCESS; #endif return result; }go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptSmac.c000066400000000000000000000110421510276467000262030ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Introduction // // This file contains the implementation of the message authentication codes based // on a symmetric block cipher. These functions only use the single block // encryption functions of the selected symmetric cryptographic library. //** Includes, Defines, and Typedefs #define _CRYPT_HASH_C_ #include "Tpm.h" #if SMAC_IMPLEMENTED //*** CryptSmacStart() // Function to start an SMAC. UINT16 CryptSmacStart( HASH_STATE *state, TPMU_PUBLIC_PARMS *keyParameters, TPM_ALG_ID macAlg, // IN: the type of MAC TPM2B *key ) { UINT16 retVal = 0; // // Make sure that the key size is correct. This should have been checked // at key load, but... if(BITS_TO_BYTES(keyParameters->symDetail.sym.keyBits.sym) == key->size) { switch(macAlg) { #if ALG_CMAC case ALG_CMAC_VALUE: retVal = CryptCmacStart(&state->state.smac, keyParameters, macAlg, key); break; #endif default: break; } } state->type = (retVal != 0) ? HASH_STATE_SMAC : HASH_STATE_EMPTY; return retVal; } //*** CryptMacStart() // Function to start either an HMAC or an SMAC. Cannot reuse the CryptHmacStart // function because of the difference in number of parameters. UINT16 CryptMacStart( HMAC_STATE *state, TPMU_PUBLIC_PARMS *keyParameters, TPM_ALG_ID macAlg, // IN: the type of MAC TPM2B *key ) { MemorySet(state, 0, sizeof(HMAC_STATE)); if(CryptHashIsValidAlg(macAlg, FALSE)) { return CryptHmacStart(state, macAlg, key->size, key->buffer); } else if(CryptSmacIsValidAlg(macAlg, FALSE)) { return CryptSmacStart(&state->hashState, keyParameters, macAlg, key); } else return 0; } //*** CryptMacEnd() // Dispatch to the MAC end function using a size and buffer pointer. UINT16 CryptMacEnd( HMAC_STATE *state, UINT32 size, BYTE *buffer ) { UINT16 retVal = 0; if(state->hashState.type == HASH_STATE_SMAC) retVal = (state->hashState.state.smac.smacMethods.end)( &state->hashState.state.smac.state, size, buffer); else if(state->hashState.type == HASH_STATE_HMAC) retVal = CryptHmacEnd(state, size, buffer); state->hashState.type = HASH_STATE_EMPTY; return retVal; } //*** CryptMacEnd2B() // Dispatch to the MAC end function using a 2B. UINT16 CryptMacEnd2B ( HMAC_STATE *state, TPM2B *data ) { return CryptMacEnd(state, data->size, data->buffer); } #endif // SMAC_IMPLEMENTED go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptSym.c000066400000000000000000000427131510276467000261010ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Introduction // // This file contains the implementation of the symmetric block cipher modes // allowed for a TPM. These functions only use the single block encryption functions // of the selected symmetric crypto library. //** Includes, Defines, and Typedefs #include "Tpm.h" #include "CryptSym.h" #define KEY_BLOCK_SIZES(ALG, alg) \ static const INT16 alg##KeyBlockSizes[] = { \ ALG##_KEY_SIZES_BITS, -1, ALG##_BLOCK_SIZES }; #if ALG_AES KEY_BLOCK_SIZES(AES, aes); #endif // ALG_AES #if ALG_SM4 KEY_BLOCK_SIZES(SM4, sm4); #endif #if ALG_CAMELLIA KEY_BLOCK_SIZES(CAMELLIA, camellia); #endif #if ALG_TDES KEY_BLOCK_SIZES(TDES, tdes); #endif //** Initialization and Data Access Functions // //*** CryptSymInit() // This function is called to do _TPM_Init processing BOOL CryptSymInit( void ) { return TRUE; } //*** CryptSymStartup() // This function is called to do TPM2_Startup() processing BOOL CryptSymStartup( void ) { return TRUE; } //*** CryptGetSymmetricBlockSize() // This function returns the block size of the algorithm. The table of bit sizes has // an entry for each allowed key size. The entry for a key size is 0 if the TPM does // not implement that key size. The key size table is delimited with a negative number // (-1). After the delimiter is a list of block sizes with each entry corresponding // to the key bit size. For most symmetric algorithms, the block size is the same // regardless of the key size but this arrangement allows them to be different. // Return Type: INT16 // <= 0 cipher not supported // > 0 the cipher block size in bytes LIB_EXPORT INT16 CryptGetSymmetricBlockSize( TPM_ALG_ID symmetricAlg, // IN: the symmetric algorithm UINT16 keySizeInBits // IN: the key size ) { const INT16 *sizes; INT16 i; #define ALG_CASE(SYM, sym) case ALG_##SYM##_VALUE: sizes = sym##KeyBlockSizes; break switch(symmetricAlg) { #if ALG_AES ALG_CASE(AES, aes); #endif #if ALG_SM4 ALG_CASE(SM4, sm4); #endif #if ALG_CAMELLIA ALG_CASE(CAMELLIA, camellia); #endif #if ALG_TDES ALG_CASE(TDES, tdes); #endif default: return 0; } // Find the index of the indicated keySizeInBits for(i = 0; *sizes >= 0; i++, sizes++) { if(*sizes == keySizeInBits) break; } // If sizes is pointing at the end of the list of key sizes, then the desired // key size was not found so set the block size to zero. if(*sizes++ < 0) return 0; // Advance until the end of the list is found while(*sizes++ >= 0); // sizes is pointing to the first entry in the list of block sizes. Use the // ith index to find the block size for the corresponding key size. return sizes[i]; } //** Symmetric Encryption // This function performs symmetric encryption based on the mode. // Return Type: TPM_RC // TPM_RC_SIZE 'dSize' is not a multiple of the block size for an // algorithm that requires it // TPM_RC_FAILURE Fatal error LIB_EXPORT TPM_RC CryptSymmetricEncrypt( BYTE *dOut, // OUT: TPM_ALG_ID algorithm, // IN: the symmetric algorithm UINT16 keySizeInBits, // IN: key size in bits const BYTE *key, // IN: key buffer. The size of this buffer // in bytes is (keySizeInBits + 7) / 8 TPM2B_IV *ivInOut, // IN/OUT: IV for decryption. TPM_ALG_ID mode, // IN: Mode to use INT32 dSize, // IN: data size (may need to be a // multiple of the blockSize) const BYTE *dIn // IN: data buffer ) { BYTE *pIv; int i; BYTE tmp[MAX_SYM_BLOCK_SIZE]; BYTE *pT; tpmCryptKeySchedule_t keySchedule; INT16 blockSize; TpmCryptSetSymKeyCall_t encrypt; BYTE *iv; BYTE defaultIv[MAX_SYM_BLOCK_SIZE] = {0}; // pAssert(dOut != NULL && key != NULL && dIn != NULL); if(dSize == 0) return TPM_RC_SUCCESS; TEST(algorithm); blockSize = CryptGetSymmetricBlockSize(algorithm, keySizeInBits); if(blockSize == 0) return TPM_RC_FAILURE; // If the iv is provided, then it is expected to be block sized. In some cases, // the caller is providing an array of 0's that is equal to [MAX_SYM_BLOCK_SIZE] // with no knowledge of the actual block size. This function will set it. if((ivInOut != NULL) && (mode != ALG_ECB_VALUE)) { ivInOut->t.size = blockSize; iv = ivInOut->t.buffer; } else iv = defaultIv; pIv = iv; // Create encrypt key schedule and set the encryption function pointer. SELECT(ENCRYPT); switch(mode) { #if ALG_CTR case ALG_CTR_VALUE: for(; dSize > 0; dSize -= blockSize) { // Encrypt the current value of the IV(counter) ENCRYPT(&keySchedule, iv, tmp); //increment the counter (counter is big-endian so start at end) for(i = blockSize - 1; i >= 0; i--) if((iv[i] += 1) != 0) break; // XOR the encrypted counter value with input and put into output pT = tmp; for(i = (dSize < blockSize) ? dSize : blockSize; i > 0; i--) *dOut++ = *dIn++ ^ *pT++; } break; #endif #if ALG_OFB case ALG_OFB_VALUE: // This is written so that dIn and dOut may be the same for(; dSize > 0; dSize -= blockSize) { // Encrypt the current value of the "IV" ENCRYPT(&keySchedule, iv, iv); // XOR the encrypted IV into dIn to create the cipher text (dOut) pIv = iv; for(i = (dSize < blockSize) ? dSize : blockSize; i > 0; i--) *dOut++ = (*pIv++ ^ *dIn++); } break; #endif #if ALG_CBC case ALG_CBC_VALUE: // For CBC the data size must be an even multiple of the // cipher block size if((dSize % blockSize) != 0) return TPM_RC_SIZE; // XOR the data block into the IV, encrypt the IV into the IV // and then copy the IV to the output for(; dSize > 0; dSize -= blockSize) { pIv = iv; for(i = blockSize; i > 0; i--) *pIv++ ^= *dIn++; ENCRYPT(&keySchedule, iv, iv); pIv = iv; for(i = blockSize; i > 0; i--) *dOut++ = *pIv++; } break; #endif // CFB is not optional case ALG_CFB_VALUE: // Encrypt the IV into the IV, XOR in the data, and copy to output for(; dSize > 0; dSize -= blockSize) { // Encrypt the current value of the IV ENCRYPT(&keySchedule, iv, iv); pIv = iv; for(i = (int)(dSize < blockSize) ? dSize : blockSize; i > 0; i--) // XOR the data into the IV to create the cipher text // and put into the output *dOut++ = *pIv++ ^= *dIn++; } // If the inner loop (i loop) was smaller than blockSize, then dSize // would have been smaller than blockSize and it is now negative. If // it is negative, then it indicates how many bytes are needed to pad // out the IV for the next round. for(; dSize < 0; dSize++) *pIv++ = 0; break; #if ALG_ECB case ALG_ECB_VALUE: // For ECB the data size must be an even multiple of the // cipher block size if((dSize % blockSize) != 0) return TPM_RC_SIZE; // Encrypt the input block to the output block for(; dSize > 0; dSize -= blockSize) { ENCRYPT(&keySchedule, dIn, dOut); dIn = &dIn[blockSize]; dOut = &dOut[blockSize]; } break; #endif default: return TPM_RC_FAILURE; } return TPM_RC_SUCCESS; } //*** CryptSymmetricDecrypt() // This function performs symmetric decryption based on the mode. // Return Type: TPM_RC // TPM_RC_FAILURE A fatal error // TPM_RCS_SIZE 'dSize' is not a multiple of the block size for an // algorithm that requires it LIB_EXPORT TPM_RC CryptSymmetricDecrypt( BYTE *dOut, // OUT: decrypted data TPM_ALG_ID algorithm, // IN: the symmetric algorithm UINT16 keySizeInBits, // IN: key size in bits const BYTE *key, // IN: key buffer. The size of this buffer // in bytes is (keySizeInBits + 7) / 8 TPM2B_IV *ivInOut, // IN/OUT: IV for decryption. TPM_ALG_ID mode, // IN: Mode to use INT32 dSize, // IN: data size (may need to be a // multiple of the blockSize) const BYTE *dIn // IN: data buffer ) { BYTE *pIv; int i; BYTE tmp[MAX_SYM_BLOCK_SIZE]; BYTE *pT; tpmCryptKeySchedule_t keySchedule; INT16 blockSize; BYTE *iv; TpmCryptSetSymKeyCall_t encrypt; TpmCryptSetSymKeyCall_t decrypt; BYTE defaultIv[MAX_SYM_BLOCK_SIZE] = {0}; // These are used but the compiler can't tell because they are initialized // in case statements and it can't tell if they are always initialized // when needed, so... Comment these out if the compiler can tell or doesn't // care that these are initialized before use. encrypt = NULL; decrypt = NULL; pAssert(dOut != NULL && key != NULL && dIn != NULL); if(dSize == 0) return TPM_RC_SUCCESS; TEST(algorithm); blockSize = CryptGetSymmetricBlockSize(algorithm, keySizeInBits); if(blockSize == 0) return TPM_RC_FAILURE; // If the iv is provided, then it is expected to be block sized. In some cases, // the caller is providing an array of 0's that is equal to [MAX_SYM_BLOCK_SIZE] // with no knowledge of the actual block size. This function will set it. if((ivInOut != NULL) && (mode != ALG_ECB_VALUE)) { ivInOut->t.size = blockSize; iv = ivInOut->t.buffer; } else iv = defaultIv; pIv = iv; // Use the mode to select the key schedule to create. Encrypt always uses the // encryption schedule. Depending on the mode, decryption might use either // the decryption or encryption schedule. switch(mode) { #if ALG_CBC || ALG_ECB case ALG_CBC_VALUE: // decrypt = decrypt case ALG_ECB_VALUE: // For ECB and CBC, the data size must be an even multiple of the // cipher block size if((dSize % blockSize) != 0) return TPM_RC_SIZE; SELECT(DECRYPT); break; #endif default: // For the remaining stream ciphers, use encryption to decrypt SELECT(ENCRYPT); break; } // Now do the mode-dependent decryption switch(mode) { #if ALG_CBC case ALG_CBC_VALUE: // Copy the input data to a temp buffer, decrypt the buffer into the // output, XOR in the IV, and copy the temp buffer to the IV and repeat. for(; dSize > 0; dSize -= blockSize) { pT = tmp; for(i = blockSize; i > 0; i--) *pT++ = *dIn++; DECRYPT(&keySchedule, tmp, dOut); pIv = iv; pT = tmp; for(i = blockSize; i > 0; i--) { *dOut++ ^= *pIv; *pIv++ = *pT++; } } break; #endif case ALG_CFB_VALUE: for(; dSize > 0; dSize -= blockSize) { // Encrypt the IV into the temp buffer ENCRYPT(&keySchedule, iv, tmp); pT = tmp; pIv = iv; for(i = (dSize < blockSize) ? dSize : blockSize; i > 0; i--) // Copy the current cipher text to IV, XOR // with the temp buffer and put into the output *dOut++ = *pT++ ^ (*pIv++ = *dIn++); } // If the inner loop (i loop) was smaller than blockSize, then dSize // would have been smaller than blockSize and it is now negative // If it is negative, then it indicates how may fill bytes // are needed to pad out the IV for the next round. for(; dSize < 0; dSize++) *pIv++ = 0; break; #if ALG_CTR case ALG_CTR_VALUE: for(; dSize > 0; dSize -= blockSize) { // Encrypt the current value of the IV(counter) ENCRYPT(&keySchedule, iv, tmp); //increment the counter (counter is big-endian so start at end) for(i = blockSize - 1; i >= 0; i--) if((iv[i] += 1) != 0) break; // XOR the encrypted counter value with input and put into output pT = tmp; for(i = (dSize < blockSize) ? dSize : blockSize; i > 0; i--) *dOut++ = *dIn++ ^ *pT++; } break; #endif #if ALG_ECB case ALG_ECB_VALUE: for(; dSize > 0; dSize -= blockSize) { DECRYPT(&keySchedule, dIn, dOut); dIn = &dIn[blockSize]; dOut = &dOut[blockSize]; } break; #endif #if ALG_OFB case ALG_OFB_VALUE: // This is written so that dIn and dOut may be the same for(; dSize > 0; dSize -= blockSize) { // Encrypt the current value of the "IV" ENCRYPT(&keySchedule, iv, iv); // XOR the encrypted IV into dIn to create the cipher text (dOut) pIv = iv; for(i = (dSize < blockSize) ? dSize : blockSize; i > 0; i--) *dOut++ = (*pIv++ ^ *dIn++); } break; #endif default: return TPM_RC_FAILURE; } return TPM_RC_SUCCESS; } //*** CryptSymKeyValidate() // Validate that a provided symmetric key meets the requirements of the TPM // Return Type: TPM_RC // TPM_RC_KEY_SIZE Key size specifiers do not match // TPM_RC_KEY Key is not allowed TPM_RC CryptSymKeyValidate( TPMT_SYM_DEF_OBJECT *symDef, TPM2B_SYM_KEY *key ) { if(key->t.size != BITS_TO_BYTES(symDef->keyBits.sym)) return TPM_RCS_KEY_SIZE; #if ALG_TDES if(symDef->algorithm == TPM_ALG_TDES && !CryptDesValidateKey(key)) return TPM_RCS_KEY; #endif // ALG_TDES return TPM_RC_SUCCESS; } go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/CryptUtil.c000066400000000000000000002257741510276467000262600ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Introduction // // This module contains the interfaces to the CryptoEngine and provides // miscellaneous cryptographic functions in support of the TPM. // //** Includes #include "Tpm.h" //****************************************************************************/ //** Hash/HMAC Functions //****************************************************************************/ //*** CryptHmacSign() // Sign a digest using an HMAC key. This an HMAC of a digest, not an HMAC of a // message. // Return Type: TPM_RC // TPM_RC_HASH not a valid hash static TPM_RC CryptHmacSign( TPMT_SIGNATURE *signature, // OUT: signature OBJECT *signKey, // IN: HMAC key sign the hash TPM2B_DIGEST *hashData // IN: hash to be signed ) { HMAC_STATE hmacState; UINT32 digestSize; digestSize = CryptHmacStart2B(&hmacState, signature->signature.any.hashAlg, &signKey->sensitive.sensitive.bits.b); CryptDigestUpdate2B(&hmacState.hashState, &hashData->b); CryptHmacEnd(&hmacState, digestSize, (BYTE *)&signature->signature.hmac.digest); return TPM_RC_SUCCESS; } //*** CryptHMACVerifySignature() // This function will verify a signature signed by a HMAC key. // Note that a caller needs to prepare 'signature' with the signature algorithm // (TPM_ALG_HMAC) and the hash algorithm to use. This function then builds a // signature of that type. // Return Type: TPM_RC // TPM_RC_SCHEME not the proper scheme for this key type // TPM_RC_SIGNATURE if invalid input or signature is not genuine static TPM_RC CryptHMACVerifySignature( OBJECT *signKey, // IN: HMAC key signed the hash TPM2B_DIGEST *hashData, // IN: digest being verified TPMT_SIGNATURE *signature // IN: signature to be verified ) { TPMT_SIGNATURE test; TPMT_KEYEDHASH_SCHEME *keyScheme = &signKey->publicArea.parameters.keyedHashDetail.scheme; // if((signature->sigAlg != ALG_HMAC_VALUE) || (signature->signature.hmac.hashAlg == ALG_NULL_VALUE)) return TPM_RC_SCHEME; // This check is not really needed for verification purposes. However, it does // prevent someone from trying to validate a signature using a weaker hash // algorithm than otherwise allowed by the key. That is, a key with a scheme // other than TMP_ALG_NULL can only be used to validate signatures that have // a matching scheme. if((keyScheme->scheme != ALG_NULL_VALUE) && ((keyScheme->scheme != signature->sigAlg) || (keyScheme->details.hmac.hashAlg != signature->signature.any.hashAlg))) return TPM_RC_SIGNATURE; test.sigAlg = signature->sigAlg; test.signature.hmac.hashAlg = signature->signature.hmac.hashAlg; CryptHmacSign(&test, signKey, hashData); // Compare digest if(!MemoryEqual(&test.signature.hmac.digest, &signature->signature.hmac.digest, CryptHashGetDigestSize(signature->signature.any.hashAlg))) return TPM_RC_SIGNATURE; return TPM_RC_SUCCESS; } //*** CryptGenerateKeyedHash() // This function creates a keyedHash object. // Return type: TPM_RC // TPM_RC_NO_RESULT cannot get values from random number generator // TPM_RC_SIZE sensitive data size is larger than allowed for // the scheme static TPM_RC CryptGenerateKeyedHash( TPMT_PUBLIC *publicArea, // IN/OUT: the public area template // for the new key. TPMT_SENSITIVE *sensitive, // OUT: sensitive area TPMS_SENSITIVE_CREATE *sensitiveCreate, // IN: sensitive creation data RAND_STATE *rand // IN: "entropy" source ) { TPMT_KEYEDHASH_SCHEME *scheme; TPM_ALG_ID hashAlg; UINT16 hashBlockSize; UINT16 digestSize; scheme = &publicArea->parameters.keyedHashDetail.scheme; if(publicArea->type != ALG_KEYEDHASH_VALUE) return TPM_RC_FAILURE; // Pick the limiting hash algorithm if(scheme->scheme == ALG_NULL_VALUE) hashAlg = publicArea->nameAlg; else if(scheme->scheme == ALG_XOR_VALUE) hashAlg = scheme->details.xor.hashAlg; else hashAlg = scheme->details.hmac.hashAlg; hashBlockSize = CryptHashGetBlockSize(hashAlg); digestSize = CryptHashGetDigestSize(hashAlg); // if this is a signing or a decryption key, then the limit // for the data size is the block size of the hash. This limit // is set because larger values have lower entropy because of the // HMAC function. The lower limit is 1/2 the size of the digest // //If the user provided the key, check that it is a proper size if(sensitiveCreate->data.t.size != 0) { if(IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, decrypt) || IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, sign)) { if(sensitiveCreate->data.t.size > hashBlockSize) return TPM_RC_SIZE; #if 0 // May make this a FIPS-mode requirement if(sensitiveCreate->data.t.size < (digestSize / 2)) return TPM_RC_SIZE; #endif } // If this is a data blob, then anything that will get past the unmarshaling // is OK MemoryCopy2B(&sensitive->sensitive.bits.b, &sensitiveCreate->data.b, sizeof(sensitive->sensitive.bits.t.buffer)); } else { // The TPM is going to generate the data so set the size to be the // size of the digest of the algorithm sensitive->sensitive.bits.t.size = DRBG_Generate(rand, sensitive->sensitive.bits.t.buffer, digestSize); if(sensitive->sensitive.bits.t.size == 0) return (g_inFailureMode) ? TPM_RC_FAILURE : TPM_RC_NO_RESULT; } return TPM_RC_SUCCESS; } //*** CryptIsSchemeAnonymous() // This function is used to test a scheme to see if it is an anonymous scheme // The only anonymous scheme is ECDAA. ECDAA can be used to do things // like U-Prove. BOOL CryptIsSchemeAnonymous( TPM_ALG_ID scheme // IN: the scheme algorithm to test ) { return scheme == ALG_ECDAA_VALUE; } //**** ************************************************************************ //** Symmetric Functions //**** ************************************************************************ //*** ParmDecryptSym() // This function performs parameter decryption using symmetric block cipher. /*(See Part 1 specification) // Symmetric parameter decryption // When parameter decryption uses a symmetric block cipher, a decryption // key and IV will be generated from: // KDFa(hash, sessionAuth, "CFB", nonceNewer, nonceOlder, bits) (24) // Where: // hash the hash function associated with the session // sessionAuth the sessionAuth associated with the session // nonceNewer nonceCaller for a command // nonceOlder nonceTPM for a command // bits the number of bits required for the symmetric key // plus an IV */ void ParmDecryptSym( TPM_ALG_ID symAlg, // IN: the symmetric algorithm TPM_ALG_ID hash, // IN: hash algorithm for KDFa UINT16 keySizeInBits, // IN: the key size in bits TPM2B *key, // IN: KDF HMAC key TPM2B *nonceCaller, // IN: nonce caller TPM2B *nonceTpm, // IN: nonce TPM UINT32 dataSize, // IN: size of parameter buffer BYTE *data // OUT: buffer to be decrypted ) { // KDF output buffer // It contains parameters for the CFB encryption // From MSB to LSB, they are the key and iv BYTE symParmString[MAX_SYM_KEY_BYTES + MAX_SYM_BLOCK_SIZE]; // Symmetric key size in byte UINT16 keySize = (keySizeInBits + 7) / 8; TPM2B_IV iv; iv.t.size = CryptGetSymmetricBlockSize(symAlg, keySizeInBits); // If there is decryption to do... if(iv.t.size > 0) { // Generate key and iv CryptKDFa(hash, key, CFB_KEY, nonceCaller, nonceTpm, keySizeInBits + (iv.t.size * 8), symParmString, NULL, FALSE); MemoryCopy(iv.t.buffer, &symParmString[keySize], iv.t.size); CryptSymmetricDecrypt(data, symAlg, keySizeInBits, symParmString, &iv, ALG_CFB_VALUE, dataSize, data); } return; } //*** ParmEncryptSym() // This function performs parameter encryption using symmetric block cipher. /*(See part 1 specification) // When parameter decryption uses a symmetric block cipher, an encryption // key and IV will be generated from: // KDFa(hash, sessionAuth, "CFB", nonceNewer, nonceOlder, bits) (24) // Where: // hash the hash function associated with the session // sessionAuth the sessionAuth associated with the session // nonceNewer nonceTPM for a response // nonceOlder nonceCaller for a response // bits the number of bits required for the symmetric key // plus an IV */ void ParmEncryptSym( TPM_ALG_ID symAlg, // IN: symmetric algorithm TPM_ALG_ID hash, // IN: hash algorithm for KDFa UINT16 keySizeInBits, // IN: symmetric key size in bits TPM2B *key, // IN: KDF HMAC key TPM2B *nonceCaller, // IN: nonce caller TPM2B *nonceTpm, // IN: nonce TPM UINT32 dataSize, // IN: size of parameter buffer BYTE *data // OUT: buffer to be encrypted ) { // KDF output buffer // It contains parameters for the CFB encryption BYTE symParmString[MAX_SYM_KEY_BYTES + MAX_SYM_BLOCK_SIZE]; // Symmetric key size in bytes UINT16 keySize = (keySizeInBits + 7) / 8; TPM2B_IV iv; iv.t.size = CryptGetSymmetricBlockSize(symAlg, keySizeInBits); // See if there is any encryption to do if(iv.t.size > 0) { // Generate key and iv CryptKDFa(hash, key, CFB_KEY, nonceTpm, nonceCaller, keySizeInBits + (iv.t.size * 8), symParmString, NULL, FALSE); MemoryCopy(iv.t.buffer, &symParmString[keySize], iv.t.size); CryptSymmetricEncrypt(data, symAlg, keySizeInBits, symParmString, &iv, ALG_CFB_VALUE, dataSize, data); } return; } //*** CryptGenerateKeySymmetric() // This function generates a symmetric cipher key. The derivation process is // determined by the type of the provided 'rand' // Return type: TPM_RC // TPM_RC_NO_RESULT cannot get a random value // TPM_RC_KEY_SIZE key size in the public area does not match the size // in the sensitive creation area // TPM_RC_KEY provided key value is not allowed static TPM_RC CryptGenerateKeySymmetric( TPMT_PUBLIC *publicArea, // IN/OUT: The public area template // for the new key. TPMT_SENSITIVE *sensitive, // OUT: sensitive area TPMS_SENSITIVE_CREATE *sensitiveCreate, // IN: sensitive creation data RAND_STATE *rand // IN: the "entropy" source for ) { UINT16 keyBits = publicArea->parameters.symDetail.sym.keyBits.sym; TPM_RC result; // // only do multiples of RADIX_BITS if((keyBits % RADIX_BITS) != 0) return TPM_RC_KEY_SIZE; // If this is not a new key, then the provided key data must be the right size if(sensitiveCreate->data.t.size != 0) { result = CryptSymKeyValidate(&publicArea->parameters.symDetail.sym, (TPM2B_SYM_KEY *)&sensitiveCreate->data); if(result == TPM_RC_SUCCESS) MemoryCopy2B(&sensitive->sensitive.sym.b, &sensitiveCreate->data.b, sizeof(sensitive->sensitive.sym.t.buffer)); } #if ALG_TDES else if(publicArea->parameters.symDetail.sym.algorithm == ALG_TDES_VALUE) { result = CryptGenerateKeyDes(publicArea, sensitive, rand); } #endif else { sensitive->sensitive.sym.t.size = DRBG_Generate(rand, sensitive->sensitive.sym.t.buffer, BITS_TO_BYTES(keyBits)); if(g_inFailureMode) result = TPM_RC_FAILURE; else if(sensitive->sensitive.sym.t.size == 0) result = TPM_RC_NO_RESULT; else result = TPM_RC_SUCCESS; } return result; } //*** CryptXORObfuscation() // This function implements XOR obfuscation. It should not be called if the // hash algorithm is not implemented. The only return value from this function // is TPM_RC_SUCCESS. void CryptXORObfuscation( TPM_ALG_ID hash, // IN: hash algorithm for KDF TPM2B *key, // IN: KDF key TPM2B *contextU, // IN: contextU TPM2B *contextV, // IN: contextV UINT32 dataSize, // IN: size of data buffer BYTE *data // IN/OUT: data to be XORed in place ) { BYTE mask[MAX_DIGEST_SIZE]; // Allocate a digest sized buffer BYTE *pm; UINT32 i; UINT32 counter = 0; UINT16 hLen = CryptHashGetDigestSize(hash); UINT32 requestSize = dataSize * 8; INT32 remainBytes = (INT32)dataSize; pAssert((key != NULL) && (data != NULL) && (hLen != 0)); // Call KDFa to generate XOR mask for(; remainBytes > 0; remainBytes -= hLen) { // Make a call to KDFa to get next iteration CryptKDFa(hash, key, XOR_KEY, contextU, contextV, requestSize, mask, &counter, TRUE); // XOR next piece of the data pm = mask; for(i = hLen < remainBytes ? hLen : remainBytes; i > 0; i--) *data++ ^= *pm++; } return; } //**************************************************************************** //** Initialization and shut down //**************************************************************************** //*** CryptInit() // This function is called when the TPM receives a _TPM_Init indication. // // NOTE: The hash algorithms do not have to be tested, they just need to be // available. They have to be tested before the TPM can accept HMAC authorization // or return any result that relies on a hash algorithm. // Return Type: BOOL // TRUE(1) initializations succeeded // FALSE(0) initialization failed and caller should place the TPM into // Failure Mode BOOL CryptInit( void ) { BOOL ok; // Initialize the vector of implemented algorithms AlgorithmGetImplementedVector(&g_implementedAlgorithms); // Indicate that all test are necessary CryptInitializeToTest(); // Do any library initializations that are necessary. If any fails, // the caller should go into failure mode; ok = SupportLibInit(); ok = ok && CryptSymInit(); ok = ok && CryptRandInit(); ok = ok && CryptHashInit(); #if ALG_RSA ok = ok && CryptRsaInit(); #endif // ALG_RSA #if ALG_ECC ok = ok && CryptEccInit(); #endif // ALG_ECC return ok; } //*** CryptStartup() // This function is called by TPM2_Startup() to initialize the functions in // this cryptographic library and in the provided CryptoLibrary. This function // and CryptUtilInit() are both provided so that the implementation may move the // initialization around to get the best interaction. // Return Type: BOOL // TRUE(1) startup succeeded // FALSE(0) startup failed and caller should place the TPM into // Failure Mode BOOL CryptStartup( STARTUP_TYPE type // IN: the startup type ) { BOOL OK; NOT_REFERENCED(type); OK = CryptSymStartup() && CryptRandStartup() && CryptHashStartup() #if ALG_RSA && CryptRsaStartup() #endif // ALG_RSA #if ALG_ECC && CryptEccStartup() #endif // ALG_ECC ; #if ALG_ECC // Don't directly check for SU_RESET because that is the default if(OK && (type != SU_RESTART) && (type != SU_RESUME)) { // If the shutdown was orderly, then the values recovered from NV will // be OK to use. // Get a new random commit nonce gr.commitNonce.t.size = sizeof(gr.commitNonce.t.buffer); CryptRandomGenerate(gr.commitNonce.t.size, gr.commitNonce.t.buffer); // Reset the counter and commit array gr.commitCounter = 0; MemorySet(gr.commitArray, 0, sizeof(gr.commitArray)); } #endif // ALG_ECC return OK; } //**************************************************************************** //** Algorithm-Independent Functions //**************************************************************************** //*** Introduction // These functions are used generically when a function of a general type // (e.g., symmetric encryption) is required. The functions will modify the // parameters as required to interface to the indicated algorithms. // //*** CryptIsAsymAlgorithm() // This function indicates if an algorithm is an asymmetric algorithm. // Return Type: BOOL // TRUE(1) if it is an asymmetric algorithm // FALSE(0) if it is not an asymmetric algorithm BOOL CryptIsAsymAlgorithm( TPM_ALG_ID algID // IN: algorithm ID ) { switch(algID) { #if ALG_RSA case ALG_RSA_VALUE: #endif #if ALG_ECC case ALG_ECC_VALUE: #endif return TRUE; break; default: break; } return FALSE; } //*** CryptSecretEncrypt() // This function creates a secret value and its associated secret structure using // an asymmetric algorithm. // // This function is used by TPM2_Rewrap() TPM2_MakeCredential(), // and TPM2_Duplicate(). // Return Type: TPM_RC // TPM_RC_ATTRIBUTES 'keyHandle' does not reference a valid decryption key // TPM_RC_KEY invalid ECC key (public point is not on the curve) // TPM_RC_SCHEME RSA key with an unsupported padding scheme // TPM_RC_VALUE numeric value of the data to be decrypted is greater // than the RSA key modulus TPM_RC CryptSecretEncrypt( OBJECT *encryptKey, // IN: encryption key object const TPM2B *label, // IN: a null-terminated string as L TPM2B_DATA *data, // OUT: secret value TPM2B_ENCRYPTED_SECRET *secret // OUT: secret structure ) { TPMT_RSA_DECRYPT scheme; TPM_RC result = TPM_RC_SUCCESS; // if(data == NULL || secret == NULL) return TPM_RC_FAILURE; // The output secret value has the size of the digest produced by the nameAlg. data->t.size = CryptHashGetDigestSize(encryptKey->publicArea.nameAlg); // The encryption scheme is OAEP using the nameAlg of the encrypt key. scheme.scheme = ALG_OAEP_VALUE; scheme.details.anySig.hashAlg = encryptKey->publicArea.nameAlg; if(!IS_ATTRIBUTE(encryptKey->publicArea.objectAttributes, TPMA_OBJECT, decrypt)) return TPM_RC_ATTRIBUTES; switch(encryptKey->publicArea.type) { #if ALG_RSA case ALG_RSA_VALUE: { // Create secret data from RNG CryptRandomGenerate(data->t.size, data->t.buffer); // Encrypt the data by RSA OAEP into encrypted secret result = CryptRsaEncrypt((TPM2B_PUBLIC_KEY_RSA *)secret, &data->b, encryptKey, &scheme, label, NULL); } break; #endif // ALG_RSA #if ALG_ECC case ALG_ECC_VALUE: { TPMS_ECC_POINT eccPublic; TPM2B_ECC_PARAMETER eccPrivate; TPMS_ECC_POINT eccSecret; BYTE *buffer = secret->t.secret; // Need to make sure that the public point of the key is on the // curve defined by the key. if(!CryptEccIsPointOnCurve( encryptKey->publicArea.parameters.eccDetail.curveID, &encryptKey->publicArea.unique.ecc)) result = TPM_RC_KEY; else { // Call crypto engine to create an auxiliary ECC key // We assume crypt engine initialization should always success. // Otherwise, TPM should go to failure mode. CryptEccNewKeyPair(&eccPublic, &eccPrivate, encryptKey->publicArea.parameters.eccDetail.curveID); // Marshal ECC public to secret structure. This will be used by the // recipient to decrypt the secret with their private key. secret->t.size = TPMS_ECC_POINT_Marshal(&eccPublic, &buffer, NULL); // Compute ECDH shared secret which is R = [d]Q where d is the // private part of the ephemeral key and Q is the public part of a // TPM key. TPM_RC_KEY error return from CryptComputeECDHSecret // because the auxiliary ECC key is just created according to the // parameters of input ECC encrypt key. if(CryptEccPointMultiply(&eccSecret, encryptKey->publicArea.parameters.eccDetail.curveID, &encryptKey->publicArea.unique.ecc, &eccPrivate, NULL, NULL) != TPM_RC_SUCCESS) result = TPM_RC_KEY; else { // The secret value is computed from Z using KDFe as: // secret := KDFe(HashID, Z, Use, PartyUInfo, PartyVInfo, bits) // Where: // HashID the nameAlg of the decrypt key // Z the x coordinate (Px) of the product (P) of the point // (Q) of the secret and the private x coordinate (de,V) // of the decryption key // Use a null-terminated string containing "SECRET" // PartyUInfo the x coordinate of the point in the secret // (Qe,U ) // PartyVInfo the x coordinate of the public key (Qs,V ) // bits the number of bits in the digest of HashID // Retrieve seed from KDFe CryptKDFe(encryptKey->publicArea.nameAlg, &eccSecret.x.b, label, &eccPublic.x.b, &encryptKey->publicArea.unique.ecc.x.b, data->t.size * 8, data->t.buffer); } } } break; #endif // ALG_ECC default: FAIL(FATAL_ERROR_INTERNAL); break; } return result; } //*** CryptSecretDecrypt() // Decrypt a secret value by asymmetric (or symmetric) algorithm // This function is used for ActivateCredential and Import for asymmetric // decryption, and StartAuthSession for both asymmetric and symmetric // decryption process // // Return Type: TPM_RC // TPM_RC_ATTRIBUTES RSA key is not a decryption key // TPM_RC_BINDING Invalid RSA key (public and private parts are not // cryptographically bound. // TPM_RC_ECC_POINT ECC point in the secret is not on the curve // TPM_RC_INSUFFICIENT failed to retrieve ECC point from the secret // TPM_RC_NO_RESULT multiplication resulted in ECC point at infinity // TPM_RC_SIZE data to decrypt is not of the same size as RSA key // TPM_RC_VALUE For RSA key, numeric value of the encrypted data is // greater than the modulus, or the recovered data is // larger than the output buffer. // For keyedHash or symmetric key, the secret is // larger than the size of the digest produced by // the name algorithm. // TPM_RC_FAILURE internal error TPM_RC CryptSecretDecrypt( OBJECT *decryptKey, // IN: decrypt key TPM2B_NONCE *nonceCaller, // IN: nonceCaller. It is needed for // symmetric decryption. For // asymmetric decryption, this // parameter is NULL const TPM2B *label, // IN: a value for L TPM2B_ENCRYPTED_SECRET *secret, // IN: input secret TPM2B_DATA *data // OUT: decrypted secret value ) { TPM_RC result = TPM_RC_SUCCESS; // Decryption for secret switch(decryptKey->publicArea.type) { #if ALG_RSA case ALG_RSA_VALUE: { TPMT_RSA_DECRYPT scheme; TPMT_RSA_SCHEME *keyScheme = &decryptKey->publicArea.parameters.rsaDetail.scheme; UINT16 digestSize; scheme = *(TPMT_RSA_DECRYPT *)keyScheme; // If the key scheme is ALG_NULL_VALUE, set the scheme to OAEP and // set the algorithm to the name algorithm. if(scheme.scheme == ALG_NULL_VALUE) { // Use OAEP scheme scheme.scheme = ALG_OAEP_VALUE; scheme.details.oaep.hashAlg = decryptKey->publicArea.nameAlg; } // use the digestSize as an indicator of whether or not the scheme // is using a supported hash algorithm. // Note: depending on the scheme used for encryption, a hashAlg might // not be needed. However, the return value has to have some upper // limit on the size. In this case, it is the size of the digest of the // hash algorithm. It is checked after the decryption is done but, there // is no point in doing the decryption if the size is going to be // 'wrong' anyway. digestSize = CryptHashGetDigestSize(scheme.details.oaep.hashAlg); if(scheme.scheme != ALG_OAEP_VALUE || digestSize == 0) return TPM_RC_SCHEME; // Set the output buffer capacity data->t.size = sizeof(data->t.buffer); // Decrypt seed by RSA OAEP result = CryptRsaDecrypt(&data->b, &secret->b, decryptKey, &scheme, label); if((result == TPM_RC_SUCCESS) && (data->t.size > digestSize)) result = TPM_RC_VALUE; } break; #endif // ALG_RSA #if ALG_ECC case ALG_ECC_VALUE: { TPMS_ECC_POINT eccPublic; TPMS_ECC_POINT eccSecret; BYTE *buffer = secret->t.secret; INT32 size = secret->t.size; // Retrieve ECC point from secret buffer result = TPMS_ECC_POINT_Unmarshal(&eccPublic, &buffer, &size); if(result == TPM_RC_SUCCESS) { result = CryptEccPointMultiply(&eccSecret, decryptKey->publicArea.parameters.eccDetail.curveID, &eccPublic, &decryptKey->sensitive.sensitive.ecc, NULL, NULL); if(result == TPM_RC_SUCCESS) { // Set the size of the "recovered" secret value to be the size // of the digest produced by the nameAlg. data->t.size = CryptHashGetDigestSize(decryptKey->publicArea.nameAlg); // The secret value is computed from Z using KDFe as: // secret := KDFe(HashID, Z, Use, PartyUInfo, PartyVInfo, bits) // Where: // HashID -- the nameAlg of the decrypt key // Z -- the x coordinate (Px) of the product (P) of the point // (Q) of the secret and the private x coordinate (de,V) // of the decryption key // Use -- a null-terminated string containing "SECRET" // PartyUInfo -- the x coordinate of the point in the secret // (Qe,U ) // PartyVInfo -- the x coordinate of the public key (Qs,V ) // bits -- the number of bits in the digest of HashID // Retrieve seed from KDFe CryptKDFe(decryptKey->publicArea.nameAlg, &eccSecret.x.b, label, &eccPublic.x.b, &decryptKey->publicArea.unique.ecc.x.b, data->t.size * 8, data->t.buffer); } } } break; #endif // ALG_ECC #if !ALG_KEYEDHASH # error "KEYEDHASH support is required" #endif case ALG_KEYEDHASH_VALUE: // The seed size can not be bigger than the digest size of nameAlg if(secret->t.size > CryptHashGetDigestSize(decryptKey->publicArea.nameAlg)) result = TPM_RC_VALUE; else { // Retrieve seed by XOR Obfuscation: // seed = XOR(secret, hash, key, nonceCaller, nullNonce) // where: // secret the secret parameter from the TPM2_StartAuthHMAC // command that contains the seed value // hash nameAlg of tpmKey // key the key or data value in the object referenced by // entityHandle in the TPM2_StartAuthHMAC command // nonceCaller the parameter from the TPM2_StartAuthHMAC command // nullNonce a zero-length nonce // XOR Obfuscation in place CryptXORObfuscation(decryptKey->publicArea.nameAlg, &decryptKey->sensitive.sensitive.bits.b, &nonceCaller->b, NULL, secret->t.size, secret->t.secret); // Copy decrypted seed MemoryCopy2B(&data->b, &secret->b, sizeof(data->t.buffer)); } break; case ALG_SYMCIPHER_VALUE: { TPM2B_IV iv = {{0}}; TPMT_SYM_DEF_OBJECT *symDef; // The seed size can not be bigger than the digest size of nameAlg if(secret->t.size > CryptHashGetDigestSize(decryptKey->publicArea.nameAlg)) result = TPM_RC_VALUE; else { symDef = &decryptKey->publicArea.parameters.symDetail.sym; iv.t.size = CryptGetSymmetricBlockSize(symDef->algorithm, symDef->keyBits.sym); if(iv.t.size == 0) return TPM_RC_FAILURE; if(nonceCaller->t.size >= iv.t.size) { MemoryCopy(iv.t.buffer, nonceCaller->t.buffer, iv.t.size); } else { if(nonceCaller->t.size > sizeof(iv.t.buffer)) return TPM_RC_FAILURE; MemoryCopy(iv.b.buffer, nonceCaller->t.buffer, nonceCaller->t.size); } // make sure secret will fit if(secret->t.size > data->t.size) return TPM_RC_FAILURE; data->t.size = secret->t.size; // CFB decrypt, using nonceCaller as iv CryptSymmetricDecrypt(data->t.buffer, symDef->algorithm, symDef->keyBits.sym, decryptKey->sensitive.sensitive.sym.t.buffer, &iv, ALG_CFB_VALUE, secret->t.size, secret->t.secret); } } break; default: FAIL(FATAL_ERROR_INTERNAL); break; } return result; } //*** CryptParameterEncryption() // This function does in-place encryption of a response parameter. void CryptParameterEncryption( TPM_HANDLE handle, // IN: encrypt session handle TPM2B *nonceCaller, // IN: nonce caller UINT16 leadingSizeInByte, // IN: the size of the leading size field in // bytes TPM2B_AUTH *extraKey, // IN: additional key material other than // sessionAuth BYTE *buffer // IN/OUT: parameter buffer to be encrypted ) { SESSION *session = SessionGet(handle); // encrypt session TPM2B_TYPE(TEMP_KEY, (sizeof(extraKey->t.buffer) + sizeof(session->sessionKey.t.buffer))); TPM2B_TEMP_KEY key; // encryption key UINT32 cipherSize = 0; // size of cipher text // // Retrieve encrypted data size. if(leadingSizeInByte == 2) { // Extract the first two bytes as the size field as the data size // encrypt cipherSize = (UINT32)BYTE_ARRAY_TO_UINT16(buffer); // advance the buffer buffer = &buffer[2]; } #ifdef TPM4B else if(leadingSizeInByte == 4) { // use the first four bytes to indicate the number of bytes to encrypt cipherSize = BYTE_ARRAY_TO_UINT32(buffer); //advance pointer buffer = &buffer[4]; } #endif else { FAIL(FATAL_ERROR_INTERNAL); } // Compute encryption key by concatenating sessionKey with extra key MemoryCopy2B(&key.b, &session->sessionKey.b, sizeof(key.t.buffer)); MemoryConcat2B(&key.b, &extraKey->b, sizeof(key.t.buffer)); if(session->symmetric.algorithm == ALG_XOR_VALUE) // XOR parameter encryption formulation: // XOR(parameter, hash, sessionAuth, nonceNewer, nonceOlder) CryptXORObfuscation(session->authHashAlg, &(key.b), &(session->nonceTPM.b), nonceCaller, cipherSize, buffer); else ParmEncryptSym(session->symmetric.algorithm, session->authHashAlg, session->symmetric.keyBits.aes, &(key.b), nonceCaller, &(session->nonceTPM.b), cipherSize, buffer); return; } //*** CryptParameterDecryption() // This function does in-place decryption of a command parameter. // Return Type: TPM_RC // TPM_RC_SIZE The number of bytes in the input buffer is less than // the number of bytes to be decrypted. TPM_RC CryptParameterDecryption( TPM_HANDLE handle, // IN: encrypted session handle TPM2B *nonceCaller, // IN: nonce caller UINT32 bufferSize, // IN: size of parameter buffer UINT16 leadingSizeInByte, // IN: the size of the leading size field in // byte TPM2B_AUTH *extraKey, // IN: the authValue BYTE *buffer // IN/OUT: parameter buffer to be decrypted ) { SESSION *session = SessionGet(handle); // encrypt session // The HMAC key is going to be the concatenation of the session key and any // additional key material (like the authValue). The size of both of these // is the size of the buffer which can contain a TPMT_HA. TPM2B_TYPE(HMAC_KEY, (sizeof(extraKey->t.buffer) + sizeof(session->sessionKey.t.buffer))); TPM2B_HMAC_KEY key; // decryption key UINT32 cipherSize = 0; // size of cipher text // // Retrieve encrypted data size. if(leadingSizeInByte == 2) { // The first two bytes of the buffer are the size of the // data to be decrypted cipherSize = (UINT32)BYTE_ARRAY_TO_UINT16(buffer); buffer = &buffer[2]; // advance the buffer } #ifdef TPM4B else if(leadingSizeInByte == 4) { // the leading size is four bytes so get the four byte size field cipherSize = BYTE_ARRAY_TO_UINT32(buffer); buffer = &buffer[4]; //advance pointer } #endif else { FAIL(FATAL_ERROR_INTERNAL); } if(cipherSize > bufferSize) return TPM_RC_SIZE; // Compute decryption key by concatenating sessionAuth with extra input key MemoryCopy2B(&key.b, &session->sessionKey.b, sizeof(key.t.buffer)); MemoryConcat2B(&key.b, &extraKey->b, sizeof(key.t.buffer)); if(session->symmetric.algorithm == ALG_XOR_VALUE) // XOR parameter decryption formulation: // XOR(parameter, hash, sessionAuth, nonceNewer, nonceOlder) // Call XOR obfuscation function CryptXORObfuscation(session->authHashAlg, &key.b, nonceCaller, &(session->nonceTPM.b), cipherSize, buffer); else // Assume that it is one of the symmetric block ciphers. ParmDecryptSym(session->symmetric.algorithm, session->authHashAlg, session->symmetric.keyBits.sym, &key.b, nonceCaller, &session->nonceTPM.b, cipherSize, buffer); return TPM_RC_SUCCESS; } //*** CryptComputeSymmetricUnique() // This function computes the unique field in public area for symmetric objects. void CryptComputeSymmetricUnique( TPMT_PUBLIC *publicArea, // IN: the object's public area TPMT_SENSITIVE *sensitive, // IN: the associated sensitive area TPM2B_DIGEST *unique // OUT: unique buffer ) { // For parents (symmetric and derivation), use an HMAC to compute // the 'unique' field if(IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, restricted) && IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, decrypt)) { // Unique field is HMAC(sensitive->seedValue, sensitive->sensitive) HMAC_STATE hmacState; unique->b.size = CryptHmacStart2B(&hmacState, publicArea->nameAlg, &sensitive->seedValue.b); CryptDigestUpdate2B(&hmacState.hashState, &sensitive->sensitive.any.b); CryptHmacEnd2B(&hmacState, &unique->b); } else { HASH_STATE hashState; // Unique := Hash(sensitive->seedValue || sensitive->sensitive) unique->t.size = CryptHashStart(&hashState, publicArea->nameAlg); CryptDigestUpdate2B(&hashState, &sensitive->seedValue.b); CryptDigestUpdate2B(&hashState, &sensitive->sensitive.any.b); CryptHashEnd2B(&hashState, &unique->b); } return; } //*** CryptCreateObject() // This function creates an object. // For an asymmetric key, it will create a key pair and, for a parent key, a seed // value for child protections. // // For an symmetric object, (TPM_ALG_SYMCIPHER or TPM_ALG_KEYEDHASH), it will // create a secret key if the caller did not provide one. It will create a random // secret seed value that is hashed with the secret value to create the public // unique value. // // 'publicArea', 'sensitive', and 'sensitiveCreate' are the only required parameters // and are the only ones that are used by TPM2_Create(). The other parameters // are optional and are used when the generated Object needs to be deterministic. // This is the case for both Primary Objects and Derived Objects. // // When a seed value is provided, a RAND_STATE will be populated and used for // all operations in the object generation that require a random number. In the // simplest case, TPM2_CreatePrimary() will use 'seed', 'label' and 'context' with // context being the hash of the template. If the Primary Object is in // the Endorsement hierarchy, it will also populate 'proof' with ehProof. // // For derived keys, 'seed' will be the secret value from the parent, 'label' and // 'context' will be set according to the parameters of TPM2_CreateLoaded() and // 'hashAlg' will be set which causes the RAND_STATE to be a KDF generator. // // Return Type: TPM_RC // TPM_RC_KEY a provided key is not an allowed value // TPM_RC_KEY_SIZE key size in the public area does not match the size // in the sensitive creation area for a symmetric key // TPM_RC_NO_RESULT unable to get random values (only in derivation) // TPM_RC_RANGE for an RSA key, the exponent is not supported // TPM_RC_SIZE sensitive data size is larger than allowed for the // scheme for a keyed hash object // TPM_RC_VALUE exponent is not prime or could not find a prime using // the provided parameters for an RSA key; // unsupported name algorithm for an ECC key TPM_RC CryptCreateObject( OBJECT *object, // IN: new object structure pointer TPMS_SENSITIVE_CREATE *sensitiveCreate, // IN: sensitive creation RAND_STATE *rand // IN: the random number generator // to use ) { TPMT_PUBLIC *publicArea = &object->publicArea; TPMT_SENSITIVE *sensitive = &object->sensitive; TPM_RC result = TPM_RC_SUCCESS; // // Set the sensitive type for the object sensitive->sensitiveType = publicArea->type; // For all objects, copy the initial authorization data sensitive->authValue = sensitiveCreate->userAuth; // If the TPM is the source of the data, set the size of the provided data to // zero so that there's no confusion about what to do. if(IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, sensitiveDataOrigin)) sensitiveCreate->data.t.size = 0; // Generate the key and unique fields for the asymmetric keys and just the // sensitive value for symmetric object switch(publicArea->type) { #if ALG_RSA // Create RSA key case ALG_RSA_VALUE: // RSA uses full object so that it has a place to put the private // exponent result = CryptRsaGenerateKey(publicArea, sensitive, rand); break; #endif // ALG_RSA #if ALG_ECC // Create ECC key case ALG_ECC_VALUE: result = CryptEccGenerateKey(publicArea, sensitive, rand); break; #endif // ALG_ECC case ALG_SYMCIPHER_VALUE: result = CryptGenerateKeySymmetric(publicArea, sensitive, sensitiveCreate, rand); break; case ALG_KEYEDHASH_VALUE: result = CryptGenerateKeyedHash(publicArea, sensitive, sensitiveCreate, rand); break; default: FAIL(FATAL_ERROR_INTERNAL); break; } if(result != TPM_RC_SUCCESS) return result; // Create the sensitive seed value // If this is a primary key in the endorsement hierarchy, stir the DRBG state // This implementation uses both shProof and ehProof to make sure that there // is no leakage of either. if(object->attributes.primary && object->attributes.epsHierarchy) { DRBG_AdditionalData((DRBG_STATE *)rand, &gp.shProof.b); DRBG_AdditionalData((DRBG_STATE *)rand, &gp.ehProof.b); } // Generate a seedValue that is the size of the digest produced by nameAlg sensitive->seedValue.t.size = DRBG_Generate(rand, sensitive->seedValue.t.buffer, CryptHashGetDigestSize(publicArea->nameAlg)); if(g_inFailureMode) return TPM_RC_FAILURE; else if(sensitive->seedValue.t.size == 0) return TPM_RC_NO_RESULT; // For symmetric objects, need to compute the unique value for the public area if(publicArea->type == ALG_SYMCIPHER_VALUE || publicArea->type == ALG_KEYEDHASH_VALUE) { CryptComputeSymmetricUnique(publicArea, sensitive, &publicArea->unique.sym); } else { // if this is an asymmetric key and it isn't a parent, then // get rid of the seed. if(IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, sign) || !IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, restricted)) memset(&sensitive->seedValue, 0, sizeof(sensitive->seedValue)); } // Compute the name PublicMarshalAndComputeName(publicArea, &object->name); return result; } //*** CryptGetSignHashAlg() // Get the hash algorithm of signature from a TPMT_SIGNATURE structure. // It assumes the signature is not NULL // This is a function for easy access TPMI_ALG_HASH CryptGetSignHashAlg( TPMT_SIGNATURE *auth // IN: signature ) { if(auth->sigAlg == ALG_NULL_VALUE) FAIL(FATAL_ERROR_INTERNAL); // Get authHash algorithm based on signing scheme switch(auth->sigAlg) { #if ALG_RSA // If RSA is supported, both RSASSA and RSAPSS are required # if !defined ALG_RSASSA_VALUE || !defined ALG_RSAPSS_VALUE # error "RSASSA and RSAPSS are required for RSA" # endif case ALG_RSASSA_VALUE: return auth->signature.rsassa.hash; case ALG_RSAPSS_VALUE: return auth->signature.rsapss.hash; #endif // ALG_RSA #if ALG_ECC // If ECC is defined, ECDSA is mandatory # if !ALG_ECDSA # error "ECDSA is requried for ECC" # endif case ALG_ECDSA_VALUE: // SM2 and ECSCHNORR are optional # if ALG_SM2 case ALG_SM2_VALUE: # endif # if ALG_ECSCHNORR case ALG_ECSCHNORR_VALUE: # endif //all ECC signatures look the same return auth->signature.ecdsa.hash; # if ALG_ECDAA // Don't know how to verify an ECDAA signature case ALG_ECDAA_VALUE: break; # endif #endif // ALG_ECC case ALG_HMAC_VALUE: return auth->signature.hmac.hashAlg; default: break; } return ALG_NULL_VALUE; } //*** CryptIsSplitSign() // This function us used to determine if the signing operation is a split // signing operation that required a TPM2_Commit(). // BOOL CryptIsSplitSign( TPM_ALG_ID scheme // IN: the algorithm selector ) { switch(scheme) { # if ALG_ECDAA case ALG_ECDAA_VALUE: return TRUE; break; # endif // ALG_ECDAA default: return FALSE; break; } } //*** CryptIsAsymSignScheme() // This function indicates if a scheme algorithm is a sign algorithm. BOOL CryptIsAsymSignScheme( TPMI_ALG_PUBLIC publicType, // IN: Type of the object TPMI_ALG_ASYM_SCHEME scheme // IN: the scheme ) { BOOL isSignScheme = TRUE; switch(publicType) { #if ALG_RSA case ALG_RSA_VALUE: switch(scheme) { # if !ALG_RSASSA || !ALG_RSAPSS # error "RSASSA and PSAPSS required if RSA used." # endif case ALG_RSASSA_VALUE: case ALG_RSAPSS_VALUE: break; default: isSignScheme = FALSE; break; } break; #endif // ALG_RSA #if ALG_ECC // If ECC is implemented ECDSA is required case ALG_ECC_VALUE: switch(scheme) { // Support for ECDSA is required for ECC case ALG_ECDSA_VALUE: #if ALG_ECDAA // ECDAA is optional case ALG_ECDAA_VALUE: #endif #if ALG_ECSCHNORR // Schnorr is also optional case ALG_ECSCHNORR_VALUE: #endif #if ALG_SM2 // SM2 is optional case ALG_SM2_VALUE: #endif break; default: isSignScheme = FALSE; break; } break; #endif // ALG_ECC default: isSignScheme = FALSE; break; } return isSignScheme; } //*** CryptIsAsymDecryptScheme() // This function indicate if a scheme algorithm is a decrypt algorithm. BOOL CryptIsAsymDecryptScheme( TPMI_ALG_PUBLIC publicType, // IN: Type of the object TPMI_ALG_ASYM_SCHEME scheme // IN: the scheme ) { BOOL isDecryptScheme = TRUE; switch(publicType) { #if ALG_RSA case ALG_RSA_VALUE: switch(scheme) { case ALG_RSAES_VALUE: case ALG_OAEP_VALUE: break; default: isDecryptScheme = FALSE; break; } break; #endif // ALG_RSA #if ALG_ECC // If ECC is implemented ECDH is required case ALG_ECC_VALUE: switch(scheme) { #if !ALG_ECDH # error "ECDH is required for ECC" #endif case ALG_ECDH_VALUE: #if ALG_SM2 case ALG_SM2_VALUE: #endif #if ALG_ECMQV case ALG_ECMQV_VALUE: #endif break; default: isDecryptScheme = FALSE; break; } break; #endif // ALG_ECC default: isDecryptScheme = FALSE; break; } return isDecryptScheme; } //*** CryptSelectSignScheme() // This function is used by the attestation and signing commands. It implements // the rules for selecting the signature scheme to use in signing. This function // requires that the signing key either be TPM_RH_NULL or be loaded. // // If a default scheme is defined in object, the default scheme should be chosen, // otherwise, the input scheme should be chosen. // In the case that both object and input scheme has a non-NULL scheme // algorithm, if the schemes are compatible, the input scheme will be chosen. // // This function should not be called if 'signObject->publicArea.type' == // ALG_SYMCIPHER. // // Return Type: BOOL // TRUE(1) scheme selected // FALSE(0) both 'scheme' and key's default scheme are empty; or // 'scheme' is empty while key's default scheme requires // explicit input scheme (split signing); or // non-empty default key scheme differs from 'scheme' BOOL CryptSelectSignScheme( OBJECT *signObject, // IN: signing key TPMT_SIG_SCHEME *scheme // IN/OUT: signing scheme ) { TPMT_SIG_SCHEME *objectScheme; TPMT_PUBLIC *publicArea; BOOL OK; // If the signHandle is TPM_RH_NULL, then the NULL scheme is used, regardless // of the setting of scheme if(signObject == NULL) { OK = TRUE; scheme->scheme = ALG_NULL_VALUE; scheme->details.any.hashAlg = ALG_NULL_VALUE; } else { // assignment to save typing. publicArea = &signObject->publicArea; // A symmetric cipher can be used to encrypt and decrypt but it can't // be used for signing if(publicArea->type == ALG_SYMCIPHER_VALUE) return FALSE; // Point to the scheme object if(CryptIsAsymAlgorithm(publicArea->type)) objectScheme = (TPMT_SIG_SCHEME *)&publicArea->parameters.asymDetail.scheme; else objectScheme = (TPMT_SIG_SCHEME *)&publicArea->parameters.keyedHashDetail.scheme; // If the object doesn't have a default scheme, then use the // input scheme. if(objectScheme->scheme == ALG_NULL_VALUE) { // Input and default can't both be NULL OK = (scheme->scheme != ALG_NULL_VALUE); // Assume that the scheme is compatible with the key. If not, // an error will be generated in the signing operation. } else if(scheme->scheme == ALG_NULL_VALUE) { // input scheme is NULL so use default // First, check to see if the default requires that the caller // provided scheme data OK = !CryptIsSplitSign(objectScheme->scheme); if(OK) { // The object has a scheme and the input is TPM_ALG_NULL so copy // the object scheme as the final scheme. It is better to use a // structure copy than a copy of the individual fields. *scheme = *objectScheme; } } else { // Both input and object have scheme selectors // If the scheme and the hash are not the same then... // NOTE: the reason that there is no copy here is that the input // might contain extra data for a split signing scheme and that // data is not in the object so, it has to be preserved. OK = (objectScheme->scheme == scheme->scheme) && (objectScheme->details.any.hashAlg == scheme->details.any.hashAlg); } } return OK; } //*** CryptSign() // Sign a digest with asymmetric key or HMAC. // This function is called by attestation commands and the generic TPM2_Sign // command. // This function checks the key scheme and digest size. It does not // check if the sign operation is allowed for restricted key. It should be // checked before the function is called. // The function will assert if the key is not a signing key. // // Return Type: TPM_RC // TPM_RC_SCHEME 'signScheme' is not compatible with the signing key type // TPM_RC_VALUE 'digest' value is greater than the modulus of // 'signHandle' or size of 'hashData' does not match hash // algorithm in'signScheme' (for an RSA key); // invalid commit status or failed to generate "r" value // (for an ECC key) TPM_RC CryptSign( OBJECT *signKey, // IN: signing key TPMT_SIG_SCHEME *signScheme, // IN: sign scheme. TPM2B_DIGEST *digest, // IN: The digest being signed TPMT_SIGNATURE *signature // OUT: signature ) { TPM_RC result = TPM_RC_SCHEME; // Initialize signature scheme signature->sigAlg = signScheme->scheme; // If the signature algorithm is TPM_ALG_NULL or the signing key is NULL, // then we are done if((signature->sigAlg == ALG_NULL_VALUE) || (signKey == NULL)) return TPM_RC_SUCCESS; // Initialize signature hash // Note: need to do the check for TPM_ALG_NULL first because the null scheme // doesn't have a hashAlg member. signature->signature.any.hashAlg = signScheme->details.any.hashAlg; // perform sign operation based on different key type switch(signKey->publicArea.type) { #if ALG_RSA case ALG_RSA_VALUE: result = CryptRsaSign(signature, signKey, digest, NULL); break; #endif // ALG_RSA #if ALG_ECC case ALG_ECC_VALUE: // The reason that signScheme is passed to CryptEccSign but not to the // other signing methods is that the signing for ECC may be split and // need the 'r' value that is in the scheme but not in the signature. result = CryptEccSign(signature, signKey, digest, (TPMT_ECC_SCHEME *)signScheme, NULL); break; #endif // ALG_ECC case ALG_KEYEDHASH_VALUE: result = CryptHmacSign(signature, signKey, digest); break; default: FAIL(FATAL_ERROR_INTERNAL); break; } return result; } //*** CryptValidateSignature() // This function is used to verify a signature. It is called by // TPM2_VerifySignature() and TPM2_PolicySigned. // // Since this operation only requires use of a public key, no consistency // checks are necessary for the key to signature type because a caller can load // any public key that they like with any scheme that they like. This routine // simply makes sure that the signature is correct, whatever the type. // // Return Type: TPM_RC // TPM_RC_SIGNATURE the signature is not genuine // TPM_RC_SCHEME the scheme is not supported // TPM_RC_HANDLE an HMAC key was selected but the // private part of the key is not loaded TPM_RC CryptValidateSignature( TPMI_DH_OBJECT keyHandle, // IN: The handle of sign key TPM2B_DIGEST *digest, // IN: The digest being validated TPMT_SIGNATURE *signature // IN: signature ) { // NOTE: HandleToObject will either return a pointer to a loaded object or // will assert. It will never return a non-valid value. This makes it save // to initialize 'publicArea' with the return value from HandleToObject() // without checking it first. OBJECT *signObject = HandleToObject(keyHandle); TPMT_PUBLIC *publicArea = &signObject->publicArea; TPM_RC result = TPM_RC_SCHEME; // The input unmarshaling should prevent any input signature from being // a NULL signature, but just in case if(signature->sigAlg == ALG_NULL_VALUE) return TPM_RC_SIGNATURE; switch(publicArea->type) { #if ALG_RSA case ALG_RSA_VALUE: { // // Call RSA code to verify signature result = CryptRsaValidateSignature(signature, signObject, digest); break; } #endif // ALG_RSA #if ALG_ECC case ALG_ECC_VALUE: result = CryptEccValidateSignature(signature, signObject, digest); break; #endif // ALG_ECC case ALG_KEYEDHASH_VALUE: if(signObject->attributes.publicOnly) result = TPM_RCS_HANDLE; else result = CryptHMACVerifySignature(signObject, digest, signature); break; default: break; } return result; } //*** CryptGetTestResult // This function returns the results of a self-test function. // Note: the behavior in this function is NOT the correct behavior for a real // TPM implementation. An artificial behavior is placed here due to the // limitation of a software simulation environment. For the correct behavior, // consult the part 3 specification for TPM2_GetTestResult(). TPM_RC CryptGetTestResult( TPM2B_MAX_BUFFER *outData // OUT: test result data ) { outData->t.size = 0; return TPM_RC_SUCCESS; } //*** CryptValidateKeys() // This function is used to verify that the key material of and object is valid. // For a 'publicOnly' object, the key is verified for size and, if it is an ECC // key, it is verified to be on the specified curve. For a key with a sensitive // area, the binding between the public and private parts of the key are verified. // If the nameAlg of the key is TPM_ALG_NULL, then the size of the sensitive area // is verified but the public portion is not verified, unless the key is an RSA key. // For an RSA key, the reason for loading the sensitive area is to use it. The // only way to use a private RSA key is to compute the private exponent. To compute // the private exponent, the public modulus is used. // Return Type: TPM_RC // TPM_RC_BINDING the public and private parts are not cryptographically // bound // TPM_RC_HASH cannot have a publicOnly key with nameAlg of TPM_ALG_NULL // TPM_RC_KEY the public unique is not valid // TPM_RC_KEY_SIZE the private area key is not valid // TPM_RC_TYPE the types of the sensitive and private parts do not match TPM_RC CryptValidateKeys( TPMT_PUBLIC *publicArea, TPMT_SENSITIVE *sensitive, TPM_RC blamePublic, TPM_RC blameSensitive ) { TPM_RC result; UINT16 keySizeInBytes; UINT16 digestSize = CryptHashGetDigestSize(publicArea->nameAlg); TPMU_PUBLIC_PARMS *params = &publicArea->parameters; TPMU_PUBLIC_ID *unique = &publicArea->unique; if(sensitive != NULL) { // Make sure that the types of the public and sensitive are compatible if(publicArea->type != sensitive->sensitiveType) return TPM_RCS_TYPE + blameSensitive; // Make sure that the authValue is not bigger than allowed // If there is no name algorithm, then the size just needs to be less than // the maximum size of the buffer used for authorization. That size check // was made during unmarshaling of the sensitive area if((sensitive->authValue.t.size) > digestSize && (digestSize > 0)) return TPM_RCS_SIZE + blameSensitive; } switch(publicArea->type) { #if ALG_RSA case ALG_RSA_VALUE: keySizeInBytes = BITS_TO_BYTES(params->rsaDetail.keyBits); // Regardless of whether there is a sensitive area, the public modulus // needs to have the correct size. Otherwise, it can't be used for // any public key operation nor can it be used to compute the private // exponent. // NOTE: This implementation only supports key sizes that are multiples // of 1024 bits which means that the MSb of the 0th byte will always be // SET in any prime and in the public modulus. if((unique->rsa.t.size != keySizeInBytes) || (unique->rsa.t.buffer[0] < 0x80)) return TPM_RCS_KEY + blamePublic; if(params->rsaDetail.exponent != 0 && params->rsaDetail.exponent < 7) return TPM_RCS_VALUE + blamePublic; if(sensitive != NULL) { // If there is a sensitive area, it has to be the correct size // including having the correct high order bit SET. if(((sensitive->sensitive.rsa.t.size * 2) != keySizeInBytes) || (sensitive->sensitive.rsa.t.buffer[0] < 0x80)) return TPM_RCS_KEY_SIZE + blameSensitive; } break; #endif #if ALG_ECC case ALG_ECC_VALUE: { TPMI_ECC_CURVE curveId; curveId = params->eccDetail.curveID; keySizeInBytes = BITS_TO_BYTES(CryptEccGetKeySizeForCurve(curveId)); if(sensitive == NULL) { // Validate the public key size if(unique->ecc.x.t.size != keySizeInBytes || unique->ecc.y.t.size != keySizeInBytes) return TPM_RCS_KEY + blamePublic; if(publicArea->nameAlg != ALG_NULL_VALUE) { if(!CryptEccIsPointOnCurve(curveId, &unique->ecc)) return TPM_RCS_ECC_POINT + blamePublic; } } else { // If the nameAlg is TPM_ALG_NULL, then only verify that the // private part of the key is OK. if(!CryptEccIsValidPrivateKey(&sensitive->sensitive.ecc, curveId)) return TPM_RCS_KEY_SIZE; if(publicArea->nameAlg != ALG_NULL_VALUE) { // Full key load, verify that the public point belongs to the // private key. TPMS_ECC_POINT toCompare; result = CryptEccPointMultiply(&toCompare, curveId, NULL, &sensitive->sensitive.ecc, NULL, NULL); if(result != TPM_RC_SUCCESS) return TPM_RCS_BINDING; else { // Make sure that the private key generated the public key. // The input values and the values produced by the point // multiply may not be the same size so adjust the computed // value to match the size of the input value by adding or // removing zeros. AdjustNumberB(&toCompare.x.b, unique->ecc.x.t.size); AdjustNumberB(&toCompare.y.b, unique->ecc.y.t.size); if(!MemoryEqual2B(&unique->ecc.x.b, &toCompare.x.b) || !MemoryEqual2B(&unique->ecc.y.b, &toCompare.y.b)) return TPM_RCS_BINDING; } } } break; } #endif default: // Checks for SYMCIPHER and KEYEDHASH are largely the same // If public area has a nameAlg, then validate the public area size // and if there is also a sensitive area, validate the binding // For consistency, if the object is public-only just make sure that // the unique field is consistent with the name algorithm if(sensitive == NULL) { if(unique->sym.t.size != digestSize) return TPM_RCS_KEY + blamePublic; } else { // Make sure that the key size in the sensitive area is consistent. if(publicArea->type == ALG_SYMCIPHER_VALUE) { result = CryptSymKeyValidate(¶ms->symDetail.sym, &sensitive->sensitive.sym); if(result != TPM_RC_SUCCESS) return result + blameSensitive; } else { // For a keyed hash object, the key has to be less than the // smaller of the block size of the hash used in the scheme or // 128 bytes. The worst case value is limited by the // unmarshaling code so the only thing left to be checked is // that it does not exceed the block size of the hash. // by the hash algorithm of the scheme. TPMT_KEYEDHASH_SCHEME *scheme; UINT16 maxSize; scheme = ¶ms->keyedHashDetail.scheme; if(scheme->scheme == ALG_XOR_VALUE) { maxSize = CryptHashGetBlockSize(scheme->details.xor.hashAlg); } else if(scheme->scheme == ALG_HMAC_VALUE) { maxSize = CryptHashGetBlockSize(scheme->details.hmac.hashAlg); } else if(scheme->scheme == ALG_NULL_VALUE) { // Not signing or xor so must be a data block maxSize = 128; } else return TPM_RCS_SCHEME + blamePublic; if(sensitive->sensitive.bits.t.size > maxSize) return TPM_RCS_KEY_SIZE + blameSensitive; } // If there is a nameAlg, check the binding if(publicArea->nameAlg != ALG_NULL_VALUE) { TPM2B_DIGEST compare; if(sensitive->seedValue.t.size != digestSize) return TPM_RCS_KEY_SIZE + blameSensitive; CryptComputeSymmetricUnique(publicArea, sensitive, &compare); if(!MemoryEqual2B(&unique->sym.b, &compare.b)) return TPM_RC_BINDING; } } break; } // For a parent, need to check that the seedValue is the correct size for // protections. It should be at least half the size of the nameAlg if(IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, restricted) && IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, decrypt) && sensitive != NULL && publicArea->nameAlg != ALG_NULL_VALUE) { if((sensitive->seedValue.t.size < (digestSize / 2)) || (sensitive->seedValue.t.size > digestSize)) return TPM_RCS_SIZE + blameSensitive; } return TPM_RC_SUCCESS; } //*** CryptSelectMac() // This function is used to set the MAC scheme based on the key parameters and // the input scheme. // Return Type: TPM_RC // TPM_RC_SCHEME the scheme is not a valid mac scheme // TPM_RC_TYPE the input key is not a type that supports a mac // TPM_RC_VALUE the input scheme and the key scheme are not compatible TPM_RC CryptSelectMac( TPMT_PUBLIC *publicArea, TPMI_ALG_MAC_SCHEME *inMac ) { TPM_ALG_ID macAlg = ALG_NULL_VALUE; switch(publicArea->type) { case ALG_KEYEDHASH_VALUE: { // Local value to keep lines from getting too long TPMT_KEYEDHASH_SCHEME *scheme; scheme = &publicArea->parameters.keyedHashDetail.scheme; // Expect that the scheme is either HMAC or NULL if(scheme->scheme != ALG_NULL_VALUE) macAlg = scheme->details.hmac.hashAlg; break; } case ALG_SYMCIPHER_VALUE: { TPMT_SYM_DEF_OBJECT *scheme; scheme = &publicArea->parameters.symDetail.sym; // Expect that the scheme is either valid symmetric cipher or NULL if(scheme->algorithm != ALG_NULL_VALUE) macAlg = scheme->mode.sym; break; } default: return TPM_RCS_TYPE; } // If the input value is not TPM_ALG_NULL ... if(*inMac != ALG_NULL_VALUE) { // ... then either the scheme in the key must be TPM_ALG_NULL or the input // value must match if((macAlg != ALG_NULL_VALUE) && (*inMac != macAlg)) return TPM_RCS_VALUE; } else { // Since the input value is TPM_ALG_NULL, then the key value can't be // TPM_ALG_NULL if(macAlg == ALG_NULL_VALUE) return TPM_RCS_VALUE; *inMac = macAlg; } if(!CryptMacIsValidForKey(publicArea->type, *inMac, FALSE)) return TPM_RCS_SCHEME; return TPM_RC_SUCCESS; } //*** CryptMacIsValidForKey() // Check to see if the key type is compatible with the mac type BOOL CryptMacIsValidForKey( TPM_ALG_ID keyType, TPM_ALG_ID macAlg, BOOL flag ) { switch(keyType) { case ALG_KEYEDHASH_VALUE: return CryptHashIsValidAlg(macAlg, flag); break; case ALG_SYMCIPHER_VALUE: return CryptSmacIsValidAlg(macAlg, flag); break; default: break; } return FALSE; } //*** CryptSmacIsValidAlg() // This function is used to test if an algorithm is a supported SMAC algorithm. It // needs to be updated as new algorithms are added. BOOL CryptSmacIsValidAlg( TPM_ALG_ID alg, BOOL FLAG // IN: Indicates if TPM_ALG_NULL is valid ) { switch (alg) { #if ALG_CMAC case ALG_CMAC_VALUE: return TRUE; break; #endif case ALG_NULL_VALUE: return FLAG; break; default: return FALSE; } } //*** CryptSymModeIsValid() // Function checks to see if an algorithm ID is a valid, symmetric block cipher // mode for the TPM. If 'flag' is SET, them TPM_ALG_NULL is a valid mode. // not include the modes used for SMAC BOOL CryptSymModeIsValid( TPM_ALG_ID mode, BOOL flag ) { switch(mode) { #if ALG_CTR case ALG_CTR_VALUE: #endif // ALG_CTR #if ALG_OFB case ALG_OFB_VALUE: #endif // ALG_OFB #if ALG_CBC case ALG_CBC_VALUE: #endif // ALG_CBC #if ALG_CFB case ALG_CFB_VALUE: #endif // ALG_CFB #if ALG_ECB case ALG_ECB_VALUE: #endif // ALG_ECB return TRUE; case ALG_NULL_VALUE: return flag; break; default: break; } return FALSE; } go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/PrimeData.c000066400000000000000000000722241510276467000261550ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" // This table is the product of all of the primes up to 1000. // Checking to see if there is a GCD between a prime candidate // and this number will eliminate many prime candidates from // consideration before running Miller-Rabin on the result. const BN_STRUCT(43 * RADIX_BITS) s_CompositeOfSmallPrimes_ = {44, 44, { 0x2ED42696, 0x2BBFA177, 0x4820594F, 0xF73F4841, 0xBFAC313A, 0xCAC3EB81, 0xF6F26BF8, 0x7FAB5061, 0x59746FB7, 0xF71377F6, 0x3B19855B, 0xCBD03132, 0xBB92EF1B, 0x3AC3152C, 0xE87C8273, 0xC0AE0E69, 0x74A9E295, 0x448CCE86, 0x63CA1907, 0x8A0BF944, 0xF8CC3BE0, 0xC26F0AF5, 0xC501C02F, 0x6579441A, 0xD1099CDA, 0x6BC76A00, 0xC81A3228, 0xBFB1AB25, 0x70FA3841, 0x51B3D076, 0xCC2359ED, 0xD9EE0769, 0x75E47AF0, 0xD45FF31E, 0x52CCE4F6, 0x04DBC891, 0x96658ED2, 0x1753EFE5, 0x3AE4A5A6, 0x8FD4A97F, 0x8B15E7EB, 0x0243C3E1, 0xE0F0C31D, 0x0000000B } }; bigConst s_CompositeOfSmallPrimes = (const bigNum)&s_CompositeOfSmallPrimes_; // This table contains a bit for each of the odd values between 1 and 2^16 + 1. // This table allows fast checking of the primes in that range. // Don't change the size of this table unless you are prepared to do redo // IsPrimeInt(). const uint32_t s_LastPrimeInTable = 65537; const uint32_t s_PrimeTableSize = 4097; const uint32_t s_PrimesInTable = 6542; const unsigned char s_PrimeTable[] = { 0x6e, 0xcb, 0xb4, 0x64, 0x9a, 0x12, 0x6d, 0x81, 0x32, 0x4c, 0x4a, 0x86, 0x0d, 0x82, 0x96, 0x21, 0xc9, 0x34, 0x04, 0x5a, 0x20, 0x61, 0x89, 0xa4, 0x44, 0x11, 0x86, 0x29, 0xd1, 0x82, 0x28, 0x4a, 0x30, 0x40, 0x42, 0x32, 0x21, 0x99, 0x34, 0x08, 0x4b, 0x06, 0x25, 0x42, 0x84, 0x48, 0x8a, 0x14, 0x05, 0x42, 0x30, 0x6c, 0x08, 0xb4, 0x40, 0x0b, 0xa0, 0x08, 0x51, 0x12, 0x28, 0x89, 0x04, 0x65, 0x98, 0x30, 0x4c, 0x80, 0x96, 0x44, 0x12, 0x80, 0x21, 0x42, 0x12, 0x41, 0xc9, 0x04, 0x21, 0xc0, 0x32, 0x2d, 0x98, 0x00, 0x00, 0x49, 0x04, 0x08, 0x81, 0x96, 0x68, 0x82, 0xb0, 0x25, 0x08, 0x22, 0x48, 0x89, 0xa2, 0x40, 0x59, 0x26, 0x04, 0x90, 0x06, 0x40, 0x43, 0x30, 0x44, 0x92, 0x00, 0x69, 0x10, 0x82, 0x08, 0x08, 0xa4, 0x0d, 0x41, 0x12, 0x60, 0xc0, 0x00, 0x24, 0xd2, 0x22, 0x61, 0x08, 0x84, 0x04, 0x1b, 0x82, 0x01, 0xd3, 0x10, 0x01, 0x02, 0xa0, 0x44, 0xc0, 0x22, 0x60, 0x91, 0x14, 0x0c, 0x40, 0xa6, 0x04, 0xd2, 0x94, 0x20, 0x09, 0x94, 0x20, 0x52, 0x00, 0x08, 0x10, 0xa2, 0x4c, 0x00, 0x82, 0x01, 0x51, 0x10, 0x08, 0x8b, 0xa4, 0x25, 0x9a, 0x30, 0x44, 0x81, 0x10, 0x4c, 0x03, 0x02, 0x25, 0x52, 0x80, 0x08, 0x49, 0x84, 0x20, 0x50, 0x32, 0x00, 0x18, 0xa2, 0x40, 0x11, 0x24, 0x28, 0x01, 0x84, 0x01, 0x01, 0xa0, 0x41, 0x0a, 0x12, 0x45, 0x00, 0x36, 0x08, 0x00, 0x26, 0x29, 0x83, 0x82, 0x61, 0xc0, 0x80, 0x04, 0x10, 0x10, 0x6d, 0x00, 0x22, 0x48, 0x58, 0x26, 0x0c, 0xc2, 0x10, 0x48, 0x89, 0x24, 0x20, 0x58, 0x20, 0x45, 0x88, 0x24, 0x00, 0x19, 0x02, 0x25, 0xc0, 0x10, 0x68, 0x08, 0x14, 0x01, 0xca, 0x32, 0x28, 0x80, 0x00, 0x04, 0x4b, 0x26, 0x00, 0x13, 0x90, 0x60, 0x82, 0x80, 0x25, 0xd0, 0x00, 0x01, 0x10, 0x32, 0x0c, 0x43, 0x86, 0x21, 0x11, 0x00, 0x08, 0x43, 0x24, 0x04, 0x48, 0x10, 0x0c, 0x90, 0x92, 0x00, 0x43, 0x20, 0x2d, 0x00, 0x06, 0x09, 0x88, 0x24, 0x40, 0xc0, 0x32, 0x09, 0x09, 0x82, 0x00, 0x53, 0x80, 0x08, 0x80, 0x96, 0x41, 0x81, 0x00, 0x40, 0x48, 0x10, 0x48, 0x08, 0x96, 0x48, 0x58, 0x20, 0x29, 0xc3, 0x80, 0x20, 0x02, 0x94, 0x60, 0x92, 0x00, 0x20, 0x81, 0x22, 0x44, 0x10, 0xa0, 0x05, 0x40, 0x90, 0x01, 0x49, 0x20, 0x04, 0x0a, 0x00, 0x24, 0x89, 0x34, 0x48, 0x13, 0x80, 0x2c, 0xc0, 0x82, 0x29, 0x00, 0x24, 0x45, 0x08, 0x00, 0x08, 0x98, 0x36, 0x04, 0x52, 0x84, 0x04, 0xd0, 0x04, 0x00, 0x8a, 0x90, 0x44, 0x82, 0x32, 0x65, 0x18, 0x90, 0x00, 0x0a, 0x02, 0x01, 0x40, 0x02, 0x28, 0x40, 0xa4, 0x04, 0x92, 0x30, 0x04, 0x11, 0x86, 0x08, 0x42, 0x00, 0x2c, 0x52, 0x04, 0x08, 0xc9, 0x84, 0x60, 0x48, 0x12, 0x09, 0x99, 0x24, 0x44, 0x00, 0x24, 0x00, 0x03, 0x14, 0x21, 0x00, 0x10, 0x01, 0x1a, 0x32, 0x05, 0x88, 0x20, 0x40, 0x40, 0x06, 0x09, 0xc3, 0x84, 0x40, 0x01, 0x30, 0x60, 0x18, 0x02, 0x68, 0x11, 0x90, 0x0c, 0x02, 0xa2, 0x04, 0x00, 0x86, 0x29, 0x89, 0x14, 0x24, 0x82, 0x02, 0x41, 0x08, 0x80, 0x04, 0x19, 0x80, 0x08, 0x10, 0x12, 0x68, 0x42, 0xa4, 0x04, 0x00, 0x02, 0x61, 0x10, 0x06, 0x0c, 0x10, 0x00, 0x01, 0x12, 0x10, 0x20, 0x03, 0x94, 0x21, 0x42, 0x12, 0x65, 0x18, 0x94, 0x0c, 0x0a, 0x04, 0x28, 0x01, 0x14, 0x29, 0x0a, 0xa4, 0x40, 0xd0, 0x00, 0x40, 0x01, 0x90, 0x04, 0x41, 0x20, 0x2d, 0x40, 0x82, 0x48, 0xc1, 0x20, 0x00, 0x10, 0x30, 0x01, 0x08, 0x24, 0x04, 0x59, 0x84, 0x24, 0x00, 0x02, 0x29, 0x82, 0x00, 0x61, 0x58, 0x02, 0x48, 0x81, 0x16, 0x48, 0x10, 0x00, 0x21, 0x11, 0x06, 0x00, 0xca, 0xa0, 0x40, 0x02, 0x00, 0x04, 0x91, 0xb0, 0x00, 0x42, 0x04, 0x0c, 0x81, 0x06, 0x09, 0x48, 0x14, 0x25, 0x92, 0x20, 0x25, 0x11, 0xa0, 0x00, 0x0a, 0x86, 0x0c, 0xc1, 0x02, 0x48, 0x00, 0x20, 0x45, 0x08, 0x32, 0x00, 0x98, 0x06, 0x04, 0x13, 0x22, 0x00, 0x82, 0x04, 0x48, 0x81, 0x14, 0x44, 0x82, 0x12, 0x24, 0x18, 0x10, 0x40, 0x43, 0x80, 0x28, 0xd0, 0x04, 0x20, 0x81, 0x24, 0x64, 0xd8, 0x00, 0x2c, 0x09, 0x12, 0x08, 0x41, 0xa2, 0x00, 0x00, 0x02, 0x41, 0xca, 0x20, 0x41, 0xc0, 0x10, 0x01, 0x18, 0xa4, 0x04, 0x18, 0xa4, 0x20, 0x12, 0x94, 0x20, 0x83, 0xa0, 0x40, 0x02, 0x32, 0x44, 0x80, 0x04, 0x00, 0x18, 0x00, 0x0c, 0x40, 0x86, 0x60, 0x8a, 0x00, 0x64, 0x88, 0x12, 0x05, 0x01, 0x82, 0x00, 0x4a, 0xa2, 0x01, 0xc1, 0x10, 0x61, 0x09, 0x04, 0x01, 0x88, 0x00, 0x60, 0x01, 0xb4, 0x40, 0x08, 0x06, 0x01, 0x03, 0x80, 0x08, 0x40, 0x94, 0x04, 0x8a, 0x20, 0x29, 0x80, 0x02, 0x0c, 0x52, 0x02, 0x01, 0x42, 0x84, 0x00, 0x80, 0x84, 0x64, 0x02, 0x32, 0x48, 0x00, 0x30, 0x44, 0x40, 0x22, 0x21, 0x00, 0x02, 0x08, 0xc3, 0xa0, 0x04, 0xd0, 0x20, 0x40, 0x18, 0x16, 0x40, 0x40, 0x00, 0x28, 0x52, 0x90, 0x08, 0x82, 0x14, 0x01, 0x18, 0x10, 0x08, 0x09, 0x82, 0x40, 0x0a, 0xa0, 0x20, 0x93, 0x80, 0x08, 0xc0, 0x00, 0x20, 0x52, 0x00, 0x05, 0x01, 0x10, 0x40, 0x11, 0x06, 0x0c, 0x82, 0x00, 0x00, 0x4b, 0x90, 0x44, 0x9a, 0x00, 0x28, 0x80, 0x90, 0x04, 0x4a, 0x06, 0x09, 0x43, 0x02, 0x28, 0x00, 0x34, 0x01, 0x18, 0x00, 0x65, 0x09, 0x80, 0x44, 0x03, 0x00, 0x24, 0x02, 0x82, 0x61, 0x48, 0x14, 0x41, 0x00, 0x12, 0x28, 0x00, 0x34, 0x08, 0x51, 0x04, 0x05, 0x12, 0x90, 0x28, 0x89, 0x84, 0x60, 0x12, 0x10, 0x49, 0x10, 0x26, 0x40, 0x49, 0x82, 0x00, 0x91, 0x10, 0x01, 0x0a, 0x24, 0x40, 0x88, 0x10, 0x4c, 0x10, 0x04, 0x00, 0x50, 0xa2, 0x2c, 0x40, 0x90, 0x48, 0x0a, 0xb0, 0x01, 0x50, 0x12, 0x08, 0x00, 0xa4, 0x04, 0x09, 0xa0, 0x28, 0x92, 0x02, 0x00, 0x43, 0x10, 0x21, 0x02, 0x20, 0x41, 0x81, 0x32, 0x00, 0x08, 0x04, 0x0c, 0x52, 0x00, 0x21, 0x49, 0x84, 0x20, 0x10, 0x02, 0x01, 0x81, 0x10, 0x48, 0x40, 0x22, 0x01, 0x01, 0x84, 0x69, 0xc1, 0x30, 0x01, 0xc8, 0x02, 0x44, 0x88, 0x00, 0x0c, 0x01, 0x02, 0x2d, 0xc0, 0x12, 0x61, 0x00, 0xa0, 0x00, 0xc0, 0x30, 0x40, 0x01, 0x12, 0x08, 0x0b, 0x20, 0x00, 0x80, 0x94, 0x40, 0x01, 0x84, 0x40, 0x00, 0x32, 0x00, 0x10, 0x84, 0x00, 0x0b, 0x24, 0x00, 0x01, 0x06, 0x29, 0x8a, 0x84, 0x41, 0x80, 0x10, 0x08, 0x08, 0x94, 0x4c, 0x03, 0x80, 0x01, 0x40, 0x96, 0x40, 0x41, 0x20, 0x20, 0x50, 0x22, 0x25, 0x89, 0xa2, 0x40, 0x40, 0xa4, 0x20, 0x02, 0x86, 0x28, 0x01, 0x20, 0x21, 0x4a, 0x10, 0x08, 0x00, 0x14, 0x08, 0x40, 0x04, 0x25, 0x42, 0x02, 0x21, 0x43, 0x10, 0x04, 0x92, 0x00, 0x21, 0x11, 0xa0, 0x4c, 0x18, 0x22, 0x09, 0x03, 0x84, 0x41, 0x89, 0x10, 0x04, 0x82, 0x22, 0x24, 0x01, 0x14, 0x08, 0x08, 0x84, 0x08, 0xc1, 0x00, 0x09, 0x42, 0xb0, 0x41, 0x8a, 0x02, 0x00, 0x80, 0x36, 0x04, 0x49, 0xa0, 0x24, 0x91, 0x00, 0x00, 0x02, 0x94, 0x41, 0x92, 0x02, 0x01, 0x08, 0x06, 0x08, 0x09, 0x00, 0x01, 0xd0, 0x16, 0x28, 0x89, 0x80, 0x60, 0x00, 0x00, 0x68, 0x01, 0x90, 0x0c, 0x50, 0x20, 0x01, 0x40, 0x80, 0x40, 0x42, 0x30, 0x41, 0x00, 0x20, 0x25, 0x81, 0x06, 0x40, 0x49, 0x00, 0x08, 0x01, 0x12, 0x49, 0x00, 0xa0, 0x20, 0x18, 0x30, 0x05, 0x01, 0xa6, 0x00, 0x10, 0x24, 0x28, 0x00, 0x02, 0x20, 0xc8, 0x20, 0x00, 0x88, 0x12, 0x0c, 0x90, 0x92, 0x00, 0x02, 0x26, 0x01, 0x42, 0x16, 0x49, 0x00, 0x04, 0x24, 0x42, 0x02, 0x01, 0x88, 0x80, 0x0c, 0x1a, 0x80, 0x08, 0x10, 0x00, 0x60, 0x02, 0x94, 0x44, 0x88, 0x00, 0x69, 0x11, 0x30, 0x08, 0x12, 0xa0, 0x24, 0x13, 0x84, 0x00, 0x82, 0x00, 0x65, 0xc0, 0x10, 0x28, 0x00, 0x30, 0x04, 0x03, 0x20, 0x01, 0x11, 0x06, 0x01, 0xc8, 0x80, 0x00, 0xc2, 0x20, 0x08, 0x10, 0x82, 0x0c, 0x13, 0x02, 0x0c, 0x52, 0x06, 0x40, 0x00, 0xb0, 0x61, 0x40, 0x10, 0x01, 0x98, 0x86, 0x04, 0x10, 0x84, 0x08, 0x92, 0x14, 0x60, 0x41, 0x80, 0x41, 0x1a, 0x10, 0x04, 0x81, 0x22, 0x40, 0x41, 0x20, 0x29, 0x52, 0x00, 0x41, 0x08, 0x34, 0x60, 0x10, 0x00, 0x28, 0x01, 0x10, 0x40, 0x00, 0x84, 0x08, 0x42, 0x90, 0x20, 0x48, 0x04, 0x04, 0x52, 0x02, 0x00, 0x08, 0x20, 0x04, 0x00, 0x82, 0x0d, 0x00, 0x82, 0x40, 0x02, 0x10, 0x05, 0x48, 0x20, 0x40, 0x99, 0x00, 0x00, 0x01, 0x06, 0x24, 0xc0, 0x00, 0x68, 0x82, 0x04, 0x21, 0x12, 0x10, 0x44, 0x08, 0x04, 0x00, 0x40, 0xa6, 0x20, 0xd0, 0x16, 0x09, 0xc9, 0x24, 0x41, 0x02, 0x20, 0x0c, 0x09, 0x92, 0x40, 0x12, 0x00, 0x00, 0x40, 0x00, 0x09, 0x43, 0x84, 0x20, 0x98, 0x02, 0x01, 0x11, 0x24, 0x00, 0x43, 0x24, 0x00, 0x03, 0x90, 0x08, 0x41, 0x30, 0x24, 0x58, 0x20, 0x4c, 0x80, 0x82, 0x08, 0x10, 0x24, 0x25, 0x81, 0x06, 0x41, 0x09, 0x10, 0x20, 0x18, 0x10, 0x44, 0x80, 0x10, 0x00, 0x4a, 0x24, 0x0d, 0x01, 0x94, 0x28, 0x80, 0x30, 0x00, 0xc0, 0x02, 0x60, 0x10, 0x84, 0x0c, 0x02, 0x00, 0x09, 0x02, 0x82, 0x01, 0x08, 0x10, 0x04, 0xc2, 0x20, 0x68, 0x09, 0x06, 0x04, 0x18, 0x00, 0x00, 0x11, 0x90, 0x08, 0x0b, 0x10, 0x21, 0x82, 0x02, 0x0c, 0x10, 0xb6, 0x08, 0x00, 0x26, 0x00, 0x41, 0x02, 0x01, 0x4a, 0x24, 0x21, 0x1a, 0x20, 0x24, 0x80, 0x00, 0x44, 0x02, 0x00, 0x2d, 0x40, 0x02, 0x00, 0x8b, 0x94, 0x20, 0x10, 0x00, 0x20, 0x90, 0xa6, 0x40, 0x13, 0x00, 0x2c, 0x11, 0x86, 0x61, 0x01, 0x80, 0x41, 0x10, 0x02, 0x04, 0x81, 0x30, 0x48, 0x48, 0x20, 0x28, 0x50, 0x80, 0x21, 0x8a, 0x10, 0x04, 0x08, 0x10, 0x09, 0x10, 0x10, 0x48, 0x42, 0xa0, 0x0c, 0x82, 0x92, 0x60, 0xc0, 0x20, 0x05, 0xd2, 0x20, 0x40, 0x01, 0x00, 0x04, 0x08, 0x82, 0x2d, 0x82, 0x02, 0x00, 0x48, 0x80, 0x41, 0x48, 0x10, 0x00, 0x91, 0x04, 0x04, 0x03, 0x84, 0x00, 0xc2, 0x04, 0x68, 0x00, 0x00, 0x64, 0xc0, 0x22, 0x40, 0x08, 0x32, 0x44, 0x09, 0x86, 0x00, 0x91, 0x02, 0x28, 0x01, 0x00, 0x64, 0x48, 0x00, 0x24, 0x10, 0x90, 0x00, 0x43, 0x00, 0x21, 0x52, 0x86, 0x41, 0x8b, 0x90, 0x20, 0x40, 0x20, 0x08, 0x88, 0x04, 0x44, 0x13, 0x20, 0x00, 0x02, 0x84, 0x60, 0x81, 0x90, 0x24, 0x40, 0x30, 0x00, 0x08, 0x10, 0x08, 0x08, 0x02, 0x01, 0x10, 0x04, 0x20, 0x43, 0xb4, 0x40, 0x90, 0x12, 0x68, 0x01, 0x80, 0x4c, 0x18, 0x00, 0x08, 0xc0, 0x12, 0x49, 0x40, 0x10, 0x24, 0x1a, 0x00, 0x41, 0x89, 0x24, 0x4c, 0x10, 0x00, 0x04, 0x52, 0x10, 0x09, 0x4a, 0x20, 0x41, 0x48, 0x22, 0x69, 0x11, 0x14, 0x08, 0x10, 0x06, 0x24, 0x80, 0x84, 0x28, 0x00, 0x10, 0x00, 0x40, 0x10, 0x01, 0x08, 0x26, 0x08, 0x48, 0x06, 0x28, 0x00, 0x14, 0x01, 0x42, 0x84, 0x04, 0x0a, 0x20, 0x00, 0x01, 0x82, 0x08, 0x00, 0x82, 0x24, 0x12, 0x04, 0x40, 0x40, 0xa0, 0x40, 0x90, 0x10, 0x04, 0x90, 0x22, 0x40, 0x10, 0x20, 0x2c, 0x80, 0x10, 0x28, 0x43, 0x00, 0x04, 0x58, 0x00, 0x01, 0x81, 0x10, 0x48, 0x09, 0x20, 0x21, 0x83, 0x04, 0x00, 0x42, 0xa4, 0x44, 0x00, 0x00, 0x6c, 0x10, 0xa0, 0x44, 0x48, 0x80, 0x00, 0x83, 0x80, 0x48, 0xc9, 0x00, 0x00, 0x00, 0x02, 0x05, 0x10, 0xb0, 0x04, 0x13, 0x04, 0x29, 0x10, 0x92, 0x40, 0x08, 0x04, 0x44, 0x82, 0x22, 0x00, 0x19, 0x20, 0x00, 0x19, 0x20, 0x01, 0x81, 0x90, 0x60, 0x8a, 0x00, 0x41, 0xc0, 0x02, 0x45, 0x10, 0x04, 0x00, 0x02, 0xa2, 0x09, 0x40, 0x10, 0x21, 0x49, 0x20, 0x01, 0x42, 0x30, 0x2c, 0x00, 0x14, 0x44, 0x01, 0x22, 0x04, 0x02, 0x92, 0x08, 0x89, 0x04, 0x21, 0x80, 0x10, 0x05, 0x01, 0x20, 0x40, 0x41, 0x80, 0x04, 0x00, 0x12, 0x09, 0x40, 0xb0, 0x64, 0x58, 0x32, 0x01, 0x08, 0x90, 0x00, 0x41, 0x04, 0x09, 0xc1, 0x80, 0x61, 0x08, 0x90, 0x00, 0x9a, 0x00, 0x24, 0x01, 0x12, 0x08, 0x02, 0x26, 0x05, 0x82, 0x06, 0x08, 0x08, 0x00, 0x20, 0x48, 0x20, 0x00, 0x18, 0x24, 0x48, 0x03, 0x02, 0x00, 0x11, 0x00, 0x09, 0x00, 0x84, 0x01, 0x4a, 0x10, 0x01, 0x98, 0x00, 0x04, 0x18, 0x86, 0x00, 0xc0, 0x00, 0x20, 0x81, 0x80, 0x04, 0x10, 0x30, 0x05, 0x00, 0xb4, 0x0c, 0x4a, 0x82, 0x29, 0x91, 0x02, 0x28, 0x00, 0x20, 0x44, 0xc0, 0x00, 0x2c, 0x91, 0x80, 0x40, 0x01, 0xa2, 0x00, 0x12, 0x04, 0x09, 0xc3, 0x20, 0x00, 0x08, 0x02, 0x0c, 0x10, 0x22, 0x04, 0x00, 0x00, 0x2c, 0x11, 0x86, 0x00, 0xc0, 0x00, 0x00, 0x12, 0x32, 0x40, 0x89, 0x80, 0x40, 0x40, 0x02, 0x05, 0x50, 0x86, 0x60, 0x82, 0xa4, 0x60, 0x0a, 0x12, 0x4d, 0x80, 0x90, 0x08, 0x12, 0x80, 0x09, 0x02, 0x14, 0x48, 0x01, 0x24, 0x20, 0x8a, 0x00, 0x44, 0x90, 0x04, 0x04, 0x01, 0x02, 0x00, 0xd1, 0x12, 0x00, 0x0a, 0x04, 0x40, 0x00, 0x32, 0x21, 0x81, 0x24, 0x08, 0x19, 0x84, 0x20, 0x02, 0x04, 0x08, 0x89, 0x80, 0x24, 0x02, 0x02, 0x68, 0x18, 0x82, 0x44, 0x42, 0x00, 0x21, 0x40, 0x00, 0x28, 0x01, 0x80, 0x45, 0x82, 0x20, 0x40, 0x11, 0x80, 0x0c, 0x02, 0x00, 0x24, 0x40, 0x90, 0x01, 0x40, 0x20, 0x20, 0x50, 0x20, 0x28, 0x19, 0x00, 0x40, 0x09, 0x20, 0x08, 0x80, 0x04, 0x60, 0x40, 0x80, 0x20, 0x08, 0x30, 0x49, 0x09, 0x34, 0x00, 0x11, 0x24, 0x24, 0x82, 0x00, 0x41, 0xc2, 0x00, 0x04, 0x92, 0x02, 0x24, 0x80, 0x00, 0x0c, 0x02, 0xa0, 0x00, 0x01, 0x06, 0x60, 0x41, 0x04, 0x21, 0xd0, 0x00, 0x01, 0x01, 0x00, 0x48, 0x12, 0x84, 0x04, 0x91, 0x12, 0x08, 0x00, 0x24, 0x44, 0x00, 0x12, 0x41, 0x18, 0x26, 0x0c, 0x41, 0x80, 0x00, 0x52, 0x04, 0x20, 0x09, 0x00, 0x24, 0x90, 0x20, 0x48, 0x18, 0x02, 0x00, 0x03, 0xa2, 0x09, 0xd0, 0x14, 0x00, 0x8a, 0x84, 0x25, 0x4a, 0x00, 0x20, 0x98, 0x14, 0x40, 0x00, 0xa2, 0x05, 0x00, 0x00, 0x00, 0x40, 0x14, 0x01, 0x58, 0x20, 0x2c, 0x80, 0x84, 0x00, 0x09, 0x20, 0x20, 0x91, 0x02, 0x08, 0x02, 0xb0, 0x41, 0x08, 0x30, 0x00, 0x09, 0x10, 0x00, 0x18, 0x02, 0x21, 0x02, 0x02, 0x00, 0x00, 0x24, 0x44, 0x08, 0x12, 0x60, 0x00, 0xb2, 0x44, 0x12, 0x02, 0x0c, 0xc0, 0x80, 0x40, 0xc8, 0x20, 0x04, 0x50, 0x20, 0x05, 0x00, 0xb0, 0x04, 0x0b, 0x04, 0x29, 0x53, 0x00, 0x61, 0x48, 0x30, 0x00, 0x82, 0x20, 0x29, 0x00, 0x16, 0x00, 0x53, 0x22, 0x20, 0x43, 0x10, 0x48, 0x00, 0x80, 0x04, 0xd2, 0x00, 0x40, 0x00, 0xa2, 0x44, 0x03, 0x80, 0x29, 0x00, 0x04, 0x08, 0xc0, 0x04, 0x64, 0x40, 0x30, 0x28, 0x09, 0x84, 0x44, 0x50, 0x80, 0x21, 0x02, 0x92, 0x00, 0xc0, 0x10, 0x60, 0x88, 0x22, 0x08, 0x80, 0x00, 0x00, 0x18, 0x84, 0x04, 0x83, 0x96, 0x00, 0x81, 0x20, 0x05, 0x02, 0x00, 0x45, 0x88, 0x84, 0x00, 0x51, 0x20, 0x20, 0x51, 0x86, 0x41, 0x4b, 0x94, 0x00, 0x80, 0x00, 0x08, 0x11, 0x20, 0x4c, 0x58, 0x80, 0x04, 0x03, 0x06, 0x20, 0x89, 0x00, 0x05, 0x08, 0x22, 0x05, 0x90, 0x00, 0x40, 0x00, 0x82, 0x09, 0x50, 0x00, 0x00, 0x00, 0xa0, 0x41, 0xc2, 0x20, 0x08, 0x00, 0x16, 0x08, 0x40, 0x26, 0x21, 0xd0, 0x90, 0x08, 0x81, 0x90, 0x41, 0x00, 0x02, 0x44, 0x08, 0x10, 0x0c, 0x0a, 0x86, 0x09, 0x90, 0x04, 0x00, 0xc8, 0xa0, 0x04, 0x08, 0x30, 0x20, 0x89, 0x84, 0x00, 0x11, 0x22, 0x2c, 0x40, 0x00, 0x08, 0x02, 0xb0, 0x01, 0x48, 0x02, 0x01, 0x09, 0x20, 0x04, 0x03, 0x04, 0x00, 0x80, 0x02, 0x60, 0x42, 0x30, 0x21, 0x4a, 0x10, 0x44, 0x09, 0x02, 0x00, 0x01, 0x24, 0x00, 0x12, 0x82, 0x21, 0x80, 0xa4, 0x20, 0x10, 0x02, 0x04, 0x91, 0xa0, 0x40, 0x18, 0x04, 0x00, 0x02, 0x06, 0x69, 0x09, 0x00, 0x05, 0x58, 0x02, 0x01, 0x00, 0x00, 0x48, 0x00, 0x00, 0x00, 0x03, 0x92, 0x20, 0x00, 0x34, 0x01, 0xc8, 0x20, 0x48, 0x08, 0x30, 0x08, 0x42, 0x80, 0x20, 0x91, 0x90, 0x68, 0x01, 0x04, 0x40, 0x12, 0x02, 0x61, 0x00, 0x12, 0x08, 0x01, 0xa0, 0x00, 0x11, 0x04, 0x21, 0x48, 0x04, 0x24, 0x92, 0x00, 0x0c, 0x01, 0x84, 0x04, 0x00, 0x00, 0x01, 0x12, 0x96, 0x40, 0x01, 0xa0, 0x41, 0x88, 0x22, 0x28, 0x88, 0x00, 0x44, 0x42, 0x80, 0x24, 0x12, 0x14, 0x01, 0x42, 0x90, 0x60, 0x1a, 0x10, 0x04, 0x81, 0x10, 0x48, 0x08, 0x06, 0x29, 0x83, 0x02, 0x40, 0x02, 0x24, 0x64, 0x80, 0x10, 0x05, 0x80, 0x10, 0x40, 0x02, 0x02, 0x08, 0x42, 0x84, 0x01, 0x09, 0x20, 0x04, 0x50, 0x00, 0x60, 0x11, 0x30, 0x40, 0x13, 0x02, 0x04, 0x81, 0x00, 0x09, 0x08, 0x20, 0x45, 0x4a, 0x10, 0x61, 0x90, 0x26, 0x0c, 0x08, 0x02, 0x21, 0x91, 0x00, 0x60, 0x02, 0x04, 0x00, 0x02, 0x00, 0x0c, 0x08, 0x06, 0x08, 0x48, 0x84, 0x08, 0x11, 0x02, 0x00, 0x80, 0xa4, 0x00, 0x5a, 0x20, 0x00, 0x88, 0x04, 0x04, 0x02, 0x00, 0x09, 0x00, 0x14, 0x08, 0x49, 0x14, 0x20, 0xc8, 0x00, 0x04, 0x91, 0xa0, 0x40, 0x59, 0x80, 0x00, 0x12, 0x10, 0x00, 0x80, 0x80, 0x65, 0x00, 0x00, 0x04, 0x00, 0x80, 0x40, 0x19, 0x00, 0x21, 0x03, 0x84, 0x60, 0xc0, 0x04, 0x24, 0x1a, 0x12, 0x61, 0x80, 0x80, 0x08, 0x02, 0x04, 0x09, 0x42, 0x12, 0x20, 0x08, 0x34, 0x04, 0x90, 0x20, 0x01, 0x01, 0xa0, 0x00, 0x0b, 0x00, 0x08, 0x91, 0x92, 0x40, 0x02, 0x34, 0x40, 0x88, 0x10, 0x61, 0x19, 0x02, 0x00, 0x40, 0x04, 0x25, 0xc0, 0x80, 0x68, 0x08, 0x04, 0x21, 0x80, 0x22, 0x04, 0x00, 0xa0, 0x0c, 0x01, 0x84, 0x20, 0x41, 0x00, 0x08, 0x8a, 0x00, 0x20, 0x8a, 0x00, 0x48, 0x88, 0x04, 0x04, 0x11, 0x82, 0x08, 0x40, 0x86, 0x09, 0x49, 0xa4, 0x40, 0x00, 0x10, 0x01, 0x01, 0xa2, 0x04, 0x50, 0x80, 0x0c, 0x80, 0x00, 0x48, 0x82, 0xa0, 0x01, 0x18, 0x12, 0x41, 0x01, 0x04, 0x48, 0x41, 0x00, 0x24, 0x01, 0x00, 0x00, 0x88, 0x14, 0x00, 0x02, 0x00, 0x68, 0x01, 0x20, 0x08, 0x4a, 0x22, 0x08, 0x83, 0x80, 0x00, 0x89, 0x04, 0x01, 0xc2, 0x00, 0x00, 0x00, 0x34, 0x04, 0x00, 0x82, 0x28, 0x02, 0x02, 0x41, 0x4a, 0x90, 0x05, 0x82, 0x02, 0x09, 0x80, 0x24, 0x04, 0x41, 0x00, 0x01, 0x92, 0x80, 0x28, 0x01, 0x14, 0x00, 0x50, 0x20, 0x4c, 0x10, 0xb0, 0x04, 0x43, 0xa4, 0x21, 0x90, 0x04, 0x01, 0x02, 0x00, 0x44, 0x48, 0x00, 0x64, 0x08, 0x06, 0x00, 0x42, 0x20, 0x08, 0x02, 0x92, 0x01, 0x4a, 0x00, 0x20, 0x50, 0x32, 0x25, 0x90, 0x22, 0x04, 0x09, 0x00, 0x08, 0x11, 0x80, 0x21, 0x01, 0x10, 0x05, 0x00, 0x32, 0x08, 0x88, 0x94, 0x08, 0x08, 0x24, 0x0d, 0xc1, 0x80, 0x40, 0x0b, 0x20, 0x40, 0x18, 0x12, 0x04, 0x00, 0x22, 0x40, 0x10, 0x26, 0x05, 0xc1, 0x82, 0x00, 0x01, 0x30, 0x24, 0x02, 0x22, 0x41, 0x08, 0x24, 0x48, 0x1a, 0x00, 0x25, 0xd2, 0x12, 0x28, 0x42, 0x00, 0x04, 0x40, 0x30, 0x41, 0x00, 0x02, 0x00, 0x13, 0x20, 0x24, 0xd1, 0x84, 0x08, 0x89, 0x80, 0x04, 0x52, 0x00, 0x44, 0x18, 0xa4, 0x00, 0x00, 0x06, 0x20, 0x91, 0x10, 0x09, 0x42, 0x20, 0x24, 0x40, 0x30, 0x28, 0x00, 0x84, 0x40, 0x40, 0x80, 0x08, 0x10, 0x04, 0x09, 0x08, 0x04, 0x40, 0x08, 0x22, 0x00, 0x19, 0x02, 0x00, 0x00, 0x80, 0x2c, 0x02, 0x02, 0x21, 0x01, 0x90, 0x20, 0x40, 0x00, 0x0c, 0x00, 0x34, 0x48, 0x58, 0x20, 0x01, 0x43, 0x04, 0x20, 0x80, 0x14, 0x00, 0x90, 0x00, 0x6d, 0x11, 0x00, 0x00, 0x40, 0x20, 0x00, 0x03, 0x10, 0x40, 0x88, 0x30, 0x05, 0x4a, 0x00, 0x65, 0x10, 0x24, 0x08, 0x18, 0x84, 0x28, 0x03, 0x80, 0x20, 0x42, 0xb0, 0x40, 0x00, 0x10, 0x69, 0x19, 0x04, 0x00, 0x00, 0x80, 0x04, 0xc2, 0x04, 0x00, 0x01, 0x00, 0x05, 0x00, 0x22, 0x25, 0x08, 0x96, 0x04, 0x02, 0x22, 0x00, 0xd0, 0x10, 0x29, 0x01, 0xa0, 0x60, 0x08, 0x10, 0x04, 0x01, 0x16, 0x44, 0x10, 0x02, 0x28, 0x02, 0x82, 0x48, 0x40, 0x84, 0x20, 0x90, 0x22, 0x28, 0x80, 0x04, 0x00, 0x40, 0x04, 0x24, 0x00, 0x80, 0x29, 0x03, 0x10, 0x60, 0x48, 0x00, 0x00, 0x81, 0xa0, 0x00, 0x51, 0x20, 0x0c, 0xd1, 0x00, 0x01, 0x41, 0x20, 0x04, 0x92, 0x00, 0x00, 0x10, 0x92, 0x00, 0x42, 0x04, 0x05, 0x01, 0x86, 0x40, 0x80, 0x10, 0x20, 0x52, 0x20, 0x21, 0x00, 0x10, 0x48, 0x0a, 0x02, 0x00, 0xd0, 0x12, 0x41, 0x48, 0x80, 0x04, 0x00, 0x00, 0x48, 0x09, 0x22, 0x04, 0x00, 0x24, 0x00, 0x43, 0x10, 0x60, 0x0a, 0x00, 0x44, 0x12, 0x20, 0x2c, 0x08, 0x20, 0x44, 0x00, 0x84, 0x09, 0x40, 0x06, 0x08, 0xc1, 0x00, 0x40, 0x80, 0x20, 0x00, 0x98, 0x12, 0x48, 0x10, 0xa2, 0x20, 0x00, 0x84, 0x48, 0xc0, 0x10, 0x20, 0x90, 0x12, 0x08, 0x98, 0x82, 0x00, 0x0a, 0xa0, 0x04, 0x03, 0x00, 0x28, 0xc3, 0x00, 0x44, 0x42, 0x10, 0x04, 0x08, 0x04, 0x40, 0x00, 0x00, 0x05, 0x10, 0x00, 0x21, 0x03, 0x80, 0x04, 0x88, 0x12, 0x69, 0x10, 0x00, 0x04, 0x08, 0x04, 0x04, 0x02, 0x84, 0x48, 0x49, 0x04, 0x20, 0x18, 0x02, 0x64, 0x80, 0x30, 0x08, 0x01, 0x02, 0x00, 0x52, 0x12, 0x49, 0x08, 0x20, 0x41, 0x88, 0x10, 0x48, 0x08, 0x34, 0x00, 0x01, 0x86, 0x05, 0xd0, 0x00, 0x00, 0x83, 0x84, 0x21, 0x40, 0x02, 0x41, 0x10, 0x80, 0x48, 0x40, 0xa2, 0x20, 0x51, 0x00, 0x00, 0x49, 0x00, 0x01, 0x90, 0x20, 0x40, 0x18, 0x02, 0x40, 0x02, 0x22, 0x05, 0x40, 0x80, 0x08, 0x82, 0x10, 0x20, 0x18, 0x00, 0x05, 0x01, 0x82, 0x40, 0x58, 0x00, 0x04, 0x81, 0x90, 0x29, 0x01, 0xa0, 0x64, 0x00, 0x22, 0x40, 0x01, 0xa2, 0x00, 0x18, 0x04, 0x0d, 0x00, 0x00, 0x60, 0x80, 0x94, 0x60, 0x82, 0x10, 0x0d, 0x80, 0x30, 0x0c, 0x12, 0x20, 0x00, 0x00, 0x12, 0x40, 0xc0, 0x20, 0x21, 0x58, 0x02, 0x41, 0x10, 0x80, 0x44, 0x03, 0x02, 0x04, 0x13, 0x90, 0x29, 0x08, 0x00, 0x44, 0xc0, 0x00, 0x21, 0x00, 0x26, 0x00, 0x1a, 0x80, 0x01, 0x13, 0x14, 0x20, 0x0a, 0x14, 0x20, 0x00, 0x32, 0x61, 0x08, 0x00, 0x40, 0x42, 0x20, 0x09, 0x80, 0x06, 0x01, 0x81, 0x80, 0x60, 0x42, 0x00, 0x68, 0x90, 0x82, 0x08, 0x42, 0x80, 0x04, 0x02, 0x80, 0x09, 0x0b, 0x04, 0x00, 0x98, 0x00, 0x0c, 0x81, 0x06, 0x44, 0x48, 0x84, 0x28, 0x03, 0x92, 0x00, 0x01, 0x80, 0x40, 0x0a, 0x00, 0x0c, 0x81, 0x02, 0x08, 0x51, 0x04, 0x28, 0x90, 0x02, 0x20, 0x09, 0x10, 0x60, 0x00, 0x00, 0x09, 0x81, 0xa0, 0x0c, 0x00, 0xa4, 0x09, 0x00, 0x02, 0x28, 0x80, 0x20, 0x00, 0x02, 0x02, 0x04, 0x81, 0x14, 0x04, 0x00, 0x04, 0x09, 0x11, 0x12, 0x60, 0x40, 0x20, 0x01, 0x48, 0x30, 0x40, 0x11, 0x00, 0x08, 0x0a, 0x86, 0x00, 0x00, 0x04, 0x60, 0x81, 0x04, 0x01, 0xd0, 0x02, 0x41, 0x18, 0x90, 0x00, 0x0a, 0x20, 0x00, 0xc1, 0x06, 0x01, 0x08, 0x80, 0x64, 0xca, 0x10, 0x04, 0x99, 0x80, 0x48, 0x01, 0x82, 0x20, 0x50, 0x90, 0x48, 0x80, 0x84, 0x20, 0x90, 0x22, 0x00, 0x19, 0x00, 0x04, 0x18, 0x20, 0x24, 0x10, 0x86, 0x40, 0xc2, 0x00, 0x24, 0x12, 0x10, 0x44, 0x00, 0x16, 0x08, 0x10, 0x24, 0x00, 0x12, 0x06, 0x01, 0x08, 0x90, 0x00, 0x12, 0x02, 0x4d, 0x10, 0x80, 0x40, 0x50, 0x22, 0x00, 0x43, 0x10, 0x01, 0x00, 0x30, 0x21, 0x0a, 0x00, 0x00, 0x01, 0x14, 0x00, 0x10, 0x84, 0x04, 0xc1, 0x10, 0x29, 0x0a, 0x00, 0x01, 0x8a, 0x00, 0x20, 0x01, 0x12, 0x0c, 0x49, 0x20, 0x04, 0x81, 0x00, 0x48, 0x01, 0x04, 0x60, 0x80, 0x12, 0x0c, 0x08, 0x10, 0x48, 0x4a, 0x04, 0x28, 0x10, 0x00, 0x28, 0x40, 0x84, 0x45, 0x50, 0x10, 0x60, 0x10, 0x06, 0x44, 0x01, 0x80, 0x09, 0x00, 0x86, 0x01, 0x42, 0xa0, 0x00, 0x90, 0x00, 0x05, 0x90, 0x22, 0x40, 0x41, 0x00, 0x08, 0x80, 0x02, 0x08, 0xc0, 0x00, 0x01, 0x58, 0x30, 0x49, 0x09, 0x14, 0x00, 0x41, 0x02, 0x0c, 0x02, 0x80, 0x40, 0x89, 0x00, 0x24, 0x08, 0x10, 0x05, 0x90, 0x32, 0x40, 0x0a, 0x82, 0x08, 0x00, 0x12, 0x61, 0x00, 0x04, 0x21, 0x00, 0x22, 0x04, 0x10, 0x24, 0x08, 0x0a, 0x04, 0x01, 0x10, 0x00, 0x20, 0x40, 0x84, 0x04, 0x88, 0x22, 0x20, 0x90, 0x12, 0x00, 0x53, 0x06, 0x24, 0x01, 0x04, 0x40, 0x0b, 0x14, 0x60, 0x82, 0x02, 0x0d, 0x10, 0x90, 0x0c, 0x08, 0x20, 0x09, 0x00, 0x14, 0x09, 0x80, 0x80, 0x24, 0x82, 0x00, 0x40, 0x01, 0x02, 0x44, 0x01, 0x20, 0x0c, 0x40, 0x84, 0x40, 0x0a, 0x10, 0x41, 0x00, 0x30, 0x05, 0x09, 0x80, 0x44, 0x08, 0x20, 0x20, 0x02, 0x00, 0x49, 0x43, 0x20, 0x21, 0x00, 0x20, 0x00, 0x01, 0xb6, 0x08, 0x40, 0x04, 0x08, 0x02, 0x80, 0x01, 0x41, 0x80, 0x40, 0x08, 0x10, 0x24, 0x00, 0x20, 0x04, 0x12, 0x86, 0x09, 0xc0, 0x12, 0x21, 0x81, 0x14, 0x04, 0x00, 0x02, 0x20, 0x89, 0xb4, 0x44, 0x12, 0x80, 0x00, 0xd1, 0x00, 0x69, 0x40, 0x80, 0x00, 0x42, 0x12, 0x00, 0x18, 0x04, 0x00, 0x49, 0x06, 0x21, 0x02, 0x04, 0x28, 0x02, 0x84, 0x01, 0xc0, 0x10, 0x68, 0x00, 0x20, 0x08, 0x40, 0x00, 0x08, 0x91, 0x10, 0x01, 0x81, 0x24, 0x04, 0xd2, 0x10, 0x4c, 0x88, 0x86, 0x00, 0x10, 0x80, 0x0c, 0x02, 0x14, 0x00, 0x8a, 0x90, 0x40, 0x18, 0x20, 0x21, 0x80, 0xa4, 0x00, 0x58, 0x24, 0x20, 0x10, 0x10, 0x60, 0xc1, 0x30, 0x41, 0x48, 0x02, 0x48, 0x09, 0x00, 0x40, 0x09, 0x02, 0x05, 0x11, 0x82, 0x20, 0x4a, 0x20, 0x24, 0x18, 0x02, 0x0c, 0x10, 0x22, 0x0c, 0x0a, 0x04, 0x00, 0x03, 0x06, 0x48, 0x48, 0x04, 0x04, 0x02, 0x00, 0x21, 0x80, 0x84, 0x00, 0x18, 0x00, 0x0c, 0x02, 0x12, 0x01, 0x00, 0x14, 0x05, 0x82, 0x10, 0x41, 0x89, 0x12, 0x08, 0x40, 0xa4, 0x21, 0x01, 0x84, 0x48, 0x02, 0x10, 0x60, 0x40, 0x02, 0x28, 0x00, 0x14, 0x08, 0x40, 0xa0, 0x20, 0x51, 0x12, 0x00, 0xc2, 0x00, 0x01, 0x1a, 0x30, 0x40, 0x89, 0x12, 0x4c, 0x02, 0x80, 0x00, 0x00, 0x14, 0x01, 0x01, 0xa0, 0x21, 0x18, 0x22, 0x21, 0x18, 0x06, 0x40, 0x01, 0x80, 0x00, 0x90, 0x04, 0x48, 0x02, 0x30, 0x04, 0x08, 0x00, 0x05, 0x88, 0x24, 0x08, 0x48, 0x04, 0x24, 0x02, 0x06, 0x00, 0x80, 0x00, 0x00, 0x00, 0x10, 0x65, 0x11, 0x90, 0x00, 0x0a, 0x82, 0x04, 0xc3, 0x04, 0x60, 0x48, 0x24, 0x04, 0x92, 0x02, 0x44, 0x88, 0x80, 0x40, 0x18, 0x06, 0x29, 0x80, 0x10, 0x01, 0x00, 0x00, 0x44, 0xc8, 0x10, 0x21, 0x89, 0x30, 0x00, 0x4b, 0xa0, 0x01, 0x10, 0x14, 0x00, 0x02, 0x94, 0x40, 0x00, 0x20, 0x65, 0x00, 0xa2, 0x0c, 0x40, 0x22, 0x20, 0x81, 0x12, 0x20, 0x82, 0x04, 0x01, 0x10, 0x00, 0x08, 0x88, 0x00, 0x00, 0x11, 0x80, 0x04, 0x42, 0x80, 0x40, 0x41, 0x14, 0x00, 0x40, 0x32, 0x2c, 0x80, 0x24, 0x04, 0x19, 0x00, 0x00, 0x91, 0x00, 0x20, 0x83, 0x00, 0x05, 0x40, 0x20, 0x09, 0x01, 0x84, 0x40, 0x40, 0x20, 0x20, 0x11, 0x00, 0x40, 0x41, 0x90, 0x20, 0x00, 0x00, 0x40, 0x90, 0x92, 0x48, 0x18, 0x06, 0x08, 0x81, 0x80, 0x48, 0x01, 0x34, 0x24, 0x10, 0x20, 0x04, 0x00, 0x20, 0x04, 0x18, 0x06, 0x2d, 0x90, 0x10, 0x01, 0x00, 0x90, 0x00, 0x0a, 0x22, 0x01, 0x00, 0x22, 0x00, 0x11, 0x84, 0x01, 0x01, 0x00, 0x20, 0x88, 0x00, 0x44, 0x00, 0x22, 0x01, 0x00, 0xa6, 0x40, 0x02, 0x06, 0x20, 0x11, 0x00, 0x01, 0xc8, 0xa0, 0x04, 0x8a, 0x00, 0x28, 0x19, 0x80, 0x00, 0x52, 0xa0, 0x24, 0x12, 0x12, 0x09, 0x08, 0x24, 0x01, 0x48, 0x00, 0x04, 0x00, 0x24, 0x40, 0x02, 0x84, 0x08, 0x00, 0x04, 0x48, 0x40, 0x90, 0x60, 0x0a, 0x22, 0x01, 0x88, 0x14, 0x08, 0x01, 0x02, 0x08, 0xd3, 0x00, 0x20, 0xc0, 0x90, 0x24, 0x10, 0x00, 0x00, 0x01, 0xb0, 0x08, 0x0a, 0xa0, 0x00, 0x80, 0x00, 0x01, 0x09, 0x00, 0x20, 0x52, 0x02, 0x25, 0x00, 0x24, 0x04, 0x02, 0x84, 0x24, 0x10, 0x92, 0x40, 0x02, 0xa0, 0x40, 0x00, 0x22, 0x08, 0x11, 0x04, 0x08, 0x01, 0x22, 0x00, 0x42, 0x14, 0x00, 0x09, 0x90, 0x21, 0x00, 0x30, 0x6c, 0x00, 0x00, 0x0c, 0x00, 0x22, 0x09, 0x90, 0x10, 0x28, 0x40, 0x00, 0x20, 0xc0, 0x20, 0x00, 0x90, 0x00, 0x40, 0x01, 0x82, 0x05, 0x12, 0x12, 0x09, 0xc1, 0x04, 0x61, 0x80, 0x02, 0x28, 0x81, 0x24, 0x00, 0x49, 0x04, 0x08, 0x10, 0x86, 0x29, 0x41, 0x80, 0x21, 0x0a, 0x30, 0x49, 0x88, 0x90, 0x00, 0x41, 0x04, 0x29, 0x81, 0x80, 0x41, 0x09, 0x00, 0x40, 0x12, 0x10, 0x40, 0x00, 0x10, 0x40, 0x48, 0x02, 0x05, 0x80, 0x02, 0x21, 0x40, 0x20, 0x00, 0x58, 0x20, 0x60, 0x00, 0x90, 0x48, 0x00, 0x80, 0x28, 0xc0, 0x80, 0x48, 0x00, 0x00, 0x44, 0x80, 0x02, 0x00, 0x09, 0x06, 0x00, 0x12, 0x02, 0x01, 0x00, 0x10, 0x08, 0x83, 0x10, 0x45, 0x12, 0x00, 0x2c, 0x08, 0x04, 0x44, 0x00, 0x20, 0x20, 0xc0, 0x10, 0x20, 0x01, 0x00, 0x05, 0xc8, 0x20, 0x04, 0x98, 0x10, 0x08, 0x10, 0x00, 0x24, 0x02, 0x16, 0x40, 0x88, 0x00, 0x61, 0x88, 0x12, 0x24, 0x80, 0xa6, 0x00, 0x42, 0x00, 0x08, 0x10, 0x06, 0x48, 0x40, 0xa0, 0x00, 0x50, 0x20, 0x04, 0x81, 0xa4, 0x40, 0x18, 0x00, 0x08, 0x10, 0x80, 0x01, 0x01}; #if RSA_KEY_SIEVE && SIMULATION && RSA_INSTRUMENT UINT32 PrimeIndex = 0; UINT32 failedAtIteration[10] = {0}; UINT32 PrimeCounts[3] = {0}; UINT32 MillerRabinTrials[3] = {0}; UINT32 totalFieldsSieved[3] = {0}; UINT32 bitsInFieldAfterSieve[3] = {0}; UINT32 emptyFieldsSieved[3] = {0}; UINT32 noPrimeFields[3] = {0}; UINT32 primesChecked[3] = {0}; UINT16 lastSievePrime = 0; #endifgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/RsaKeyCache.c000066400000000000000000000215341510276467000264270ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Introduction // This file contains the functions to implement the RSA key cache that can be used // to speed up simulation. // // Only one key is created for each supported key size and it is returned whenever // a key of that size is requested. // // If desired, the key cache can be populated from a file. This allows multiple // TPM to run with the same RSA keys. Also, when doing simulation, the DRBG will // use preset sequences so it is not too hard to repeat sequences for debug or // profile or stress. // // When the key cache is enabled, a call to CryptRsaGenerateKey() will call the // GetCachedRsaKey(). If the cache is enabled and populated, then the cached key // of the requested size is returned. If a key of the requested size is not // available, the no key is loaded and the requested key will need to be generated. // If the cache is not populated, the TPM will open a file that has the appropriate // name for the type of keys required (CRT or no-CRT). If the file is the right // size, it is used. If the file doesn't exist or the file does not have the correct // size, the TMP will populate the cache with new keys of the required size and // write the cache data to the file so that they will be available the next time. // // Currently, if two simulations are being run with TPM's that have different RSA // key sizes (e.g,, one with 1024 and 2048 and another with 2048 and 3072, then the // files will not match for the both of them and they will both try to overwrite // the other's cache file. I may try to do something about this if necessary. //** Includes, Types, Locals, and Defines #include "Tpm.h" #if USE_RSA_KEY_CACHE #include #include "RsaKeyCache_fp.h" #if CRT_FORMAT_RSA == YES #define CACHE_FILE_NAME "RsaKeyCacheCrt.data" #else #define CACHE_FILE_NAME "RsaKeyCacheNoCrt.data" #endif typedef struct _RSA_KEY_CACHE_ { TPM2B_PUBLIC_KEY_RSA publicModulus; TPM2B_PRIVATE_KEY_RSA privateExponent; } RSA_KEY_CACHE; // Determine the number of RSA key sizes for the cache TPMI_RSA_KEY_BITS SupportedRsaKeySizes[] = { #if RSA_1024 1024, #endif #if RSA_2048 2048, #endif #if RSA_3072 3072, #endif #if RSA_4096 4096, #endif 0 }; #define RSA_KEY_CACHE_ENTRIES (RSA_1024 + RSA_2048 + RSA_3072 + RSA_4096) // The key cache holds one entry for each of the supported key sizes RSA_KEY_CACHE s_rsaKeyCache[RSA_KEY_CACHE_ENTRIES]; // Indicates if the key cache is loaded. It can be loaded and enabled or disabled. BOOL s_keyCacheLoaded = 0; // Indicates if the key cache is enabled int s_rsaKeyCacheEnabled = FALSE; //*** RsaKeyCacheControl() // Used to enable and disable the RSA key cache. LIB_EXPORT void RsaKeyCacheControl( int state ) { s_rsaKeyCacheEnabled = state; } //*** InitializeKeyCache() // This will initialize the key cache and attempt to write it to a file for later // use. // Return Type: BOOL // TRUE(1) success // FALSE(0) failure static BOOL InitializeKeyCache( TPMT_PUBLIC *publicArea, TPMT_SENSITIVE *sensitive, RAND_STATE *rand // IN: if not NULL, the deterministic // RNG state ) { int index; TPM_KEY_BITS keySave = publicArea->parameters.rsaDetail.keyBits; BOOL OK = TRUE; // s_rsaKeyCacheEnabled = FALSE; for(index = 0; OK && index < RSA_KEY_CACHE_ENTRIES; index++) { publicArea->parameters.rsaDetail.keyBits = SupportedRsaKeySizes[index]; OK = (CryptRsaGenerateKey(publicArea, sensitive, rand) == TPM_RC_SUCCESS); if(OK) { s_rsaKeyCache[index].publicModulus = publicArea->unique.rsa; s_rsaKeyCache[index].privateExponent = sensitive->sensitive.rsa; } } publicArea->parameters.rsaDetail.keyBits = keySave; s_keyCacheLoaded = OK; #if SIMULATION && USE_RSA_KEY_CACHE && USE_KEY_CACHE_FILE if(OK) { FILE *cacheFile; const char *fn = CACHE_FILE_NAME; #if defined _MSC_VER if(fopen_s(&cacheFile, fn, "w+b") != 0) #else cacheFile = fopen(fn, "w+b"); if(NULL == cacheFile) #endif { printf("Can't open %s for write.\n", fn); } else { fseek(cacheFile, 0, SEEK_SET); if(fwrite(s_rsaKeyCache, 1, sizeof(s_rsaKeyCache), cacheFile) != sizeof(s_rsaKeyCache)) { printf("Error writing cache to %s.", fn); } } if(cacheFile) fclose(cacheFile); } #endif return s_keyCacheLoaded; } //*** KeyCacheLoaded() // Checks that key cache is loaded. // Return Type: BOOL // TRUE(1) cache loaded // FALSE(0) cache not loaded static BOOL KeyCacheLoaded( TPMT_PUBLIC *publicArea, TPMT_SENSITIVE *sensitive, RAND_STATE *rand // IN: if not NULL, the deterministic // RNG state ) { #if SIMULATION && USE_RSA_KEY_CACHE && USE_KEY_CACHE_FILE if(!s_keyCacheLoaded) { FILE *cacheFile; const char * fn = CACHE_FILE_NAME; #if defined _MSC_VER && 1 if(fopen_s(&cacheFile, fn, "r+b") == 0) #else cacheFile = fopen(fn, "r+b"); if(NULL != cacheFile) #endif { fseek(cacheFile, 0L, SEEK_END); if(ftell(cacheFile) == sizeof(s_rsaKeyCache)) { fseek(cacheFile, 0L, SEEK_SET); s_keyCacheLoaded = ( fread(&s_rsaKeyCache, 1, sizeof(s_rsaKeyCache), cacheFile) == sizeof(s_rsaKeyCache)); } fclose(cacheFile); } } #endif if(!s_keyCacheLoaded) s_rsaKeyCacheEnabled = InitializeKeyCache(publicArea, sensitive, rand); return s_keyCacheLoaded; } //*** GetCachedRsaKey() // Return Type: BOOL // TRUE(1) key loaded // FALSE(0) key not loaded BOOL GetCachedRsaKey( TPMT_PUBLIC *publicArea, TPMT_SENSITIVE *sensitive, RAND_STATE *rand // IN: if not NULL, the deterministic // RNG state ) { int keyBits = publicArea->parameters.rsaDetail.keyBits; int index; // if(KeyCacheLoaded(publicArea, sensitive, rand)) { for(index = 0; index < RSA_KEY_CACHE_ENTRIES; index++) { if((s_rsaKeyCache[index].publicModulus.t.size * 8) == keyBits) { publicArea->unique.rsa = s_rsaKeyCache[index].publicModulus; sensitive->sensitive.rsa = s_rsaKeyCache[index].privateExponent; return TRUE; } } return FALSE; } return s_keyCacheLoaded; } #endif // defined SIMULATION && defined USE_RSA_KEY_CACHE go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/Ticket.c000066400000000000000000000252341510276467000255310ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Introduction /* This clause contains the functions used for ticket computations. */ //** Includes #include "Tpm.h" //** Functions //*** TicketIsSafe() // This function indicates if producing a ticket is safe. // It checks if the leading bytes of an input buffer is TPM_GENERATED_VALUE // or its substring of canonical form. If so, it is not safe to produce ticket // for an input buffer claiming to be TPM generated buffer // Return Type: BOOL // TRUE(1) safe to produce ticket // FALSE(0) not safe to produce ticket BOOL TicketIsSafe( TPM2B *buffer ) { TPM_GENERATED valueToCompare = TPM_GENERATED_VALUE; BYTE bufferToCompare[sizeof(valueToCompare)]; BYTE *marshalBuffer; // // If the buffer size is less than the size of TPM_GENERATED_VALUE, assume // it is not safe to generate a ticket if(buffer->size < sizeof(valueToCompare)) return FALSE; marshalBuffer = bufferToCompare; TPM_GENERATED_Marshal(&valueToCompare, &marshalBuffer, NULL); if(MemoryEqual(buffer->buffer, bufferToCompare, sizeof(valueToCompare))) return FALSE; else return TRUE; } //*** TicketComputeVerified() // This function creates a TPMT_TK_VERIFIED ticket. /*(See part 2 specification) // The ticket is computed as: // HMAC(proof, (TPM_ST_VERIFIED | digest | keyName)) // Where: // HMAC() an HMAC using the hash of proof // proof a TPM secret value associated with the hierarchy // associated with keyName // TPM_ST_VERIFIED a value to differentiate the tickets // digest the signed digest // keyName the Name of the key that signed digest */ void TicketComputeVerified( TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy constant for ticket TPM2B_DIGEST *digest, // IN: digest TPM2B_NAME *keyName, // IN: name of key that signed the values TPMT_TK_VERIFIED *ticket // OUT: verified ticket ) { TPM2B_PROOF *proof; HMAC_STATE hmacState; // // Fill in ticket fields ticket->tag = TPM_ST_VERIFIED; ticket->hierarchy = hierarchy; proof = HierarchyGetProof(hierarchy); // Start HMAC using the proof value of the hierarchy as the HMAC key ticket->digest.t.size = CryptHmacStart2B(&hmacState, CONTEXT_INTEGRITY_HASH_ALG, &proof->b); // TPM_ST_VERIFIED CryptDigestUpdateInt(&hmacState, sizeof(TPM_ST), ticket->tag); // digest CryptDigestUpdate2B(&hmacState.hashState, &digest->b); // key name CryptDigestUpdate2B(&hmacState.hashState, &keyName->b); // done CryptHmacEnd2B(&hmacState, &ticket->digest.b); return; } //*** TicketComputeAuth() // This function creates a TPMT_TK_AUTH ticket. /*(See part 2 specification) // The ticket is computed as: // HMAC(proof, (type || timeout || timeEpoch || cpHash // || policyRef || keyName)) // where: // HMAC() an HMAC using the hash of proof // proof a TPM secret value associated with the hierarchy of the key // associated with keyName. // type a value to differentiate the tickets. It could be either // TPM_ST_AUTH_SECRET or TPM_ST_AUTH_SIGNED // timeout TPM-specific value indicating when the authorization expires // timeEpoch TPM-specific value indicating the epoch for the timeout // cpHash optional hash (digest only) of the authorized command // policyRef optional reference to a policy value // keyName name of the key that signed the authorization */ void TicketComputeAuth( TPM_ST type, // IN: the type of ticket. TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy constant for ticket UINT64 timeout, // IN: timeout BOOL expiresOnReset,// IN: flag to indicate if ticket expires on // TPM Reset TPM2B_DIGEST *cpHashA, // IN: input cpHashA TPM2B_NONCE *policyRef, // IN: input policyRef TPM2B_NAME *entityName, // IN: name of entity TPMT_TK_AUTH *ticket // OUT: Created ticket ) { TPM2B_PROOF *proof; HMAC_STATE hmacState; // // Get proper proof proof = HierarchyGetProof(hierarchy); // Fill in ticket fields ticket->tag = type; ticket->hierarchy = hierarchy; // Start HMAC with hierarchy proof as the HMAC key ticket->digest.t.size = CryptHmacStart2B(&hmacState, CONTEXT_INTEGRITY_HASH_ALG, &proof->b); // TPM_ST_AUTH_SECRET or TPM_ST_AUTH_SIGNED, CryptDigestUpdateInt(&hmacState, sizeof(UINT16), ticket->tag); // cpHash CryptDigestUpdate2B(&hmacState.hashState, &cpHashA->b); // policyRef CryptDigestUpdate2B(&hmacState.hashState, &policyRef->b); // keyName CryptDigestUpdate2B(&hmacState.hashState, &entityName->b); // timeout CryptDigestUpdateInt(&hmacState, sizeof(timeout), timeout); if(timeout != 0) { // epoch CryptDigestUpdateInt(&hmacState.hashState, sizeof(CLOCK_NONCE), g_timeEpoch); // reset count if(expiresOnReset) CryptDigestUpdateInt(&hmacState.hashState, sizeof(gp.totalResetCount), gp.totalResetCount); } // done CryptHmacEnd2B(&hmacState, &ticket->digest.b); return; } //*** TicketComputeHashCheck() // This function creates a TPMT_TK_HASHCHECK ticket. /*(See part 2 specification) // The ticket is computed as: // HMAC(proof, (TPM_ST_HASHCHECK || digest )) // where: // HMAC() an HMAC using the hash of proof // proof a TPM secret value associated with the hierarchy // TPM_ST_HASHCHECK // a value to differentiate the tickets // digest the digest of the data */ void TicketComputeHashCheck( TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy constant for ticket TPM_ALG_ID hashAlg, // IN: the hash algorithm for 'digest' TPM2B_DIGEST *digest, // IN: input digest TPMT_TK_HASHCHECK *ticket // OUT: Created ticket ) { TPM2B_PROOF *proof; HMAC_STATE hmacState; // // Get proper proof proof = HierarchyGetProof(hierarchy); // Fill in ticket fields ticket->tag = TPM_ST_HASHCHECK; ticket->hierarchy = hierarchy; // Start HMAC using hierarchy proof as HMAC key ticket->digest.t.size = CryptHmacStart2B(&hmacState, CONTEXT_INTEGRITY_HASH_ALG, &proof->b); // TPM_ST_HASHCHECK CryptDigestUpdateInt(&hmacState, sizeof(TPM_ST), ticket->tag); // hash algorithm CryptDigestUpdateInt(&hmacState, sizeof(hashAlg), hashAlg); // digest CryptDigestUpdate2B(&hmacState.hashState, &digest->b); // done CryptHmacEnd2B(&hmacState, &ticket->digest.b); return; } //*** TicketComputeCreation() // This function creates a TPMT_TK_CREATION ticket. /*(See part 2 specification) // The ticket is computed as: // HMAC(proof, (TPM_ST_CREATION || Name || hash(TPMS_CREATION_DATA))) // Where: // HMAC() an HMAC using the hash of proof // proof a TPM secret value associated with the hierarchy associated with Name // TPM_ST_VERIFIED a value to differentiate the tickets // Name the Name of the object to which the creation data is to be associated // TPMS_CREATION_DATA the creation data structure associated with Name */ void TicketComputeCreation( TPMI_RH_HIERARCHY hierarchy, // IN: hierarchy for ticket TPM2B_NAME *name, // IN: object name TPM2B_DIGEST *creation, // IN: creation hash TPMT_TK_CREATION *ticket // OUT: created ticket ) { TPM2B_PROOF *proof; HMAC_STATE hmacState; // Get proper proof proof = HierarchyGetProof(hierarchy); // Fill in ticket fields ticket->tag = TPM_ST_CREATION; ticket->hierarchy = hierarchy; // Start HMAC using hierarchy proof as HMAC key ticket->digest.t.size = CryptHmacStart2B(&hmacState, CONTEXT_INTEGRITY_HASH_ALG, &proof->b); // TPM_ST_CREATION CryptDigestUpdateInt(&hmacState, sizeof(TPM_ST), ticket->tag); // name if provided if(name != NULL) CryptDigestUpdate2B(&hmacState.hashState, &name->b); // creation hash CryptDigestUpdate2B(&hmacState.hashState, &creation->b); // Done CryptHmacEnd2B(&hmacState, &ticket->digest.b); return; }go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ltc/000077500000000000000000000000001510276467000247165ustar00rootroot00000000000000go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ltc/TpmToLtcDesSupport.c000066400000000000000000000054511510276467000306260ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or other * materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Introduction // // The functions in this file are used for initialization of the interface to the // LibTomCrypt and MpaLib libraries. This is not used if only the LTC hash and // symmetric functions are used. //** Defines and Includes #include "Tpm.h" #if (defined SYM_LIB_LTC) && ALG_TDES //** TDES_setup // This function calls the LTC function to generate a TDES key schedule. If the // key is one DES key (8 bytes), then it is replicated two more times to create a // 24-byte TDES key. If the key is two key (16 bytes), then the first DES key is // replicated to the third key position. void TDES_setup( const BYTE *key, UINT32 keyBits, symmetric_key *skey ) { BYTE k[24]; BYTE *kp; // If this is two-key, make it three key by replicating K1 if(keyBits == 128) { memcpy(k, key, 16); memcpy(&k[16], key, 8); kp = k; } else kp = (BYTE *)key; des3_setup(kp, 24, 0, skey); } #endif // MATH_LIB_LTC && ALG_TDES go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ltc/TpmToLtcMath.c000066400000000000000000000232711510276467000274070ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or other * materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Introduction // // This file contains the math functions that are not implemented in the BnMath // library (yet). These math functions will call the ST MPA library or the // LibTomCrypt library to execute the operations. Since the TPM internal big number // format is identical to the MPA format, no reformatting is required. //** Includes #include "Tpm.h" #ifdef MATH_LIB_LTC #if defined ECC_NIST_P256 && ECC_NIST_P256 == YES && ECC_CURVE_COUNT > 1 #error "LibTomCrypt only supports P256" #endif //** Functions //*** BnModMult() // Does multiply and divide returning the remainder of the divide. LIB_EXPORT BOOL BnModMult( bigNum result, bigConst op1, bigConst op2, bigConst modulus ) { BN_VAR(temp, LARGEST_NUMBER_BITS * 2); // mpa_mul does not allocate from the pool if the result is not the same as // op1 or op2. since this is assured by the stack allocation of 'temp', the // pool pointer can be NULL pAssert(BnGetAllocated(result) >= BnGetSize(modulus)); mpa_mul((mpanum)temp, (const mpanum)op1, (const mpanum)op2, NULL); return BnDiv(NULL, result, temp, modulus); } //*** BnMult() // Multiplies two numbers LIB_EXPORT BOOL BnMult( bigNum result, bigConst multiplicand, bigConst multiplier ) { // Make sure that the mpa_mul function does not allocate anything // from the POOL by eliminating the reason for doing it. BN_VAR(tempResult, LARGEST_NUMBER_BITS * 2); if(result != multiplicand && result != multiplier) tempResult = result; mpa_mul((mpanum)tempResult, (const mpanum)multiplicand, (const mpanum)multiplier, NULL); BnCopy(result, tempResult); return TRUE; } //*** BnDiv() // This function divides two BIGNUM values. The function always returns TRUE. LIB_EXPORT BOOL BnDiv( bigNum quotient, bigNum remainder, bigConst dividend, bigConst divisor ) { MPA_ENTER(10, LARGEST_NUMBER_BITS); pAssert(!BnEqualZero(divisor)); if(BnGetSize(dividend) < BnGetSize(divisor)) { if(quotient) BnSetWord(quotient, 0); if(remainder) BnCopy(remainder, dividend); } else { pAssert((quotient == NULL) || (quotient->allocated >= (unsigned)(dividend->size - divisor->size))); pAssert((remainder == NULL) || (remainder->allocated >= divisor->size)); mpa_div((mpanum)quotient, (mpanum)remainder, (const mpanum)dividend, (const mpanum)divisor, POOL); } MPA_LEAVE(); return TRUE; } #ifdef TPM_ALG_RSA //*** BnGcd() // Get the greatest common divisor of two numbers LIB_EXPORT BOOL BnGcd( bigNum gcd, // OUT: the common divisor bigConst number1, // IN: bigConst number2 // IN: ) { MPA_ENTER(20, LARGEST_NUMBER_BITS); // mpa_gcd((mpanum)gcd, (mpanum)number1, (mpanum)number2, POOL); MPA_LEAVE(); return TRUE; } //***BnModExp() // Do modular exponentiation using BIGNUM values. The conversion from a bignum_t // to a BIGNUM is trivial as they are based on the same structure LIB_EXPORT BOOL BnModExp( bigNum result, // OUT: the result bigConst number, // IN: number to exponentiate bigConst exponent, // IN: bigConst modulus // IN: ) { MPA_ENTER(20, LARGEST_NUMBER_BITS); BN_VAR(bnR, MAX_RSA_KEY_BITS); BN_VAR(bnR2, MAX_RSA_KEY_BITS); mpa_word_t n_inv; mpa_word_t ffmCtx[mpa_fmm_context_size_in_U32(MAX_RSA_KEY_BITS)]; // mpa_init_static_fmm_context((mpa_fmm_context_base *)ffmCtx, BYTES_TO_CRYPT_WORDS(sizeof(ffmCtx))); // Generate modular form if(mpa_compute_fmm_context((const mpanum)modulus, (mpanum)bnR, (mpanum)bnR2, &n_inv, POOL) != 0) FAIL(FATAL_ERROR_INTERNAL); // Do exponentiation mpa_exp_mod((mpanum)result, (const mpanum)number, (const mpanum)exponent, (const mpanum)modulus, (const mpanum)bnR, (const mpanum)bnR2, n_inv, POOL); MPA_LEAVE(); return TRUE; } //*** BnModInverse() // Modular multiplicative inverse LIB_EXPORT BOOL BnModInverse( bigNum result, bigConst number, bigConst modulus ) { BOOL retVal; MPA_ENTER(10, LARGEST_NUMBER_BITS); retVal = (mpa_inv_mod((mpanum)result, (const mpanum)number, (const mpanum)modulus, POOL) == 0); MPA_LEAVE(); return retVal; } #endif // TPM_ALG_RSA #ifdef TPM_ALG_ECC //*** BnEccModMult() // This function does a point multiply of the form R = [d]S // return type: BOOL // FALSE failure in operation; treat as result being point at infinity LIB_EXPORT BOOL BnEccModMult( bigPoint R, // OUT: computed point pointConst S, // IN: point to multiply by 'd' bigConst d, // IN: scalar for [d]S bigCurve E ) { MPA_ENTER(30, MAX_ECC_KEY_BITS * 2); // The point multiply in LTC seems to need a large reciprocal for // intermediate results POINT_VAR(result, MAX_ECC_KEY_BITS * 4); BOOL OK; // (POOL); // Avoid compiler warning if(S == NULL) S = CurveGetG(AccessCurveData(E)); OK = (ltc_ecc_mulmod((mpanum)d, (ecc_point *)S, (ecc_point *)result, (void *)CurveGetPrime(E), 1) == CRYPT_OK); OK = OK && !BnEqualZero(result->z); if(OK) BnPointCopy(R, result); MPA_LEAVE(); return OK ? TPM_RC_SUCCESS : TPM_RC_NO_RESULT; } //*** BnEccModMult2() // This function does a point multiply of the form R = [d]S + [u]Q // return type: BOOL // FALSE failure in operation; treat as result being point at infinity LIB_EXPORT BOOL BnEccModMult2( bigPoint R, // OUT: computed point pointConst S, // IN: first point (optional) bigConst d, // IN: scalar for [d]S or [d]G pointConst Q, // IN: second point bigConst u, // IN: second scalar bigCurve E // IN: curve ) { MPA_ENTER(80, MAX_ECC_KEY_BITS); BOOL OK; // The point multiply in LTC seems to need a large reciprocal for // intermediate results POINT_VAR(result, MAX_ECC_KEY_BITS * 4); // (POOL); // Avoid compiler warning if(S == NULL) S = CurveGetG(AccessCurveData(E)); OK = (ltc_ecc_mul2add((ecc_point *)S, (mpanum)d, (ecc_point *)Q, (mpanum)u, (ecc_point *)result, (mpanum)CurveGetPrime(E)) == CRYPT_OK); OK = OK && !BnEqualZero(result->z); if(OK) BnPointCopy(R, result); MPA_LEAVE(); return OK ? TPM_RC_SUCCESS : TPM_RC_NO_RESULT; } //*** BnEccAdd() // This function does addition of two points. Since this is not implemented // in LibTomCrypt() will try to trick it by doing multiply with scalar of 1. // I have no idea if this will work and it's not needed unless MQV or the SM2 // variant is enabled. // return type: BOOL // FALSE failure in operation; treat as result being point at infinity LIB_EXPORT BOOL BnEccAdd( bigPoint R, // OUT: computed point pointConst S, // IN: point to multiply by 'd' pointConst Q, // IN: second point bigCurve E // IN: curve ) { BN_WORD_INITIALIZED(one, 1); return BnEccModMult2(R, S, one, Q, one, E); } #endif // TPM_ALG_ECC #endif // MATH_LIB_LTC go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ltc/TpmToLtcSupport.c000066400000000000000000000067111510276467000301720ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or other * materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Introduction // // The functions in this file are used for initialization of the interface to the // LibTomCrypt and MpsLib libraries. This is not used if only the LTC hash and // symmetric functions are used. //** Defines and Includes #include "Tpm.h" #if defined(HASH_LIB_LTC) || defined(MATH_LIB_LTC) || defined(SYM_LIB_LTC) // This state is used because there is no way to pass the random number state // to LibTomCrypt. I do not think that this is currently an issue because... // Heck, just put in an assert and see what happens. static void *s_randState; //*** LtcRand() // This is a stub function that is called from the LibTomCrypt or libmpa code // to get a random number. In turn, this will call the random RandGenerate // function that was passed in LibraryInit(). This function will pass the pointer // to the current rand state along with the random byte request. uint32_t LtcRand( void *buf, size_t blen ) { pAssert(1); DRBG_Generate(s_randState, buf, (uint16_t)blen); return 0; } //*** SupportLibInit() // This does any initialization required by the support library. LIB_EXPORT int SupportLibInit( void ) { mpa_set_random_generator(LtcRand); s_randState = NULL; external_mem_pool = NULL; return 1; } //*** LtcPoolInit() // Function to initialize a pool. **** LIB_EXPORT mpa_scratch_mem LtcPoolInit( mpa_word_t *poolAddress, int vars, int bits ) { mpa_scratch_mem pool = (mpa_scratch_mem)poolAddress; mpa_init_scratch_mem(pool, vars, bits); init_mpa_tomcrypt(pool); return pool; } #endif // HASH_LIB_LTC || MATH_LIB_LTC || SYM_LIB_LTC go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ossl/000077500000000000000000000000001510276467000251145ustar00rootroot00000000000000go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ossl/TpmToOsslDesSupport.c000066400000000000000000000074061510276467000312240ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Introduction // // The functions in this file are used for initialization of the interface to the // OpenSSL library. //** Defines and Includes #include "Tpm.h" #if (defined SYM_LIB_OSSL) && ALG_TDES //**Functions //*** TDES_set_encyrpt_key() // This function makes creation of a TDES key look like the creation of a key for // any of the other OpenSSL block ciphers. It will create three key schedules, // one for each of the DES keys. If there are only two keys, then the third schedule // is a copy of the first. void TDES_set_encrypt_key( const BYTE *key, UINT16 keySizeInBits, tpmKeyScheduleTDES *keySchedule ) { DES_set_key_unchecked((const_DES_cblock *)key, &keySchedule[0]); DES_set_key_unchecked((const_DES_cblock *)&key[8], &keySchedule[1]); // If is two-key, copy the schedule for K1 into K3, otherwise, compute the // the schedule for K3 if(keySizeInBits == 128) keySchedule[2] = keySchedule[0]; else DES_set_key_unchecked((const_DES_cblock *)&key[16], &keySchedule[2]); } //*** TDES_encyrpt() // The TPM code uses one key schedule. For TDES, the schedule contains three // schedules. OpenSSL wants the schedules referenced separately. This function // does that. void TDES_encrypt( const BYTE *in, BYTE *out, tpmKeyScheduleTDES *ks ) { DES_ecb3_encrypt((const_DES_cblock *)in, (DES_cblock *)out, &ks[0], &ks[1], &ks[2], DES_ENCRYPT); } //*** TDES_decrypt() // As with TDES_encypt() this function bridges between the TPM single schedule // model and the OpenSSL three schedule model. void TDES_decrypt( const BYTE *in, BYTE *out, tpmKeyScheduleTDES *ks ) { DES_ecb3_encrypt((const_DES_cblock *)in, (DES_cblock *)out, &ks[0], &ks[1], &ks[2], DES_DECRYPT); } #endif // SYM_LIB_OSSL go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ossl/TpmToOsslMath.c000066400000000000000000000467371510276467000300170ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Introduction // The functions in this file provide the low-level interface between the TPM code // and the big number and elliptic curve math routines in OpenSSL. // // Most math on big numbers require a context. The context contains the memory in // which OpenSSL creates and manages the big number values. When a OpenSSL math // function will be called that modifies a BIGNUM value, that value must be created in // an OpenSSL context. The first line of code in such a function must be: // OSSL_ENTER(); and the last operation before returning must be OSSL_LEAVE(). // OpenSSL variables can then be created with BnNewVariable(). Constant values to be // used by OpenSSL are created from the bigNum values passed to the functions in this // file. Space for the BIGNUM control block is allocated in the stack of the // function and then it is initialized by calling BigInitialized(). That function // sets up the values in the BIGNUM structure and sets the data pointer to point to // the data in the bignum_t. This is only used when the value is known to be a // constant in the called function. // // Because the allocations of constants is on the local stack and the // OSSL_ENTER()/OSSL_LEAVE() pair flushes everything created in OpenSSL memory, there // should be no chance of a memory leak. //** Includes and Defines #include "Tpm.h" #ifdef MATH_LIB_OSSL #include "TpmToOsslMath_fp.h" //** Functions //*** OsslToTpmBn() // This function converts an OpenSSL BIGNUM to a TPM bignum. In this implementation // it is assumed that OpenSSL uses a different control structure but the same data // layout -- an array of native-endian words in little-endian order. // Return Type: BOOL // TRUE(1) success // FALSE(0) failure because value will not fit or OpenSSL variable doesn't // exist BOOL OsslToTpmBn( bigNum bn, BIGNUM *osslBn ) { VERIFY(osslBn != NULL); // If the bn is NULL, it means that an output value pointer was NULL meaning that // the results is simply to be discarded. if(bn != NULL) { int i; // VERIFY((unsigned)osslBn->top <= BnGetAllocated(bn)); for(i = 0; i < osslBn->top; i++) bn->d[i] = osslBn->d[i]; BnSetTop(bn, osslBn->top); } return TRUE; Error: return FALSE; } //*** BigInitialized() // This function initializes an OSSL BIGNUM from a TPM bigConst. Do not use this for // values that are passed to OpenSLL when they are not declared as const in the // function prototype. Instead, use BnNewVariable(). BIGNUM * BigInitialized( BIGNUM *toInit, bigConst initializer ) { if(initializer == NULL) FAIL(FATAL_ERROR_PARAMETER); if(toInit == NULL || initializer == NULL) return NULL; toInit->d = (BN_ULONG *)&initializer->d[0]; toInit->dmax = (int)initializer->allocated; toInit->top = (int)initializer->size; toInit->neg = 0; toInit->flags = 0; return toInit; } #ifndef OSSL_DEBUG # define BIGNUM_PRINT(label, bn, eol) # define DEBUG_PRINT(x) #else # define DEBUG_PRINT(x) printf("%s", x) # define BIGNUM_PRINT(label, bn, eol) BIGNUM_print((label), (bn), (eol)) //*** BIGNUM_print() static void BIGNUM_print( const char *label, const BIGNUM *a, BOOL eol ) { BN_ULONG *d; int i; int notZero = FALSE; if(label != NULL) printf("%s", label); if(a == NULL) { printf("NULL"); goto done; } if (a->neg) printf("-"); for(i = a->top, d = &a->d[i - 1]; i > 0; i--) { int j; BN_ULONG l = *d--; for(j = BN_BITS2 - 8; j >= 0; j -= 8) { BYTE b = (BYTE)((l >> j) & 0xFF); notZero = notZero || (b != 0); if(notZero) printf("%02x", b); } if(!notZero) printf("0"); } done: if(eol) printf("\n"); return; } #endif //*** BnNewVariable() // This function allocates a new variable in the provided context. If the context // does not exist or the allocation fails, it is a catastrophic failure. static BIGNUM * BnNewVariable( BN_CTX *CTX ) { BIGNUM *new; // // This check is intended to protect against calling this function without // having initialized the CTX. if((CTX == NULL) || ((new = BN_CTX_get(CTX)) == NULL)) FAIL(FATAL_ERROR_ALLOCATION); return new; } #if LIBRARY_COMPATIBILITY_CHECK //*** MathLibraryCompatibilityCheck() void MathLibraryCompatibilityCheck( void ) { OSSL_ENTER(); BIGNUM *osslTemp = BnNewVariable(CTX); crypt_uword_t i; BYTE test[] = {0x1F, 0x1E, 0x1D, 0x1C, 0x1B, 0x1A, 0x19, 0x18, 0x17, 0x16, 0x15, 0x14, 0x13, 0x12, 0x11, 0x10, 0x0F, 0x0E, 0x0D, 0x0C, 0x0B, 0x0A, 0x09, 0x08, 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00}; BN_VAR(tpmTemp, sizeof(test) * 8); // allocate some space for a test value // // Convert the test data to a bigNum BnFromBytes(tpmTemp, test, sizeof(test)); // Convert the test data to an OpenSSL BIGNUM BN_bin2bn(test, sizeof(test), osslTemp); // Make sure the values are consistent VERIFY(osslTemp->top == (int)tpmTemp->size); for(i = 0; i < tpmTemp->size; i++) VERIFY(osslTemp->d[i] == tpmTemp->d[i]); OSSL_LEAVE(); return; Error: FAIL(FATAL_ERROR_MATHLIBRARY); } #endif //*** BnModMult() // This function does a modular multiply. It first does a multiply and then a divide // and returns the remainder of the divide. // Return Type: BOOL // TRUE(1) success // FALSE(0) failure in operation LIB_EXPORT BOOL BnModMult( bigNum result, bigConst op1, bigConst op2, bigConst modulus ) { OSSL_ENTER(); BOOL OK = TRUE; BIGNUM *bnResult = BN_NEW(); BIGNUM *bnTemp = BN_NEW(); BIG_INITIALIZED(bnOp1, op1); BIG_INITIALIZED(bnOp2, op2); BIG_INITIALIZED(bnMod, modulus); // VERIFY(BN_mul(bnTemp, bnOp1, bnOp2, CTX)); VERIFY(BN_div(NULL, bnResult, bnTemp, bnMod, CTX)); VERIFY(OsslToTpmBn(result, bnResult)); goto Exit; Error: OK = FALSE; Exit: OSSL_LEAVE(); return OK; } //*** BnMult() // Multiplies two numbers // Return Type: BOOL // TRUE(1) success // FALSE(0) failure in operation LIB_EXPORT BOOL BnMult( bigNum result, bigConst multiplicand, bigConst multiplier ) { OSSL_ENTER(); BIGNUM *bnTemp = BN_NEW(); BOOL OK = TRUE; BIG_INITIALIZED(bnA, multiplicand); BIG_INITIALIZED(bnB, multiplier); // VERIFY(BN_mul(bnTemp, bnA, bnB, CTX)); VERIFY(OsslToTpmBn(result, bnTemp)); goto Exit; Error: OK = FALSE; Exit: OSSL_LEAVE(); return OK; } //*** BnDiv() // This function divides two bigNum values. The function returns FALSE if // there is an error in the operation. // Return Type: BOOL // TRUE(1) success // FALSE(0) failure in operation LIB_EXPORT BOOL BnDiv( bigNum quotient, bigNum remainder, bigConst dividend, bigConst divisor ) { OSSL_ENTER(); BIGNUM *bnQ = BN_NEW(); BIGNUM *bnR = BN_NEW(); BOOL OK = TRUE; BIG_INITIALIZED(bnDend, dividend); BIG_INITIALIZED(bnSor, divisor); // if(BnEqualZero(divisor)) FAIL(FATAL_ERROR_DIVIDE_ZERO); VERIFY(BN_div(bnQ, bnR, bnDend, bnSor, CTX)); VERIFY(OsslToTpmBn(quotient, bnQ)); VERIFY(OsslToTpmBn(remainder, bnR)); DEBUG_PRINT("In BnDiv:\n"); BIGNUM_PRINT(" bnDividend: ", bnDend, TRUE); BIGNUM_PRINT(" bnDivisor: ", bnSor, TRUE); BIGNUM_PRINT(" bnQuotient: ", bnQ, TRUE); BIGNUM_PRINT(" bnRemainder: ", bnR, TRUE); goto Exit; Error: OK = FALSE; Exit: OSSL_LEAVE(); return OK; } #if ALG_RSA //*** BnGcd() // Get the greatest common divisor of two numbers // Return Type: BOOL // TRUE(1) success // FALSE(0) failure in operation LIB_EXPORT BOOL BnGcd( bigNum gcd, // OUT: the common divisor bigConst number1, // IN: bigConst number2 // IN: ) { OSSL_ENTER(); BIGNUM *bnGcd = BN_NEW(); BOOL OK = TRUE; BIG_INITIALIZED(bn1, number1); BIG_INITIALIZED(bn2, number2); // VERIFY(BN_gcd(bnGcd, bn1, bn2, CTX)); VERIFY(OsslToTpmBn(gcd, bnGcd)); goto Exit; Error: OK = FALSE; Exit: OSSL_LEAVE(); return OK; } //***BnModExp() // Do modular exponentiation using bigNum values. The conversion from a bignum_t to // a bigNum is trivial as they are based on the same structure // Return Type: BOOL // TRUE(1) success // FALSE(0) failure in operation LIB_EXPORT BOOL BnModExp( bigNum result, // OUT: the result bigConst number, // IN: number to exponentiate bigConst exponent, // IN: bigConst modulus // IN: ) { OSSL_ENTER(); BIGNUM *bnResult = BN_NEW(); BOOL OK = TRUE; BIG_INITIALIZED(bnN, number); BIG_INITIALIZED(bnE, exponent); BIG_INITIALIZED(bnM, modulus); // VERIFY(BN_mod_exp(bnResult, bnN, bnE, bnM, CTX)); VERIFY(OsslToTpmBn(result, bnResult)); goto Exit; Error: OK = FALSE; Exit: OSSL_LEAVE(); return OK; } //*** BnModInverse() // Modular multiplicative inverse // Return Type: BOOL // TRUE(1) success // FALSE(0) failure in operation LIB_EXPORT BOOL BnModInverse( bigNum result, bigConst number, bigConst modulus ) { OSSL_ENTER(); BIGNUM *bnResult = BN_NEW(); BOOL OK = TRUE; BIG_INITIALIZED(bnN, number); BIG_INITIALIZED(bnM, modulus); // VERIFY(BN_mod_inverse(bnResult, bnN, bnM, CTX) != NULL); VERIFY(OsslToTpmBn(result, bnResult)); goto Exit; Error: OK = FALSE; Exit: OSSL_LEAVE(); return OK; } #endif // ALG_RSA #if ALG_ECC //*** PointFromOssl() // Function to copy the point result from an OSSL function to a bigNum // Return Type: BOOL // TRUE(1) success // FALSE(0) failure in operation static BOOL PointFromOssl( bigPoint pOut, // OUT: resulting point EC_POINT *pIn, // IN: the point to return bigCurve E // IN: the curve ) { BIGNUM *x = NULL; BIGNUM *y = NULL; BOOL OK; BN_CTX_start(E->CTX); // x = BN_CTX_get(E->CTX); y = BN_CTX_get(E->CTX); if(y == NULL) FAIL(FATAL_ERROR_ALLOCATION); // If this returns false, then the point is at infinity OK = EC_POINT_get_affine_coordinates_GFp(E->G, pIn, x, y, E->CTX); if(OK) { OsslToTpmBn(pOut->x, x); OsslToTpmBn(pOut->y, y); BnSetWord(pOut->z, 1); } else BnSetWord(pOut->z, 0); BN_CTX_end(E->CTX); return OK; } //*** EcPointInitialized() // Allocate and initialize a point. static EC_POINT * EcPointInitialized( pointConst initializer, bigCurve E ) { EC_POINT *P = NULL; if(initializer != NULL) { BIG_INITIALIZED(bnX, initializer->x); BIG_INITIALIZED(bnY, initializer->y); P = EC_POINT_new(E->G); if(E == NULL) FAIL(FATAL_ERROR_ALLOCATION); if(!EC_POINT_set_affine_coordinates_GFp(E->G, P, bnX, bnY, E->CTX)) P = NULL; } return P; } //*** BnCurveInitialize() // This function initializes the OpenSSL curve information structure. This // structure points to the TPM-defined values for the curve, to the context for the // number values in the frame, and to the OpenSSL-defined group values. // Return Type: bigCurve * // NULL the TPM_ECC_CURVE is not valid or there was a problem in // in initializing the curve data // non-NULL points to 'E' LIB_EXPORT bigCurve BnCurveInitialize( bigCurve E, // IN: curve structure to initialize TPM_ECC_CURVE curveId // IN: curve identifier ) { const ECC_CURVE_DATA *C = GetCurveData(curveId); if(C == NULL) E = NULL; if(E != NULL) { // This creates the OpenSSL memory context that stays in effect as long as the // curve (E) is defined. OSSL_ENTER(); // if the allocation fails, the TPM fails EC_POINT *P = NULL; BIG_INITIALIZED(bnP, C->prime); BIG_INITIALIZED(bnA, C->a); BIG_INITIALIZED(bnB, C->b); BIG_INITIALIZED(bnX, C->base.x); BIG_INITIALIZED(bnY, C->base.y); BIG_INITIALIZED(bnN, C->order); BIG_INITIALIZED(bnH, C->h); // E->C = C; E->CTX = CTX; // initialize EC group, associate a generator point and initialize the point // from the parameter data // Create a group structure E->G = EC_GROUP_new_curve_GFp(bnP, bnA, bnB, CTX); VERIFY(E->G != NULL); // Allocate a point in the group that will be used in setting the // generator. This is not needed after the generator is set. P = EC_POINT_new(E->G); VERIFY(P != NULL); // Need to use this in case Montgomery method is being used VERIFY(EC_POINT_set_affine_coordinates_GFp(E->G, P, bnX, bnY, CTX)); // Now set the generator VERIFY(EC_GROUP_set_generator(E->G, P, bnN, bnH)); EC_POINT_free(P); goto Exit; Error: EC_POINT_free(P); BnCurveFree(E); E = NULL; } Exit: return E; } //*** BnCurveFree() // This function will free the allocated components of the curve and end the // frame in which the curve data exists LIB_EXPORT void BnCurveFree( bigCurve E ) { if(E) { EC_GROUP_free(E->G); OsslContextLeave(E->CTX); } } //*** BnEccModMult() // This function does a point multiply of the form R = [d]S // Return Type: BOOL // TRUE(1) success // FALSE(0) failure in operation; treat as result being point at infinity LIB_EXPORT BOOL BnEccModMult( bigPoint R, // OUT: computed point pointConst S, // IN: point to multiply by 'd' (optional) bigConst d, // IN: scalar for [d]S bigCurve E ) { EC_POINT *pR = EC_POINT_new(E->G); EC_POINT *pS = EcPointInitialized(S, E); BIG_INITIALIZED(bnD, d); if(S == NULL) EC_POINT_mul(E->G, pR, bnD, NULL, NULL, E->CTX); else EC_POINT_mul(E->G, pR, NULL, pS, bnD, E->CTX); PointFromOssl(R, pR, E); EC_POINT_free(pR); EC_POINT_free(pS); return !BnEqualZero(R->z); } //*** BnEccModMult2() // This function does a point multiply of the form R = [d]G + [u]Q // Return Type: BOOL // TRUE(1) success // FALSE(0) failure in operation; treat as result being point at infinity LIB_EXPORT BOOL BnEccModMult2( bigPoint R, // OUT: computed point pointConst S, // IN: optional point bigConst d, // IN: scalar for [d]S or [d]G pointConst Q, // IN: second point bigConst u, // IN: second scalar bigCurve E // IN: curve ) { EC_POINT *pR = EC_POINT_new(E->G); EC_POINT *pS = EcPointInitialized(S, E); BIG_INITIALIZED(bnD, d); EC_POINT *pQ = EcPointInitialized(Q, E); BIG_INITIALIZED(bnU, u); if(S == NULL || S == (pointConst)&(AccessCurveData(E)->base)) EC_POINT_mul(E->G, pR, bnD, pQ, bnU, E->CTX); else { const EC_POINT *points[2]; const BIGNUM *scalars[2]; points[0] = pS; points[1] = pQ; scalars[0] = bnD; scalars[1] = bnU; EC_POINTs_mul(E->G, pR, NULL, 2, points, scalars, E->CTX); } PointFromOssl(R, pR, E); EC_POINT_free(pR); EC_POINT_free(pS); EC_POINT_free(pQ); return !BnEqualZero(R->z); } //** BnEccAdd() // This function does addition of two points. // Return Type: BOOL // TRUE(1) success // FALSE(0) failure in operation; treat as result being point at infinity LIB_EXPORT BOOL BnEccAdd( bigPoint R, // OUT: computed point pointConst S, // IN: point to multiply by 'd' pointConst Q, // IN: second point bigCurve E // IN: curve ) { EC_POINT *pR = EC_POINT_new(E->G); EC_POINT *pS = EcPointInitialized(S, E); EC_POINT *pQ = EcPointInitialized(Q, E); // EC_POINT_add(E->G, pR, pS, pQ, E->CTX); PointFromOssl(R, pR, E); EC_POINT_free(pR); EC_POINT_free(pS); EC_POINT_free(pQ); return !BnEqualZero(R->z); } #endif // ALG_ECC #endif // MATHLIB OSSLgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/ossl/TpmToOsslSupport.c000066400000000000000000000067361510276467000305750ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Introduction // // The functions in this file are used for initialization of the interface to the // OpenSSL library. //** Defines and Includes #include "Tpm.h" #if defined(HASH_LIB_OSSL) || defined(MATH_LIB_OSSL) || defined(SYM_LIB_OSSL) // Used to pass the pointers to the correct sub-keys typedef const BYTE *desKeyPointers[3]; //*** SupportLibInit() // This does any initialization required by the support library. LIB_EXPORT int SupportLibInit( void ) { #if LIBRARY_COMPATIBILITY_CHECK MathLibraryCompatibilityCheck(); #endif return TRUE; } //*** OsslContextEnter() // This function is used to initialize an OpenSSL context at the start of a function // that will call to an OpenSSL math function. BN_CTX * OsslContextEnter( void ) { BN_CTX *CTX = BN_CTX_new(); // return OsslPushContext(CTX); } //*** OsslContextLeave() // This is the companion function to OsslContextEnter(). void OsslContextLeave( BN_CTX *CTX ) { OsslPopContext(CTX); BN_CTX_free(CTX); } //*** OsslPushContext() // This function is used to create a frame in a context. All values allocated within // this context after the frame is started will be automatically freed when the // context (OsslPopContext() BN_CTX * OsslPushContext( BN_CTX *CTX ) { if(CTX == NULL) FAIL(FATAL_ERROR_ALLOCATION); BN_CTX_start(CTX); return CTX; } //*** OsslPopContext() // This is the companion function to OsslPushContext(). void OsslPopContext( BN_CTX *CTX ) { // BN_CTX_end can't be called with NULL. It will blow up. if(CTX != NULL) BN_CTX_end(CTX); } #endif // HASH_LIB_OSSL || MATH_LIB_OSSL || SYM_LIB_OSSL go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/wolf/000077500000000000000000000000001510276467000251035ustar00rootroot00000000000000go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/wolf/TpmToWolfDesSupport.c000066400000000000000000000070761510276467000312050ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or other * materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Introduction // // The functions in this file are used for initialization of the interface to the // wolfcrypt library. //** Defines and Includes #include "Tpm.h" #if (defined SYM_LIB_WOLF) && ALG_TDES //**Functions //** TDES_setup // This function calls the wolfcrypt function to generate a TDES key schedule. If the // If the key is two key (16 bytes), then the first DES key is replicated to the third // key position. int TDES_setup( const BYTE *key, UINT32 keyBits, tpmKeyScheduleTDES *skey, int dir ) { BYTE k[24]; BYTE *kp; // If this is two-key, make it three key by replicating K1 if(keyBits == 128) { memcpy(k, key, 16); memcpy(&k[16], key, 8); kp = k; } else kp = (BYTE *)key; return wc_Des3_SetKey( skey, kp, 0, dir ); } //** TDES_setup_encrypt_key // This function calls into TDES_setup(), specifically for an encryption key. int TDES_setup_encrypt_key( const BYTE *key, UINT32 keyBits, tpmKeyScheduleTDES *skey ) { return TDES_setup( key, keyBits, skey, DES_ENCRYPTION ); } //** TDES_setup_decrypt_key // This function calls into TDES_setup(), specifically for an decryption key. int TDES_setup_decrypt_key( const BYTE *key, UINT32 keyBits, tpmKeyScheduleTDES *skey ) { return TDES_setup( key, keyBits, skey, DES_DECRYPTION ); } //*** TDES_encyrpt() void TDES_encrypt( const BYTE *in, BYTE *out, tpmKeyScheduleTDES *ks ) { wc_Des3_EcbEncrypt( ks, out, in, DES_BLOCK_SIZE ); } //*** TDES_decrypt() void TDES_decrypt( const BYTE *in, BYTE *out, tpmKeyScheduleTDES *ks ) { wc_Des3_EcbDecrypt( ks, out, in, DES_BLOCK_SIZE ); } #endif // MATH_LIB_WOLF && ALG_TDES go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/wolf/TpmToWolfMath.c000066400000000000000000000351511510276467000277610ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or other * materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Introduction // // This file contains the math functions that are not implemented in the BnMath // library (yet). These math functions will call the wolfcrypt library to execute // the operations. There is a difference between the internal format and the // wolfcrypt format. To call the wolfcrypt function, a mp_int structure is created // for each passed variable. We define USE_FAST_MATH wolfcrypt option, which allocates // mp_int on the stack. We must copy each word to the new structure, and set the used // size. // // Not using USE_FAST_MATH would allow for a simple pointer swap for the big integer // buffer 'd', however wolfcrypt expects to manage this memory, and will swap out // the pointer to and from temporary variables and free the reference underneath us. // Using USE_FAST_MATH also instructs wolfcrypt to use the stack for all these // intermediate variables //** Includes and Defines #include "Tpm.h" #ifdef MATH_LIB_WOLF #include "BnConvert_fp.h" #include "TpmToWolfMath_fp.h" #define WOLF_HALF_RADIX (RADIX_BITS == 64 && !defined(FP_64BIT)) //** Functions //*** BnFromWolf() // This function converts a wolfcrypt mp_int to a TPM bignum. In this implementation // it is assumed that wolfcrypt used the same format for a big number as does the // TPM -- an array of native-endian words in little-endian order. void BnFromWolf( bigNum bn, mp_int *wolfBn ) { if(bn != NULL) { int i; #if WOLF_HALF_RADIX pAssert((unsigned)wolfBn->used <= 2 * BnGetAllocated(bn)); #else pAssert((unsigned)wolfBn->used <= BnGetAllocated(bn)); #endif for (i = 0; i < wolfBn->used; i++) { #if WOLF_HALF_RADIX if (i & 1) bn->d[i/2] |= (crypt_uword_t)wolfBn->dp[i] << 32; else bn->d[i/2] = wolfBn->dp[i]; #else bn->d[i] = wolfBn->dp[i]; #endif } #if WOLF_HALF_RADIX BnSetTop(bn, (wolfBn->used + 1)/2); #else BnSetTop(bn, wolfBn->used); #endif } } //*** BnToWolf() // This function converts a TPM bignum to a wolfcrypt mp_init, and has the same // assumptions as made by BnFromWolf() void BnToWolf( mp_int *toInit, bigConst initializer ) { uint32_t i; if (toInit != NULL && initializer != NULL) { for (i = 0; i < initializer->size; i++) { #if WOLF_HALF_RADIX toInit->dp[2 * i] = (fp_digit)initializer->d[i]; toInit->dp[2 * i + 1] = (fp_digit)(initializer->d[i] >> 32); #else toInit->dp[i] = initializer->d[i]; #endif } #if WOLF_HALF_RADIX toInit->used = (int)initializer->size * 2; if (toInit->dp[toInit->used - 1] == 0 && toInit->dp[toInit->used - 2] != 0) --toInit->used; #else toInit->used = (int)initializer->size; #endif toInit->sign = 0; } } //*** MpInitialize() // This function initializes an wolfcrypt mp_int. mp_int * MpInitialize( mp_int *toInit ) { mp_init( toInit ); return toInit; } #if LIBRARY_COMPATIBILITY_CHECK //** MathLibraryCompatibililtyCheck() // This function is only used during development to make sure that the library // that is being referenced is using the same size of data structures as the TPM. void MathLibraryCompatibilityCheck( void ) { BN_VAR(tpmTemp, 64 * 8); // allocate some space for a test value crypt_uword_t i; TPM2B_TYPE(TEST, 16); TPM2B_TEST test = {{16, {0x0F, 0x0E, 0x0D, 0x0C, 0x0B, 0x0A, 0x09, 0x08, 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00}}}; // Convert the test TPM2B to a bigNum BnFrom2B(tpmTemp, &test.b); MP_INITIALIZED(wolfTemp, tpmTemp); (wolfTemp); // compiler warning // Make sure the values are consistent cAssert(wolfTemp->used == (int)tpmTemp->size); for(i = 0; i < tpmTemp->size; i++) cAssert(wolfTemp->dp[i] == tpmTemp->d[i]); } #endif //*** BnModMult() // Does multiply and divide returning the remainder of the divide. LIB_EXPORT BOOL BnModMult( bigNum result, bigConst op1, bigConst op2, bigConst modulus ) { WOLF_ENTER(); BOOL OK; MP_INITIALIZED(bnOp1, op1); MP_INITIALIZED(bnOp2, op2); MP_INITIALIZED(bnTemp, NULL); BN_VAR(temp, LARGEST_NUMBER_BITS * 2); pAssert(BnGetAllocated(result) >= BnGetSize(modulus)); OK = (mp_mul( bnOp1, bnOp2, bnTemp ) == MP_OKAY); if(OK) { BnFromWolf(temp, bnTemp); OK = BnDiv(NULL, result, temp, modulus); } WOLF_LEAVE(); return OK; } //*** BnMult() // Multiplies two numbers LIB_EXPORT BOOL BnMult( bigNum result, bigConst multiplicand, bigConst multiplier ) { WOLF_ENTER(); BOOL OK; MP_INITIALIZED(bnTemp, NULL); MP_INITIALIZED(bnA, multiplicand); MP_INITIALIZED(bnB, multiplier); pAssert(result->allocated >= (BITS_TO_CRYPT_WORDS(BnSizeInBits(multiplicand) + BnSizeInBits(multiplier)))); OK = (mp_mul( bnA, bnB, bnTemp ) == MP_OKAY); if(OK) { BnFromWolf(result, bnTemp); } WOLF_LEAVE(); return OK; } //*** BnDiv() // This function divides two bigNum values. The function returns FALSE if // there is an error in the operation. LIB_EXPORT BOOL BnDiv( bigNum quotient, bigNum remainder, bigConst dividend, bigConst divisor ) { WOLF_ENTER(); BOOL OK; MP_INITIALIZED(bnQ, quotient); MP_INITIALIZED(bnR, remainder); MP_INITIALIZED(bnDend, dividend); MP_INITIALIZED(bnSor, divisor); pAssert(!BnEqualZero(divisor)); if(BnGetSize(dividend) < BnGetSize(divisor)) { if(quotient) BnSetWord(quotient, 0); if(remainder) BnCopy(remainder, dividend); OK = TRUE; } else { pAssert((quotient == NULL) || (quotient->allocated >= (unsigned)(dividend->size - divisor->size))); pAssert((remainder == NULL) || (remainder->allocated >= divisor->size)); OK = (mp_div(bnDend , bnSor, bnQ, bnR) == MP_OKAY); if(OK) { BnFromWolf(quotient, bnQ); BnFromWolf(remainder, bnR); } } WOLF_LEAVE(); return OK; } #if ALG_RSA //*** BnGcd() // Get the greatest common divisor of two numbers LIB_EXPORT BOOL BnGcd( bigNum gcd, // OUT: the common divisor bigConst number1, // IN: bigConst number2 // IN: ) { WOLF_ENTER(); BOOL OK; MP_INITIALIZED(bnGcd, gcd); MP_INITIALIZED(bn1, number1); MP_INITIALIZED(bn2, number2); pAssert(gcd != NULL); OK = (mp_gcd( bn1, bn2, bnGcd ) == MP_OKAY); if(OK) { BnFromWolf(gcd, bnGcd); } WOLF_LEAVE(); return OK; } //***BnModExp() // Do modular exponentiation using bigNum values. The conversion from a mp_int to // a bigNum is trivial as they are based on the same structure LIB_EXPORT BOOL BnModExp( bigNum result, // OUT: the result bigConst number, // IN: number to exponentiate bigConst exponent, // IN: bigConst modulus // IN: ) { WOLF_ENTER(); BOOL OK; MP_INITIALIZED(bnResult, result); MP_INITIALIZED(bnN, number); MP_INITIALIZED(bnE, exponent); MP_INITIALIZED(bnM, modulus); OK = (mp_exptmod( bnN, bnE, bnM, bnResult ) == MP_OKAY); if(OK) { BnFromWolf(result, bnResult); } WOLF_LEAVE(); return OK; } //*** BnModInverse() // Modular multiplicative inverse LIB_EXPORT BOOL BnModInverse( bigNum result, bigConst number, bigConst modulus ) { WOLF_ENTER(); BOOL OK; MP_INITIALIZED(bnResult, result); MP_INITIALIZED(bnN, number); MP_INITIALIZED(bnM, modulus); OK = (mp_invmod(bnN, bnM, bnResult) == MP_OKAY); if(OK) { BnFromWolf(result, bnResult); } WOLF_LEAVE(); return OK; } #endif // TPM_ALG_RSA #if ALG_ECC //*** PointFromWolf() // Function to copy the point result from a wolf ecc_point to a bigNum void PointFromWolf( bigPoint pOut, // OUT: resulting point ecc_point *pIn // IN: the point to return ) { BnFromWolf(pOut->x, pIn->x); BnFromWolf(pOut->y, pIn->y); BnFromWolf(pOut->z, pIn->z); } //*** PointToWolf() // Function to copy the point result from a bigNum to a wolf ecc_point void PointToWolf( ecc_point *pOut, // OUT: resulting point pointConst pIn // IN: the point to return ) { BnToWolf(pOut->x, pIn->x); BnToWolf(pOut->y, pIn->y); BnToWolf(pOut->z, pIn->z); } //*** EcPointInitialized() // Allocate and initialize a point. static ecc_point * EcPointInitialized( pointConst initializer ) { ecc_point *P; P = wc_ecc_new_point(); pAssert(P != NULL); // mp_int x,y,z are stack allocated. // initializer is not required if (P != NULL && initializer != NULL) { PointToWolf( P, initializer ); } return P; } //*** BnEccModMult() // This function does a point multiply of the form R = [d]S // return type: BOOL // FALSE failure in operation; treat as result being point at infinity LIB_EXPORT BOOL BnEccModMult( bigPoint R, // OUT: computed point pointConst S, // IN: point to multiply by 'd' (optional) bigConst d, // IN: scalar for [d]S bigCurve E ) { WOLF_ENTER(); BOOL OK; MP_INITIALIZED(bnD, d); MP_INITIALIZED(bnPrime, CurveGetPrime(E)); POINT_CREATE(pS, NULL); POINT_CREATE(pR, NULL); if(S == NULL) S = CurveGetG(AccessCurveData(E)); PointToWolf(pS, S); OK = (wc_ecc_mulmod(bnD, pS, pR, NULL, bnPrime, 1 ) == MP_OKAY); if(OK) { PointFromWolf(R, pR); } POINT_DELETE(pR); POINT_DELETE(pS); WOLF_LEAVE(); return !BnEqualZero(R->z); } //*** BnEccModMult2() // This function does a point multiply of the form R = [d]G + [u]Q // return type: BOOL // FALSE failure in operation; treat as result being point at infinity LIB_EXPORT BOOL BnEccModMult2( bigPoint R, // OUT: computed point pointConst S, // IN: optional point bigConst d, // IN: scalar for [d]S or [d]G pointConst Q, // IN: second point bigConst u, // IN: second scalar bigCurve E // IN: curve ) { WOLF_ENTER(); BOOL OK; POINT_CREATE(pR, NULL); POINT_CREATE(pS, NULL); POINT_CREATE(pQ, Q); MP_INITIALIZED(bnD, d); MP_INITIALIZED(bnU, u); MP_INITIALIZED(bnPrime, CurveGetPrime(E)); MP_INITIALIZED(bnA, CurveGet_a(E)); if(S == NULL) S = CurveGetG(AccessCurveData(E)); PointToWolf( pS, S ); OK = (ecc_mul2add(pS, bnD, pQ, bnU, pR, bnA, bnPrime, NULL) == MP_OKAY); if(OK) { PointFromWolf(R, pR); } POINT_DELETE(pS); POINT_DELETE(pQ); POINT_DELETE(pR); WOLF_LEAVE(); return !BnEqualZero(R->z); } //** BnEccAdd() // This function does addition of two points. // return type: BOOL // FALSE failure in operation; treat as result being point at infinity LIB_EXPORT BOOL BnEccAdd( bigPoint R, // OUT: computed point pointConst S, // IN: point to multiply by 'd' pointConst Q, // IN: second point bigCurve E // IN: curve ) { WOLF_ENTER(); BOOL OK; mp_digit mp; POINT_CREATE(pR, NULL); POINT_CREATE(pS, S); POINT_CREATE(pQ, Q); MP_INITIALIZED(bnA, CurveGet_a(E)); MP_INITIALIZED(bnMod, CurveGetPrime(E)); // OK = (mp_montgomery_setup(bnMod, &mp) == MP_OKAY); OK = OK && (ecc_projective_add_point(pS, pQ, pR, bnA, bnMod, mp ) == MP_OKAY); if(OK) { PointFromWolf(R, pR); } POINT_DELETE(pS); POINT_DELETE(pQ); POINT_DELETE(pR); WOLF_LEAVE(); return !BnEqualZero(R->z); } #endif // TPM_ALG_ECC #endif // MATH_LIB_WOLFgo-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/wolf/TpmToWolfSupport.c000066400000000000000000000043171510276467000305440ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or other * materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Introduction // // The functions in this file are used for initialization of the interface to the // wolfSSL library. //** Defines and Includes #include "Tpm.h" #if defined(HASH_LIB_WOLF) || defined(MATH_LIB_WOLF) || defined(SYM_LIB_WOLF) //*** SupportLibInit() // This does any initialization required by the support library. LIB_EXPORT int SupportLibInit( void ) { #if LIBRARY_COMPATIBILITY_CHECK MathLibraryCompatibilityCheck(); #endif return TRUE; } #endif // HASH_LIB_WOLF || MATH_LIB_WOLF || SYM_LIB_WOLF go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/crypt/wolf/wolfssl.vcxproj000066400000000000000000000253261510276467000302210ustar00rootroot00000000000000 Coverage Win32 Coverage x64 WolfDebug Win32 WolfDebug x64 WolfRelease Win32 WolfRelease x64 {73973223-5EE8-41CA-8E88-1D60E89A237B} wolfssl Win32Proj 10.0.17763.0 $(SolutionDir)..\external\wolfssl\ StaticLibrary v141 Unicode true StaticLibrary v141 Unicode true StaticLibrary v141 Unicode StaticLibrary v141 Unicode StaticLibrary v141 Unicode StaticLibrary v141 Unicode $(SolutionDir)\bin\$(PlatformTarget)\$(Configuration)\ $(SolutionDir)\bin\$(ProjectName)\$(PlatformTarget)\$(Configuration)\ $(VC_IncludePath);$(WindowsSDK_IncludePath);$(WolfRootDir) WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;CYASSL_USER_SETTINGS;%(PreprocessorDefinitions) Disabled true EnableFastChecks MultiThreadedDebugDLL Level4 EditAndContinue 4206;4214;4706;%(DisableSpecificWarnings) $(SolutionDir)\tpm\include;$(SolutionDir)\tpm\include\wolf;%(AdditionalIncludeDirectories) Disabled true EnableFastChecks MultiThreadedDebugDLL Level4 EditAndContinue 4206;4214;4706;%(DisableSpecificWarnings) $(SolutionDir)\tpm\include;$(SolutionDir)\tpm\include\wolf;%(AdditionalIncludeDirectories) Disabled EnableFastChecks MultiThreadedDebugDLL Level4 ProgramDatabase 4206;4214;4706;%(DisableSpecificWarnings) $(SolutionDir)\tpm\include;$(SolutionDir)\tpm\include\wolf;%(AdditionalIncludeDirectories) Disabled EnableFastChecks MultiThreadedDebugDLL Level4 ProgramDatabase 4206;4214;4706;%(DisableSpecificWarnings) MaxSpeed true MultiThreadedDLL true Level3 ProgramDatabase $(SolutionDir)\tpm\include;$(SolutionDir)\tpm\include\wolf;%(AdditionalIncludeDirectories) MaxSpeed true MultiThreadedDLL true Level3 ProgramDatabase $(SolutionDir)\tpm\include;$(SolutionDir)\tpm\include\wolf;%(AdditionalIncludeDirectories) go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/events/000077500000000000000000000000001510276467000242775ustar00rootroot00000000000000go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/events/_TPM_Hash_Data.c000066400000000000000000000056021510276467000271410ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" // This function is called to process a _TPM_Hash_Data indication. LIB_EXPORT void _TPM_Hash_Data( uint32_t dataSize, // IN: size of data to be extend unsigned char *data // IN: data buffer ) { UINT32 i; HASH_OBJECT *hashObject; TPMI_DH_PCR pcrHandle = TPMIsStarted() ? PCR_FIRST + DRTM_PCR : PCR_FIRST + HCRTM_PCR; // If there is no DRTM sequence object, then _TPM_Hash_Start // was not called so this function returns without doing // anything. if(g_DRTMHandle == TPM_RH_UNASSIGNED) return; hashObject = (HASH_OBJECT *)HandleToObject(g_DRTMHandle); pAssert(hashObject->attributes.eventSeq); // For each of the implemented hash algorithms, update the digest with the // data provided. for(i = 0; i < HASH_COUNT; i++) { // make sure that the PCR is implemented for this algorithm if(PcrIsAllocated(pcrHandle, hashObject->state.hashState[i].hashAlg)) // Update sequence object CryptDigestUpdate(&hashObject->state.hashState[i], dataSize, data); } return; }go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/events/_TPM_Hash_End.c000066400000000000000000000070671510276467000270050ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" // This function is called to process a _TPM_Hash_End indication. LIB_EXPORT void _TPM_Hash_End( void ) { UINT32 i; TPM2B_DIGEST digest; HASH_OBJECT *hashObject; TPMI_DH_PCR pcrHandle; // If the DRTM handle is not being used, then either _TPM_Hash_Start has not // been called, _TPM_Hash_End was previously called, or some other command // was executed and the sequence was aborted. if(g_DRTMHandle == TPM_RH_UNASSIGNED) return; // Get DRTM sequence object hashObject = (HASH_OBJECT *)HandleToObject(g_DRTMHandle); // Is this _TPM_Hash_End after Startup or before if(TPMIsStarted()) { // After // Reset the DRTM PCR PCRResetDynamics(); // Extend the DRTM_PCR. pcrHandle = PCR_FIRST + DRTM_PCR; // DRTM sequence increments restartCount gr.restartCount++; } else { pcrHandle = PCR_FIRST + HCRTM_PCR; g_DrtmPreStartup = TRUE; } // Complete hash and extend PCR, or if this is an HCRTM, complete // the hash, reset the H-CRTM register (PCR[0]) to 0...04, and then // extend the H-CRTM data for(i = 0; i < HASH_COUNT; i++) { TPMI_ALG_HASH hash = CryptHashGetAlgByIndex(i); // make sure that the PCR is implemented for this algorithm if(PcrIsAllocated(pcrHandle, hashObject->state.hashState[i].hashAlg)) { // Complete hash digest.t.size = CryptHashGetDigestSize(hash); CryptHashEnd2B(&hashObject->state.hashState[i], &digest.b); PcrDrtm(pcrHandle, hash, &digest); } } // Flush sequence object. FlushObject(g_DRTMHandle); g_DRTMHandle = TPM_RH_UNASSIGNED; return; }go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/events/_TPM_Hash_Start.c000066400000000000000000000077051510276467000273730ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" // This function is called to process a _TPM_Hash_Start indication. LIB_EXPORT void _TPM_Hash_Start( void ) { TPM_RC result; TPMI_DH_OBJECT handle; // If a DRTM sequence object exists, free it up if(g_DRTMHandle != TPM_RH_UNASSIGNED) { FlushObject(g_DRTMHandle); g_DRTMHandle = TPM_RH_UNASSIGNED; } // Create an event sequence object and store the handle in global // g_DRTMHandle. A TPM_RC_OBJECT_MEMORY error may be returned at this point // The NULL value for the first parameter will cause the sequence structure to // be allocated without being set as present. This keeps the sequence from // being left behind if the sequence is terminated early. result = ObjectCreateEventSequence(NULL, &g_DRTMHandle); // If a free slot was not available, then free up a slot. if(result != TPM_RC_SUCCESS) { // An implementation does not need to have a fixed relationship between // slot numbers and handle numbers. To handle the general case, scan for // a handle that is assigned and free it for the DRTM sequence. // In the reference implementation, the relationship between handles and // slots is fixed. So, if the call to ObjectCreateEvenSequence() // failed indicating that all slots are occupied, then the first handle we // are going to check (TRANSIENT_FIRST) will be occupied. It will be freed // so that it can be assigned for use as the DRTM sequence object. for(handle = TRANSIENT_FIRST; handle < TRANSIENT_LAST; handle++) { // try to flush the first object if(IsObjectPresent(handle)) break; } // If the first call to find a slot fails but none of the slots is occupied // then there's a big problem pAssert(handle < TRANSIENT_LAST); // Free the slot FlushObject(handle); // Try to create an event sequence object again. This time, we must // succeed. result = ObjectCreateEventSequence(NULL, &g_DRTMHandle); if(result != TPM_RC_SUCCESS) FAIL(FATAL_ERROR_INTERNAL); } return; }go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/events/_TPM_Init.c000066400000000000000000000061741510276467000262350ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "Tpm.h" #include "_TPM_Init_fp.h" // This function is used to process a _TPM_Init indication. LIB_EXPORT void _TPM_Init( void ) { g_powerWasLost = g_powerWasLost | _plat__WasPowerLost(); #if SIMULATION && DEBUG // If power was lost and this was a simulation, put canary in RAM used by NV // so that uninitialized memory can be detected more easily if(g_powerWasLost) { memset(&gc, 0xbb, sizeof(gc)); memset(&gr, 0xbb, sizeof(gr)); memset(&gp, 0xbb, sizeof(gp)); memset(&go, 0xbb, sizeof(go)); } #endif #if SIMULATION // Clear the flag that forces failure on self-test g_forceFailureMode = FALSE; #endif // Set initialization state TPMInit(); // Set g_DRTMHandle as unassigned g_DRTMHandle = TPM_RH_UNASSIGNED; // No H-CRTM, yet. g_DrtmPreStartup = FALSE; // Initialize the NvEnvironment. g_nvOk = NvPowerOn(); // Initialize cryptographic functions g_inFailureMode = (CryptInit() == FALSE); if(!g_inFailureMode) { // Load the persistent data NvReadPersistent(); // Load the orderly data (clock and DRBG state). // If this is not done here, things break NvRead(&go, NV_ORDERLY_DATA, sizeof(go)); // Start clock. Need to do this after NV has been restored. TimePowerOn(); } return; }go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/main/000077500000000000000000000000001510276467000237175ustar00rootroot00000000000000go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/main/CommandDispatcher.c000066400000000000000000000427441510276467000274630ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Includes and Typedefs #include "Tpm.h" #if TABLE_DRIVEN_DISPATCH typedef TPM_RC(NoFlagFunction)(void *target, BYTE **buffer, INT32 *size); typedef TPM_RC(FlagFunction)(void *target, BYTE **buffer, INT32 *size, BOOL flag); typedef FlagFunction *UNMARSHAL_t; typedef INT16(MarshalFunction)(void *source, BYTE **buffer, INT32 *size); typedef MarshalFunction *MARSHAL_t; typedef TPM_RC(COMMAND_NO_ARGS)(void); typedef TPM_RC(COMMAND_IN_ARG)(void *in); typedef TPM_RC(COMMAND_OUT_ARG)(void *out); typedef TPM_RC(COMMAND_INOUT_ARG)(void *in, void *out); typedef union COMMAND_t { COMMAND_NO_ARGS *noArgs; COMMAND_IN_ARG *inArg; COMMAND_OUT_ARG *outArg; COMMAND_INOUT_ARG *inOutArg; } COMMAND_t; // This structure is used by ParseHandleBuffer() and CommandDispatcher(). The // parameters in this structure are unique for each command. The parameters are: // command holds the address of the command processing function that is called // by Command Dispatcher. // inSize this is the size of the command-dependent input structure. The // input structure holds the unmarshaled handles and command // parameters. If the command takes no arguments (handles or // parameters) then inSize will have a value of 0. // outSize this is the size of the command-dependent output structure. The // output structure holds the results of the command in an unmarshaled // form. When command processing is completed, these values are // marshaled into the output buffer. It is always the case that the // unmarshaled version of an output structure is larger then the // marshaled version. This is because the marshaled version contains // the exact same number of significant bytes but with padding removed. // typesOffsets this parameter points to the list of data types that are to be // marshaled or unmarshaled. The list of types follows the 'offsets' // array. The offsets array is variable sized so the typesOffset filed // is necessary for the handle and command processing to be able to // find the types that are being handled. The 'offsets' array may be // empty. The types structure is described below. // offsets this is an array of offsets of each of the parameters in the // command or response. When processing the command parameters (not // handles) the list contains the offset of the next parameter. For // example, if the first command parameter has a size of 4 and there is // a second command parameter, then the offset would be 4, indicating // that the second parameter starts at 4. If the second parameter has // a size of 8, and there is a third parameter, then the second entry // in offsets is 12 (4 for the first parameter and 8 for the second). // An offset value of 0 in the list indicates the start of the response // parameter list. When CommandDispatcher hits this value, it will stop // unmarshaling the parameters and call 'command'. If a command has no // response parameters and only one command parameter, then offsets can // be an empty list. typedef struct COMMAND_DESCRIPTOR_t { COMMAND_t command; // Address of the command UINT16 inSize; // Maximum size of the input structure UINT16 outSize; // Maximum size of the output structure UINT16 typesOffset; // address of the types field UINT16 offsets[1]; } COMMAND_DESCRIPTOR_t; // The 'types' list is an encoded byte array. The byte value has two parts. The most // significant bit is used when a parameter takes a flag and indicates if the flag // should be SET or not. The remaining 7 bits are an index into an array of // addresses of marshaling and unmarshaling functions. // The array of functions is divided into 6 sections with a value assigned // to denote the start of that section (and the end of the previous section). The // defined offset values for each section are: // 0 unmarshaling for handles that do not take flags // HANDLE_FIRST_FLAG_TYPE unmarshaling for handles that take flags // PARAMETER_FIRST_TYPE unmarshaling for parameters that do not take flags // PARAMETER_FIRST_FLAG_TYPE unmarshaling for parameters that take flags // PARAMETER_LAST_TYPE + 1 marshaling for handles // RESPONSE_PARAMETER_FIRST_TYPE marshaling for parameters // RESPONSE_PARAMETER_LAST_TYPE is the last value in the list of marshaling and // unmarshaling functions. // // The types list is constructed with a byte of 0xff at the end of the command // parameters and with an 0xff at the end of the response parameters. #if COMPRESSED_LISTS # define PAD_LIST 0 #else # define PAD_LIST 1 #endif #define _COMMAND_TABLE_DISPATCH_ #include "CommandDispatchData.h" #define TEST_COMMAND TPM_CC_Startup #define NEW_CC #else #include "Commands.h" #endif //** Marshal/Unmarshal Functions //*** ParseHandleBuffer() // This is the table-driven version of the handle buffer unmarshaling code TPM_RC ParseHandleBuffer( COMMAND *command ) { TPM_RC result; #if TABLE_DRIVEN_DISPATCH COMMAND_DESCRIPTOR_t *desc; BYTE *types; BYTE type; BYTE dType; // Make sure that nothing strange has happened pAssert(command->index < sizeof(s_CommandDataArray) / sizeof(COMMAND_DESCRIPTOR_t *)); // Get the address of the descriptor for this command desc = s_CommandDataArray[command->index]; pAssert(desc != NULL); // Get the associated list of unmarshaling data types. types = &((BYTE *)desc)[desc->typesOffset]; // if(s_ccAttr[commandIndex].commandIndex == TEST_COMMAND) // commandIndex = commandIndex; // No handles yet command->handleNum = 0; // Get the first type value for(type = *types++; // check each byte to make sure that we have not hit the start // of the parameters (dType = (type & 0x7F)) < PARAMETER_FIRST_TYPE; // get the next type type = *types++) { // See if unmarshaling of this handle type requires a flag if(dType < HANDLE_FIRST_FLAG_TYPE) { // Look up the function to do the unmarshaling NoFlagFunction *f = (NoFlagFunction *)UnmarshalArray[dType]; // call it result = f(&(command->handles[command->handleNum]), &command->parameterBuffer, &command->parameterSize); } else { // Look up the function FlagFunction *f = UnmarshalArray[dType]; // Call it setting the flag to the appropriate value result = f(&(command->handles[command->handleNum]), &command->parameterBuffer, &command->parameterSize, (type & 0x80) != 0); } // Got a handle // We do this first so that the match for the handle offset of the // response code works correctly. command->handleNum += 1; if(result != TPM_RC_SUCCESS) // if the unmarshaling failed, return the response code with the // handle indication set return result + TPM_RC_H + (command->handleNum * TPM_RC_1); } #else BYTE **handleBufferStart = &command->parameterBuffer; INT32 *bufferRemainingSize = &command->parameterSize; TPM_HANDLE *handles = &command->handles[0]; UINT32 *handleCount = &command->handleNum; *handleCount = 0; switch(command->code) { #include "HandleProcess.h" #undef handles default: FAIL(FATAL_ERROR_INTERNAL); break; } #endif return TPM_RC_SUCCESS; } //*** CommandDispatcher() // Function to unmarshal the command parameters, call the selected action code, and // marshal the response parameters. TPM_RC CommandDispatcher( COMMAND *command ) { #if !TABLE_DRIVEN_DISPATCH TPM_RC result; BYTE **paramBuffer = &command->parameterBuffer; INT32 *paramBufferSize = &command->parameterSize; BYTE **responseBuffer = &command->responseBuffer; INT32 *respParmSize = &command->parameterSize; INT32 rSize; TPM_HANDLE *handles = &command->handles[0]; // command->handleNum = 0; // The command-specific code knows how // many handles there are. This is for // cataloging the number of response // handles MemoryIoBufferAllocationReset(); // Initialize so that allocation will // work properly switch(GetCommandCode(command->index)) { #include "CommandDispatcher.h" default: FAIL(FATAL_ERROR_INTERNAL); break; } Exit: MemoryIoBufferZero(); return result; #else COMMAND_DESCRIPTOR_t *desc; BYTE *types; BYTE type; UINT16 *offsets; UINT16 offset = 0; UINT32 maxInSize; BYTE *commandIn; INT32 maxOutSize; BYTE *commandOut; COMMAND_t cmd; TPM_HANDLE *handles; UINT32 hasInParameters = 0; BOOL hasOutParameters = FALSE; UINT32 pNum = 0; BYTE dType; // dispatch type TPM_RC result; // // Get the address of the descriptor for this command pAssert(command->index < sizeof(s_CommandDataArray) / sizeof(COMMAND_DESCRIPTOR_t *)); desc = s_CommandDataArray[command->index]; // Get the list of parameter types for this command pAssert(desc != NULL); types = &((BYTE *)desc)[desc->typesOffset]; // Get a pointer to the list of parameter offsets offsets = &desc->offsets[0]; // pointer to handles handles = command->handles; // Get the size required to hold all the unmarshaled parameters for this command maxInSize = desc->inSize; // and the size of the output parameter structure returned by this command maxOutSize = desc->outSize; MemoryIoBufferAllocationReset(); // Get a buffer for the input parameters commandIn = MemoryGetInBuffer(maxInSize); // And the output parameters commandOut = (BYTE *)MemoryGetOutBuffer((UINT32)maxOutSize); // Get the address of the action code dispatch cmd = desc->command; // Copy any handles into the input buffer for(type = *types++; (type & 0x7F) < PARAMETER_FIRST_TYPE; type = *types++) { // 'offset' was initialized to zero so the first unmarshaling will always // be to the start of the data structure *(TPM_HANDLE *)&(commandIn[offset]) = *handles++; // This check is used so that we don't have to add an additional offset // value to the offsets list to correspond to the stop value in the // command parameter list. if(*types != 0xFF) offset = *offsets++; // maxInSize -= sizeof(TPM_HANDLE); hasInParameters++; } // Exit loop with type containing the last value read from types // maxInSize has the amount of space remaining in the command action input // buffer. Make sure that we don't have more data to unmarshal than is going to // fit. // type contains the last value read from types so it is not necessary to // reload it, which is good because *types now points to the next value for(; (dType = (type & 0x7F)) <= PARAMETER_LAST_TYPE; type = *types++) { pNum++; if(dType < PARAMETER_FIRST_FLAG_TYPE) { NoFlagFunction *f = (NoFlagFunction *)UnmarshalArray[dType]; result = f(&commandIn[offset], &command->parameterBuffer, &command->parameterSize); } else { FlagFunction *f = UnmarshalArray[dType]; result = f(&commandIn[offset], &command->parameterBuffer, &command->parameterSize, (type & 0x80) != 0); } if(result != TPM_RC_SUCCESS) { result += TPM_RC_P + (TPM_RC_1 * pNum); goto Exit; } // This check is used so that we don't have to add an additional offset // value to the offsets list to correspond to the stop value in the // command parameter list. if(*types != 0xFF) offset = *offsets++; hasInParameters++; } // Should have used all the bytes in the input if(command->parameterSize != 0) { result = TPM_RC_SIZE; goto Exit; } // The command parameter unmarshaling stopped when it hit a value that was out // of range for unmarshaling values and left *types pointing to the first // marshaling type. If that type happens to be the STOP value, then there // are no response parameters. So, set the flag to indicate if there are // output parameters. hasOutParameters = *types != 0xFF; // There are four cases for calling, with and without input parameters and with // and without output parameters. if(hasInParameters > 0) { if(hasOutParameters) result = cmd.inOutArg(commandIn, commandOut); else result = cmd.inArg(commandIn); } else { if(hasOutParameters) result = cmd.outArg(commandOut); else result = cmd.noArgs(); } if(result != TPM_RC_SUCCESS) goto Exit; // Offset in the marshaled output structure offset = 0; // Process the return handles, if any command->handleNum = 0; // Could make this a loop to process output handles but there is only ever // one handle in the outputs (for now). type = *types++; if((dType = (type & 0x7F)) < RESPONSE_PARAMETER_FIRST_TYPE) { // The out->handle value was referenced as TPM_HANDLE in the // action code so it has to be properly aligned. command->handles[command->handleNum++] = *((TPM_HANDLE *)&(commandOut[offset])); maxOutSize -= sizeof(UINT32); type = *types++; offset = *offsets++; } // Use the size of the command action output buffer as the maximum for the // number of bytes that can get marshaled. Since the marshaling code has // no pointers to data, all of the data being returned has to be in the // command action output buffer. If we try to marshal more bytes than // could fit into the output buffer, we need to fail. for(;(dType = (type & 0x7F)) <= RESPONSE_PARAMETER_LAST_TYPE && !g_inFailureMode; type = *types++) { const MARSHAL_t f = MarshalArray[dType]; command->parameterSize += f(&commandOut[offset], &command->responseBuffer, &maxOutSize); offset = *offsets++; } result = (maxOutSize < 0) ? TPM_RC_FAILURE : TPM_RC_SUCCESS; Exit: MemoryIoBufferZero(); return result; #endif }go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/main/ExecCommand.c000066400000000000000000000332251510276467000262530ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Introduction // // This file contains the entry function ExecuteCommand() which provides the main // control flow for TPM command execution. //** Includes #include "Tpm.h" #include "ExecCommand_fp.h" // Uncomment this next #include if doing static command/response buffer sizing // #include "CommandResponseSizes_fp.h" //** ExecuteCommand() // // The function performs the following steps. // // a) Parses the command header from input buffer. // b) Calls ParseHandleBuffer() to parse the handle area of the command. // c) Validates that each of the handles references a loaded entity. // d) Calls ParseSessionBuffer () to: // 1) unmarshal and parse the session area; // 2) check the authorizations; and // 3) when necessary, decrypt a parameter. // e) Calls CommandDispatcher() to: // 1) unmarshal the command parameters from the command buffer; // 2) call the routine that performs the command actions; and // 3) marshal the responses into the response buffer. // f) If any error occurs in any of the steps above create the error response // and return. // g) Calls BuildResponseSessions() to: // 1) when necessary, encrypt a parameter // 2) build the response authorization sessions // 3) update the audit sessions and nonces // h) Calls BuildResponseHeader() to complete the construction of the response. // // 'responseSize' is set by the caller to the maximum number of bytes available in // the output buffer. ExecuteCommand will adjust the value and return the number // of bytes placed in the buffer. // // 'response' is also set by the caller to indicate the buffer into which // ExecuteCommand is to place the response. // // 'request' and 'response' may point to the same buffer // // Note: As of February, 2016, the failure processing has been moved to the // platform-specific code. When the TPM code encounters an unrecoverable failure, it // will SET g_inFailureMode and call _plat__Fail(). That function should not return // but may call ExecuteCommand(). // LIB_EXPORT void ExecuteCommand( uint32_t requestSize, // IN: command buffer size unsigned char *request, // IN: command buffer uint32_t *responseSize, // IN/OUT: response buffer size unsigned char **response // IN/OUT: response buffer ) { // Command local variables UINT32 commandSize; COMMAND command; // Response local variables UINT32 maxResponse = *responseSize; TPM_RC result; // return code for the command // This next function call is used in development to size the command and response // buffers. The values printed are the sizes of the internal structures and // not the sizes of the canonical forms of the command response structures. Also, // the sizes do not include the tag, command.code, requestSize, or the authorization // fields. //CommandResponseSizes(); // Set flags for NV access state. This should happen before any other // operation that may require a NV write. Note, that this needs to be done // even when in failure mode. Otherwise, g_updateNV would stay SET while in // Failure mode and the NV would be written on each call. g_updateNV = UT_NONE; g_clearOrderly = FALSE; if(g_inFailureMode) { // Do failure mode processing TpmFailureMode(requestSize, request, responseSize, response); return; } // Query platform to get the NV state. The result state is saved internally // and will be reported by NvIsAvailable(). The reference code requires that // accessibility of NV does not change during the execution of a command. // Specifically, if NV is available when the command execution starts and then // is not available later when it is necessary to write to NV, then the TPM // will go into failure mode. NvCheckState(); // Due to the limitations of the simulation, TPM clock must be explicitly // synchronized with the system clock whenever a command is received. // This function call is not necessary in a hardware TPM. However, taking // a snapshot of the hardware timer at the beginning of the command allows // the time value to be consistent for the duration of the command execution. TimeUpdateToCurrent(); // Any command through this function will unceremoniously end the // _TPM_Hash_Data/_TPM_Hash_End sequence. if(g_DRTMHandle != TPM_RH_UNASSIGNED) ObjectTerminateEvent(); // Get command buffer size and command buffer. command.parameterBuffer = request; command.parameterSize = requestSize; // Parse command header: tag, commandSize and command.code. // First parse the tag. The unmarshaling routine will validate // that it is either TPM_ST_SESSIONS or TPM_ST_NO_SESSIONS. result = TPMI_ST_COMMAND_TAG_Unmarshal(&command.tag, &command.parameterBuffer, &command.parameterSize); if(result != TPM_RC_SUCCESS) goto Cleanup; // Unmarshal the commandSize indicator. result = UINT32_Unmarshal(&commandSize, &command.parameterBuffer, &command.parameterSize); if(result != TPM_RC_SUCCESS) goto Cleanup; // On a TPM that receives bytes on a port, the number of bytes that were // received on that port is requestSize it must be identical to commandSize. // In addition, commandSize must not be larger than MAX_COMMAND_SIZE allowed // by the implementation. The check against MAX_COMMAND_SIZE may be redundant // as the input processing (the function that receives the command bytes and // places them in the input buffer) would likely have the input truncated when // it reaches MAX_COMMAND_SIZE, and requestSize would not equal commandSize. if(commandSize != requestSize || commandSize > MAX_COMMAND_SIZE) { result = TPM_RC_COMMAND_SIZE; goto Cleanup; } // Unmarshal the command code. result = TPM_CC_Unmarshal(&command.code, &command.parameterBuffer, &command.parameterSize); if(result != TPM_RC_SUCCESS) goto Cleanup; // Check to see if the command is implemented. command.index = CommandCodeToCommandIndex(command.code); if(UNIMPLEMENTED_COMMAND_INDEX == command.index) { result = TPM_RC_COMMAND_CODE; goto Cleanup; } #if FIELD_UPGRADE_IMPLEMENTED == YES // If the TPM is in FUM, then the only allowed command is // TPM_CC_FieldUpgradeData. if(IsFieldUgradeMode() && (command.code != TPM_CC_FieldUpgradeData)) { result = TPM_RC_UPGRADE; goto Cleanup; } else #endif // Excepting FUM, the TPM only accepts TPM2_Startup() after // _TPM_Init. After getting a TPM2_Startup(), TPM2_Startup() // is no longer allowed. if((!TPMIsStarted() && command.code != TPM_CC_Startup) || (TPMIsStarted() && command.code == TPM_CC_Startup)) { result = TPM_RC_INITIALIZE; goto Cleanup; } // Start regular command process. NvIndexCacheInit(); // Parse Handle buffer. result = ParseHandleBuffer(&command); if(result != TPM_RC_SUCCESS) goto Cleanup; // All handles in the handle area are required to reference TPM-resident // entities. result = EntityGetLoadStatus(&command); if(result != TPM_RC_SUCCESS) goto Cleanup; // Authorization session handling for the command. ClearCpRpHashes(&command); if(command.tag == TPM_ST_SESSIONS) { // Find out session buffer size. result = UINT32_Unmarshal((UINT32 *)&command.authSize, &command.parameterBuffer, &command.parameterSize); if(result != TPM_RC_SUCCESS) goto Cleanup; // Perform sanity check on the unmarshaled value. If it is smaller than // the smallest possible session or larger than the remaining size of // the command, then it is an error. NOTE: This check could pass but the // session size could still be wrong. That will be determined after the // sessions are unmarshaled. if(command.authSize < 9 || command.authSize > command.parameterSize) { result = TPM_RC_SIZE; goto Cleanup; } command.parameterSize -= command.authSize; // The actions of ParseSessionBuffer() are described in the introduction. // As the sessions are parsed command.parameterBuffer is advanced so, on a // successful return, command.parameterBuffer should be pointing at the // first byte of the parameters. result = ParseSessionBuffer(&command); if(result != TPM_RC_SUCCESS) goto Cleanup; } else { command.authSize = 0; // The command has no authorization sessions. // If the command requires authorizations, then CheckAuthNoSession() will // return an error. result = CheckAuthNoSession(&command); if(result != TPM_RC_SUCCESS) goto Cleanup; } // Set up the response buffer pointers. CommandDispatch will marshal the // response parameters starting at the address in command.responseBuffer. //*response = MemoryGetResponseBuffer(command.index); // leave space for the command header command.responseBuffer = *response + STD_RESPONSE_HEADER; // leave space for the parameter size field if needed if(command.tag == TPM_ST_SESSIONS) command.responseBuffer += sizeof(UINT32); if(IsHandleInResponse(command.index)) command.responseBuffer += sizeof(TPM_HANDLE); // CommandDispatcher returns a response handle buffer and a response parameter // buffer if it succeeds. It will also set the parameterSize field in the // buffer if the tag is TPM_RC_SESSIONS. result = CommandDispatcher(&command); if(result != TPM_RC_SUCCESS) goto Cleanup; // Build the session area at the end of the parameter area. BuildResponseSession(&command); Cleanup: if(g_clearOrderly == TRUE && NV_IS_ORDERLY) { #if USE_DA_USED gp.orderlyState = g_daUsed ? SU_DA_USED_VALUE : SU_NONE_VALUE; #else gp.orderlyState = SU_NONE_VALUE; #endif NV_SYNC_PERSISTENT(orderlyState); } // This implementation loads an "evict" object to a transient object slot in // RAM whenever an "evict" object handle is used in a command so that the // access to any object is the same. These temporary objects need to be // cleared from RAM whether the command succeeds or fails. ObjectCleanupEvict(); // The parameters and sessions have been marshaled. Now tack on the header and // set the sizes BuildResponseHeader(&command, *response, result); // Try to commit all the writes to NV if any NV write happened during this // command execution. This check should be made for both succeeded and failed // commands, because a failed one may trigger a NV write in DA logic as well. // This is the only place in the command execution path that may call the NV // commit. If the NV commit fails, the TPM should be put in failure mode. if((g_updateNV != UT_NONE) && !g_inFailureMode) { if(g_updateNV == UT_ORDERLY) NvUpdateIndexOrderlyData(); if(!NvCommit()) FAIL(FATAL_ERROR_INTERNAL); g_updateNV = UT_NONE; } pAssert((UINT32)command.parameterSize <= maxResponse); // Clear unused bits in response buffer. MemorySet(*response + *responseSize, 0, maxResponse - *responseSize); // as a final act, and not before, update the response size. *responseSize = (UINT32)command.parameterSize; return; }go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/main/SessionProcess.c000066400000000000000000002551571510276467000270640ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Introduction // This file contains the subsystem that process the authorization sessions // including implementation of the Dictionary Attack logic. ExecCommand() uses // ParseSessionBuffer() to process the authorization session area of a command and // BuildResponseSession() to create the authorization session area of a response. //** Includes and Data Definitions #define SESSION_PROCESS_C #include "Tpm.h" // //** Authorization Support Functions // //*** IsDAExempted() // This function indicates if a handle is exempted from DA logic. // A handle is exempted if it is // 1. a primary seed handle, // 2. an object with noDA bit SET, // 3. an NV Index with TPMA_NV_NO_DA bit SET, or // 4. a PCR handle. // // Return Type: BOOL // TRUE(1) handle is exempted from DA logic // FALSE(0) handle is not exempted from DA logic BOOL IsDAExempted( TPM_HANDLE handle // IN: entity handle ) { BOOL result = FALSE; // switch(HandleGetType(handle)) { case TPM_HT_PERMANENT: // All permanent handles, other than TPM_RH_LOCKOUT, are exempt from // DA protection. result = (handle != TPM_RH_LOCKOUT); break; // When this function is called, a persistent object will have been loaded // into an object slot and assigned a transient handle. case TPM_HT_TRANSIENT: { TPMA_OBJECT attributes = ObjectGetPublicAttributes(handle); result = IS_ATTRIBUTE(attributes, TPMA_OBJECT, noDA); break; } case TPM_HT_NV_INDEX: { NV_INDEX *nvIndex = NvGetIndexInfo(handle, NULL); result = IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, NO_DA); break; } case TPM_HT_PCR: // PCRs are always exempted from DA. result = TRUE; break; default: break; } return result; } //*** IncrementLockout() // This function is called after an authorization failure that involves use of // an authValue. If the entity referenced by the handle is not exempt from DA // protection, then the failedTries counter will be incremented. // // Return Type: TPM_RC // TPM_RC_AUTH_FAIL authorization failure that caused DA lockout to increment // TPM_RC_BAD_AUTH authorization failure did not cause DA lockout to // increment static TPM_RC IncrementLockout( UINT32 sessionIndex ) { TPM_HANDLE handle = s_associatedHandles[sessionIndex]; TPM_HANDLE sessionHandle = s_sessionHandles[sessionIndex]; SESSION *session = NULL; // // Don't increment lockout unless the handle associated with the session // is DA protected or the session is bound to a DA protected entity. if(sessionHandle == TPM_RS_PW) { if(IsDAExempted(handle)) return TPM_RC_BAD_AUTH; } else { session = SessionGet(sessionHandle); // If the session is bound to lockout, then use that as the relevant // handle. This means that an authorization failure with a bound session // bound to lockoutAuth will take precedence over any other // lockout check if(session->attributes.isLockoutBound == SET) handle = TPM_RH_LOCKOUT; if(session->attributes.isDaBound == CLEAR && (IsDAExempted(handle) || session->attributes.includeAuth == CLEAR)) // If the handle was changed to TPM_RH_LOCKOUT, this will not return // TPM_RC_BAD_AUTH return TPM_RC_BAD_AUTH; } if(handle == TPM_RH_LOCKOUT) { pAssert(gp.lockOutAuthEnabled == TRUE); // lockout is no longer enabled gp.lockOutAuthEnabled = FALSE; // For TPM_RH_LOCKOUT, if lockoutRecovery is 0, no need to update NV since // the lockout authorization will be reset at startup. if(gp.lockoutRecovery != 0) { if(NV_IS_AVAILABLE) // Update NV. NV_SYNC_PERSISTENT(lockOutAuthEnabled); else // No NV access for now. Put the TPM in pending mode. s_DAPendingOnNV = TRUE; } } else { if(gp.recoveryTime != 0) { gp.failedTries++; if(NV_IS_AVAILABLE) // Record changes to NV. NvWrite will SET g_updateNV NV_SYNC_PERSISTENT(failedTries); else // No NV access for now. Put the TPM in pending mode. s_DAPendingOnNV = TRUE; } } // Register a DA failure and reset the timers. DARegisterFailure(handle); return TPM_RC_AUTH_FAIL; } //*** IsSessionBindEntity() // This function indicates if the entity associated with the handle is the entity, // to which this session is bound. The binding would occur by making the "bind" // parameter in TPM2_StartAuthSession() not equal to TPM_RH_NULL. The binding only // occurs if the session is an HMAC session. The bind value is a combination of // the Name and the authValue of the entity. // // Return Type: BOOL // TRUE(1) handle points to the session start entity // FALSE(0) handle does not point to the session start entity static BOOL IsSessionBindEntity( TPM_HANDLE associatedHandle, // IN: handle to be authorized SESSION *session // IN: associated session ) { TPM2B_NAME entity; // The bind value for the entity // // If the session is not bound, return FALSE. if(session->attributes.isBound) { // Compute the bind value for the entity. SessionComputeBoundEntity(associatedHandle, &entity); // Compare to the bind value in the session. return MemoryEqual2B(&entity.b, &session->u1.boundEntity.b); } return FALSE; } //*** IsPolicySessionRequired() // Checks if a policy session is required for a command. If a command requires // DUP or ADMIN role authorization, then the handle that requires that role is the // first handle in the command. This simplifies this checking. If a new command // is created that requires multiple ADMIN role authorizations, then it will // have to be special-cased in this function. // A policy session is required if: // 1. the command requires the DUP role, // 2. the command requires the ADMIN role and the authorized entity // is an object and its adminWithPolicy bit is SET, or // 3. the command requires the ADMIN role and the authorized entity // is a permanent handle or an NV Index. // 4. The authorized entity is a PCR belonging to a policy group, and // has its policy initialized // Return Type: BOOL // TRUE(1) policy session is required // FALSE(0) policy session is not required static BOOL IsPolicySessionRequired( COMMAND_INDEX commandIndex, // IN: command index UINT32 sessionIndex // IN: session index ) { AUTH_ROLE role = CommandAuthRole(commandIndex, sessionIndex); TPM_HT type = HandleGetType(s_associatedHandles[sessionIndex]); // if(role == AUTH_DUP) return TRUE; if(role == AUTH_ADMIN) { // We allow an exception for ADMIN role in a transient object. If the object // allows ADMIN role actions with authorization, then policy is not // required. For all other cases, there is no way to override the command // requirement that a policy be used if(type == TPM_HT_TRANSIENT) { OBJECT *object = HandleToObject(s_associatedHandles[sessionIndex]); if(!IS_ATTRIBUTE(object->publicArea.objectAttributes, TPMA_OBJECT, adminWithPolicy)) return FALSE; } return TRUE; } if(type == TPM_HT_PCR) { if(PCRPolicyIsAvailable(s_associatedHandles[sessionIndex])) { TPM2B_DIGEST policy; TPMI_ALG_HASH policyAlg; policyAlg = PCRGetAuthPolicy(s_associatedHandles[sessionIndex], &policy); if(policyAlg != TPM_ALG_NULL) return TRUE; } } return FALSE; } //*** IsAuthValueAvailable() // This function indicates if authValue is available and allowed for USER role // authorization of an entity. // // This function is similar to IsAuthPolicyAvailable() except that it does not // check the size of the authValue as IsAuthPolicyAvailable() does (a null // authValue is a valid authorization, but a null policy is not a valid policy). // // This function does not check that the handle reference is valid or if the entity // is in an enabled hierarchy. Those checks are assumed to have been performed // during the handle unmarshaling. // // Return Type: BOOL // TRUE(1) authValue is available // FALSE(0) authValue is not available static BOOL IsAuthValueAvailable( TPM_HANDLE handle, // IN: handle of entity COMMAND_INDEX commandIndex, // IN: command index UINT32 sessionIndex // IN: session index ) { BOOL result = FALSE; // switch(HandleGetType(handle)) { case TPM_HT_PERMANENT: switch(handle) { // At this point hierarchy availability has already been // checked so primary seed handles are always available here case TPM_RH_OWNER: case TPM_RH_ENDORSEMENT: case TPM_RH_PLATFORM: #ifdef VENDOR_PERMANENT // This vendor defined handle associated with the // manufacturer's shared secret case VENDOR_PERMANENT: #endif // The DA checking has been performed on LockoutAuth but we // bypass the DA logic if we are using lockout policy. The // policy would allow execution to continue an lockoutAuth // could be used, even if direct use of lockoutAuth is disabled case TPM_RH_LOCKOUT: // NullAuth is always available. case TPM_RH_NULL: result = TRUE; break; default: // Otherwise authValue is not available. break; } break; case TPM_HT_TRANSIENT: // A persistent object has already been loaded and the internal // handle changed. { OBJECT *object; TPMA_OBJECT attributes; // object = HandleToObject(handle); attributes = object->publicArea.objectAttributes; // authValue is always available for a sequence object. // An alternative for this is to // SET_ATTRIBUTE(object->publicArea, TPMA_OBJECT, userWithAuth) when the // sequence is started. if(ObjectIsSequence(object)) { result = TRUE; break; } // authValue is available for an object if it has its sensitive // portion loaded and // 1. userWithAuth bit is SET, or // 2. ADMIN role is required if(object->attributes.publicOnly == CLEAR && (IS_ATTRIBUTE(attributes, TPMA_OBJECT, userWithAuth) || (CommandAuthRole(commandIndex, sessionIndex) == AUTH_ADMIN && !IS_ATTRIBUTE(attributes, TPMA_OBJECT, adminWithPolicy)))) result = TRUE; } break; case TPM_HT_NV_INDEX: // NV Index. { NV_REF locator; NV_INDEX *nvIndex = NvGetIndexInfo(handle, &locator); TPMA_NV nvAttributes; // pAssert(nvIndex != 0); nvAttributes = nvIndex->publicArea.attributes; if(IsWriteOperation(commandIndex)) { // AuthWrite can't be set for a PIN index if(IS_ATTRIBUTE(nvAttributes, TPMA_NV, AUTHWRITE)) result = TRUE; } else { // A "read" operation // For a PIN Index, the authValue is available as long as the // Index has been written and the pinCount is less than pinLimit if(IsNvPinFailIndex(nvAttributes) || IsNvPinPassIndex(nvAttributes)) { NV_PIN pin; if(!IS_ATTRIBUTE(nvAttributes, TPMA_NV, WRITTEN)) break; // return false // get the index values pin.intVal = NvGetUINT64Data(nvIndex, locator); if(pin.pin.pinCount < pin.pin.pinLimit) result = TRUE; } // For non-PIN Indexes, need to allow use of the authValue else if(IS_ATTRIBUTE(nvAttributes, TPMA_NV, AUTHREAD)) result = TRUE; } } break; case TPM_HT_PCR: // PCR handle. // authValue is always allowed for PCR result = TRUE; break; default: // Otherwise, authValue is not available break; } return result; } //*** IsAuthPolicyAvailable() // This function indicates if an authPolicy is available and allowed. // // This function does not check that the handle reference is valid or if the entity // is in an enabled hierarchy. Those checks are assumed to have been performed // during the handle unmarshaling. // // Return Type: BOOL // TRUE(1) authPolicy is available // FALSE(0) authPolicy is not available static BOOL IsAuthPolicyAvailable( TPM_HANDLE handle, // IN: handle of entity COMMAND_INDEX commandIndex, // IN: command index UINT32 sessionIndex // IN: session index ) { BOOL result = FALSE; // switch(HandleGetType(handle)) { case TPM_HT_PERMANENT: switch(handle) { // At this point hierarchy availability has already been checked. case TPM_RH_OWNER: if(gp.ownerPolicy.t.size != 0) result = TRUE; break; case TPM_RH_ENDORSEMENT: if(gp.endorsementPolicy.t.size != 0) result = TRUE; break; case TPM_RH_PLATFORM: if(gc.platformPolicy.t.size != 0) result = TRUE; break; case TPM_RH_LOCKOUT: if(gp.lockoutPolicy.t.size != 0) result = TRUE; break; default: break; } break; case TPM_HT_TRANSIENT: { // Object handle. // An evict object would already have been loaded and given a // transient object handle by this point. OBJECT *object = HandleToObject(handle); // Policy authorization is not available for an object with only // public portion loaded. if(object->attributes.publicOnly == CLEAR) { // Policy authorization is always available for an object but // is never available for a sequence. if(!ObjectIsSequence(object)) result = TRUE; } break; } case TPM_HT_NV_INDEX: // An NV Index. { NV_INDEX *nvIndex = NvGetIndexInfo(handle, NULL); TPMA_NV nvAttributes = nvIndex->publicArea.attributes; // // If the policy size is not zero, check if policy can be used. if(nvIndex->publicArea.authPolicy.t.size != 0) { // If policy session is required for this handle, always // uses policy regardless of the attributes bit setting if(IsPolicySessionRequired(commandIndex, sessionIndex)) result = TRUE; // Otherwise, the presence of the policy depends on the NV // attributes. else if(IsWriteOperation(commandIndex)) { if(IS_ATTRIBUTE(nvAttributes, TPMA_NV, POLICYWRITE)) result = TRUE; } else { if(IS_ATTRIBUTE(nvAttributes, TPMA_NV, POLICYREAD)) result = TRUE; } } } break; case TPM_HT_PCR: // PCR handle. if(PCRPolicyIsAvailable(handle)) result = TRUE; break; default: break; } return result; } //** Session Parsing Functions //*** ClearCpRpHashes() void ClearCpRpHashes( COMMAND *command ) { #if ALG_SHA1 command->sha1CpHash.t.size = 0; command->sha1RpHash.t.size = 0; #endif #if ALG_SHA256 command->sha256CpHash.t.size = 0; command->sha256RpHash.t.size = 0; #endif #if ALG_SHA384 command->sha384CpHash.t.size = 0; command->sha384RpHash.t.size = 0; #endif #if ALG_SHA512 command->sha512CpHash.t.size = 0; command->sha512RpHash.t.size = 0; #endif #if ALG_SM3_256 command->sm3_256CpHash.t.size = 0; command->sm3_256RpHash.t.size = 0; #endif } //*** GetCpHashPointer() // Function to get a pointer to the cpHash of the command static TPM2B_DIGEST * GetCpHashPointer( COMMAND *command, TPMI_ALG_HASH hashAlg ) { TPM2B_DIGEST *retVal; // switch(hashAlg) { #if ALG_SHA1 case ALG_SHA1_VALUE: retVal = (TPM2B_DIGEST *)&command->sha1CpHash; break; #endif #if ALG_SHA256 case ALG_SHA256_VALUE: retVal = (TPM2B_DIGEST *)&command->sha256CpHash; break; #endif #if ALG_SHA384 case ALG_SHA384_VALUE: retVal = (TPM2B_DIGEST *)&command->sha384CpHash; break; #endif #if ALG_SHA512 case ALG_SHA512_VALUE: retVal = (TPM2B_DIGEST *)&command->sha512CpHash; break; #endif #if ALG_SM3_256 case ALG_SM3_256_VALUE: retVal = (TPM2B_DIGEST *)&command->sm3_256CpHash; break; #endif default: retVal = NULL; break; } return retVal; } //*** GetRpHashPointer() // Function to get a pointer to the RpHash of the command static TPM2B_DIGEST * GetRpHashPointer( COMMAND *command, TPMI_ALG_HASH hashAlg ) { TPM2B_DIGEST *retVal; // switch(hashAlg) { #if ALG_SHA1 case ALG_SHA1_VALUE: retVal = (TPM2B_DIGEST *)&command->sha1RpHash; break; #endif #if ALG_SHA256 case ALG_SHA256_VALUE: retVal = (TPM2B_DIGEST *)&command->sha256RpHash; break; #endif #if ALG_SHA384 case ALG_SHA384_VALUE: retVal = (TPM2B_DIGEST *)&command->sha384RpHash; break; #endif #if ALG_SHA512 case ALG_SHA512_VALUE: retVal = (TPM2B_DIGEST *)&command->sha512RpHash; break; #endif #if ALG_SM3_256 case ALG_SM3_256_VALUE: retVal = (TPM2B_DIGEST *)&command->sm3_256RpHash; break; #endif default: retVal = NULL; break; } return retVal; } //*** ComputeCpHash() // This function computes the cpHash as defined in Part 2 and described in Part 1. static TPM2B_DIGEST * ComputeCpHash( COMMAND *command, // IN: command parsing structure TPMI_ALG_HASH hashAlg // IN: hash algorithm ) { UINT32 i; HASH_STATE hashState; TPM2B_NAME name; TPM2B_DIGEST *cpHash; // // cpHash = hash(commandCode [ || authName1 // [ || authName2 // [ || authName 3 ]]] // [ || parameters]) // A cpHash can contain just a commandCode only if the lone session is // an audit session. // Get pointer to the hash value cpHash = GetCpHashPointer(command, hashAlg); if(cpHash->t.size == 0) { cpHash->t.size = CryptHashStart(&hashState, hashAlg); // Add commandCode. CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), command->code); // Add authNames for each of the handles. for(i = 0; i < command->handleNum; i++) CryptDigestUpdate2B(&hashState, &EntityGetName(command->handles[i], &name)->b); // Add the parameters. CryptDigestUpdate(&hashState, command->parameterSize, command->parameterBuffer); // Complete the hash. CryptHashEnd2B(&hashState, &cpHash->b); } return cpHash; } //*** GetCpHash() // This function is used to access a precomputed cpHash. static TPM2B_DIGEST * GetCpHash( COMMAND *command, TPMI_ALG_HASH hashAlg ) { TPM2B_DIGEST *cpHash = GetCpHashPointer(command, hashAlg); // pAssert(cpHash->t.size != 0); return cpHash; } //*** CompareTemplateHash() // This function computes the template hash and compares it to the session // templateHash. It is the hash of the second parameter // assuming that the command is TPM2_Create(), TPM2_CreatePrimary(), or // TPM2_CreateLoaded() // Return Type: BOOL // TRUE(1) template hash equal to session->templateHash // FALSE(0) template hash not equal to session->templateHash static BOOL CompareTemplateHash( COMMAND *command, // IN: parsing structure SESSION *session // IN: session data ) { BYTE *pBuffer = command->parameterBuffer; INT32 pSize = command->parameterSize; TPM2B_DIGEST tHash; UINT16 size; // // Only try this for the three commands for which it is intended if(command->code != TPM_CC_Create && command->code != TPM_CC_CreatePrimary #if CC_CreateLoaded && command->code != TPM_CC_CreateLoaded #endif ) return FALSE; // Assume that the first parameter is a TPM2B and unmarshal the size field // Note: this will not affect the parameter buffer and size in the calling // function. if(UINT16_Unmarshal(&size, &pBuffer, &pSize) != TPM_RC_SUCCESS) return FALSE; // reduce the space in the buffer. // NOTE: this could make pSize go negative if the parameters are not correct but // the unmarshaling code does not try to unmarshal if the remaining size is // negative. pSize -= size; // Advance the pointer pBuffer += size; // Get the size of what should be the template if(UINT16_Unmarshal(&size, &pBuffer, &pSize) != TPM_RC_SUCCESS) return FALSE; // See if this is reasonable if(size > pSize) return FALSE; // Hash the template data tHash.t.size = CryptHashBlock(session->authHashAlg, size, pBuffer, sizeof(tHash.t.buffer), tHash.t.buffer); return(MemoryEqual2B(&session->u1.templateHash.b, &tHash.b)); } //*** CompareNameHash() // This function computes the name hash and compares it to the nameHash in the // session data. BOOL CompareNameHash( COMMAND *command, // IN: main parsing structure SESSION *session // IN: session structure with nameHash ) { HASH_STATE hashState; TPM2B_DIGEST nameHash; UINT32 i; TPM2B_NAME name; // nameHash.t.size = CryptHashStart(&hashState, session->authHashAlg); // Add names. for(i = 0; i < command->handleNum; i++) CryptDigestUpdate2B(&hashState, &EntityGetName(command->handles[i], &name)->b); // Complete hash. CryptHashEnd2B(&hashState, &nameHash.b); // and compare return MemoryEqual(session->u1.nameHash.t.buffer, nameHash.t.buffer, nameHash.t.size); } //*** CheckPWAuthSession() // This function validates the authorization provided in a PWAP session. It // compares the input value to authValue of the authorized entity. Argument // sessionIndex is used to get handles handle of the referenced entities from // s_inputAuthValues[] and s_associatedHandles[]. // // Return Type: TPM_RC // TPM_RC_AUTH_FAIL authorization fails and increments DA failure // count // TPM_RC_BAD_AUTH authorization fails but DA does not apply // static TPM_RC CheckPWAuthSession( UINT32 sessionIndex // IN: index of session to be processed ) { TPM2B_AUTH authValue; TPM_HANDLE associatedHandle = s_associatedHandles[sessionIndex]; // // Strip trailing zeros from the password. MemoryRemoveTrailingZeros(&s_inputAuthValues[sessionIndex]); // Get the authValue with trailing zeros removed EntityGetAuthValue(associatedHandle, &authValue); // Success if the values are identical. if(MemoryEqual2B(&s_inputAuthValues[sessionIndex].b, &authValue.b)) { return TPM_RC_SUCCESS; } else // if the digests are not identical { // Invoke DA protection if applicable. return IncrementLockout(sessionIndex); } } //*** ComputeCommandHMAC() // This function computes the HMAC for an authorization session in a command. /*(See part 1 specification -- this tag keeps this comment from showing up in // merged document which is probably good because this comment doesn't look right. // The sessionAuth value // authHMAC := HMACsHash((sessionKey | authValue), // (pHash | nonceNewer | nonceOlder | nonceTPMencrypt-only // | nonceTPMaudit | sessionAttributes)) // Where: // HMACsHash() The HMAC algorithm using the hash algorithm specified // when the session was started. // // sessionKey A value that is computed in a protocol-dependent way, // using KDFa. When used in an HMAC or KDF, the size field // for this value is not included. // // authValue A value that is found in the sensitive area of an entity. // When used in an HMAC or KDF, the size field for this // value is not included. // // pHash Hash of the command (cpHash) using the session hash. // When using a pHash in an HMAC computation, only the // digest is used. // // nonceNewer A value that is generated by the entity using the // session. A new nonce is generated on each use of the // session. For a command, this will be nonceCaller. // When used in an HMAC or KDF, the size field is not used. // // nonceOlder A TPM2B_NONCE that was received the previous time the // session was used. For a command, this is nonceTPM. // When used in an HMAC or KDF, the size field is not used. // // nonceTPMdecrypt The nonceTPM of the decrypt session is included in // the HMAC, but only in the command. // // nonceTPMencrypt The nonceTPM of the encrypt session is included in // the HMAC but only in the command. // // sessionAttributes A byte indicating the attributes associated with the // particular use of the session. */ static TPM2B_DIGEST * ComputeCommandHMAC( COMMAND *command, // IN: primary control structure UINT32 sessionIndex, // IN: index of session to be processed TPM2B_DIGEST *hmac // OUT: authorization HMAC ) { TPM2B_TYPE(KEY, (sizeof(AUTH_VALUE) * 2)); TPM2B_KEY key; BYTE marshalBuffer[sizeof(TPMA_SESSION)]; BYTE *buffer; UINT32 marshalSize; HMAC_STATE hmacState; TPM2B_NONCE *nonceDecrypt; TPM2B_NONCE *nonceEncrypt; SESSION *session; // nonceDecrypt = NULL; nonceEncrypt = NULL; // Determine if extra nonceTPM values are going to be required. // If this is the first session (sessionIndex = 0) and it is an authorization // session that uses an HMAC, then check if additional session nonces are to be // included. if(sessionIndex == 0 && s_associatedHandles[sessionIndex] != TPM_RH_UNASSIGNED) { // If there is a decrypt session and if this is not the decrypt session, // then an extra nonce may be needed. if(s_decryptSessionIndex != UNDEFINED_INDEX && s_decryptSessionIndex != sessionIndex) { // Will add the nonce for the decrypt session. SESSION *decryptSession = SessionGet(s_sessionHandles[s_decryptSessionIndex]); nonceDecrypt = &decryptSession->nonceTPM; } // Now repeat for the encrypt session. if(s_encryptSessionIndex != UNDEFINED_INDEX && s_encryptSessionIndex != sessionIndex && s_encryptSessionIndex != s_decryptSessionIndex) { // Have to have the nonce for the encrypt session. SESSION *encryptSession = SessionGet(s_sessionHandles[s_encryptSessionIndex]); nonceEncrypt = &encryptSession->nonceTPM; } } // Continue with the HMAC processing. session = SessionGet(s_sessionHandles[sessionIndex]); // Generate HMAC key. MemoryCopy2B(&key.b, &session->sessionKey.b, sizeof(key.t.buffer)); // Check if the session has an associated handle and if the associated entity // is the one to which the session is bound. If not, add the authValue of // this entity to the HMAC key. // If the session is bound to the object or the session is a policy session // with no authValue required, do not include the authValue in the HMAC key. // Note: For a policy session, its isBound attribute is CLEARED. // // Include the entity authValue if it is needed if(session->attributes.includeAuth == SET) { TPM2B_AUTH authValue; // Get the entity authValue with trailing zeros removed EntityGetAuthValue(s_associatedHandles[sessionIndex], &authValue); // add the authValue to the HMAC key MemoryConcat2B(&key.b, &authValue.b, sizeof(key.t.buffer)); } // if the HMAC key size is 0, a NULL string HMAC is allowed if(key.t.size == 0 && s_inputAuthValues[sessionIndex].t.size == 0) { hmac->t.size = 0; return hmac; } // Start HMAC hmac->t.size = CryptHmacStart2B(&hmacState, session->authHashAlg, &key.b); // Add cpHash CryptDigestUpdate2B(&hmacState.hashState, &ComputeCpHash(command, session->authHashAlg)->b); // Add nonces as required CryptDigestUpdate2B(&hmacState.hashState, &s_nonceCaller[sessionIndex].b); CryptDigestUpdate2B(&hmacState.hashState, &session->nonceTPM.b); if(nonceDecrypt != NULL) CryptDigestUpdate2B(&hmacState.hashState, &nonceDecrypt->b); if(nonceEncrypt != NULL) CryptDigestUpdate2B(&hmacState.hashState, &nonceEncrypt->b); // Add sessionAttributes buffer = marshalBuffer; marshalSize = TPMA_SESSION_Marshal(&(s_attributes[sessionIndex]), &buffer, NULL); CryptDigestUpdate(&hmacState.hashState, marshalSize, marshalBuffer); // Complete the HMAC computation CryptHmacEnd2B(&hmacState, &hmac->b); return hmac; } //*** CheckSessionHMAC() // This function checks the HMAC of in a session. It uses ComputeCommandHMAC() // to compute the expected HMAC value and then compares the result with the // HMAC in the authorization session. The authorization is successful if they // are the same. // // If the authorizations are not the same, IncrementLockout() is called. It will // return TPM_RC_AUTH_FAIL if the failure caused the failureCount to increment. // Otherwise, it will return TPM_RC_BAD_AUTH. // // Return Type: TPM_RC // TPM_RC_AUTH_FAIL authorization failure caused failureCount increment // TPM_RC_BAD_AUTH authorization failure did not cause failureCount // increment // static TPM_RC CheckSessionHMAC( COMMAND *command, // IN: primary control structure UINT32 sessionIndex // IN: index of session to be processed ) { TPM2B_DIGEST hmac; // authHMAC for comparing // // Compute authHMAC ComputeCommandHMAC(command, sessionIndex, &hmac); // Compare the input HMAC with the authHMAC computed above. if(!MemoryEqual2B(&s_inputAuthValues[sessionIndex].b, &hmac.b)) { // If an HMAC session has a failure, invoke the anti-hammering // if it applies to the authorized entity or the session. // Otherwise, just indicate that the authorization is bad. return IncrementLockout(sessionIndex); } return TPM_RC_SUCCESS; } //*** CheckPolicyAuthSession() // This function is used to validate the authorization in a policy session. // This function performs the following comparisons to see if a policy // authorization is properly provided. The check are: // 1. compare policyDigest in session with authPolicy associated with // the entity to be authorized; // 2. compare timeout if applicable; // 3. compare commandCode if applicable; // 4. compare cpHash if applicable; and // 5. see if PCR values have changed since computed. // // If all the above checks succeed, the handle is authorized. // The order of these comparisons is not important because any failure will // result in the same error code. // // Return Type: TPM_RC // TPM_RC_PCR_CHANGED PCR value is not current // TPM_RC_POLICY_FAIL policy session fails // TPM_RC_LOCALITY command locality is not allowed // TPM_RC_POLICY_CC CC doesn't match // TPM_RC_EXPIRED policy session has expired // TPM_RC_PP PP is required but not asserted // TPM_RC_NV_UNAVAILABLE NV is not available for write // TPM_RC_NV_RATE NV is rate limiting static TPM_RC CheckPolicyAuthSession( COMMAND *command, // IN: primary parsing structure UINT32 sessionIndex // IN: index of session to be processed ) { SESSION *session; TPM2B_DIGEST authPolicy; TPMI_ALG_HASH policyAlg; UINT8 locality; // // Initialize pointer to the authorization session. session = SessionGet(s_sessionHandles[sessionIndex]); // If the command is TPM2_PolicySecret(), make sure that // either password or authValue is required if(command->code == TPM_CC_PolicySecret && session->attributes.isPasswordNeeded == CLEAR && session->attributes.isAuthValueNeeded == CLEAR) return TPM_RC_MODE; // See if the PCR counter for the session is still valid. if(!SessionPCRValueIsCurrent(session)) return TPM_RC_PCR_CHANGED; // Get authPolicy. policyAlg = EntityGetAuthPolicy(s_associatedHandles[sessionIndex], &authPolicy); // Compare authPolicy. if(!MemoryEqual2B(&session->u2.policyDigest.b, &authPolicy.b)) return TPM_RC_POLICY_FAIL; // Policy is OK so check if the other factors are correct // Compare policy hash algorithm. if(policyAlg != session->authHashAlg) return TPM_RC_POLICY_FAIL; // Compare timeout. if(session->timeout != 0) { // Cannot compare time if clock stop advancing. An TPM_RC_NV_UNAVAILABLE // or TPM_RC_NV_RATE error may be returned here. This doesn't mean that // a new nonce will be created just that, because TPM time can't advance // we can't do time-based operations. RETURN_IF_NV_IS_NOT_AVAILABLE; if((session->timeout < g_time) || (session->epoch != g_timeEpoch)) return TPM_RC_EXPIRED; } // If command code is provided it must match if(session->commandCode != 0) { if(session->commandCode != command->code) return TPM_RC_POLICY_CC; } else { // If command requires a DUP or ADMIN authorization, the session must have // command code set. AUTH_ROLE role = CommandAuthRole(command->index, sessionIndex); if(role == AUTH_ADMIN || role == AUTH_DUP) return TPM_RC_POLICY_FAIL; } // Check command locality. { BYTE sessionLocality[sizeof(TPMA_LOCALITY)]; BYTE *buffer = sessionLocality; // Get existing locality setting in canonical form sessionLocality[0] = 0; TPMA_LOCALITY_Marshal(&session->commandLocality, &buffer, NULL); // See if the locality has been set if(sessionLocality[0] != 0) { // If so, get the current locality locality = _plat__LocalityGet(); if(locality < 5) { if(((sessionLocality[0] & (1 << locality)) == 0) || sessionLocality[0] > 31) return TPM_RC_LOCALITY; } else if(locality > 31) { if(sessionLocality[0] != locality) return TPM_RC_LOCALITY; } else { // Could throw an assert here but a locality error is just // as good. It just means that, whatever the locality is, it isn't // the locality requested so... return TPM_RC_LOCALITY; } } } // end of locality check // Check physical presence. if(session->attributes.isPPRequired == SET && !_plat__PhysicalPresenceAsserted()) return TPM_RC_PP; // Compare cpHash/nameHash if defined, or if the command requires an ADMIN or // DUP role for this handle. if(session->u1.cpHash.b.size != 0) { BOOL OK; if(session->attributes.isCpHashDefined) // Compare cpHash. OK = MemoryEqual2B(&session->u1.cpHash.b, &ComputeCpHash(command, session->authHashAlg)->b); else if(session->attributes.isTemplateSet) OK = CompareTemplateHash(command, session); else OK = CompareNameHash(command, session); if(!OK) return TPM_RCS_POLICY_FAIL; } if(session->attributes.checkNvWritten) { NV_REF locator; NV_INDEX *nvIndex; // // If this is not an NV index, the policy makes no sense so fail it. if(HandleGetType(s_associatedHandles[sessionIndex]) != TPM_HT_NV_INDEX) return TPM_RC_POLICY_FAIL; // Get the index data nvIndex = NvGetIndexInfo(s_associatedHandles[sessionIndex], &locator); // Make sure that the TPMA_WRITTEN_ATTRIBUTE has the desired state if((IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, WRITTEN)) != (session->attributes.nvWrittenState == SET)) return TPM_RC_POLICY_FAIL; } return TPM_RC_SUCCESS; } //*** RetrieveSessionData() // This function will unmarshal the sessions in the session area of a command. The // values are placed in the arrays that are defined at the beginning of this file. // The normal unmarshaling errors are possible. // // Return Type: TPM_RC // TPM_RC_SUCCSS unmarshaled without error // TPM_RC_SIZE the number of bytes unmarshaled is not the same // as the value for authorizationSize in the command // static TPM_RC RetrieveSessionData( COMMAND *command // IN: main parsing structure for command ) { int i; TPM_RC result; SESSION *session; TPMA_SESSION sessionAttributes; TPM_HT sessionType; INT32 sessionIndex; TPM_RC errorIndex; // s_decryptSessionIndex = UNDEFINED_INDEX; s_encryptSessionIndex = UNDEFINED_INDEX; s_auditSessionIndex = UNDEFINED_INDEX; for(sessionIndex = 0; command->authSize > 0; sessionIndex++) { errorIndex = TPM_RC_S + g_rcIndex[sessionIndex]; // If maximum allowed number of sessions has been parsed, return a size // error with a session number that is larger than the number of allowed // sessions if(sessionIndex == MAX_SESSION_NUM) return TPM_RCS_SIZE + errorIndex; // make sure that the associated handle for each session starts out // unassigned s_associatedHandles[sessionIndex] = TPM_RH_UNASSIGNED; // First parameter: Session handle. result = TPMI_SH_AUTH_SESSION_Unmarshal( &s_sessionHandles[sessionIndex], &command->parameterBuffer, &command->authSize, TRUE); if(result != TPM_RC_SUCCESS) return result + TPM_RC_S + g_rcIndex[sessionIndex]; // Second parameter: Nonce. result = TPM2B_NONCE_Unmarshal(&s_nonceCaller[sessionIndex], &command->parameterBuffer, &command->authSize); if(result != TPM_RC_SUCCESS) return result + TPM_RC_S + g_rcIndex[sessionIndex]; // Third parameter: sessionAttributes. result = TPMA_SESSION_Unmarshal(&s_attributes[sessionIndex], &command->parameterBuffer, &command->authSize); if(result != TPM_RC_SUCCESS) return result + TPM_RC_S + g_rcIndex[sessionIndex]; // Fourth parameter: authValue (PW or HMAC). result = TPM2B_AUTH_Unmarshal(&s_inputAuthValues[sessionIndex], &command->parameterBuffer, &command->authSize); if(result != TPM_RC_SUCCESS) return result + errorIndex; sessionAttributes = s_attributes[sessionIndex]; if(s_sessionHandles[sessionIndex] == TPM_RS_PW) { // A PWAP session needs additional processing. // Can't have any attributes set other than continueSession bit if(IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, encrypt) || IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, decrypt) || IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, audit) || IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, auditExclusive) || IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, auditReset)) return TPM_RCS_ATTRIBUTES + errorIndex; // The nonce size must be zero. if(s_nonceCaller[sessionIndex].t.size != 0) return TPM_RCS_NONCE + errorIndex; continue; } // For not password sessions... // Find out if the session is loaded. if(!SessionIsLoaded(s_sessionHandles[sessionIndex])) return TPM_RC_REFERENCE_S0 + sessionIndex; sessionType = HandleGetType(s_sessionHandles[sessionIndex]); session = SessionGet(s_sessionHandles[sessionIndex]); // Check if the session is an HMAC/policy session. if((session->attributes.isPolicy == SET && sessionType == TPM_HT_HMAC_SESSION) || (session->attributes.isPolicy == CLEAR && sessionType == TPM_HT_POLICY_SESSION)) return TPM_RCS_HANDLE + errorIndex; // Check that this handle has not previously been used. for(i = 0; i < sessionIndex; i++) { if(s_sessionHandles[i] == s_sessionHandles[sessionIndex]) return TPM_RCS_HANDLE + errorIndex; } // If the session is used for parameter encryption or audit as well, set // the corresponding Indexes. // First process decrypt. if(IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, decrypt)) { // Check if the commandCode allows command parameter encryption. if(DecryptSize(command->index) == 0) return TPM_RCS_ATTRIBUTES + errorIndex; // Encrypt attribute can only appear in one session if(s_decryptSessionIndex != UNDEFINED_INDEX) return TPM_RCS_ATTRIBUTES + errorIndex; // Can't decrypt if the session's symmetric algorithm is TPM_ALG_NULL if(session->symmetric.algorithm == TPM_ALG_NULL) return TPM_RCS_SYMMETRIC + errorIndex; // All checks passed, so set the index for the session used to decrypt // a command parameter. s_decryptSessionIndex = sessionIndex; } // Now process encrypt. if(IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, encrypt)) { // Check if the commandCode allows response parameter encryption. if(EncryptSize(command->index) == 0) return TPM_RCS_ATTRIBUTES + errorIndex; // Encrypt attribute can only appear in one session. if(s_encryptSessionIndex != UNDEFINED_INDEX) return TPM_RCS_ATTRIBUTES + errorIndex; // Can't encrypt if the session's symmetric algorithm is TPM_ALG_NULL if(session->symmetric.algorithm == TPM_ALG_NULL) return TPM_RCS_SYMMETRIC + errorIndex; // All checks passed, so set the index for the session used to encrypt // a response parameter. s_encryptSessionIndex = sessionIndex; } // At last process audit. if(IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, audit)) { // Audit attribute can only appear in one session. if(s_auditSessionIndex != UNDEFINED_INDEX) return TPM_RCS_ATTRIBUTES + errorIndex; // An audit session can not be policy session. if(HandleGetType(s_sessionHandles[sessionIndex]) == TPM_HT_POLICY_SESSION) return TPM_RCS_ATTRIBUTES + errorIndex; // If this is a reset of the audit session, or the first use // of the session as an audit session, it doesn't matter what // the exclusive state is. The session will become exclusive. if(!IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, auditReset) && session->attributes.isAudit == SET) { // Not first use or reset. If auditExlusive is SET, then this // session must be the current exclusive session. if(IS_ATTRIBUTE(sessionAttributes, TPMA_SESSION, auditExclusive) && g_exclusiveAuditSession != s_sessionHandles[sessionIndex]) return TPM_RC_EXCLUSIVE; } s_auditSessionIndex = sessionIndex; } // Initialize associated handle as undefined. This will be changed when // the handles are processed. s_associatedHandles[sessionIndex] = TPM_RH_UNASSIGNED; } command->sessionNum = sessionIndex; return TPM_RC_SUCCESS; } //*** CheckLockedOut() // This function checks to see if the TPM is in lockout. This function should only // be called if the entity being checked is subject to DA protection. The TPM // is in lockout if the NV is not available and a DA write is pending. Otherwise // the TPM is locked out if checking for lockoutAuth ('lockoutAuthCheck' == TRUE) // and use of lockoutAuth is disabled, or 'failedTries' >= 'maxTries' // Return Type: TPM_RC // TPM_RC_NV_RATE NV is rate limiting // TPM_RC_NV_UNAVAILABLE NV is not available at this time // TPM_RC_LOCKOUT TPM is in lockout static TPM_RC CheckLockedOut( BOOL lockoutAuthCheck // IN: TRUE if checking is for lockoutAuth ) { // If NV is unavailable, and current cycle state recorded in NV is not // SU_NONE_VALUE, refuse to check any authorization because we would // not be able to handle a DA failure. if(!NV_IS_AVAILABLE && NV_IS_ORDERLY) return g_NvStatus; // Check if DA info needs to be updated in NV. if(s_DAPendingOnNV) { // If NV is accessible, RETURN_IF_NV_IS_NOT_AVAILABLE; // ... write the pending DA data and proceed. NV_SYNC_PERSISTENT(lockOutAuthEnabled); NV_SYNC_PERSISTENT(failedTries); s_DAPendingOnNV = FALSE; } // Lockout is in effect if checking for lockoutAuth and use of lockoutAuth // is disabled... if(lockoutAuthCheck) { if(gp.lockOutAuthEnabled == FALSE) return TPM_RC_LOCKOUT; } else { // ... or if the number of failed tries has been maxed out. if(gp.failedTries >= gp.maxTries) return TPM_RC_LOCKOUT; #if USE_DA_USED // If the daUsed flag is not SET, then no DA validation until the // daUsed state is written to NV if(!g_daUsed) { RETURN_IF_NV_IS_NOT_AVAILABLE; g_daUsed = TRUE; gp.orderlyState = SU_DA_USED_VALUE; NV_SYNC_PERSISTENT(orderlyState); return TPM_RC_RETRY; } #endif } return TPM_RC_SUCCESS; } //*** CheckAuthSession() // This function checks that the authorization session properly authorizes the // use of the associated handle. // // Return Type: TPM_RC // TPM_RC_LOCKOUT entity is protected by DA and TPM is in // lockout, or TPM is locked out on NV update // pending on DA parameters // // TPM_RC_PP Physical Presence is required but not provided // TPM_RC_AUTH_FAIL HMAC or PW authorization failed // with DA side-effects (can be a policy session) // // TPM_RC_BAD_AUTH HMAC or PW authorization failed without DA // side-effects (can be a policy session) // // TPM_RC_POLICY_FAIL if policy session fails // TPM_RC_POLICY_CC command code of policy was wrong // TPM_RC_EXPIRED the policy session has expired // TPM_RC_PCR // TPM_RC_AUTH_UNAVAILABLE authValue or authPolicy unavailable static TPM_RC CheckAuthSession( COMMAND *command, // IN: primary parsing structure UINT32 sessionIndex // IN: index of session to be processed ) { TPM_RC result = TPM_RC_SUCCESS; SESSION *session = NULL; TPM_HANDLE sessionHandle = s_sessionHandles[sessionIndex]; TPM_HANDLE associatedHandle = s_associatedHandles[sessionIndex]; TPM_HT sessionHandleType = HandleGetType(sessionHandle); // pAssert(sessionHandle != TPM_RH_UNASSIGNED); // Take care of physical presence if(associatedHandle == TPM_RH_PLATFORM) { // If the physical presence is required for this command, check for PP // assertion. If it isn't asserted, no point going any further. if(PhysicalPresenceIsRequired(command->index) && !_plat__PhysicalPresenceAsserted()) return TPM_RC_PP; } if(sessionHandle != TPM_RS_PW) { session = SessionGet(sessionHandle); // Set includeAuth to indicate if DA checking will be required and if the // authValue will be included in any HMAC. if(sessionHandleType == TPM_HT_POLICY_SESSION) { // For a policy session, will check the DA status of the entity if either // isAuthValueNeeded or isPasswordNeeded is SET. session->attributes.includeAuth = session->attributes.isAuthValueNeeded || session->attributes.isPasswordNeeded; } else { // For an HMAC session, need to check unless the session // is bound. session->attributes.includeAuth = !IsSessionBindEntity(s_associatedHandles[sessionIndex], session); } } // If the authorization session is going to use an authValue, then make sure // that access to that authValue isn't locked out. // Note: session == NULL for a PW session. if(session == NULL || session->attributes.includeAuth) { // See if entity is subject to lockout. if(!IsDAExempted(associatedHandle)) { // See if in lockout result = CheckLockedOut(associatedHandle == TPM_RH_LOCKOUT); if(result != TPM_RC_SUCCESS) return result; } } // Policy or HMAC+PW? if(sessionHandleType != TPM_HT_POLICY_SESSION) { // for non-policy session make sure that a policy session is not required if(IsPolicySessionRequired(command->index, sessionIndex)) return TPM_RC_AUTH_TYPE; // The authValue must be available. // Note: The authValue is going to be "used" even if it is an EmptyAuth. // and the session is bound. if(!IsAuthValueAvailable(associatedHandle, command->index, sessionIndex)) return TPM_RC_AUTH_UNAVAILABLE; } else { // ... see if the entity has a policy, ... // Note: IsAuthPolicyAvalable will return FALSE if the sensitive area of the // object is not loaded if(!IsAuthPolicyAvailable(associatedHandle, command->index, sessionIndex)) return TPM_RC_AUTH_UNAVAILABLE; // ... and check the policy session. result = CheckPolicyAuthSession(command, sessionIndex); if(result != TPM_RC_SUCCESS) return result; } // Check authorization according to the type if(session == NULL || session->attributes.isPasswordNeeded == SET) result = CheckPWAuthSession(sessionIndex); else result = CheckSessionHMAC(command, sessionIndex); // Do processing for PIN Indexes are only three possibilities for 'result' at // this point: TPM_RC_SUCCESS, TPM_RC_AUTH_FAIL, and TPM_RC_BAD_AUTH. // For all these cases, we would have to process a PIN index if the // authValue of the index was used for authorization. // See if we need to do anything to a PIN index if(TPM_HT_NV_INDEX == HandleGetType(associatedHandle)) { NV_REF locator; NV_INDEX *nvIndex = NvGetIndexInfo(associatedHandle, &locator); NV_PIN pinData; TPMA_NV nvAttributes; // pAssert(nvIndex != NULL); nvAttributes = nvIndex->publicArea.attributes; // If this is a PIN FAIL index and the value has been written // then we can update the counter (increment or clear) if(IsNvPinFailIndex(nvAttributes) && IS_ATTRIBUTE(nvAttributes, TPMA_NV, WRITTEN)) { pinData.intVal = NvGetUINT64Data(nvIndex, locator); if(result != TPM_RC_SUCCESS) pinData.pin.pinCount++; else pinData.pin.pinCount = 0; NvWriteUINT64Data(nvIndex, pinData.intVal); } // If this is a PIN PASS Index, increment if we have used the // authorization value for anything other than NV_Read. // NOTE: If the counter has already hit the limit, then we // would not get here because the authorization value would not // be available and the TPM would have returned before it gets here else if(IsNvPinPassIndex(nvAttributes) && IS_ATTRIBUTE(nvAttributes, TPMA_NV, WRITTEN) && result == TPM_RC_SUCCESS) { // If the access is valid, then increment the use counter pinData.intVal = NvGetUINT64Data(nvIndex, locator); pinData.pin.pinCount++; NvWriteUINT64Data(nvIndex, pinData.intVal); } } return result; } #ifdef TPM_CC_GetCommandAuditDigest //*** CheckCommandAudit() // This function is called before the command is processed if audit is enabled // for the command. It will check to see if the audit can be performed and // will ensure that the cpHash is available for the audit. // Return Type: TPM_RC // TPM_RC_NV_UNAVAILABLE NV is not available for write // TPM_RC_NV_RATE NV is rate limiting static TPM_RC CheckCommandAudit( COMMAND *command ) { // If the audit digest is clear and command audit is required, NV must be // available so that TPM2_GetCommandAuditDigest() is able to increment // audit counter. If NV is not available, the function bails out to prevent // the TPM from attempting an operation that would fail anyway. if(gr.commandAuditDigest.t.size == 0 || GetCommandCode(command->index) == TPM_CC_GetCommandAuditDigest) { RETURN_IF_NV_IS_NOT_AVAILABLE; } // Make sure that the cpHash is computed for the algorithm ComputeCpHash(command, gp.auditHashAlg); return TPM_RC_SUCCESS; } #endif //*** ParseSessionBuffer() // This function is the entry function for command session processing. // It iterates sessions in session area and reports if the required authorization // has been properly provided. It also processes audit session and passes the // information of encryption sessions to parameter encryption module. // // Return Type: TPM_RC // various parsing failure or authorization failure // TPM_RC ParseSessionBuffer( COMMAND *command // IN: the structure that contains ) { TPM_RC result; UINT32 i; INT32 size = 0; TPM2B_AUTH extraKey; UINT32 sessionIndex; TPM_RC errorIndex; SESSION *session = NULL; // // Check if a command allows any session in its session area. if(!IsSessionAllowed(command->index)) return TPM_RC_AUTH_CONTEXT; // Default-initialization. command->sessionNum = 0; result = RetrieveSessionData(command); if(result != TPM_RC_SUCCESS) return result; // There is no command in the TPM spec that has more handles than // MAX_SESSION_NUM. pAssert(command->handleNum <= MAX_SESSION_NUM); // Associate the session with an authorization handle. for(i = 0; i < command->handleNum; i++) { if(CommandAuthRole(command->index, i) != AUTH_NONE) { // If the received session number is less than the number of handles // that requires authorization, an error should be returned. // Note: for all the TPM 2.0 commands, handles requiring // authorization come first in a command input and there are only ever // two values requiring authorization if(i > (command->sessionNum - 1)) return TPM_RC_AUTH_MISSING; // Record the handle associated with the authorization session s_associatedHandles[i] = command->handles[i]; } } // Consistency checks are done first to avoid authorization failure when the // command will not be executed anyway. for(sessionIndex = 0; sessionIndex < command->sessionNum; sessionIndex++) { errorIndex = TPM_RC_S + g_rcIndex[sessionIndex]; // PW session must be an authorization session if(s_sessionHandles[sessionIndex] == TPM_RS_PW) { if(s_associatedHandles[sessionIndex] == TPM_RH_UNASSIGNED) return TPM_RCS_HANDLE + errorIndex; // a password session can't be audit, encrypt or decrypt if(IS_ATTRIBUTE(s_attributes[sessionIndex], TPMA_SESSION, audit) || IS_ATTRIBUTE(s_attributes[sessionIndex], TPMA_SESSION, encrypt) || IS_ATTRIBUTE(s_attributes[sessionIndex], TPMA_SESSION, decrypt)) return TPM_RCS_ATTRIBUTES + errorIndex; session = NULL; } else { session = SessionGet(s_sessionHandles[sessionIndex]); // A trial session can not appear in session area, because it cannot // be used for authorization, audit or encrypt/decrypt. if(session->attributes.isTrialPolicy == SET) return TPM_RCS_ATTRIBUTES + errorIndex; // See if the session is bound to a DA protected entity // NOTE: Since a policy session is never bound, a policy is still // usable even if the object is DA protected and the TPM is in // lockout. if(session->attributes.isDaBound == SET) { result = CheckLockedOut(session->attributes.isLockoutBound == SET); if(result != TPM_RC_SUCCESS) return result; } // If this session is for auditing, make sure the cpHash is computed. if(IS_ATTRIBUTE(s_attributes[sessionIndex], TPMA_SESSION, audit)) ComputeCpHash(command, session->authHashAlg); } // if the session has an associated handle, check the authorization if(s_associatedHandles[sessionIndex] != TPM_RH_UNASSIGNED) { result = CheckAuthSession(command, sessionIndex); if(result != TPM_RC_SUCCESS) return RcSafeAddToResult(result, errorIndex); } else { // a session that is not for authorization must either be encrypt, // decrypt, or audit if(!IS_ATTRIBUTE(s_attributes[sessionIndex], TPMA_SESSION, audit) && !IS_ATTRIBUTE(s_attributes[sessionIndex], TPMA_SESSION, encrypt) && !IS_ATTRIBUTE(s_attributes[sessionIndex], TPMA_SESSION, decrypt)) return TPM_RCS_ATTRIBUTES + errorIndex; // no authValue included in any of the HMAC computations pAssert(session != NULL); session->attributes.includeAuth = CLEAR; // check HMAC for encrypt/decrypt/audit only sessions result = CheckSessionHMAC(command, sessionIndex); if(result != TPM_RC_SUCCESS) return RcSafeAddToResult(result, errorIndex); } } #ifdef TPM_CC_GetCommandAuditDigest // Check if the command should be audited. Need to do this before any parameter // encryption so that the cpHash for the audit is correct if(CommandAuditIsRequired(command->index)) { result = CheckCommandAudit(command); if(result != TPM_RC_SUCCESS) return result; // No session number to reference } #endif // Decrypt the first parameter if applicable. This should be the last operation // in session processing. // If the encrypt session is associated with a handle and the handle's // authValue is available, then authValue is concatenated with sessionKey to // generate encryption key, no matter if the handle is the session bound entity // or not. if(s_decryptSessionIndex != UNDEFINED_INDEX) { // If this is an authorization session, include the authValue in the // generation of the decryption key if(s_associatedHandles[s_decryptSessionIndex] != TPM_RH_UNASSIGNED) { EntityGetAuthValue(s_associatedHandles[s_decryptSessionIndex], &extraKey); } else { extraKey.b.size = 0; } size = DecryptSize(command->index); result = CryptParameterDecryption(s_sessionHandles[s_decryptSessionIndex], &s_nonceCaller[s_decryptSessionIndex].b, command->parameterSize, (UINT16)size, &extraKey, command->parameterBuffer); if(result != TPM_RC_SUCCESS) return RcSafeAddToResult(result, TPM_RC_S + g_rcIndex[s_decryptSessionIndex]); } return TPM_RC_SUCCESS; } //*** CheckAuthNoSession() // Function to process a command with no session associated. // The function makes sure all the handles in the command require no authorization. // // Return Type: TPM_RC // TPM_RC_AUTH_MISSING failure - one or more handles require // authorization TPM_RC CheckAuthNoSession( COMMAND *command // IN: command parsing structure ) { UINT32 i; TPM_RC result = TPM_RC_SUCCESS; // // Check if the command requires authorization for(i = 0; i < command->handleNum; i++) { if(CommandAuthRole(command->index, i) != AUTH_NONE) return TPM_RC_AUTH_MISSING; } #ifdef TPM_CC_GetCommandAuditDigest // Check if the command should be audited. if(CommandAuditIsRequired(command->index)) { result = CheckCommandAudit(command); if(result != TPM_RC_SUCCESS) return result; } #endif // Initialize number of sessions to be 0 command->sessionNum = 0; return TPM_RC_SUCCESS; } //** Response Session Processing //*** Introduction // // The following functions build the session area in a response and handle // the audit sessions (if present). // //*** ComputeRpHash() // Function to compute rpHash (Response Parameter Hash). The rpHash is only // computed if there is an HMAC authorization session and the return code is // TPM_RC_SUCCESS. static TPM2B_DIGEST * ComputeRpHash( COMMAND *command, // IN: command structure TPM_ALG_ID hashAlg // IN: hash algorithm to compute rpHash ) { TPM2B_DIGEST *rpHash = GetRpHashPointer(command, hashAlg); HASH_STATE hashState; // if(rpHash->t.size == 0) { // rpHash := hash(responseCode || commandCode || parameters) // Initiate hash creation. rpHash->t.size = CryptHashStart(&hashState, hashAlg); // Add hash constituents. CryptDigestUpdateInt(&hashState, sizeof(TPM_RC), TPM_RC_SUCCESS); CryptDigestUpdateInt(&hashState, sizeof(TPM_CC), command->code); CryptDigestUpdate(&hashState, command->parameterSize, command->parameterBuffer); // Complete hash computation. CryptHashEnd2B(&hashState, &rpHash->b); } return rpHash; } //*** InitAuditSession() // This function initializes the audit data in an audit session. static void InitAuditSession( SESSION *session // session to be initialized ) { // Mark session as an audit session. session->attributes.isAudit = SET; // Audit session can not be bound. session->attributes.isBound = CLEAR; // Size of the audit log is the size of session hash algorithm digest. session->u2.auditDigest.t.size = CryptHashGetDigestSize(session->authHashAlg); // Set the original digest value to be 0. MemorySet(&session->u2.auditDigest.t.buffer, 0, session->u2.auditDigest.t.size); return; } //*** UpdateAuditDigest // Function to update an audit digest static void UpdateAuditDigest( COMMAND *command, TPMI_ALG_HASH hashAlg, TPM2B_DIGEST *digest ) { HASH_STATE hashState; TPM2B_DIGEST *cpHash = GetCpHash(command, hashAlg); TPM2B_DIGEST *rpHash = ComputeRpHash(command, hashAlg); // pAssert(cpHash != NULL); // digestNew := hash (digestOld || cpHash || rpHash) // Start hash computation. digest->t.size = CryptHashStart(&hashState, hashAlg); // Add old digest. CryptDigestUpdate2B(&hashState, &digest->b); // Add cpHash CryptDigestUpdate2B(&hashState, &cpHash->b); // Add rpHash CryptDigestUpdate2B(&hashState, &rpHash->b); // Finalize the hash. CryptHashEnd2B(&hashState, &digest->b); } //*** Audit() //This function updates the audit digest in an audit session. static void Audit( COMMAND *command, // IN: primary control structure SESSION *auditSession // IN: loaded audit session ) { UpdateAuditDigest(command, auditSession->authHashAlg, &auditSession->u2.auditDigest); return; } #ifdef TPM_CC_GetCommandAuditDigest //*** CommandAudit() // This function updates the command audit digest. static void CommandAudit( COMMAND *command // IN: ) { // If the digest.size is one, it indicates the special case of changing // the audit hash algorithm. For this case, no audit is done on exit. // NOTE: When the hash algorithm is changed, g_updateNV is set in order to // force an update to the NV on exit so that the change in digest will // be recorded. So, it is safe to exit here without setting any flags // because the digest change will be written to NV when this code exits. if(gr.commandAuditDigest.t.size == 1) { gr.commandAuditDigest.t.size = 0; return; } // If the digest size is zero, need to start a new digest and increment // the audit counter. if(gr.commandAuditDigest.t.size == 0) { gr.commandAuditDigest.t.size = CryptHashGetDigestSize(gp.auditHashAlg); MemorySet(gr.commandAuditDigest.t.buffer, 0, gr.commandAuditDigest.t.size); // Bump the counter and save its value to NV. gp.auditCounter++; NV_SYNC_PERSISTENT(auditCounter); } UpdateAuditDigest(command, gp.auditHashAlg, &gr.commandAuditDigest); return; } #endif //*** UpdateAuditSessionStatus() // Function to update the internal audit related states of a session. It // 1. initializes the session as audit session and sets it to be exclusive if this // is the first time it is used for audit or audit reset was requested; // 2. reports exclusive audit session; // 3. extends audit log; and // 4. clears exclusive audit session if no audit session found in the command. static void UpdateAuditSessionStatus( COMMAND *command // IN: primary control structure ) { UINT32 i; TPM_HANDLE auditSession = TPM_RH_UNASSIGNED; // // Iterate through sessions for(i = 0; i < command->sessionNum; i++) { SESSION *session; // // PW session do not have a loaded session and can not be an audit // session either. Skip it. if(s_sessionHandles[i] == TPM_RS_PW) continue; session = SessionGet(s_sessionHandles[i]); // If a session is used for audit if(IS_ATTRIBUTE(s_attributes[i], TPMA_SESSION, audit)) { // An audit session has been found auditSession = s_sessionHandles[i]; // If the session has not been an audit session yet, or // the auditSetting bits indicate a reset, initialize it and set // it to be the exclusive session if(session->attributes.isAudit == CLEAR || IS_ATTRIBUTE(s_attributes[i], TPMA_SESSION, auditReset)) { InitAuditSession(session); g_exclusiveAuditSession = auditSession; } else { // Check if the audit session is the current exclusive audit // session and, if not, clear previous exclusive audit session. if(g_exclusiveAuditSession != auditSession) g_exclusiveAuditSession = TPM_RH_UNASSIGNED; } // Report audit session exclusivity. if(g_exclusiveAuditSession == auditSession) { SET_ATTRIBUTE(s_attributes[i], TPMA_SESSION, auditExclusive); } else { CLEAR_ATTRIBUTE(s_attributes[i], TPMA_SESSION, auditExclusive); } // Extend audit log. Audit(command, session); } } // If no audit session is found in the command, and the command allows // a session then, clear the current exclusive // audit session. if(auditSession == TPM_RH_UNASSIGNED && IsSessionAllowed(command->index)) { g_exclusiveAuditSession = TPM_RH_UNASSIGNED; } return; } //*** ComputeResponseHMAC() // Function to compute HMAC for authorization session in a response. /*(See part 1 specification) // Function: Compute HMAC for response sessions // The sessionAuth value // authHMAC := HMACsHASH((sessionAuth | authValue), // (pHash | nonceTPM | nonceCaller | sessionAttributes)) // Where: // HMACsHASH() The HMAC algorithm using the hash algorithm specified when // the session was started. // // sessionAuth A TPMB_MEDIUM computed in a protocol-dependent way, using // KDFa. In an HMAC or KDF, only sessionAuth.buffer is used. // // authValue A TPM2B_AUTH that is found in the sensitive area of an // object. In an HMAC or KDF, only authValue.buffer is used // and all trailing zeros are removed. // // pHash Response parameters (rpHash) using the session hash. When // using a pHash in an HMAC computation, both the algorithm ID // and the digest are included. // // nonceTPM A TPM2B_NONCE that is generated by the entity using the // session. In an HMAC or KDF, only nonceTPM.buffer is used. // // nonceCaller a TPM2B_NONCE that was received the previous time the // session was used. In an HMAC or KDF, only // nonceCaller.buffer is used. // // sessionAttributes A TPMA_SESSION that indicates the attributes associated // with a particular use of the session. */ static void ComputeResponseHMAC( COMMAND *command, // IN: command structure UINT32 sessionIndex, // IN: session index to be processed SESSION *session, // IN: loaded session TPM2B_DIGEST *hmac // OUT: authHMAC ) { TPM2B_TYPE(KEY, (sizeof(AUTH_VALUE) * 2)); TPM2B_KEY key; // HMAC key BYTE marshalBuffer[sizeof(TPMA_SESSION)]; BYTE *buffer; UINT32 marshalSize; HMAC_STATE hmacState; TPM2B_DIGEST *rpHash = ComputeRpHash(command, session->authHashAlg); // // Generate HMAC key MemoryCopy2B(&key.b, &session->sessionKey.b, sizeof(key.t.buffer)); // Add the object authValue if required if(session->attributes.includeAuth == SET) { // Note: includeAuth may be SET for a policy that is used in // UndefineSpaceSpecial(). At this point, the Index has been deleted // so the includeAuth will have no meaning. However, the // s_associatedHandles[] value for the session is now set to TPM_RH_NULL so // this will return the authValue associated with TPM_RH_NULL and that is // and empty buffer. TPM2B_AUTH authValue; // // Get the authValue with trailing zeros removed EntityGetAuthValue(s_associatedHandles[sessionIndex], &authValue); // Add it to the key MemoryConcat2B(&key.b, &authValue.b, sizeof(key.t.buffer)); } // if the HMAC key size is 0, the response HMAC is computed according to the // input HMAC if(key.t.size == 0 && s_inputAuthValues[sessionIndex].t.size == 0) { hmac->t.size = 0; return; } // Start HMAC computation. hmac->t.size = CryptHmacStart2B(&hmacState, session->authHashAlg, &key.b); // Add hash components. CryptDigestUpdate2B(&hmacState.hashState, &rpHash->b); CryptDigestUpdate2B(&hmacState.hashState, &session->nonceTPM.b); CryptDigestUpdate2B(&hmacState.hashState, &s_nonceCaller[sessionIndex].b); // Add session attributes. buffer = marshalBuffer; marshalSize = TPMA_SESSION_Marshal(&s_attributes[sessionIndex], &buffer, NULL); CryptDigestUpdate(&hmacState.hashState, marshalSize, marshalBuffer); // Finalize HMAC. CryptHmacEnd2B(&hmacState, &hmac->b); return; } //*** UpdateInternalSession() // Updates internal sessions: // 1. Restarts session time. // 2. Clears a policy session since nonce is rolling. static void UpdateInternalSession( SESSION *session, // IN: the session structure UINT32 i // IN: session number ) { // If nonce is rolling in a policy session, the policy related data // will be re-initialized. if(HandleGetType(s_sessionHandles[i]) == TPM_HT_POLICY_SESSION && IS_ATTRIBUTE(s_attributes[i], TPMA_SESSION, continueSession)) { // When the nonce rolls it starts a new timing interval for the // policy session. SessionResetPolicyData(session); SessionSetStartTime(session); } return; } //*** BuildSingleResponseAuth() // Function to compute response HMAC value for a policy or HMAC session. static TPM2B_NONCE * BuildSingleResponseAuth( COMMAND *command, // IN: command structure UINT32 sessionIndex, // IN: session index to be processed TPM2B_AUTH *auth // OUT: authHMAC ) { // Fill in policy/HMAC based session response. SESSION *session = SessionGet(s_sessionHandles[sessionIndex]); // // If the session is a policy session with isPasswordNeeded SET, the // authorization field is empty. if(HandleGetType(s_sessionHandles[sessionIndex]) == TPM_HT_POLICY_SESSION && session->attributes.isPasswordNeeded == SET) auth->t.size = 0; else // Compute response HMAC. ComputeResponseHMAC(command, sessionIndex, session, auth); UpdateInternalSession(session, sessionIndex); return &session->nonceTPM; } //*** UpdateAllNonceTPM() // Updates TPM nonce for all sessions in command. static void UpdateAllNonceTPM( COMMAND *command // IN: controlling structure ) { UINT32 i; SESSION *session; // for(i = 0; i < command->sessionNum; i++) { // If not a PW session, compute the new nonceTPM. if(s_sessionHandles[i] != TPM_RS_PW) { session = SessionGet(s_sessionHandles[i]); // Update nonceTPM in both internal session and response. CryptRandomGenerate(session->nonceTPM.t.size, session->nonceTPM.t.buffer); } } return; } //*** BuildResponseSession() // Function to build Session buffer in a response. The authorization data is added // to the end of command->responseBuffer. The size of the authorization area is // accumulated in command->authSize. // When this is called, command->responseBuffer is pointing at the next location // in the response buffer to be filled. This is where the authorization sessions // will go, if any. command->parameterSize is the number of bytes that have been // marshaled as parameters in the output buffer. void BuildResponseSession( COMMAND *command // IN: structure that has relevant command // information ) { pAssert(command->authSize == 0); // Reset the parameter buffer to point to the start of the parameters so that // there is a starting point for any rpHash that might be generated and so there // is a place where parameter encryption would start command->parameterBuffer = command->responseBuffer - command->parameterSize; // Session nonces should be updated before parameter encryption if(command->tag == TPM_ST_SESSIONS) { UpdateAllNonceTPM(command); // Encrypt first parameter if applicable. Parameter encryption should // happen after nonce update and before any rpHash is computed. // If the encrypt session is associated with a handle, the authValue of // this handle will be concatenated with sessionKey to generate // encryption key, no matter if the handle is the session bound entity // or not. The authValue is added to sessionKey only when the authValue // is available. if(s_encryptSessionIndex != UNDEFINED_INDEX) { UINT32 size; TPM2B_AUTH extraKey; // extraKey.b.size = 0; // If this is an authorization session, include the authValue in the // generation of the encryption key if(s_associatedHandles[s_encryptSessionIndex] != TPM_RH_UNASSIGNED) { EntityGetAuthValue(s_associatedHandles[s_encryptSessionIndex], &extraKey); } size = EncryptSize(command->index); CryptParameterEncryption(s_sessionHandles[s_encryptSessionIndex], &s_nonceCaller[s_encryptSessionIndex].b, (UINT16)size, &extraKey, command->parameterBuffer); } } // Audit sessions should be processed regardless of the tag because // a command with no session may cause a change of the exclusivity state. UpdateAuditSessionStatus(command); #if CC_GetCommandAuditDigest // Command Audit if(CommandAuditIsRequired(command->index)) CommandAudit(command); #endif // Process command with sessions. if(command->tag == TPM_ST_SESSIONS) { UINT32 i; // pAssert(command->sessionNum > 0); // Iterate over each session in the command session area, and create // corresponding sessions for response. for(i = 0; i < command->sessionNum; i++) { TPM2B_NONCE *nonceTPM; TPM2B_DIGEST responseAuth; // Make sure that continueSession is SET on any Password session. // This makes it marginally easier for the management software // to keep track of the closed sessions. if(s_sessionHandles[i] == TPM_RS_PW) { SET_ATTRIBUTE(s_attributes[i], TPMA_SESSION, continueSession); responseAuth.t.size = 0; nonceTPM = (TPM2B_NONCE *)&responseAuth; } else { // Compute the response HMAC and get a pointer to the nonce used. // This function will also update the values if needed. Note, the nonceTPM = BuildSingleResponseAuth(command, i, &responseAuth); } command->authSize += TPM2B_NONCE_Marshal(nonceTPM, &command->responseBuffer, NULL); command->authSize += TPMA_SESSION_Marshal(&s_attributes[i], &command->responseBuffer, NULL); command->authSize += TPM2B_DIGEST_Marshal(&responseAuth, &command->responseBuffer, NULL); if(!IS_ATTRIBUTE(s_attributes[i], TPMA_SESSION, continueSession)) SessionFlush(s_sessionHandles[i]); } } return; } //*** SessionRemoveAssociationToHandle() // This function deals with the case where an entity associated with an authorization // is deleted during command processing. The primary use of this is to support // UndefineSpaceSpecial(). void SessionRemoveAssociationToHandle( TPM_HANDLE handle ) { UINT32 i; // for(i = 0; i < MAX_SESSION_NUM; i++) { if(s_associatedHandles[i] == handle) { s_associatedHandles[i] = TPM_RH_NULL; } } }go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/000077500000000000000000000000001510276467000250315ustar00rootroot00000000000000go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/CommandAudit.c000066400000000000000000000223561510276467000275520ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Introduction // This file contains the functions that support command audit. //** Includes #include "Tpm.h" //** Functions //*** CommandAuditPreInstall_Init() // This function initializes the command audit list. This function simulates // the behavior of manufacturing. A function is used instead of a structure // definition because this is easier than figuring out the initialization value // for a bit array. // // This function would not be implemented outside of a manufacturing or // simulation environment. void CommandAuditPreInstall_Init( void ) { // Clear all the audit commands MemorySet(gp.auditCommands, 0x00, sizeof(gp.auditCommands)); // TPM_CC_SetCommandCodeAuditStatus always being audited CommandAuditSet(TPM_CC_SetCommandCodeAuditStatus); // Set initial command audit hash algorithm to be context integrity hash // algorithm gp.auditHashAlg = CONTEXT_INTEGRITY_HASH_ALG; // Set up audit counter to be 0 gp.auditCounter = 0; // Write command audit persistent data to NV NV_SYNC_PERSISTENT(auditCommands); NV_SYNC_PERSISTENT(auditHashAlg); NV_SYNC_PERSISTENT(auditCounter); return; } //*** CommandAuditStartup() // This function clears the command audit digest on a TPM Reset. BOOL CommandAuditStartup( STARTUP_TYPE type // IN: start up type ) { if((type != SU_RESTART) && (type != SU_RESUME)) { // Reset the digest size to initialize the digest gr.commandAuditDigest.t.size = 0; } return TRUE; } //*** CommandAuditSet() // This function will SET the audit flag for a command. This function // will not SET the audit flag for a command that is not implemented. This // ensures that the audit status is not SET when TPM2_GetCapability() is // used to read the list of audited commands. // // This function is only used by TPM2_SetCommandCodeAuditStatus(). // // The actions in TPM2_SetCommandCodeAuditStatus() are expected to cause the // changes to be saved to NV after it is setting and clearing bits. // Return Type: BOOL // TRUE(1) command code audit status was changed // FALSE(0) command code audit status was not changed BOOL CommandAuditSet( TPM_CC commandCode // IN: command code ) { COMMAND_INDEX commandIndex = CommandCodeToCommandIndex(commandCode); // Only SET a bit if the corresponding command is implemented if(commandIndex != UNIMPLEMENTED_COMMAND_INDEX) { // Can't audit shutdown if(commandCode != TPM_CC_Shutdown) { if(!TEST_BIT(commandIndex, gp.auditCommands)) { // Set bit SET_BIT(commandIndex, gp.auditCommands); return TRUE; } } } // No change return FALSE; } //*** CommandAuditClear() // This function will CLEAR the audit flag for a command. It will not CLEAR the // audit flag for TPM_CC_SetCommandCodeAuditStatus(). // // This function is only used by TPM2_SetCommandCodeAuditStatus(). // // The actions in TPM2_SetCommandCodeAuditStatus() are expected to cause the // changes to be saved to NV after it is setting and clearing bits. // Return Type: BOOL // TRUE(1) command code audit status was changed // FALSE(0) command code audit status was not changed BOOL CommandAuditClear( TPM_CC commandCode // IN: command code ) { COMMAND_INDEX commandIndex = CommandCodeToCommandIndex(commandCode); // Do nothing if the command is not implemented if(commandIndex != UNIMPLEMENTED_COMMAND_INDEX) { // The bit associated with TPM_CC_SetCommandCodeAuditStatus() cannot be // cleared if(commandCode != TPM_CC_SetCommandCodeAuditStatus) { if(TEST_BIT(commandIndex, gp.auditCommands)) { // Clear bit CLEAR_BIT(commandIndex, gp.auditCommands); return TRUE; } } } // No change return FALSE; } //*** CommandAuditIsRequired() // This function indicates if the audit flag is SET for a command. // Return Type: BOOL // TRUE(1) command is audited // FALSE(0) command is not audited BOOL CommandAuditIsRequired( COMMAND_INDEX commandIndex // IN: command index ) { // Check the bit map. If the bit is SET, command audit is required return(TEST_BIT(commandIndex, gp.auditCommands)); } //*** CommandAuditCapGetCCList() // This function returns a list of commands that have their audit bit SET. // // The list starts at the input commandCode. // Return Type: TPMI_YES_NO // YES if there are more command code available // NO all the available command code has been returned TPMI_YES_NO CommandAuditCapGetCCList( TPM_CC commandCode, // IN: start command code UINT32 count, // IN: count of returned TPM_CC TPML_CC *commandList // OUT: list of TPM_CC ) { TPMI_YES_NO more = NO; COMMAND_INDEX commandIndex; // Initialize output handle list commandList->count = 0; // The maximum count of command we may return is MAX_CAP_CC if(count > MAX_CAP_CC) count = MAX_CAP_CC; // Find the implemented command that has a command code that is the same or // higher than the input // Collect audit commands for(commandIndex = GetClosestCommandIndex(commandCode); commandIndex != UNIMPLEMENTED_COMMAND_INDEX; commandIndex = GetNextCommandIndex(commandIndex)) { if(CommandAuditIsRequired(commandIndex)) { if(commandList->count < count) { // If we have not filled up the return list, add this command // code to its TPM_CC cc = GET_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, commandIndex); if(IS_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, V)) cc += (1 << 29); commandList->commandCodes[commandList->count] = cc; commandList->count++; } else { // If the return list is full but we still have command // available, report this and stop iterating more = YES; break; } } } return more; } //*** CommandAuditGetDigest // This command is used to create a digest of the commands being audited. The // commands are processed in ascending numeric order with a list of TPM_CC being // added to a hash. This operates as if all the audited command codes were // concatenated and then hashed. void CommandAuditGetDigest( TPM2B_DIGEST *digest // OUT: command digest ) { TPM_CC commandCode; COMMAND_INDEX commandIndex; HASH_STATE hashState; // Start hash digest->t.size = CryptHashStart(&hashState, gp.auditHashAlg); // Add command code for(commandIndex = 0; commandIndex < COMMAND_COUNT; commandIndex++) { if(CommandAuditIsRequired(commandIndex)) { commandCode = GetCommandCode(commandIndex); CryptDigestUpdateInt(&hashState, sizeof(commandCode), commandCode); } } // Complete hash CryptHashEnd2B(&hashState, &digest->b); return; }go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/DA.c000066400000000000000000000202261510276467000254630ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Introduction // This file contains the functions and data definitions relating to the // dictionary attack logic. //** Includes and Data Definitions #define DA_C #include "Tpm.h" //** Functions //*** DAPreInstall_Init() // This function initializes the DA parameters to their manufacturer-default // values. The default values are determined by a platform-specific specification. // // This function should not be called outside of a manufacturing or simulation // environment. // // The DA parameters will be restored to these initial values by TPM2_Clear(). void DAPreInstall_Init( void ) { gp.failedTries = 0; gp.maxTries = 3; gp.recoveryTime = 1000; // in seconds (~16.67 minutes) gp.lockoutRecovery = 1000; // in seconds gp.lockOutAuthEnabled = TRUE; // Use of lockoutAuth is enabled // Record persistent DA parameter changes to NV NV_SYNC_PERSISTENT(failedTries); NV_SYNC_PERSISTENT(maxTries); NV_SYNC_PERSISTENT(recoveryTime); NV_SYNC_PERSISTENT(lockoutRecovery); NV_SYNC_PERSISTENT(lockOutAuthEnabled); return; } //*** DAStartup() // This function is called by TPM2_Startup() to initialize the DA parameters. // In the case of Startup(CLEAR), use of lockoutAuth will be enabled if the // lockout recovery time is 0. Otherwise, lockoutAuth will not be enabled until // the TPM has been continuously powered for the lockoutRecovery time. // // This function requires that NV be available and not rate limiting. BOOL DAStartup( STARTUP_TYPE type // IN: startup type ) { NOT_REFERENCED(type); #if !ACCUMULATE_SELF_HEAL_TIMER _plat__TimerWasReset(); s_selfHealTimer = 0; s_lockoutTimer = 0; #else if(_plat__TimerWasReset()) { if(!NV_IS_ORDERLY) { // If shutdown was not orderly, then don't really know if go.time has // any useful value so reset the timer to 0. This is what the tick // was reset to s_selfHealTimer = 0; s_lockoutTimer = 0; } else { // If we know how much time was accumulated at the last orderly shutdown // subtract that from the saved timer values so that they effectively // have the accumulated values s_selfHealTimer -= go.time; s_lockoutTimer -= go.time; } } #endif // For any Startup(), if lockoutRecovery is 0, enable use of lockoutAuth. if(gp.lockoutRecovery == 0) { gp.lockOutAuthEnabled = TRUE; // Record the changes to NV NV_SYNC_PERSISTENT(lockOutAuthEnabled); } // If DA has not been disabled and the previous shutdown is not orderly // failedTries is not already at its maximum then increment 'failedTries' if(gp.recoveryTime != 0 && gp.failedTries < gp.maxTries && !IS_ORDERLY(g_prevOrderlyState)) { #if USE_DA_USED gp.failedTries += g_daUsed; g_daUsed = FALSE; #else gp.failedTries++; #endif // Record the change to NV NV_SYNC_PERSISTENT(failedTries); } // Before Startup, the TPM will not do clock updates. At startup, need to // do a time update which will do the DA update. TimeUpdate(); return TRUE; } //*** DARegisterFailure() // This function is called when a authorization failure occurs on an entity // that is subject to dictionary-attack protection. When a DA failure is // triggered, register the failure by resetting the relevant self-healing // timer to the current time. void DARegisterFailure( TPM_HANDLE handle // IN: handle for failure ) { // Reset the timer associated with lockout if the handle is the lockoutAuth. if(handle == TPM_RH_LOCKOUT) s_lockoutTimer = g_time; else s_selfHealTimer = g_time; return; } //*** DASelfHeal() // This function is called to check if sufficient time has passed to allow // decrement of failedTries or to re-enable use of lockoutAuth. // // This function should be called when the time interval is updated. void DASelfHeal( void ) { // Regular authorization self healing logic // If no failed authorization tries, do nothing. Otherwise, try to // decrease failedTries if(gp.failedTries != 0) { // if recovery time is 0, DA logic has been disabled. Clear failed tries // immediately if(gp.recoveryTime == 0) { gp.failedTries = 0; // Update NV record NV_SYNC_PERSISTENT(failedTries); } else { UINT64 decreaseCount; #if 0 // Errata eliminates this code // In the unlikely event that failedTries should become larger than // maxTries if(gp.failedTries > gp.maxTries) gp.failedTries = gp.maxTries; #endif // How much can failedTries be decreased // Cast s_selfHealTimer to an int in case it became negative at // startup decreaseCount = ((g_time - (INT64)s_selfHealTimer) / 1000) / gp.recoveryTime; if(gp.failedTries <= (UINT32)decreaseCount) // should not set failedTries below zero gp.failedTries = 0; else gp.failedTries -= (UINT32)decreaseCount; // the cast prevents overflow of the product s_selfHealTimer += (decreaseCount * (UINT64)gp.recoveryTime) * 1000; if(decreaseCount != 0) // If there was a change to the failedTries, record the changes // to NV NV_SYNC_PERSISTENT(failedTries); } } // LockoutAuth self healing logic // If lockoutAuth is enabled, do nothing. Otherwise, try to see if we // may enable it if(!gp.lockOutAuthEnabled) { // if lockout authorization recovery time is 0, a reboot is required to // re-enable use of lockout authorization. Self-healing would not // apply in this case. if(gp.lockoutRecovery != 0) { if(((g_time - (INT64)s_lockoutTimer) / 1000) >= gp.lockoutRecovery) { gp.lockOutAuthEnabled = TRUE; // Record the changes to NV NV_SYNC_PERSISTENT(lockOutAuthEnabled); } } } return; }go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/Hierarchy.c000066400000000000000000000171401510276467000271160ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Introduction // This file contains the functions used for managing and accessing the // hierarchy-related values. //** Includes #include "Tpm.h" //** Functions //*** HierarchyPreInstall() // This function performs the initialization functions for the hierarchy // when the TPM is simulated. This function should not be called if the // TPM is not in a manufacturing mode at the manufacturer, or in a simulated // environment. void HierarchyPreInstall_Init( void ) { // Allow lockout clear command gp.disableClear = FALSE; // Initialize Primary Seeds gp.EPSeed.t.size = sizeof(gp.EPSeed.t.buffer); gp.SPSeed.t.size = sizeof(gp.SPSeed.t.buffer); gp.PPSeed.t.size = sizeof(gp.PPSeed.t.buffer); #if (defined USE_PLATFORM_EPS) && (USE_PLATFORM_EPS != NO) _plat__GetEPS(gp.EPSeed.t.size, gp.EPSeed.t.buffer); #else CryptRandomGenerate(gp.EPSeed.t.size, gp.EPSeed.t.buffer); #endif CryptRandomGenerate(gp.SPSeed.t.size, gp.SPSeed.t.buffer); CryptRandomGenerate(gp.PPSeed.t.size, gp.PPSeed.t.buffer); // Initialize owner, endorsement and lockout authorization gp.ownerAuth.t.size = 0; gp.endorsementAuth.t.size = 0; gp.lockoutAuth.t.size = 0; // Initialize owner, endorsement, and lockout policy gp.ownerAlg = TPM_ALG_NULL; gp.ownerPolicy.t.size = 0; gp.endorsementAlg = TPM_ALG_NULL; gp.endorsementPolicy.t.size = 0; gp.lockoutAlg = TPM_ALG_NULL; gp.lockoutPolicy.t.size = 0; // Initialize ehProof, shProof and phProof gp.phProof.t.size = sizeof(gp.phProof.t.buffer); gp.shProof.t.size = sizeof(gp.shProof.t.buffer); gp.ehProof.t.size = sizeof(gp.ehProof.t.buffer); CryptRandomGenerate(gp.phProof.t.size, gp.phProof.t.buffer); CryptRandomGenerate(gp.shProof.t.size, gp.shProof.t.buffer); CryptRandomGenerate(gp.ehProof.t.size, gp.ehProof.t.buffer); // Write hierarchy data to NV NV_SYNC_PERSISTENT(disableClear); NV_SYNC_PERSISTENT(EPSeed); NV_SYNC_PERSISTENT(SPSeed); NV_SYNC_PERSISTENT(PPSeed); NV_SYNC_PERSISTENT(ownerAuth); NV_SYNC_PERSISTENT(endorsementAuth); NV_SYNC_PERSISTENT(lockoutAuth); NV_SYNC_PERSISTENT(ownerAlg); NV_SYNC_PERSISTENT(ownerPolicy); NV_SYNC_PERSISTENT(endorsementAlg); NV_SYNC_PERSISTENT(endorsementPolicy); NV_SYNC_PERSISTENT(lockoutAlg); NV_SYNC_PERSISTENT(lockoutPolicy); NV_SYNC_PERSISTENT(phProof); NV_SYNC_PERSISTENT(shProof); NV_SYNC_PERSISTENT(ehProof); return; } //*** HierarchyStartup() // This function is called at TPM2_Startup() to initialize the hierarchy // related values. BOOL HierarchyStartup( STARTUP_TYPE type // IN: start up type ) { // phEnable is SET on any startup g_phEnable = TRUE; // Reset platformAuth, platformPolicy; enable SH and EH at TPM_RESET and // TPM_RESTART if(type != SU_RESUME) { gc.platformAuth.t.size = 0; gc.platformPolicy.t.size = 0; gc.platformAlg = TPM_ALG_NULL; // enable the storage and endorsement hierarchies and the platformNV gc.shEnable = gc.ehEnable = gc.phEnableNV = TRUE; } // nullProof and nullSeed are updated at every TPM_RESET if((type != SU_RESTART) && (type != SU_RESUME)) { gr.nullProof.t.size = sizeof(gr.nullProof.t.buffer); CryptRandomGenerate(gr.nullProof.t.size, gr.nullProof.t.buffer); gr.nullSeed.t.size = sizeof(gr.nullSeed.t.buffer); CryptRandomGenerate(gr.nullSeed.t.size, gr.nullSeed.t.buffer); } return TRUE; } //*** HierarchyGetProof() // This function finds the proof value associated with a hierarchy.It returns a // pointer to the proof value. TPM2B_PROOF * HierarchyGetProof( TPMI_RH_HIERARCHY hierarchy // IN: hierarchy constant ) { TPM2B_PROOF *proof = NULL; switch(hierarchy) { case TPM_RH_PLATFORM: // phProof for TPM_RH_PLATFORM proof = &gp.phProof; break; case TPM_RH_ENDORSEMENT: // ehProof for TPM_RH_ENDORSEMENT proof = &gp.ehProof; break; case TPM_RH_OWNER: // shProof for TPM_RH_OWNER proof = &gp.shProof; break; default: // nullProof for TPM_RH_NULL or anything else proof = &gr.nullProof; break; } return proof; } //*** HierarchyGetPrimarySeed() // This function returns the primary seed of a hierarchy. TPM2B_SEED * HierarchyGetPrimarySeed( TPMI_RH_HIERARCHY hierarchy // IN: hierarchy ) { TPM2B_SEED *seed = NULL; switch(hierarchy) { case TPM_RH_PLATFORM: seed = &gp.PPSeed; break; case TPM_RH_OWNER: seed = &gp.SPSeed; break; case TPM_RH_ENDORSEMENT: seed = &gp.EPSeed; break; default: seed = &gr.nullSeed; break; } return seed; } //*** HierarchyIsEnabled() // This function checks to see if a hierarchy is enabled. // NOTE: The TPM_RH_NULL hierarchy is always enabled. // Return Type: BOOL // TRUE(1) hierarchy is enabled // FALSE(0) hierarchy is disabled BOOL HierarchyIsEnabled( TPMI_RH_HIERARCHY hierarchy // IN: hierarchy ) { BOOL enabled = FALSE; switch(hierarchy) { case TPM_RH_PLATFORM: enabled = g_phEnable; break; case TPM_RH_OWNER: enabled = gc.shEnable; break; case TPM_RH_ENDORSEMENT: enabled = gc.ehEnable; break; case TPM_RH_NULL: enabled = TRUE; break; default: enabled = FALSE; break; } return enabled; }go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/NvDynamic.c000066400000000000000000002072521510276467000270750ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Introduction // The NV memory is divided into two area: dynamic space for user defined NV // indexes and evict objects, and reserved space for TPM persistent and state save // data. // // The entries in dynamic space are a linked list of entries. Each entry has, as its // first field, a size. If the size field is zero, it marks the end of the // list. // // An Index allocation will contain an NV_INDEX structure. If the Index does not // have the orderly attribute, the NV_INDEX is followed immediately by the NV data. // // An evict object entry contains a handle followed by an OBJECT structure. This // results in both the Index and Evict Object having an identifying handle as the // first field following the size field. // // When an Index has the orderly attribute, the data is kept in RAM. This RAM is // saved to backing store in NV memory on any orderly shutdown. The entries in // orderly memory are also a linked list using a size field as the first entry. // // The attributes of an orderly index are maintained in RAM memory in order to // reduce the number of NV writes needed for orderly data. When an orderly index // is created, an entry is made in the dynamic NV memory space that holds the Index // authorizations (authPolicy and authValue) and the size of the data. This entry is // only modified if the authValue of the index is changed. The more volatile data // of the index is kept in RAM. When an orderly Index is created or deleted, the // RAM data is copied to NV backing store so that the image in the backing store // matches the layout of RAM. In normal operation. The RAM data is also copied on // any orderly shutdown. In normal operation, the only other reason for writing // to the backing store for RAM is when a counter is first written (TPMA_NV_WRITTEN // changes from CLEAR to SET) or when a counter "rolls over." // // Static space contains items that are individually modifiable. The values are in // the 'gp' PERSISTEND_DATA structure in RAM and mapped to locations in NV. // //** Includes, Defines and Data Definitions #define NV_C #include "Tpm.h" #include "PlatformData.h" //** Local Functions //*** NvNext() // This function provides a method to traverse every data entry in NV dynamic // area. // // To begin with, parameter 'iter' should be initialized to NV_REF_INIT // indicating the first element. Every time this function is called, the // value in 'iter' would be adjusted pointing to the next element in // traversal. If there is no next element, 'iter' value would be 0. // This function returns the address of the 'data entry' pointed by the // 'iter'. If there is no more element in the set, a 0 value is returned // indicating the end of traversal. // static NV_REF NvNext( NV_REF *iter, // IN/OUT: the list iterator TPM_HANDLE *handle // OUT: the handle of the next item. ) { NV_REF currentAddr; NV_ENTRY_HEADER header; // // If iterator is at the beginning of list if(*iter == NV_REF_INIT) { // Initialize iterator *iter = NV_USER_DYNAMIC; } // Step over the size field and point to the handle currentAddr = *iter + sizeof(UINT32); // read the header of the next entry NvRead(&header, *iter, sizeof(NV_ENTRY_HEADER)); // if the size field is zero, then we have hit the end of the list if(header.size == 0) // leave the *iter pointing at the end of the list return 0; // advance the header by the size of the entry *iter += header.size; if(handle != NULL) *handle = header.handle; return currentAddr; } //*** NvNextByType() // This function returns a reference to the next NV entry of the desired type // Return Type: NV_REF // 0 end of list // != 0 the next entry of the indicated type static NV_REF NvNextByType( TPM_HANDLE *handle, // OUT: the handle of the found type NV_REF *iter, // IN: the iterator TPM_HT type // IN: the handle type to look for ) { NV_REF addr; TPM_HANDLE nvHandle; // while((addr = NvNext(iter, &nvHandle)) != 0) { // addr: the address of the location containing the handle of the value // iter: the next location. if(HandleGetType(nvHandle) == type) break; } if(handle != NULL) *handle = nvHandle; return addr; } //*** NvNextIndex() // This function returns the reference to the next NV Index entry. A value // of 0 indicates the end of the list. // Return Type: NV_REF // 0 end of list // != 0 the next reference #define NvNextIndex(handle, iter) \ NvNextByType(handle, iter, TPM_HT_NV_INDEX) //*** NvNextEvict() // This function returns the offset in NV of the next evict object entry. A value // of 0 indicates the end of the list. #define NvNextEvict(handle, iter) \ NvNextByType(handle, iter, TPM_HT_PERSISTENT) //*** NvGetEnd() // Function to find the end of the NV dynamic data list static NV_REF NvGetEnd( void ) { NV_REF iter = NV_REF_INIT; NV_REF currentAddr; // // Scan until the next address is 0 while((currentAddr = NvNext(&iter, NULL)) != 0); return iter; } //*** NvGetFreeBytes // This function returns the number of free octets in NV space. static UINT32 NvGetFreeBytes( void ) { // This does not have an overflow issue because NvGetEnd() cannot return a value // that is larger than s_evictNvEnd. This is because there is always a 'stop' // word in the NV memory that terminates the search for the end before the // value can go past s_evictNvEnd. return s_evictNvEnd - NvGetEnd(); } //*** NvTestSpace() // This function will test if there is enough space to add a new entity. // Return Type: BOOL // TRUE(1) space available // FALSE(0) no enough space static BOOL NvTestSpace( UINT32 size, // IN: size of the entity to be added BOOL isIndex, // IN: TRUE if the entity is an index BOOL isCounter // IN: TRUE if the index is a counter ) { UINT32 remainBytes = NvGetFreeBytes(); UINT32 reserved = sizeof(UINT32) // size of the forward pointer + sizeof(NV_LIST_TERMINATOR); // // Do a compile time sanity check on the setting for NV_MEMORY_SIZE #if NV_MEMORY_SIZE < 1024 #error "NV_MEMORY_SIZE probably isn't large enough" #endif // For NV Index, need to make sure that we do not allocate an Index if this // would mean that the TPM cannot allocate the minimum number of evict // objects. if(isIndex) { // Get the number of persistent objects allocated UINT32 persistentNum = NvCapGetPersistentNumber(); // If we have not allocated the requisite number of evict objects, then we // need to reserve space for them. // NOTE: some of this is not written as simply as it might seem because // the values are all unsigned and subtracting needs to be done carefully // so that an underflow doesn't cause problems. if(persistentNum < MIN_EVICT_OBJECTS) reserved += (MIN_EVICT_OBJECTS - persistentNum) * NV_EVICT_OBJECT_SIZE; } // If this is not an index or is not a counter, reserve space for the // required number of counter indexes if(!isIndex || !isCounter) { // Get the number of counters UINT32 counterNum = NvCapGetCounterNumber(); // If the required number of counters have not been allocated, reserved // space for the extra needed counters if(counterNum < MIN_COUNTER_INDICES) reserved += (MIN_COUNTER_INDICES - counterNum) * NV_INDEX_COUNTER_SIZE; } // Check that the requested allocation will fit after making sure that there // will be no chance of overflow return ((reserved < remainBytes) && (size <= remainBytes) && (size + reserved <= remainBytes)); } //*** NvWriteNvListEnd() // Function to write the list terminator. NV_REF NvWriteNvListEnd( NV_REF end ) { // Marker is initialized with zeros BYTE listEndMarker[sizeof(NV_LIST_TERMINATOR)] = {0}; UINT64 maxCount = NvReadMaxCount(); // // This is a constant check that can be resolved at compile time. cAssert(sizeof(UINT64) <= sizeof(NV_LIST_TERMINATOR) - sizeof(UINT32)); // Copy the maxCount value to the marker buffer MemoryCopy(&listEndMarker[sizeof(UINT32)], &maxCount, sizeof(UINT64)); pAssert(end + sizeof(NV_LIST_TERMINATOR) <= s_evictNvEnd); // Write it to memory NvWrite(end, sizeof(NV_LIST_TERMINATOR), &listEndMarker); return end + sizeof(NV_LIST_TERMINATOR); } //*** NvAdd() // This function adds a new entity to NV. // // This function requires that there is enough space to add a new entity (i.e., // that NvTestSpace() has been called and the available space is at least as // large as the required space). // // The 'totalSize' will be the size of 'entity'. If a handle is added, this // function will increase the size accordingly. static TPM_RC NvAdd( UINT32 totalSize, // IN: total size needed for this entity For // evict object, totalSize is the same as // bufferSize. For NV Index, totalSize is // bufferSize plus index data size UINT32 bufferSize, // IN: size of initial buffer TPM_HANDLE handle, // IN: optional handle BYTE *entity // IN: initial buffer ) { NV_REF newAddr; // IN: where the new entity will start NV_REF nextAddr; // RETURN_IF_NV_IS_NOT_AVAILABLE; // Get the end of data list newAddr = NvGetEnd(); // Step over the forward pointer nextAddr = newAddr + sizeof(UINT32); // Optionally write the handle. For indexes, the handle is TPM_RH_UNASSIGNED // so that the handle in the nvIndex is used instead of writing this value if(handle != TPM_RH_UNASSIGNED) { NvWrite((UINT32)nextAddr, sizeof(TPM_HANDLE), &handle); nextAddr += sizeof(TPM_HANDLE); } // Write entity data NvWrite((UINT32)nextAddr, bufferSize, entity); // Advance the pointer by the amount of the total nextAddr += totalSize; // Finish by writing the link value // Write the next offset (relative addressing) totalSize = nextAddr - newAddr; // Write link value NvWrite((UINT32)newAddr, sizeof(UINT32), &totalSize); // Write the list terminator NvWriteNvListEnd(nextAddr); return TPM_RC_SUCCESS; } //*** NvDelete() // This function is used to delete an NV Index or persistent object from NV memory. static TPM_RC NvDelete( NV_REF entityRef // IN: reference to entity to be deleted ) { UINT32 entrySize; // adjust entityAddr to back up and point to the forward pointer NV_REF entryRef = entityRef - sizeof(UINT32); NV_REF endRef = NvGetEnd(); NV_REF nextAddr; // address of the next entry // RETURN_IF_NV_IS_NOT_AVAILABLE; // Get the offset of the next entry. That is, back up and point to the size // field of the entry NvRead(&entrySize, entryRef, sizeof(UINT32)); // The next entry after the one being deleted is at a relative offset // from the current entry nextAddr = entryRef + entrySize; // If this is not the last entry, move everything up if(nextAddr < endRef) { pAssert(nextAddr > entryRef); _plat__NvMemoryMove(nextAddr, entryRef, (endRef - nextAddr)); } // The end of the used space is now moved up by the amount of space we just // reclaimed endRef -= entrySize; // Write the end marker, and make the new end equal to the first byte after // the just added end value. This will automatically update the NV value for // maxCounter. // NOTE: This is the call that sets flag to cause NV to be updated endRef = NvWriteNvListEnd(endRef); // Clear the reclaimed memory _plat__NvMemoryClear(endRef, entrySize); return TPM_RC_SUCCESS; } //************************************************ //** RAM-based NV Index Data Access Functions //************************************************ //*** Introduction // The data layout in ram buffer is {size of(NV_handle + attributes + data // NV_handle, attributes, data} // for each NV Index data stored in RAM. // // NV storage associated with orderly data is updated when a NV Index is added // but NOT when the data or attributes are changed. Orderly data is only updated // to NV on an orderly shutdown (TPM2_Shutdown()) //*** NvRamNext() // This function is used to iterate trough the list of Ram Index values. *iter needs // to be initialized by calling static NV_RAM_REF NvRamNext( NV_RAM_REF *iter, // IN/OUT: the list iterator TPM_HANDLE *handle // OUT: the handle of the next item. ) { NV_RAM_REF currentAddr; NV_RAM_HEADER header; // // If iterator is at the beginning of list if(*iter == NV_RAM_REF_INIT) { // Initialize iterator *iter = &s_indexOrderlyRam[0]; } // if we are going to return what the iter is currently pointing to... currentAddr = *iter; // If iterator reaches the end of NV space, then don't advance and return // that we are at the end of the list. The end of the list occurs when // we don't have space for a size and a handle if(currentAddr + sizeof(NV_RAM_HEADER) > RAM_ORDERLY_END) return NULL; // read the header of the next entry MemoryCopy(&header, currentAddr, sizeof(NV_RAM_HEADER)); // if the size field is zero, then we have hit the end of the list if(header.size == 0) // leave the *iter pointing at the end of the list return NULL; // advance the header by the size of the entry *iter = currentAddr + header.size; // pAssert(*iter <= RAM_ORDERLY_END); if(handle != NULL) *handle = header.handle; return currentAddr; } //*** NvRamGetEnd() // This routine performs the same function as NvGetEnd() but for the RAM data. static NV_RAM_REF NvRamGetEnd( void ) { NV_RAM_REF iter = NV_RAM_REF_INIT; NV_RAM_REF currentAddr; // // Scan until the next address is 0 while((currentAddr = NvRamNext(&iter, NULL)) != 0); return iter; } //*** NvRamTestSpaceIndex() // This function indicates if there is enough RAM space to add a data for a // new NV Index. // Return Type: BOOL // TRUE(1) space available // FALSE(0) no enough space static BOOL NvRamTestSpaceIndex( UINT32 size // IN: size of the data to be added to RAM ) { UINT32 remaining = (UINT32)(RAM_ORDERLY_END - NvRamGetEnd()); UINT32 needed = sizeof(NV_RAM_HEADER) + size; // // NvRamGetEnd points to the next available byte. return remaining >= needed; } //*** NvRamGetIndex() // This function returns the offset of NV data in the RAM buffer // // This function requires that NV Index is in RAM. That is, the // index must be known to exist. static NV_RAM_REF NvRamGetIndex( TPMI_RH_NV_INDEX handle // IN: NV handle ) { NV_RAM_REF iter = NV_RAM_REF_INIT; NV_RAM_REF currentAddr; TPM_HANDLE foundHandle; // while((currentAddr = NvRamNext(&iter, &foundHandle)) != 0) { if(handle == foundHandle) break; } return currentAddr; } //*** NvUpdateIndexOrderlyData() // This function is used to cause an update of the orderly data to the NV backing // store. void NvUpdateIndexOrderlyData( void ) { // Write reserved RAM space to NV NvWrite(NV_INDEX_RAM_DATA, sizeof(s_indexOrderlyRam), s_indexOrderlyRam); } //*** NvAddRAM() // This function adds a new data area to RAM. // // This function requires that enough free RAM space is available to add // the new data. // // This function should be called after the NV Index space has been updated // and the index removed. This insures that NV is available so that checking // for NV availability is not required during this function. static void NvAddRAM( TPMS_NV_PUBLIC *index // IN: the index descriptor ) { NV_RAM_HEADER header; NV_RAM_REF end = NvRamGetEnd(); // header.size = sizeof(NV_RAM_HEADER) + index->dataSize; header.handle = index->nvIndex; MemoryCopy(&header.attributes, &index->attributes, sizeof(TPMA_NV)); pAssert(ORDERLY_RAM_ADDRESS_OK(end, header.size)); // Copy the header to the memory MemoryCopy(end, &header, sizeof(NV_RAM_HEADER)); // Clear the data area (just in case) MemorySet(end + sizeof(NV_RAM_HEADER), 0, index->dataSize); // Step over this new entry end += header.size; // If the end marker will fit, add it if(end + sizeof(UINT32) < RAM_ORDERLY_END) MemorySet(end, 0, sizeof(UINT32)); // Write reserved RAM space to NV to reflect the newly added NV Index SET_NV_UPDATE(UT_ORDERLY); return; } //*** NvDeleteRAM() // This function is used to delete a RAM-backed NV Index data area. // The space used by the entry are overwritten by the contents of the // Index data that comes after (the data is moved up to fill the hole left // by removing this index. The reclaimed space is cleared to zeros. // This function assumes the data of NV Index exists in RAM. // // This function should be called after the NV Index space has been updated // and the index removed. This insures that NV is available so that checking // for NV availability is not required during this function. static void NvDeleteRAM( TPMI_RH_NV_INDEX handle // IN: NV handle ) { NV_RAM_REF nodeAddress; NV_RAM_REF nextNode; UINT32 size; NV_RAM_REF lastUsed = NvRamGetEnd(); // nodeAddress = NvRamGetIndex(handle); pAssert(nodeAddress != 0); // Get node size MemoryCopy(&size, nodeAddress, sizeof(size)); // Get the offset of next node nextNode = nodeAddress + size; // Copy the data MemoryCopy(nodeAddress, nextNode, (int)(lastUsed - nextNode)); // Clear out the reclaimed space MemorySet(lastUsed - size, 0, size); // Write reserved RAM space to NV to reflect the newly delete NV Index SET_NV_UPDATE(UT_ORDERLY); return; } //*** NvReadIndex() // This function is used to read the NV Index NV_INDEX. This is used so that the // index information can be compressed and only this function would be needed // to decompress it. Mostly, compression would only be able to save the space // needed by the policy. void NvReadNvIndexInfo( NV_REF ref, // IN: points to NV where index is located NV_INDEX *nvIndex // OUT: place to receive index data ) { pAssert(nvIndex != NULL); NvRead(nvIndex, ref, sizeof(NV_INDEX)); return; } //*** NvReadObject() // This function is used to read a persistent object. This is used so that the // object information can be compressed and only this function would be needed // to uncompress it. void NvReadObject( NV_REF ref, // IN: points to NV where index is located OBJECT *object // OUT: place to receive the object data ) { NvRead(object, (ref + sizeof(TPM_HANDLE)), sizeof(OBJECT)); return; } //*** NvFindEvict() // This function will return the NV offset of an evict object // Return Type: UINT32 // 0 evict object not found // != 0 offset of evict object static NV_REF NvFindEvict( TPM_HANDLE nvHandle, OBJECT *object ) { NV_REF found = NvFindHandle(nvHandle); // // If we found the handle and the request included an object pointer, fill it in if(found != 0 && object != NULL) NvReadObject(found, object); return found; } //*** NvIndexIsDefined() // See if an index is already defined BOOL NvIndexIsDefined( TPM_HANDLE nvHandle // IN: Index to look for ) { return (NvFindHandle(nvHandle) != 0); } //*** NvConditionallyWrite() // Function to check if the data to be written has changed // and write it if it has // Return Type: TPM_RC // TPM_RC_NV_RATE NV is unavailable because of rate limit // TPM_RC_NV_UNAVAILABLE NV is inaccessible static TPM_RC NvConditionallyWrite( NV_REF entryAddr, // IN: stating address UINT32 size, // IN: size of the data to write void *data // IN: the data to write ) { // If the index data is actually changed, then a write to NV is required if(_plat__NvIsDifferent(entryAddr, size, data)) { // Write the data if NV is available if(g_NvStatus == TPM_RC_SUCCESS) { NvWrite(entryAddr, size, data); } return g_NvStatus; } return TPM_RC_SUCCESS; } //*** NvReadNvIndexAttributes() // This function returns the attributes of an NV Index. static TPMA_NV NvReadNvIndexAttributes( NV_REF locator // IN: reference to an NV index ) { TPMA_NV attributes; // NvRead(&attributes, locator + offsetof(NV_INDEX, publicArea.attributes), sizeof(TPMA_NV)); return attributes; } //*** NvReadRamIndexAttributes() // This function returns the attributes from the RAM header structure. This function // is used to deal with the fact that the header structure is only byte aligned. static TPMA_NV NvReadRamIndexAttributes( NV_RAM_REF ref // IN: pointer to a NV_RAM_HEADER ) { TPMA_NV attributes; // MemoryCopy(&attributes, ref + offsetof(NV_RAM_HEADER, attributes), sizeof(TPMA_NV)); return attributes; } //*** NvWriteNvIndexAttributes() // This function is used to write just the attributes of an index to NV. // Return type: TPM_RC // TPM_RC_NV_RATE NV is rate limiting so retry // TPM_RC_NV_UNAVAILABLE NV is not available static TPM_RC NvWriteNvIndexAttributes( NV_REF locator, // IN: location of the index TPMA_NV attributes // IN: attributes to write ) { return NvConditionallyWrite( locator + offsetof(NV_INDEX, publicArea.attributes), sizeof(TPMA_NV), &attributes); } //*** NvWriteRamIndexAttributes() // This function is used to write the index attributes into an unaligned structure static void NvWriteRamIndexAttributes( NV_RAM_REF ref, // IN: address of the header TPMA_NV attributes // IN: the attributes to write ) { MemoryCopy(ref + offsetof(NV_RAM_HEADER, attributes), &attributes, sizeof(TPMA_NV)); return; } //************************************************ //** Externally Accessible Functions //************************************************ //*** NvIsPlatformPersistentHandle() // This function indicates if a handle references a persistent object in the // range belonging to the platform. // Return Type: BOOL // TRUE(1) handle references a platform persistent object // and may reference an owner persistent object either // FALSE(0) handle does not reference platform persistent object BOOL NvIsPlatformPersistentHandle( TPM_HANDLE handle // IN: handle ) { return (handle >= PLATFORM_PERSISTENT && handle <= PERSISTENT_LAST); } //*** NvIsOwnerPersistentHandle() // This function indicates if a handle references a persistent object in the // range belonging to the owner. // Return Type: BOOL // TRUE(1) handle is owner persistent handle // FALSE(0) handle is not owner persistent handle and may not be // a persistent handle at all BOOL NvIsOwnerPersistentHandle( TPM_HANDLE handle // IN: handle ) { return (handle >= PERSISTENT_FIRST && handle < PLATFORM_PERSISTENT); } //*** NvIndexIsAccessible() // // This function validates that a handle references a defined NV Index and // that the Index is currently accessible. // Return Type: TPM_RC // TPM_RC_HANDLE the handle points to an undefined NV Index // If shEnable is CLEAR, this would include an index // created using ownerAuth. If phEnableNV is CLEAR, // this would include and index created using // platformAuth // TPM_RC_NV_READLOCKED Index is present but locked for reading and command // does not write to the index // TPM_RC_NV_WRITELOCKED Index is present but locked for writing and command // writes to the index TPM_RC NvIndexIsAccessible( TPMI_RH_NV_INDEX handle // IN: handle ) { NV_INDEX *nvIndex = NvGetIndexInfo(handle, NULL); // if(nvIndex == NULL) // If index is not found, return TPM_RC_HANDLE return TPM_RC_HANDLE; if(gc.shEnable == FALSE || gc.phEnableNV == FALSE) { // if shEnable is CLEAR, an ownerCreate NV Index should not be // indicated as present if(!IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, PLATFORMCREATE)) { if(gc.shEnable == FALSE) return TPM_RC_HANDLE; } // if phEnableNV is CLEAR, a platform created Index should not // be visible else if(gc.phEnableNV == FALSE) return TPM_RC_HANDLE; } #if 0 // Writelock test for debug // If the Index is write locked and this is an NV Write operation... if(IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, WRITELOCKED) && IsWriteOperation(commandIndex)) { // then return a locked indication unless the command is TPM2_NV_WriteLock if(GetCommandCode(commandIndex) != TPM_CC_NV_WriteLock) return TPM_RC_NV_LOCKED; return TPM_RC_SUCCESS; } #endif #if 0 // Readlock Test for debug // If the Index is read locked and this is an NV Read operation... if(IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, READLOCKED) && IsReadOperation(commandIndex)) { // then return a locked indication unless the command is TPM2_NV_ReadLock if(GetCommandCode(commandIndex) != TPM_CC_NV_ReadLock) return TPM_RC_NV_LOCKED; } #endif // NV Index is accessible return TPM_RC_SUCCESS; } //*** NvGetEvictObject() // This function is used to dereference an evict object handle and get a pointer // to the object. // Return Type: TPM_RC // TPM_RC_HANDLE the handle does not point to an existing // persistent object TPM_RC NvGetEvictObject( TPM_HANDLE handle, // IN: handle OBJECT *object // OUT: object data ) { NV_REF entityAddr; // offset points to the entity // // Find the address of evict object and copy to object entityAddr = NvFindEvict(handle, object); // whether there is an error or not, make sure that the evict // status of the object is set so that the slot will get freed on exit // Must do this after NvFindEvict loads the object object->attributes.evict = SET; // If handle is not found, return an error if(entityAddr == 0) return TPM_RC_HANDLE; return TPM_RC_SUCCESS; } //*** NvIndexCacheInit() // Function to initialize the Index cache void NvIndexCacheInit( void ) { s_cachedNvRef = NV_REF_INIT; s_cachedNvRamRef = NV_RAM_REF_INIT; s_cachedNvIndex.publicArea.nvIndex = TPM_RH_UNASSIGNED; return; } //*** NvGetIndexData() // This function is used to access the data in an NV Index. The data is returned // as a byte sequence. // // This function requires that the NV Index be defined, and that the // required data is within the data range. It also requires that TPMA_NV_WRITTEN // of the Index is SET. void NvGetIndexData( NV_INDEX *nvIndex, // IN: the in RAM index descriptor NV_REF locator, // IN: where the data is located UINT32 offset, // IN: offset of NV data UINT16 size, // IN: number of octets of NV data to read void *data // OUT: data buffer ) { TPMA_NV nvAttributes; // pAssert(nvIndex != NULL); nvAttributes = nvIndex->publicArea.attributes; pAssert(IS_ATTRIBUTE(nvAttributes, TPMA_NV, WRITTEN)); if(IS_ATTRIBUTE(nvAttributes, TPMA_NV, ORDERLY)) { // Get data from RAM buffer NV_RAM_REF ramAddr = NvRamGetIndex(nvIndex->publicArea.nvIndex); pAssert(ramAddr != 0 && (size <= ((NV_RAM_HEADER *)ramAddr)->size - sizeof(NV_RAM_HEADER) - offset)); MemoryCopy(data, ramAddr + sizeof(NV_RAM_HEADER) + offset, size); } else { // Validate that read falls within range of the index pAssert(offset <= nvIndex->publicArea.dataSize && size <= (nvIndex->publicArea.dataSize - offset)); NvRead(data, locator + sizeof(NV_INDEX) + offset, size); } return; } //*** NvHashIndexData() // This function adds Index data to a hash. It does this in parts to avoid large stack // buffers. void NvHashIndexData( HASH_STATE *hashState, // IN: Initialized hash state NV_INDEX *nvIndex, // IN: Index NV_REF locator, // IN: where the data is located UINT32 offset, // IN: starting offset UINT16 size // IN: amount to hash ) { #define BUFFER_SIZE 64 BYTE buffer[BUFFER_SIZE]; if (offset > nvIndex->publicArea.dataSize) return; // Make sure that we don't try to read off the end. if ((offset + size) > nvIndex->publicArea.dataSize) size = nvIndex->publicArea.dataSize - (UINT16)offset; #if BUFFER_SIZE >= MAX_NV_INDEX_SIZE NvGetIndexData(nvIndex, locator, offset, size, buffer); CryptDigestUpdate(hashState, size, buffer); #else { INT16 i; UINT16 readSize; // for (i = size; i > 0; offset += readSize, i -= readSize) { readSize = (i < BUFFER_SIZE) ? i : BUFFER_SIZE; NvGetIndexData(nvIndex, locator, offset, readSize, buffer); CryptDigestUpdate(hashState, readSize, buffer); } } #endif // BUFFER_SIZE >= MAX_NV_INDEX_SIZE #undef BUFFER_SIZE } //*** NvGetUINT64Data() // Get data in integer format of a bit or counter NV Index. // // This function requires that the NV Index is defined and that the NV Index // previously has been written. UINT64 NvGetUINT64Data( NV_INDEX *nvIndex, // IN: the in RAM index descriptor NV_REF locator // IN: where index exists in NV ) { UINT64 intVal; // // Read the value and convert it to internal format NvGetIndexData(nvIndex, locator, 0, 8, &intVal); return BYTE_ARRAY_TO_UINT64(((BYTE *)&intVal)); } //*** NvWriteIndexAttributes() // This function is used to write just the attributes of an index. // Return type: TPM_RC // TPM_RC_NV_RATE NV is rate limiting so retry // TPM_RC_NV_UNAVAILABLE NV is not available TPM_RC NvWriteIndexAttributes( TPM_HANDLE handle, NV_REF locator, // IN: location of the index TPMA_NV attributes // IN: attributes to write ) { TPM_RC result; // if(IS_ATTRIBUTE(attributes, TPMA_NV, ORDERLY)) { NV_RAM_REF ram = NvRamGetIndex(handle); NvWriteRamIndexAttributes(ram, attributes); result = TPM_RC_SUCCESS; } else { result = NvWriteNvIndexAttributes(locator, attributes); } return result; } //*** NvWriteIndexAuth() // This function is used to write the authValue of an index. It is used by // TPM2_NV_ChangeAuth() // Return type: TPM_RC // TPM_RC_NV_RATE NV is rate limiting so retry // TPM_RC_NV_UNAVAILABLE NV is not available TPM_RC NvWriteIndexAuth( NV_REF locator, // IN: location of the index TPM2B_AUTH *authValue // IN: the authValue to write ) { TPM_RC result; // // If the locator is pointing to the cached index value... if(locator == s_cachedNvRef) { // copy the authValue to the cached index so it will be there if we // look for it. This is a safety thing. MemoryCopy2B(&s_cachedNvIndex.authValue.b, &authValue->b, sizeof(s_cachedNvIndex.authValue.t.buffer)); } result = NvConditionallyWrite( locator + offsetof(NV_INDEX, authValue), sizeof(UINT16) + authValue->t.size, authValue); return result; } //*** NvGetIndexInfo() // This function loads the nvIndex Info into the NV cache and returns a pointer // to the NV_INDEX. If the returned value is zero, the index was not found. // The 'locator' parameter, if not NULL, will be set to the offset in NV of the // Index (the location of the handle of the Index). // // This function will set the index cache. If the index is orderly, the attributes // from RAM are substituted for the attributes in the cached index NV_INDEX * NvGetIndexInfo( TPM_HANDLE nvHandle, // IN: the index handle NV_REF *locator // OUT: location of the index ) { if(s_cachedNvIndex.publicArea.nvIndex != nvHandle) { s_cachedNvIndex.publicArea.nvIndex = TPM_RH_UNASSIGNED; s_cachedNvRamRef = 0; s_cachedNvRef = NvFindHandle(nvHandle); if(s_cachedNvRef == 0) return NULL; NvReadNvIndexInfo(s_cachedNvRef, &s_cachedNvIndex); if(IS_ATTRIBUTE(s_cachedNvIndex.publicArea.attributes, TPMA_NV, ORDERLY)) { s_cachedNvRamRef = NvRamGetIndex(nvHandle); s_cachedNvIndex.publicArea.attributes = NvReadRamIndexAttributes(s_cachedNvRamRef); } } if(locator != NULL) *locator = s_cachedNvRef; return &s_cachedNvIndex; } //*** NvWriteIndexData() // This function is used to write NV index data. It is intended to be used to // update the data associated with the default index. // // This function requires that the NV Index is defined, and the data is // within the defined data range for the index. // // Index data is only written due to a command that modifies the data in a single // index. There is no case where changes are made to multiple indexes data at the // same time. Multiple attributes may be change but not multiple index data. This // is important because we will normally be handling the index for which we have // the cached pointer values. // Return type: TPM_RC // TPM_RC_NV_RATE NV is rate limiting so retry // TPM_RC_NV_UNAVAILABLE NV is not available TPM_RC NvWriteIndexData( NV_INDEX *nvIndex, // IN: the description of the index UINT32 offset, // IN: offset of NV data UINT32 size, // IN: size of NV data void *data // IN: data buffer ) { TPM_RC result = TPM_RC_SUCCESS; // pAssert(nvIndex != NULL); // Make sure that this is dealing with the 'default' index. // Note: it is tempting to change the calling sequence so that the 'default' is // presumed. pAssert(nvIndex->publicArea.nvIndex == s_cachedNvIndex.publicArea.nvIndex); // Validate that write falls within range of the index pAssert(offset <= nvIndex->publicArea.dataSize && size <= (nvIndex->publicArea.dataSize - offset)); // Update TPMA_NV_WRITTEN bit if necessary if(!IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, WRITTEN)) { // Update the in memory version of the attributes SET_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, WRITTEN); // If this is not orderly, then update the NV version of // the attributes if(!IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, ORDERLY)) { result = NvWriteNvIndexAttributes(s_cachedNvRef, nvIndex->publicArea.attributes); if(result != TPM_RC_SUCCESS) return result; // If this is a partial write of an ordinary index, clear the whole // index. if(IsNvOrdinaryIndex(nvIndex->publicArea.attributes) && (nvIndex->publicArea.dataSize > size)) _plat__NvMemoryClear(s_cachedNvRef + sizeof(NV_INDEX), nvIndex->publicArea.dataSize); } else { // This is orderly so update the RAM version MemoryCopy(s_cachedNvRamRef + offsetof(NV_RAM_HEADER, attributes), &nvIndex->publicArea.attributes, sizeof(TPMA_NV)); // If setting WRITTEN for an orderly counter, make sure that the // state saved version of the counter is saved if(IsNvCounterIndex(nvIndex->publicArea.attributes)) SET_NV_UPDATE(UT_ORDERLY); // If setting the written attribute on an ordinary index, make sure that // the data is all cleared out in case there is a partial write. This // is only necessary for ordinary indexes because all of the other types // are always written in total. else if(IsNvOrdinaryIndex(nvIndex->publicArea.attributes)) MemorySet(s_cachedNvRamRef + sizeof(NV_RAM_HEADER), 0, nvIndex->publicArea.dataSize); } } // If this is orderly data, write it to RAM if(IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, ORDERLY)) { // Note: if this is the first write to a counter, the code above will queue // the write to NV of the RAM data in order to update TPMA_NV_WRITTEN. In // process of doing that write, it will also write the initial counter value // Update RAM MemoryCopy(s_cachedNvRamRef + sizeof(NV_RAM_HEADER) + offset, data, size); // And indicate that the TPM is no longer orderly g_clearOrderly = TRUE; } else { // Offset into the index to the first byte of the data to be written to NV result = NvConditionallyWrite(s_cachedNvRef + sizeof(NV_INDEX) + offset, size, data); } return result; } //*** NvWriteUINT64Data() // This function to write back a UINT64 value. The various UINT64 values (bits, // counters, and PINs) are kept in canonical format but manipulate in native // format. This takes a native format value converts it and saves it back as // in canonical format. // // This function will return the value from NV or RAM depending on the type of the // index (orderly or not) // TPM_RC NvWriteUINT64Data( NV_INDEX *nvIndex, // IN: the description of the index UINT64 intValue // IN: the value to write ) { BYTE bytes[8]; UINT64_TO_BYTE_ARRAY(intValue, bytes); // return NvWriteIndexData(nvIndex, 0, 8, &bytes); } //*** NvGetIndexName() // This function computes the Name of an index // The 'name' buffer receives the bytes of the Name and the return value // is the number of octets in the Name. // // This function requires that the NV Index is defined. TPM2B_NAME * NvGetIndexName( NV_INDEX *nvIndex, // IN: the index over which the name is to be // computed TPM2B_NAME *name // OUT: name of the index ) { UINT16 dataSize, digestSize; BYTE marshalBuffer[sizeof(TPMS_NV_PUBLIC)]; BYTE *buffer; HASH_STATE hashState; // // Marshal public area buffer = marshalBuffer; dataSize = TPMS_NV_PUBLIC_Marshal(&nvIndex->publicArea, &buffer, NULL); // hash public area digestSize = CryptHashStart(&hashState, nvIndex->publicArea.nameAlg); CryptDigestUpdate(&hashState, dataSize, marshalBuffer); // Complete digest leaving room for the nameAlg CryptHashEnd(&hashState, digestSize, &name->b.buffer[2]); // Include the nameAlg UINT16_TO_BYTE_ARRAY(nvIndex->publicArea.nameAlg, name->b.buffer); name->t.size = digestSize + 2; return name; } //*** NvGetNameByIndexHandle() // This function is used to compute the Name of an NV Index referenced by handle. // // The 'name' buffer receives the bytes of the Name and the return value // is the number of octets in the Name. // // This function requires that the NV Index is defined. TPM2B_NAME * NvGetNameByIndexHandle( TPMI_RH_NV_INDEX handle, // IN: handle of the index TPM2B_NAME *name // OUT: name of the index ) { NV_INDEX *nvIndex = NvGetIndexInfo(handle, NULL); // return NvGetIndexName(nvIndex, name); } //*** NvDefineIndex() // This function is used to assign NV memory to an NV Index. // // Return Type: TPM_RC // TPM_RC_NV_SPACE insufficient NV space TPM_RC NvDefineIndex( TPMS_NV_PUBLIC *publicArea, // IN: A template for an area to create. TPM2B_AUTH *authValue // IN: The initial authorization value ) { // The buffer to be written to NV memory NV_INDEX nvIndex; // the index data UINT16 entrySize; // size of entry TPM_RC result; // entrySize = sizeof(NV_INDEX); // only allocate data space for indexes that are going to be written to NV. // Orderly indexes don't need space. if(!IS_ATTRIBUTE(publicArea->attributes, TPMA_NV, ORDERLY)) entrySize += publicArea->dataSize; // Check if we have enough space to create the NV Index // In this implementation, the only resource limitation is the available NV // space (and possibly RAM space.) Other implementation may have other // limitation on counter or on NV slots if(!NvTestSpace(entrySize, TRUE, IsNvCounterIndex(publicArea->attributes))) return TPM_RC_NV_SPACE; // if the index to be defined is RAM backed, check RAM space availability // as well if(IS_ATTRIBUTE(publicArea->attributes, TPMA_NV, ORDERLY) && !NvRamTestSpaceIndex(publicArea->dataSize)) return TPM_RC_NV_SPACE; // Copy input value to nvBuffer nvIndex.publicArea = *publicArea; // Copy the authValue nvIndex.authValue = *authValue; // Add index to NV memory result = NvAdd(entrySize, sizeof(NV_INDEX), TPM_RH_UNASSIGNED, (BYTE *)&nvIndex); if(result == TPM_RC_SUCCESS) { // If the data of NV Index is RAM backed, add the data area in RAM as well if(IS_ATTRIBUTE(publicArea->attributes, TPMA_NV, ORDERLY)) NvAddRAM(publicArea); } return result; } //*** NvAddEvictObject() // This function is used to assign NV memory to a persistent object. // Return Type: TPM_RC // TPM_RC_NV_HANDLE the requested handle is already in use // TPM_RC_NV_SPACE insufficient NV space TPM_RC NvAddEvictObject( TPMI_DH_OBJECT evictHandle, // IN: new evict handle OBJECT *object // IN: object to be added ) { TPM_HANDLE temp = object->evictHandle; TPM_RC result; // // Check if we have enough space to add the evict object // An evict object needs 8 bytes in index table + sizeof OBJECT // In this implementation, the only resource limitation is the available NV // space. Other implementation may have other limitation on evict object // handle space if(!NvTestSpace(sizeof(OBJECT) + sizeof(TPM_HANDLE), FALSE, FALSE)) return TPM_RC_NV_SPACE; // Set evict attribute and handle object->attributes.evict = SET; object->evictHandle = evictHandle; // Now put this in NV result = NvAdd(sizeof(OBJECT), sizeof(OBJECT), evictHandle, (BYTE *)object); // Put things back the way they were object->attributes.evict = CLEAR; object->evictHandle = temp; return result; } //*** NvDeleteIndex() // This function is used to delete an NV Index. // Return Type: TPM_RC // TPM_RC_NV_UNAVAILABLE NV is not accessible // TPM_RC_NV_RATE NV is rate limiting TPM_RC NvDeleteIndex( NV_INDEX *nvIndex, // IN: an in RAM index descriptor NV_REF entityAddr // IN: location in NV ) { TPM_RC result; // if(nvIndex != NULL) { // Whenever a counter is deleted, make sure that the MaxCounter value is // updated to reflect the value if(IsNvCounterIndex(nvIndex->publicArea.attributes) && IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, WRITTEN)) NvUpdateMaxCount(NvGetUINT64Data(nvIndex, entityAddr)); result = NvDelete(entityAddr); if(result != TPM_RC_SUCCESS) return result; // If the NV Index is RAM backed, delete the RAM data as well if(IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, ORDERLY)) NvDeleteRAM(nvIndex->publicArea.nvIndex); NvIndexCacheInit(); } return TPM_RC_SUCCESS; } //*** NvDeleteEvict() // This function will delete a NV evict object. // Will return success if object deleted or if it does not exist TPM_RC NvDeleteEvict( TPM_HANDLE handle // IN: handle of entity to be deleted ) { NV_REF entityAddr = NvFindEvict(handle, NULL); // pointer to entity TPM_RC result = TPM_RC_SUCCESS; // if(entityAddr != 0) result = NvDelete(entityAddr); return result; } //*** NvFlushHierarchy() // This function will delete persistent objects belonging to the indicated hierarchy. // If the storage hierarchy is selected, the function will also delete any // NV Index defined using ownerAuth. // Return Type: TPM_RC // TPM_RC_NV_RATE NV is unavailable because of rate limit // TPM_RC_NV_UNAVAILABLE NV is inaccessible TPM_RC NvFlushHierarchy( TPMI_RH_HIERARCHY hierarchy // IN: hierarchy to be flushed. ) { NV_REF iter = NV_REF_INIT; NV_REF currentAddr; TPM_HANDLE entityHandle; TPM_RC result = TPM_RC_SUCCESS; // while((currentAddr = NvNext(&iter, &entityHandle)) != 0) { if(HandleGetType(entityHandle) == TPM_HT_NV_INDEX) { NV_INDEX nvIndex; // // If flush endorsement or platform hierarchy, no NV Index would be // flushed if(hierarchy == TPM_RH_ENDORSEMENT || hierarchy == TPM_RH_PLATFORM) continue; // Get the index information NvReadNvIndexInfo(currentAddr, &nvIndex); // For storage hierarchy, flush OwnerCreated index if(!IS_ATTRIBUTE(nvIndex.publicArea.attributes, TPMA_NV, PLATFORMCREATE)) { // Delete the index (including RAM for orderly) result = NvDeleteIndex(&nvIndex, currentAddr); if(result != TPM_RC_SUCCESS) break; // Re-iterate from beginning after a delete iter = NV_REF_INIT; } } else if(HandleGetType(entityHandle) == TPM_HT_PERSISTENT) { OBJECT_ATTRIBUTES attributes; // NvRead(&attributes, (UINT32)(currentAddr + sizeof(TPM_HANDLE) + offsetof(OBJECT, attributes)), sizeof(OBJECT_ATTRIBUTES)); // If the evict object belongs to the hierarchy to be flushed... if((hierarchy == TPM_RH_PLATFORM && attributes.ppsHierarchy == SET) || (hierarchy == TPM_RH_OWNER && attributes.spsHierarchy == SET) || (hierarchy == TPM_RH_ENDORSEMENT && attributes.epsHierarchy == SET)) { // ...then delete the evict object result = NvDelete(currentAddr); if(result != TPM_RC_SUCCESS) break; // Re-iterate from beginning after a delete iter = NV_REF_INIT; } } else { FAIL(FATAL_ERROR_INTERNAL); } } return result; } //*** NvSetGlobalLock() // This function is used to SET the TPMA_NV_WRITELOCKED attribute for all // NV indexes that have TPMA_NV_GLOBALLOCK SET. This function is use by // TPM2_NV_GlobalWriteLock(). // Return Type: TPM_RC // TPM_RC_NV_RATE NV is unavailable because of rate limit // TPM_RC_NV_UNAVAILABLE NV is inaccessible TPM_RC NvSetGlobalLock( void ) { NV_REF iter = NV_REF_INIT; NV_RAM_REF ramIter = NV_RAM_REF_INIT; NV_REF currentAddr; NV_RAM_REF currentRamAddr; TPM_RC result = TPM_RC_SUCCESS; // // Check all normal indexes while((currentAddr = NvNextIndex(NULL, &iter)) != 0) { TPMA_NV attributes = NvReadNvIndexAttributes(currentAddr); // // See if it should be locked if(!IS_ATTRIBUTE(attributes, TPMA_NV, ORDERLY) && IS_ATTRIBUTE(attributes, TPMA_NV, GLOBALLOCK)) { SET_ATTRIBUTE(attributes, TPMA_NV, WRITELOCKED); result = NvWriteNvIndexAttributes(currentAddr, attributes); if(result != TPM_RC_SUCCESS) return result; } } // Now search all the orderly attributes while((currentRamAddr = NvRamNext(&ramIter, NULL)) != 0) { // See if it should be locked TPMA_NV attributes = NvReadRamIndexAttributes(currentRamAddr); if(IS_ATTRIBUTE(attributes, TPMA_NV, GLOBALLOCK)) { SET_ATTRIBUTE(attributes, TPMA_NV, WRITELOCKED); NvWriteRamIndexAttributes(currentRamAddr, attributes); } } return result; } //***InsertSort() // Sort a handle into handle list in ascending order. The total handle number in // the list should not exceed MAX_CAP_HANDLES static void InsertSort( TPML_HANDLE *handleList, // IN/OUT: sorted handle list UINT32 count, // IN: maximum count in the handle list TPM_HANDLE entityHandle // IN: handle to be inserted ) { UINT32 i, j; UINT32 originalCount; // // For a corner case that the maximum count is 0, do nothing if(count == 0) return; // For empty list, add the handle at the beginning and return if(handleList->count == 0) { handleList->handle[0] = entityHandle; handleList->count++; return; } // Check if the maximum of the list has been reached originalCount = handleList->count; if(originalCount < count) handleList->count++; // Insert the handle to the list for(i = 0; i < originalCount; i++) { if(handleList->handle[i] > entityHandle) { for(j = handleList->count - 1; j > i; j--) { handleList->handle[j] = handleList->handle[j - 1]; } break; } } // If a slot was found, insert the handle in this position if(i < originalCount || handleList->count > originalCount) handleList->handle[i] = entityHandle; return; } //*** NvCapGetPersistent() // This function is used to get a list of handles of the persistent objects, // starting at 'handle'. // // 'Handle' must be in valid persistent object handle range, but does not // have to reference an existing persistent object. // Return Type: TPMI_YES_NO // YES if there are more handles available // NO all the available handles has been returned TPMI_YES_NO NvCapGetPersistent( TPMI_DH_OBJECT handle, // IN: start handle UINT32 count, // IN: maximum number of returned handles TPML_HANDLE *handleList // OUT: list of handle ) { TPMI_YES_NO more = NO; NV_REF iter = NV_REF_INIT; NV_REF currentAddr; TPM_HANDLE entityHandle; // pAssert(HandleGetType(handle) == TPM_HT_PERSISTENT); // Initialize output handle list handleList->count = 0; // The maximum count of handles we may return is MAX_CAP_HANDLES if(count > MAX_CAP_HANDLES) count = MAX_CAP_HANDLES; while((currentAddr = NvNextEvict(&entityHandle, &iter)) != 0) { // Ignore persistent handles that have values less than the input handle if(entityHandle < handle) continue; // if the handles in the list have reached the requested count, and there // are still handles need to be inserted, indicate that there are more. if(handleList->count == count) more = YES; // A handle with a value larger than start handle is a candidate // for return. Insert sort it to the return list. Insert sort algorithm // is chosen here for simplicity based on the assumption that the total // number of NV indexes is small. For an implementation that may allow // large number of NV indexes, a more efficient sorting algorithm may be // used here. InsertSort(handleList, count, entityHandle); } return more; } //*** NvCapGetIndex() // This function returns a list of handles of NV indexes, starting from 'handle'. // 'Handle' must be in the range of NV indexes, but does not have to reference // an existing NV Index. // Return Type: TPMI_YES_NO // YES if there are more handles to report // NO all the available handles has been reported TPMI_YES_NO NvCapGetIndex( TPMI_DH_OBJECT handle, // IN: start handle UINT32 count, // IN: max number of returned handles TPML_HANDLE *handleList // OUT: list of handle ) { TPMI_YES_NO more = NO; NV_REF iter = NV_REF_INIT; NV_REF currentAddr; TPM_HANDLE nvHandle; // pAssert(HandleGetType(handle) == TPM_HT_NV_INDEX); // Initialize output handle list handleList->count = 0; // The maximum count of handles we may return is MAX_CAP_HANDLES if(count > MAX_CAP_HANDLES) count = MAX_CAP_HANDLES; while((currentAddr = NvNextIndex(&nvHandle, &iter)) != 0) { // Ignore index handles that have values less than the 'handle' if(nvHandle < handle) continue; // if the count of handles in the list has reached the requested count, // and there are still handles to report, set more. if(handleList->count == count) more = YES; // A handle with a value larger than start handle is a candidate // for return. Insert sort it to the return list. Insert sort algorithm // is chosen here for simplicity based on the assumption that the total // number of NV indexes is small. For an implementation that may allow // large number of NV indexes, a more efficient sorting algorithm may be // used here. InsertSort(handleList, count, nvHandle); } return more; } //*** NvCapGetIndexNumber() // This function returns the count of NV Indexes currently defined. UINT32 NvCapGetIndexNumber( void ) { UINT32 num = 0; NV_REF iter = NV_REF_INIT; // while(NvNextIndex(NULL, &iter) != 0) num++; return num; } //*** NvCapGetPersistentNumber() // Function returns the count of persistent objects currently in NV memory. UINT32 NvCapGetPersistentNumber( void ) { UINT32 num = 0; NV_REF iter = NV_REF_INIT; TPM_HANDLE handle; // while(NvNextEvict(&handle, &iter) != 0) num++; return num; } //*** NvCapGetPersistentAvail() // This function returns an estimate of the number of additional persistent // objects that could be loaded into NV memory. UINT32 NvCapGetPersistentAvail( void ) { UINT32 availNVSpace; UINT32 counterNum = NvCapGetCounterNumber(); UINT32 reserved = sizeof(NV_LIST_TERMINATOR); // // Get the available space in NV storage availNVSpace = NvGetFreeBytes(); if(counterNum < MIN_COUNTER_INDICES) { // Some space has to be reserved for counter objects. reserved += (MIN_COUNTER_INDICES - counterNum) * NV_INDEX_COUNTER_SIZE; if(reserved > availNVSpace) availNVSpace = 0; else availNVSpace -= reserved; } return availNVSpace / NV_EVICT_OBJECT_SIZE; } //*** NvCapGetCounterNumber() // Get the number of defined NV Indexes that are counter indexes. UINT32 NvCapGetCounterNumber( void ) { NV_REF iter = NV_REF_INIT; NV_REF currentAddr; UINT32 num = 0; // while((currentAddr = NvNextIndex(NULL, &iter)) != 0) { TPMA_NV attributes = NvReadNvIndexAttributes(currentAddr); if(IsNvCounterIndex(attributes)) num++; } return num; } //*** NvSetStartupAttributes() // Local function to set the attributes of an Index at TPM Reset and TPM Restart. static TPMA_NV NvSetStartupAttributes( TPMA_NV attributes, // IN: attributes to change STARTUP_TYPE type // IN: start up type ) { // Clear read lock CLEAR_ATTRIBUTE(attributes, TPMA_NV, READLOCKED); // Will change a non counter index to the unwritten state if: // a) TPMA_NV_CLEAR_STCLEAR is SET // b) orderly and TPM Reset if(!IsNvCounterIndex(attributes)) { if(IS_ATTRIBUTE(attributes, TPMA_NV, CLEAR_STCLEAR) || (IS_ATTRIBUTE(attributes, TPMA_NV, ORDERLY) && (type == SU_RESET))) CLEAR_ATTRIBUTE(attributes, TPMA_NV, WRITTEN); } // Unlock any index that is not written or that does not have // TPMA_NV_WRITEDEFINE SET. if(!IS_ATTRIBUTE(attributes, TPMA_NV, WRITTEN) || !IS_ATTRIBUTE(attributes, TPMA_NV, WRITEDEFINE)) CLEAR_ATTRIBUTE(attributes, TPMA_NV, WRITELOCKED); return attributes; } //*** NvEntityStartup() // This function is called at TPM_Startup(). If the startup completes // a TPM Resume cycle, no action is taken. If the startup is a TPM Reset // or a TPM Restart, then this function will: // 1. clear read/write lock; // 2. reset NV Index data that has TPMA_NV_CLEAR_STCLEAR SET; and // 3. set the lower bits in orderly counters to 1 for a non-orderly startup // // It is a prerequisite that NV be available for writing before this // function is called. BOOL NvEntityStartup( STARTUP_TYPE type // IN: start up type ) { NV_REF iter = NV_REF_INIT; NV_RAM_REF ramIter = NV_RAM_REF_INIT; NV_REF currentAddr; // offset points to the current entity NV_RAM_REF currentRamAddr; TPM_HANDLE nvHandle; TPMA_NV attributes; // // Restore RAM index data NvRead(s_indexOrderlyRam, NV_INDEX_RAM_DATA, sizeof(s_indexOrderlyRam)); // Initialize the max NV counter value NvSetMaxCount(NvGetMaxCount()); // If recovering from state save, do nothing else if(type == SU_RESUME) return TRUE; // Iterate all the NV Index to clear the locks while((currentAddr = NvNextIndex(&nvHandle, &iter)) != 0) { attributes = NvReadNvIndexAttributes(currentAddr); // If this is an orderly index, defer processing until loop below if(IS_ATTRIBUTE(attributes, TPMA_NV, ORDERLY)) continue; // Set the attributes appropriate for this startup type attributes = NvSetStartupAttributes(attributes, type); NvWriteNvIndexAttributes(currentAddr, attributes); } // Iterate all the orderly indexes to clear the locks and initialize counters while((currentRamAddr = NvRamNext(&ramIter, NULL)) != 0) { attributes = NvReadRamIndexAttributes(currentRamAddr); attributes = NvSetStartupAttributes(attributes, type); // update attributes in RAM NvWriteRamIndexAttributes(currentRamAddr, attributes); // Set the lower bits in an orderly counter to 1 for a non-orderly startup if(IsNvCounterIndex(attributes) && (g_prevOrderlyState == SU_NONE_VALUE)) { UINT64 counter; // // Read the counter value last saved to NV. counter = BYTE_ARRAY_TO_UINT64(currentRamAddr + sizeof(NV_RAM_HEADER)); // Set the lower bits of counter to 1's counter |= MAX_ORDERLY_COUNT; // Write back to RAM // NOTE: Do not want to force a write to NV here. The counter value will // stay in RAM until the next shutdown or rollover. UINT64_TO_BYTE_ARRAY(counter, currentRamAddr + sizeof(NV_RAM_HEADER)); } } return TRUE; } //*** NvCapGetCounterAvail() // This function returns an estimate of the number of additional counter type // NV indexes that can be defined. UINT32 NvCapGetCounterAvail( void ) { UINT32 availNVSpace; UINT32 availRAMSpace; UINT32 persistentNum = NvCapGetPersistentNumber(); UINT32 reserved = sizeof(NV_LIST_TERMINATOR); // // Get the available space in NV storage availNVSpace = NvGetFreeBytes(); if(persistentNum < MIN_EVICT_OBJECTS) { // Some space has to be reserved for evict object. Adjust availNVSpace. reserved += (MIN_EVICT_OBJECTS - persistentNum) * NV_EVICT_OBJECT_SIZE; if(reserved > availNVSpace) availNVSpace = 0; else availNVSpace -= reserved; } // Compute the available space in RAM availRAMSpace = (int)(RAM_ORDERLY_END - NvRamGetEnd()); // Return the min of counter number in NV and in RAM if(availNVSpace / NV_INDEX_COUNTER_SIZE > availRAMSpace / NV_RAM_INDEX_COUNTER_SIZE) return availRAMSpace / NV_RAM_INDEX_COUNTER_SIZE; else return availNVSpace / NV_INDEX_COUNTER_SIZE; } //*** NvFindHandle() // this function returns the offset in NV memory of the entity associated // with the input handle. A value of zero indicates that handle does not // exist reference an existing persistent object or defined NV Index. NV_REF NvFindHandle( TPM_HANDLE handle ) { NV_REF addr; NV_REF iter = NV_REF_INIT; TPM_HANDLE nextHandle; // while((addr = NvNext(&iter, &nextHandle)) != 0) { if(nextHandle == handle) break; } return addr; } //** NV Max Counter //*** Introduction // The TPM keeps track of the highest value of a deleted counter index. When an // index is deleted, this value is updated if the deleted counter index is greater // than the previous value. When a new index is created and first incremented, it // will get a value that is at least one greater than any other index than any // previously deleted index. This insures that it is not possible to roll back an // index. // // The highest counter value is keep in NV in a special end-of-list marker. This // marker is only updated when an index is deleted. Otherwise it just moves. // // When the TPM starts up, it searches NV for the end of list marker and initializes // an in memory value (s_maxCounter). //*** NvReadMaxCount() // This function returns the max NV counter value. // UINT64 NvReadMaxCount( void ) { return s_maxCounter; } //*** NvUpdateMaxCount() // This function updates the max counter value to NV memory. This is just staging // for the actual write that will occur when the NV index memory is modified. // void NvUpdateMaxCount( UINT64 count ) { if(count > s_maxCounter) s_maxCounter = count; } //*** NvSetMaxCount() // This function is used at NV initialization time to set the initial value of // the maximum counter. void NvSetMaxCount( UINT64 value ) { s_maxCounter = value; } //*** NvGetMaxCount() // Function to get the NV max counter value from the end-of-list marker UINT64 NvGetMaxCount( void ) { NV_REF iter = NV_REF_INIT; NV_REF currentAddr; UINT64 maxCount; // // Find the end of list marker and initialize the NV Max Counter value. while((currentAddr = NvNext(&iter, NULL )) != 0); // 'iter' should be pointing at the end of list marker so read in the current // value of the s_maxCounter. NvRead(&maxCount, iter + sizeof(UINT32), sizeof(maxCount)); return maxCount; } go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/NvReserved.c000066400000000000000000000230431510276467000272620ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Introduction // The NV memory is divided into two areas: dynamic space for user defined NV // Indices and evict objects, and reserved space for TPM persistent and state save // data. // // The entries in dynamic space are a linked list of entries. Each entry has, as its // first field, a size. If the size field is zero, it marks the end of the // list. // // An allocation of an Index or evict object may use almost all of the remaining // NV space such that the size field will not fit. The functions that search the // list are aware of this and will terminate the search if they either find a zero // size or recognize that there is insufficient space for the size field. // // An Index allocation will contain an NV_INDEX structure. If the Index does not // have the orderly attribute, the NV_INDEX is followed immediately by the NV data. // // An evict object entry contains a handle followed by an OBJECT structure. This // results in both the Index and Evict Object having an identifying handle as the // first field following the size field. // // When an Index has the orderly attribute, the data is kept in RAM. This RAM is // saved to backing store in NV memory on any orderly shutdown. The entries in // orderly memory are also a linked list using a size field as the first entry. As // with the NV memory, the list is terminated by a zero size field or when the last // entry leaves insufficient space for the terminating size field. // // The attributes of an orderly index are maintained in RAM memory in order to // reduce the number of NV writes needed for orderly data. When an orderly index // is created, an entry is made in the dynamic NV memory space that holds the Index // authorizations (authPolicy and authValue) and the size of the data. This entry is // only modified if the authValue of the index is changed. The more volatile data // of the index is kept in RAM. When an orderly Index is created or deleted, the // RAM data is copied to NV backing store so that the image in the backing store // matches the layout of RAM. In normal operation. The RAM data is also copied on // any orderly shutdown. In normal operation, the only other reason for writing // to the backing store for RAM is when a counter is first written (TPMA_NV_WRITTEN // changes from CLEAR to SET) or when a counter "rolls over." // // Static space contains items that are individually modifiable. The values are in // the 'gp' PERSISTEND_DATA structure in RAM and mapped to locations in NV. // //** Includes, Defines #define NV_C #include "Tpm.h" //************************************************ //** Functions //************************************************ //*** NvInitStatic() // This function initializes the static variables used in the NV subsystem. static void NvInitStatic( void ) { // In some implementations, the end of NV is variable and is set at boot time. // This value will be the same for each boot, but is not necessarily known // at compile time. s_evictNvEnd = (NV_REF)NV_MEMORY_SIZE; return; } //*** NvCheckState() // Function to check the NV state by accessing the platform-specific function // to get the NV state. The result state is registered in s_NvIsAvailable // that will be reported by NvIsAvailable. // // This function is called at the beginning of ExecuteCommand before any potential // check of g_NvStatus. void NvCheckState( void ) { int func_return; // func_return = _plat__IsNvAvailable(); if(func_return == 0) g_NvStatus = TPM_RC_SUCCESS; else if(func_return == 1) g_NvStatus = TPM_RC_NV_UNAVAILABLE; else g_NvStatus = TPM_RC_NV_RATE; return; } //*** NvCommit // This is a wrapper for the platform function to commit pending NV writes. BOOL NvCommit( void ) { return (_plat__NvCommit() == 0); } //*** NvPowerOn() // This function is called at _TPM_Init to initialize the NV environment. // Return Type: BOOL // TRUE(1) all NV was initialized // FALSE(0) the NV containing saved state had an error and // TPM2_Startup(CLEAR) is required BOOL NvPowerOn( void ) { int nvError = 0; // If power was lost, need to re-establish the RAM data that is loaded from // NV and initialize the static variables if(g_powerWasLost) { if((nvError = _plat__NVEnable(0)) < 0) FAIL(FATAL_ERROR_NV_UNRECOVERABLE); NvInitStatic(); } return nvError == 0; } //*** NvManufacture() // This function initializes the NV system at pre-install time. // // This function should only be called in a manufacturing environment or in a // simulation. // // The layout of NV memory space is an implementation choice. void NvManufacture( void ) { #if SIMULATION // Simulate the NV memory being in the erased state. _plat__NvMemoryClear(0, NV_MEMORY_SIZE); #endif // Initialize static variables NvInitStatic(); // Clear the RAM used for Orderly Index data MemorySet(s_indexOrderlyRam, 0, RAM_INDEX_SPACE); // Write that Orderly Index data to NV NvUpdateIndexOrderlyData(); // Initialize the next offset of the first entry in evict/index list to 0 (the // end of list marker) and the initial s_maxCounterValue; NvSetMaxCount(0); // Put the end of list marker at the end of memory. This contains the MaxCount // value as well as the end marker. NvWriteNvListEnd(NV_USER_DYNAMIC); return; } //*** NvRead() // This function is used to move reserved data from NV memory to RAM. void NvRead( void *outBuffer, // OUT: buffer to receive data UINT32 nvOffset, // IN: offset in NV of value UINT32 size // IN: size of the value to read ) { // Input type should be valid pAssert(nvOffset + size < NV_MEMORY_SIZE); _plat__NvMemoryRead(nvOffset, size, outBuffer); return; } //*** NvWrite() // This function is used to post reserved data for writing to NV memory. Before // the TPM completes the operation, the value will be written. BOOL NvWrite( UINT32 nvOffset, // IN: location in NV to receive data UINT32 size, // IN: size of the data to move void *inBuffer // IN: location containing data to write ) { // Input type should be valid if(nvOffset + size <= NV_MEMORY_SIZE) { // Set the flag that a NV write happened SET_NV_UPDATE(UT_NV); return _plat__NvMemoryWrite(nvOffset, size, inBuffer); } return FALSE; } //*** NvUpdatePersistent() // This function is used to update a value in the PERSISTENT_DATA structure and // commits the value to NV. void NvUpdatePersistent( UINT32 offset, // IN: location in PERMANENT_DATA to be updated UINT32 size, // IN: size of the value void *buffer // IN: the new data ) { pAssert(offset + size <= sizeof(gp)); MemoryCopy(&gp + offset, buffer, size); NvWrite(offset, size, buffer); } //*** NvClearPersistent() // This function is used to clear a persistent data entry and commit it to NV void NvClearPersistent( UINT32 offset, // IN: the offset in the PERMANENT_DATA // structure to be cleared (zeroed) UINT32 size // IN: number of bytes to clear ) { pAssert(offset + size <= sizeof(gp)); MemorySet((&gp) + offset, 0, size); NvWrite(offset, size, (&gp) + offset); } //*** NvReadPersistent() // This function reads persistent data to the RAM copy of the 'gp' structure. void NvReadPersistent( void ) { NvRead(&gp, NV_PERSISTENT_DATA, sizeof(gp)); return; }go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/Object.c000066400000000000000000001044121510276467000264050ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Introduction // This file contains the functions that manage the object store of the TPM. //** Includes and Data Definitions #define OBJECT_C #include "Tpm.h" //** Functions //*** ObjectFlush() // This function marks an object slot as available. // Since there is no checking of the input parameters, it should be used // judiciously. // Note: This could be converted to a macro. void ObjectFlush( OBJECT *object ) { object->attributes.occupied = CLEAR; } //*** ObjectSetInUse() // This access function sets the occupied attribute of an object slot. void ObjectSetInUse( OBJECT *object ) { object->attributes.occupied = SET; } //*** ObjectStartup() // This function is called at TPM2_Startup() to initialize the object subsystem. BOOL ObjectStartup( void ) { UINT32 i; // // object slots initialization for(i = 0; i < MAX_LOADED_OBJECTS; i++) { //Set the slot to not occupied ObjectFlush(&s_objects[i]); } return TRUE; } //*** ObjectCleanupEvict() // // In this implementation, a persistent object is moved from NV into an object slot // for processing. It is flushed after command execution. This function is called // from ExecuteCommand(). void ObjectCleanupEvict( void ) { UINT32 i; // // This has to be iterated because a command may have two handles // and they may both be persistent. // This could be made to be more efficient so that a search is not needed. for(i = 0; i < MAX_LOADED_OBJECTS; i++) { // If an object is a temporary evict object, flush it from slot OBJECT *object = &s_objects[i]; if(object->attributes.evict == SET) ObjectFlush(object); } return; } //*** IsObjectPresent() // This function checks to see if a transient handle references a loaded // object. This routine should not be called if the handle is not a // transient handle. The function validates that the handle is in the // implementation-dependent allowed in range for loaded transient objects. // Return Type: BOOL // TRUE(1) handle references a loaded object // FALSE(0) handle is not an object handle, or it does not // reference to a loaded object BOOL IsObjectPresent( TPMI_DH_OBJECT handle // IN: handle to be checked ) { UINT32 slotIndex = handle - TRANSIENT_FIRST; // Since the handle is just an index into the array that is zero based, any // handle value outsize of the range of: // TRANSIENT_FIRST -- (TRANSIENT_FIRST + MAX_LOADED_OBJECT - 1) // will now be greater than or equal to MAX_LOADED_OBJECTS if(slotIndex >= MAX_LOADED_OBJECTS) return FALSE; // Indicate if the slot is occupied return (s_objects[slotIndex].attributes.occupied == TRUE); } //*** ObjectIsSequence() // This function is used to check if the object is a sequence object. This function // should not be called if the handle does not reference a loaded object. // Return Type: BOOL // TRUE(1) object is an HMAC, hash, or event sequence object // FALSE(0) object is not an HMAC, hash, or event sequence object BOOL ObjectIsSequence( OBJECT *object // IN: handle to be checked ) { pAssert(object != NULL); return (object->attributes.hmacSeq == SET || object->attributes.hashSeq == SET || object->attributes.eventSeq == SET); } //*** HandleToObject() // This function is used to find the object structure associated with a handle. // // This function requires that 'handle' references a loaded object or a permanent // handle. OBJECT* HandleToObject( TPMI_DH_OBJECT handle // IN: handle of the object ) { UINT32 index; // // Return NULL if the handle references a permanent handle because there is no // associated OBJECT. if(HandleGetType(handle) == TPM_HT_PERMANENT) return NULL; // In this implementation, the handle is determined by the slot occupied by the // object. index = handle - TRANSIENT_FIRST; pAssert(index < MAX_LOADED_OBJECTS); pAssert(s_objects[index].attributes.occupied); return &s_objects[index]; } //*** GetQualifiedName() // This function returns the Qualified Name of the object. In this implementation, // the Qualified Name is computed when the object is loaded and is saved in the // internal representation of the object. The alternative would be to retain the // Name of the parent and compute the QN when needed. This would take the same // amount of space so it is not recommended that the alternate be used. // // This function requires that 'handle' references a loaded object. void GetQualifiedName( TPMI_DH_OBJECT handle, // IN: handle of the object TPM2B_NAME *qualifiedName // OUT: qualified name of the object ) { OBJECT *object; // switch(HandleGetType(handle)) { case TPM_HT_PERMANENT: qualifiedName->t.size = sizeof(TPM_HANDLE); UINT32_TO_BYTE_ARRAY(handle, qualifiedName->t.name); break; case TPM_HT_TRANSIENT: object = HandleToObject(handle); if(object == NULL || object->publicArea.nameAlg == TPM_ALG_NULL) qualifiedName->t.size = 0; else // Copy the name *qualifiedName = object->qualifiedName; break; default: FAIL(FATAL_ERROR_INTERNAL); } return; } //*** ObjectGetHierarchy() // This function returns the handle for the hierarchy of an object. TPMI_RH_HIERARCHY ObjectGetHierarchy( OBJECT *object // IN :object ) { if(object->attributes.spsHierarchy) { return TPM_RH_OWNER; } else if(object->attributes.epsHierarchy) { return TPM_RH_ENDORSEMENT; } else if(object->attributes.ppsHierarchy) { return TPM_RH_PLATFORM; } else { return TPM_RH_NULL; } } //*** GetHeriarchy() // This function returns the handle of the hierarchy to which a handle belongs. // This function is similar to ObjectGetHierarchy() but this routine takes // a handle but ObjectGetHierarchy() takes an pointer to an object. // // This function requires that 'handle' references a loaded object. TPMI_RH_HIERARCHY GetHeriarchy( TPMI_DH_OBJECT handle // IN :object handle ) { OBJECT *object = HandleToObject(handle); // return ObjectGetHierarchy(object); } //*** FindEmptyObjectSlot() // This function finds an open object slot, if any. It will clear the attributes // but will not set the occupied attribute. This is so that a slot may be used // and discarded if everything does not go as planned. // Return Type: OBJECT * // NULL no open slot found // != NULL pointer to available slot OBJECT * FindEmptyObjectSlot( TPMI_DH_OBJECT *handle // OUT: (optional) ) { UINT32 i; OBJECT *object; // for(i = 0; i < MAX_LOADED_OBJECTS; i++) { object = &s_objects[i]; if(object->attributes.occupied == CLEAR) { if(handle) *handle = i + TRANSIENT_FIRST; // Initialize the object attributes MemorySet(&object->attributes, 0, sizeof(OBJECT_ATTRIBUTES)); return object; } } return NULL; } //*** ObjectAllocateSlot() // This function is used to allocate a slot in internal object array. OBJECT * ObjectAllocateSlot( TPMI_DH_OBJECT *handle // OUT: handle of allocated object ) { OBJECT *object = FindEmptyObjectSlot(handle); // if(object != NULL) { // if found, mark as occupied ObjectSetInUse(object); } return object; } //*** ObjectSetLoadedAttributes() // This function sets the internal attributes for a loaded object. It is called to // finalize the OBJECT attributes (not the TPMA_OBJECT attributes) for a loaded // object. void ObjectSetLoadedAttributes( OBJECT *object, // IN: object attributes to finalize TPM_HANDLE parentHandle // IN: the parent handle ) { OBJECT *parent = HandleToObject(parentHandle); TPMA_OBJECT objectAttributes = object->publicArea.objectAttributes; // // Copy the stClear attribute from the public area. This could be overwritten // if the parent has stClear SET object->attributes.stClear = IS_ATTRIBUTE(objectAttributes, TPMA_OBJECT, stClear); // If parent handle is a permanent handle, it is a primary (unless it is NULL if(parent == NULL) { object->attributes.primary = SET; switch(parentHandle) { case TPM_RH_ENDORSEMENT: object->attributes.epsHierarchy = SET; break; case TPM_RH_OWNER: object->attributes.spsHierarchy = SET; break; case TPM_RH_PLATFORM: object->attributes.ppsHierarchy = SET; break; default: // Treat the temporary attribute as a hierarchy object->attributes.temporary = SET; object->attributes.primary = CLEAR; break; } } else { // is this a stClear object object->attributes.stClear = (IS_ATTRIBUTE(objectAttributes, TPMA_OBJECT, stClear) || (parent->attributes.stClear == SET)); object->attributes.epsHierarchy = parent->attributes.epsHierarchy; object->attributes.spsHierarchy = parent->attributes.spsHierarchy; object->attributes.ppsHierarchy = parent->attributes.ppsHierarchy; // An object is temporary if its parent is temporary or if the object // is external object->attributes.temporary = parent->attributes.temporary || object->attributes.external; } // If this is an external object, set the QN == name but don't SET other // key properties ('parent' or 'derived') if(object->attributes.external) object->qualifiedName = object->name; else { // check attributes for different types of parents if(IS_ATTRIBUTE(objectAttributes, TPMA_OBJECT, restricted) && !object->attributes.publicOnly && IS_ATTRIBUTE(objectAttributes, TPMA_OBJECT, decrypt) && object->publicArea.nameAlg != TPM_ALG_NULL) { // This is a parent. If it is not a KEYEDHASH, it is an ordinary parent. // Otherwise, it is a derivation parent. if(object->publicArea.type == TPM_ALG_KEYEDHASH) object->attributes.derivation = SET; else object->attributes.isParent = SET; } ComputeQualifiedName(parentHandle, object->publicArea.nameAlg, &object->name, &object->qualifiedName); } // Set slot occupied ObjectSetInUse(object); return; } //*** ObjectLoad() // Common function to load an object. A loaded object has its public area validated // (unless its 'nameAlg' is TPM_ALG_NULL). If a sensitive part is loaded, it is // verified to be correct and if both public and sensitive parts are loaded, then // the cryptographic binding between the objects is validated. This function does // not cause the allocated slot to be marked as in use. TPM_RC ObjectLoad( OBJECT *object, // IN: pointer to object slot // object OBJECT *parent, // IN: (optional) the parent object TPMT_PUBLIC *publicArea, // IN: public area to be installed in the object TPMT_SENSITIVE *sensitive, // IN: (optional) sensitive area to be // installed in the object TPM_RC blamePublic, // IN: parameter number to associate with the // publicArea errors TPM_RC blameSensitive,// IN: parameter number to associate with the // sensitive area errors TPM2B_NAME *name // IN: (optional) ) { TPM_RC result = TPM_RC_SUCCESS; // // Do validations of public area object descriptions pAssert(publicArea != NULL); // Is this public only or a no-name object? if(sensitive == NULL || publicArea->nameAlg == TPM_ALG_NULL) { // Need to have schemes checked so that we do the right thing with the // public key. result = SchemeChecks(NULL, publicArea); } else { // For any sensitive area, make sure that the seedSize is no larger than the // digest size of nameAlg if(sensitive->seedValue.t.size > CryptHashGetDigestSize(publicArea->nameAlg)) return TPM_RCS_KEY_SIZE + blameSensitive; // Check attributes and schemes for consistency result = PublicAttributesValidation(parent, publicArea); } if(result != TPM_RC_SUCCESS) return RcSafeAddToResult(result, blamePublic); // Sensitive area and binding checks // On load, check nothing if the parent is fixedTPM. For all other cases, validate // the keys. if((parent == NULL) || ((parent != NULL) && !IS_ATTRIBUTE(parent->publicArea.objectAttributes, TPMA_OBJECT, fixedTPM))) { // Do the cryptographic key validation result = CryptValidateKeys(publicArea, sensitive, blamePublic, blameSensitive); if(result != TPM_RC_SUCCESS) return result; } #if ALG_RSA // If this is an RSA key, then expand the private exponent. // Note: ObjectLoad() is only called by TPM2_Import() if the parent is fixedTPM. // For any key that does not have a fixedTPM parent, the exponent is computed // whenever it is loaded if((publicArea->type == TPM_ALG_RSA) && (sensitive != NULL)) { result = CryptRsaLoadPrivateExponent(publicArea, sensitive); if(result != TPM_RC_SUCCESS) return result; } #endif // ALG_RSA // See if there is an object to populate if((result == TPM_RC_SUCCESS) && (object != NULL)) { // Initialize public object->publicArea = *publicArea; // Copy sensitive if there is one if(sensitive == NULL) object->attributes.publicOnly = SET; else object->sensitive = *sensitive; // Set the name, if one was provided if(name != NULL) object->name = *name; else object->name.t.size = 0; } return result; } //*** AllocateSequenceSlot() // This function allocates a sequence slot and initializes the parts that // are used by the normal objects so that a sequence object is not inadvertently // used for an operation that is not appropriate for a sequence. // static HASH_OBJECT * AllocateSequenceSlot( TPM_HANDLE *newHandle, // OUT: receives the allocated handle TPM2B_AUTH *auth // IN: the authValue for the slot ) { HASH_OBJECT *object = (HASH_OBJECT *)ObjectAllocateSlot(newHandle); // // Validate that the proper location of the hash state data relative to the // object state data. It would be good if this could have been done at compile // time but it can't so do it in something that can be removed after debug. cAssert(offsetof(HASH_OBJECT, auth) == offsetof(OBJECT, publicArea.authPolicy)); if(object != NULL) { // Set the common values that a sequence object shares with an ordinary object // First, clear all attributes MemorySet(&object->objectAttributes, 0, sizeof(TPMA_OBJECT)); // The type is TPM_ALG_NULL object->type = TPM_ALG_NULL; // This has no name algorithm and the name is the Empty Buffer object->nameAlg = TPM_ALG_NULL; // A sequence object is considered to be in the NULL hierarchy so it should // be marked as temporary so that it can't be persisted object->attributes.temporary = SET; // A sequence object is DA exempt. SET_ATTRIBUTE(object->objectAttributes, TPMA_OBJECT, noDA); // Copy the authorization value if(auth != NULL) object->auth = *auth; else object->auth.t.size = 0; } return object; } #if CC_HMAC_Start || CC_MAC_Start //*** ObjectCreateHMACSequence() // This function creates an internal HMAC sequence object. // Return Type: TPM_RC // TPM_RC_OBJECT_MEMORY if there is no free slot for an object TPM_RC ObjectCreateHMACSequence( TPMI_ALG_HASH hashAlg, // IN: hash algorithm OBJECT *keyObject, // IN: the object containing the HMAC key TPM2B_AUTH *auth, // IN: authValue TPMI_DH_OBJECT *newHandle // OUT: HMAC sequence object handle ) { HASH_OBJECT *hmacObject; // // Try to allocate a slot for new object hmacObject = AllocateSequenceSlot(newHandle, auth); if(hmacObject == NULL) return TPM_RC_OBJECT_MEMORY; // Set HMAC sequence bit hmacObject->attributes.hmacSeq = SET; #if !SMAC_IMPLEMENTED if(CryptHmacStart(&hmacObject->state.hmacState, hashAlg, keyObject->sensitive.sensitive.bits.b.size, keyObject->sensitive.sensitive.bits.b.buffer) == 0) #else if(CryptMacStart(&hmacObject->state.hmacState, &keyObject->publicArea.parameters, hashAlg, &keyObject->sensitive.sensitive.any.b) == 0) #endif // SMAC_IMPLEMENTED return TPM_RC_FAILURE; return TPM_RC_SUCCESS; } #endif //*** ObjectCreateHashSequence() // This function creates a hash sequence object. // Return Type: TPM_RC // TPM_RC_OBJECT_MEMORY if there is no free slot for an object TPM_RC ObjectCreateHashSequence( TPMI_ALG_HASH hashAlg, // IN: hash algorithm TPM2B_AUTH *auth, // IN: authValue TPMI_DH_OBJECT *newHandle // OUT: sequence object handle ) { HASH_OBJECT *hashObject = AllocateSequenceSlot(newHandle, auth); // // See if slot allocated if(hashObject == NULL) return TPM_RC_OBJECT_MEMORY; // Set hash sequence bit hashObject->attributes.hashSeq = SET; // Start hash for hash sequence CryptHashStart(&hashObject->state.hashState[0], hashAlg); return TPM_RC_SUCCESS; } //*** ObjectCreateEventSequence() // This function creates an event sequence object. // Return Type: TPM_RC // TPM_RC_OBJECT_MEMORY if there is no free slot for an object TPM_RC ObjectCreateEventSequence( TPM2B_AUTH *auth, // IN: authValue TPMI_DH_OBJECT *newHandle // OUT: sequence object handle ) { HASH_OBJECT *hashObject = AllocateSequenceSlot(newHandle, auth); UINT32 count; TPM_ALG_ID hash; // // See if slot allocated if(hashObject == NULL) return TPM_RC_OBJECT_MEMORY; // Set the event sequence attribute hashObject->attributes.eventSeq = SET; // Initialize hash states for each implemented PCR algorithms for(count = 0; (hash = CryptHashGetAlgByIndex(count)) != TPM_ALG_NULL; count++) CryptHashStart(&hashObject->state.hashState[count], hash); return TPM_RC_SUCCESS; } //*** ObjectTerminateEvent() // This function is called to close out the event sequence and clean up the hash // context states. void ObjectTerminateEvent( void ) { HASH_OBJECT *hashObject; int count; BYTE buffer[MAX_DIGEST_SIZE]; // hashObject = (HASH_OBJECT *)HandleToObject(g_DRTMHandle); // Don't assume that this is a proper sequence object if(hashObject->attributes.eventSeq) { // If it is, close any open hash contexts. This is done in case // the cryptographic implementation has some context values that need to be // cleaned up (hygiene). // for(count = 0; CryptHashGetAlgByIndex(count) != TPM_ALG_NULL; count++) { CryptHashEnd(&hashObject->state.hashState[count], 0, buffer); } // Flush sequence object FlushObject(g_DRTMHandle); } g_DRTMHandle = TPM_RH_UNASSIGNED; } //*** ObjectContextLoad() // This function loads an object from a saved object context. // Return Type: OBJECT * // NULL if there is no free slot for an object // != NULL points to the loaded object OBJECT * ObjectContextLoad( ANY_OBJECT_BUFFER *object, // IN: pointer to object structure in saved // context TPMI_DH_OBJECT *handle // OUT: object handle ) { OBJECT *newObject = ObjectAllocateSlot(handle); // // Try to allocate a slot for new object if(newObject != NULL) { // Copy the first part of the object MemoryCopy(newObject, object, offsetof(HASH_OBJECT, state)); // See if this is a sequence object if(ObjectIsSequence(newObject)) { // If this is a sequence object, import the data SequenceDataImport((HASH_OBJECT *)newObject, (HASH_OBJECT_BUFFER *)object); } else { // Copy input object data to internal structure MemoryCopy(newObject, object, sizeof(OBJECT)); } } return newObject; } //*** FlushObject() // This function frees an object slot. // // This function requires that the object is loaded. void FlushObject( TPMI_DH_OBJECT handle // IN: handle to be freed ) { UINT32 index = handle - TRANSIENT_FIRST; // pAssert(index < MAX_LOADED_OBJECTS); // Clear all the object attributes MemorySet((BYTE*)&(s_objects[index].attributes), 0, sizeof(OBJECT_ATTRIBUTES)); return; } //*** ObjectFlushHierarchy() // This function is called to flush all the loaded transient objects associated // with a hierarchy when the hierarchy is disabled. void ObjectFlushHierarchy( TPMI_RH_HIERARCHY hierarchy // IN: hierarchy to be flush ) { UINT16 i; // // iterate object slots for(i = 0; i < MAX_LOADED_OBJECTS; i++) { if(s_objects[i].attributes.occupied) // If found an occupied slot { switch(hierarchy) { case TPM_RH_PLATFORM: if(s_objects[i].attributes.ppsHierarchy == SET) s_objects[i].attributes.occupied = FALSE; break; case TPM_RH_OWNER: if(s_objects[i].attributes.spsHierarchy == SET) s_objects[i].attributes.occupied = FALSE; break; case TPM_RH_ENDORSEMENT: if(s_objects[i].attributes.epsHierarchy == SET) s_objects[i].attributes.occupied = FALSE; break; default: FAIL(FATAL_ERROR_INTERNAL); break; } } } return; } //*** ObjectLoadEvict() // This function loads a persistent object into a transient object slot. // // This function requires that 'handle' is associated with a persistent object. // Return Type: TPM_RC // TPM_RC_HANDLE the persistent object does not exist // or the associated hierarchy is disabled. // TPM_RC_OBJECT_MEMORY no object slot TPM_RC ObjectLoadEvict( TPM_HANDLE *handle, // IN:OUT: evict object handle. If success, it // will be replace by the loaded object handle COMMAND_INDEX commandIndex // IN: the command being processed ) { TPM_RC result; TPM_HANDLE evictHandle = *handle; // Save the evict handle OBJECT *object; // // If this is an index that references a persistent object created by // the platform, then return TPM_RH_HANDLE if the phEnable is FALSE if(*handle >= PLATFORM_PERSISTENT) { // belongs to platform if(g_phEnable == CLEAR) return TPM_RC_HANDLE; } // belongs to owner else if(gc.shEnable == CLEAR) return TPM_RC_HANDLE; // Try to allocate a slot for an object object = ObjectAllocateSlot(handle); if(object == NULL) return TPM_RC_OBJECT_MEMORY; // Copy persistent object to transient object slot. A TPM_RC_HANDLE // may be returned at this point. This will mark the slot as containing // a transient object so that it will be flushed at the end of the // command result = NvGetEvictObject(evictHandle, object); // Bail out if this failed if(result != TPM_RC_SUCCESS) return result; // check the object to see if it is in the endorsement hierarchy // if it is and this is not a TPM2_EvictControl() command, indicate // that the hierarchy is disabled. // If the associated hierarchy is disabled, make it look like the // handle is not defined if(ObjectGetHierarchy(object) == TPM_RH_ENDORSEMENT && gc.ehEnable == CLEAR && GetCommandCode(commandIndex) != TPM_CC_EvictControl) return TPM_RC_HANDLE; return result; } //*** ObjectComputeName() // This does the name computation from a public area (can be marshaled or not). TPM2B_NAME * ObjectComputeName( UINT32 size, // IN: the size of the area to digest BYTE *publicArea, // IN: the public area to digest TPM_ALG_ID nameAlg, // IN: the hash algorithm to use TPM2B_NAME *name // OUT: Computed name ) { // Hash the publicArea into the name buffer leaving room for the nameAlg name->t.size = CryptHashBlock(nameAlg, size, publicArea, sizeof(name->t.name) - 2, &name->t.name[2]); // set the nameAlg UINT16_TO_BYTE_ARRAY(nameAlg, name->t.name); name->t.size += 2; return name; } //*** PublicMarshalAndComputeName() // This function computes the Name of an object from its public area. TPM2B_NAME * PublicMarshalAndComputeName( TPMT_PUBLIC *publicArea, // IN: public area of an object TPM2B_NAME *name // OUT: name of the object ) { // Will marshal a public area into a template. This is because the internal // format for a TPM2B_PUBLIC is a structure and not a simple BYTE buffer. TPM2B_TEMPLATE marshaled; // this is big enough to hold a // marshaled TPMT_PUBLIC BYTE *buffer = (BYTE *)&marshaled.t.buffer; // // if the nameAlg is NULL then there is no name. if(publicArea->nameAlg == TPM_ALG_NULL) name->t.size = 0; else { // Marshal the public area into its canonical form marshaled.t.size = TPMT_PUBLIC_Marshal(publicArea, &buffer, NULL); // and compute the name ObjectComputeName(marshaled.t.size, marshaled.t.buffer, publicArea->nameAlg, name); } return name; } //*** ComputeQualifiedName() // This function computes the qualified name of an object. void ComputeQualifiedName( TPM_HANDLE parentHandle, // IN: parent's handle TPM_ALG_ID nameAlg, // IN: name hash TPM2B_NAME *name, // IN: name of the object TPM2B_NAME *qualifiedName // OUT: qualified name of the object ) { HASH_STATE hashState; // hash state TPM2B_NAME parentName; // if(parentHandle == TPM_RH_UNASSIGNED) { MemoryCopy2B(&qualifiedName->b, &name->b, sizeof(qualifiedName->t.name)); *qualifiedName = *name; } else { GetQualifiedName(parentHandle, &parentName); // QN_A = hash_A (QN of parent || NAME_A) // Start hash qualifiedName->t.size = CryptHashStart(&hashState, nameAlg); // Add parent's qualified name CryptDigestUpdate2B(&hashState, &parentName.b); // Add self name CryptDigestUpdate2B(&hashState, &name->b); // Complete hash leaving room for the name algorithm CryptHashEnd(&hashState, qualifiedName->t.size, &qualifiedName->t.name[2]); UINT16_TO_BYTE_ARRAY(nameAlg, qualifiedName->t.name); qualifiedName->t.size += 2; } return; } //*** ObjectIsStorage() // This function determines if an object has the attributes associated // with a parent. A parent is an asymmetric or symmetric block cipher key // that has its 'restricted' and 'decrypt' attributes SET, and 'sign' CLEAR. // Return Type: BOOL // TRUE(1) object is a storage key // FALSE(0) object is not a storage key BOOL ObjectIsStorage( TPMI_DH_OBJECT handle // IN: object handle ) { OBJECT *object = HandleToObject(handle); TPMT_PUBLIC *publicArea = ((object != NULL) ? &object->publicArea : NULL); // return (publicArea != NULL && IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, restricted) && IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, decrypt) && !IS_ATTRIBUTE(publicArea->objectAttributes, TPMA_OBJECT, sign) && (object->publicArea.type == ALG_RSA_VALUE || object->publicArea.type == ALG_ECC_VALUE)); } //*** ObjectCapGetLoaded() // This function returns a a list of handles of loaded object, starting from // 'handle'. 'Handle' must be in the range of valid transient object handles, // but does not have to be the handle of a loaded transient object. // Return Type: TPMI_YES_NO // YES if there are more handles available // NO all the available handles has been returned TPMI_YES_NO ObjectCapGetLoaded( TPMI_DH_OBJECT handle, // IN: start handle UINT32 count, // IN: count of returned handles TPML_HANDLE *handleList // OUT: list of handle ) { TPMI_YES_NO more = NO; UINT32 i; // pAssert(HandleGetType(handle) == TPM_HT_TRANSIENT); // Initialize output handle list handleList->count = 0; // The maximum count of handles we may return is MAX_CAP_HANDLES if(count > MAX_CAP_HANDLES) count = MAX_CAP_HANDLES; // Iterate object slots to get loaded object handles for(i = handle - TRANSIENT_FIRST; i < MAX_LOADED_OBJECTS; i++) { if(s_objects[i].attributes.occupied == TRUE) { // A valid transient object can not be the copy of a persistent object pAssert(s_objects[i].attributes.evict == CLEAR); if(handleList->count < count) { // If we have not filled up the return list, add this object // handle to it handleList->handle[handleList->count] = i + TRANSIENT_FIRST; handleList->count++; } else { // If the return list is full but we still have loaded object // available, report this and stop iterating more = YES; break; } } } return more; } //*** ObjectCapGetTransientAvail() // This function returns an estimate of the number of additional transient // objects that could be loaded into the TPM. UINT32 ObjectCapGetTransientAvail( void ) { UINT32 i; UINT32 num = 0; // // Iterate object slot to get the number of unoccupied slots for(i = 0; i < MAX_LOADED_OBJECTS; i++) { if(s_objects[i].attributes.occupied == FALSE) num++; } return num; } //*** ObjectGetPublicAttributes() // Returns the attributes associated with an object handles. TPMA_OBJECT ObjectGetPublicAttributes( TPM_HANDLE handle ) { return HandleToObject(handle)->publicArea.objectAttributes; } OBJECT_ATTRIBUTES ObjectGetProperties( TPM_HANDLE handle ) { return HandleToObject(handle)->attributes; }go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/PCR.c000066400000000000000000001301261510276467000256240ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Introduction // // This function contains the functions needed for PCR access and manipulation. // // This implementation uses a static allocation for the PCR. The amount of // memory is allocated based on the number of PCR in the implementation and // the number of implemented hash algorithms. This is not the expected // implementation. PCR SPACE DEFINITIONS. // // In the definitions below, the g_hashPcrMap is a bit array that indicates // which of the PCR are implemented. The g_hashPcr array is an array of digests. // In this implementation, the space is allocated whether the PCR is implemented // or not. //** Includes, Defines, and Data Definitions #define PCR_C #include "Tpm.h" // The initial value of PCR attributes. The value of these fields should be // consistent with PC Client specification // In this implementation, we assume the total number of implemented PCR is 24. static const PCR_Attributes s_initAttributes[] = { // PCR 0 - 15, static RTM {1, 0, 0x1F}, {1, 0, 0x1F}, {1, 0, 0x1F}, {1, 0, 0x1F}, {1, 0, 0x1F}, {1, 0, 0x1F}, {1, 0, 0x1F}, {1, 0, 0x1F}, {1, 0, 0x1F}, {1, 0, 0x1F}, {1, 0, 0x1F}, {1, 0, 0x1F}, {1, 0, 0x1F}, {1, 0, 0x1F}, {1, 0, 0x1F}, {1, 0, 0x1F}, {0, 0x0F, 0x1F}, // PCR 16, Debug {0, 0x10, 0x1C}, // PCR 17, Locality 4 {0, 0x10, 0x1C}, // PCR 18, Locality 3 {0, 0x10, 0x0C}, // PCR 19, Locality 2 {0, 0x14, 0x0E}, // PCR 20, Locality 1 {0, 0x14, 0x04}, // PCR 21, Dynamic OS {0, 0x14, 0x04}, // PCR 22, Dynamic OS {0, 0x0F, 0x1F}, // PCR 23, Application specific {0, 0x0F, 0x1F} // PCR 24, testing policy }; //** Functions //*** PCRBelongsAuthGroup() // This function indicates if a PCR belongs to a group that requires an authValue // in order to modify the PCR. If it does, 'groupIndex' is set to value of // the group index. This feature of PCR is decided by the platform specification. // Return Type: BOOL // TRUE(1) PCR belongs an authorization group // FALSE(0) PCR does not belong an authorization group BOOL PCRBelongsAuthGroup( TPMI_DH_PCR handle, // IN: handle of PCR UINT32 *groupIndex // OUT: group index if PCR belongs a // group that allows authValue. If PCR // does not belong to an authorization // group, the value in this parameter is // invalid ) { #if defined NUM_AUTHVALUE_PCR_GROUP && NUM_AUTHVALUE_PCR_GROUP > 0 // Platform specification determines to which authorization group a PCR belongs // (if any). In this implementation, we assume there is only // one authorization group which contains PCR[20-22]. If the platform // specification requires differently, the implementation should be changed // accordingly if(handle >= 20 && handle <= 22) { *groupIndex = 0; return TRUE; } #endif return FALSE; } //*** PCRBelongsPolicyGroup() // This function indicates if a PCR belongs to a group that requires a policy // authorization in order to modify the PCR. If it does, 'groupIndex' is set // to value of the group index. This feature of PCR is decided by the platform // specification. // Return Type: BOOL // TRUE(1) PCR belongs a policy group // FALSE(0) PCR does not belong a policy group BOOL PCRBelongsPolicyGroup( TPMI_DH_PCR handle, // IN: handle of PCR UINT32 *groupIndex // OUT: group index if PCR belongs a group that // allows policy. If PCR does not belong to // a policy group, the value in this // parameter is invalid ) { #if defined NUM_POLICY_PCR_GROUP && NUM_POLICY_PCR_GROUP > 0 // Platform specification decides if a PCR belongs to a policy group and // belongs to which group. In this implementation, we assume there is only // one policy group which contains PCR20-22. If the platform specification // requires differently, the implementation should be changed accordingly if(handle >= 20 && handle <= 22) { *groupIndex = 0; return TRUE; } #endif return FALSE; } //*** PCRBelongsTCBGroup() // This function indicates if a PCR belongs to the TCB group. // Return Type: BOOL // TRUE(1) PCR belongs to TCB group // FALSE(0) PCR does not belong to TCB group static BOOL PCRBelongsTCBGroup( TPMI_DH_PCR handle // IN: handle of PCR ) { #if ENABLE_PCR_NO_INCREMENT == YES // Platform specification decides if a PCR belongs to a TCB group. In this // implementation, we assume PCR[20-22] belong to TCB group. If the platform // specification requires differently, the implementation should be // changed accordingly if(handle >= 20 && handle <= 22) return TRUE; #endif return FALSE; } //*** PCRPolicyIsAvailable() // This function indicates if a policy is available for a PCR. // Return Type: BOOL // TRUE(1) the PCR should be authorized by policy // FALSE(0) the PCR does not allow policy BOOL PCRPolicyIsAvailable( TPMI_DH_PCR handle // IN: PCR handle ) { UINT32 groupIndex; return PCRBelongsPolicyGroup(handle, &groupIndex); } //*** PCRGetAuthValue() // This function is used to access the authValue of a PCR. If PCR does not // belong to an authValue group, an EmptyAuth will be returned. TPM2B_AUTH * PCRGetAuthValue( TPMI_DH_PCR handle // IN: PCR handle ) { UINT32 groupIndex; if(PCRBelongsAuthGroup(handle, &groupIndex)) { return &gc.pcrAuthValues.auth[groupIndex]; } else { return NULL; } } //*** PCRGetAuthPolicy() // This function is used to access the authorization policy of a PCR. It sets // 'policy' to the authorization policy and returns the hash algorithm for policy // If the PCR does not allow a policy, TPM_ALG_NULL is returned. TPMI_ALG_HASH PCRGetAuthPolicy( TPMI_DH_PCR handle, // IN: PCR handle TPM2B_DIGEST *policy // OUT: policy of PCR ) { UINT32 groupIndex; if(PCRBelongsPolicyGroup(handle, &groupIndex)) { *policy = gp.pcrPolicies.policy[groupIndex]; return gp.pcrPolicies.hashAlg[groupIndex]; } else { policy->t.size = 0; return TPM_ALG_NULL; } } //*** PCRSimStart() // This function is used to initialize the policies when a TPM is manufactured. // This function would only be called in a manufacturing environment or in // a TPM simulator. void PCRSimStart( void ) { UINT32 i; #if defined NUM_POLICY_PCR_GROUP && NUM_POLICY_PCR_GROUP > 0 for(i = 0; i < NUM_POLICY_PCR_GROUP; i++) { gp.pcrPolicies.hashAlg[i] = TPM_ALG_NULL; gp.pcrPolicies.policy[i].t.size = 0; } #endif #if defined NUM_AUTHVALUE_PCR_GROUP && NUM_AUTHVALUE_PCR_GROUP > 0 for(i = 0; i < NUM_AUTHVALUE_PCR_GROUP; i++) { gc.pcrAuthValues.auth[i].t.size = 0; } #endif // We need to give an initial configuration on allocated PCR before // receiving any TPM2_PCR_Allocate command to change this configuration // When the simulation environment starts, we allocate all the PCRs for(gp.pcrAllocated.count = 0; gp.pcrAllocated.count < HASH_COUNT; gp.pcrAllocated.count++) { gp.pcrAllocated.pcrSelections[gp.pcrAllocated.count].hash = CryptHashGetAlgByIndex(gp.pcrAllocated.count); gp.pcrAllocated.pcrSelections[gp.pcrAllocated.count].sizeofSelect = PCR_SELECT_MAX; for(i = 0; i < PCR_SELECT_MAX; i++) gp.pcrAllocated.pcrSelections[gp.pcrAllocated.count].pcrSelect[i] = 0xFF; } // Store the initial configuration to NV NV_SYNC_PERSISTENT(pcrPolicies); NV_SYNC_PERSISTENT(pcrAllocated); return; } //*** GetSavedPcrPointer() // This function returns the address of an array of state saved PCR based // on the hash algorithm. // Return Type: BYTE * // NULL no such algorithm // != NULL pointer to the 0th byte of the 0th PCR static BYTE * GetSavedPcrPointer( TPM_ALG_ID alg, // IN: algorithm for bank UINT32 pcrIndex // IN: PCR index in PCR_SAVE ) { BYTE *retVal; switch(alg) { #if ALG_SHA1 case ALG_SHA1_VALUE: retVal = gc.pcrSave.sha1[pcrIndex]; break; #endif #if ALG_SHA256 case ALG_SHA256_VALUE: retVal = gc.pcrSave.sha256[pcrIndex]; break; #endif #if ALG_SHA384 case ALG_SHA384_VALUE: retVal = gc.pcrSave.sha384[pcrIndex]; break; #endif #if ALG_SHA512 case ALG_SHA512_VALUE: retVal = gc.pcrSave.sha512[pcrIndex]; break; #endif #if ALG_SM3_256 case ALG_SM3_256_VALUE: retVal = gc.pcrSave.sm3_256[pcrIndex]; break; #endif default: FAIL(FATAL_ERROR_INTERNAL); } return retVal; } //*** PcrIsAllocated() // This function indicates if a PCR number for the particular hash algorithm // is allocated. // Return Type: BOOL // TRUE(1) PCR is allocated // FALSE(0) PCR is not allocated BOOL PcrIsAllocated( UINT32 pcr, // IN: The number of the PCR TPMI_ALG_HASH hashAlg // IN: The PCR algorithm ) { UINT32 i; BOOL allocated = FALSE; if(pcr < IMPLEMENTATION_PCR) { for(i = 0; i < gp.pcrAllocated.count; i++) { if(gp.pcrAllocated.pcrSelections[i].hash == hashAlg) { if(((gp.pcrAllocated.pcrSelections[i].pcrSelect[pcr / 8]) & (1 << (pcr % 8))) != 0) allocated = TRUE; else allocated = FALSE; break; } } } return allocated; } //*** GetPcrPointer() // This function returns the address of an array of PCR based on the // hash algorithm. // Return Type: BYTE * // NULL no such algorithm // != NULL pointer to the 0th byte of the 0th PCR static BYTE * GetPcrPointer( TPM_ALG_ID alg, // IN: algorithm for bank UINT32 pcrNumber // IN: PCR number ) { static BYTE *pcr = NULL; if(!PcrIsAllocated(pcrNumber, alg)) return NULL; switch(alg) { #if ALG_SHA1 case ALG_SHA1_VALUE: pcr = s_pcrs[pcrNumber].sha1Pcr; break; #endif #if ALG_SHA256 case ALG_SHA256_VALUE: pcr = s_pcrs[pcrNumber].sha256Pcr; break; #endif #if ALG_SHA384 case ALG_SHA384_VALUE: pcr = s_pcrs[pcrNumber].sha384Pcr; break; #endif #if ALG_SHA512 case ALG_SHA512_VALUE: pcr = s_pcrs[pcrNumber].sha512Pcr; break; #endif #if ALG_SM3_256 case ALG_SM3_256_VALUE: pcr = s_pcrs[pcrNumber].sm3_256Pcr; break; #endif default: FAIL(FATAL_ERROR_INTERNAL); break; } return pcr; } //*** IsPcrSelected() // This function indicates if an indicated PCR number is selected by the bit map in // 'selection'. // Return Type: BOOL // TRUE(1) PCR is selected // FALSE(0) PCR is not selected static BOOL IsPcrSelected( UINT32 pcr, // IN: The number of the PCR TPMS_PCR_SELECTION *selection // IN: The selection structure ) { BOOL selected; selected = (pcr < IMPLEMENTATION_PCR && ((selection->pcrSelect[pcr / 8]) & (1 << (pcr % 8))) != 0); return selected; } //*** FilterPcr() // This function modifies a PCR selection array based on the implemented // PCR. static void FilterPcr( TPMS_PCR_SELECTION *selection // IN: input PCR selection ) { UINT32 i; TPMS_PCR_SELECTION *allocated = NULL; // If size of select is less than PCR_SELECT_MAX, zero the unspecified PCR for(i = selection->sizeofSelect; i < PCR_SELECT_MAX; i++) selection->pcrSelect[i] = 0; // Find the internal configuration for the bank for(i = 0; i < gp.pcrAllocated.count; i++) { if(gp.pcrAllocated.pcrSelections[i].hash == selection->hash) { allocated = &gp.pcrAllocated.pcrSelections[i]; break; } } for(i = 0; i < selection->sizeofSelect; i++) { if(allocated == NULL) { // If the required bank does not exist, clear input selection selection->pcrSelect[i] = 0; } else selection->pcrSelect[i] &= allocated->pcrSelect[i]; } return; } //*** PcrDrtm() // This function does the DRTM and H-CRTM processing it is called from // _TPM_Hash_End. void PcrDrtm( const TPMI_DH_PCR pcrHandle, // IN: the index of the PCR to be // modified const TPMI_ALG_HASH hash, // IN: the bank identifier const TPM2B_DIGEST *digest // IN: the digest to modify the PCR ) { BYTE *pcrData = GetPcrPointer(hash, pcrHandle); if(pcrData != NULL) { // Rest the PCR to zeros MemorySet(pcrData, 0, digest->t.size); // if the TPM has not started, then set the PCR to 0...04 and then extend if(!TPMIsStarted()) { pcrData[digest->t.size - 1] = 4; } // Now, extend the value PCRExtend(pcrHandle, hash, digest->t.size, (BYTE *)digest->t.buffer); } } //*** PCR_ClearAuth() // This function is used to reset the PCR authorization values. It is called // on TPM2_Startup(CLEAR) and TPM2_Clear(). void PCR_ClearAuth( void ) { #if defined NUM_AUTHVALUE_PCR_GROUP && NUM_AUTHVALUE_PCR_GROUP > 0 int j; for(j = 0; j < NUM_AUTHVALUE_PCR_GROUP; j++) { gc.pcrAuthValues.auth[j].t.size = 0; } #endif } //*** PCRStartup() // This function initializes the PCR subsystem at TPM2_Startup(). BOOL PCRStartup( STARTUP_TYPE type, // IN: startup type BYTE locality // IN: startup locality ) { UINT32 pcr, j; UINT32 saveIndex = 0; g_pcrReConfig = FALSE; // Don't test for SU_RESET because that should be the default when nothing // else is selected if(type != SU_RESUME && type != SU_RESTART) { // PCR generation counter is cleared at TPM_RESET gr.pcrCounter = 0; } // Initialize/Restore PCR values for(pcr = 0; pcr < IMPLEMENTATION_PCR; pcr++) { // On resume, need to know if this PCR had its state saved or not UINT32 stateSaved; if(type == SU_RESUME && s_initAttributes[pcr].stateSave == SET) { stateSaved = 1; } else { stateSaved = 0; PCRChanged(pcr); } // If this is the H-CRTM PCR and we are not doing a resume and we // had an H-CRTM event, then we don't change this PCR if(pcr == HCRTM_PCR && type != SU_RESUME && g_DrtmPreStartup == TRUE) continue; // Iterate each hash algorithm bank for(j = 0; j < gp.pcrAllocated.count; j++) { TPMI_ALG_HASH hash = gp.pcrAllocated.pcrSelections[j].hash; BYTE *pcrData = GetPcrPointer(hash, pcr); UINT16 pcrSize = CryptHashGetDigestSize(hash); if(pcrData != NULL) { // if state was saved if(stateSaved == 1) { // Restore saved PCR value BYTE *pcrSavedData; pcrSavedData = GetSavedPcrPointer( gp.pcrAllocated.pcrSelections[j].hash, saveIndex); if(pcrSavedData == NULL) return FALSE; MemoryCopy(pcrData, pcrSavedData, pcrSize); } else // PCR was not restored by state save { // If the reset locality of the PCR is 4, then // the reset value is all one's, otherwise it is // all zero. if((s_initAttributes[pcr].resetLocality & 0x10) != 0) MemorySet(pcrData, 0xFF, pcrSize); else { MemorySet(pcrData, 0, pcrSize); if(pcr == HCRTM_PCR) pcrData[pcrSize - 1] = locality; } } } } saveIndex += stateSaved; } // Reset authValues on TPM2_Startup(CLEAR) if(type != SU_RESUME) PCR_ClearAuth(); return TRUE; } //*** PCRStateSave() // This function is used to save the PCR values that will be restored on TPM Resume. void PCRStateSave( TPM_SU type // IN: startup type ) { UINT32 pcr, j; UINT32 saveIndex = 0; // if state save CLEAR, nothing to be done. Return here if(type == TPM_SU_CLEAR) return; // Copy PCR values to the structure that should be saved to NV for(pcr = 0; pcr < IMPLEMENTATION_PCR; pcr++) { UINT32 stateSaved = (s_initAttributes[pcr].stateSave == SET) ? 1 : 0; // Iterate each hash algorithm bank for(j = 0; j < gp.pcrAllocated.count; j++) { BYTE *pcrData; UINT32 pcrSize; pcrData = GetPcrPointer(gp.pcrAllocated.pcrSelections[j].hash, pcr); if(pcrData != NULL) { pcrSize = CryptHashGetDigestSize(gp.pcrAllocated.pcrSelections[j].hash); if(stateSaved == 1) { // Restore saved PCR value BYTE *pcrSavedData; pcrSavedData = GetSavedPcrPointer(gp.pcrAllocated.pcrSelections[j].hash, saveIndex); MemoryCopy(pcrSavedData, pcrData, pcrSize); } } } saveIndex += stateSaved; } return; } //*** PCRIsStateSaved() // This function indicates if the selected PCR is a PCR that is state saved // on TPM2_Shutdown(STATE). The return value is based on PCR attributes. // Return Type: BOOL // TRUE(1) PCR is state saved // FALSE(0) PCR is not state saved BOOL PCRIsStateSaved( TPMI_DH_PCR handle // IN: PCR handle to be extended ) { UINT32 pcr = handle - PCR_FIRST; if(s_initAttributes[pcr].stateSave == SET) return TRUE; else return FALSE; } //*** PCRIsResetAllowed() // This function indicates if a PCR may be reset by the current command locality. // The return value is based on PCR attributes, and not the PCR allocation. // Return Type: BOOL // TRUE(1) TPM2_PCR_Reset is allowed // FALSE(0) TPM2_PCR_Reset is not allowed BOOL PCRIsResetAllowed( TPMI_DH_PCR handle // IN: PCR handle to be extended ) { UINT8 commandLocality; UINT8 localityBits = 1; UINT32 pcr = handle - PCR_FIRST; // Check for the locality commandLocality = _plat__LocalityGet(); #ifdef DRTM_PCR // For a TPM that does DRTM, Reset is not allowed at locality 4 if(commandLocality == 4) return FALSE; #endif localityBits = localityBits << commandLocality; if((localityBits & s_initAttributes[pcr].resetLocality) == 0) return FALSE; else return TRUE; } //*** PCRChanged() // This function checks a PCR handle to see if the attributes for the PCR are set // so that any change to the PCR causes an increment of the pcrCounter. If it does, // then the function increments the counter. Will also bump the counter if the // handle is zero which means that PCR 0 can not be in the TCB group. Bump on zero // is used by TPM2_Clear(). void PCRChanged( TPM_HANDLE pcrHandle // IN: the handle of the PCR that changed. ) { // For the reference implementation, the only change that does not cause // increment is a change to a PCR in the TCB group. if((pcrHandle == 0) || !PCRBelongsTCBGroup(pcrHandle)) { gr.pcrCounter++; if(gr.pcrCounter == 0) FAIL(FATAL_ERROR_COUNTER_OVERFLOW); } } //*** PCRIsExtendAllowed() // This function indicates a PCR may be extended at the current command locality. // The return value is based on PCR attributes, and not the PCR allocation. // Return Type: BOOL // TRUE(1) extend is allowed // FALSE(0) extend is not allowed BOOL PCRIsExtendAllowed( TPMI_DH_PCR handle // IN: PCR handle to be extended ) { UINT8 commandLocality; UINT8 localityBits = 1; UINT32 pcr = handle - PCR_FIRST; // Check for the locality commandLocality = _plat__LocalityGet(); localityBits = localityBits << commandLocality; if((localityBits & s_initAttributes[pcr].extendLocality) == 0) return FALSE; else return TRUE; } //*** PCRExtend() // This function is used to extend a PCR in a specific bank. void PCRExtend( TPMI_DH_PCR handle, // IN: PCR handle to be extended TPMI_ALG_HASH hash, // IN: hash algorithm of PCR UINT32 size, // IN: size of data to be extended BYTE *data // IN: data to be extended ) { BYTE *pcrData; HASH_STATE hashState; UINT16 pcrSize; pcrData = GetPcrPointer(hash, handle - PCR_FIRST); // Extend PCR if it is allocated if(pcrData != NULL) { pcrSize = CryptHashGetDigestSize(hash); CryptHashStart(&hashState, hash); CryptDigestUpdate(&hashState, pcrSize, pcrData); CryptDigestUpdate(&hashState, size, data); CryptHashEnd(&hashState, pcrSize, pcrData); // PCR has changed so update the pcrCounter if necessary PCRChanged(handle); } return; } //*** PCRComputeCurrentDigest() // This function computes the digest of the selected PCR. // // As a side-effect, 'selection' is modified so that only the implemented PCR // will have their bits still set. void PCRComputeCurrentDigest( TPMI_ALG_HASH hashAlg, // IN: hash algorithm to compute digest TPML_PCR_SELECTION *selection, // IN/OUT: PCR selection (filtered on // output) TPM2B_DIGEST *digest // OUT: digest ) { HASH_STATE hashState; TPMS_PCR_SELECTION *select; BYTE *pcrData; // will point to a digest UINT32 pcrSize; UINT32 pcr; UINT32 i; // Initialize the hash digest->t.size = CryptHashStart(&hashState, hashAlg); pAssert(digest->t.size > 0 && digest->t.size < UINT16_MAX); // Iterate through the list of PCR selection structures for(i = 0; i < selection->count; i++) { // Point to the current selection select = &selection->pcrSelections[i]; // Point to the current selection FilterPcr(select); // Clear out the bits for unimplemented PCR // Need the size of each digest pcrSize = CryptHashGetDigestSize(selection->pcrSelections[i].hash); // Iterate through the selection for(pcr = 0; pcr < IMPLEMENTATION_PCR; pcr++) { if(IsPcrSelected(pcr, select)) // Is this PCR selected { // Get pointer to the digest data for the bank pcrData = GetPcrPointer(selection->pcrSelections[i].hash, pcr); pAssert(pcrData != NULL); CryptDigestUpdate(&hashState, pcrSize, pcrData); // add to digest } } } // Complete hash stack CryptHashEnd2B(&hashState, &digest->b); return; } //*** PCRRead() // This function is used to read a list of selected PCR. If the requested PCR // number exceeds the maximum number that can be output, the 'selection' is // adjusted to reflect the actual output PCR. void PCRRead( TPML_PCR_SELECTION *selection, // IN/OUT: PCR selection (filtered on // output) TPML_DIGEST *digest, // OUT: digest UINT32 *pcrCounter // OUT: the current value of PCR generation // number ) { TPMS_PCR_SELECTION *select; BYTE *pcrData; // will point to a digest UINT32 pcr; UINT32 i; digest->count = 0; // Iterate through the list of PCR selection structures for(i = 0; i < selection->count; i++) { // Point to the current selection select = &selection->pcrSelections[i]; // Point to the current selection FilterPcr(select); // Clear out the bits for unimplemented PCR // Iterate through the selection for(pcr = 0; pcr < IMPLEMENTATION_PCR; pcr++) { if(IsPcrSelected(pcr, select)) // Is this PCR selected { // Check if number of digest exceed upper bound if(digest->count > 7) { // Clear rest of the current select bitmap while(pcr < IMPLEMENTATION_PCR // do not round up! && (pcr / 8) < select->sizeofSelect) { // do not round up! select->pcrSelect[pcr / 8] &= (BYTE)~(1 << (pcr % 8)); pcr++; } // Exit inner loop break; } // Need the size of each digest digest->digests[digest->count].t.size = CryptHashGetDigestSize(selection->pcrSelections[i].hash); // Get pointer to the digest data for the bank pcrData = GetPcrPointer(selection->pcrSelections[i].hash, pcr); pAssert(pcrData != NULL); // Add to the data to digest MemoryCopy(digest->digests[digest->count].t.buffer, pcrData, digest->digests[digest->count].t.size); digest->count++; } } // If we exit inner loop because we have exceed the output upper bound if(digest->count > 7 && pcr < IMPLEMENTATION_PCR) { // Clear rest of the selection while(i < selection->count) { MemorySet(selection->pcrSelections[i].pcrSelect, 0, selection->pcrSelections[i].sizeofSelect); i++; } // exit outer loop break; } } *pcrCounter = gr.pcrCounter; return; } //*** PCRAllocate() // This function is used to change the PCR allocation. // Return Type: TPM_RC // TPM_RC_NO_RESULT allocate failed // TPM_RC_PCR improper allocation TPM_RC PCRAllocate( TPML_PCR_SELECTION *allocate, // IN: required allocation UINT32 *maxPCR, // OUT: Maximum number of PCR UINT32 *sizeNeeded, // OUT: required space UINT32 *sizeAvailable // OUT: available space ) { UINT32 i, j, k; TPML_PCR_SELECTION newAllocate; // Initialize the flags to indicate if HCRTM PCR and DRTM PCR are allocated. BOOL pcrHcrtm = FALSE; BOOL pcrDrtm = FALSE; // Create the expected new PCR allocation based on the existing allocation // and the new input: // 1. if a PCR bank does not appear in the new allocation, the existing // allocation of this PCR bank will be preserved. // 2. if a PCR bank appears multiple times in the new allocation, only the // last one will be in effect. newAllocate = gp.pcrAllocated; for(i = 0; i < allocate->count; i++) { for(j = 0; j < newAllocate.count; j++) { // If hash matches, the new allocation covers the old allocation // for this particular bank. // The assumption is the initial PCR allocation (from manufacture) // has all the supported hash algorithms with an assigned bank // (possibly empty). So there must be a match for any new bank // allocation from the input. if(newAllocate.pcrSelections[j].hash == allocate->pcrSelections[i].hash) { newAllocate.pcrSelections[j] = allocate->pcrSelections[i]; break; } } // The j loop must exit with a match. pAssert(j < newAllocate.count); } // Max PCR in a bank is MIN(implemented PCR, PCR with attributes defined) *maxPCR = sizeof(s_initAttributes) / sizeof(PCR_Attributes); if(*maxPCR > IMPLEMENTATION_PCR) *maxPCR = IMPLEMENTATION_PCR; // Compute required size for allocation *sizeNeeded = 0; for(i = 0; i < newAllocate.count; i++) { UINT32 digestSize = CryptHashGetDigestSize(newAllocate.pcrSelections[i].hash); #if defined(DRTM_PCR) // Make sure that we end up with at least one DRTM PCR pcrDrtm = pcrDrtm || TestBit(DRTM_PCR, newAllocate.pcrSelections[i].pcrSelect, newAllocate.pcrSelections[i].sizeofSelect); #else // if DRTM PCR is not required, indicate that the allocation is OK pcrDrtm = TRUE; #endif #if defined(HCRTM_PCR) // and one HCRTM PCR (since this is usually PCR 0...) pcrHcrtm = pcrHcrtm || TestBit(HCRTM_PCR, newAllocate.pcrSelections[i].pcrSelect, newAllocate.pcrSelections[i].sizeofSelect); #else pcrHcrtm = TRUE; #endif for(j = 0; j < newAllocate.pcrSelections[i].sizeofSelect; j++) { BYTE mask = 1; for(k = 0; k < 8; k++) { if((newAllocate.pcrSelections[i].pcrSelect[j] & mask) != 0) *sizeNeeded += digestSize; mask = mask << 1; } } } if(!pcrDrtm || !pcrHcrtm) return TPM_RC_PCR; // In this particular implementation, we always have enough space to // allocate PCR. Different implementation may return a sizeAvailable less // than the sizeNeed. *sizeAvailable = sizeof(s_pcrs); // Save the required allocation to NV. Note that after NV is written, the // PCR allocation in NV is no longer consistent with the RAM data // gp.pcrAllocated. The NV version reflect the allocate after next // TPM_RESET, while the RAM version reflects the current allocation NV_WRITE_PERSISTENT(pcrAllocated, newAllocate); return TPM_RC_SUCCESS; } //*** PCRSetValue() // This function is used to set the designated PCR in all banks to an initial value. // The initial value is signed and will be sign extended into the entire PCR. // void PCRSetValue( TPM_HANDLE handle, // IN: the handle of the PCR to set INT8 initialValue // IN: the value to set ) { int i; UINT32 pcr = handle - PCR_FIRST; TPMI_ALG_HASH hash; UINT16 digestSize; BYTE *pcrData; // Iterate supported PCR bank algorithms to reset for(i = 0; i < HASH_COUNT; i++) { hash = CryptHashGetAlgByIndex(i); // Prevent runaway if(hash == TPM_ALG_NULL) break; // Get a pointer to the data pcrData = GetPcrPointer(gp.pcrAllocated.pcrSelections[i].hash, pcr); // If the PCR is allocated if(pcrData != NULL) { // And the size of the digest digestSize = CryptHashGetDigestSize(hash); // Set the LSO to the input value pcrData[digestSize - 1] = initialValue; // Sign extend if(initialValue >= 0) MemorySet(pcrData, 0, digestSize - 1); else MemorySet(pcrData, -1, digestSize - 1); } } } //*** PCRResetDynamics // This function is used to reset a dynamic PCR to 0. This function is used in // DRTM sequence. void PCRResetDynamics( void ) { UINT32 pcr, i; // Initialize PCR values for(pcr = 0; pcr < IMPLEMENTATION_PCR; pcr++) { // Iterate each hash algorithm bank for(i = 0; i < gp.pcrAllocated.count; i++) { BYTE *pcrData; UINT32 pcrSize; pcrData = GetPcrPointer(gp.pcrAllocated.pcrSelections[i].hash, pcr); if(pcrData != NULL) { pcrSize = CryptHashGetDigestSize(gp.pcrAllocated.pcrSelections[i].hash); // Reset PCR // Any PCR can be reset by locality 4 should be reset to 0 if((s_initAttributes[pcr].resetLocality & 0x10) != 0) MemorySet(pcrData, 0, pcrSize); } } } return; } //*** PCRCapGetAllocation() // This function is used to get the current allocation of PCR banks. // Return Type: TPMI_YES_NO // YES if the return count is 0 // NO if the return count is not 0 TPMI_YES_NO PCRCapGetAllocation( UINT32 count, // IN: count of return TPML_PCR_SELECTION *pcrSelection // OUT: PCR allocation list ) { if(count == 0) { pcrSelection->count = 0; return YES; } else { *pcrSelection = gp.pcrAllocated; return NO; } } //*** PCRSetSelectBit() // This function sets a bit in a bitmap array. static void PCRSetSelectBit( UINT32 pcr, // IN: PCR number BYTE *bitmap // OUT: bit map to be set ) { bitmap[pcr / 8] |= (1 << (pcr % 8)); return; } //*** PCRGetProperty() // This function returns the selected PCR property. // Return Type: BOOL // TRUE(1) the property type is implemented // FALSE(0) the property type is not implemented static BOOL PCRGetProperty( TPM_PT_PCR property, TPMS_TAGGED_PCR_SELECT *select ) { UINT32 pcr; UINT32 groupIndex; select->tag = property; // Always set the bitmap to be the size of all PCR select->sizeofSelect = (IMPLEMENTATION_PCR + 7) / 8; // Initialize bitmap MemorySet(select->pcrSelect, 0, select->sizeofSelect); // Collecting properties for(pcr = 0; pcr < IMPLEMENTATION_PCR; pcr++) { switch(property) { case TPM_PT_PCR_SAVE: if(s_initAttributes[pcr].stateSave == SET) PCRSetSelectBit(pcr, select->pcrSelect); break; case TPM_PT_PCR_EXTEND_L0: if((s_initAttributes[pcr].extendLocality & 0x01) != 0) PCRSetSelectBit(pcr, select->pcrSelect); break; case TPM_PT_PCR_RESET_L0: if((s_initAttributes[pcr].resetLocality & 0x01) != 0) PCRSetSelectBit(pcr, select->pcrSelect); break; case TPM_PT_PCR_EXTEND_L1: if((s_initAttributes[pcr].extendLocality & 0x02) != 0) PCRSetSelectBit(pcr, select->pcrSelect); break; case TPM_PT_PCR_RESET_L1: if((s_initAttributes[pcr].resetLocality & 0x02) != 0) PCRSetSelectBit(pcr, select->pcrSelect); break; case TPM_PT_PCR_EXTEND_L2: if((s_initAttributes[pcr].extendLocality & 0x04) != 0) PCRSetSelectBit(pcr, select->pcrSelect); break; case TPM_PT_PCR_RESET_L2: if((s_initAttributes[pcr].resetLocality & 0x04) != 0) PCRSetSelectBit(pcr, select->pcrSelect); break; case TPM_PT_PCR_EXTEND_L3: if((s_initAttributes[pcr].extendLocality & 0x08) != 0) PCRSetSelectBit(pcr, select->pcrSelect); break; case TPM_PT_PCR_RESET_L3: if((s_initAttributes[pcr].resetLocality & 0x08) != 0) PCRSetSelectBit(pcr, select->pcrSelect); break; case TPM_PT_PCR_EXTEND_L4: if((s_initAttributes[pcr].extendLocality & 0x10) != 0) PCRSetSelectBit(pcr, select->pcrSelect); break; case TPM_PT_PCR_RESET_L4: if((s_initAttributes[pcr].resetLocality & 0x10) != 0) PCRSetSelectBit(pcr, select->pcrSelect); break; case TPM_PT_PCR_DRTM_RESET: // DRTM reset PCRs are the PCR reset by locality 4 if((s_initAttributes[pcr].resetLocality & 0x10) != 0) PCRSetSelectBit(pcr, select->pcrSelect); break; #if defined NUM_POLICY_PCR_GROUP && NUM_POLICY_PCR_GROUP > 0 case TPM_PT_PCR_POLICY: if(PCRBelongsPolicyGroup(pcr + PCR_FIRST, &groupIndex)) PCRSetSelectBit(pcr, select->pcrSelect); break; #endif #if defined NUM_AUTHVALUE_PCR_GROUP && NUM_AUTHVALUE_PCR_GROUP > 0 case TPM_PT_PCR_AUTH: if(PCRBelongsAuthGroup(pcr + PCR_FIRST, &groupIndex)) PCRSetSelectBit(pcr, select->pcrSelect); break; #endif #if ENABLE_PCR_NO_INCREMENT == YES case TPM_PT_PCR_NO_INCREMENT: if(PCRBelongsTCBGroup(pcr + PCR_FIRST)) PCRSetSelectBit(pcr, select->pcrSelect); break; #endif default: // If property is not supported, stop scanning PCR attributes // and return. return FALSE; break; } } return TRUE; } //*** PCRCapGetProperties() // This function returns a list of PCR properties starting at 'property'. // Return Type: TPMI_YES_NO // YES if no more property is available // NO if there are more properties not reported TPMI_YES_NO PCRCapGetProperties( TPM_PT_PCR property, // IN: the starting PCR property UINT32 count, // IN: count of returned properties TPML_TAGGED_PCR_PROPERTY *select // OUT: PCR select ) { TPMI_YES_NO more = NO; UINT32 i; // Initialize output property list select->count = 0; // The maximum count of properties we may return is MAX_PCR_PROPERTIES if(count > MAX_PCR_PROPERTIES) count = MAX_PCR_PROPERTIES; // TPM_PT_PCR_FIRST is defined as 0 in spec. It ensures that property // value would never be less than TPM_PT_PCR_FIRST cAssert(TPM_PT_PCR_FIRST == 0); // Iterate PCR properties. TPM_PT_PCR_LAST is the index of the last property // implemented on the TPM. for(i = property; i <= TPM_PT_PCR_LAST; i++) { if(select->count < count) { // If we have not filled up the return list, add more properties to it if(PCRGetProperty(i, &select->pcrProperty[select->count])) // only increment if the property is implemented select->count++; } else { // If the return list is full but we still have properties // available, report this and stop iterating. more = YES; break; } } return more; } //*** PCRCapGetHandles() // This function is used to get a list of handles of PCR, started from 'handle'. // If 'handle' exceeds the maximum PCR handle range, an empty list will be // returned and the return value will be NO. // Return Type: TPMI_YES_NO // YES if there are more handles available // NO all the available handles has been returned TPMI_YES_NO PCRCapGetHandles( TPMI_DH_PCR handle, // IN: start handle UINT32 count, // IN: count of returned handles TPML_HANDLE *handleList // OUT: list of handle ) { TPMI_YES_NO more = NO; UINT32 i; pAssert(HandleGetType(handle) == TPM_HT_PCR); // Initialize output handle list handleList->count = 0; // The maximum count of handles we may return is MAX_CAP_HANDLES if(count > MAX_CAP_HANDLES) count = MAX_CAP_HANDLES; // Iterate PCR handle range for(i = handle & HR_HANDLE_MASK; i <= PCR_LAST; i++) { if(handleList->count < count) { // If we have not filled up the return list, add this PCR // handle to it handleList->handle[handleList->count] = i + PCR_FIRST; handleList->count++; } else { // If the return list is full but we still have PCR handle // available, report this and stop iterating more = YES; break; } } return more; }go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/PP.c000066400000000000000000000144571510276467000255270ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Introduction // This file contains the functions that support the physical presence operations // of the TPM. //** Includes #include "Tpm.h" //** Functions //*** PhysicalPresencePreInstall_Init() // This function is used to initialize the array of commands that always require // confirmation with physical presence. The array is an array of bits that // has a correspondence with the command code. // // This command should only ever be executable in a manufacturing setting or in // a simulation. // // When set, these cannot be cleared. // void PhysicalPresencePreInstall_Init( void ) { COMMAND_INDEX commandIndex; // Clear all the PP commands MemorySet(&gp.ppList, 0, sizeof(gp.ppList)); // Any command that is PP_REQUIRED should be SET for(commandIndex = 0; commandIndex < COMMAND_COUNT; commandIndex++) { if(s_commandAttributes[commandIndex] & IS_IMPLEMENTED && s_commandAttributes[commandIndex] & PP_REQUIRED) SET_BIT(commandIndex, gp.ppList); } // Write PP list to NV NV_SYNC_PERSISTENT(ppList); return; } //*** PhysicalPresenceCommandSet() // This function is used to set the indicator that a command requires // PP confirmation. void PhysicalPresenceCommandSet( TPM_CC commandCode // IN: command code ) { COMMAND_INDEX commandIndex = CommandCodeToCommandIndex(commandCode); // if the command isn't implemented, the do nothing if(commandIndex == UNIMPLEMENTED_COMMAND_INDEX) return; // only set the bit if this is a command for which PP is allowed if(s_commandAttributes[commandIndex] & PP_COMMAND) SET_BIT(commandIndex, gp.ppList); return; } //*** PhysicalPresenceCommandClear() // This function is used to clear the indicator that a command requires PP // confirmation. void PhysicalPresenceCommandClear( TPM_CC commandCode // IN: command code ) { COMMAND_INDEX commandIndex = CommandCodeToCommandIndex(commandCode); // If the command isn't implemented, then don't do anything if(commandIndex == UNIMPLEMENTED_COMMAND_INDEX) return; // Only clear the bit if the command does not require PP if((s_commandAttributes[commandIndex] & PP_REQUIRED) == 0) CLEAR_BIT(commandIndex, gp.ppList); return; } //*** PhysicalPresenceIsRequired() // This function indicates if PP confirmation is required for a command. // Return Type: BOOL // TRUE(1) physical presence is required // FALSE(0) physical presence is not required BOOL PhysicalPresenceIsRequired( COMMAND_INDEX commandIndex // IN: command index ) { // Check the bit map. If the bit is SET, PP authorization is required return (TEST_BIT(commandIndex, gp.ppList)); } //*** PhysicalPresenceCapGetCCList() // This function returns a list of commands that require PP confirmation. The // list starts from the first implemented command that has a command code that // the same or greater than 'commandCode'. // Return Type: TPMI_YES_NO // YES if there are more command codes available // NO all the available command codes have been returned TPMI_YES_NO PhysicalPresenceCapGetCCList( TPM_CC commandCode, // IN: start command code UINT32 count, // IN: count of returned TPM_CC TPML_CC *commandList // OUT: list of TPM_CC ) { TPMI_YES_NO more = NO; COMMAND_INDEX commandIndex; // Initialize output handle list commandList->count = 0; // The maximum count of command we may return is MAX_CAP_CC if(count > MAX_CAP_CC) count = MAX_CAP_CC; // Collect PP commands for(commandIndex = GetClosestCommandIndex(commandCode); commandIndex != UNIMPLEMENTED_COMMAND_INDEX; commandIndex = GetNextCommandIndex(commandIndex)) { if(PhysicalPresenceIsRequired(commandIndex)) { if(commandList->count < count) { // If we have not filled up the return list, add this command // code to it commandList->commandCodes[commandList->count] = GetCommandCode(commandIndex); commandList->count++; } else { // If the return list is full but we still have PP command // available, report this and stop iterating more = YES; break; } } } return more; }go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/Session.c000066400000000000000000001157441510276467000266340ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //**Introduction /* The code in this file is used to manage the session context counter. The scheme implemented here is a "truncated counter". This scheme allows the TPM to not need TPM_SU_CLEAR for a very long period of time and still not have the context count for a session repeated. The counter (contextCounter)in this implementation is a UINT64 but can be smaller. The "tracking array" (contextArray) only has 16-bits per context. The tracking array is the data that needs to be saved and restored across TPM_SU_STATE so that sessions are not lost when the system enters the sleep state. Also, when the TPM is active, the tracking array is kept in RAM making it important that the number of bytes for each entry be kept as small as possible. The TPM prevents "collisions" of these truncated values by not allowing a contextID to be assigned if it would be the same as an existing value. Since the array holds 16 bits, after a context has been saved, an additional 2^16-1 contexts may be saved before the count would again match. The normal expectation is that the context will be flushed before its count value is needed again but it is always possible to have long-lived sessions. The contextID is assigned when the context is saved (TPM2_ContextSave()). At that time, the TPM will compare the low-order 16 bits of contextCounter to the existing values in contextArray and if one matches, the TPM will return TPM_RC_CONTEXT_GAP (by construction, the entry that contains the matching value is the oldest context). The expected remediation by the TRM is to load the oldest saved session context (the one found by the TPM), and save it. Since loading the oldest session also eliminates its contextID value from contextArray, there TPM will always be able to load and save the oldest existing context. In the worst case, software may have to load and save several contexts in order to save an additional one. This should happen very infrequently. When the TPM searches contextArray and finds that none of the contextIDs match the low-order 16-bits of contextCount, the TPM can copy the low bits to the contextArray associated with the session, and increment contextCount. There is one entry in contextArray for each of the active sessions allowed by the TPM implementation. This array contains either a context count, an index, or a value indicating the slot is available (0). The index into the contextArray is the handle for the session with the region selector byte of the session set to zero. If an entry in contextArray contains 0, then the corresponding handle may be assigned to a session. If the entry contains a value that is less than or equal to the number of loaded sessions for the TPM, then the array entry is the slot in which the context is loaded. EXAMPLE: If the TPM allows 8 loaded sessions, then the slot numbers would be 1-8 and a contextArrary value in that range would represent the loaded session. NOTE: When the TPM firmware determines that the array entry is for a loaded session, it will subtract 1 to create the zero-based slot number. There is one significant corner case in this scheme. When the contextCount is equal to a value in the contextArray, the oldest session needs to be recycled or flushed. In order to recycle the session, it must be loaded. To be loaded, there must be an available slot. Rather than require that a spare slot be available all the time, the TPM will check to see if the contextCount is equal to some value in the contextArray when a session is created. This prevents the last session slot from being used when it is likely that a session will need to be recycled. If a TPM with both 1.2 and 2.0 functionality uses this scheme for both 1.2 and 2.0 sessions, and the list of active contexts is read with TPM_GetCapabiltiy(), the TPM will create 32-bit representations of the list that contains 16-bit values (the TPM2_GetCapability() returns a list of handles for active sessions rather than a list of contextID). The full contextID has high-order bits that are either the same as the current contextCount or one less. It is one less if the 16-bits of the contextArray has a value that is larger than the low-order 16 bits of contextCount. */ //** Includes, Defines, and Local Variables #define SESSION_C #include "Tpm.h" //** File Scope Function -- ContextIdSetOldest() /* This function is called when the oldest contextID is being loaded or deleted. Once a saved context becomes the oldest, it stays the oldest until it is deleted. Finding the oldest is a bit tricky. It is not just the numeric comparison of values but is dependent on the value of contextCounter. Assume we have a small contextArray with 8, 4-bit values with values 1 and 2 used to indicate the loaded context slot number. Also assume that the array contains hex values of (0 0 1 0 3 0 9 F) and that the contextCounter is an 8-bit counter with a value of 0x37. Since the low nibble is 7, that means that values above 7 are older than values below it and, in this example, 9 is the oldest value. Note if we subtract the counter value, from each slot that contains a saved contextID we get (- - - - B - 2 - 8) and the oldest entry is now easy to find. */ static void ContextIdSetOldest( void ) { CONTEXT_SLOT lowBits; CONTEXT_SLOT entry; CONTEXT_SLOT smallest = ((CONTEXT_SLOT)~0); UINT32 i; // Set oldestSaveContext to a value indicating none assigned s_oldestSavedSession = MAX_ACTIVE_SESSIONS + 1; lowBits = (CONTEXT_SLOT)gr.contextCounter; for(i = 0; i < MAX_ACTIVE_SESSIONS; i++) { entry = gr.contextArray[i]; // only look at entries that are saved contexts if(entry > MAX_LOADED_SESSIONS) { // Use a less than or equal in case the oldest // is brand new (= lowBits-1) and equal to our initial // value for smallest. if(((CONTEXT_SLOT)(entry - lowBits)) <= smallest) { smallest = (entry - lowBits); s_oldestSavedSession = i; } } } // When we finish, either the s_oldestSavedSession still has its initial // value, or it has the index of the oldest saved context. } //** Startup Function -- SessionStartup() // This function initializes the session subsystem on TPM2_Startup(). BOOL SessionStartup( STARTUP_TYPE type ) { UINT32 i; // Initialize session slots. At startup, all the in-memory session slots // are cleared and marked as not occupied for(i = 0; i < MAX_LOADED_SESSIONS; i++) s_sessions[i].occupied = FALSE; // session slot is not occupied // The free session slots the number of maximum allowed loaded sessions s_freeSessionSlots = MAX_LOADED_SESSIONS; // Initialize context ID data. On a ST_SAVE or hibernate sequence, it will // scan the saved array of session context counts, and clear any entry that // references a session that was in memory during the state save since that // memory was not preserved over the ST_SAVE. if(type == SU_RESUME || type == SU_RESTART) { // On ST_SAVE we preserve the contexts that were saved but not the ones // in memory for(i = 0; i < MAX_ACTIVE_SESSIONS; i++) { // If the array value is unused or references a loaded session then // that loaded session context is lost and the array entry is // reclaimed. if(gr.contextArray[i] <= MAX_LOADED_SESSIONS) gr.contextArray[i] = 0; } // Find the oldest session in context ID data and set it in // s_oldestSavedSession ContextIdSetOldest(); } else { // For STARTUP_CLEAR, clear out the contextArray for(i = 0; i < MAX_ACTIVE_SESSIONS; i++) gr.contextArray[i] = 0; // reset the context counter gr.contextCounter = MAX_LOADED_SESSIONS + 1; // Initialize oldest saved session s_oldestSavedSession = MAX_ACTIVE_SESSIONS + 1; } return TRUE; } //************************************************ //** Access Functions //************************************************ //*** SessionIsLoaded() // This function test a session handle references a loaded session. The handle // must have previously been checked to make sure that it is a valid handle for // an authorization session. // NOTE: A PWAP authorization does not have a session. // // Return Type: BOOL // TRUE(1) session is loaded // FALSE(0) session is not loaded // BOOL SessionIsLoaded( TPM_HANDLE handle // IN: session handle ) { pAssert(HandleGetType(handle) == TPM_HT_POLICY_SESSION || HandleGetType(handle) == TPM_HT_HMAC_SESSION); handle = handle & HR_HANDLE_MASK; // if out of range of possible active session, or not assigned to a loaded // session return false if(handle >= MAX_ACTIVE_SESSIONS || gr.contextArray[handle] == 0 || gr.contextArray[handle] > MAX_LOADED_SESSIONS) return FALSE; return TRUE; } //*** SessionIsSaved() // This function test a session handle references a saved session. The handle // must have previously been checked to make sure that it is a valid handle for // an authorization session. // NOTE: An password authorization does not have a session. // // This function requires that the handle be a valid session handle. // // Return Type: BOOL // TRUE(1) session is saved // FALSE(0) session is not saved // BOOL SessionIsSaved( TPM_HANDLE handle // IN: session handle ) { pAssert(HandleGetType(handle) == TPM_HT_POLICY_SESSION || HandleGetType(handle) == TPM_HT_HMAC_SESSION); handle = handle & HR_HANDLE_MASK; // if out of range of possible active session, or not assigned, or // assigned to a loaded session, return false if(handle >= MAX_ACTIVE_SESSIONS || gr.contextArray[handle] == 0 || gr.contextArray[handle] <= MAX_LOADED_SESSIONS ) return FALSE; return TRUE; } //*** SequenceNumberForSavedContextIsValid() // This function validates that the sequence number and handle value within a // saved context are valid. BOOL SequenceNumberForSavedContextIsValid( TPMS_CONTEXT *context // IN: pointer to a context structure to be // validated ) { #define MAX_CONTEXT_GAP ((UINT64)((CONTEXT_SLOT) ~0) + 1) TPM_HANDLE handle = context->savedHandle & HR_HANDLE_MASK; if(// Handle must be with the range of active sessions handle >= MAX_ACTIVE_SESSIONS // the array entry must be for a saved context || gr.contextArray[handle] <= MAX_LOADED_SESSIONS // the array entry must agree with the sequence number || gr.contextArray[handle] != (CONTEXT_SLOT)context->sequence // the provided sequence number has to be less than the current counter || context->sequence > gr.contextCounter // but not so much that it could not be a valid sequence number || gr.contextCounter - context->sequence > MAX_CONTEXT_GAP) return FALSE; return TRUE; } //*** SessionPCRValueIsCurrent() // // This function is used to check if PCR values have been updated since the // last time they were checked in a policy session. // // This function requires the session is loaded. // Return Type: BOOL // TRUE(1) PCR value is current // FALSE(0) PCR value is not current BOOL SessionPCRValueIsCurrent( SESSION *session // IN: session structure ) { if(session->pcrCounter != 0 && session->pcrCounter != gr.pcrCounter ) return FALSE; else return TRUE; } //*** SessionGet() // This function returns a pointer to the session object associated with a // session handle. // // The function requires that the session is loaded. SESSION * SessionGet( TPM_HANDLE handle // IN: session handle ) { size_t slotIndex; CONTEXT_SLOT sessionIndex; pAssert(HandleGetType(handle) == TPM_HT_POLICY_SESSION || HandleGetType(handle) == TPM_HT_HMAC_SESSION ); slotIndex = handle & HR_HANDLE_MASK; pAssert(slotIndex < MAX_ACTIVE_SESSIONS); // get the contents of the session array. Because session is loaded, we // should always get a valid sessionIndex sessionIndex = gr.contextArray[slotIndex] - 1; pAssert(sessionIndex < MAX_LOADED_SESSIONS); return &s_sessions[sessionIndex].session; } //************************************************ //** Utility Functions //************************************************ //*** ContextIdSessionCreate() // // This function is called when a session is created. It will check // to see if the current gap would prevent a context from being saved. If // so it will return TPM_RC_CONTEXT_GAP. Otherwise, it will try to find // an open slot in contextArray, set contextArray to the slot. // // This routine requires that the caller has determined the session array // index for the session. // // Return Type: TPM_RC // TPM_RC_CONTEXT_GAP can't assign a new contextID until the oldest // saved session context is recycled // TPM_RC_SESSION_HANDLE there is no slot available in the context array // for tracking of this session context static TPM_RC ContextIdSessionCreate( TPM_HANDLE *handle, // OUT: receives the assigned handle. This will // be an index that must be adjusted by the // caller according to the type of the // session created UINT32 sessionIndex // IN: The session context array entry that will // be occupied by the created session ) { pAssert(sessionIndex < MAX_LOADED_SESSIONS); // check to see if creating the context is safe // Is this going to be an assignment for the last session context // array entry? If so, then there will be no room to recycle the // oldest context if needed. If the gap is not at maximum, then // it will be possible to save a context if it becomes necessary. if(s_oldestSavedSession < MAX_ACTIVE_SESSIONS && s_freeSessionSlots == 1) { // See if the gap is at maximum // The current value of the contextCounter will be assigned to the next // saved context. If the value to be assigned would make the same as an // existing context, then we can't use it because of the ambiguity it would // create. if((CONTEXT_SLOT)gr.contextCounter == gr.contextArray[s_oldestSavedSession]) return TPM_RC_CONTEXT_GAP; } // Find an unoccupied entry in the contextArray for(*handle = 0; *handle < MAX_ACTIVE_SESSIONS; (*handle)++) { if(gr.contextArray[*handle] == 0) { // indicate that the session associated with this handle // references a loaded session gr.contextArray[*handle] = (CONTEXT_SLOT)(sessionIndex + 1); return TPM_RC_SUCCESS; } } return TPM_RC_SESSION_HANDLES; } //*** SessionCreate() // // This function does the detailed work for starting an authorization session. // This is done in a support routine rather than in the action code because // the session management may differ in implementations. This implementation // uses a fixed memory allocation to hold sessions and a fixed allocation // to hold the contextID for the saved contexts. // // Return Type: TPM_RC // TPM_RC_CONTEXT_GAP need to recycle sessions // TPM_RC_SESSION_HANDLE active session space is full // TPM_RC_SESSION_MEMORY loaded session space is full TPM_RC SessionCreate( TPM_SE sessionType, // IN: the session type TPMI_ALG_HASH authHash, // IN: the hash algorithm TPM2B_NONCE *nonceCaller, // IN: initial nonceCaller TPMT_SYM_DEF *symmetric, // IN: the symmetric algorithm TPMI_DH_ENTITY bind, // IN: the bind object TPM2B_DATA *seed, // IN: seed data TPM_HANDLE *sessionHandle, // OUT: the session handle TPM2B_NONCE *nonceTpm // OUT: the session nonce ) { TPM_RC result = TPM_RC_SUCCESS; CONTEXT_SLOT slotIndex; SESSION *session = NULL; pAssert(sessionType == TPM_SE_HMAC || sessionType == TPM_SE_POLICY || sessionType == TPM_SE_TRIAL); // If there are no open spots in the session array, then no point in searching if(s_freeSessionSlots == 0) return TPM_RC_SESSION_MEMORY; // Find a space for loading a session for(slotIndex = 0; slotIndex < MAX_LOADED_SESSIONS; slotIndex++) { // Is this available? if(s_sessions[slotIndex].occupied == FALSE) { session = &s_sessions[slotIndex].session; break; } } // if no spot found, then this is an internal error if(slotIndex >= MAX_LOADED_SESSIONS) FAIL(FATAL_ERROR_INTERNAL); // Call context ID function to get a handle. TPM_RC_SESSION_HANDLE may be // returned from ContextIdHandelAssign() result = ContextIdSessionCreate(sessionHandle, slotIndex); if(result != TPM_RC_SUCCESS) return result; //*** Only return from this point on is TPM_RC_SUCCESS // Can now indicate that the session array entry is occupied. s_freeSessionSlots--; s_sessions[slotIndex].occupied = TRUE; // Initialize the session data MemorySet(session, 0, sizeof(SESSION)); // Initialize internal session data session->authHashAlg = authHash; // Initialize session type if(sessionType == TPM_SE_HMAC) { *sessionHandle += HMAC_SESSION_FIRST; } else { *sessionHandle += POLICY_SESSION_FIRST; // For TPM_SE_POLICY or TPM_SE_TRIAL session->attributes.isPolicy = SET; if(sessionType == TPM_SE_TRIAL) session->attributes.isTrialPolicy = SET; SessionSetStartTime(session); // Initialize policyDigest. policyDigest is initialized with a string of 0 // of session algorithm digest size. Since the session is already clear. // Just need to set the size session->u2.policyDigest.t.size = CryptHashGetDigestSize(session->authHashAlg); } // Create initial session nonce session->nonceTPM.t.size = nonceCaller->t.size; CryptRandomGenerate(session->nonceTPM.t.size, session->nonceTPM.t.buffer); MemoryCopy2B(&nonceTpm->b, &session->nonceTPM.b, sizeof(nonceTpm->t.buffer)); // Set up session parameter encryption algorithm session->symmetric = *symmetric; // If there is a bind object or a session secret, then need to compute // a sessionKey. if(bind != TPM_RH_NULL || seed->t.size != 0) { // sessionKey = KDFa(hash, (authValue || seed), "ATH", nonceTPM, // nonceCaller, bits) // The HMAC key for generating the sessionSecret can be the concatenation // of an authorization value and a seed value TPM2B_TYPE(KEY, (sizeof(TPMT_HA) + sizeof(seed->t.buffer))); TPM2B_KEY key; // Get hash size, which is also the length of sessionKey session->sessionKey.t.size = CryptHashGetDigestSize(session->authHashAlg); // Get authValue of associated entity EntityGetAuthValue(bind, (TPM2B_AUTH *)&key); pAssert(key.t.size + seed->t.size <= sizeof(key.t.buffer)); // Concatenate authValue and seed MemoryConcat2B(&key.b, &seed->b, sizeof(key.t.buffer)); // Compute the session key CryptKDFa(session->authHashAlg, &key.b, SESSION_KEY, &session->nonceTPM.b, &nonceCaller->b, session->sessionKey.t.size * 8, session->sessionKey.t.buffer, NULL, FALSE); } // Copy the name of the entity that the HMAC session is bound to // Policy session is not bound to an entity if(bind != TPM_RH_NULL && sessionType == TPM_SE_HMAC) { session->attributes.isBound = SET; SessionComputeBoundEntity(bind, &session->u1.boundEntity); } // If there is a bind object and it is subject to DA, then use of this session // is subject to DA regardless of how it is used. session->attributes.isDaBound = (bind != TPM_RH_NULL) && (IsDAExempted(bind) == FALSE); // If the session is bound, then check to see if it is bound to lockoutAuth session->attributes.isLockoutBound = (session->attributes.isDaBound == SET) && (bind == TPM_RH_LOCKOUT); return TPM_RC_SUCCESS; } //*** SessionContextSave() // This function is called when a session context is to be saved. The // contextID of the saved session is returned. If no contextID can be // assigned, then the routine returns TPM_RC_CONTEXT_GAP. // If the function completes normally, the session slot will be freed. // // This function requires that 'handle' references a loaded session. // Otherwise, it should not be called at the first place. // // Return Type: TPM_RC // TPM_RC_CONTEXT_GAP a contextID could not be assigned // TPM_RC_TOO_MANY_CONTEXTS the counter maxed out // TPM_RC SessionContextSave( TPM_HANDLE handle, // IN: session handle CONTEXT_COUNTER *contextID // OUT: assigned contextID ) { UINT32 contextIndex; CONTEXT_SLOT slotIndex; pAssert(SessionIsLoaded(handle)); // check to see if the gap is already maxed out // Need to have a saved session if(s_oldestSavedSession < MAX_ACTIVE_SESSIONS // if the oldest saved session has the same value as the low bits // of the contextCounter, then the GAP is maxed out. && gr.contextArray[s_oldestSavedSession] == (CONTEXT_SLOT)gr.contextCounter) return TPM_RC_CONTEXT_GAP; // if the caller wants the context counter, set it if(contextID != NULL) *contextID = gr.contextCounter; contextIndex = handle & HR_HANDLE_MASK; pAssert(contextIndex < MAX_ACTIVE_SESSIONS); // Extract the session slot number referenced by the contextArray // because we are going to overwrite this with the low order // contextID value. slotIndex = gr.contextArray[contextIndex] - 1; // Set the contextID for the contextArray gr.contextArray[contextIndex] = (CONTEXT_SLOT)gr.contextCounter; // Increment the counter gr.contextCounter++; // In the unlikely event that the 64-bit context counter rolls over... if(gr.contextCounter == 0) { // back it up gr.contextCounter--; // return an error return TPM_RC_TOO_MANY_CONTEXTS; } // if the low-order bits wrapped, need to advance the value to skip over // the values used to indicate that a session is loaded if(((CONTEXT_SLOT)gr.contextCounter) == 0) gr.contextCounter += MAX_LOADED_SESSIONS + 1; // If no other sessions are saved, this is now the oldest. if(s_oldestSavedSession >= MAX_ACTIVE_SESSIONS) s_oldestSavedSession = contextIndex; // Mark the session slot as unoccupied s_sessions[slotIndex].occupied = FALSE; // and indicate that there is an additional open slot s_freeSessionSlots++; return TPM_RC_SUCCESS; } //*** SessionContextLoad() // This function is used to load a session from saved context. The session // handle must be for a saved context. // // If the gap is at a maximum, then the only session that can be loaded is // the oldest session, otherwise TPM_RC_CONTEXT_GAP is returned. /// // This function requires that 'handle' references a valid saved session. // // Return Type: TPM_RC // TPM_RC_SESSION_MEMORY no free session slots // TPM_RC_CONTEXT_GAP the gap count is maximum and this // is not the oldest saved context // TPM_RC SessionContextLoad( SESSION_BUF *session, // IN: session structure from saved context TPM_HANDLE *handle // IN/OUT: session handle ) { UINT32 contextIndex; CONTEXT_SLOT slotIndex; pAssert(HandleGetType(*handle) == TPM_HT_POLICY_SESSION || HandleGetType(*handle) == TPM_HT_HMAC_SESSION); // Don't bother looking if no openings if(s_freeSessionSlots == 0) return TPM_RC_SESSION_MEMORY; // Find a free session slot to load the session for(slotIndex = 0; slotIndex < MAX_LOADED_SESSIONS; slotIndex++) if(s_sessions[slotIndex].occupied == FALSE) break; // if no spot found, then this is an internal error pAssert(slotIndex < MAX_LOADED_SESSIONS); contextIndex = *handle & HR_HANDLE_MASK; // extract the index // If there is only one slot left, and the gap is at maximum, the only session // context that we can safely load is the oldest one. if(s_oldestSavedSession < MAX_ACTIVE_SESSIONS && s_freeSessionSlots == 1 && (CONTEXT_SLOT)gr.contextCounter == gr.contextArray[s_oldestSavedSession] && contextIndex != s_oldestSavedSession) return TPM_RC_CONTEXT_GAP; pAssert(contextIndex < MAX_ACTIVE_SESSIONS); // set the contextArray value to point to the session slot where // the context is loaded gr.contextArray[contextIndex] = slotIndex + 1; // if this was the oldest context, find the new oldest if(contextIndex == s_oldestSavedSession) ContextIdSetOldest(); // Copy session data to session slot MemoryCopy(&s_sessions[slotIndex].session, session, sizeof(SESSION)); // Set session slot as occupied s_sessions[slotIndex].occupied = TRUE; // Reduce the number of open spots s_freeSessionSlots--; return TPM_RC_SUCCESS; } //*** SessionFlush() // This function is used to flush a session referenced by its handle. If the // session associated with 'handle' is loaded, the session array entry is // marked as available. // // This function requires that 'handle' be a valid active session. // void SessionFlush( TPM_HANDLE handle // IN: loaded or saved session handle ) { CONTEXT_SLOT slotIndex; UINT32 contextIndex; // Index into contextArray pAssert((HandleGetType(handle) == TPM_HT_POLICY_SESSION || HandleGetType(handle) == TPM_HT_HMAC_SESSION ) && (SessionIsLoaded(handle) || SessionIsSaved(handle)) ); // Flush context ID of this session // Convert handle to an index into the contextArray contextIndex = handle & HR_HANDLE_MASK; pAssert(contextIndex < sizeof(gr.contextArray) / sizeof(gr.contextArray[0])); // Get the current contents of the array slotIndex = gr.contextArray[contextIndex]; // Mark context array entry as available gr.contextArray[contextIndex] = 0; // Is this a saved session being flushed if(slotIndex > MAX_LOADED_SESSIONS) { // Flushing the oldest session? if(contextIndex == s_oldestSavedSession) // If so, find a new value for oldest. ContextIdSetOldest(); } else { // Adjust slot index to point to session array index slotIndex -= 1; // Free session array index s_sessions[slotIndex].occupied = FALSE; s_freeSessionSlots++; } return; } //*** SessionComputeBoundEntity() // This function computes the binding value for a session. The binding value // for a reserved handle is the handle itself. For all the other entities, // the authValue at the time of binding is included to prevent squatting. // For those values, the Name and the authValue are concatenated // into the bind buffer. If they will not both fit, the will be overlapped // by XORing bytes. If XOR is required, the bind value will be full. void SessionComputeBoundEntity( TPMI_DH_ENTITY entityHandle, // IN: handle of entity TPM2B_NAME *bind // OUT: binding value ) { TPM2B_AUTH auth; BYTE *pAuth = auth.t.buffer; UINT16 i; // Get name EntityGetName(entityHandle, bind); // // The bound value of a reserved handle is the handle itself // if(bind->t.size == sizeof(TPM_HANDLE)) return; // For all the other entities, concatenate the authorization value to the name. // Get a local copy of the authorization value because some overlapping // may be necessary. EntityGetAuthValue(entityHandle, &auth); // Make sure that the extra space is zeroed MemorySet(&bind->t.name[bind->t.size], 0, sizeof(bind->t.name) - bind->t.size); // XOR the authValue at the end of the name for(i = sizeof(bind->t.name) - auth.t.size; i < sizeof(bind->t.name); i++) bind->t.name[i] ^= *pAuth++; // Set the bind value to the maximum size bind->t.size = sizeof(bind->t.name); return; } //*** SessionSetStartTime() // This function is used to initialize the session timing void SessionSetStartTime( SESSION *session // IN: the session to update ) { session->startTime = g_time; session->epoch = g_timeEpoch; session->timeout = 0; } //*** SessionResetPolicyData() // This function is used to reset the policy data without changing the nonce // or the start time of the session. void SessionResetPolicyData( SESSION *session // IN: the session to reset ) { SESSION_ATTRIBUTES oldAttributes; pAssert(session != NULL); // Will need later oldAttributes = session->attributes; // No command session->commandCode = 0; // No locality selected MemorySet(&session->commandLocality, 0, sizeof(session->commandLocality)); // The cpHash size to zero session->u1.cpHash.b.size = 0; // No timeout session->timeout = 0; // Reset the pcrCounter session->pcrCounter = 0; // Reset the policy hash MemorySet(&session->u2.policyDigest.t.buffer, 0, session->u2.policyDigest.t.size); // Reset the session attributes MemorySet(&session->attributes, 0, sizeof(SESSION_ATTRIBUTES)); // Restore the policy attributes session->attributes.isPolicy = SET; session->attributes.isTrialPolicy = oldAttributes.isTrialPolicy; // Restore the bind attributes session->attributes.isDaBound = oldAttributes.isDaBound; session->attributes.isLockoutBound = oldAttributes.isLockoutBound; } //*** SessionCapGetLoaded() // This function returns a list of handles of loaded session, started // from input 'handle' // // 'Handle' must be in valid loaded session handle range, but does not // have to point to a loaded session. // Return Type: TPMI_YES_NO // YES if there are more handles available // NO all the available handles has been returned TPMI_YES_NO SessionCapGetLoaded( TPMI_SH_POLICY handle, // IN: start handle UINT32 count, // IN: count of returned handles TPML_HANDLE *handleList // OUT: list of handle ) { TPMI_YES_NO more = NO; UINT32 i; pAssert(HandleGetType(handle) == TPM_HT_LOADED_SESSION); // Initialize output handle list handleList->count = 0; // The maximum count of handles we may return is MAX_CAP_HANDLES if(count > MAX_CAP_HANDLES) count = MAX_CAP_HANDLES; // Iterate session context ID slots to get loaded session handles for(i = handle & HR_HANDLE_MASK; i < MAX_ACTIVE_SESSIONS; i++) { // If session is active if(gr.contextArray[i] != 0) { // If session is loaded if(gr.contextArray[i] <= MAX_LOADED_SESSIONS) { if(handleList->count < count) { SESSION *session; // If we have not filled up the return list, add this // session handle to it // assume that this is going to be an HMAC session handle = i + HMAC_SESSION_FIRST; session = SessionGet(handle); if(session->attributes.isPolicy) handle = i + POLICY_SESSION_FIRST; handleList->handle[handleList->count] = handle; handleList->count++; } else { // If the return list is full but we still have loaded object // available, report this and stop iterating more = YES; break; } } } } return more; } //*** SessionCapGetSaved() // This function returns a list of handles for saved session, starting at // 'handle'. // // 'Handle' must be in a valid handle range, but does not have to point to a // saved session // // Return Type: TPMI_YES_NO // YES if there are more handles available // NO all the available handles has been returned TPMI_YES_NO SessionCapGetSaved( TPMI_SH_HMAC handle, // IN: start handle UINT32 count, // IN: count of returned handles TPML_HANDLE *handleList // OUT: list of handle ) { TPMI_YES_NO more = NO; UINT32 i; #ifdef TPM_HT_SAVED_SESSION pAssert(HandleGetType(handle) == TPM_HT_SAVED_SESSION); #else pAssert(HandleGetType(handle) == TPM_HT_ACTIVE_SESSION); #endif // Initialize output handle list handleList->count = 0; // The maximum count of handles we may return is MAX_CAP_HANDLES if(count > MAX_CAP_HANDLES) count = MAX_CAP_HANDLES; // Iterate session context ID slots to get loaded session handles for(i = handle & HR_HANDLE_MASK; i < MAX_ACTIVE_SESSIONS; i++) { // If session is active if(gr.contextArray[i] != 0) { // If session is saved if(gr.contextArray[i] > MAX_LOADED_SESSIONS) { if(handleList->count < count) { // If we have not filled up the return list, add this // session handle to it handleList->handle[handleList->count] = i + HMAC_SESSION_FIRST; handleList->count++; } else { // If the return list is full but we still have loaded object // available, report this and stop iterating more = YES; break; } } } } return more; } //*** SessionCapGetLoadedNumber() // This function return the number of authorization sessions currently // loaded into TPM RAM. UINT32 SessionCapGetLoadedNumber( void ) { return MAX_LOADED_SESSIONS - s_freeSessionSlots; } //*** SessionCapGetLoadedAvail() // This function returns the number of additional authorization sessions, of // any type, that could be loaded into TPM RAM. // NOTE: In other implementations, this number may just be an estimate. The only // requirement for the estimate is, if it is one or more, then at least one // session must be loadable. UINT32 SessionCapGetLoadedAvail( void ) { return s_freeSessionSlots; } //*** SessionCapGetActiveNumber() // This function returns the number of active authorization sessions currently // being tracked by the TPM. UINT32 SessionCapGetActiveNumber( void ) { UINT32 i; UINT32 num = 0; // Iterate the context array to find the number of non-zero slots for(i = 0; i < MAX_ACTIVE_SESSIONS; i++) { if(gr.contextArray[i] != 0) num++; } return num; } //*** SessionCapGetActiveAvail() // This function returns the number of additional authorization sessions, of any // type, that could be created. This not the number of slots for sessions, but // the number of additional sessions that the TPM is capable of tracking. UINT32 SessionCapGetActiveAvail( void ) { UINT32 i; UINT32 num = 0; // Iterate the context array to find the number of zero slots for(i = 0; i < MAX_ACTIVE_SESSIONS; i++) { if(gr.contextArray[i] == 0) num++; } return num; }go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/subsystem/Time.c000066400000000000000000000224161510276467000261000ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Introduction // This file contains the functions relating to the TPM's time functions including // the interface to the implementation-specific time functions. // //** Includes #include "Tpm.h" #include "PlatformData.h" //** Functions //*** TimePowerOn() // This function initialize time info at _TPM_Init(). // // This function is called at _TPM_Init() so that the TPM time can start counting // as soon as the TPM comes out of reset and doesn't have to wait until // TPM2_Startup() in order to begin the new time epoch. This could be significant // for systems that could get powered up but not run any TPM commands for some // period of time. // void TimePowerOn( void ) { g_time = _plat__TimerRead(); } //*** TimeNewEpoch() // This function does the processing to generate a new time epoch nonce and // set NV for update. This function is only called when NV is known to be available // and the clock is running. The epoch is updated to persistent data. static void TimeNewEpoch( void ) { #if CLOCK_STOPS CryptRandomGenerate(sizeof(CLOCK_NONCE), (BYTE *)&g_timeEpoch); #else // if the epoch is kept in NV, update it. gp.timeEpoch++; NV_SYNC_PERSISTENT(timeEpoch); #endif // Clean out any lingering state _plat__TimerWasStopped(); } //*** TimeStartup() // This function updates the resetCount and restartCount components of // TPMS_CLOCK_INFO structure at TPM2_Startup(). // // This function will deal with the deferred creation of a new epoch. // TimeUpdateToCurrent() will not start a new epoch even if one is due when // TPM_Startup() has not been run. This is because the state of NV is not known // until startup completes. When Startup is done, then it will create the epoch // nonce to complete the initializations by calling this function. BOOL TimeStartup( STARTUP_TYPE type // IN: start up type ) { NOT_REFERENCED(type); // If the previous cycle is orderly shut down, the value of the safe bit // the same as previously saved. Otherwise, it is not safe. if(!NV_IS_ORDERLY) go.clockSafe = NO; return TRUE; } //*** TimeClockUpdate() // This function updates go.clock. If 'newTime' requires an update of NV, then // NV is checked for availability. If it is not available or is rate limiting, then // go.clock is not updated and the function returns an error. If 'newTime' would // not cause an NV write, then go.clock is updated. If an NV write occurs, then // go.safe is SET. void TimeClockUpdate( UINT64 newTime // IN: New time value in mS. ) { #define CLOCK_UPDATE_MASK ((1ULL << NV_CLOCK_UPDATE_INTERVAL)- 1) // Check to see if the update will cause a need for an nvClock update if((newTime | CLOCK_UPDATE_MASK) > (go.clock | CLOCK_UPDATE_MASK)) { pAssert(g_NvStatus == TPM_RC_SUCCESS); // Going to update the NV time state so SET the safe flag go.clockSafe = YES; // update the time go.clock = newTime; NvWrite(NV_ORDERLY_DATA, sizeof(go), &go); } else // No NV update needed so just update go.clock = newTime; } //*** TimeUpdate() // This function is used to update the time and clock values. If the TPM // has run TPM2_Startup(), this function is called at the start of each command. // If the TPM has not run TPM2_Startup(), this is called from TPM2_Startup() to // get the clock values initialized. It is not called on command entry because, in // this implementation, the go structure is not read from NV until TPM2_Startup(). // The reason for this is that the initialization code (_TPM_Init()) may run before // NV is accessible. void TimeUpdate( void ) { UINT64 elapsed; // // Make sure that we consume the current _plat__TimerWasStopped() state. if(_plat__TimerWasStopped()) { TimeNewEpoch(); } // Get the difference between this call and the last time we updated the tick // timer. elapsed = _plat__TimerRead() - g_time; // Don't read + g_time += elapsed; // Don't need to check the result because it has to be success because have // already checked that NV is available. TimeClockUpdate(go.clock + elapsed); // Call self healing logic for dictionary attack parameters DASelfHeal(); } //*** TimeUpdateToCurrent() // This function updates the 'Time' and 'Clock' in the global // TPMS_TIME_INFO structure. // // In this implementation, 'Time' and 'Clock' are updated at the beginning // of each command and the values are unchanged for the duration of the // command. // // Because 'Clock' updates may require a write to NV memory, 'Time' and 'Clock' // are not allowed to advance if NV is not available. When clock is not advancing, // any function that uses 'Clock' will fail and return TPM_RC_NV_UNAVAILABLE or // TPM_RC_NV_RATE. // // This implementation does not do rate limiting. If the implementation does do // rate limiting, then the 'Clock' update should not be inhibited even when doing // rate limiting. void TimeUpdateToCurrent( void ) { // Can't update time during the dark interval or when rate limiting so don't // make any modifications to the internal clock value. Also, defer any clock // processing until TPM has run TPM2_Startup() if(!NV_IS_AVAILABLE || !TPMIsStarted()) return; TimeUpdate(); } //*** TimeSetAdjustRate() // This function is used to perform rate adjustment on 'Time' and 'Clock'. void TimeSetAdjustRate( TPM_CLOCK_ADJUST adjust // IN: adjust constant ) { switch(adjust) { case TPM_CLOCK_COARSE_SLOWER: _plat__ClockAdjustRate(CLOCK_ADJUST_COARSE); break; case TPM_CLOCK_COARSE_FASTER: _plat__ClockAdjustRate(-CLOCK_ADJUST_COARSE); break; case TPM_CLOCK_MEDIUM_SLOWER: _plat__ClockAdjustRate(CLOCK_ADJUST_MEDIUM); break; case TPM_CLOCK_MEDIUM_FASTER: _plat__ClockAdjustRate(-CLOCK_ADJUST_MEDIUM); break; case TPM_CLOCK_FINE_SLOWER: _plat__ClockAdjustRate(CLOCK_ADJUST_FINE); break; case TPM_CLOCK_FINE_FASTER: _plat__ClockAdjustRate(-CLOCK_ADJUST_FINE); break; case TPM_CLOCK_NO_CHANGE: break; default: FAIL(FATAL_ERROR_INTERNAL); break; } return; } //*** TimeGetMarshaled() // This function is used to access TPMS_TIME_INFO in canonical form. // The function collects the time information and marshals it into 'dataBuffer' // and returns the marshaled size UINT16 TimeGetMarshaled( TIME_INFO *dataBuffer // OUT: result buffer ) { TPMS_TIME_INFO timeInfo; // Fill TPMS_TIME_INFO structure timeInfo.time = g_time; TimeFillInfo(&timeInfo.clockInfo); // Marshal TPMS_TIME_INFO to canonical form return TPMS_TIME_INFO_Marshal(&timeInfo, (BYTE **)&dataBuffer, NULL); } //*** TimeFillInfo // This function gathers information to fill in a TPMS_CLOCK_INFO structure. void TimeFillInfo( TPMS_CLOCK_INFO *clockInfo ) { clockInfo->clock = go.clock; clockInfo->resetCount = gp.resetCount; clockInfo->restartCount = gr.restartCount; // If NV is not available, clock stopped advancing and the value reported is // not "safe". if(NV_IS_AVAILABLE) clockInfo->safe = go.clockSafe; else clockInfo->safe = NO; return; }go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/000077500000000000000000000000001510276467000245075ustar00rootroot00000000000000go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/AlgorithmCap.c000066400000000000000000000204601510276467000272270ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Description // This file contains the algorithm property definitions for the algorithms and the // code for the TPM2_GetCapability() to return the algorithm properties. //** Includes and Defines #include "Tpm.h" typedef struct { TPM_ALG_ID algID; TPMA_ALGORITHM attributes; } ALGORITHM; static const ALGORITHM s_algorithms[] = { // The entries in this table need to be in ascending order but the table doesn't // need to be full (gaps are allowed). One day, a tool might exist to fill in the // table from the TPM_ALG description #if ALG_RSA {TPM_ALG_RSA, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 1, 0, 0, 0, 0, 0)}, #endif #if ALG_TDES {TPM_ALG_TDES, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 0, 0, 0)}, #endif #if ALG_SHA1 {TPM_ALG_SHA1, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 0, 0)}, #endif {TPM_ALG_HMAC, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 1, 0, 0, 0)}, #if ALG_AES {TPM_ALG_AES, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 0, 0, 0)}, #endif #if ALG_MGF1 {TPM_ALG_MGF1, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 1, 0)}, #endif {TPM_ALG_KEYEDHASH, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 1, 0, 1, 1, 0, 0)}, #if ALG_XOR {TPM_ALG_XOR, TPMA_ALGORITHM_INITIALIZER(0, 1, 1, 0, 0, 0, 0, 0, 0)}, #endif #if ALG_SHA256 {TPM_ALG_SHA256, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 0, 0)}, #endif #if ALG_SHA384 {TPM_ALG_SHA384, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 0, 0)}, #endif #if ALG_SHA512 {TPM_ALG_SHA512, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 0, 0)}, #endif #if ALG_SM3_256 {TPM_ALG_SM3_256, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 0, 0)}, #endif #if ALG_SM4 {TPM_ALG_SM4, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 0, 0, 0)}, #endif #if ALG_RSASSA {TPM_ALG_RSASSA, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 1, 0, 0, 0)}, #endif #if ALG_RSAES {TPM_ALG_RSAES, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 0, 1, 0, 0)}, #endif #if ALG_RSAPSS {TPM_ALG_RSAPSS, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 1, 0, 0, 0)}, #endif #if ALG_OAEP {TPM_ALG_OAEP, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 0, 1, 0, 0)}, #endif #if ALG_ECDSA {TPM_ALG_ECDSA, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 1, 0, 1, 0)}, #endif #if ALG_ECDH {TPM_ALG_ECDH, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 0, 0, 1, 0)}, #endif #if ALG_ECDAA {TPM_ALG_ECDAA, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 1, 0, 0, 0)}, #endif #if ALG_SM2 {TPM_ALG_SM2, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 1, 0, 1, 0)}, #endif #if ALG_ECSCHNORR {TPM_ALG_ECSCHNORR, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 1, 0, 0, 0)}, #endif #if ALG_ECMQV {TPM_ALG_ECMQV, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 0, 0, 0, 0, 1, 0)}, #endif #if ALG_KDF1_SP800_56A {TPM_ALG_KDF1_SP800_56A, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 1, 0)}, #endif #if ALG_KDF2 {TPM_ALG_KDF2, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 1, 0)}, #endif #if ALG_KDF1_SP800_108 {TPM_ALG_KDF1_SP800_108, TPMA_ALGORITHM_INITIALIZER(0, 0, 1, 0, 0, 0, 0, 1, 0)}, #endif #if ALG_ECC {TPM_ALG_ECC, TPMA_ALGORITHM_INITIALIZER(1, 0, 0, 1, 0, 0, 0, 0, 0)}, #endif {TPM_ALG_SYMCIPHER, TPMA_ALGORITHM_INITIALIZER(0, 0, 0, 1, 0, 0, 0, 0, 0)}, #if ALG_CAMELLIA {TPM_ALG_CAMELLIA, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 0, 0, 0)}, #endif #if ALG_CMAC {TPM_ALG_CMAC, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 1, 0, 0, 0)}, #endif #if ALG_CTR {TPM_ALG_CTR, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 1, 0, 0)}, #endif #if ALG_OFB {TPM_ALG_OFB, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 1, 0, 0)}, #endif #if ALG_CBC {TPM_ALG_CBC, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 1, 0, 0)}, #endif #if ALG_CFB {TPM_ALG_CFB, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 1, 0, 0)}, #endif #if ALG_ECB {TPM_ALG_ECB, TPMA_ALGORITHM_INITIALIZER(0, 1, 0, 0, 0, 0, 1, 0, 0)}, #endif }; //** AlgorithmCapGetImplemented() // This function is used by TPM2_GetCapability() to return a list of the // implemented algorithms. // Return Type: TPMI_YES_NO // YES more algorithms to report // NO no more algorithms to report TPMI_YES_NO AlgorithmCapGetImplemented( TPM_ALG_ID algID, // IN: the starting algorithm ID UINT32 count, // IN: count of returned algorithms TPML_ALG_PROPERTY *algList // OUT: algorithm list ) { TPMI_YES_NO more = NO; UINT32 i; UINT32 algNum; // initialize output algorithm list algList->count = 0; // The maximum count of algorithms we may return is MAX_CAP_ALGS. if(count > MAX_CAP_ALGS) count = MAX_CAP_ALGS; // Compute how many algorithms are defined in s_algorithms array. algNum = sizeof(s_algorithms) / sizeof(s_algorithms[0]); // Scan the implemented algorithm list to see if there is a match to 'algID'. for(i = 0; i < algNum; i++) { // If algID is less than the starting algorithm ID, skip it if(s_algorithms[i].algID < algID) continue; if(algList->count < count) { // If we have not filled up the return list, add more algorithms // to it algList->algProperties[algList->count].alg = s_algorithms[i].algID; algList->algProperties[algList->count].algProperties = s_algorithms[i].attributes; algList->count++; } else { // If the return list is full but we still have algorithms // available, report this and stop scanning. more = YES; break; } } return more; } //** AlgorithmGetImplementedVector() // This function returns the bit vector of the implemented algorithms. LIB_EXPORT void AlgorithmGetImplementedVector( ALGORITHM_VECTOR *implemented // OUT: the implemented bits are SET ) { int index; // Nothing implemented until we say it is MemorySet(implemented, 0, sizeof(ALGORITHM_VECTOR)); for(index = (sizeof(s_algorithms) / sizeof(s_algorithms[0])) - 1; index >= 0; index--) SET_BIT(s_algorithms[index].algID, *implemented); return; }go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Bits.c000066400000000000000000000067531510276467000255670ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Introduction // This file contains bit manipulation routines. They operate on bit arrays. // // The 0th bit in the array is the right-most bit in the 0th octet in // the array. // // NOTE: If pAssert() is defined, the functions will assert if the indicated bit // number is outside of the range of 'bArray'. How the assert is handled is // implementation dependent. //** Includes #include "Tpm.h" //** Functions //*** TestBit() // This function is used to check the setting of a bit in an array of bits. // Return Type: BOOL // TRUE(1) bit is set // FALSE(0) bit is not set BOOL TestBit( unsigned int bitNum, // IN: number of the bit in 'bArray' BYTE *bArray, // IN: array containing the bits unsigned int bytesInArray // IN: size in bytes of 'bArray' ) { pAssert(bytesInArray > (bitNum >> 3)); return((bArray[bitNum >> 3] & (1 << (bitNum & 7))) != 0); } //*** SetBit() // This function will set the indicated bit in 'bArray'. void SetBit( unsigned int bitNum, // IN: number of the bit in 'bArray' BYTE *bArray, // IN: array containing the bits unsigned int bytesInArray // IN: size in bytes of 'bArray' ) { pAssert(bytesInArray > (bitNum >> 3)); bArray[bitNum >> 3] |= (1 << (bitNum & 7)); } //*** ClearBit() // This function will clear the indicated bit in 'bArray'. void ClearBit( unsigned int bitNum, // IN: number of the bit in 'bArray'. BYTE *bArray, // IN: array containing the bits unsigned int bytesInArray // IN: size in bytes of 'bArray' ) { pAssert(bytesInArray > (bitNum >> 3)); bArray[bitNum >> 3] &= ~(1 << (bitNum & 7)); } go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/CommandCodeAttributes.c000066400000000000000000000511761510276467000311050ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Introduction // This file contains the functions for testing various command properties. //** Includes and Defines #include "Tpm.h" #include "CommandCodeAttributes_fp.h" // Set the default value for CC_VEND if not already set #ifndef CC_VEND #define CC_VEND (TPM_CC)(0x20000000) #endif typedef UINT16 ATTRIBUTE_TYPE; // The following file is produced from the command tables in part 3 of the // specification. It defines the attributes for each of the commands. // NOTE: This file is currently produced by an automated process. Files // produced from Part 2 or Part 3 tables through automated processes are not // included in the specification so that their is no ambiguity about the // table containing the information being the normative definition. #define _COMMAND_CODE_ATTRIBUTES_ #include "CommandAttributeData.h" //** Command Attribute Functions //*** NextImplementedIndex() // This function is used when the lists are not compressed. In a compressed list, // only the implemented commands are present. So, a search might find a value // but that value may not be implemented. This function checks to see if the input // commandIndex points to an implemented command and, if not, it searches upwards // until it finds one. When the list is compressed, this function gets defined // as a no-op. // Return Type: COMMAND_INDEX // UNIMPLEMENTED_COMMAND_INDEX command is not implemented // other index of the command #if !COMPRESSED_LISTS static COMMAND_INDEX NextImplementedIndex( COMMAND_INDEX commandIndex ) { for(;commandIndex < COMMAND_COUNT; commandIndex++) { if(s_commandAttributes[commandIndex] & IS_IMPLEMENTED) return commandIndex; } return UNIMPLEMENTED_COMMAND_INDEX; } #else #define NextImplementedIndex(x) (x) #endif //*** GetClosestCommandIndex() // This function returns the command index for the command with a value that is // equal to or greater than the input value // Return Type: COMMAND_INDEX // UNIMPLEMENTED_COMMAND_INDEX command is not implemented // other index of a command COMMAND_INDEX GetClosestCommandIndex( TPM_CC commandCode // IN: the command code to start at ) { BOOL vendor = (commandCode & CC_VEND) != 0; COMMAND_INDEX searchIndex = (COMMAND_INDEX)commandCode; // The commandCode is a UINT32 and the search index is UINT16. We are going to // search for a match but need to make sure that the commandCode value is not // out of range. To do this, need to clear the vendor bit of the commandCode // (if set) and compare the result to the 16-bit searchIndex value. If it is // out of range, indicate that the command is not implemented if((commandCode & ~CC_VEND) != searchIndex) return UNIMPLEMENTED_COMMAND_INDEX; // if there is at least one vendor command, the last entry in the array will // have the v bit set. If the input commandCode is larger than the last // vendor-command, then it is out of range. if(vendor) { #if VENDOR_COMMAND_ARRAY_SIZE > 0 COMMAND_INDEX commandIndex; COMMAND_INDEX min; COMMAND_INDEX max; int diff; #if LIBRARY_COMMAND_ARRAY_SIZE == COMMAND_COUNT #error "Constants are not consistent." #endif // Check to see if the value is equal to or below the minimum // entry. // Note: Put this check first so that the typical case of only one vendor- // specific command doesn't waste any more time. if(GET_ATTRIBUTE(s_ccAttr[LIBRARY_COMMAND_ARRAY_SIZE], TPMA_CC, commandIndex) >= searchIndex) { // the vendor array is always assumed to be packed so there is // no need to check to see if the command is implemented return LIBRARY_COMMAND_ARRAY_SIZE; } // See if this is out of range on the top if(GET_ATTRIBUTE(s_ccAttr[COMMAND_COUNT - 1], TPMA_CC, commandIndex) < searchIndex) { return UNIMPLEMENTED_COMMAND_INDEX; } commandIndex = UNIMPLEMENTED_COMMAND_INDEX; // Needs initialization to keep // compiler happy min = LIBRARY_COMMAND_ARRAY_SIZE; // first vendor command max = COMMAND_COUNT - 1; // last vendor command diff = 1; // needs initialization to keep // compiler happy while(min <= max) { commandIndex = (min + max + 1) / 2; diff = GET_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, commandIndex) - searchIndex; if(diff == 0) return commandIndex; if(diff > 0) max = commandIndex - 1; else min = commandIndex + 1; } // didn't find and exact match. commandIndex will be pointing at the last // item tested. If 'diff' is positive, then the last item tested was // larger index of the command code so it is the smallest value // larger than the requested value. if(diff > 0) return commandIndex; // if 'diff' is negative, then the value tested was smaller than // the commandCode index and the next higher value is the correct one. // Note: this will necessarily be in range because of the earlier check // that the index was within range. return commandIndex + 1; #else // If there are no vendor commands so anything with the vendor bit set is out // of range return UNIMPLEMENTED_COMMAND_INDEX; #endif } // Get here if the V-Bit was not set in 'commandCode' if(GET_ATTRIBUTE(s_ccAttr[LIBRARY_COMMAND_ARRAY_SIZE - 1], TPMA_CC, commandIndex) < searchIndex) { // requested index is out of the range to the top #if VENDOR_COMMAND_ARRAY_SIZE > 0 // If there are vendor commands, then the first vendor command // is the next value greater than the commandCode. // NOTE: we got here if the starting index did not have the V bit but we // reached the end of the array of library commands (non-vendor). Since // there is at least one vendor command, and vendor commands are always // in a compressed list that starts after the library list, the next // index value contains a valid vendor command. return LIBRARY_COMMAND_ARRAY_SIZE; #else // if there are no vendor commands, then this is out of range return UNIMPLEMENTED_COMMAND_INDEX; #endif } // If the request is lower than any value in the array, then return // the lowest value (needs to be an index for an implemented command if(GET_ATTRIBUTE(s_ccAttr[0], TPMA_CC, commandIndex) >= searchIndex) { return NextImplementedIndex(0); } else { #if COMPRESSED_LISTS COMMAND_INDEX commandIndex = UNIMPLEMENTED_COMMAND_INDEX; COMMAND_INDEX min = 0; COMMAND_INDEX max = LIBRARY_COMMAND_ARRAY_SIZE - 1; int diff = 1; #if LIBRARY_COMMAND_ARRAY_SIZE == 0 #error "Something is terribly wrong" #endif // The s_ccAttr array contains an extra entry at the end (a zero value). // Don't count this as an array entry. This means that max should start // out pointing to the last valid entry in the array which is - 2 pAssert(max == (sizeof(s_ccAttr) / sizeof(TPMA_CC) - VENDOR_COMMAND_ARRAY_SIZE - 2)); while(min <= max) { commandIndex = (min + max + 1) / 2; diff = GET_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, commandIndex) - searchIndex; if(diff == 0) return commandIndex; if(diff > 0) max = commandIndex - 1; else min = commandIndex + 1; } // didn't find and exact match. commandIndex will be pointing at the // last item tested. If diff is positive, then the last item tested was // larger index of the command code so it is the smallest value // larger than the requested value. if(diff > 0) return commandIndex; // if diff is negative, then the value tested was smaller than // the commandCode index and the next higher value is the correct one. // Note: this will necessarily be in range because of the earlier check // that the index was within range. return commandIndex + 1; #else // The list is not compressed so offset into the array by the command // code value of the first entry in the list. Then go find the first // implemented command. return NextImplementedIndex(searchIndex - (COMMAND_INDEX)s_ccAttr[0].commandIndex); #endif } } //*** CommandCodeToComandIndex() // This function returns the index in the various attributes arrays of the // command. // Return Type: COMMAND_INDEX // UNIMPLEMENTED_COMMAND_INDEX command is not implemented // other index of the command COMMAND_INDEX CommandCodeToCommandIndex( TPM_CC commandCode // IN: the command code to look up ) { // Extract the low 16-bits of the command code to get the starting search index COMMAND_INDEX searchIndex = (COMMAND_INDEX)commandCode; BOOL vendor = (commandCode & CC_VEND) != 0; COMMAND_INDEX commandIndex; #if !COMPRESSED_LISTS if(!vendor) { commandIndex = searchIndex - (COMMAND_INDEX)s_ccAttr[0].commandIndex; // Check for out of range or unimplemented. // Note, since a COMMAND_INDEX is unsigned, if searchIndex is smaller than // the lowest value of command, it will become a 'negative' number making // it look like a large unsigned number, this will cause it to fail // the unsigned check below. if(commandIndex >= LIBRARY_COMMAND_ARRAY_SIZE || (s_commandAttributes[commandIndex] & IS_IMPLEMENTED) == 0) return UNIMPLEMENTED_COMMAND_INDEX; return commandIndex; } #endif // Need this code for any vendor code lookup or for compressed lists commandIndex = GetClosestCommandIndex(commandCode); // Look at the returned value from get closest. If it isn't the one that was // requested, then the command is not implemented. if(commandIndex != UNIMPLEMENTED_COMMAND_INDEX) { if((GET_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, commandIndex) != searchIndex) || (IS_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, V)) != vendor) commandIndex = UNIMPLEMENTED_COMMAND_INDEX; } return commandIndex; } //*** GetNextCommandIndex() // This function returns the index of the next implemented command. // Return Type: COMMAND_INDEX // UNIMPLEMENTED_COMMAND_INDEX no more implemented commands // other the index of the next implemented command COMMAND_INDEX GetNextCommandIndex( COMMAND_INDEX commandIndex // IN: the starting index ) { while(++commandIndex < COMMAND_COUNT) { #if !COMPRESSED_LISTS if(s_commandAttributes[commandIndex] & IS_IMPLEMENTED) #endif return commandIndex; } return UNIMPLEMENTED_COMMAND_INDEX; } //*** GetCommandCode() // This function returns the commandCode associated with the command index TPM_CC GetCommandCode( COMMAND_INDEX commandIndex // IN: the command index ) { TPM_CC commandCode = GET_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, commandIndex); if(IS_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, V)) commandCode += CC_VEND; return commandCode; } //*** CommandAuthRole() // // This function returns the authorization role required of a handle. // // Return Type: AUTH_ROLE // AUTH_NONE no authorization is required // AUTH_USER user role authorization is required // AUTH_ADMIN admin role authorization is required // AUTH_DUP duplication role authorization is required AUTH_ROLE CommandAuthRole( COMMAND_INDEX commandIndex, // IN: command index UINT32 handleIndex // IN: handle index (zero based) ) { if(0 == handleIndex) { // Any authorization role set? COMMAND_ATTRIBUTES properties = s_commandAttributes[commandIndex]; if(properties & HANDLE_1_USER) return AUTH_USER; if(properties & HANDLE_1_ADMIN) return AUTH_ADMIN; if(properties & HANDLE_1_DUP) return AUTH_DUP; } else if(1 == handleIndex) { if(s_commandAttributes[commandIndex] & HANDLE_2_USER) return AUTH_USER; } return AUTH_NONE; } //*** EncryptSize() // This function returns the size of the decrypt size field. This function returns // 0 if encryption is not allowed // Return Type: int // 0 encryption not allowed // 2 size field is two bytes // 4 size field is four bytes int EncryptSize( COMMAND_INDEX commandIndex // IN: command index ) { return ((s_commandAttributes[commandIndex] & ENCRYPT_2) ? 2 : (s_commandAttributes[commandIndex] & ENCRYPT_4) ? 4 : 0); } //*** DecryptSize() // This function returns the size of the decrypt size field. This function returns // 0 if decryption is not allowed // Return Type: int // 0 encryption not allowed // 2 size field is two bytes // 4 size field is four bytes int DecryptSize( COMMAND_INDEX commandIndex // IN: command index ) { return ((s_commandAttributes[commandIndex] & DECRYPT_2) ? 2 : (s_commandAttributes[commandIndex] & DECRYPT_4) ? 4 : 0); } //*** IsSessionAllowed() // // This function indicates if the command is allowed to have sessions. // // This function must not be called if the command is not known to be implemented. // // Return Type: BOOL // TRUE(1) session is allowed with this command // FALSE(0) session is not allowed with this command BOOL IsSessionAllowed( COMMAND_INDEX commandIndex // IN: the command to be checked ) { return ((s_commandAttributes[commandIndex] & NO_SESSIONS) == 0); } //*** IsHandleInResponse() // This function determines if a command has a handle in the response BOOL IsHandleInResponse( COMMAND_INDEX commandIndex ) { return ((s_commandAttributes[commandIndex] & R_HANDLE) != 0); } //*** IsWriteOperation() // Checks to see if an operation will write to an NV Index and is subject to being // blocked by read-lock BOOL IsWriteOperation( COMMAND_INDEX commandIndex // IN: Command to check ) { #ifdef WRITE_LOCK return ((s_commandAttributes[commandIndex] & WRITE_LOCK) != 0); #else if(!IS_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, V)) { switch(GET_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, commandIndex)) { case TPM_CC_NV_Write: #if CC_NV_Increment case TPM_CC_NV_Increment: #endif #if CC_NV_SetBits case TPM_CC_NV_SetBits: #endif #if CC_NV_Extend case TPM_CC_NV_Extend: #endif #if CC_AC_Send case TPM_CC_AC_Send: #endif // NV write lock counts as a write operation for authorization purposes. // We check to see if the NV is write locked before we do the // authorization. If it is locked, we fail the command early. case TPM_CC_NV_WriteLock: return TRUE; default: break; } } return FALSE; #endif } //*** IsReadOperation() // Checks to see if an operation will write to an NV Index and is // subject to being blocked by write-lock. BOOL IsReadOperation( COMMAND_INDEX commandIndex // IN: Command to check ) { #ifdef READ_LOCK return ((s_commandAttributes[commandIndex] & READ_LOCK) != 0); #else if(!IS_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, V)) { switch(GET_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, commandIndex)) { case TPM_CC_NV_Read: case TPM_CC_PolicyNV: case TPM_CC_NV_Certify: // NV read lock counts as a read operation for authorization purposes. // We check to see if the NV is read locked before we do the // authorization. If it is locked, we fail the command early. case TPM_CC_NV_ReadLock: return TRUE; default: break; } } return FALSE; #endif } //*** CommandCapGetCCList() // This function returns a list of implemented commands and command attributes // starting from the command in 'commandCode'. // Return Type: TPMI_YES_NO // YES more command attributes are available // NO no more command attributes are available TPMI_YES_NO CommandCapGetCCList( TPM_CC commandCode, // IN: start command code UINT32 count, // IN: maximum count for number of entries in // 'commandList' TPML_CCA *commandList // OUT: list of TPMA_CC ) { TPMI_YES_NO more = NO; COMMAND_INDEX commandIndex; // initialize output handle list count commandList->count = 0; for(commandIndex = GetClosestCommandIndex(commandCode); commandIndex != UNIMPLEMENTED_COMMAND_INDEX; commandIndex = GetNextCommandIndex(commandIndex)) { #if !COMPRESSED_LISTS // this check isn't needed for compressed lists. if(!(s_commandAttributes[commandIndex] & IS_IMPLEMENTED)) continue; #endif if(commandList->count < count) { // If the list is not full, add the attributes for this command. commandList->commandAttributes[commandList->count] = s_ccAttr[commandIndex]; commandList->count++; } else { // If the list is full but there are more commands to report, // indicate this and return. more = YES; break; } } return more; } //*** IsVendorCommand() // Function indicates if a command index references a vendor command. // Return Type: BOOL // TRUE(1) command is a vendor command // FALSE(0) command is not a vendor command BOOL IsVendorCommand( COMMAND_INDEX commandIndex // IN: command index to check ) { return (IS_ATTRIBUTE(s_ccAttr[commandIndex], TPMA_CC, V)); } go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Entity.c000066400000000000000000000437731510276467000261450ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Description // The functions in this file are used for accessing properties for handles of // various types. Functions in other files require handles of a specific // type but the functions in this file allow use of any handle type. //** Includes #include "Tpm.h" //** Functions //*** EntityGetLoadStatus() // This function will check that all the handles access loaded entities. // Return Type: TPM_RC // TPM_RC_HANDLE handle type does not match // TPM_RC_REFERENCE_Hx entity is not present // TPM_RC_HIERARCHY entity belongs to a disabled hierarchy // TPM_RC_OBJECT_MEMORY handle is an evict object but there is no // space to load it to RAM TPM_RC EntityGetLoadStatus( COMMAND *command // IN/OUT: command parsing structure ) { UINT32 i; TPM_RC result = TPM_RC_SUCCESS; // for(i = 0; i < command->handleNum; i++) { TPM_HANDLE handle = command->handles[i]; switch(HandleGetType(handle)) { // For handles associated with hierarchies, the entity is present // only if the associated enable is SET. case TPM_HT_PERMANENT: switch(handle) { case TPM_RH_OWNER: if(!gc.shEnable) result = TPM_RC_HIERARCHY; break; #ifdef VENDOR_PERMANENT case VENDOR_PERMANENT: #endif case TPM_RH_ENDORSEMENT: if(!gc.ehEnable) result = TPM_RC_HIERARCHY; break; case TPM_RH_PLATFORM: if(!g_phEnable) result = TPM_RC_HIERARCHY; break; // null handle, PW session handle and lockout // handle are always available case TPM_RH_NULL: case TPM_RS_PW: // Need to be careful for lockout. Lockout is always available // for policy checks but not always available when authValue // is being checked. case TPM_RH_LOCKOUT: break; default: // handling of the manufacture_specific handles if(((TPM_RH)handle >= TPM_RH_AUTH_00) && ((TPM_RH)handle <= TPM_RH_AUTH_FF)) // use the value that would have been returned from // unmarshaling if it did the handle filtering result = TPM_RC_VALUE; else FAIL(FATAL_ERROR_INTERNAL); break; } break; case TPM_HT_TRANSIENT: // For a transient object, check if the handle is associated // with a loaded object. if(!IsObjectPresent(handle)) result = TPM_RC_REFERENCE_H0; break; case TPM_HT_PERSISTENT: // Persistent object // Copy the persistent object to RAM and replace the handle with the // handle of the assigned slot. A TPM_RC_OBJECT_MEMORY, // TPM_RC_HIERARCHY or TPM_RC_REFERENCE_H0 error may be returned by // ObjectLoadEvict() result = ObjectLoadEvict(&command->handles[i], command->index); break; case TPM_HT_HMAC_SESSION: // For an HMAC session, see if the session is loaded // and if the session in the session slot is actually // an HMAC session. if(SessionIsLoaded(handle)) { SESSION *session; session = SessionGet(handle); // Check if the session is a HMAC session if(session->attributes.isPolicy == SET) result = TPM_RC_HANDLE; } else result = TPM_RC_REFERENCE_H0; break; case TPM_HT_POLICY_SESSION: // For a policy session, see if the session is loaded // and if the session in the session slot is actually // a policy session. if(SessionIsLoaded(handle)) { SESSION *session; session = SessionGet(handle); // Check if the session is a policy session if(session->attributes.isPolicy == CLEAR) result = TPM_RC_HANDLE; } else result = TPM_RC_REFERENCE_H0; break; case TPM_HT_NV_INDEX: // For an NV Index, use the TPM-specific routine // to search the IN Index space. result = NvIndexIsAccessible(handle); break; case TPM_HT_PCR: // Any PCR handle that is unmarshaled successfully referenced // a PCR that is defined. break; #if CC_AC_Send case TPM_HT_AC: // Use the TPM-specific routine to search for the AC result = AcIsAccessible(handle); break; #endif default: // Any other handle type is a defect in the unmarshaling code. FAIL(FATAL_ERROR_INTERNAL); break; } if(result != TPM_RC_SUCCESS) { if(result == TPM_RC_REFERENCE_H0) result = result + i; else result = RcSafeAddToResult(result, TPM_RC_H + g_rcIndex[i]); break; } } return result; } //*** EntityGetAuthValue() // This function is used to access the 'authValue' associated with a handle. // This function assumes that the handle references an entity that is accessible // and the handle is not for a persistent objects. That is EntityGetLoadStatus() // should have been called. Also, the accessibility of the authValue should have // been verified by IsAuthValueAvailable(). // // This function copies the authorization value of the entity to 'auth'. // Return Type: UINT16 // count number of bytes in the authValue with 0's stripped UINT16 EntityGetAuthValue( TPMI_DH_ENTITY handle, // IN: handle of entity TPM2B_AUTH *auth // OUT: authValue of the entity ) { TPM2B_AUTH *pAuth = NULL; auth->t.size = 0; switch(HandleGetType(handle)) { case TPM_HT_PERMANENT: { switch(handle) { case TPM_RH_OWNER: // ownerAuth for TPM_RH_OWNER pAuth = &gp.ownerAuth; break; case TPM_RH_ENDORSEMENT: // endorsementAuth for TPM_RH_ENDORSEMENT pAuth = &gp.endorsementAuth; break; case TPM_RH_PLATFORM: // platformAuth for TPM_RH_PLATFORM pAuth = &gc.platformAuth; break; case TPM_RH_LOCKOUT: // lockoutAuth for TPM_RH_LOCKOUT pAuth = &gp.lockoutAuth; break; case TPM_RH_NULL: // nullAuth for TPM_RH_NULL. Return 0 directly here return 0; break; #ifdef VENDOR_PERMANENT case VENDOR_PERMANENT: // vendor authorization value pAauth = &g_platformUniqueDetails; #endif default: // If any other permanent handle is present it is // a code defect. FAIL(FATAL_ERROR_INTERNAL); break; } break; } case TPM_HT_TRANSIENT: // authValue for an object // A persistent object would have been copied into RAM // and would have an transient object handle here. { OBJECT *object; object = HandleToObject(handle); // special handling if this is a sequence object if(ObjectIsSequence(object)) { pAuth = &((HASH_OBJECT *)object)->auth; } else { // Authorization is available only when the private portion of // the object is loaded. The check should be made before // this function is called pAssert(object->attributes.publicOnly == CLEAR); pAuth = &object->sensitive.authValue; } } break; case TPM_HT_NV_INDEX: // authValue for an NV index { NV_INDEX *nvIndex = NvGetIndexInfo(handle, NULL); pAssert(nvIndex != NULL); pAuth = &nvIndex->authValue; } break; case TPM_HT_PCR: // authValue for PCR pAuth = PCRGetAuthValue(handle); break; default: // If any other handle type is present here, then there is a defect // in the unmarshaling code. FAIL(FATAL_ERROR_INTERNAL); break; } // Copy the authValue MemoryCopy2B(&auth->b, &pAuth->b, sizeof(auth->t.buffer)); MemoryRemoveTrailingZeros(auth); return auth->t.size; } //*** EntityGetAuthPolicy() // This function is used to access the 'authPolicy' associated with a handle. // This function assumes that the handle references an entity that is accessible // and the handle is not for a persistent objects. That is EntityGetLoadStatus() // should have been called. Also, the accessibility of the authPolicy should have // been verified by IsAuthPolicyAvailable(). // // This function copies the authorization policy of the entity to 'authPolicy'. // // The return value is the hash algorithm for the policy. TPMI_ALG_HASH EntityGetAuthPolicy( TPMI_DH_ENTITY handle, // IN: handle of entity TPM2B_DIGEST *authPolicy // OUT: authPolicy of the entity ) { TPMI_ALG_HASH hashAlg = TPM_ALG_NULL; authPolicy->t.size = 0; switch(HandleGetType(handle)) { case TPM_HT_PERMANENT: switch(handle) { case TPM_RH_OWNER: // ownerPolicy for TPM_RH_OWNER *authPolicy = gp.ownerPolicy; hashAlg = gp.ownerAlg; break; case TPM_RH_ENDORSEMENT: // endorsementPolicy for TPM_RH_ENDORSEMENT *authPolicy = gp.endorsementPolicy; hashAlg = gp.endorsementAlg; break; case TPM_RH_PLATFORM: // platformPolicy for TPM_RH_PLATFORM *authPolicy = gc.platformPolicy; hashAlg = gc.platformAlg; break; case TPM_RH_LOCKOUT: // lockoutPolicy for TPM_RH_LOCKOUT *authPolicy = gp.lockoutPolicy; hashAlg = gp.lockoutAlg; break; default: return TPM_ALG_ERROR; break; } break; case TPM_HT_TRANSIENT: // authPolicy for an object { OBJECT *object = HandleToObject(handle); *authPolicy = object->publicArea.authPolicy; hashAlg = object->publicArea.nameAlg; } break; case TPM_HT_NV_INDEX: // authPolicy for a NV index { NV_INDEX *nvIndex = NvGetIndexInfo(handle, NULL); pAssert(nvIndex != 0); *authPolicy = nvIndex->publicArea.authPolicy; hashAlg = nvIndex->publicArea.nameAlg; } break; case TPM_HT_PCR: // authPolicy for a PCR hashAlg = PCRGetAuthPolicy(handle, authPolicy); break; default: // If any other handle type is present it is a code defect. FAIL(FATAL_ERROR_INTERNAL); break; } return hashAlg; } //*** EntityGetName() // This function returns the Name associated with a handle. TPM2B_NAME * EntityGetName( TPMI_DH_ENTITY handle, // IN: handle of entity TPM2B_NAME *name // OUT: name of entity ) { switch(HandleGetType(handle)) { case TPM_HT_TRANSIENT: { // Name for an object OBJECT *object = HandleToObject(handle); // an object with no nameAlg has no name if(object->publicArea.nameAlg == TPM_ALG_NULL) name->b.size = 0; else *name = object->name; break; } case TPM_HT_NV_INDEX: // Name for a NV index NvGetNameByIndexHandle(handle, name); break; default: // For all other types, the handle is the Name name->t.size = sizeof(TPM_HANDLE); UINT32_TO_BYTE_ARRAY(handle, name->t.name); break; } return name; } //*** EntityGetHierarchy() // This function returns the hierarchy handle associated with an entity. // 1. A handle that is a hierarchy handle is associated with itself. // 2. An NV index belongs to TPM_RH_PLATFORM if TPMA_NV_PLATFORMCREATE, // is SET, otherwise it belongs to TPM_RH_OWNER // 3. An object handle belongs to its hierarchy. TPMI_RH_HIERARCHY EntityGetHierarchy( TPMI_DH_ENTITY handle // IN :handle of entity ) { TPMI_RH_HIERARCHY hierarchy = TPM_RH_NULL; switch(HandleGetType(handle)) { case TPM_HT_PERMANENT: // hierarchy for a permanent handle switch(handle) { case TPM_RH_PLATFORM: case TPM_RH_ENDORSEMENT: case TPM_RH_NULL: hierarchy = handle; break; // all other permanent handles are associated with the owner // hierarchy. (should only be TPM_RH_OWNER and TPM_RH_LOCKOUT) default: hierarchy = TPM_RH_OWNER; break; } break; case TPM_HT_NV_INDEX: // hierarchy for NV index { NV_INDEX *nvIndex = NvGetIndexInfo(handle, NULL); pAssert(nvIndex != NULL); // If only the platform can delete the index, then it is // considered to be in the platform hierarchy, otherwise it // is in the owner hierarchy. if(IS_ATTRIBUTE(nvIndex->publicArea.attributes, TPMA_NV, PLATFORMCREATE)) hierarchy = TPM_RH_PLATFORM; else hierarchy = TPM_RH_OWNER; } break; case TPM_HT_TRANSIENT: // hierarchy for an object { OBJECT *object; object = HandleToObject(handle); if(object->attributes.ppsHierarchy) { hierarchy = TPM_RH_PLATFORM; } else if(object->attributes.epsHierarchy) { hierarchy = TPM_RH_ENDORSEMENT; } else if(object->attributes.spsHierarchy) { hierarchy = TPM_RH_OWNER; } } break; case TPM_HT_PCR: hierarchy = TPM_RH_OWNER; break; default: FAIL(FATAL_ERROR_INTERNAL); break; } // this is unreachable but it provides a return value for the default // case which makes the complier happy return hierarchy; }go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Global.c000066400000000000000000000056151510276467000260620ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Description // This file will instance the TPM variables that are not stack allocated. // Descriptions of global variables are in Global.h. There macro macro definitions // that allows a variable to be instanced or simply defined as an external variable. // When global.h is included from this .c file, GLOBAL_C is defined and values are // instanced (and possibly initialized), but when global.h is included by any other // file, they are simply defined as external values. DO NOT DEFINE GLOBAL_C IN ANY // OTHER FILE. // // NOTE: This is a change from previous implementations where Global.h just contained // the extern declaration and values were instanced in this file. This change keeps // the definition and instance in one file making maintenance easier. The instanced // data will still be in the global.obj file. // // The OIDs.h file works in a way that is similar to the Global.h with the definition // of the values in OIDs.h such that they are instanced in global.obj. The macros // that are defined in Global.h are used in OIDs.h in the same way as they are in // Global.h. //** Defines and Includes #define GLOBAL_C #include "Tpm.h" #include "OIDs.h" go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Handle.c000066400000000000000000000157461510276467000260630ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Description // This file contains the functions that return the type of a handle. //** Includes #include "Tpm.h" //** Functions //*** HandleGetType() // This function returns the type of a handle which is the MSO of the handle. TPM_HT HandleGetType( TPM_HANDLE handle // IN: a handle to be checked ) { // return the upper bytes of input data return (TPM_HT)((handle & HR_RANGE_MASK) >> HR_SHIFT); } //*** NextPermanentHandle() // This function returns the permanent handle that is equal to the input value or // is the next higher value. If there is no handle with the input value and there // is no next higher value, it returns 0: TPM_HANDLE NextPermanentHandle( TPM_HANDLE inHandle // IN: the handle to check ) { // If inHandle is below the start of the range of permanent handles // set it to the start and scan from there if(inHandle < TPM_RH_FIRST) inHandle = TPM_RH_FIRST; // scan from input value until we find an implemented permanent handle // or go out of range for(; inHandle <= TPM_RH_LAST; inHandle++) { switch(inHandle) { case TPM_RH_OWNER: case TPM_RH_NULL: case TPM_RS_PW: case TPM_RH_LOCKOUT: case TPM_RH_ENDORSEMENT: case TPM_RH_PLATFORM: case TPM_RH_PLATFORM_NV: #ifdef VENDOR_PERMANENT case VENDOR_PERMANENT: #endif return inHandle; break; default: break; } } // Out of range on the top return 0; } //*** PermanentCapGetHandles() // This function returns a list of the permanent handles of PCR, started from // 'handle'. If 'handle' is larger than the largest permanent handle, an empty list // will be returned with 'more' set to NO. // Return Type: TPMI_YES_NO // YES if there are more handles available // NO all the available handles has been returned TPMI_YES_NO PermanentCapGetHandles( TPM_HANDLE handle, // IN: start handle UINT32 count, // IN: count of returned handles TPML_HANDLE *handleList // OUT: list of handle ) { TPMI_YES_NO more = NO; UINT32 i; pAssert(HandleGetType(handle) == TPM_HT_PERMANENT); // Initialize output handle list handleList->count = 0; // The maximum count of handles we may return is MAX_CAP_HANDLES if(count > MAX_CAP_HANDLES) count = MAX_CAP_HANDLES; // Iterate permanent handle range for(i = NextPermanentHandle(handle); i != 0; i = NextPermanentHandle(i + 1)) { if(handleList->count < count) { // If we have not filled up the return list, add this permanent // handle to it handleList->handle[handleList->count] = i; handleList->count++; } else { // If the return list is full but we still have permanent handle // available, report this and stop iterating more = YES; break; } } return more; } //*** PermanentHandleGetPolicy() // This function returns a list of the permanent handles of PCR, started from // 'handle'. If 'handle' is larger than the largest permanent handle, an empty list // will be returned with 'more' set to NO. // Return Type: TPMI_YES_NO // YES if there are more handles available // NO all the available handles has been returned TPMI_YES_NO PermanentHandleGetPolicy( TPM_HANDLE handle, // IN: start handle UINT32 count, // IN: max count of returned handles TPML_TAGGED_POLICY *policyList // OUT: list of handle ) { TPMI_YES_NO more = NO; pAssert(HandleGetType(handle) == TPM_HT_PERMANENT); // Initialize output handle list policyList->count = 0; // The maximum count of policies we may return is MAX_TAGGED_POLICIES if(count > MAX_TAGGED_POLICIES) count = MAX_TAGGED_POLICIES; // Iterate permanent handle range for(handle = NextPermanentHandle(handle); handle != 0; handle = NextPermanentHandle(handle + 1)) { TPM2B_DIGEST policyDigest; TPM_ALG_ID policyAlg; // Check to see if this permanent handle has a policy policyAlg = EntityGetAuthPolicy(handle, &policyDigest); if(policyAlg == TPM_ALG_ERROR) continue; if(policyList->count < count) { // If we have not filled up the return list, add this // policy to the list; policyList->policies[policyList->count].handle = handle; policyList->policies[policyList->count].policyHash.hashAlg = policyAlg; MemoryCopy(&policyList->policies[policyList->count].policyHash.digest, policyDigest.t.buffer, policyDigest.t.size); policyList->count++; } else { // If the return list is full but we still have permanent handle // available, report this and stop iterating more = YES; break; } } return more; } go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/IoBuffers.c000066400000000000000000000112121510276467000265340ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Includes and Data Definitions // This definition allows this module to "see" the values that are private // to this module but kept in Global.c for ease of state migration. #define IO_BUFFER_C #include "Tpm.h" #include "IoBuffers_fp.h" //** Buffers and Functions // These buffers are set aside to hold command and response values. In this // implementation, it is not guaranteed that the code will stop accessing // the s_actionInputBuffer before starting to put values in the // s_actionOutputBuffer so different buffers are required. // //*** MemoryIoBufferAllocationReset() // This function is used to reset the allocation of buffers. void MemoryIoBufferAllocationReset( void ) { s_actionIoAllocation = 0; } //*** MemoryIoBufferZero() // Function zeros the action I/O buffer at the end of a command. Calling this is // not mandatory for proper functionality. void MemoryIoBufferZero( void ) { memset(s_actionIoBuffer, 0, s_actionIoAllocation); } //*** MemoryGetInBuffer() // This function returns the address of the buffer into which the // command parameters will be unmarshaled in preparation for calling // the command actions. BYTE * MemoryGetInBuffer( UINT32 size // Size, in bytes, required for the input // unmarshaling ) { pAssert(size <= sizeof(s_actionIoBuffer)); // In this implementation, a static buffer is set aside for the command action // buffers. The buffer is shared between input and output. This is because // there is no need to allocate for the worst case input and worst case output // at the same time. // Round size up #define UoM (sizeof(s_actionIoBuffer[0])) size = (size + (UoM - 1)) & (UINT32_MAX - (UoM - 1)); memset(s_actionIoBuffer, 0, size); s_actionIoAllocation = size; return (BYTE *)&s_actionIoBuffer[0]; } //*** MemoryGetOutBuffer() // This function returns the address of the buffer into which the command // action code places its output values. BYTE * MemoryGetOutBuffer( UINT32 size // required size of the buffer ) { BYTE *retVal = (BYTE *)(&s_actionIoBuffer[s_actionIoAllocation / UoM]); pAssert((size + s_actionIoAllocation) < (sizeof(s_actionIoBuffer))); // In this implementation, a static buffer is set aside for the command action // output buffer. memset(retVal, 0, size); s_actionIoAllocation += size; return retVal; } //*** IsLabelProperlyFormatted() // This function checks that a label is a null-terminated string. // NOTE: this function is here because there was no better place for it. // Return Type: BOOL // TRUE(1) string is null terminated // FALSE(0) string is not null terminated BOOL IsLabelProperlyFormatted( TPM2B *x ) { return (((x)->size == 0) || ((x)->buffer[(x)->size - 1] == 0)); } go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Locality.c000066400000000000000000000057211510276467000264400ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Includes #include "Tpm.h" //** LocalityGetAttributes() // This function will convert a locality expressed as an integer into // TPMA_LOCALITY form. // // The function returns the locality attribute. TPMA_LOCALITY LocalityGetAttributes( UINT8 locality // IN: locality value ) { TPMA_LOCALITY locality_attributes; BYTE *localityAsByte = (BYTE *)&locality_attributes; MemorySet(&locality_attributes, 0, sizeof(TPMA_LOCALITY)); switch(locality) { case 0: SET_ATTRIBUTE(locality_attributes, TPMA_LOCALITY, TPM_LOC_ZERO); break; case 1: SET_ATTRIBUTE(locality_attributes, TPMA_LOCALITY, TPM_LOC_ONE); break; case 2: SET_ATTRIBUTE(locality_attributes, TPMA_LOCALITY, TPM_LOC_TWO); break; case 3: SET_ATTRIBUTE(locality_attributes, TPMA_LOCALITY, TPM_LOC_THREE); break; case 4: SET_ATTRIBUTE(locality_attributes, TPMA_LOCALITY, TPM_LOC_FOUR); break; default: pAssert(locality > 31); *localityAsByte = locality; break; } return locality_attributes; }go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Manufacture.c000066400000000000000000000133301510276467000271250ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Description // This file contains the function that performs the "manufacturing" of the TPM // in a simulated environment. These functions should not be used outside of // a manufacturing or simulation environment. //** Includes and Data Definitions #define MANUFACTURE_C #include "Tpm.h" #include "TpmSizeChecks_fp.h" //** Functions //*** TPM_Manufacture() // This function initializes the TPM values in preparation for the TPM's first // use. This function will fail if previously called. The TPM can be re-manufactured // by calling TPM_Teardown() first and then calling this function again. // Return Type: int // 0 success // 1 manufacturing process previously performed LIB_EXPORT int TPM_Manufacture( int firstTime // IN: indicates if this is the first call from // main() ) { TPM_SU orderlyShutdown; #if RUNTIME_SIZE_CHECKS // Call the function to verify the sizes of values that result from different // compile options. TpmSizeChecks(); #endif // If TPM has been manufactured, return indication. if(!firstTime && g_manufactured) return 1; // Do power on initializations of the cryptographic libraries. CryptInit(); s_DAPendingOnNV = FALSE; // initialize NV NvManufacture(); // Clear the magic value in the DRBG state go.drbgState.magic = 0; CryptStartup(SU_RESET); // default configuration for PCR PCRSimStart(); // initialize pre-installed hierarchy data // This should happen after NV is initialized because hierarchy data is // stored in NV. HierarchyPreInstall_Init(); // initialize dictionary attack parameters DAPreInstall_Init(); // initialize PP list PhysicalPresencePreInstall_Init(); // initialize command audit list CommandAuditPreInstall_Init(); // first start up is required to be Startup(CLEAR) orderlyShutdown = TPM_SU_CLEAR; NV_WRITE_PERSISTENT(orderlyState, orderlyShutdown); // initialize the firmware version gp.firmwareV1 = FIRMWARE_V1; #ifdef FIRMWARE_V2 gp.firmwareV2 = FIRMWARE_V2; #else gp.firmwareV2 = 0; #endif NV_SYNC_PERSISTENT(firmwareV1); NV_SYNC_PERSISTENT(firmwareV2); // initialize the total reset counter to 0 gp.totalResetCount = 0; NV_SYNC_PERSISTENT(totalResetCount); // initialize the clock stuff go.clock = 0; go.clockSafe = YES; NvWrite(NV_ORDERLY_DATA, sizeof(ORDERLY_DATA), &go); // Commit NV writes. Manufacture process is an artificial process existing // only in simulator environment and it is not defined in the specification // that what should be the expected behavior if the NV write fails at this // point. Therefore, it is assumed the NV write here is always success and // no return code of this function is checked. NvCommit(); g_manufactured = TRUE; return 0; } //*** TPM_TearDown() // This function prepares the TPM for re-manufacture. It should not be implemented // in anything other than a simulated TPM. // // In this implementation, all that is needs is to stop the cryptographic units // and set a flag to indicate that the TPM can be re-manufactured. This should // be all that is necessary to start the manufacturing process again. // Return Type: int // 0 success // 1 TPM not previously manufactured LIB_EXPORT int TPM_TearDown( void ) { g_manufactured = FALSE; return 0; } //*** TpmEndSimulation() // This function is called at the end of the simulation run. It is used to provoke // printing of any statistics that might be needed. LIB_EXPORT void TpmEndSimulation( void ) { #if SIMULATION HashLibSimulationEnd(); SymLibSimulationEnd(); MathLibSimulationEnd(); #if ALG_RSA RsaSimulationEnd(); #endif #if ALG_ECC EccSimulationEnd(); #endif #endif // SIMULATION }go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Marshal.c000066400000000000000000006115171510276467000262550ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /*(Auto-generated) * Created by TpmMarshal; Version 4.1 Dec 10, 2018 * Date: Apr 2, 2019 Time: 11:00:48AM */ #include "Tpm.h" #include "Marshal_fp.h" // Table 2:3 - Definition of Base Types // UINT8 definition from table 2:3 TPM_RC UINT8_Unmarshal(UINT8 *target, BYTE **buffer, INT32 *size) { if((*size -= 1) < 0) return TPM_RC_INSUFFICIENT; *target = BYTE_ARRAY_TO_UINT8(*buffer); *buffer += 1; return TPM_RC_SUCCESS; } UINT16 UINT8_Marshal(UINT8 *source, BYTE **buffer, INT32 *size) { if (buffer != 0) { if ((size == 0) || ((*size -= 1) >= 0)) { UINT8_TO_BYTE_ARRAY(*source, *buffer); *buffer += 1; } pAssert(size == 0 || (*size >= 0)); } return (1); } // BYTE definition from table 2:3 #if !USE_MARSHALING_DEFINES TPM_RC BYTE_Unmarshal(BYTE *target, BYTE **buffer, INT32 *size) { return UINT8_Unmarshal((UINT8 *)target, buffer, size); } UINT16 BYTE_Marshal(BYTE *source, BYTE **buffer, INT32 *size) { return UINT8_Marshal((UINT8 *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // INT8 definition from table 2:3 #if !USE_MARSHALING_DEFINES TPM_RC INT8_Unmarshal(INT8 *target, BYTE **buffer, INT32 *size) { return UINT8_Unmarshal((UINT8 *)target, buffer, size); } UINT16 INT8_Marshal(INT8 *source, BYTE **buffer, INT32 *size) { return UINT8_Marshal((UINT8 *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // UINT16 definition from table 2:3 TPM_RC UINT16_Unmarshal(UINT16 *target, BYTE **buffer, INT32 *size) { if((*size -= 2) < 0) return TPM_RC_INSUFFICIENT; *target = BYTE_ARRAY_TO_UINT16(*buffer); *buffer += 2; return TPM_RC_SUCCESS; } UINT16 UINT16_Marshal(UINT16 *source, BYTE **buffer, INT32 *size) { if (buffer != 0) { if ((size == 0) || ((*size -= 2) >= 0)) { UINT16_TO_BYTE_ARRAY(*source, *buffer); *buffer += 2; } pAssert(size == 0 || (*size >= 0)); } return (2); } // INT16 definition from table 2:3 #if !USE_MARSHALING_DEFINES TPM_RC INT16_Unmarshal(INT16 *target, BYTE **buffer, INT32 *size) { return UINT16_Unmarshal((UINT16 *)target, buffer, size); } UINT16 INT16_Marshal(INT16 *source, BYTE **buffer, INT32 *size) { return UINT16_Marshal((UINT16 *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // UINT32 definition from table 2:3 TPM_RC UINT32_Unmarshal(UINT32 *target, BYTE **buffer, INT32 *size) { if((*size -= 4) < 0) return TPM_RC_INSUFFICIENT; *target = BYTE_ARRAY_TO_UINT32(*buffer); *buffer += 4; return TPM_RC_SUCCESS; } UINT16 UINT32_Marshal(UINT32 *source, BYTE **buffer, INT32 *size) { if (buffer != 0) { if ((size == 0) || ((*size -= 4) >= 0)) { UINT32_TO_BYTE_ARRAY(*source, *buffer); *buffer += 4; } pAssert(size == 0 || (*size >= 0)); } return (4); } // INT32 definition from table 2:3 #if !USE_MARSHALING_DEFINES TPM_RC INT32_Unmarshal(INT32 *target, BYTE **buffer, INT32 *size) { return UINT32_Unmarshal((UINT32 *)target, buffer, size); } UINT16 INT32_Marshal(INT32 *source, BYTE **buffer, INT32 *size) { return UINT32_Marshal((UINT32 *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // UINT64 definition from table 2:3 TPM_RC UINT64_Unmarshal(UINT64 *target, BYTE **buffer, INT32 *size) { if((*size -= 8) < 0) return TPM_RC_INSUFFICIENT; *target = BYTE_ARRAY_TO_UINT64(*buffer); *buffer += 8; return TPM_RC_SUCCESS; } UINT16 UINT64_Marshal(UINT64 *source, BYTE **buffer, INT32 *size) { if (buffer != 0) { if ((size == 0) || ((*size -= 8) >= 0)) { UINT64_TO_BYTE_ARRAY(*source, *buffer); *buffer += 8; } pAssert(size == 0 || (*size >= 0)); } return (8); } // INT64 definition from table 2:3 #if !USE_MARSHALING_DEFINES TPM_RC INT64_Unmarshal(INT64 *target, BYTE **buffer, INT32 *size) { return UINT64_Unmarshal((UINT64 *)target, buffer, size); } UINT16 INT64_Marshal(INT64 *source, BYTE **buffer, INT32 *size) { return UINT64_Marshal((UINT64 *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // Table 2:4 - Defines for Logic Values // Table 2:5 - Definition of Types for Documentation Clarity #if !USE_MARSHALING_DEFINES TPM_RC TPM_ALGORITHM_ID_Unmarshal(TPM_ALGORITHM_ID *target, BYTE **buffer, INT32 *size) { return UINT32_Unmarshal((UINT32 *)target, buffer, size); } UINT16 TPM_ALGORITHM_ID_Marshal(TPM_ALGORITHM_ID *source, BYTE **buffer, INT32 *size) { return UINT32_Marshal((UINT32 *)source, buffer, size); } TPM_RC TPM_MODIFIER_INDICATOR_Unmarshal(TPM_MODIFIER_INDICATOR *target, BYTE **buffer, INT32 *size) { return UINT32_Unmarshal((UINT32 *)target, buffer, size); } UINT16 TPM_MODIFIER_INDICATOR_Marshal(TPM_MODIFIER_INDICATOR *source, BYTE **buffer, INT32 *size) { return UINT32_Marshal((UINT32 *)source, buffer, size); } TPM_RC TPM_AUTHORIZATION_SIZE_Unmarshal(TPM_AUTHORIZATION_SIZE *target, BYTE **buffer, INT32 *size) { return UINT32_Unmarshal((UINT32 *)target, buffer, size); } UINT16 TPM_AUTHORIZATION_SIZE_Marshal(TPM_AUTHORIZATION_SIZE *source, BYTE **buffer, INT32 *size) { return UINT32_Marshal((UINT32 *)source, buffer, size); } TPM_RC TPM_PARAMETER_SIZE_Unmarshal(TPM_PARAMETER_SIZE *target, BYTE **buffer, INT32 *size) { return UINT32_Unmarshal((UINT32 *)target, buffer, size); } UINT16 TPM_PARAMETER_SIZE_Marshal(TPM_PARAMETER_SIZE *source, BYTE **buffer, INT32 *size) { return UINT32_Marshal((UINT32 *)source, buffer, size); } TPM_RC TPM_KEY_SIZE_Unmarshal(TPM_KEY_SIZE *target, BYTE **buffer, INT32 *size) { return UINT16_Unmarshal((UINT16 *)target, buffer, size); } UINT16 TPM_KEY_SIZE_Marshal(TPM_KEY_SIZE *source, BYTE **buffer, INT32 *size) { return UINT16_Marshal((UINT16 *)source, buffer, size); } TPM_RC TPM_KEY_BITS_Unmarshal(TPM_KEY_BITS *target, BYTE **buffer, INT32 *size) { return UINT16_Unmarshal((UINT16 *)target, buffer, size); } UINT16 TPM_KEY_BITS_Marshal(TPM_KEY_BITS *source, BYTE **buffer, INT32 *size) { return UINT16_Marshal((UINT16 *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // Table 2:6 - Definition of TPM_SPEC Constants // Table 2:7 - Definition of TPM_GENERATED Constants #if !USE_MARSHALING_DEFINES UINT16 TPM_GENERATED_Marshal(TPM_GENERATED *source, BYTE **buffer, INT32 *size) { return UINT32_Marshal((UINT32 *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // Table 2:9 - Definition of TPM_ALG_ID Constants #if !USE_MARSHALING_DEFINES TPM_RC TPM_ALG_ID_Unmarshal(TPM_ALG_ID *target, BYTE **buffer, INT32 *size) { return UINT16_Unmarshal((UINT16 *)target, buffer, size); } UINT16 TPM_ALG_ID_Marshal(TPM_ALG_ID *source, BYTE **buffer, INT32 *size) { return UINT16_Marshal((UINT16 *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // Table 2:10 - Definition of TPM_ECC_CURVE Constants #if ALG_ECC TPM_RC TPM_ECC_CURVE_Unmarshal(TPM_ECC_CURVE *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = UINT16_Unmarshal((UINT16 *)target, buffer, size); if(result == TPM_RC_SUCCESS) { switch(*target) { case TPM_ECC_NIST_P192 : case TPM_ECC_NIST_P224 : case TPM_ECC_NIST_P256 : case TPM_ECC_NIST_P384 : case TPM_ECC_NIST_P521 : case TPM_ECC_BN_P256 : case TPM_ECC_BN_P638 : case TPM_ECC_SM2_P256 : break; default : result = TPM_RC_CURVE; break; } } return result; } #if !USE_MARSHALING_DEFINES UINT16 TPM_ECC_CURVE_Marshal(TPM_ECC_CURVE *source, BYTE **buffer, INT32 *size) { return UINT16_Marshal((UINT16 *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES #endif // ALG_ECC // Table 2:12 - Definition of TPM_CC Constants #if !USE_MARSHALING_DEFINES TPM_RC TPM_CC_Unmarshal(TPM_CC *target, BYTE **buffer, INT32 *size) { return UINT32_Unmarshal((UINT32 *)target, buffer, size); } UINT16 TPM_CC_Marshal(TPM_CC *source, BYTE **buffer, INT32 *size) { return UINT32_Marshal((UINT32 *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // Table 2:16 - Definition of TPM_RC Constants #if !USE_MARSHALING_DEFINES UINT16 TPM_RC_Marshal(TPM_RC *source, BYTE **buffer, INT32 *size) { return UINT32_Marshal((UINT32 *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // Table 2:17 - Definition of TPM_CLOCK_ADJUST Constants TPM_RC TPM_CLOCK_ADJUST_Unmarshal(TPM_CLOCK_ADJUST *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = INT8_Unmarshal((INT8 *)target, buffer, size); if(result == TPM_RC_SUCCESS) { switch(*target) { case TPM_CLOCK_COARSE_SLOWER : case TPM_CLOCK_MEDIUM_SLOWER : case TPM_CLOCK_FINE_SLOWER : case TPM_CLOCK_NO_CHANGE : case TPM_CLOCK_FINE_FASTER : case TPM_CLOCK_MEDIUM_FASTER : case TPM_CLOCK_COARSE_FASTER : break; default : result = TPM_RC_VALUE; break; } } return result; } // Table 2:18 - Definition of TPM_EO Constants TPM_RC TPM_EO_Unmarshal(TPM_EO *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = UINT16_Unmarshal((UINT16 *)target, buffer, size); if(result == TPM_RC_SUCCESS) { switch(*target) { case TPM_EO_EQ : case TPM_EO_NEQ : case TPM_EO_SIGNED_GT : case TPM_EO_UNSIGNED_GT : case TPM_EO_SIGNED_LT : case TPM_EO_UNSIGNED_LT : case TPM_EO_SIGNED_GE : case TPM_EO_UNSIGNED_GE : case TPM_EO_SIGNED_LE : case TPM_EO_UNSIGNED_LE : case TPM_EO_BITSET : case TPM_EO_BITCLEAR : break; default : result = TPM_RC_VALUE; break; } } return result; } #if !USE_MARSHALING_DEFINES UINT16 TPM_EO_Marshal(TPM_EO *source, BYTE **buffer, INT32 *size) { return UINT16_Marshal((UINT16 *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // Table 2:19 - Definition of TPM_ST Constants #if !USE_MARSHALING_DEFINES TPM_RC TPM_ST_Unmarshal(TPM_ST *target, BYTE **buffer, INT32 *size) { return UINT16_Unmarshal((UINT16 *)target, buffer, size); } UINT16 TPM_ST_Marshal(TPM_ST *source, BYTE **buffer, INT32 *size) { return UINT16_Marshal((UINT16 *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // Table 2:20 - Definition of TPM_SU Constants TPM_RC TPM_SU_Unmarshal(TPM_SU *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = UINT16_Unmarshal((UINT16 *)target, buffer, size); if(result == TPM_RC_SUCCESS) { switch(*target) { case TPM_SU_CLEAR : case TPM_SU_STATE : break; default : result = TPM_RC_VALUE; break; } } return result; } // Table 2:21 - Definition of TPM_SE Constants TPM_RC TPM_SE_Unmarshal(TPM_SE *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = UINT8_Unmarshal((UINT8 *)target, buffer, size); if(result == TPM_RC_SUCCESS) { switch(*target) { case TPM_SE_HMAC : case TPM_SE_POLICY : case TPM_SE_TRIAL : break; default : result = TPM_RC_VALUE; break; } } return result; } // Table 2:22 - Definition of TPM_CAP Constants TPM_RC TPM_CAP_Unmarshal(TPM_CAP *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = UINT32_Unmarshal((UINT32 *)target, buffer, size); if(result == TPM_RC_SUCCESS) { switch(*target) { case TPM_CAP_ALGS : case TPM_CAP_HANDLES : case TPM_CAP_COMMANDS : case TPM_CAP_PP_COMMANDS : case TPM_CAP_AUDIT_COMMANDS : case TPM_CAP_PCRS : case TPM_CAP_TPM_PROPERTIES : case TPM_CAP_PCR_PROPERTIES : case TPM_CAP_ECC_CURVES : case TPM_CAP_AUTH_POLICIES : case TPM_CAP_VENDOR_PROPERTY : break; default : result = TPM_RC_VALUE; break; } } return result; } #if !USE_MARSHALING_DEFINES UINT16 TPM_CAP_Marshal(TPM_CAP *source, BYTE **buffer, INT32 *size) { return UINT32_Marshal((UINT32 *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // Table 2:23 - Definition of TPM_PT Constants #if !USE_MARSHALING_DEFINES TPM_RC TPM_PT_Unmarshal(TPM_PT *target, BYTE **buffer, INT32 *size) { return UINT32_Unmarshal((UINT32 *)target, buffer, size); } UINT16 TPM_PT_Marshal(TPM_PT *source, BYTE **buffer, INT32 *size) { return UINT32_Marshal((UINT32 *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // Table 2:24 - Definition of TPM_PT_PCR Constants #if !USE_MARSHALING_DEFINES TPM_RC TPM_PT_PCR_Unmarshal(TPM_PT_PCR *target, BYTE **buffer, INT32 *size) { return UINT32_Unmarshal((UINT32 *)target, buffer, size); } UINT16 TPM_PT_PCR_Marshal(TPM_PT_PCR *source, BYTE **buffer, INT32 *size) { return UINT32_Marshal((UINT32 *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // Table 2:25 - Definition of TPM_PS Constants #if !USE_MARSHALING_DEFINES UINT16 TPM_PS_Marshal(TPM_PS *source, BYTE **buffer, INT32 *size) { return UINT32_Marshal((UINT32 *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // Table 2:26 - Definition of Types for Handles #if !USE_MARSHALING_DEFINES TPM_RC TPM_HANDLE_Unmarshal(TPM_HANDLE *target, BYTE **buffer, INT32 *size) { return UINT32_Unmarshal((UINT32 *)target, buffer, size); } UINT16 TPM_HANDLE_Marshal(TPM_HANDLE *source, BYTE **buffer, INT32 *size) { return UINT32_Marshal((UINT32 *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // Table 2:27 - Definition of TPM_HT Constants #if !USE_MARSHALING_DEFINES TPM_RC TPM_HT_Unmarshal(TPM_HT *target, BYTE **buffer, INT32 *size) { return UINT8_Unmarshal((UINT8 *)target, buffer, size); } UINT16 TPM_HT_Marshal(TPM_HT *source, BYTE **buffer, INT32 *size) { return UINT8_Marshal((UINT8 *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // Table 2:28 - Definition of TPM_RH Constants #if !USE_MARSHALING_DEFINES TPM_RC TPM_RH_Unmarshal(TPM_RH *target, BYTE **buffer, INT32 *size) { return TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); } UINT16 TPM_RH_Marshal(TPM_RH *source, BYTE **buffer, INT32 *size) { return TPM_HANDLE_Marshal((TPM_HANDLE *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // Table 2:29 - Definition of TPM_HC Constants #if !USE_MARSHALING_DEFINES TPM_RC TPM_HC_Unmarshal(TPM_HC *target, BYTE **buffer, INT32 *size) { return TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); } UINT16 TPM_HC_Marshal(TPM_HC *source, BYTE **buffer, INT32 *size) { return TPM_HANDLE_Marshal((TPM_HANDLE *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // Table 2:30 - Definition of TPMA_ALGORITHM Bits TPM_RC TPMA_ALGORITHM_Unmarshal(TPMA_ALGORITHM *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = UINT32_Unmarshal((UINT32 *)target, buffer, size); if(result == TPM_RC_SUCCESS) { if(*((UINT32 *)target) & (UINT32)0xfffff8f0) result = TPM_RC_RESERVED_BITS; } return result; } #if !USE_MARSHALING_DEFINES UINT16 TPMA_ALGORITHM_Marshal(TPMA_ALGORITHM *source, BYTE **buffer, INT32 *size) { return UINT32_Marshal((UINT32 *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // Table 2:31 - Definition of TPMA_OBJECT Bits TPM_RC TPMA_OBJECT_Unmarshal(TPMA_OBJECT *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = UINT32_Unmarshal((UINT32 *)target, buffer, size); if(result == TPM_RC_SUCCESS) { if(*((UINT32 *)target) & (UINT32)0xfff0f309) result = TPM_RC_RESERVED_BITS; } return result; } #if !USE_MARSHALING_DEFINES UINT16 TPMA_OBJECT_Marshal(TPMA_OBJECT *source, BYTE **buffer, INT32 *size) { return UINT32_Marshal((UINT32 *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // Table 2:32 - Definition of TPMA_SESSION Bits TPM_RC TPMA_SESSION_Unmarshal(TPMA_SESSION *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = UINT8_Unmarshal((UINT8 *)target, buffer, size); if(result == TPM_RC_SUCCESS) { if(*((UINT8 *)target) & (UINT8)0x18) result = TPM_RC_RESERVED_BITS; } return result; } #if !USE_MARSHALING_DEFINES UINT16 TPMA_SESSION_Marshal(TPMA_SESSION *source, BYTE **buffer, INT32 *size) { return UINT8_Marshal((UINT8 *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // Table 2:33 - Definition of TPMA_LOCALITY Bits #if !USE_MARSHALING_DEFINES TPM_RC TPMA_LOCALITY_Unmarshal(TPMA_LOCALITY *target, BYTE **buffer, INT32 *size) { return UINT8_Unmarshal((UINT8 *)target, buffer, size); } UINT16 TPMA_LOCALITY_Marshal(TPMA_LOCALITY *source, BYTE **buffer, INT32 *size) { return UINT8_Marshal((UINT8 *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // Table 2:34 - Definition of TPMA_PERMANENT Bits #if !USE_MARSHALING_DEFINES UINT16 TPMA_PERMANENT_Marshal(TPMA_PERMANENT *source, BYTE **buffer, INT32 *size) { return UINT32_Marshal((UINT32 *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // Table 2:35 - Definition of TPMA_STARTUP_CLEAR Bits #if !USE_MARSHALING_DEFINES UINT16 TPMA_STARTUP_CLEAR_Marshal(TPMA_STARTUP_CLEAR *source, BYTE **buffer, INT32 *size) { return UINT32_Marshal((UINT32 *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // Table 2:36 - Definition of TPMA_MEMORY Bits #if !USE_MARSHALING_DEFINES UINT16 TPMA_MEMORY_Marshal(TPMA_MEMORY *source, BYTE **buffer, INT32 *size) { return UINT32_Marshal((UINT32 *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // Table 2:37 - Definition of TPMA_CC Bits #if !USE_MARSHALING_DEFINES UINT16 TPMA_CC_Marshal(TPMA_CC *source, BYTE **buffer, INT32 *size) { return TPM_CC_Marshal((TPM_CC *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // Table 2:38 - Definition of TPMA_MODES Bits #if !USE_MARSHALING_DEFINES UINT16 TPMA_MODES_Marshal(TPMA_MODES *source, BYTE **buffer, INT32 *size) { return UINT32_Marshal((UINT32 *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // Table 2:39 - Definition of TPMA_X509_KEY_USAGE Bits #if !USE_MARSHALING_DEFINES UINT16 TPMA_X509_KEY_USAGE_Marshal(TPMA_X509_KEY_USAGE *source, BYTE **buffer, INT32 *size) { return UINT32_Marshal((UINT32 *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // Table 2:40 - Definition of TPMI_YES_NO Type TPM_RC TPMI_YES_NO_Unmarshal(TPMI_YES_NO *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = BYTE_Unmarshal((BYTE *)target, buffer, size); if(result == TPM_RC_SUCCESS) { switch (*target) { case NO: case YES: break; default: result = TPM_RC_VALUE; break; } } return result; } #if !USE_MARSHALING_DEFINES UINT16 TPMI_YES_NO_Marshal(TPMI_YES_NO *source, BYTE **buffer, INT32 *size) { return BYTE_Marshal((BYTE *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // Table 2:41 - Definition of TPMI_DH_OBJECT Type TPM_RC TPMI_DH_OBJECT_Unmarshal(TPMI_DH_OBJECT *target, BYTE **buffer, INT32 *size, BOOL flag) { TPM_RC result; result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); if(result == TPM_RC_SUCCESS) { if(*target == TPM_RH_NULL) { if(!flag) result = TPM_RC_VALUE; } else if( ((*target < TRANSIENT_FIRST) || (*target > TRANSIENT_LAST)) && ((*target < PERSISTENT_FIRST) || (*target > PERSISTENT_LAST))) result = TPM_RC_VALUE; } return result; } #if !USE_MARSHALING_DEFINES UINT16 TPMI_DH_OBJECT_Marshal(TPMI_DH_OBJECT *source, BYTE **buffer, INT32 *size) { return TPM_HANDLE_Marshal((TPM_HANDLE *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // Table 2:42 - Definition of TPMI_DH_PARENT Type TPM_RC TPMI_DH_PARENT_Unmarshal(TPMI_DH_PARENT *target, BYTE **buffer, INT32 *size, BOOL flag) { TPM_RC result; result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); if(result == TPM_RC_SUCCESS) { switch (*target) { case TPM_RH_OWNER: case TPM_RH_PLATFORM: case TPM_RH_ENDORSEMENT: break; case TPM_RH_NULL: if(!flag) result = TPM_RC_VALUE; break; default: if( ((*target < TRANSIENT_FIRST) || (*target > TRANSIENT_LAST)) && ((*target < PERSISTENT_FIRST) || (*target > PERSISTENT_LAST))) result = TPM_RC_VALUE; break; } } return result; } #if !USE_MARSHALING_DEFINES UINT16 TPMI_DH_PARENT_Marshal(TPMI_DH_PARENT *source, BYTE **buffer, INT32 *size) { return TPM_HANDLE_Marshal((TPM_HANDLE *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // Table 2:43 - Definition of TPMI_DH_PERSISTENT Type TPM_RC TPMI_DH_PERSISTENT_Unmarshal(TPMI_DH_PERSISTENT *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); if(result == TPM_RC_SUCCESS) { if((*target < PERSISTENT_FIRST) || (*target > PERSISTENT_LAST)) result = TPM_RC_VALUE; } return result; } #if !USE_MARSHALING_DEFINES UINT16 TPMI_DH_PERSISTENT_Marshal(TPMI_DH_PERSISTENT *source, BYTE **buffer, INT32 *size) { return TPM_HANDLE_Marshal((TPM_HANDLE *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // Table 2:44 - Definition of TPMI_DH_ENTITY Type TPM_RC TPMI_DH_ENTITY_Unmarshal(TPMI_DH_ENTITY *target, BYTE **buffer, INT32 *size, BOOL flag) { TPM_RC result; result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); if(result == TPM_RC_SUCCESS) { switch (*target) { case TPM_RH_OWNER: case TPM_RH_ENDORSEMENT: case TPM_RH_PLATFORM: case TPM_RH_LOCKOUT: break; case TPM_RH_NULL: if(!flag) result = TPM_RC_VALUE; break; default: if( ((*target < TRANSIENT_FIRST) || (*target > TRANSIENT_LAST)) && ((*target < PERSISTENT_FIRST) || (*target > PERSISTENT_LAST)) && ((*target < NV_INDEX_FIRST) || (*target > NV_INDEX_LAST)) && (*target > PCR_LAST) && ((*target < TPM_RH_AUTH_00) || (*target > TPM_RH_AUTH_FF))) result = TPM_RC_VALUE; break; } } return result; } // Table 2:45 - Definition of TPMI_DH_PCR Type TPM_RC TPMI_DH_PCR_Unmarshal(TPMI_DH_PCR *target, BYTE **buffer, INT32 *size, BOOL flag) { TPM_RC result; result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); if(result == TPM_RC_SUCCESS) { if(*target == TPM_RH_NULL) { if(!flag) result = TPM_RC_VALUE; } else if(*target > PCR_LAST) result = TPM_RC_VALUE; } return result; } // Table 2:46 - Definition of TPMI_SH_AUTH_SESSION Type TPM_RC TPMI_SH_AUTH_SESSION_Unmarshal(TPMI_SH_AUTH_SESSION *target, BYTE **buffer, INT32 *size, BOOL flag) { TPM_RC result; result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); if(result == TPM_RC_SUCCESS) { if(*target == TPM_RS_PW) { if(!flag) result = TPM_RC_VALUE; } else if( ((*target < HMAC_SESSION_FIRST) || (*target > HMAC_SESSION_LAST)) && ((*target < POLICY_SESSION_FIRST) || (*target > POLICY_SESSION_LAST))) result = TPM_RC_VALUE; } return result; } #if !USE_MARSHALING_DEFINES UINT16 TPMI_SH_AUTH_SESSION_Marshal(TPMI_SH_AUTH_SESSION *source, BYTE **buffer, INT32 *size) { return TPM_HANDLE_Marshal((TPM_HANDLE *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // Table 2:47 - Definition of TPMI_SH_HMAC Type TPM_RC TPMI_SH_HMAC_Unmarshal(TPMI_SH_HMAC *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); if(result == TPM_RC_SUCCESS) { if((*target < HMAC_SESSION_FIRST) || (*target > HMAC_SESSION_LAST)) result = TPM_RC_VALUE; } return result; } #if !USE_MARSHALING_DEFINES UINT16 TPMI_SH_HMAC_Marshal(TPMI_SH_HMAC *source, BYTE **buffer, INT32 *size) { return TPM_HANDLE_Marshal((TPM_HANDLE *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // Table 2:48 - Definition of TPMI_SH_POLICY Type TPM_RC TPMI_SH_POLICY_Unmarshal(TPMI_SH_POLICY *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); if(result == TPM_RC_SUCCESS) { if((*target < POLICY_SESSION_FIRST) || (*target > POLICY_SESSION_LAST)) result = TPM_RC_VALUE; } return result; } #if !USE_MARSHALING_DEFINES UINT16 TPMI_SH_POLICY_Marshal(TPMI_SH_POLICY *source, BYTE **buffer, INT32 *size) { return TPM_HANDLE_Marshal((TPM_HANDLE *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // Table 2:49 - Definition of TPMI_DH_CONTEXT Type TPM_RC TPMI_DH_CONTEXT_Unmarshal(TPMI_DH_CONTEXT *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); if(result == TPM_RC_SUCCESS) { if( ((*target < HMAC_SESSION_FIRST) || (*target > HMAC_SESSION_LAST)) && ((*target < POLICY_SESSION_FIRST) || (*target > POLICY_SESSION_LAST)) && ((*target < TRANSIENT_FIRST) || (*target > TRANSIENT_LAST))) result = TPM_RC_VALUE; } return result; } #if !USE_MARSHALING_DEFINES UINT16 TPMI_DH_CONTEXT_Marshal(TPMI_DH_CONTEXT *source, BYTE **buffer, INT32 *size) { return TPM_HANDLE_Marshal((TPM_HANDLE *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // Table 2:50 - Definition of TPMI_DH_SAVED Type TPM_RC TPMI_DH_SAVED_Unmarshal(TPMI_DH_SAVED *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); if(result == TPM_RC_SUCCESS) { switch (*target) { case 0x80000000: case 0x80000001: case 0x80000002: break; default: if( ((*target < HMAC_SESSION_FIRST) || (*target > HMAC_SESSION_LAST)) && ((*target < POLICY_SESSION_FIRST) || (*target > POLICY_SESSION_LAST))) result = TPM_RC_VALUE; break; } } return result; } #if !USE_MARSHALING_DEFINES UINT16 TPMI_DH_SAVED_Marshal(TPMI_DH_SAVED *source, BYTE **buffer, INT32 *size) { return TPM_HANDLE_Marshal((TPM_HANDLE *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // Table 2:51 - Definition of TPMI_RH_HIERARCHY Type TPM_RC TPMI_RH_HIERARCHY_Unmarshal(TPMI_RH_HIERARCHY *target, BYTE **buffer, INT32 *size, BOOL flag) { TPM_RC result; result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); if(result == TPM_RC_SUCCESS) { switch (*target) { case TPM_RH_OWNER: case TPM_RH_PLATFORM: case TPM_RH_ENDORSEMENT: break; case TPM_RH_NULL: if(!flag) result = TPM_RC_VALUE; break; default: result = TPM_RC_VALUE; break; } } return result; } #if !USE_MARSHALING_DEFINES UINT16 TPMI_RH_HIERARCHY_Marshal(TPMI_RH_HIERARCHY *source, BYTE **buffer, INT32 *size) { return TPM_HANDLE_Marshal((TPM_HANDLE *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // Table 2:52 - Definition of TPMI_RH_ENABLES Type TPM_RC TPMI_RH_ENABLES_Unmarshal(TPMI_RH_ENABLES *target, BYTE **buffer, INT32 *size, BOOL flag) { TPM_RC result; result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); if(result == TPM_RC_SUCCESS) { switch (*target) { case TPM_RH_OWNER: case TPM_RH_PLATFORM: case TPM_RH_ENDORSEMENT: case TPM_RH_PLATFORM_NV: break; case TPM_RH_NULL: if(!flag) result = TPM_RC_VALUE; break; default: result = TPM_RC_VALUE; break; } } return result; } #if !USE_MARSHALING_DEFINES UINT16 TPMI_RH_ENABLES_Marshal(TPMI_RH_ENABLES *source, BYTE **buffer, INT32 *size) { return TPM_HANDLE_Marshal((TPM_HANDLE *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // Table 2:53 - Definition of TPMI_RH_HIERARCHY_AUTH Type TPM_RC TPMI_RH_HIERARCHY_AUTH_Unmarshal(TPMI_RH_HIERARCHY_AUTH *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); if(result == TPM_RC_SUCCESS) { switch (*target) { case TPM_RH_OWNER: case TPM_RH_PLATFORM: case TPM_RH_ENDORSEMENT: case TPM_RH_LOCKOUT: break; default: result = TPM_RC_VALUE; break; } } return result; } // Table 2:54 - Definition of TPMI_RH_PLATFORM Type TPM_RC TPMI_RH_PLATFORM_Unmarshal(TPMI_RH_PLATFORM *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); if(result == TPM_RC_SUCCESS) { switch (*target) { case TPM_RH_PLATFORM: break; default: result = TPM_RC_VALUE; break; } } return result; } // Table 2:55 - Definition of TPMI_RH_OWNER Type TPM_RC TPMI_RH_OWNER_Unmarshal(TPMI_RH_OWNER *target, BYTE **buffer, INT32 *size, BOOL flag) { TPM_RC result; result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); if(result == TPM_RC_SUCCESS) { switch (*target) { case TPM_RH_OWNER: break; case TPM_RH_NULL: if(!flag) result = TPM_RC_VALUE; break; default: result = TPM_RC_VALUE; break; } } return result; } // Table 2:56 - Definition of TPMI_RH_ENDORSEMENT Type TPM_RC TPMI_RH_ENDORSEMENT_Unmarshal(TPMI_RH_ENDORSEMENT *target, BYTE **buffer, INT32 *size, BOOL flag) { TPM_RC result; result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); if(result == TPM_RC_SUCCESS) { switch (*target) { case TPM_RH_ENDORSEMENT: break; case TPM_RH_NULL: if(!flag) result = TPM_RC_VALUE; break; default: result = TPM_RC_VALUE; break; } } return result; } // Table 2:57 - Definition of TPMI_RH_PROVISION Type TPM_RC TPMI_RH_PROVISION_Unmarshal(TPMI_RH_PROVISION *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); if(result == TPM_RC_SUCCESS) { switch (*target) { case TPM_RH_OWNER: case TPM_RH_PLATFORM: break; default: result = TPM_RC_VALUE; break; } } return result; } // Table 2:58 - Definition of TPMI_RH_CLEAR Type TPM_RC TPMI_RH_CLEAR_Unmarshal(TPMI_RH_CLEAR *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); if(result == TPM_RC_SUCCESS) { switch (*target) { case TPM_RH_LOCKOUT: case TPM_RH_PLATFORM: break; default: result = TPM_RC_VALUE; break; } } return result; } // Table 2:59 - Definition of TPMI_RH_NV_AUTH Type TPM_RC TPMI_RH_NV_AUTH_Unmarshal(TPMI_RH_NV_AUTH *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); if(result == TPM_RC_SUCCESS) { switch (*target) { case TPM_RH_PLATFORM: case TPM_RH_OWNER: break; default: if((*target < NV_INDEX_FIRST) || (*target > NV_INDEX_LAST)) result = TPM_RC_VALUE; break; } } return result; } // Table 2:60 - Definition of TPMI_RH_LOCKOUT Type TPM_RC TPMI_RH_LOCKOUT_Unmarshal(TPMI_RH_LOCKOUT *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); if(result == TPM_RC_SUCCESS) { switch (*target) { case TPM_RH_LOCKOUT: break; default: result = TPM_RC_VALUE; break; } } return result; } // Table 2:61 - Definition of TPMI_RH_NV_INDEX Type TPM_RC TPMI_RH_NV_INDEX_Unmarshal(TPMI_RH_NV_INDEX *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); if(result == TPM_RC_SUCCESS) { if((*target < NV_INDEX_FIRST) || (*target > NV_INDEX_LAST)) result = TPM_RC_VALUE; } return result; } #if !USE_MARSHALING_DEFINES UINT16 TPMI_RH_NV_INDEX_Marshal(TPMI_RH_NV_INDEX *source, BYTE **buffer, INT32 *size) { return TPM_HANDLE_Marshal((TPM_HANDLE *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // Table 2:62 - Definition of TPMI_RH_AC Type TPM_RC TPMI_RH_AC_Unmarshal(TPMI_RH_AC *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = TPM_HANDLE_Unmarshal((TPM_HANDLE *)target, buffer, size); if(result == TPM_RC_SUCCESS) { if((*target < AC_FIRST) || (*target > AC_LAST)) result = TPM_RC_VALUE; } return result; } // Table 2:63 - Definition of TPMI_ALG_HASH Type TPM_RC TPMI_ALG_HASH_Unmarshal(TPMI_ALG_HASH *target, BYTE **buffer, INT32 *size, BOOL flag) { TPM_RC result; result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); if(result == TPM_RC_SUCCESS) { switch (*target) { #if ALG_SHA1 case ALG_SHA1_VALUE: #endif // ALG_SHA1 #if ALG_SHA256 case ALG_SHA256_VALUE: #endif // ALG_SHA256 #if ALG_SHA384 case ALG_SHA384_VALUE: #endif // ALG_SHA384 #if ALG_SHA512 case ALG_SHA512_VALUE: #endif // ALG_SHA512 #if ALG_SM3_256 case ALG_SM3_256_VALUE: #endif // ALG_SM3_256 #if ALG_SHA3_256 case ALG_SHA3_256_VALUE: #endif // ALG_SHA3_256 #if ALG_SHA3_384 case ALG_SHA3_384_VALUE: #endif // ALG_SHA3_384 #if ALG_SHA3_512 case ALG_SHA3_512_VALUE: #endif // ALG_SHA3_512 break; case ALG_NULL_VALUE: if(!flag) result = TPM_RC_HASH; break; default: result = TPM_RC_HASH; break; } } return result; } #if !USE_MARSHALING_DEFINES UINT16 TPMI_ALG_HASH_Marshal(TPMI_ALG_HASH *source, BYTE **buffer, INT32 *size) { return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // Table 2:64 - Definition of TPMI_ALG_ASYM Type TPM_RC TPMI_ALG_ASYM_Unmarshal(TPMI_ALG_ASYM *target, BYTE **buffer, INT32 *size, BOOL flag) { TPM_RC result; result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); if(result == TPM_RC_SUCCESS) { switch (*target) { #if ALG_RSA case ALG_RSA_VALUE: #endif // ALG_RSA #if ALG_ECC case ALG_ECC_VALUE: #endif // ALG_ECC break; case ALG_NULL_VALUE: if(!flag) result = TPM_RC_ASYMMETRIC; break; default: result = TPM_RC_ASYMMETRIC; break; } } return result; } #if !USE_MARSHALING_DEFINES UINT16 TPMI_ALG_ASYM_Marshal(TPMI_ALG_ASYM *source, BYTE **buffer, INT32 *size) { return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // Table 2:65 - Definition of TPMI_ALG_SYM Type TPM_RC TPMI_ALG_SYM_Unmarshal(TPMI_ALG_SYM *target, BYTE **buffer, INT32 *size, BOOL flag) { TPM_RC result; result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); if(result == TPM_RC_SUCCESS) { switch (*target) { #if ALG_TDES case ALG_TDES_VALUE: #endif // ALG_TDES #if ALG_AES case ALG_AES_VALUE: #endif // ALG_AES #if ALG_SM4 case ALG_SM4_VALUE: #endif // ALG_SM4 #if ALG_CAMELLIA case ALG_CAMELLIA_VALUE: #endif // ALG_CAMELLIA #if ALG_XOR case ALG_XOR_VALUE: #endif // ALG_XOR break; case ALG_NULL_VALUE: if(!flag) result = TPM_RC_SYMMETRIC; break; default: result = TPM_RC_SYMMETRIC; break; } } return result; } #if !USE_MARSHALING_DEFINES UINT16 TPMI_ALG_SYM_Marshal(TPMI_ALG_SYM *source, BYTE **buffer, INT32 *size) { return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // Table 2:66 - Definition of TPMI_ALG_SYM_OBJECT Type TPM_RC TPMI_ALG_SYM_OBJECT_Unmarshal(TPMI_ALG_SYM_OBJECT *target, BYTE **buffer, INT32 *size, BOOL flag) { TPM_RC result; result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); if(result == TPM_RC_SUCCESS) { switch (*target) { #if ALG_TDES case ALG_TDES_VALUE: #endif // ALG_TDES #if ALG_AES case ALG_AES_VALUE: #endif // ALG_AES #if ALG_SM4 case ALG_SM4_VALUE: #endif // ALG_SM4 #if ALG_CAMELLIA case ALG_CAMELLIA_VALUE: #endif // ALG_CAMELLIA break; case ALG_NULL_VALUE: if(!flag) result = TPM_RC_SYMMETRIC; break; default: result = TPM_RC_SYMMETRIC; break; } } return result; } #if !USE_MARSHALING_DEFINES UINT16 TPMI_ALG_SYM_OBJECT_Marshal(TPMI_ALG_SYM_OBJECT *source, BYTE **buffer, INT32 *size) { return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // Table 2:67 - Definition of TPMI_ALG_SYM_MODE Type TPM_RC TPMI_ALG_SYM_MODE_Unmarshal(TPMI_ALG_SYM_MODE *target, BYTE **buffer, INT32 *size, BOOL flag) { TPM_RC result; result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); if(result == TPM_RC_SUCCESS) { switch (*target) { #if ALG_CTR case ALG_CTR_VALUE: #endif // ALG_CTR #if ALG_OFB case ALG_OFB_VALUE: #endif // ALG_OFB #if ALG_CBC case ALG_CBC_VALUE: #endif // ALG_CBC #if ALG_CFB case ALG_CFB_VALUE: #endif // ALG_CFB #if ALG_ECB case ALG_ECB_VALUE: #endif // ALG_ECB #if ALG_CMAC case ALG_CMAC_VALUE: #endif // ALG_CMAC break; case ALG_NULL_VALUE: if(!flag) result = TPM_RC_MODE; break; default: result = TPM_RC_MODE; break; } } return result; } #if !USE_MARSHALING_DEFINES UINT16 TPMI_ALG_SYM_MODE_Marshal(TPMI_ALG_SYM_MODE *source, BYTE **buffer, INT32 *size) { return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // Table 2:68 - Definition of TPMI_ALG_KDF Type TPM_RC TPMI_ALG_KDF_Unmarshal(TPMI_ALG_KDF *target, BYTE **buffer, INT32 *size, BOOL flag) { TPM_RC result; result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); if(result == TPM_RC_SUCCESS) { switch (*target) { #if ALG_MGF1 case ALG_MGF1_VALUE: #endif // ALG_MGF1 #if ALG_KDF1_SP800_56A case ALG_KDF1_SP800_56A_VALUE: #endif // ALG_KDF1_SP800_56A #if ALG_KDF2 case ALG_KDF2_VALUE: #endif // ALG_KDF2 #if ALG_KDF1_SP800_108 case ALG_KDF1_SP800_108_VALUE: #endif // ALG_KDF1_SP800_108 break; case ALG_NULL_VALUE: if(!flag) result = TPM_RC_KDF; break; default: result = TPM_RC_KDF; break; } } return result; } #if !USE_MARSHALING_DEFINES UINT16 TPMI_ALG_KDF_Marshal(TPMI_ALG_KDF *source, BYTE **buffer, INT32 *size) { return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // Table 2:69 - Definition of TPMI_ALG_SIG_SCHEME Type TPM_RC TPMI_ALG_SIG_SCHEME_Unmarshal(TPMI_ALG_SIG_SCHEME *target, BYTE **buffer, INT32 *size, BOOL flag) { TPM_RC result; result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); if(result == TPM_RC_SUCCESS) { switch (*target) { #if ALG_ECDAA case ALG_ECDAA_VALUE: #endif // ALG_ECDAA #if ALG_RSASSA case ALG_RSASSA_VALUE: #endif // ALG_RSASSA #if ALG_RSAPSS case ALG_RSAPSS_VALUE: #endif // ALG_RSAPSS #if ALG_ECDSA case ALG_ECDSA_VALUE: #endif // ALG_ECDSA #if ALG_SM2 case ALG_SM2_VALUE: #endif // ALG_SM2 #if ALG_ECSCHNORR case ALG_ECSCHNORR_VALUE: #endif // ALG_ECSCHNORR #if ALG_HMAC case ALG_HMAC_VALUE: #endif // ALG_HMAC break; case ALG_NULL_VALUE: if(!flag) result = TPM_RC_SCHEME; break; default: result = TPM_RC_SCHEME; break; } } return result; } #if !USE_MARSHALING_DEFINES UINT16 TPMI_ALG_SIG_SCHEME_Marshal(TPMI_ALG_SIG_SCHEME *source, BYTE **buffer, INT32 *size) { return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // Table 2:70 - Definition of TPMI_ECC_KEY_EXCHANGE Type #if ALG_ECC TPM_RC TPMI_ECC_KEY_EXCHANGE_Unmarshal(TPMI_ECC_KEY_EXCHANGE *target, BYTE **buffer, INT32 *size, BOOL flag) { TPM_RC result; result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); if(result == TPM_RC_SUCCESS) { switch (*target) { #if ALG_ECDH case ALG_ECDH_VALUE: #endif // ALG_ECDH #if ALG_ECMQV case ALG_ECMQV_VALUE: #endif // ALG_ECMQV #if ALG_SM2 case ALG_SM2_VALUE: #endif // ALG_SM2 break; case ALG_NULL_VALUE: if(!flag) result = TPM_RC_SCHEME; break; default: result = TPM_RC_SCHEME; break; } } return result; } #if !USE_MARSHALING_DEFINES UINT16 TPMI_ECC_KEY_EXCHANGE_Marshal(TPMI_ECC_KEY_EXCHANGE *source, BYTE **buffer, INT32 *size) { return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES #endif // ALG_ECC // Table 2:71 - Definition of TPMI_ST_COMMAND_TAG Type TPM_RC TPMI_ST_COMMAND_TAG_Unmarshal(TPMI_ST_COMMAND_TAG *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = TPM_ST_Unmarshal((TPM_ST *)target, buffer, size); if(result == TPM_RC_SUCCESS) { switch (*target) { case TPM_ST_NO_SESSIONS: case TPM_ST_SESSIONS: break; default: result = TPM_RC_BAD_TAG; break; } } return result; } #if !USE_MARSHALING_DEFINES UINT16 TPMI_ST_COMMAND_TAG_Marshal(TPMI_ST_COMMAND_TAG *source, BYTE **buffer, INT32 *size) { return TPM_ST_Marshal((TPM_ST *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // Table 2:72 - Definition of TPMI_ALG_MAC_SCHEME Type TPM_RC TPMI_ALG_MAC_SCHEME_Unmarshal(TPMI_ALG_MAC_SCHEME *target, BYTE **buffer, INT32 *size, BOOL flag) { TPM_RC result; result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); if(result == TPM_RC_SUCCESS) { switch (*target) { #if ALG_CMAC case ALG_CMAC_VALUE: #endif // ALG_CMAC #if ALG_SHA1 case ALG_SHA1_VALUE: #endif // ALG_SHA1 #if ALG_SHA256 case ALG_SHA256_VALUE: #endif // ALG_SHA256 #if ALG_SHA384 case ALG_SHA384_VALUE: #endif // ALG_SHA384 #if ALG_SHA512 case ALG_SHA512_VALUE: #endif // ALG_SHA512 #if ALG_SM3_256 case ALG_SM3_256_VALUE: #endif // ALG_SM3_256 #if ALG_SHA3_256 case ALG_SHA3_256_VALUE: #endif // ALG_SHA3_256 #if ALG_SHA3_384 case ALG_SHA3_384_VALUE: #endif // ALG_SHA3_384 #if ALG_SHA3_512 case ALG_SHA3_512_VALUE: #endif // ALG_SHA3_512 break; case ALG_NULL_VALUE: if(!flag) result = TPM_RC_SYMMETRIC; break; default: result = TPM_RC_SYMMETRIC; break; } } return result; } #if !USE_MARSHALING_DEFINES UINT16 TPMI_ALG_MAC_SCHEME_Marshal(TPMI_ALG_MAC_SCHEME *source, BYTE **buffer, INT32 *size) { return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // Table 2:73 - Definition of TPMI_ALG_CIPHER_MODE Type TPM_RC TPMI_ALG_CIPHER_MODE_Unmarshal(TPMI_ALG_CIPHER_MODE *target, BYTE **buffer, INT32 *size, BOOL flag) { TPM_RC result; result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); if(result == TPM_RC_SUCCESS) { switch (*target) { #if ALG_CTR case ALG_CTR_VALUE: #endif // ALG_CTR #if ALG_OFB case ALG_OFB_VALUE: #endif // ALG_OFB #if ALG_CBC case ALG_CBC_VALUE: #endif // ALG_CBC #if ALG_CFB case ALG_CFB_VALUE: #endif // ALG_CFB #if ALG_ECB case ALG_ECB_VALUE: #endif // ALG_ECB break; case ALG_NULL_VALUE: if(!flag) result = TPM_RC_MODE; break; default: result = TPM_RC_MODE; break; } } return result; } #if !USE_MARSHALING_DEFINES UINT16 TPMI_ALG_CIPHER_MODE_Marshal(TPMI_ALG_CIPHER_MODE *source, BYTE **buffer, INT32 *size) { return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // Table 2:74 - Definition of TPMS_EMPTY Structure TPM_RC TPMS_EMPTY_Unmarshal(TPMS_EMPTY *target, BYTE **buffer, INT32 *size) { // to prevent the compiler from complaining NOT_REFERENCED(target); NOT_REFERENCED(buffer); NOT_REFERENCED(size); return TPM_RC_SUCCESS; } UINT16 TPMS_EMPTY_Marshal(TPMS_EMPTY *source, BYTE **buffer, INT32 *size) { // to prevent the compiler from complaining NOT_REFERENCED(source); NOT_REFERENCED(buffer); NOT_REFERENCED(size); return 0; } // Table 2:75 - Definition of TPMS_ALGORITHM_DESCRIPTION Structure UINT16 TPMS_ALGORITHM_DESCRIPTION_Marshal(TPMS_ALGORITHM_DESCRIPTION *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + TPM_ALG_ID_Marshal((TPM_ALG_ID *)&(source->alg), buffer, size)); result = (UINT16)(result + TPMA_ALGORITHM_Marshal((TPMA_ALGORITHM *)&(source->attributes), buffer, size)); return result; } // Table 2:76 - Definition of TPMU_HA Union TPM_RC TPMU_HA_Unmarshal(TPMU_HA *target, BYTE **buffer, INT32 *size, UINT32 selector) { switch(selector) { #if ALG_SHA1 case ALG_SHA1_VALUE: return BYTE_Array_Unmarshal((BYTE *)(target->sha1), buffer, size, (INT32)SHA1_DIGEST_SIZE); #endif // ALG_SHA1 #if ALG_SHA256 case ALG_SHA256_VALUE: return BYTE_Array_Unmarshal((BYTE *)(target->sha256), buffer, size, (INT32)SHA256_DIGEST_SIZE); #endif // ALG_SHA256 #if ALG_SHA384 case ALG_SHA384_VALUE: return BYTE_Array_Unmarshal((BYTE *)(target->sha384), buffer, size, (INT32)SHA384_DIGEST_SIZE); #endif // ALG_SHA384 #if ALG_SHA512 case ALG_SHA512_VALUE: return BYTE_Array_Unmarshal((BYTE *)(target->sha512), buffer, size, (INT32)SHA512_DIGEST_SIZE); #endif // ALG_SHA512 #if ALG_SM3_256 case ALG_SM3_256_VALUE: return BYTE_Array_Unmarshal((BYTE *)(target->sm3_256), buffer, size, (INT32)SM3_256_DIGEST_SIZE); #endif // ALG_SM3_256 #if ALG_SHA3_256 case ALG_SHA3_256_VALUE: return BYTE_Array_Unmarshal((BYTE *)(target->sha3_256), buffer, size, (INT32)SHA3_256_DIGEST_SIZE); #endif // ALG_SHA3_256 #if ALG_SHA3_384 case ALG_SHA3_384_VALUE: return BYTE_Array_Unmarshal((BYTE *)(target->sha3_384), buffer, size, (INT32)SHA3_384_DIGEST_SIZE); #endif // ALG_SHA3_384 #if ALG_SHA3_512 case ALG_SHA3_512_VALUE: return BYTE_Array_Unmarshal((BYTE *)(target->sha3_512), buffer, size, (INT32)SHA3_512_DIGEST_SIZE); #endif // ALG_SHA3_512 case ALG_NULL_VALUE: return TPM_RC_SUCCESS; } return TPM_RC_SELECTOR; } UINT16 TPMU_HA_Marshal(TPMU_HA *source, BYTE **buffer, INT32 *size, UINT32 selector) { switch(selector) { #if ALG_SHA1 case ALG_SHA1_VALUE: return BYTE_Array_Marshal((BYTE *)(source->sha1), buffer, size, (INT32)SHA1_DIGEST_SIZE); #endif // ALG_SHA1 #if ALG_SHA256 case ALG_SHA256_VALUE: return BYTE_Array_Marshal((BYTE *)(source->sha256), buffer, size, (INT32)SHA256_DIGEST_SIZE); #endif // ALG_SHA256 #if ALG_SHA384 case ALG_SHA384_VALUE: return BYTE_Array_Marshal((BYTE *)(source->sha384), buffer, size, (INT32)SHA384_DIGEST_SIZE); #endif // ALG_SHA384 #if ALG_SHA512 case ALG_SHA512_VALUE: return BYTE_Array_Marshal((BYTE *)(source->sha512), buffer, size, (INT32)SHA512_DIGEST_SIZE); #endif // ALG_SHA512 #if ALG_SM3_256 case ALG_SM3_256_VALUE: return BYTE_Array_Marshal((BYTE *)(source->sm3_256), buffer, size, (INT32)SM3_256_DIGEST_SIZE); #endif // ALG_SM3_256 #if ALG_SHA3_256 case ALG_SHA3_256_VALUE: return BYTE_Array_Marshal((BYTE *)(source->sha3_256), buffer, size, (INT32)SHA3_256_DIGEST_SIZE); #endif // ALG_SHA3_256 #if ALG_SHA3_384 case ALG_SHA3_384_VALUE: return BYTE_Array_Marshal((BYTE *)(source->sha3_384), buffer, size, (INT32)SHA3_384_DIGEST_SIZE); #endif // ALG_SHA3_384 #if ALG_SHA3_512 case ALG_SHA3_512_VALUE: return BYTE_Array_Marshal((BYTE *)(source->sha3_512), buffer, size, (INT32)SHA3_512_DIGEST_SIZE); #endif // ALG_SHA3_512 case ALG_NULL_VALUE: return 0; } return 0; } // Table 2:77 - Definition of TPMT_HA Structure TPM_RC TPMT_HA_Unmarshal(TPMT_HA *target, BYTE **buffer, INT32 *size, BOOL flag) { TPM_RC result; result = TPMI_ALG_HASH_Unmarshal((TPMI_ALG_HASH *)&(target->hashAlg), buffer, size, flag); if(result == TPM_RC_SUCCESS) result = TPMU_HA_Unmarshal((TPMU_HA *)&(target->digest), buffer, size, (UINT32)target->hashAlg); return result; } UINT16 TPMT_HA_Marshal(TPMT_HA *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + TPMI_ALG_HASH_Marshal((TPMI_ALG_HASH *)&(source->hashAlg), buffer, size)); result = (UINT16)(result + TPMU_HA_Marshal((TPMU_HA *)&(source->digest), buffer, size, (UINT32)source->hashAlg)); return result; } // Table 2:78 - Definition of TPM2B_DIGEST Structure TPM_RC TPM2B_DIGEST_Unmarshal(TPM2B_DIGEST *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); if(result == TPM_RC_SUCCESS) { if((target->t.size) > sizeof(TPMU_HA)) result = TPM_RC_SIZE; else result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); } return result; } UINT16 TPM2B_DIGEST_Marshal(TPM2B_DIGEST *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); // if size equal to 0, the rest of the structure is a zero buffer. Stop processing if(source->t.size == 0) return result; result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); return result; } // Table 2:79 - Definition of TPM2B_DATA Structure TPM_RC TPM2B_DATA_Unmarshal(TPM2B_DATA *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); if(result == TPM_RC_SUCCESS) { if((target->t.size) > sizeof(TPMT_HA)) result = TPM_RC_SIZE; else result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); } return result; } UINT16 TPM2B_DATA_Marshal(TPM2B_DATA *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); // if size equal to 0, the rest of the structure is a zero buffer. Stop processing if(source->t.size == 0) return result; result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); return result; } // Table 2:80 - Definition of Types for TPM2B_NONCE #if !USE_MARSHALING_DEFINES TPM_RC TPM2B_NONCE_Unmarshal(TPM2B_NONCE *target, BYTE **buffer, INT32 *size) { return TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)target, buffer, size); } UINT16 TPM2B_NONCE_Marshal(TPM2B_NONCE *source, BYTE **buffer, INT32 *size) { return TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // Table 2:81 - Definition of Types for TPM2B_AUTH #if !USE_MARSHALING_DEFINES TPM_RC TPM2B_AUTH_Unmarshal(TPM2B_AUTH *target, BYTE **buffer, INT32 *size) { return TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)target, buffer, size); } UINT16 TPM2B_AUTH_Marshal(TPM2B_AUTH *source, BYTE **buffer, INT32 *size) { return TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // Table 2:82 - Definition of Types for TPM2B_OPERAND #if !USE_MARSHALING_DEFINES TPM_RC TPM2B_OPERAND_Unmarshal(TPM2B_OPERAND *target, BYTE **buffer, INT32 *size) { return TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)target, buffer, size); } UINT16 TPM2B_OPERAND_Marshal(TPM2B_OPERAND *source, BYTE **buffer, INT32 *size) { return TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // Table 2:83 - Definition of TPM2B_EVENT Structure TPM_RC TPM2B_EVENT_Unmarshal(TPM2B_EVENT *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); if(result == TPM_RC_SUCCESS) { if((target->t.size) > 1024) result = TPM_RC_SIZE; else result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); } return result; } UINT16 TPM2B_EVENT_Marshal(TPM2B_EVENT *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); // if size equal to 0, the rest of the structure is a zero buffer. Stop processing if(source->t.size == 0) return result; result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); return result; } // Table 2:84 - Definition of TPM2B_MAX_BUFFER Structure TPM_RC TPM2B_MAX_BUFFER_Unmarshal(TPM2B_MAX_BUFFER *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); if(result == TPM_RC_SUCCESS) { if((target->t.size) > MAX_DIGEST_BUFFER) result = TPM_RC_SIZE; else result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); } return result; } UINT16 TPM2B_MAX_BUFFER_Marshal(TPM2B_MAX_BUFFER *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); // if size equal to 0, the rest of the structure is a zero buffer. Stop processing if(source->t.size == 0) return result; result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); return result; } // Table 2:85 - Definition of TPM2B_MAX_NV_BUFFER Structure TPM_RC TPM2B_MAX_NV_BUFFER_Unmarshal(TPM2B_MAX_NV_BUFFER *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); if(result == TPM_RC_SUCCESS) { if((target->t.size) > MAX_NV_BUFFER_SIZE) result = TPM_RC_SIZE; else result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); } return result; } UINT16 TPM2B_MAX_NV_BUFFER_Marshal(TPM2B_MAX_NV_BUFFER *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); // if size equal to 0, the rest of the structure is a zero buffer. Stop processing if(source->t.size == 0) return result; result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); return result; } // Table 2:86 - Definition of TPM2B_TIMEOUT Structure TPM_RC TPM2B_TIMEOUT_Unmarshal(TPM2B_TIMEOUT *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); if(result == TPM_RC_SUCCESS) { if((target->t.size) > sizeof(UINT64)) result = TPM_RC_SIZE; else result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); } return result; } UINT16 TPM2B_TIMEOUT_Marshal(TPM2B_TIMEOUT *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); // if size equal to 0, the rest of the structure is a zero buffer. Stop processing if(source->t.size == 0) return result; result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); return result; } // Table 2:87 - Definition of TPM2B_IV Structure TPM_RC TPM2B_IV_Unmarshal(TPM2B_IV *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); if(result == TPM_RC_SUCCESS) { if((target->t.size) > MAX_SYM_BLOCK_SIZE) result = TPM_RC_SIZE; else result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); } return result; } UINT16 TPM2B_IV_Marshal(TPM2B_IV *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); // if size equal to 0, the rest of the structure is a zero buffer. Stop processing if(source->t.size == 0) return result; result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); return result; } // Table 2:88 - Definition of TPMU_NAME Union // Table 2:89 - Definition of TPM2B_NAME Structure TPM_RC TPM2B_NAME_Unmarshal(TPM2B_NAME *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); if(result == TPM_RC_SUCCESS) { if((target->t.size) > sizeof(TPMU_NAME)) result = TPM_RC_SIZE; else result = BYTE_Array_Unmarshal((BYTE *)(target->t.name), buffer, size, (INT32)(target->t.size)); } return result; } UINT16 TPM2B_NAME_Marshal(TPM2B_NAME *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); // if size equal to 0, the rest of the structure is a zero buffer. Stop processing if(source->t.size == 0) return result; result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.name), buffer, size, (INT32)(source->t.size))); return result; } // Table 2:90 - Definition of TPMS_PCR_SELECT Structure TPM_RC TPMS_PCR_SELECT_Unmarshal(TPMS_PCR_SELECT *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = UINT8_Unmarshal((UINT8 *)&(target->sizeofSelect), buffer, size); if( (result == TPM_RC_SUCCESS) && (target->sizeofSelect < PCR_SELECT_MIN)) result = TPM_RC_VALUE; if(result == TPM_RC_SUCCESS) { if((target->sizeofSelect) > PCR_SELECT_MAX) result = TPM_RC_VALUE; else result = BYTE_Array_Unmarshal((BYTE *)(target->pcrSelect), buffer, size, (INT32)(target->sizeofSelect)); } return result; } UINT16 TPMS_PCR_SELECT_Marshal(TPMS_PCR_SELECT *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + UINT8_Marshal((UINT8 *)&(source->sizeofSelect), buffer, size)); result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->pcrSelect), buffer, size, (INT32)(source->sizeofSelect))); return result; } // Table 2:91 - Definition of TPMS_PCR_SELECTION Structure TPM_RC TPMS_PCR_SELECTION_Unmarshal(TPMS_PCR_SELECTION *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = TPMI_ALG_HASH_Unmarshal((TPMI_ALG_HASH *)&(target->hash), buffer, size, 0); if(result == TPM_RC_SUCCESS) result = UINT8_Unmarshal((UINT8 *)&(target->sizeofSelect), buffer, size); if( (result == TPM_RC_SUCCESS) && (target->sizeofSelect < PCR_SELECT_MIN)) result = TPM_RC_VALUE; if(result == TPM_RC_SUCCESS) { if((target->sizeofSelect) > PCR_SELECT_MAX) result = TPM_RC_VALUE; else result = BYTE_Array_Unmarshal((BYTE *)(target->pcrSelect), buffer, size, (INT32)(target->sizeofSelect)); } return result; } UINT16 TPMS_PCR_SELECTION_Marshal(TPMS_PCR_SELECTION *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + TPMI_ALG_HASH_Marshal((TPMI_ALG_HASH *)&(source->hash), buffer, size)); result = (UINT16)(result + UINT8_Marshal((UINT8 *)&(source->sizeofSelect), buffer, size)); result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->pcrSelect), buffer, size, (INT32)(source->sizeofSelect))); return result; } // Table 2:94 - Definition of TPMT_TK_CREATION Structure TPM_RC TPMT_TK_CREATION_Unmarshal(TPMT_TK_CREATION *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = TPM_ST_Unmarshal((TPM_ST *)&(target->tag), buffer, size); if( (result == TPM_RC_SUCCESS) && (target->tag != TPM_ST_CREATION)) result = TPM_RC_TAG; if(result == TPM_RC_SUCCESS) result = TPMI_RH_HIERARCHY_Unmarshal((TPMI_RH_HIERARCHY *)&(target->hierarchy), buffer, size, 1); if(result == TPM_RC_SUCCESS) result = TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)&(target->digest), buffer, size); return result; } UINT16 TPMT_TK_CREATION_Marshal(TPMT_TK_CREATION *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + TPM_ST_Marshal((TPM_ST *)&(source->tag), buffer, size)); result = (UINT16)(result + TPMI_RH_HIERARCHY_Marshal((TPMI_RH_HIERARCHY *)&(source->hierarchy), buffer, size)); result = (UINT16)(result + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->digest), buffer, size)); return result; } // Table 2:95 - Definition of TPMT_TK_VERIFIED Structure TPM_RC TPMT_TK_VERIFIED_Unmarshal(TPMT_TK_VERIFIED *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = TPM_ST_Unmarshal((TPM_ST *)&(target->tag), buffer, size); if( (result == TPM_RC_SUCCESS) && (target->tag != TPM_ST_VERIFIED)) result = TPM_RC_TAG; if(result == TPM_RC_SUCCESS) result = TPMI_RH_HIERARCHY_Unmarshal((TPMI_RH_HIERARCHY *)&(target->hierarchy), buffer, size, 1); if(result == TPM_RC_SUCCESS) result = TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)&(target->digest), buffer, size); return result; } UINT16 TPMT_TK_VERIFIED_Marshal(TPMT_TK_VERIFIED *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + TPM_ST_Marshal((TPM_ST *)&(source->tag), buffer, size)); result = (UINT16)(result + TPMI_RH_HIERARCHY_Marshal((TPMI_RH_HIERARCHY *)&(source->hierarchy), buffer, size)); result = (UINT16)(result + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->digest), buffer, size)); return result; } // Table 2:96 - Definition of TPMT_TK_AUTH Structure TPM_RC TPMT_TK_AUTH_Unmarshal(TPMT_TK_AUTH *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = TPM_ST_Unmarshal((TPM_ST *)&(target->tag), buffer, size); if( (result == TPM_RC_SUCCESS) && (target->tag != TPM_ST_AUTH_SIGNED) && (target->tag != TPM_ST_AUTH_SECRET)) result = TPM_RC_TAG; if(result == TPM_RC_SUCCESS) result = TPMI_RH_HIERARCHY_Unmarshal((TPMI_RH_HIERARCHY *)&(target->hierarchy), buffer, size, 1); if(result == TPM_RC_SUCCESS) result = TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)&(target->digest), buffer, size); return result; } UINT16 TPMT_TK_AUTH_Marshal(TPMT_TK_AUTH *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + TPM_ST_Marshal((TPM_ST *)&(source->tag), buffer, size)); result = (UINT16)(result + TPMI_RH_HIERARCHY_Marshal((TPMI_RH_HIERARCHY *)&(source->hierarchy), buffer, size)); result = (UINT16)(result + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->digest), buffer, size)); return result; } // Table 2:97 - Definition of TPMT_TK_HASHCHECK Structure TPM_RC TPMT_TK_HASHCHECK_Unmarshal(TPMT_TK_HASHCHECK *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = TPM_ST_Unmarshal((TPM_ST *)&(target->tag), buffer, size); if( (result == TPM_RC_SUCCESS) && (target->tag != TPM_ST_HASHCHECK)) result = TPM_RC_TAG; if(result == TPM_RC_SUCCESS) result = TPMI_RH_HIERARCHY_Unmarshal((TPMI_RH_HIERARCHY *)&(target->hierarchy), buffer, size, 1); if(result == TPM_RC_SUCCESS) result = TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)&(target->digest), buffer, size); return result; } UINT16 TPMT_TK_HASHCHECK_Marshal(TPMT_TK_HASHCHECK *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + TPM_ST_Marshal((TPM_ST *)&(source->tag), buffer, size)); result = (UINT16)(result + TPMI_RH_HIERARCHY_Marshal((TPMI_RH_HIERARCHY *)&(source->hierarchy), buffer, size)); result = (UINT16)(result + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->digest), buffer, size)); return result; } // Table 2:98 - Definition of TPMS_ALG_PROPERTY Structure UINT16 TPMS_ALG_PROPERTY_Marshal(TPMS_ALG_PROPERTY *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + TPM_ALG_ID_Marshal((TPM_ALG_ID *)&(source->alg), buffer, size)); result = (UINT16)(result + TPMA_ALGORITHM_Marshal((TPMA_ALGORITHM *)&(source->algProperties), buffer, size)); return result; } // Table 2:99 - Definition of TPMS_TAGGED_PROPERTY Structure UINT16 TPMS_TAGGED_PROPERTY_Marshal(TPMS_TAGGED_PROPERTY *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + TPM_PT_Marshal((TPM_PT *)&(source->property), buffer, size)); result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->value), buffer, size)); return result; } // Table 2:100 - Definition of TPMS_TAGGED_PCR_SELECT Structure UINT16 TPMS_TAGGED_PCR_SELECT_Marshal(TPMS_TAGGED_PCR_SELECT *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + TPM_PT_PCR_Marshal((TPM_PT_PCR *)&(source->tag), buffer, size)); result = (UINT16)(result + UINT8_Marshal((UINT8 *)&(source->sizeofSelect), buffer, size)); result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->pcrSelect), buffer, size, (INT32)(source->sizeofSelect))); return result; } // Table 2:101 - Definition of TPMS_TAGGED_POLICY Structure UINT16 TPMS_TAGGED_POLICY_Marshal(TPMS_TAGGED_POLICY *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + TPM_HANDLE_Marshal((TPM_HANDLE *)&(source->handle), buffer, size)); result = (UINT16)(result + TPMT_HA_Marshal((TPMT_HA *)&(source->policyHash), buffer, size)); return result; } // Table 2:102 - Definition of TPML_CC Structure TPM_RC TPML_CC_Unmarshal(TPML_CC *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = UINT32_Unmarshal((UINT32 *)&(target->count), buffer, size); if(result == TPM_RC_SUCCESS) { if((target->count) > MAX_CAP_CC) result = TPM_RC_SIZE; else result = TPM_CC_Array_Unmarshal((TPM_CC *)(target->commandCodes), buffer, size, (INT32)(target->count)); } return result; } UINT16 TPML_CC_Marshal(TPML_CC *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->count), buffer, size)); result = (UINT16)(result + TPM_CC_Array_Marshal((TPM_CC *)(source->commandCodes), buffer, size, (INT32)(source->count))); return result; } // Table 2:103 - Definition of TPML_CCA Structure UINT16 TPML_CCA_Marshal(TPML_CCA *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->count), buffer, size)); result = (UINT16)(result + TPMA_CC_Array_Marshal((TPMA_CC *)(source->commandAttributes), buffer, size, (INT32)(source->count))); return result; } // Table 2:104 - Definition of TPML_ALG Structure TPM_RC TPML_ALG_Unmarshal(TPML_ALG *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = UINT32_Unmarshal((UINT32 *)&(target->count), buffer, size); if(result == TPM_RC_SUCCESS) { if((target->count) > MAX_ALG_LIST_SIZE) result = TPM_RC_SIZE; else result = TPM_ALG_ID_Array_Unmarshal((TPM_ALG_ID *)(target->algorithms), buffer, size, (INT32)(target->count)); } return result; } UINT16 TPML_ALG_Marshal(TPML_ALG *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->count), buffer, size)); result = (UINT16)(result + TPM_ALG_ID_Array_Marshal((TPM_ALG_ID *)(source->algorithms), buffer, size, (INT32)(source->count))); return result; } // Table 2:105 - Definition of TPML_HANDLE Structure UINT16 TPML_HANDLE_Marshal(TPML_HANDLE *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->count), buffer, size)); result = (UINT16)(result + TPM_HANDLE_Array_Marshal((TPM_HANDLE *)(source->handle), buffer, size, (INT32)(source->count))); return result; } // Table 2:106 - Definition of TPML_DIGEST Structure TPM_RC TPML_DIGEST_Unmarshal(TPML_DIGEST *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = UINT32_Unmarshal((UINT32 *)&(target->count), buffer, size); if( (result == TPM_RC_SUCCESS) && (target->count < 2)) result = TPM_RC_SIZE; if(result == TPM_RC_SUCCESS) { if((target->count) > 8) result = TPM_RC_SIZE; else result = TPM2B_DIGEST_Array_Unmarshal((TPM2B_DIGEST *)(target->digests), buffer, size, (INT32)(target->count)); } return result; } UINT16 TPML_DIGEST_Marshal(TPML_DIGEST *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->count), buffer, size)); result = (UINT16)(result + TPM2B_DIGEST_Array_Marshal((TPM2B_DIGEST *)(source->digests), buffer, size, (INT32)(source->count))); return result; } // Table 2:107 - Definition of TPML_DIGEST_VALUES Structure TPM_RC TPML_DIGEST_VALUES_Unmarshal(TPML_DIGEST_VALUES *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = UINT32_Unmarshal((UINT32 *)&(target->count), buffer, size); if(result == TPM_RC_SUCCESS) { if((target->count) > HASH_COUNT) result = TPM_RC_SIZE; else result = TPMT_HA_Array_Unmarshal((TPMT_HA *)(target->digests), buffer, size, 0, (INT32)(target->count)); } return result; } UINT16 TPML_DIGEST_VALUES_Marshal(TPML_DIGEST_VALUES *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->count), buffer, size)); result = (UINT16)(result + TPMT_HA_Array_Marshal((TPMT_HA *)(source->digests), buffer, size, (INT32)(source->count))); return result; } // Table 2:108 - Definition of TPML_PCR_SELECTION Structure TPM_RC TPML_PCR_SELECTION_Unmarshal(TPML_PCR_SELECTION *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = UINT32_Unmarshal((UINT32 *)&(target->count), buffer, size); if(result == TPM_RC_SUCCESS) { if((target->count) > HASH_COUNT) result = TPM_RC_SIZE; else result = TPMS_PCR_SELECTION_Array_Unmarshal((TPMS_PCR_SELECTION *)(target->pcrSelections), buffer, size, (INT32)(target->count)); } return result; } UINT16 TPML_PCR_SELECTION_Marshal(TPML_PCR_SELECTION *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->count), buffer, size)); result = (UINT16)(result + TPMS_PCR_SELECTION_Array_Marshal((TPMS_PCR_SELECTION *)(source->pcrSelections), buffer, size, (INT32)(source->count))); return result; } // Table 2:109 - Definition of TPML_ALG_PROPERTY Structure UINT16 TPML_ALG_PROPERTY_Marshal(TPML_ALG_PROPERTY *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->count), buffer, size)); result = (UINT16)(result + TPMS_ALG_PROPERTY_Array_Marshal((TPMS_ALG_PROPERTY *)(source->algProperties), buffer, size, (INT32)(source->count))); return result; } // Table 2:110 - Definition of TPML_TAGGED_TPM_PROPERTY Structure UINT16 TPML_TAGGED_TPM_PROPERTY_Marshal(TPML_TAGGED_TPM_PROPERTY *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->count), buffer, size)); result = (UINT16)(result + TPMS_TAGGED_PROPERTY_Array_Marshal((TPMS_TAGGED_PROPERTY *)(source->tpmProperty), buffer, size, (INT32)(source->count))); return result; } // Table 2:111 - Definition of TPML_TAGGED_PCR_PROPERTY Structure UINT16 TPML_TAGGED_PCR_PROPERTY_Marshal(TPML_TAGGED_PCR_PROPERTY *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->count), buffer, size)); result = (UINT16)(result + TPMS_TAGGED_PCR_SELECT_Array_Marshal((TPMS_TAGGED_PCR_SELECT *)(source->pcrProperty), buffer, size, (INT32)(source->count))); return result; } // Table 2:112 - Definition of TPML_ECC_CURVE Structure #if ALG_ECC UINT16 TPML_ECC_CURVE_Marshal(TPML_ECC_CURVE *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->count), buffer, size)); result = (UINT16)(result + TPM_ECC_CURVE_Array_Marshal((TPM_ECC_CURVE *)(source->eccCurves), buffer, size, (INT32)(source->count))); return result; } #endif // ALG_ECC // Table 2:113 - Definition of TPML_TAGGED_POLICY Structure UINT16 TPML_TAGGED_POLICY_Marshal(TPML_TAGGED_POLICY *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->count), buffer, size)); result = (UINT16)(result + TPMS_TAGGED_POLICY_Array_Marshal((TPMS_TAGGED_POLICY *)(source->policies), buffer, size, (INT32)(source->count))); return result; } // Table 2:114 - Definition of TPMU_CAPABILITIES Union UINT16 TPMU_CAPABILITIES_Marshal(TPMU_CAPABILITIES *source, BYTE **buffer, INT32 *size, UINT32 selector) { switch(selector) { case TPM_CAP_ALGS: return TPML_ALG_PROPERTY_Marshal((TPML_ALG_PROPERTY *)&(source->algorithms), buffer, size); case TPM_CAP_HANDLES: return TPML_HANDLE_Marshal((TPML_HANDLE *)&(source->handles), buffer, size); case TPM_CAP_COMMANDS: return TPML_CCA_Marshal((TPML_CCA *)&(source->command), buffer, size); case TPM_CAP_PP_COMMANDS: return TPML_CC_Marshal((TPML_CC *)&(source->ppCommands), buffer, size); case TPM_CAP_AUDIT_COMMANDS: return TPML_CC_Marshal((TPML_CC *)&(source->auditCommands), buffer, size); case TPM_CAP_PCRS: return TPML_PCR_SELECTION_Marshal((TPML_PCR_SELECTION *)&(source->assignedPCR), buffer, size); case TPM_CAP_TPM_PROPERTIES: return TPML_TAGGED_TPM_PROPERTY_Marshal((TPML_TAGGED_TPM_PROPERTY *)&(source->tpmProperties), buffer, size); case TPM_CAP_PCR_PROPERTIES: return TPML_TAGGED_PCR_PROPERTY_Marshal((TPML_TAGGED_PCR_PROPERTY *)&(source->pcrProperties), buffer, size); #if ALG_ECC case TPM_CAP_ECC_CURVES: return TPML_ECC_CURVE_Marshal((TPML_ECC_CURVE *)&(source->eccCurves), buffer, size); #endif // ALG_ECC case TPM_CAP_AUTH_POLICIES: return TPML_TAGGED_POLICY_Marshal((TPML_TAGGED_POLICY *)&(source->authPolicies), buffer, size); } return 0; } // Table 2:115 - Definition of TPMS_CAPABILITY_DATA Structure UINT16 TPMS_CAPABILITY_DATA_Marshal(TPMS_CAPABILITY_DATA *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + TPM_CAP_Marshal((TPM_CAP *)&(source->capability), buffer, size)); result = (UINT16)(result + TPMU_CAPABILITIES_Marshal((TPMU_CAPABILITIES *)&(source->data), buffer, size, (UINT32)source->capability)); return result; } // Table 2:116 - Definition of TPMS_CLOCK_INFO Structure TPM_RC TPMS_CLOCK_INFO_Unmarshal(TPMS_CLOCK_INFO *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = UINT64_Unmarshal((UINT64 *)&(target->clock), buffer, size); if(result == TPM_RC_SUCCESS) result = UINT32_Unmarshal((UINT32 *)&(target->resetCount), buffer, size); if(result == TPM_RC_SUCCESS) result = UINT32_Unmarshal((UINT32 *)&(target->restartCount), buffer, size); if(result == TPM_RC_SUCCESS) result = TPMI_YES_NO_Unmarshal((TPMI_YES_NO *)&(target->safe), buffer, size); return result; } UINT16 TPMS_CLOCK_INFO_Marshal(TPMS_CLOCK_INFO *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + UINT64_Marshal((UINT64 *)&(source->clock), buffer, size)); result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->resetCount), buffer, size)); result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->restartCount), buffer, size)); result = (UINT16)(result + TPMI_YES_NO_Marshal((TPMI_YES_NO *)&(source->safe), buffer, size)); return result; } // Table 2:117 - Definition of TPMS_TIME_INFO Structure TPM_RC TPMS_TIME_INFO_Unmarshal(TPMS_TIME_INFO *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = UINT64_Unmarshal((UINT64 *)&(target->time), buffer, size); if(result == TPM_RC_SUCCESS) result = TPMS_CLOCK_INFO_Unmarshal((TPMS_CLOCK_INFO *)&(target->clockInfo), buffer, size); return result; } UINT16 TPMS_TIME_INFO_Marshal(TPMS_TIME_INFO *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + UINT64_Marshal((UINT64 *)&(source->time), buffer, size)); result = (UINT16)(result + TPMS_CLOCK_INFO_Marshal((TPMS_CLOCK_INFO *)&(source->clockInfo), buffer, size)); return result; } // Table 2:118 - Definition of TPMS_TIME_ATTEST_INFO Structure UINT16 TPMS_TIME_ATTEST_INFO_Marshal(TPMS_TIME_ATTEST_INFO *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + TPMS_TIME_INFO_Marshal((TPMS_TIME_INFO *)&(source->time), buffer, size)); result = (UINT16)(result + UINT64_Marshal((UINT64 *)&(source->firmwareVersion), buffer, size)); return result; } // Table 2:119 - Definition of TPMS_CERTIFY_INFO Structure UINT16 TPMS_CERTIFY_INFO_Marshal(TPMS_CERTIFY_INFO *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + TPM2B_NAME_Marshal((TPM2B_NAME *)&(source->name), buffer, size)); result = (UINT16)(result + TPM2B_NAME_Marshal((TPM2B_NAME *)&(source->qualifiedName), buffer, size)); return result; } // Table 2:120 - Definition of TPMS_QUOTE_INFO Structure UINT16 TPMS_QUOTE_INFO_Marshal(TPMS_QUOTE_INFO *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + TPML_PCR_SELECTION_Marshal((TPML_PCR_SELECTION *)&(source->pcrSelect), buffer, size)); result = (UINT16)(result + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->pcrDigest), buffer, size)); return result; } // Table 2:121 - Definition of TPMS_COMMAND_AUDIT_INFO Structure UINT16 TPMS_COMMAND_AUDIT_INFO_Marshal(TPMS_COMMAND_AUDIT_INFO *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + UINT64_Marshal((UINT64 *)&(source->auditCounter), buffer, size)); result = (UINT16)(result + TPM_ALG_ID_Marshal((TPM_ALG_ID *)&(source->digestAlg), buffer, size)); result = (UINT16)(result + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->auditDigest), buffer, size)); result = (UINT16)(result + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->commandDigest), buffer, size)); return result; } // Table 2:122 - Definition of TPMS_SESSION_AUDIT_INFO Structure UINT16 TPMS_SESSION_AUDIT_INFO_Marshal(TPMS_SESSION_AUDIT_INFO *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + TPMI_YES_NO_Marshal((TPMI_YES_NO *)&(source->exclusiveSession), buffer, size)); result = (UINT16)(result + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->sessionDigest), buffer, size)); return result; } // Table 2:123 - Definition of TPMS_CREATION_INFO Structure UINT16 TPMS_CREATION_INFO_Marshal(TPMS_CREATION_INFO *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + TPM2B_NAME_Marshal((TPM2B_NAME *)&(source->objectName), buffer, size)); result = (UINT16)(result + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->creationHash), buffer, size)); return result; } // Table 2:124 - Definition of TPMS_NV_CERTIFY_INFO Structure UINT16 TPMS_NV_CERTIFY_INFO_Marshal(TPMS_NV_CERTIFY_INFO *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + TPM2B_NAME_Marshal((TPM2B_NAME *)&(source->indexName), buffer, size)); result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->offset), buffer, size)); result = (UINT16)(result + TPM2B_MAX_NV_BUFFER_Marshal((TPM2B_MAX_NV_BUFFER *)&(source->nvContents), buffer, size)); return result; } // Table 2:125 - Definition of TPMS_NV_DIGEST_CERTIFY_INFO Structure UINT16 TPMS_NV_DIGEST_CERTIFY_INFO_Marshal(TPMS_NV_DIGEST_CERTIFY_INFO *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + TPM2B_NAME_Marshal((TPM2B_NAME *)&(source->indexName), buffer, size)); result = (UINT16)(result + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->nvDigest), buffer, size)); return result; } // Table 2:126 - Definition of TPMI_ST_ATTEST Type #if !USE_MARSHALING_DEFINES UINT16 TPMI_ST_ATTEST_Marshal(TPMI_ST_ATTEST *source, BYTE **buffer, INT32 *size) { return TPM_ST_Marshal((TPM_ST *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // Table 2:127 - Definition of TPMU_ATTEST Union UINT16 TPMU_ATTEST_Marshal(TPMU_ATTEST *source, BYTE **buffer, INT32 *size, UINT32 selector) { switch(selector) { case TPM_ST_ATTEST_CERTIFY: return TPMS_CERTIFY_INFO_Marshal((TPMS_CERTIFY_INFO *)&(source->certify), buffer, size); case TPM_ST_ATTEST_CREATION: return TPMS_CREATION_INFO_Marshal((TPMS_CREATION_INFO *)&(source->creation), buffer, size); case TPM_ST_ATTEST_QUOTE: return TPMS_QUOTE_INFO_Marshal((TPMS_QUOTE_INFO *)&(source->quote), buffer, size); case TPM_ST_ATTEST_COMMAND_AUDIT: return TPMS_COMMAND_AUDIT_INFO_Marshal((TPMS_COMMAND_AUDIT_INFO *)&(source->commandAudit), buffer, size); case TPM_ST_ATTEST_SESSION_AUDIT: return TPMS_SESSION_AUDIT_INFO_Marshal((TPMS_SESSION_AUDIT_INFO *)&(source->sessionAudit), buffer, size); case TPM_ST_ATTEST_TIME: return TPMS_TIME_ATTEST_INFO_Marshal((TPMS_TIME_ATTEST_INFO *)&(source->time), buffer, size); case TPM_ST_ATTEST_NV: return TPMS_NV_CERTIFY_INFO_Marshal((TPMS_NV_CERTIFY_INFO *)&(source->nv), buffer, size); case TPM_ST_ATTEST_NV_DIGEST: return TPMS_NV_DIGEST_CERTIFY_INFO_Marshal((TPMS_NV_DIGEST_CERTIFY_INFO *)&(source->nvDigest), buffer, size); } return 0; } // Table 2:128 - Definition of TPMS_ATTEST Structure UINT16 TPMS_ATTEST_Marshal(TPMS_ATTEST *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + TPM_GENERATED_Marshal((TPM_GENERATED *)&(source->magic), buffer, size)); result = (UINT16)(result + TPMI_ST_ATTEST_Marshal((TPMI_ST_ATTEST *)&(source->type), buffer, size)); result = (UINT16)(result + TPM2B_NAME_Marshal((TPM2B_NAME *)&(source->qualifiedSigner), buffer, size)); result = (UINT16)(result + TPM2B_DATA_Marshal((TPM2B_DATA *)&(source->extraData), buffer, size)); result = (UINT16)(result + TPMS_CLOCK_INFO_Marshal((TPMS_CLOCK_INFO *)&(source->clockInfo), buffer, size)); result = (UINT16)(result + UINT64_Marshal((UINT64 *)&(source->firmwareVersion), buffer, size)); result = (UINT16)(result + TPMU_ATTEST_Marshal((TPMU_ATTEST *)&(source->attested), buffer, size, (UINT32)source->type)); return result; } // Table 2:129 - Definition of TPM2B_ATTEST Structure UINT16 TPM2B_ATTEST_Marshal(TPM2B_ATTEST *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); // if size equal to 0, the rest of the structure is a zero buffer. Stop processing if(source->t.size == 0) return result; result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.attestationData), buffer, size, (INT32)(source->t.size))); return result; } // Table 2:130 - Definition of TPMS_AUTH_COMMAND Structure TPM_RC TPMS_AUTH_COMMAND_Unmarshal(TPMS_AUTH_COMMAND *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = TPMI_SH_AUTH_SESSION_Unmarshal((TPMI_SH_AUTH_SESSION *)&(target->sessionHandle), buffer, size, 1); if(result == TPM_RC_SUCCESS) result = TPM2B_NONCE_Unmarshal((TPM2B_NONCE *)&(target->nonce), buffer, size); if(result == TPM_RC_SUCCESS) result = TPMA_SESSION_Unmarshal((TPMA_SESSION *)&(target->sessionAttributes), buffer, size); if(result == TPM_RC_SUCCESS) result = TPM2B_AUTH_Unmarshal((TPM2B_AUTH *)&(target->hmac), buffer, size); return result; } // Table 2:131 - Definition of TPMS_AUTH_RESPONSE Structure UINT16 TPMS_AUTH_RESPONSE_Marshal(TPMS_AUTH_RESPONSE *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + TPM2B_NONCE_Marshal((TPM2B_NONCE *)&(source->nonce), buffer, size)); result = (UINT16)(result + TPMA_SESSION_Marshal((TPMA_SESSION *)&(source->sessionAttributes), buffer, size)); result = (UINT16)(result + TPM2B_AUTH_Marshal((TPM2B_AUTH *)&(source->hmac), buffer, size)); return result; } // Table 2:132 - Definition of TPMI_TDES_KEY_BITS Type #if ALG_TDES TPM_RC TPMI_TDES_KEY_BITS_Unmarshal(TPMI_TDES_KEY_BITS *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = TPM_KEY_BITS_Unmarshal((TPM_KEY_BITS *)target, buffer, size); if(result == TPM_RC_SUCCESS) { switch (*target) { #if TDES_128 case 128: #endif // TDES_128 #if TDES_192 case 192: #endif // TDES_192 break; default: result = TPM_RC_VALUE; break; } } return result; } #if !USE_MARSHALING_DEFINES UINT16 TPMI_TDES_KEY_BITS_Marshal(TPMI_TDES_KEY_BITS *source, BYTE **buffer, INT32 *size) { return TPM_KEY_BITS_Marshal((TPM_KEY_BITS *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES #endif // ALG_TDES // Table 2:132 - Definition of TPMI_AES_KEY_BITS Type #if ALG_AES TPM_RC TPMI_AES_KEY_BITS_Unmarshal(TPMI_AES_KEY_BITS *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = TPM_KEY_BITS_Unmarshal((TPM_KEY_BITS *)target, buffer, size); if(result == TPM_RC_SUCCESS) { switch (*target) { #if AES_128 case 128: #endif // AES_128 #if AES_192 case 192: #endif // AES_192 #if AES_256 case 256: #endif // AES_256 break; default: result = TPM_RC_VALUE; break; } } return result; } #if !USE_MARSHALING_DEFINES UINT16 TPMI_AES_KEY_BITS_Marshal(TPMI_AES_KEY_BITS *source, BYTE **buffer, INT32 *size) { return TPM_KEY_BITS_Marshal((TPM_KEY_BITS *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES #endif // ALG_AES // Table 2:132 - Definition of TPMI_SM4_KEY_BITS Type #if ALG_SM4 TPM_RC TPMI_SM4_KEY_BITS_Unmarshal(TPMI_SM4_KEY_BITS *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = TPM_KEY_BITS_Unmarshal((TPM_KEY_BITS *)target, buffer, size); if(result == TPM_RC_SUCCESS) { switch (*target) { #if SM4_128 case 128: #endif // SM4_128 break; default: result = TPM_RC_VALUE; break; } } return result; } #if !USE_MARSHALING_DEFINES UINT16 TPMI_SM4_KEY_BITS_Marshal(TPMI_SM4_KEY_BITS *source, BYTE **buffer, INT32 *size) { return TPM_KEY_BITS_Marshal((TPM_KEY_BITS *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES #endif // ALG_SM4 // Table 2:132 - Definition of TPMI_CAMELLIA_KEY_BITS Type #if ALG_CAMELLIA TPM_RC TPMI_CAMELLIA_KEY_BITS_Unmarshal(TPMI_CAMELLIA_KEY_BITS *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = TPM_KEY_BITS_Unmarshal((TPM_KEY_BITS *)target, buffer, size); if(result == TPM_RC_SUCCESS) { switch (*target) { #if CAMELLIA_128 case 128: #endif // CAMELLIA_128 #if CAMELLIA_192 case 192: #endif // CAMELLIA_192 #if CAMELLIA_256 case 256: #endif // CAMELLIA_256 break; default: result = TPM_RC_VALUE; break; } } return result; } #if !USE_MARSHALING_DEFINES UINT16 TPMI_CAMELLIA_KEY_BITS_Marshal(TPMI_CAMELLIA_KEY_BITS *source, BYTE **buffer, INT32 *size) { return TPM_KEY_BITS_Marshal((TPM_KEY_BITS *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES #endif // ALG_CAMELLIA // Table 2:133 - Definition of TPMU_SYM_KEY_BITS Union TPM_RC TPMU_SYM_KEY_BITS_Unmarshal(TPMU_SYM_KEY_BITS *target, BYTE **buffer, INT32 *size, UINT32 selector) { switch(selector) { #if ALG_TDES case ALG_TDES_VALUE: return TPMI_TDES_KEY_BITS_Unmarshal((TPMI_TDES_KEY_BITS *)&(target->tdes), buffer, size); #endif // ALG_TDES #if ALG_AES case ALG_AES_VALUE: return TPMI_AES_KEY_BITS_Unmarshal((TPMI_AES_KEY_BITS *)&(target->aes), buffer, size); #endif // ALG_AES #if ALG_SM4 case ALG_SM4_VALUE: return TPMI_SM4_KEY_BITS_Unmarshal((TPMI_SM4_KEY_BITS *)&(target->sm4), buffer, size); #endif // ALG_SM4 #if ALG_CAMELLIA case ALG_CAMELLIA_VALUE: return TPMI_CAMELLIA_KEY_BITS_Unmarshal((TPMI_CAMELLIA_KEY_BITS *)&(target->camellia), buffer, size); #endif // ALG_CAMELLIA #if ALG_XOR case ALG_XOR_VALUE: return TPMI_ALG_HASH_Unmarshal((TPMI_ALG_HASH *)&(target->xor), buffer, size, 0); #endif // ALG_XOR case ALG_NULL_VALUE: return TPM_RC_SUCCESS; } return TPM_RC_SELECTOR; } UINT16 TPMU_SYM_KEY_BITS_Marshal(TPMU_SYM_KEY_BITS *source, BYTE **buffer, INT32 *size, UINT32 selector) { switch(selector) { #if ALG_TDES case ALG_TDES_VALUE: return TPMI_TDES_KEY_BITS_Marshal((TPMI_TDES_KEY_BITS *)&(source->tdes), buffer, size); #endif // ALG_TDES #if ALG_AES case ALG_AES_VALUE: return TPMI_AES_KEY_BITS_Marshal((TPMI_AES_KEY_BITS *)&(source->aes), buffer, size); #endif // ALG_AES #if ALG_SM4 case ALG_SM4_VALUE: return TPMI_SM4_KEY_BITS_Marshal((TPMI_SM4_KEY_BITS *)&(source->sm4), buffer, size); #endif // ALG_SM4 #if ALG_CAMELLIA case ALG_CAMELLIA_VALUE: return TPMI_CAMELLIA_KEY_BITS_Marshal((TPMI_CAMELLIA_KEY_BITS *)&(source->camellia), buffer, size); #endif // ALG_CAMELLIA #if ALG_XOR case ALG_XOR_VALUE: return TPMI_ALG_HASH_Marshal((TPMI_ALG_HASH *)&(source->xor), buffer, size); #endif // ALG_XOR case ALG_NULL_VALUE: return 0; } return 0; } // Table 2:134 - Definition of TPMU_SYM_MODE Union TPM_RC TPMU_SYM_MODE_Unmarshal(TPMU_SYM_MODE *target, BYTE **buffer, INT32 *size, UINT32 selector) { switch(selector) { #if ALG_TDES case ALG_TDES_VALUE: return TPMI_ALG_SYM_MODE_Unmarshal((TPMI_ALG_SYM_MODE *)&(target->tdes), buffer, size, 1); #endif // ALG_TDES #if ALG_AES case ALG_AES_VALUE: return TPMI_ALG_SYM_MODE_Unmarshal((TPMI_ALG_SYM_MODE *)&(target->aes), buffer, size, 1); #endif // ALG_AES #if ALG_SM4 case ALG_SM4_VALUE: return TPMI_ALG_SYM_MODE_Unmarshal((TPMI_ALG_SYM_MODE *)&(target->sm4), buffer, size, 1); #endif // ALG_SM4 #if ALG_CAMELLIA case ALG_CAMELLIA_VALUE: return TPMI_ALG_SYM_MODE_Unmarshal((TPMI_ALG_SYM_MODE *)&(target->camellia), buffer, size, 1); #endif // ALG_CAMELLIA #if ALG_XOR case ALG_XOR_VALUE: return TPM_RC_SUCCESS; #endif // ALG_XOR case ALG_NULL_VALUE: return TPM_RC_SUCCESS; } return TPM_RC_SELECTOR; } UINT16 TPMU_SYM_MODE_Marshal(TPMU_SYM_MODE *source, BYTE **buffer, INT32 *size, UINT32 selector) { switch(selector) { #if ALG_TDES case ALG_TDES_VALUE: return TPMI_ALG_SYM_MODE_Marshal((TPMI_ALG_SYM_MODE *)&(source->tdes), buffer, size); #endif // ALG_TDES #if ALG_AES case ALG_AES_VALUE: return TPMI_ALG_SYM_MODE_Marshal((TPMI_ALG_SYM_MODE *)&(source->aes), buffer, size); #endif // ALG_AES #if ALG_SM4 case ALG_SM4_VALUE: return TPMI_ALG_SYM_MODE_Marshal((TPMI_ALG_SYM_MODE *)&(source->sm4), buffer, size); #endif // ALG_SM4 #if ALG_CAMELLIA case ALG_CAMELLIA_VALUE: return TPMI_ALG_SYM_MODE_Marshal((TPMI_ALG_SYM_MODE *)&(source->camellia), buffer, size); #endif // ALG_CAMELLIA #if ALG_XOR case ALG_XOR_VALUE: return 0; #endif // ALG_XOR case ALG_NULL_VALUE: return 0; } return 0; } // Table 2:136 - Definition of TPMT_SYM_DEF Structure TPM_RC TPMT_SYM_DEF_Unmarshal(TPMT_SYM_DEF *target, BYTE **buffer, INT32 *size, BOOL flag) { TPM_RC result; result = TPMI_ALG_SYM_Unmarshal((TPMI_ALG_SYM *)&(target->algorithm), buffer, size, flag); if(result == TPM_RC_SUCCESS) result = TPMU_SYM_KEY_BITS_Unmarshal((TPMU_SYM_KEY_BITS *)&(target->keyBits), buffer, size, (UINT32)target->algorithm); if(result == TPM_RC_SUCCESS) result = TPMU_SYM_MODE_Unmarshal((TPMU_SYM_MODE *)&(target->mode), buffer, size, (UINT32)target->algorithm); return result; } UINT16 TPMT_SYM_DEF_Marshal(TPMT_SYM_DEF *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + TPMI_ALG_SYM_Marshal((TPMI_ALG_SYM *)&(source->algorithm), buffer, size)); result = (UINT16)(result + TPMU_SYM_KEY_BITS_Marshal((TPMU_SYM_KEY_BITS *)&(source->keyBits), buffer, size, (UINT32)source->algorithm)); result = (UINT16)(result + TPMU_SYM_MODE_Marshal((TPMU_SYM_MODE *)&(source->mode), buffer, size, (UINT32)source->algorithm)); return result; } // Table 2:137 - Definition of TPMT_SYM_DEF_OBJECT Structure TPM_RC TPMT_SYM_DEF_OBJECT_Unmarshal(TPMT_SYM_DEF_OBJECT *target, BYTE **buffer, INT32 *size, BOOL flag) { TPM_RC result; result = TPMI_ALG_SYM_OBJECT_Unmarshal((TPMI_ALG_SYM_OBJECT *)&(target->algorithm), buffer, size, flag); if(result == TPM_RC_SUCCESS) result = TPMU_SYM_KEY_BITS_Unmarshal((TPMU_SYM_KEY_BITS *)&(target->keyBits), buffer, size, (UINT32)target->algorithm); if(result == TPM_RC_SUCCESS) result = TPMU_SYM_MODE_Unmarshal((TPMU_SYM_MODE *)&(target->mode), buffer, size, (UINT32)target->algorithm); return result; } UINT16 TPMT_SYM_DEF_OBJECT_Marshal(TPMT_SYM_DEF_OBJECT *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + TPMI_ALG_SYM_OBJECT_Marshal((TPMI_ALG_SYM_OBJECT *)&(source->algorithm), buffer, size)); result = (UINT16)(result + TPMU_SYM_KEY_BITS_Marshal((TPMU_SYM_KEY_BITS *)&(source->keyBits), buffer, size, (UINT32)source->algorithm)); result = (UINT16)(result + TPMU_SYM_MODE_Marshal((TPMU_SYM_MODE *)&(source->mode), buffer, size, (UINT32)source->algorithm)); return result; } // Table 2:138 - Definition of TPM2B_SYM_KEY Structure TPM_RC TPM2B_SYM_KEY_Unmarshal(TPM2B_SYM_KEY *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); if(result == TPM_RC_SUCCESS) { if((target->t.size) > MAX_SYM_KEY_BYTES) result = TPM_RC_SIZE; else result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); } return result; } UINT16 TPM2B_SYM_KEY_Marshal(TPM2B_SYM_KEY *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); // if size equal to 0, the rest of the structure is a zero buffer. Stop processing if(source->t.size == 0) return result; result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); return result; } // Table 2:139 - Definition of TPMS_SYMCIPHER_PARMS Structure TPM_RC TPMS_SYMCIPHER_PARMS_Unmarshal(TPMS_SYMCIPHER_PARMS *target, BYTE **buffer, INT32 *size) { return TPMT_SYM_DEF_OBJECT_Unmarshal((TPMT_SYM_DEF_OBJECT *)&(target->sym), buffer, size, 0); } UINT16 TPMS_SYMCIPHER_PARMS_Marshal(TPMS_SYMCIPHER_PARMS *source, BYTE **buffer, INT32 *size) { return TPMT_SYM_DEF_OBJECT_Marshal((TPMT_SYM_DEF_OBJECT *)&(source->sym), buffer, size); } // Table 2:140 - Definition of TPM2B_LABEL Structure TPM_RC TPM2B_LABEL_Unmarshal(TPM2B_LABEL *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); if(result == TPM_RC_SUCCESS) { if((target->t.size) > LABEL_MAX_BUFFER) result = TPM_RC_SIZE; else result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); } return result; } UINT16 TPM2B_LABEL_Marshal(TPM2B_LABEL *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); // if size equal to 0, the rest of the structure is a zero buffer. Stop processing if(source->t.size == 0) return result; result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); return result; } // Table 2:141 - Definition of TPMS_DERIVE Structure TPM_RC TPMS_DERIVE_Unmarshal(TPMS_DERIVE *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = TPM2B_LABEL_Unmarshal((TPM2B_LABEL *)&(target->label), buffer, size); if(result == TPM_RC_SUCCESS) result = TPM2B_LABEL_Unmarshal((TPM2B_LABEL *)&(target->context), buffer, size); return result; } UINT16 TPMS_DERIVE_Marshal(TPMS_DERIVE *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + TPM2B_LABEL_Marshal((TPM2B_LABEL *)&(source->label), buffer, size)); result = (UINT16)(result + TPM2B_LABEL_Marshal((TPM2B_LABEL *)&(source->context), buffer, size)); return result; } // Table 2:142 - Definition of TPM2B_DERIVE Structure TPM_RC TPM2B_DERIVE_Unmarshal(TPM2B_DERIVE *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); if(result == TPM_RC_SUCCESS) { if((target->t.size) > sizeof(TPMS_DERIVE)) result = TPM_RC_SIZE; else result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); } return result; } UINT16 TPM2B_DERIVE_Marshal(TPM2B_DERIVE *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); // if size equal to 0, the rest of the structure is a zero buffer. Stop processing if(source->t.size == 0) return result; result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); return result; } // Table 2:143 - Definition of TPMU_SENSITIVE_CREATE Union // Table 2:144 - Definition of TPM2B_SENSITIVE_DATA Structure TPM_RC TPM2B_SENSITIVE_DATA_Unmarshal(TPM2B_SENSITIVE_DATA *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); if(result == TPM_RC_SUCCESS) { if((target->t.size) > sizeof(TPMU_SENSITIVE_CREATE)) result = TPM_RC_SIZE; else result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); } return result; } UINT16 TPM2B_SENSITIVE_DATA_Marshal(TPM2B_SENSITIVE_DATA *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); // if size equal to 0, the rest of the structure is a zero buffer. Stop processing if(source->t.size == 0) return result; result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); return result; } // Table 2:145 - Definition of TPMS_SENSITIVE_CREATE Structure TPM_RC TPMS_SENSITIVE_CREATE_Unmarshal(TPMS_SENSITIVE_CREATE *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = TPM2B_AUTH_Unmarshal((TPM2B_AUTH *)&(target->userAuth), buffer, size); if(result == TPM_RC_SUCCESS) result = TPM2B_SENSITIVE_DATA_Unmarshal((TPM2B_SENSITIVE_DATA *)&(target->data), buffer, size); return result; } // Table 2:146 - Definition of TPM2B_SENSITIVE_CREATE Structure TPM_RC TPM2B_SENSITIVE_CREATE_Unmarshal(TPM2B_SENSITIVE_CREATE *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = UINT16_Unmarshal((UINT16 *)&(target->size), buffer, size); // =a if(result == TPM_RC_SUCCESS) { // if size is zero, then the required structure is missing if(target->size == 0) result = TPM_RC_SIZE; else { INT32 startSize = *size; result = TPMS_SENSITIVE_CREATE_Unmarshal((TPMS_SENSITIVE_CREATE *)&(target->sensitive), buffer, size); // =b if(result == TPM_RC_SUCCESS) { if(target->size != (startSize - *size)) result = TPM_RC_SIZE; } } } return result; } // Table 2:147 - Definition of TPMS_SCHEME_HASH Structure TPM_RC TPMS_SCHEME_HASH_Unmarshal(TPMS_SCHEME_HASH *target, BYTE **buffer, INT32 *size) { return TPMI_ALG_HASH_Unmarshal((TPMI_ALG_HASH *)&(target->hashAlg), buffer, size, 0); } UINT16 TPMS_SCHEME_HASH_Marshal(TPMS_SCHEME_HASH *source, BYTE **buffer, INT32 *size) { return TPMI_ALG_HASH_Marshal((TPMI_ALG_HASH *)&(source->hashAlg), buffer, size); } // Table 2:148 - Definition of TPMS_SCHEME_ECDAA Structure #if ALG_ECC TPM_RC TPMS_SCHEME_ECDAA_Unmarshal(TPMS_SCHEME_ECDAA *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = TPMI_ALG_HASH_Unmarshal((TPMI_ALG_HASH *)&(target->hashAlg), buffer, size, 0); if(result == TPM_RC_SUCCESS) result = UINT16_Unmarshal((UINT16 *)&(target->count), buffer, size); return result; } UINT16 TPMS_SCHEME_ECDAA_Marshal(TPMS_SCHEME_ECDAA *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + TPMI_ALG_HASH_Marshal((TPMI_ALG_HASH *)&(source->hashAlg), buffer, size)); result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->count), buffer, size)); return result; } #endif // ALG_ECC // Table 2:149 - Definition of TPMI_ALG_KEYEDHASH_SCHEME Type TPM_RC TPMI_ALG_KEYEDHASH_SCHEME_Unmarshal(TPMI_ALG_KEYEDHASH_SCHEME *target, BYTE **buffer, INT32 *size, BOOL flag) { TPM_RC result; result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); if(result == TPM_RC_SUCCESS) { switch (*target) { #if ALG_HMAC case ALG_HMAC_VALUE: #endif // ALG_HMAC #if ALG_XOR case ALG_XOR_VALUE: #endif // ALG_XOR break; case ALG_NULL_VALUE: if(!flag) result = TPM_RC_VALUE; break; default: result = TPM_RC_VALUE; break; } } return result; } #if !USE_MARSHALING_DEFINES UINT16 TPMI_ALG_KEYEDHASH_SCHEME_Marshal(TPMI_ALG_KEYEDHASH_SCHEME *source, BYTE **buffer, INT32 *size) { return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // Table 2:150 - Definition of Types for HMAC_SIG_SCHEME #if !USE_MARSHALING_DEFINES TPM_RC TPMS_SCHEME_HMAC_Unmarshal(TPMS_SCHEME_HMAC *target, BYTE **buffer, INT32 *size) { return TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)target, buffer, size); } UINT16 TPMS_SCHEME_HMAC_Marshal(TPMS_SCHEME_HMAC *source, BYTE **buffer, INT32 *size) { return TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // Table 2:151 - Definition of TPMS_SCHEME_XOR Structure TPM_RC TPMS_SCHEME_XOR_Unmarshal(TPMS_SCHEME_XOR *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = TPMI_ALG_HASH_Unmarshal((TPMI_ALG_HASH *)&(target->hashAlg), buffer, size, 0); if(result == TPM_RC_SUCCESS) result = TPMI_ALG_KDF_Unmarshal((TPMI_ALG_KDF *)&(target->kdf), buffer, size, 1); return result; } UINT16 TPMS_SCHEME_XOR_Marshal(TPMS_SCHEME_XOR *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + TPMI_ALG_HASH_Marshal((TPMI_ALG_HASH *)&(source->hashAlg), buffer, size)); result = (UINT16)(result + TPMI_ALG_KDF_Marshal((TPMI_ALG_KDF *)&(source->kdf), buffer, size)); return result; } // Table 2:152 - Definition of TPMU_SCHEME_KEYEDHASH Union TPM_RC TPMU_SCHEME_KEYEDHASH_Unmarshal(TPMU_SCHEME_KEYEDHASH *target, BYTE **buffer, INT32 *size, UINT32 selector) { switch(selector) { #if ALG_HMAC case ALG_HMAC_VALUE: return TPMS_SCHEME_HMAC_Unmarshal((TPMS_SCHEME_HMAC *)&(target->hmac), buffer, size); #endif // ALG_HMAC #if ALG_XOR case ALG_XOR_VALUE: return TPMS_SCHEME_XOR_Unmarshal((TPMS_SCHEME_XOR *)&(target->xor), buffer, size); #endif // ALG_XOR case ALG_NULL_VALUE: return TPM_RC_SUCCESS; } return TPM_RC_SELECTOR; } UINT16 TPMU_SCHEME_KEYEDHASH_Marshal(TPMU_SCHEME_KEYEDHASH *source, BYTE **buffer, INT32 *size, UINT32 selector) { switch(selector) { #if ALG_HMAC case ALG_HMAC_VALUE: return TPMS_SCHEME_HMAC_Marshal((TPMS_SCHEME_HMAC *)&(source->hmac), buffer, size); #endif // ALG_HMAC #if ALG_XOR case ALG_XOR_VALUE: return TPMS_SCHEME_XOR_Marshal((TPMS_SCHEME_XOR *)&(source->xor), buffer, size); #endif // ALG_XOR case ALG_NULL_VALUE: return 0; } return 0; } // Table 2:153 - Definition of TPMT_KEYEDHASH_SCHEME Structure TPM_RC TPMT_KEYEDHASH_SCHEME_Unmarshal(TPMT_KEYEDHASH_SCHEME *target, BYTE **buffer, INT32 *size, BOOL flag) { TPM_RC result; result = TPMI_ALG_KEYEDHASH_SCHEME_Unmarshal((TPMI_ALG_KEYEDHASH_SCHEME *)&(target->scheme), buffer, size, flag); if(result == TPM_RC_SUCCESS) result = TPMU_SCHEME_KEYEDHASH_Unmarshal((TPMU_SCHEME_KEYEDHASH *)&(target->details), buffer, size, (UINT32)target->scheme); return result; } UINT16 TPMT_KEYEDHASH_SCHEME_Marshal(TPMT_KEYEDHASH_SCHEME *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + TPMI_ALG_KEYEDHASH_SCHEME_Marshal((TPMI_ALG_KEYEDHASH_SCHEME *)&(source->scheme), buffer, size)); result = (UINT16)(result + TPMU_SCHEME_KEYEDHASH_Marshal((TPMU_SCHEME_KEYEDHASH *)&(source->details), buffer, size, (UINT32)source->scheme)); return result; } // Table 2:154 - Definition of Types for RSA Signature Schemes #if ALG_RSA #if !USE_MARSHALING_DEFINES TPM_RC TPMS_SIG_SCHEME_RSASSA_Unmarshal(TPMS_SIG_SCHEME_RSASSA *target, BYTE **buffer, INT32 *size) { return TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)target, buffer, size); } UINT16 TPMS_SIG_SCHEME_RSASSA_Marshal(TPMS_SIG_SCHEME_RSASSA *source, BYTE **buffer, INT32 *size) { return TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)source, buffer, size); } TPM_RC TPMS_SIG_SCHEME_RSAPSS_Unmarshal(TPMS_SIG_SCHEME_RSAPSS *target, BYTE **buffer, INT32 *size) { return TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)target, buffer, size); } UINT16 TPMS_SIG_SCHEME_RSAPSS_Marshal(TPMS_SIG_SCHEME_RSAPSS *source, BYTE **buffer, INT32 *size) { return TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES #endif // ALG_RSA // Table 2:155 - Definition of Types for ECC Signature Schemes #if ALG_ECC #if !USE_MARSHALING_DEFINES TPM_RC TPMS_SIG_SCHEME_ECDSA_Unmarshal(TPMS_SIG_SCHEME_ECDSA *target, BYTE **buffer, INT32 *size) { return TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)target, buffer, size); } UINT16 TPMS_SIG_SCHEME_ECDSA_Marshal(TPMS_SIG_SCHEME_ECDSA *source, BYTE **buffer, INT32 *size) { return TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)source, buffer, size); } TPM_RC TPMS_SIG_SCHEME_SM2_Unmarshal(TPMS_SIG_SCHEME_SM2 *target, BYTE **buffer, INT32 *size) { return TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)target, buffer, size); } UINT16 TPMS_SIG_SCHEME_SM2_Marshal(TPMS_SIG_SCHEME_SM2 *source, BYTE **buffer, INT32 *size) { return TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)source, buffer, size); } TPM_RC TPMS_SIG_SCHEME_ECSCHNORR_Unmarshal(TPMS_SIG_SCHEME_ECSCHNORR *target, BYTE **buffer, INT32 *size) { return TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)target, buffer, size); } UINT16 TPMS_SIG_SCHEME_ECSCHNORR_Marshal(TPMS_SIG_SCHEME_ECSCHNORR *source, BYTE **buffer, INT32 *size) { return TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)source, buffer, size); } TPM_RC TPMS_SIG_SCHEME_ECDAA_Unmarshal(TPMS_SIG_SCHEME_ECDAA *target, BYTE **buffer, INT32 *size) { return TPMS_SCHEME_ECDAA_Unmarshal((TPMS_SCHEME_ECDAA *)target, buffer, size); } UINT16 TPMS_SIG_SCHEME_ECDAA_Marshal(TPMS_SIG_SCHEME_ECDAA *source, BYTE **buffer, INT32 *size) { return TPMS_SCHEME_ECDAA_Marshal((TPMS_SCHEME_ECDAA *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES #endif // ALG_ECC // Table 2:156 - Definition of TPMU_SIG_SCHEME Union TPM_RC TPMU_SIG_SCHEME_Unmarshal(TPMU_SIG_SCHEME *target, BYTE **buffer, INT32 *size, UINT32 selector) { switch(selector) { #if ALG_ECDAA case ALG_ECDAA_VALUE: return TPMS_SIG_SCHEME_ECDAA_Unmarshal((TPMS_SIG_SCHEME_ECDAA *)&(target->ecdaa), buffer, size); #endif // ALG_ECDAA #if ALG_RSASSA case ALG_RSASSA_VALUE: return TPMS_SIG_SCHEME_RSASSA_Unmarshal((TPMS_SIG_SCHEME_RSASSA *)&(target->rsassa), buffer, size); #endif // ALG_RSASSA #if ALG_RSAPSS case ALG_RSAPSS_VALUE: return TPMS_SIG_SCHEME_RSAPSS_Unmarshal((TPMS_SIG_SCHEME_RSAPSS *)&(target->rsapss), buffer, size); #endif // ALG_RSAPSS #if ALG_ECDSA case ALG_ECDSA_VALUE: return TPMS_SIG_SCHEME_ECDSA_Unmarshal((TPMS_SIG_SCHEME_ECDSA *)&(target->ecdsa), buffer, size); #endif // ALG_ECDSA #if ALG_SM2 case ALG_SM2_VALUE: return TPMS_SIG_SCHEME_SM2_Unmarshal((TPMS_SIG_SCHEME_SM2 *)&(target->sm2), buffer, size); #endif // ALG_SM2 #if ALG_ECSCHNORR case ALG_ECSCHNORR_VALUE: return TPMS_SIG_SCHEME_ECSCHNORR_Unmarshal((TPMS_SIG_SCHEME_ECSCHNORR *)&(target->ecschnorr), buffer, size); #endif // ALG_ECSCHNORR #if ALG_HMAC case ALG_HMAC_VALUE: return TPMS_SCHEME_HMAC_Unmarshal((TPMS_SCHEME_HMAC *)&(target->hmac), buffer, size); #endif // ALG_HMAC case ALG_NULL_VALUE: return TPM_RC_SUCCESS; } return TPM_RC_SELECTOR; } UINT16 TPMU_SIG_SCHEME_Marshal(TPMU_SIG_SCHEME *source, BYTE **buffer, INT32 *size, UINT32 selector) { switch(selector) { #if ALG_ECDAA case ALG_ECDAA_VALUE: return TPMS_SIG_SCHEME_ECDAA_Marshal((TPMS_SIG_SCHEME_ECDAA *)&(source->ecdaa), buffer, size); #endif // ALG_ECDAA #if ALG_RSASSA case ALG_RSASSA_VALUE: return TPMS_SIG_SCHEME_RSASSA_Marshal((TPMS_SIG_SCHEME_RSASSA *)&(source->rsassa), buffer, size); #endif // ALG_RSASSA #if ALG_RSAPSS case ALG_RSAPSS_VALUE: return TPMS_SIG_SCHEME_RSAPSS_Marshal((TPMS_SIG_SCHEME_RSAPSS *)&(source->rsapss), buffer, size); #endif // ALG_RSAPSS #if ALG_ECDSA case ALG_ECDSA_VALUE: return TPMS_SIG_SCHEME_ECDSA_Marshal((TPMS_SIG_SCHEME_ECDSA *)&(source->ecdsa), buffer, size); #endif // ALG_ECDSA #if ALG_SM2 case ALG_SM2_VALUE: return TPMS_SIG_SCHEME_SM2_Marshal((TPMS_SIG_SCHEME_SM2 *)&(source->sm2), buffer, size); #endif // ALG_SM2 #if ALG_ECSCHNORR case ALG_ECSCHNORR_VALUE: return TPMS_SIG_SCHEME_ECSCHNORR_Marshal((TPMS_SIG_SCHEME_ECSCHNORR *)&(source->ecschnorr), buffer, size); #endif // ALG_ECSCHNORR #if ALG_HMAC case ALG_HMAC_VALUE: return TPMS_SCHEME_HMAC_Marshal((TPMS_SCHEME_HMAC *)&(source->hmac), buffer, size); #endif // ALG_HMAC case ALG_NULL_VALUE: return 0; } return 0; } // Table 2:157 - Definition of TPMT_SIG_SCHEME Structure TPM_RC TPMT_SIG_SCHEME_Unmarshal(TPMT_SIG_SCHEME *target, BYTE **buffer, INT32 *size, BOOL flag) { TPM_RC result; result = TPMI_ALG_SIG_SCHEME_Unmarshal((TPMI_ALG_SIG_SCHEME *)&(target->scheme), buffer, size, flag); if(result == TPM_RC_SUCCESS) result = TPMU_SIG_SCHEME_Unmarshal((TPMU_SIG_SCHEME *)&(target->details), buffer, size, (UINT32)target->scheme); return result; } UINT16 TPMT_SIG_SCHEME_Marshal(TPMT_SIG_SCHEME *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + TPMI_ALG_SIG_SCHEME_Marshal((TPMI_ALG_SIG_SCHEME *)&(source->scheme), buffer, size)); result = (UINT16)(result + TPMU_SIG_SCHEME_Marshal((TPMU_SIG_SCHEME *)&(source->details), buffer, size, (UINT32)source->scheme)); return result; } // Table 2:158 - Definition of Types for Encryption Schemes #if ALG_RSA #if !USE_MARSHALING_DEFINES TPM_RC TPMS_ENC_SCHEME_OAEP_Unmarshal(TPMS_ENC_SCHEME_OAEP *target, BYTE **buffer, INT32 *size) { return TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)target, buffer, size); } UINT16 TPMS_ENC_SCHEME_OAEP_Marshal(TPMS_ENC_SCHEME_OAEP *source, BYTE **buffer, INT32 *size) { return TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)source, buffer, size); } TPM_RC TPMS_ENC_SCHEME_RSAES_Unmarshal(TPMS_ENC_SCHEME_RSAES *target, BYTE **buffer, INT32 *size) { return TPMS_EMPTY_Unmarshal((TPMS_EMPTY *)target, buffer, size); } UINT16 TPMS_ENC_SCHEME_RSAES_Marshal(TPMS_ENC_SCHEME_RSAES *source, BYTE **buffer, INT32 *size) { return TPMS_EMPTY_Marshal((TPMS_EMPTY *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES #endif // ALG_RSA // Table 2:159 - Definition of Types for ECC Key Exchange #if ALG_ECC #if !USE_MARSHALING_DEFINES TPM_RC TPMS_KEY_SCHEME_ECDH_Unmarshal(TPMS_KEY_SCHEME_ECDH *target, BYTE **buffer, INT32 *size) { return TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)target, buffer, size); } UINT16 TPMS_KEY_SCHEME_ECDH_Marshal(TPMS_KEY_SCHEME_ECDH *source, BYTE **buffer, INT32 *size) { return TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)source, buffer, size); } TPM_RC TPMS_KEY_SCHEME_ECMQV_Unmarshal(TPMS_KEY_SCHEME_ECMQV *target, BYTE **buffer, INT32 *size) { return TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)target, buffer, size); } UINT16 TPMS_KEY_SCHEME_ECMQV_Marshal(TPMS_KEY_SCHEME_ECMQV *source, BYTE **buffer, INT32 *size) { return TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES #endif // ALG_ECC // Table 2:160 - Definition of Types for KDF Schemes #if !USE_MARSHALING_DEFINES TPM_RC TPMS_SCHEME_MGF1_Unmarshal(TPMS_SCHEME_MGF1 *target, BYTE **buffer, INT32 *size) { return TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)target, buffer, size); } UINT16 TPMS_SCHEME_MGF1_Marshal(TPMS_SCHEME_MGF1 *source, BYTE **buffer, INT32 *size) { return TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)source, buffer, size); } TPM_RC TPMS_SCHEME_KDF1_SP800_56A_Unmarshal(TPMS_SCHEME_KDF1_SP800_56A *target, BYTE **buffer, INT32 *size) { return TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)target, buffer, size); } UINT16 TPMS_SCHEME_KDF1_SP800_56A_Marshal(TPMS_SCHEME_KDF1_SP800_56A *source, BYTE **buffer, INT32 *size) { return TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)source, buffer, size); } TPM_RC TPMS_SCHEME_KDF2_Unmarshal(TPMS_SCHEME_KDF2 *target, BYTE **buffer, INT32 *size) { return TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)target, buffer, size); } UINT16 TPMS_SCHEME_KDF2_Marshal(TPMS_SCHEME_KDF2 *source, BYTE **buffer, INT32 *size) { return TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)source, buffer, size); } TPM_RC TPMS_SCHEME_KDF1_SP800_108_Unmarshal(TPMS_SCHEME_KDF1_SP800_108 *target, BYTE **buffer, INT32 *size) { return TPMS_SCHEME_HASH_Unmarshal((TPMS_SCHEME_HASH *)target, buffer, size); } UINT16 TPMS_SCHEME_KDF1_SP800_108_Marshal(TPMS_SCHEME_KDF1_SP800_108 *source, BYTE **buffer, INT32 *size) { return TPMS_SCHEME_HASH_Marshal((TPMS_SCHEME_HASH *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // Table 2:161 - Definition of TPMU_KDF_SCHEME Union TPM_RC TPMU_KDF_SCHEME_Unmarshal(TPMU_KDF_SCHEME *target, BYTE **buffer, INT32 *size, UINT32 selector) { switch(selector) { #if ALG_MGF1 case ALG_MGF1_VALUE: return TPMS_SCHEME_MGF1_Unmarshal((TPMS_SCHEME_MGF1 *)&(target->mgf1), buffer, size); #endif // ALG_MGF1 #if ALG_KDF1_SP800_56A case ALG_KDF1_SP800_56A_VALUE: return TPMS_SCHEME_KDF1_SP800_56A_Unmarshal((TPMS_SCHEME_KDF1_SP800_56A *)&(target->kdf1_sp800_56a), buffer, size); #endif // ALG_KDF1_SP800_56A #if ALG_KDF2 case ALG_KDF2_VALUE: return TPMS_SCHEME_KDF2_Unmarshal((TPMS_SCHEME_KDF2 *)&(target->kdf2), buffer, size); #endif // ALG_KDF2 #if ALG_KDF1_SP800_108 case ALG_KDF1_SP800_108_VALUE: return TPMS_SCHEME_KDF1_SP800_108_Unmarshal((TPMS_SCHEME_KDF1_SP800_108 *)&(target->kdf1_sp800_108), buffer, size); #endif // ALG_KDF1_SP800_108 case ALG_NULL_VALUE: return TPM_RC_SUCCESS; } return TPM_RC_SELECTOR; } UINT16 TPMU_KDF_SCHEME_Marshal(TPMU_KDF_SCHEME *source, BYTE **buffer, INT32 *size, UINT32 selector) { switch(selector) { #if ALG_MGF1 case ALG_MGF1_VALUE: return TPMS_SCHEME_MGF1_Marshal((TPMS_SCHEME_MGF1 *)&(source->mgf1), buffer, size); #endif // ALG_MGF1 #if ALG_KDF1_SP800_56A case ALG_KDF1_SP800_56A_VALUE: return TPMS_SCHEME_KDF1_SP800_56A_Marshal((TPMS_SCHEME_KDF1_SP800_56A *)&(source->kdf1_sp800_56a), buffer, size); #endif // ALG_KDF1_SP800_56A #if ALG_KDF2 case ALG_KDF2_VALUE: return TPMS_SCHEME_KDF2_Marshal((TPMS_SCHEME_KDF2 *)&(source->kdf2), buffer, size); #endif // ALG_KDF2 #if ALG_KDF1_SP800_108 case ALG_KDF1_SP800_108_VALUE: return TPMS_SCHEME_KDF1_SP800_108_Marshal((TPMS_SCHEME_KDF1_SP800_108 *)&(source->kdf1_sp800_108), buffer, size); #endif // ALG_KDF1_SP800_108 case ALG_NULL_VALUE: return 0; } return 0; } // Table 2:162 - Definition of TPMT_KDF_SCHEME Structure TPM_RC TPMT_KDF_SCHEME_Unmarshal(TPMT_KDF_SCHEME *target, BYTE **buffer, INT32 *size, BOOL flag) { TPM_RC result; result = TPMI_ALG_KDF_Unmarshal((TPMI_ALG_KDF *)&(target->scheme), buffer, size, flag); if(result == TPM_RC_SUCCESS) result = TPMU_KDF_SCHEME_Unmarshal((TPMU_KDF_SCHEME *)&(target->details), buffer, size, (UINT32)target->scheme); return result; } UINT16 TPMT_KDF_SCHEME_Marshal(TPMT_KDF_SCHEME *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + TPMI_ALG_KDF_Marshal((TPMI_ALG_KDF *)&(source->scheme), buffer, size)); result = (UINT16)(result + TPMU_KDF_SCHEME_Marshal((TPMU_KDF_SCHEME *)&(source->details), buffer, size, (UINT32)source->scheme)); return result; } // Table 2:163 - Definition of TPMI_ALG_ASYM_SCHEME Type TPM_RC TPMI_ALG_ASYM_SCHEME_Unmarshal(TPMI_ALG_ASYM_SCHEME *target, BYTE **buffer, INT32 *size, BOOL flag) { TPM_RC result; result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); if(result == TPM_RC_SUCCESS) { switch (*target) { #if ALG_ECDH case ALG_ECDH_VALUE: #endif // ALG_ECDH #if ALG_ECMQV case ALG_ECMQV_VALUE: #endif // ALG_ECMQV #if ALG_ECDAA case ALG_ECDAA_VALUE: #endif // ALG_ECDAA #if ALG_RSASSA case ALG_RSASSA_VALUE: #endif // ALG_RSASSA #if ALG_RSAPSS case ALG_RSAPSS_VALUE: #endif // ALG_RSAPSS #if ALG_ECDSA case ALG_ECDSA_VALUE: #endif // ALG_ECDSA #if ALG_SM2 case ALG_SM2_VALUE: #endif // ALG_SM2 #if ALG_ECSCHNORR case ALG_ECSCHNORR_VALUE: #endif // ALG_ECSCHNORR #if ALG_RSAES case ALG_RSAES_VALUE: #endif // ALG_RSAES #if ALG_OAEP case ALG_OAEP_VALUE: #endif // ALG_OAEP break; case ALG_NULL_VALUE: if(!flag) result = TPM_RC_VALUE; break; default: result = TPM_RC_VALUE; break; } } return result; } #if !USE_MARSHALING_DEFINES UINT16 TPMI_ALG_ASYM_SCHEME_Marshal(TPMI_ALG_ASYM_SCHEME *source, BYTE **buffer, INT32 *size) { return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // Table 2:164 - Definition of TPMU_ASYM_SCHEME Union TPM_RC TPMU_ASYM_SCHEME_Unmarshal(TPMU_ASYM_SCHEME *target, BYTE **buffer, INT32 *size, UINT32 selector) { switch(selector) { #if ALG_ECDH case ALG_ECDH_VALUE: return TPMS_KEY_SCHEME_ECDH_Unmarshal((TPMS_KEY_SCHEME_ECDH *)&(target->ecdh), buffer, size); #endif // ALG_ECDH #if ALG_ECMQV case ALG_ECMQV_VALUE: return TPMS_KEY_SCHEME_ECMQV_Unmarshal((TPMS_KEY_SCHEME_ECMQV *)&(target->ecmqv), buffer, size); #endif // ALG_ECMQV #if ALG_ECDAA case ALG_ECDAA_VALUE: return TPMS_SIG_SCHEME_ECDAA_Unmarshal((TPMS_SIG_SCHEME_ECDAA *)&(target->ecdaa), buffer, size); #endif // ALG_ECDAA #if ALG_RSASSA case ALG_RSASSA_VALUE: return TPMS_SIG_SCHEME_RSASSA_Unmarshal((TPMS_SIG_SCHEME_RSASSA *)&(target->rsassa), buffer, size); #endif // ALG_RSASSA #if ALG_RSAPSS case ALG_RSAPSS_VALUE: return TPMS_SIG_SCHEME_RSAPSS_Unmarshal((TPMS_SIG_SCHEME_RSAPSS *)&(target->rsapss), buffer, size); #endif // ALG_RSAPSS #if ALG_ECDSA case ALG_ECDSA_VALUE: return TPMS_SIG_SCHEME_ECDSA_Unmarshal((TPMS_SIG_SCHEME_ECDSA *)&(target->ecdsa), buffer, size); #endif // ALG_ECDSA #if ALG_SM2 case ALG_SM2_VALUE: return TPMS_SIG_SCHEME_SM2_Unmarshal((TPMS_SIG_SCHEME_SM2 *)&(target->sm2), buffer, size); #endif // ALG_SM2 #if ALG_ECSCHNORR case ALG_ECSCHNORR_VALUE: return TPMS_SIG_SCHEME_ECSCHNORR_Unmarshal((TPMS_SIG_SCHEME_ECSCHNORR *)&(target->ecschnorr), buffer, size); #endif // ALG_ECSCHNORR #if ALG_RSAES case ALG_RSAES_VALUE: return TPMS_ENC_SCHEME_RSAES_Unmarshal((TPMS_ENC_SCHEME_RSAES *)&(target->rsaes), buffer, size); #endif // ALG_RSAES #if ALG_OAEP case ALG_OAEP_VALUE: return TPMS_ENC_SCHEME_OAEP_Unmarshal((TPMS_ENC_SCHEME_OAEP *)&(target->oaep), buffer, size); #endif // ALG_OAEP case ALG_NULL_VALUE: return TPM_RC_SUCCESS; } return TPM_RC_SELECTOR; } UINT16 TPMU_ASYM_SCHEME_Marshal(TPMU_ASYM_SCHEME *source, BYTE **buffer, INT32 *size, UINT32 selector) { switch(selector) { #if ALG_ECDH case ALG_ECDH_VALUE: return TPMS_KEY_SCHEME_ECDH_Marshal((TPMS_KEY_SCHEME_ECDH *)&(source->ecdh), buffer, size); #endif // ALG_ECDH #if ALG_ECMQV case ALG_ECMQV_VALUE: return TPMS_KEY_SCHEME_ECMQV_Marshal((TPMS_KEY_SCHEME_ECMQV *)&(source->ecmqv), buffer, size); #endif // ALG_ECMQV #if ALG_ECDAA case ALG_ECDAA_VALUE: return TPMS_SIG_SCHEME_ECDAA_Marshal((TPMS_SIG_SCHEME_ECDAA *)&(source->ecdaa), buffer, size); #endif // ALG_ECDAA #if ALG_RSASSA case ALG_RSASSA_VALUE: return TPMS_SIG_SCHEME_RSASSA_Marshal((TPMS_SIG_SCHEME_RSASSA *)&(source->rsassa), buffer, size); #endif // ALG_RSASSA #if ALG_RSAPSS case ALG_RSAPSS_VALUE: return TPMS_SIG_SCHEME_RSAPSS_Marshal((TPMS_SIG_SCHEME_RSAPSS *)&(source->rsapss), buffer, size); #endif // ALG_RSAPSS #if ALG_ECDSA case ALG_ECDSA_VALUE: return TPMS_SIG_SCHEME_ECDSA_Marshal((TPMS_SIG_SCHEME_ECDSA *)&(source->ecdsa), buffer, size); #endif // ALG_ECDSA #if ALG_SM2 case ALG_SM2_VALUE: return TPMS_SIG_SCHEME_SM2_Marshal((TPMS_SIG_SCHEME_SM2 *)&(source->sm2), buffer, size); #endif // ALG_SM2 #if ALG_ECSCHNORR case ALG_ECSCHNORR_VALUE: return TPMS_SIG_SCHEME_ECSCHNORR_Marshal((TPMS_SIG_SCHEME_ECSCHNORR *)&(source->ecschnorr), buffer, size); #endif // ALG_ECSCHNORR #if ALG_RSAES case ALG_RSAES_VALUE: return TPMS_ENC_SCHEME_RSAES_Marshal((TPMS_ENC_SCHEME_RSAES *)&(source->rsaes), buffer, size); #endif // ALG_RSAES #if ALG_OAEP case ALG_OAEP_VALUE: return TPMS_ENC_SCHEME_OAEP_Marshal((TPMS_ENC_SCHEME_OAEP *)&(source->oaep), buffer, size); #endif // ALG_OAEP case ALG_NULL_VALUE: return 0; } return 0; } // Table 2:165 - Definition of TPMT_ASYM_SCHEME Structure // Table 2:166 - Definition of TPMI_ALG_RSA_SCHEME Type #if ALG_RSA TPM_RC TPMI_ALG_RSA_SCHEME_Unmarshal(TPMI_ALG_RSA_SCHEME *target, BYTE **buffer, INT32 *size, BOOL flag) { TPM_RC result; result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); if(result == TPM_RC_SUCCESS) { switch (*target) { #if ALG_RSAES case ALG_RSAES_VALUE: #endif // ALG_RSAES #if ALG_OAEP case ALG_OAEP_VALUE: #endif // ALG_OAEP #if ALG_RSASSA case ALG_RSASSA_VALUE: #endif // ALG_RSASSA #if ALG_RSAPSS case ALG_RSAPSS_VALUE: #endif // ALG_RSAPSS break; case ALG_NULL_VALUE: if(!flag) result = TPM_RC_VALUE; break; default: result = TPM_RC_VALUE; break; } } return result; } #if !USE_MARSHALING_DEFINES UINT16 TPMI_ALG_RSA_SCHEME_Marshal(TPMI_ALG_RSA_SCHEME *source, BYTE **buffer, INT32 *size) { return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES #endif // ALG_RSA // Table 2:167 - Definition of TPMT_RSA_SCHEME Structure #if ALG_RSA TPM_RC TPMT_RSA_SCHEME_Unmarshal(TPMT_RSA_SCHEME *target, BYTE **buffer, INT32 *size, BOOL flag) { TPM_RC result; result = TPMI_ALG_RSA_SCHEME_Unmarshal((TPMI_ALG_RSA_SCHEME *)&(target->scheme), buffer, size, flag); if(result == TPM_RC_SUCCESS) result = TPMU_ASYM_SCHEME_Unmarshal((TPMU_ASYM_SCHEME *)&(target->details), buffer, size, (UINT32)target->scheme); return result; } UINT16 TPMT_RSA_SCHEME_Marshal(TPMT_RSA_SCHEME *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + TPMI_ALG_RSA_SCHEME_Marshal((TPMI_ALG_RSA_SCHEME *)&(source->scheme), buffer, size)); result = (UINT16)(result + TPMU_ASYM_SCHEME_Marshal((TPMU_ASYM_SCHEME *)&(source->details), buffer, size, (UINT32)source->scheme)); return result; } #endif // ALG_RSA // Table 2:168 - Definition of TPMI_ALG_RSA_DECRYPT Type #if ALG_RSA TPM_RC TPMI_ALG_RSA_DECRYPT_Unmarshal(TPMI_ALG_RSA_DECRYPT *target, BYTE **buffer, INT32 *size, BOOL flag) { TPM_RC result; result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); if(result == TPM_RC_SUCCESS) { switch (*target) { #if ALG_RSAES case ALG_RSAES_VALUE: #endif // ALG_RSAES #if ALG_OAEP case ALG_OAEP_VALUE: #endif // ALG_OAEP break; case ALG_NULL_VALUE: if(!flag) result = TPM_RC_VALUE; break; default: result = TPM_RC_VALUE; break; } } return result; } #if !USE_MARSHALING_DEFINES UINT16 TPMI_ALG_RSA_DECRYPT_Marshal(TPMI_ALG_RSA_DECRYPT *source, BYTE **buffer, INT32 *size) { return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES #endif // ALG_RSA // Table 2:169 - Definition of TPMT_RSA_DECRYPT Structure #if ALG_RSA TPM_RC TPMT_RSA_DECRYPT_Unmarshal(TPMT_RSA_DECRYPT *target, BYTE **buffer, INT32 *size, BOOL flag) { TPM_RC result; result = TPMI_ALG_RSA_DECRYPT_Unmarshal((TPMI_ALG_RSA_DECRYPT *)&(target->scheme), buffer, size, flag); if(result == TPM_RC_SUCCESS) result = TPMU_ASYM_SCHEME_Unmarshal((TPMU_ASYM_SCHEME *)&(target->details), buffer, size, (UINT32)target->scheme); return result; } UINT16 TPMT_RSA_DECRYPT_Marshal(TPMT_RSA_DECRYPT *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + TPMI_ALG_RSA_DECRYPT_Marshal((TPMI_ALG_RSA_DECRYPT *)&(source->scheme), buffer, size)); result = (UINT16)(result + TPMU_ASYM_SCHEME_Marshal((TPMU_ASYM_SCHEME *)&(source->details), buffer, size, (UINT32)source->scheme)); return result; } #endif // ALG_RSA // Table 2:170 - Definition of TPM2B_PUBLIC_KEY_RSA Structure #if ALG_RSA TPM_RC TPM2B_PUBLIC_KEY_RSA_Unmarshal(TPM2B_PUBLIC_KEY_RSA *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); if(result == TPM_RC_SUCCESS) { if((target->t.size) > MAX_RSA_KEY_BYTES) result = TPM_RC_SIZE; else result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); } return result; } UINT16 TPM2B_PUBLIC_KEY_RSA_Marshal(TPM2B_PUBLIC_KEY_RSA *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); // if size equal to 0, the rest of the structure is a zero buffer. Stop processing if(source->t.size == 0) return result; result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); return result; } #endif // ALG_RSA // Table 2:171 - Definition of TPMI_RSA_KEY_BITS Type #if ALG_RSA TPM_RC TPMI_RSA_KEY_BITS_Unmarshal(TPMI_RSA_KEY_BITS *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = TPM_KEY_BITS_Unmarshal((TPM_KEY_BITS *)target, buffer, size); if(result == TPM_RC_SUCCESS) { switch (*target) { #if RSA_1024 case 1024: #endif // RSA_1024 #if RSA_2048 case 2048: #endif // RSA_2048 #if RSA_3072 case 3072: #endif // RSA_3072 #if RSA_4096 case 4096: #endif // RSA_4096 break; default: result = TPM_RC_VALUE; break; } } return result; } #if !USE_MARSHALING_DEFINES UINT16 TPMI_RSA_KEY_BITS_Marshal(TPMI_RSA_KEY_BITS *source, BYTE **buffer, INT32 *size) { return TPM_KEY_BITS_Marshal((TPM_KEY_BITS *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES #endif // ALG_RSA // Table 2:172 - Definition of TPM2B_PRIVATE_KEY_RSA Structure #if ALG_RSA TPM_RC TPM2B_PRIVATE_KEY_RSA_Unmarshal(TPM2B_PRIVATE_KEY_RSA *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); if(result == TPM_RC_SUCCESS) { if((target->t.size) > RSA_PRIVATE_SIZE) result = TPM_RC_SIZE; else result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); } return result; } UINT16 TPM2B_PRIVATE_KEY_RSA_Marshal(TPM2B_PRIVATE_KEY_RSA *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); // if size equal to 0, the rest of the structure is a zero buffer. Stop processing if(source->t.size == 0) return result; result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); return result; } #endif // ALG_RSA // Table 2:173 - Definition of TPM2B_ECC_PARAMETER Structure TPM_RC TPM2B_ECC_PARAMETER_Unmarshal(TPM2B_ECC_PARAMETER *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); if(result == TPM_RC_SUCCESS) { if((target->t.size) > MAX_ECC_KEY_BYTES) result = TPM_RC_SIZE; else result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); } return result; } UINT16 TPM2B_ECC_PARAMETER_Marshal(TPM2B_ECC_PARAMETER *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); // if size equal to 0, the rest of the structure is a zero buffer. Stop processing if(source->t.size == 0) return result; result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); return result; } // Table 2:174 - Definition of TPMS_ECC_POINT Structure #if ALG_ECC TPM_RC TPMS_ECC_POINT_Unmarshal(TPMS_ECC_POINT *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = TPM2B_ECC_PARAMETER_Unmarshal((TPM2B_ECC_PARAMETER *)&(target->x), buffer, size); if(result == TPM_RC_SUCCESS) result = TPM2B_ECC_PARAMETER_Unmarshal((TPM2B_ECC_PARAMETER *)&(target->y), buffer, size); return result; } UINT16 TPMS_ECC_POINT_Marshal(TPMS_ECC_POINT *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + TPM2B_ECC_PARAMETER_Marshal((TPM2B_ECC_PARAMETER *)&(source->x), buffer, size)); result = (UINT16)(result + TPM2B_ECC_PARAMETER_Marshal((TPM2B_ECC_PARAMETER *)&(source->y), buffer, size)); return result; } #endif // ALG_ECC // Table 2:175 - Definition of TPM2B_ECC_POINT Structure #if ALG_ECC TPM_RC TPM2B_ECC_POINT_Unmarshal(TPM2B_ECC_POINT *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = UINT16_Unmarshal((UINT16 *)&(target->size), buffer, size); // =a if(result == TPM_RC_SUCCESS) { // if size is zero, then the required structure is missing if(target->size == 0) result = TPM_RC_SIZE; else { INT32 startSize = *size; result = TPMS_ECC_POINT_Unmarshal((TPMS_ECC_POINT *)&(target->point), buffer, size); // =b if(result == TPM_RC_SUCCESS) { if(target->size != (startSize - *size)) result = TPM_RC_SIZE; } } } return result; } UINT16 TPM2B_ECC_POINT_Marshal(TPM2B_ECC_POINT *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; // Marshal a dummy value of the 2B size. This makes sure that 'buffer' // and 'size' are advanced as necessary (i.e., if they are present) result = UINT16_Marshal(&result, buffer, size); // Marshal the structure result = (UINT16)(result + TPMS_ECC_POINT_Marshal((TPMS_ECC_POINT *)&(source->point), buffer, size)); // if a buffer was provided, go back and fill in the actual size if(buffer != NULL) UINT16_TO_BYTE_ARRAY((result - 2), (*buffer - result)); return result; } #endif // ALG_ECC // Table 2:176 - Definition of TPMI_ALG_ECC_SCHEME Type #if ALG_ECC TPM_RC TPMI_ALG_ECC_SCHEME_Unmarshal(TPMI_ALG_ECC_SCHEME *target, BYTE **buffer, INT32 *size, BOOL flag) { TPM_RC result; result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); if(result == TPM_RC_SUCCESS) { switch (*target) { #if ALG_ECDAA case ALG_ECDAA_VALUE: #endif // ALG_ECDAA #if ALG_ECDSA case ALG_ECDSA_VALUE: #endif // ALG_ECDSA #if ALG_SM2 case ALG_SM2_VALUE: #endif // ALG_SM2 #if ALG_ECSCHNORR case ALG_ECSCHNORR_VALUE: #endif // ALG_ECSCHNORR #if ALG_ECDH case ALG_ECDH_VALUE: #endif // ALG_ECDH #if ALG_ECMQV case ALG_ECMQV_VALUE: #endif // ALG_ECMQV break; case ALG_NULL_VALUE: if(!flag) result = TPM_RC_SCHEME; break; default: result = TPM_RC_SCHEME; break; } } return result; } #if !USE_MARSHALING_DEFINES UINT16 TPMI_ALG_ECC_SCHEME_Marshal(TPMI_ALG_ECC_SCHEME *source, BYTE **buffer, INT32 *size) { return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES #endif // ALG_ECC // Table 2:177 - Definition of TPMI_ECC_CURVE Type #if ALG_ECC TPM_RC TPMI_ECC_CURVE_Unmarshal(TPMI_ECC_CURVE *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = TPM_ECC_CURVE_Unmarshal((TPM_ECC_CURVE *)target, buffer, size); if(result == TPM_RC_SUCCESS) { switch (*target) { #if ECC_BN_P256 case TPM_ECC_BN_P256: #endif // ECC_BN_P256 #if ECC_BN_P638 case TPM_ECC_BN_P638: #endif // ECC_BN_P638 #if ECC_NIST_P192 case TPM_ECC_NIST_P192: #endif // ECC_NIST_P192 #if ECC_NIST_P224 case TPM_ECC_NIST_P224: #endif // ECC_NIST_P224 #if ECC_NIST_P256 case TPM_ECC_NIST_P256: #endif // ECC_NIST_P256 #if ECC_NIST_P384 case TPM_ECC_NIST_P384: #endif // ECC_NIST_P384 #if ECC_NIST_P521 case TPM_ECC_NIST_P521: #endif // ECC_NIST_P521 #if ECC_SM2_P256 case TPM_ECC_SM2_P256: #endif // ECC_SM2_P256 break; default: result = TPM_RC_CURVE; break; } } return result; } #if !USE_MARSHALING_DEFINES UINT16 TPMI_ECC_CURVE_Marshal(TPMI_ECC_CURVE *source, BYTE **buffer, INT32 *size) { return TPM_ECC_CURVE_Marshal((TPM_ECC_CURVE *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES #endif // ALG_ECC // Table 2:178 - Definition of TPMT_ECC_SCHEME Structure #if ALG_ECC TPM_RC TPMT_ECC_SCHEME_Unmarshal(TPMT_ECC_SCHEME *target, BYTE **buffer, INT32 *size, BOOL flag) { TPM_RC result; result = TPMI_ALG_ECC_SCHEME_Unmarshal((TPMI_ALG_ECC_SCHEME *)&(target->scheme), buffer, size, flag); if(result == TPM_RC_SUCCESS) result = TPMU_ASYM_SCHEME_Unmarshal((TPMU_ASYM_SCHEME *)&(target->details), buffer, size, (UINT32)target->scheme); return result; } UINT16 TPMT_ECC_SCHEME_Marshal(TPMT_ECC_SCHEME *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + TPMI_ALG_ECC_SCHEME_Marshal((TPMI_ALG_ECC_SCHEME *)&(source->scheme), buffer, size)); result = (UINT16)(result + TPMU_ASYM_SCHEME_Marshal((TPMU_ASYM_SCHEME *)&(source->details), buffer, size, (UINT32)source->scheme)); return result; } #endif // ALG_ECC // Table 2:179 - Definition of TPMS_ALGORITHM_DETAIL_ECC Structure #if ALG_ECC UINT16 TPMS_ALGORITHM_DETAIL_ECC_Marshal(TPMS_ALGORITHM_DETAIL_ECC *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + TPM_ECC_CURVE_Marshal((TPM_ECC_CURVE *)&(source->curveID), buffer, size)); result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->keySize), buffer, size)); result = (UINT16)(result + TPMT_KDF_SCHEME_Marshal((TPMT_KDF_SCHEME *)&(source->kdf), buffer, size)); result = (UINT16)(result + TPMT_ECC_SCHEME_Marshal((TPMT_ECC_SCHEME *)&(source->sign), buffer, size)); result = (UINT16)(result + TPM2B_ECC_PARAMETER_Marshal((TPM2B_ECC_PARAMETER *)&(source->p), buffer, size)); result = (UINT16)(result + TPM2B_ECC_PARAMETER_Marshal((TPM2B_ECC_PARAMETER *)&(source->a), buffer, size)); result = (UINT16)(result + TPM2B_ECC_PARAMETER_Marshal((TPM2B_ECC_PARAMETER *)&(source->b), buffer, size)); result = (UINT16)(result + TPM2B_ECC_PARAMETER_Marshal((TPM2B_ECC_PARAMETER *)&(source->gX), buffer, size)); result = (UINT16)(result + TPM2B_ECC_PARAMETER_Marshal((TPM2B_ECC_PARAMETER *)&(source->gY), buffer, size)); result = (UINT16)(result + TPM2B_ECC_PARAMETER_Marshal((TPM2B_ECC_PARAMETER *)&(source->n), buffer, size)); result = (UINT16)(result + TPM2B_ECC_PARAMETER_Marshal((TPM2B_ECC_PARAMETER *)&(source->h), buffer, size)); return result; } #endif // ALG_ECC // Table 2:180 - Definition of TPMS_SIGNATURE_RSA Structure #if ALG_RSA TPM_RC TPMS_SIGNATURE_RSA_Unmarshal(TPMS_SIGNATURE_RSA *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = TPMI_ALG_HASH_Unmarshal((TPMI_ALG_HASH *)&(target->hash), buffer, size, 0); if(result == TPM_RC_SUCCESS) result = TPM2B_PUBLIC_KEY_RSA_Unmarshal((TPM2B_PUBLIC_KEY_RSA *)&(target->sig), buffer, size); return result; } UINT16 TPMS_SIGNATURE_RSA_Marshal(TPMS_SIGNATURE_RSA *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + TPMI_ALG_HASH_Marshal((TPMI_ALG_HASH *)&(source->hash), buffer, size)); result = (UINT16)(result + TPM2B_PUBLIC_KEY_RSA_Marshal((TPM2B_PUBLIC_KEY_RSA *)&(source->sig), buffer, size)); return result; } #endif // ALG_RSA // Table 2:181 - Definition of Types for Signature #if ALG_RSA #if !USE_MARSHALING_DEFINES TPM_RC TPMS_SIGNATURE_RSASSA_Unmarshal(TPMS_SIGNATURE_RSASSA *target, BYTE **buffer, INT32 *size) { return TPMS_SIGNATURE_RSA_Unmarshal((TPMS_SIGNATURE_RSA *)target, buffer, size); } UINT16 TPMS_SIGNATURE_RSASSA_Marshal(TPMS_SIGNATURE_RSASSA *source, BYTE **buffer, INT32 *size) { return TPMS_SIGNATURE_RSA_Marshal((TPMS_SIGNATURE_RSA *)source, buffer, size); } TPM_RC TPMS_SIGNATURE_RSAPSS_Unmarshal(TPMS_SIGNATURE_RSAPSS *target, BYTE **buffer, INT32 *size) { return TPMS_SIGNATURE_RSA_Unmarshal((TPMS_SIGNATURE_RSA *)target, buffer, size); } UINT16 TPMS_SIGNATURE_RSAPSS_Marshal(TPMS_SIGNATURE_RSAPSS *source, BYTE **buffer, INT32 *size) { return TPMS_SIGNATURE_RSA_Marshal((TPMS_SIGNATURE_RSA *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES #endif // ALG_RSA // Table 2:182 - Definition of TPMS_SIGNATURE_ECC Structure #if ALG_ECC TPM_RC TPMS_SIGNATURE_ECC_Unmarshal(TPMS_SIGNATURE_ECC *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = TPMI_ALG_HASH_Unmarshal((TPMI_ALG_HASH *)&(target->hash), buffer, size, 0); if(result == TPM_RC_SUCCESS) result = TPM2B_ECC_PARAMETER_Unmarshal((TPM2B_ECC_PARAMETER *)&(target->signatureR), buffer, size); if(result == TPM_RC_SUCCESS) result = TPM2B_ECC_PARAMETER_Unmarshal((TPM2B_ECC_PARAMETER *)&(target->signatureS), buffer, size); return result; } UINT16 TPMS_SIGNATURE_ECC_Marshal(TPMS_SIGNATURE_ECC *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + TPMI_ALG_HASH_Marshal((TPMI_ALG_HASH *)&(source->hash), buffer, size)); result = (UINT16)(result + TPM2B_ECC_PARAMETER_Marshal((TPM2B_ECC_PARAMETER *)&(source->signatureR), buffer, size)); result = (UINT16)(result + TPM2B_ECC_PARAMETER_Marshal((TPM2B_ECC_PARAMETER *)&(source->signatureS), buffer, size)); return result; } #endif // ALG_ECC // Table 2:183 - Definition of Types for TPMS_SIGNATURE_ECC #if ALG_ECC #if !USE_MARSHALING_DEFINES TPM_RC TPMS_SIGNATURE_ECDAA_Unmarshal(TPMS_SIGNATURE_ECDAA *target, BYTE **buffer, INT32 *size) { return TPMS_SIGNATURE_ECC_Unmarshal((TPMS_SIGNATURE_ECC *)target, buffer, size); } UINT16 TPMS_SIGNATURE_ECDAA_Marshal(TPMS_SIGNATURE_ECDAA *source, BYTE **buffer, INT32 *size) { return TPMS_SIGNATURE_ECC_Marshal((TPMS_SIGNATURE_ECC *)source, buffer, size); } TPM_RC TPMS_SIGNATURE_ECDSA_Unmarshal(TPMS_SIGNATURE_ECDSA *target, BYTE **buffer, INT32 *size) { return TPMS_SIGNATURE_ECC_Unmarshal((TPMS_SIGNATURE_ECC *)target, buffer, size); } UINT16 TPMS_SIGNATURE_ECDSA_Marshal(TPMS_SIGNATURE_ECDSA *source, BYTE **buffer, INT32 *size) { return TPMS_SIGNATURE_ECC_Marshal((TPMS_SIGNATURE_ECC *)source, buffer, size); } TPM_RC TPMS_SIGNATURE_SM2_Unmarshal(TPMS_SIGNATURE_SM2 *target, BYTE **buffer, INT32 *size) { return TPMS_SIGNATURE_ECC_Unmarshal((TPMS_SIGNATURE_ECC *)target, buffer, size); } UINT16 TPMS_SIGNATURE_SM2_Marshal(TPMS_SIGNATURE_SM2 *source, BYTE **buffer, INT32 *size) { return TPMS_SIGNATURE_ECC_Marshal((TPMS_SIGNATURE_ECC *)source, buffer, size); } TPM_RC TPMS_SIGNATURE_ECSCHNORR_Unmarshal(TPMS_SIGNATURE_ECSCHNORR *target, BYTE **buffer, INT32 *size) { return TPMS_SIGNATURE_ECC_Unmarshal((TPMS_SIGNATURE_ECC *)target, buffer, size); } UINT16 TPMS_SIGNATURE_ECSCHNORR_Marshal(TPMS_SIGNATURE_ECSCHNORR *source, BYTE **buffer, INT32 *size) { return TPMS_SIGNATURE_ECC_Marshal((TPMS_SIGNATURE_ECC *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES #endif // ALG_ECC // Table 2:184 - Definition of TPMU_SIGNATURE Union TPM_RC TPMU_SIGNATURE_Unmarshal(TPMU_SIGNATURE *target, BYTE **buffer, INT32 *size, UINT32 selector) { switch(selector) { #if ALG_ECDAA case ALG_ECDAA_VALUE: return TPMS_SIGNATURE_ECDAA_Unmarshal((TPMS_SIGNATURE_ECDAA *)&(target->ecdaa), buffer, size); #endif // ALG_ECDAA #if ALG_RSASSA case ALG_RSASSA_VALUE: return TPMS_SIGNATURE_RSASSA_Unmarshal((TPMS_SIGNATURE_RSASSA *)&(target->rsassa), buffer, size); #endif // ALG_RSASSA #if ALG_RSAPSS case ALG_RSAPSS_VALUE: return TPMS_SIGNATURE_RSAPSS_Unmarshal((TPMS_SIGNATURE_RSAPSS *)&(target->rsapss), buffer, size); #endif // ALG_RSAPSS #if ALG_ECDSA case ALG_ECDSA_VALUE: return TPMS_SIGNATURE_ECDSA_Unmarshal((TPMS_SIGNATURE_ECDSA *)&(target->ecdsa), buffer, size); #endif // ALG_ECDSA #if ALG_SM2 case ALG_SM2_VALUE: return TPMS_SIGNATURE_SM2_Unmarshal((TPMS_SIGNATURE_SM2 *)&(target->sm2), buffer, size); #endif // ALG_SM2 #if ALG_ECSCHNORR case ALG_ECSCHNORR_VALUE: return TPMS_SIGNATURE_ECSCHNORR_Unmarshal((TPMS_SIGNATURE_ECSCHNORR *)&(target->ecschnorr), buffer, size); #endif // ALG_ECSCHNORR #if ALG_HMAC case ALG_HMAC_VALUE: return TPMT_HA_Unmarshal((TPMT_HA *)&(target->hmac), buffer, size, 0); #endif // ALG_HMAC case ALG_NULL_VALUE: return TPM_RC_SUCCESS; } return TPM_RC_SELECTOR; } UINT16 TPMU_SIGNATURE_Marshal(TPMU_SIGNATURE *source, BYTE **buffer, INT32 *size, UINT32 selector) { switch(selector) { #if ALG_ECDAA case ALG_ECDAA_VALUE: return TPMS_SIGNATURE_ECDAA_Marshal((TPMS_SIGNATURE_ECDAA *)&(source->ecdaa), buffer, size); #endif // ALG_ECDAA #if ALG_RSASSA case ALG_RSASSA_VALUE: return TPMS_SIGNATURE_RSASSA_Marshal((TPMS_SIGNATURE_RSASSA *)&(source->rsassa), buffer, size); #endif // ALG_RSASSA #if ALG_RSAPSS case ALG_RSAPSS_VALUE: return TPMS_SIGNATURE_RSAPSS_Marshal((TPMS_SIGNATURE_RSAPSS *)&(source->rsapss), buffer, size); #endif // ALG_RSAPSS #if ALG_ECDSA case ALG_ECDSA_VALUE: return TPMS_SIGNATURE_ECDSA_Marshal((TPMS_SIGNATURE_ECDSA *)&(source->ecdsa), buffer, size); #endif // ALG_ECDSA #if ALG_SM2 case ALG_SM2_VALUE: return TPMS_SIGNATURE_SM2_Marshal((TPMS_SIGNATURE_SM2 *)&(source->sm2), buffer, size); #endif // ALG_SM2 #if ALG_ECSCHNORR case ALG_ECSCHNORR_VALUE: return TPMS_SIGNATURE_ECSCHNORR_Marshal((TPMS_SIGNATURE_ECSCHNORR *)&(source->ecschnorr), buffer, size); #endif // ALG_ECSCHNORR #if ALG_HMAC case ALG_HMAC_VALUE: return TPMT_HA_Marshal((TPMT_HA *)&(source->hmac), buffer, size); #endif // ALG_HMAC case ALG_NULL_VALUE: return 0; } return 0; } // Table 2:185 - Definition of TPMT_SIGNATURE Structure TPM_RC TPMT_SIGNATURE_Unmarshal(TPMT_SIGNATURE *target, BYTE **buffer, INT32 *size, BOOL flag) { TPM_RC result; result = TPMI_ALG_SIG_SCHEME_Unmarshal((TPMI_ALG_SIG_SCHEME *)&(target->sigAlg), buffer, size, flag); if(result == TPM_RC_SUCCESS) result = TPMU_SIGNATURE_Unmarshal((TPMU_SIGNATURE *)&(target->signature), buffer, size, (UINT32)target->sigAlg); return result; } UINT16 TPMT_SIGNATURE_Marshal(TPMT_SIGNATURE *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + TPMI_ALG_SIG_SCHEME_Marshal((TPMI_ALG_SIG_SCHEME *)&(source->sigAlg), buffer, size)); result = (UINT16)(result + TPMU_SIGNATURE_Marshal((TPMU_SIGNATURE *)&(source->signature), buffer, size, (UINT32)source->sigAlg)); return result; } // Table 2:186 - Definition of TPMU_ENCRYPTED_SECRET Union TPM_RC TPMU_ENCRYPTED_SECRET_Unmarshal(TPMU_ENCRYPTED_SECRET *target, BYTE **buffer, INT32 *size, UINT32 selector) { switch(selector) { #if ALG_ECC case ALG_ECC_VALUE: return BYTE_Array_Unmarshal((BYTE *)(target->ecc), buffer, size, (INT32)sizeof(TPMS_ECC_POINT)); #endif // ALG_ECC #if ALG_RSA case ALG_RSA_VALUE: return BYTE_Array_Unmarshal((BYTE *)(target->rsa), buffer, size, (INT32)MAX_RSA_KEY_BYTES); #endif // ALG_RSA #if ALG_SYMCIPHER case ALG_SYMCIPHER_VALUE: return BYTE_Array_Unmarshal((BYTE *)(target->symmetric), buffer, size, (INT32)sizeof(TPM2B_DIGEST)); #endif // ALG_SYMCIPHER #if ALG_KEYEDHASH case ALG_KEYEDHASH_VALUE: return BYTE_Array_Unmarshal((BYTE *)(target->keyedHash), buffer, size, (INT32)sizeof(TPM2B_DIGEST)); #endif // ALG_KEYEDHASH } return TPM_RC_SELECTOR; } UINT16 TPMU_ENCRYPTED_SECRET_Marshal(TPMU_ENCRYPTED_SECRET *source, BYTE **buffer, INT32 *size, UINT32 selector) { switch(selector) { #if ALG_ECC case ALG_ECC_VALUE: return BYTE_Array_Marshal((BYTE *)(source->ecc), buffer, size, (INT32)sizeof(TPMS_ECC_POINT)); #endif // ALG_ECC #if ALG_RSA case ALG_RSA_VALUE: return BYTE_Array_Marshal((BYTE *)(source->rsa), buffer, size, (INT32)MAX_RSA_KEY_BYTES); #endif // ALG_RSA #if ALG_SYMCIPHER case ALG_SYMCIPHER_VALUE: return BYTE_Array_Marshal((BYTE *)(source->symmetric), buffer, size, (INT32)sizeof(TPM2B_DIGEST)); #endif // ALG_SYMCIPHER #if ALG_KEYEDHASH case ALG_KEYEDHASH_VALUE: return BYTE_Array_Marshal((BYTE *)(source->keyedHash), buffer, size, (INT32)sizeof(TPM2B_DIGEST)); #endif // ALG_KEYEDHASH } return 0; } // Table 2:187 - Definition of TPM2B_ENCRYPTED_SECRET Structure TPM_RC TPM2B_ENCRYPTED_SECRET_Unmarshal(TPM2B_ENCRYPTED_SECRET *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); if(result == TPM_RC_SUCCESS) { if((target->t.size) > sizeof(TPMU_ENCRYPTED_SECRET)) result = TPM_RC_SIZE; else result = BYTE_Array_Unmarshal((BYTE *)(target->t.secret), buffer, size, (INT32)(target->t.size)); } return result; } UINT16 TPM2B_ENCRYPTED_SECRET_Marshal(TPM2B_ENCRYPTED_SECRET *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); // if size equal to 0, the rest of the structure is a zero buffer. Stop processing if(source->t.size == 0) return result; result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.secret), buffer, size, (INT32)(source->t.size))); return result; } // Table 2:188 - Definition of TPMI_ALG_PUBLIC Type TPM_RC TPMI_ALG_PUBLIC_Unmarshal(TPMI_ALG_PUBLIC *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = TPM_ALG_ID_Unmarshal((TPM_ALG_ID *)target, buffer, size); if(result == TPM_RC_SUCCESS) { switch (*target) { #if ALG_RSA case ALG_RSA_VALUE: #endif // ALG_RSA #if ALG_ECC case ALG_ECC_VALUE: #endif // ALG_ECC #if ALG_KEYEDHASH case ALG_KEYEDHASH_VALUE: #endif // ALG_KEYEDHASH #if ALG_SYMCIPHER case ALG_SYMCIPHER_VALUE: #endif // ALG_SYMCIPHER break; default: result = TPM_RC_TYPE; break; } } return result; } #if !USE_MARSHALING_DEFINES UINT16 TPMI_ALG_PUBLIC_Marshal(TPMI_ALG_PUBLIC *source, BYTE **buffer, INT32 *size) { return TPM_ALG_ID_Marshal((TPM_ALG_ID *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // Table 2:189 - Definition of TPMU_PUBLIC_ID Union TPM_RC TPMU_PUBLIC_ID_Unmarshal(TPMU_PUBLIC_ID *target, BYTE **buffer, INT32 *size, UINT32 selector) { switch(selector) { #if ALG_KEYEDHASH case ALG_KEYEDHASH_VALUE: return TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)&(target->keyedHash), buffer, size); #endif // ALG_KEYEDHASH #if ALG_SYMCIPHER case ALG_SYMCIPHER_VALUE: return TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)&(target->sym), buffer, size); #endif // ALG_SYMCIPHER #if ALG_RSA case ALG_RSA_VALUE: return TPM2B_PUBLIC_KEY_RSA_Unmarshal((TPM2B_PUBLIC_KEY_RSA *)&(target->rsa), buffer, size); #endif // ALG_RSA #if ALG_ECC case ALG_ECC_VALUE: return TPMS_ECC_POINT_Unmarshal((TPMS_ECC_POINT *)&(target->ecc), buffer, size); #endif // ALG_ECC } return TPM_RC_SELECTOR; } UINT16 TPMU_PUBLIC_ID_Marshal(TPMU_PUBLIC_ID *source, BYTE **buffer, INT32 *size, UINT32 selector) { switch(selector) { #if ALG_KEYEDHASH case ALG_KEYEDHASH_VALUE: return TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->keyedHash), buffer, size); #endif // ALG_KEYEDHASH #if ALG_SYMCIPHER case ALG_SYMCIPHER_VALUE: return TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->sym), buffer, size); #endif // ALG_SYMCIPHER #if ALG_RSA case ALG_RSA_VALUE: return TPM2B_PUBLIC_KEY_RSA_Marshal((TPM2B_PUBLIC_KEY_RSA *)&(source->rsa), buffer, size); #endif // ALG_RSA #if ALG_ECC case ALG_ECC_VALUE: return TPMS_ECC_POINT_Marshal((TPMS_ECC_POINT *)&(source->ecc), buffer, size); #endif // ALG_ECC } return 0; } // Table 2:190 - Definition of TPMS_KEYEDHASH_PARMS Structure TPM_RC TPMS_KEYEDHASH_PARMS_Unmarshal(TPMS_KEYEDHASH_PARMS *target, BYTE **buffer, INT32 *size) { return TPMT_KEYEDHASH_SCHEME_Unmarshal((TPMT_KEYEDHASH_SCHEME *)&(target->scheme), buffer, size, 1); } UINT16 TPMS_KEYEDHASH_PARMS_Marshal(TPMS_KEYEDHASH_PARMS *source, BYTE **buffer, INT32 *size) { return TPMT_KEYEDHASH_SCHEME_Marshal((TPMT_KEYEDHASH_SCHEME *)&(source->scheme), buffer, size); } // Table 2:191 - Definition of TPMS_ASYM_PARMS Structure // Table 2:192 - Definition of TPMS_RSA_PARMS Structure #if ALG_RSA TPM_RC TPMS_RSA_PARMS_Unmarshal(TPMS_RSA_PARMS *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = TPMT_SYM_DEF_OBJECT_Unmarshal((TPMT_SYM_DEF_OBJECT *)&(target->symmetric), buffer, size, 1); if(result == TPM_RC_SUCCESS) result = TPMT_RSA_SCHEME_Unmarshal((TPMT_RSA_SCHEME *)&(target->scheme), buffer, size, 1); if(result == TPM_RC_SUCCESS) result = TPMI_RSA_KEY_BITS_Unmarshal((TPMI_RSA_KEY_BITS *)&(target->keyBits), buffer, size); if(result == TPM_RC_SUCCESS) result = UINT32_Unmarshal((UINT32 *)&(target->exponent), buffer, size); return result; } UINT16 TPMS_RSA_PARMS_Marshal(TPMS_RSA_PARMS *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + TPMT_SYM_DEF_OBJECT_Marshal((TPMT_SYM_DEF_OBJECT *)&(source->symmetric), buffer, size)); result = (UINT16)(result + TPMT_RSA_SCHEME_Marshal((TPMT_RSA_SCHEME *)&(source->scheme), buffer, size)); result = (UINT16)(result + TPMI_RSA_KEY_BITS_Marshal((TPMI_RSA_KEY_BITS *)&(source->keyBits), buffer, size)); result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->exponent), buffer, size)); return result; } #endif // ALG_RSA // Table 2:193 - Definition of TPMS_ECC_PARMS Structure #if ALG_ECC TPM_RC TPMS_ECC_PARMS_Unmarshal(TPMS_ECC_PARMS *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = TPMT_SYM_DEF_OBJECT_Unmarshal((TPMT_SYM_DEF_OBJECT *)&(target->symmetric), buffer, size, 1); if(result == TPM_RC_SUCCESS) result = TPMT_ECC_SCHEME_Unmarshal((TPMT_ECC_SCHEME *)&(target->scheme), buffer, size, 1); if(result == TPM_RC_SUCCESS) result = TPMI_ECC_CURVE_Unmarshal((TPMI_ECC_CURVE *)&(target->curveID), buffer, size); if(result == TPM_RC_SUCCESS) result = TPMT_KDF_SCHEME_Unmarshal((TPMT_KDF_SCHEME *)&(target->kdf), buffer, size, 1); return result; } UINT16 TPMS_ECC_PARMS_Marshal(TPMS_ECC_PARMS *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + TPMT_SYM_DEF_OBJECT_Marshal((TPMT_SYM_DEF_OBJECT *)&(source->symmetric), buffer, size)); result = (UINT16)(result + TPMT_ECC_SCHEME_Marshal((TPMT_ECC_SCHEME *)&(source->scheme), buffer, size)); result = (UINT16)(result + TPMI_ECC_CURVE_Marshal((TPMI_ECC_CURVE *)&(source->curveID), buffer, size)); result = (UINT16)(result + TPMT_KDF_SCHEME_Marshal((TPMT_KDF_SCHEME *)&(source->kdf), buffer, size)); return result; } #endif // ALG_ECC // Table 2:194 - Definition of TPMU_PUBLIC_PARMS Union TPM_RC TPMU_PUBLIC_PARMS_Unmarshal(TPMU_PUBLIC_PARMS *target, BYTE **buffer, INT32 *size, UINT32 selector) { switch(selector) { #if ALG_KEYEDHASH case ALG_KEYEDHASH_VALUE: return TPMS_KEYEDHASH_PARMS_Unmarshal((TPMS_KEYEDHASH_PARMS *)&(target->keyedHashDetail), buffer, size); #endif // ALG_KEYEDHASH #if ALG_SYMCIPHER case ALG_SYMCIPHER_VALUE: return TPMS_SYMCIPHER_PARMS_Unmarshal((TPMS_SYMCIPHER_PARMS *)&(target->symDetail), buffer, size); #endif // ALG_SYMCIPHER #if ALG_RSA case ALG_RSA_VALUE: return TPMS_RSA_PARMS_Unmarshal((TPMS_RSA_PARMS *)&(target->rsaDetail), buffer, size); #endif // ALG_RSA #if ALG_ECC case ALG_ECC_VALUE: return TPMS_ECC_PARMS_Unmarshal((TPMS_ECC_PARMS *)&(target->eccDetail), buffer, size); #endif // ALG_ECC } return TPM_RC_SELECTOR; } UINT16 TPMU_PUBLIC_PARMS_Marshal(TPMU_PUBLIC_PARMS *source, BYTE **buffer, INT32 *size, UINT32 selector) { switch(selector) { #if ALG_KEYEDHASH case ALG_KEYEDHASH_VALUE: return TPMS_KEYEDHASH_PARMS_Marshal((TPMS_KEYEDHASH_PARMS *)&(source->keyedHashDetail), buffer, size); #endif // ALG_KEYEDHASH #if ALG_SYMCIPHER case ALG_SYMCIPHER_VALUE: return TPMS_SYMCIPHER_PARMS_Marshal((TPMS_SYMCIPHER_PARMS *)&(source->symDetail), buffer, size); #endif // ALG_SYMCIPHER #if ALG_RSA case ALG_RSA_VALUE: return TPMS_RSA_PARMS_Marshal((TPMS_RSA_PARMS *)&(source->rsaDetail), buffer, size); #endif // ALG_RSA #if ALG_ECC case ALG_ECC_VALUE: return TPMS_ECC_PARMS_Marshal((TPMS_ECC_PARMS *)&(source->eccDetail), buffer, size); #endif // ALG_ECC } return 0; } // Table 2:195 - Definition of TPMT_PUBLIC_PARMS Structure TPM_RC TPMT_PUBLIC_PARMS_Unmarshal(TPMT_PUBLIC_PARMS *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = TPMI_ALG_PUBLIC_Unmarshal((TPMI_ALG_PUBLIC *)&(target->type), buffer, size); if(result == TPM_RC_SUCCESS) result = TPMU_PUBLIC_PARMS_Unmarshal((TPMU_PUBLIC_PARMS *)&(target->parameters), buffer, size, (UINT32)target->type); return result; } UINT16 TPMT_PUBLIC_PARMS_Marshal(TPMT_PUBLIC_PARMS *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + TPMI_ALG_PUBLIC_Marshal((TPMI_ALG_PUBLIC *)&(source->type), buffer, size)); result = (UINT16)(result + TPMU_PUBLIC_PARMS_Marshal((TPMU_PUBLIC_PARMS *)&(source->parameters), buffer, size, (UINT32)source->type)); return result; } // Table 2:196 - Definition of TPMT_PUBLIC Structure TPM_RC TPMT_PUBLIC_Unmarshal(TPMT_PUBLIC *target, BYTE **buffer, INT32 *size, BOOL flag) { TPM_RC result; result = TPMI_ALG_PUBLIC_Unmarshal((TPMI_ALG_PUBLIC *)&(target->type), buffer, size); if(result == TPM_RC_SUCCESS) result = TPMI_ALG_HASH_Unmarshal((TPMI_ALG_HASH *)&(target->nameAlg), buffer, size, flag); if(result == TPM_RC_SUCCESS) result = TPMA_OBJECT_Unmarshal((TPMA_OBJECT *)&(target->objectAttributes), buffer, size); if(result == TPM_RC_SUCCESS) result = TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)&(target->authPolicy), buffer, size); if(result == TPM_RC_SUCCESS) result = TPMU_PUBLIC_PARMS_Unmarshal((TPMU_PUBLIC_PARMS *)&(target->parameters), buffer, size, (UINT32)target->type); if(result == TPM_RC_SUCCESS) result = TPMU_PUBLIC_ID_Unmarshal((TPMU_PUBLIC_ID *)&(target->unique), buffer, size, (UINT32)target->type); return result; } UINT16 TPMT_PUBLIC_Marshal(TPMT_PUBLIC *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + TPMI_ALG_PUBLIC_Marshal((TPMI_ALG_PUBLIC *)&(source->type), buffer, size)); result = (UINT16)(result + TPMI_ALG_HASH_Marshal((TPMI_ALG_HASH *)&(source->nameAlg), buffer, size)); result = (UINT16)(result + TPMA_OBJECT_Marshal((TPMA_OBJECT *)&(source->objectAttributes), buffer, size)); result = (UINT16)(result + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->authPolicy), buffer, size)); result = (UINT16)(result + TPMU_PUBLIC_PARMS_Marshal((TPMU_PUBLIC_PARMS *)&(source->parameters), buffer, size, (UINT32)source->type)); result = (UINT16)(result + TPMU_PUBLIC_ID_Marshal((TPMU_PUBLIC_ID *)&(source->unique), buffer, size, (UINT32)source->type)); return result; } // Table 2:197 - Definition of TPM2B_PUBLIC Structure TPM_RC TPM2B_PUBLIC_Unmarshal(TPM2B_PUBLIC *target, BYTE **buffer, INT32 *size, BOOL flag) { TPM_RC result; result = UINT16_Unmarshal((UINT16 *)&(target->size), buffer, size); // =a if(result == TPM_RC_SUCCESS) { // if size is zero, then the required structure is missing if(target->size == 0) result = TPM_RC_SIZE; else { INT32 startSize = *size; result = TPMT_PUBLIC_Unmarshal((TPMT_PUBLIC *)&(target->publicArea), buffer, size, flag); // =b if(result == TPM_RC_SUCCESS) { if(target->size != (startSize - *size)) result = TPM_RC_SIZE; } } } return result; } UINT16 TPM2B_PUBLIC_Marshal(TPM2B_PUBLIC *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; // Marshal a dummy value of the 2B size. This makes sure that 'buffer' // and 'size' are advanced as necessary (i.e., if they are present) result = UINT16_Marshal(&result, buffer, size); // Marshal the structure result = (UINT16)(result + TPMT_PUBLIC_Marshal((TPMT_PUBLIC *)&(source->publicArea), buffer, size)); // if a buffer was provided, go back and fill in the actual size if(buffer != NULL) UINT16_TO_BYTE_ARRAY((result - 2), (*buffer - result)); return result; } // Table 2:198 - Definition of TPM2B_TEMPLATE Structure TPM_RC TPM2B_TEMPLATE_Unmarshal(TPM2B_TEMPLATE *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); if(result == TPM_RC_SUCCESS) { if((target->t.size) > sizeof(TPMT_PUBLIC)) result = TPM_RC_SIZE; else result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); } return result; } UINT16 TPM2B_TEMPLATE_Marshal(TPM2B_TEMPLATE *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); // if size equal to 0, the rest of the structure is a zero buffer. Stop processing if(source->t.size == 0) return result; result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); return result; } // Table 2:199 - Definition of TPM2B_PRIVATE_VENDOR_SPECIFIC Structure TPM_RC TPM2B_PRIVATE_VENDOR_SPECIFIC_Unmarshal(TPM2B_PRIVATE_VENDOR_SPECIFIC *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); if(result == TPM_RC_SUCCESS) { if((target->t.size) > PRIVATE_VENDOR_SPECIFIC_BYTES) result = TPM_RC_SIZE; else result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); } return result; } UINT16 TPM2B_PRIVATE_VENDOR_SPECIFIC_Marshal(TPM2B_PRIVATE_VENDOR_SPECIFIC *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); // if size equal to 0, the rest of the structure is a zero buffer. Stop processing if(source->t.size == 0) return result; result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); return result; } // Table 2:200 - Definition of TPMU_SENSITIVE_COMPOSITE Union TPM_RC TPMU_SENSITIVE_COMPOSITE_Unmarshal(TPMU_SENSITIVE_COMPOSITE *target, BYTE **buffer, INT32 *size, UINT32 selector) { switch(selector) { #if ALG_RSA case ALG_RSA_VALUE: return TPM2B_PRIVATE_KEY_RSA_Unmarshal((TPM2B_PRIVATE_KEY_RSA *)&(target->rsa), buffer, size); #endif // ALG_RSA #if ALG_ECC case ALG_ECC_VALUE: return TPM2B_ECC_PARAMETER_Unmarshal((TPM2B_ECC_PARAMETER *)&(target->ecc), buffer, size); #endif // ALG_ECC #if ALG_KEYEDHASH case ALG_KEYEDHASH_VALUE: return TPM2B_SENSITIVE_DATA_Unmarshal((TPM2B_SENSITIVE_DATA *)&(target->bits), buffer, size); #endif // ALG_KEYEDHASH #if ALG_SYMCIPHER case ALG_SYMCIPHER_VALUE: return TPM2B_SYM_KEY_Unmarshal((TPM2B_SYM_KEY *)&(target->sym), buffer, size); #endif // ALG_SYMCIPHER } return TPM_RC_SELECTOR; } UINT16 TPMU_SENSITIVE_COMPOSITE_Marshal(TPMU_SENSITIVE_COMPOSITE *source, BYTE **buffer, INT32 *size, UINT32 selector) { switch(selector) { #if ALG_RSA case ALG_RSA_VALUE: return TPM2B_PRIVATE_KEY_RSA_Marshal((TPM2B_PRIVATE_KEY_RSA *)&(source->rsa), buffer, size); #endif // ALG_RSA #if ALG_ECC case ALG_ECC_VALUE: return TPM2B_ECC_PARAMETER_Marshal((TPM2B_ECC_PARAMETER *)&(source->ecc), buffer, size); #endif // ALG_ECC #if ALG_KEYEDHASH case ALG_KEYEDHASH_VALUE: return TPM2B_SENSITIVE_DATA_Marshal((TPM2B_SENSITIVE_DATA *)&(source->bits), buffer, size); #endif // ALG_KEYEDHASH #if ALG_SYMCIPHER case ALG_SYMCIPHER_VALUE: return TPM2B_SYM_KEY_Marshal((TPM2B_SYM_KEY *)&(source->sym), buffer, size); #endif // ALG_SYMCIPHER } return 0; } // Table 2:201 - Definition of TPMT_SENSITIVE Structure TPM_RC TPMT_SENSITIVE_Unmarshal(TPMT_SENSITIVE *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = TPMI_ALG_PUBLIC_Unmarshal((TPMI_ALG_PUBLIC *)&(target->sensitiveType), buffer, size); if(result == TPM_RC_SUCCESS) result = TPM2B_AUTH_Unmarshal((TPM2B_AUTH *)&(target->authValue), buffer, size); if(result == TPM_RC_SUCCESS) result = TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)&(target->seedValue), buffer, size); if(result == TPM_RC_SUCCESS) result = TPMU_SENSITIVE_COMPOSITE_Unmarshal((TPMU_SENSITIVE_COMPOSITE *)&(target->sensitive), buffer, size, (UINT32)target->sensitiveType); return result; } UINT16 TPMT_SENSITIVE_Marshal(TPMT_SENSITIVE *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + TPMI_ALG_PUBLIC_Marshal((TPMI_ALG_PUBLIC *)&(source->sensitiveType), buffer, size)); result = (UINT16)(result + TPM2B_AUTH_Marshal((TPM2B_AUTH *)&(source->authValue), buffer, size)); result = (UINT16)(result + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->seedValue), buffer, size)); result = (UINT16)(result + TPMU_SENSITIVE_COMPOSITE_Marshal((TPMU_SENSITIVE_COMPOSITE *)&(source->sensitive), buffer, size, (UINT32)source->sensitiveType)); return result; } // Table 2:202 - Definition of TPM2B_SENSITIVE Structure TPM_RC TPM2B_SENSITIVE_Unmarshal(TPM2B_SENSITIVE *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = UINT16_Unmarshal((UINT16 *)&(target->size), buffer, size); // =a // if there was an error or if target->size equal to 0, // skip unmarshaling of the structure if((result == TPM_RC_SUCCESS) && (target->size != 0)) { INT32 startSize = *size; result = TPMT_SENSITIVE_Unmarshal((TPMT_SENSITIVE *)&(target->sensitiveArea), buffer, size); // =b if(result == TPM_RC_SUCCESS) { if(target->size != (startSize - *size)) result = TPM_RC_SIZE; } } return result; } UINT16 TPM2B_SENSITIVE_Marshal(TPM2B_SENSITIVE *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; // Marshal a dummy value of the 2B size. This makes sure that 'buffer' // and 'size' are advanced as necessary (i.e., if they are present) result = UINT16_Marshal(&result, buffer, size); // Marshal the structure result = (UINT16)(result + TPMT_SENSITIVE_Marshal((TPMT_SENSITIVE *)&(source->sensitiveArea), buffer, size)); // if a buffer was provided, go back and fill in the actual size if(buffer != NULL) UINT16_TO_BYTE_ARRAY((result - 2), (*buffer - result)); return result; } // Table 2:203 - Definition of _PRIVATE Structure // Table 2:204 - Definition of TPM2B_PRIVATE Structure TPM_RC TPM2B_PRIVATE_Unmarshal(TPM2B_PRIVATE *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); if(result == TPM_RC_SUCCESS) { if((target->t.size) > sizeof(_PRIVATE)) result = TPM_RC_SIZE; else result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); } return result; } UINT16 TPM2B_PRIVATE_Marshal(TPM2B_PRIVATE *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); // if size equal to 0, the rest of the structure is a zero buffer. Stop processing if(source->t.size == 0) return result; result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); return result; } // Table 2:205 - Definition of TPMS_ID_OBJECT Structure // Table 2:206 - Definition of TPM2B_ID_OBJECT Structure TPM_RC TPM2B_ID_OBJECT_Unmarshal(TPM2B_ID_OBJECT *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); if(result == TPM_RC_SUCCESS) { if((target->t.size) > sizeof(TPMS_ID_OBJECT)) result = TPM_RC_SIZE; else result = BYTE_Array_Unmarshal((BYTE *)(target->t.credential), buffer, size, (INT32)(target->t.size)); } return result; } UINT16 TPM2B_ID_OBJECT_Marshal(TPM2B_ID_OBJECT *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); // if size equal to 0, the rest of the structure is a zero buffer. Stop processing if(source->t.size == 0) return result; result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.credential), buffer, size, (INT32)(source->t.size))); return result; } // Table 2:207 - Definition of TPM_NV_INDEX Bits #if !USE_MARSHALING_DEFINES UINT16 TPM_NV_INDEX_Marshal(TPM_NV_INDEX *source, BYTE **buffer, INT32 *size) { return UINT32_Marshal((UINT32 *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // Table 2:208 - Definition of TPM_NT Constants // Table 2:209 - Definition of TPMS_NV_PIN_COUNTER_PARAMETERS Structure TPM_RC TPMS_NV_PIN_COUNTER_PARAMETERS_Unmarshal(TPMS_NV_PIN_COUNTER_PARAMETERS *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = UINT32_Unmarshal((UINT32 *)&(target->pinCount), buffer, size); if(result == TPM_RC_SUCCESS) result = UINT32_Unmarshal((UINT32 *)&(target->pinLimit), buffer, size); return result; } UINT16 TPMS_NV_PIN_COUNTER_PARAMETERS_Marshal(TPMS_NV_PIN_COUNTER_PARAMETERS *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->pinCount), buffer, size)); result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->pinLimit), buffer, size)); return result; } // Table 2:210 - Definition of TPMA_NV Bits TPM_RC TPMA_NV_Unmarshal(TPMA_NV *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = UINT32_Unmarshal((UINT32 *)target, buffer, size); if(result == TPM_RC_SUCCESS) { if(*((UINT32 *)target) & (UINT32)0x01f00300) result = TPM_RC_RESERVED_BITS; } return result; } #if !USE_MARSHALING_DEFINES UINT16 TPMA_NV_Marshal(TPMA_NV *source, BYTE **buffer, INT32 *size) { return UINT32_Marshal((UINT32 *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // Table 2:211 - Definition of TPMS_NV_PUBLIC Structure TPM_RC TPMS_NV_PUBLIC_Unmarshal(TPMS_NV_PUBLIC *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = TPMI_RH_NV_INDEX_Unmarshal((TPMI_RH_NV_INDEX *)&(target->nvIndex), buffer, size); if(result == TPM_RC_SUCCESS) result = TPMI_ALG_HASH_Unmarshal((TPMI_ALG_HASH *)&(target->nameAlg), buffer, size, 0); if(result == TPM_RC_SUCCESS) result = TPMA_NV_Unmarshal((TPMA_NV *)&(target->attributes), buffer, size); if(result == TPM_RC_SUCCESS) result = TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)&(target->authPolicy), buffer, size); if(result == TPM_RC_SUCCESS) result = UINT16_Unmarshal((UINT16 *)&(target->dataSize), buffer, size); if( (result == TPM_RC_SUCCESS) && (target->dataSize > MAX_NV_INDEX_SIZE)) result = TPM_RC_SIZE; return result; } UINT16 TPMS_NV_PUBLIC_Marshal(TPMS_NV_PUBLIC *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + TPMI_RH_NV_INDEX_Marshal((TPMI_RH_NV_INDEX *)&(source->nvIndex), buffer, size)); result = (UINT16)(result + TPMI_ALG_HASH_Marshal((TPMI_ALG_HASH *)&(source->nameAlg), buffer, size)); result = (UINT16)(result + TPMA_NV_Marshal((TPMA_NV *)&(source->attributes), buffer, size)); result = (UINT16)(result + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->authPolicy), buffer, size)); result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->dataSize), buffer, size)); return result; } // Table 2:212 - Definition of TPM2B_NV_PUBLIC Structure TPM_RC TPM2B_NV_PUBLIC_Unmarshal(TPM2B_NV_PUBLIC *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = UINT16_Unmarshal((UINT16 *)&(target->size), buffer, size); // =a if(result == TPM_RC_SUCCESS) { // if size is zero, then the required structure is missing if(target->size == 0) result = TPM_RC_SIZE; else { INT32 startSize = *size; result = TPMS_NV_PUBLIC_Unmarshal((TPMS_NV_PUBLIC *)&(target->nvPublic), buffer, size); // =b if(result == TPM_RC_SUCCESS) { if(target->size != (startSize - *size)) result = TPM_RC_SIZE; } } } return result; } UINT16 TPM2B_NV_PUBLIC_Marshal(TPM2B_NV_PUBLIC *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; // Marshal a dummy value of the 2B size. This makes sure that 'buffer' // and 'size' are advanced as necessary (i.e., if they are present) result = UINT16_Marshal(&result, buffer, size); // Marshal the structure result = (UINT16)(result + TPMS_NV_PUBLIC_Marshal((TPMS_NV_PUBLIC *)&(source->nvPublic), buffer, size)); // if a buffer was provided, go back and fill in the actual size if(buffer != NULL) UINT16_TO_BYTE_ARRAY((result - 2), (*buffer - result)); return result; } // Table 2:213 - Definition of TPM2B_CONTEXT_SENSITIVE Structure TPM_RC TPM2B_CONTEXT_SENSITIVE_Unmarshal(TPM2B_CONTEXT_SENSITIVE *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); if(result == TPM_RC_SUCCESS) { if((target->t.size) > MAX_CONTEXT_SIZE) result = TPM_RC_SIZE; else result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); } return result; } UINT16 TPM2B_CONTEXT_SENSITIVE_Marshal(TPM2B_CONTEXT_SENSITIVE *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); // if size equal to 0, the rest of the structure is a zero buffer. Stop processing if(source->t.size == 0) return result; result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); return result; } // Table 2:214 - Definition of TPMS_CONTEXT_DATA Structure TPM_RC TPMS_CONTEXT_DATA_Unmarshal(TPMS_CONTEXT_DATA *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = TPM2B_DIGEST_Unmarshal((TPM2B_DIGEST *)&(target->integrity), buffer, size); if(result == TPM_RC_SUCCESS) result = TPM2B_CONTEXT_SENSITIVE_Unmarshal((TPM2B_CONTEXT_SENSITIVE *)&(target->encrypted), buffer, size); return result; } UINT16 TPMS_CONTEXT_DATA_Marshal(TPMS_CONTEXT_DATA *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->integrity), buffer, size)); result = (UINT16)(result + TPM2B_CONTEXT_SENSITIVE_Marshal((TPM2B_CONTEXT_SENSITIVE *)&(source->encrypted), buffer, size)); return result; } // Table 2:215 - Definition of TPM2B_CONTEXT_DATA Structure TPM_RC TPM2B_CONTEXT_DATA_Unmarshal(TPM2B_CONTEXT_DATA *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = UINT16_Unmarshal((UINT16 *)&(target->t.size), buffer, size); if(result == TPM_RC_SUCCESS) { if((target->t.size) > sizeof(TPMS_CONTEXT_DATA)) result = TPM_RC_SIZE; else result = BYTE_Array_Unmarshal((BYTE *)(target->t.buffer), buffer, size, (INT32)(target->t.size)); } return result; } UINT16 TPM2B_CONTEXT_DATA_Marshal(TPM2B_CONTEXT_DATA *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + UINT16_Marshal((UINT16 *)&(source->t.size), buffer, size)); // if size equal to 0, the rest of the structure is a zero buffer. Stop processing if(source->t.size == 0) return result; result = (UINT16)(result + BYTE_Array_Marshal((BYTE *)(source->t.buffer), buffer, size, (INT32)(source->t.size))); return result; } // Table 2:216 - Definition of TPMS_CONTEXT Structure TPM_RC TPMS_CONTEXT_Unmarshal(TPMS_CONTEXT *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = UINT64_Unmarshal((UINT64 *)&(target->sequence), buffer, size); if(result == TPM_RC_SUCCESS) result = TPMI_DH_SAVED_Unmarshal((TPMI_DH_SAVED *)&(target->savedHandle), buffer, size); if(result == TPM_RC_SUCCESS) result = TPMI_RH_HIERARCHY_Unmarshal((TPMI_RH_HIERARCHY *)&(target->hierarchy), buffer, size, 1); if(result == TPM_RC_SUCCESS) result = TPM2B_CONTEXT_DATA_Unmarshal((TPM2B_CONTEXT_DATA *)&(target->contextBlob), buffer, size); return result; } UINT16 TPMS_CONTEXT_Marshal(TPMS_CONTEXT *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + UINT64_Marshal((UINT64 *)&(source->sequence), buffer, size)); result = (UINT16)(result + TPMI_DH_SAVED_Marshal((TPMI_DH_SAVED *)&(source->savedHandle), buffer, size)); result = (UINT16)(result + TPMI_RH_HIERARCHY_Marshal((TPMI_RH_HIERARCHY *)&(source->hierarchy), buffer, size)); result = (UINT16)(result + TPM2B_CONTEXT_DATA_Marshal((TPM2B_CONTEXT_DATA *)&(source->contextBlob), buffer, size)); return result; } // Table 2:218 - Definition of TPMS_CREATION_DATA Structure UINT16 TPMS_CREATION_DATA_Marshal(TPMS_CREATION_DATA *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + TPML_PCR_SELECTION_Marshal((TPML_PCR_SELECTION *)&(source->pcrSelect), buffer, size)); result = (UINT16)(result + TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&(source->pcrDigest), buffer, size)); result = (UINT16)(result + TPMA_LOCALITY_Marshal((TPMA_LOCALITY *)&(source->locality), buffer, size)); result = (UINT16)(result + TPM_ALG_ID_Marshal((TPM_ALG_ID *)&(source->parentNameAlg), buffer, size)); result = (UINT16)(result + TPM2B_NAME_Marshal((TPM2B_NAME *)&(source->parentName), buffer, size)); result = (UINT16)(result + TPM2B_NAME_Marshal((TPM2B_NAME *)&(source->parentQualifiedName), buffer, size)); result = (UINT16)(result + TPM2B_DATA_Marshal((TPM2B_DATA *)&(source->outsideInfo), buffer, size)); return result; } // Table 2:219 - Definition of TPM2B_CREATION_DATA Structure UINT16 TPM2B_CREATION_DATA_Marshal(TPM2B_CREATION_DATA *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; // Marshal a dummy value of the 2B size. This makes sure that 'buffer' // and 'size' are advanced as necessary (i.e., if they are present) result = UINT16_Marshal(&result, buffer, size); // Marshal the structure result = (UINT16)(result + TPMS_CREATION_DATA_Marshal((TPMS_CREATION_DATA *)&(source->creationData), buffer, size)); // if a buffer was provided, go back and fill in the actual size if(buffer != NULL) UINT16_TO_BYTE_ARRAY((result - 2), (*buffer - result)); return result; } // Table 2:220 - Definition of TPM_AT Constants TPM_RC TPM_AT_Unmarshal(TPM_AT *target, BYTE **buffer, INT32 *size) { TPM_RC result; result = UINT32_Unmarshal((UINT32 *)target, buffer, size); if(result == TPM_RC_SUCCESS) { switch(*target) { case TPM_AT_ANY : case TPM_AT_ERROR : case TPM_AT_PV1 : case TPM_AT_VEND : break; default : result = TPM_RC_VALUE; break; } } return result; } #if !USE_MARSHALING_DEFINES UINT16 TPM_AT_Marshal(TPM_AT *source, BYTE **buffer, INT32 *size) { return UINT32_Marshal((UINT32 *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // Table 2:221 - Definition of TPM_AE Constants #if !USE_MARSHALING_DEFINES UINT16 TPM_AE_Marshal(TPM_AE *source, BYTE **buffer, INT32 *size) { return UINT32_Marshal((UINT32 *)source, buffer, size); } #endif // !USE_MARSHALING_DEFINES // Table 2:222 - Definition of TPMS_AC_OUTPUT Structure UINT16 TPMS_AC_OUTPUT_Marshal(TPMS_AC_OUTPUT *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + TPM_AT_Marshal((TPM_AT *)&(source->tag), buffer, size)); result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->data), buffer, size)); return result; } // Table 2:223 - Definition of TPML_AC_CAPABILITIES Structure UINT16 TPML_AC_CAPABILITIES_Marshal(TPML_AC_CAPABILITIES *source, BYTE **buffer, INT32 *size) { UINT16 result = 0; result = (UINT16)(result + UINT32_Marshal((UINT32 *)&(source->count), buffer, size)); result = (UINT16)(result + TPMS_AC_OUTPUT_Array_Marshal((TPMS_AC_OUTPUT *)(source->acCapabilities), buffer, size, (INT32)(source->count))); return result; } // Array Marshal/Unmarshal for BYTE TPM_RC BYTE_Array_Unmarshal(BYTE *target, BYTE **buffer, INT32 *size, INT32 count) { if(*size < count) return TPM_RC_INSUFFICIENT; memcpy(target, *buffer, count); *size -= count; *buffer += count; return TPM_RC_SUCCESS; } UINT16 BYTE_Array_Marshal(BYTE *source, BYTE **buffer, INT32 *size, INT32 count) { if (buffer != 0) { if ((size == 0) || ((*size -= count) >= 0)) { memcpy(*buffer, source, count); *buffer += count; } pAssert(size == 0 || (*size >= 0)); } pAssert(count < INT16_MAX); return ((UINT16)count); } // Array Marshal/Unmarshal for TPM2B_DIGEST TPM_RC TPM2B_DIGEST_Array_Unmarshal(TPM2B_DIGEST *target, BYTE **buffer, INT32 *size, INT32 count) { TPM_RC result; INT32 i; for(result = TPM_RC_SUCCESS, i = 0; ((result == TPM_RC_SUCCESS) && (i < count)); i++) { result = TPM2B_DIGEST_Unmarshal(&target[i], buffer, size); } return result; } UINT16 TPM2B_DIGEST_Array_Marshal(TPM2B_DIGEST *source, BYTE **buffer, INT32 *size, INT32 count) { UINT16 result = 0; INT32 i; for(i = 0; i < count; i++) { result = (UINT16)(result + TPM2B_DIGEST_Marshal(&source[i], buffer, size)); } return result; } // Array Marshal for TPMA_CC UINT16 TPMA_CC_Array_Marshal(TPMA_CC *source, BYTE **buffer, INT32 *size, INT32 count) { UINT16 result = 0; INT32 i; for(i = 0; i < count; i++) { result = (UINT16)(result + TPMA_CC_Marshal(&source[i], buffer, size)); } return result; } // Array Marshal for TPMS_AC_OUTPUT UINT16 TPMS_AC_OUTPUT_Array_Marshal(TPMS_AC_OUTPUT *source, BYTE **buffer, INT32 *size, INT32 count) { UINT16 result = 0; INT32 i; for(i = 0; i < count; i++) { result = (UINT16)(result + TPMS_AC_OUTPUT_Marshal(&source[i], buffer, size)); } return result; } // Array Marshal for TPMS_ALG_PROPERTY UINT16 TPMS_ALG_PROPERTY_Array_Marshal(TPMS_ALG_PROPERTY *source, BYTE **buffer, INT32 *size, INT32 count) { UINT16 result = 0; INT32 i; for(i = 0; i < count; i++) { result = (UINT16)(result + TPMS_ALG_PROPERTY_Marshal(&source[i], buffer, size)); } return result; } // Array Marshal/Unmarshal for TPMS_PCR_SELECTION TPM_RC TPMS_PCR_SELECTION_Array_Unmarshal(TPMS_PCR_SELECTION *target, BYTE **buffer, INT32 *size, INT32 count) { TPM_RC result; INT32 i; for(result = TPM_RC_SUCCESS, i = 0; ((result == TPM_RC_SUCCESS) && (i < count)); i++) { result = TPMS_PCR_SELECTION_Unmarshal(&target[i], buffer, size); } return result; } UINT16 TPMS_PCR_SELECTION_Array_Marshal(TPMS_PCR_SELECTION *source, BYTE **buffer, INT32 *size, INT32 count) { UINT16 result = 0; INT32 i; for(i = 0; i < count; i++) { result = (UINT16)(result + TPMS_PCR_SELECTION_Marshal(&source[i], buffer, size)); } return result; } // Array Marshal for TPMS_TAGGED_PCR_SELECT UINT16 TPMS_TAGGED_PCR_SELECT_Array_Marshal(TPMS_TAGGED_PCR_SELECT *source, BYTE **buffer, INT32 *size, INT32 count) { UINT16 result = 0; INT32 i; for(i = 0; i < count; i++) { result = (UINT16)(result + TPMS_TAGGED_PCR_SELECT_Marshal(&source[i], buffer, size)); } return result; } // Array Marshal for TPMS_TAGGED_POLICY UINT16 TPMS_TAGGED_POLICY_Array_Marshal(TPMS_TAGGED_POLICY *source, BYTE **buffer, INT32 *size, INT32 count) { UINT16 result = 0; INT32 i; for(i = 0; i < count; i++) { result = (UINT16)(result + TPMS_TAGGED_POLICY_Marshal(&source[i], buffer, size)); } return result; } // Array Marshal for TPMS_TAGGED_PROPERTY UINT16 TPMS_TAGGED_PROPERTY_Array_Marshal(TPMS_TAGGED_PROPERTY *source, BYTE **buffer, INT32 *size, INT32 count) { UINT16 result = 0; INT32 i; for(i = 0; i < count; i++) { result = (UINT16)(result + TPMS_TAGGED_PROPERTY_Marshal(&source[i], buffer, size)); } return result; } // Array Marshal/Unmarshal for TPMT_HA TPM_RC TPMT_HA_Array_Unmarshal(TPMT_HA *target, BYTE **buffer, INT32 *size, BOOL flag, INT32 count) { TPM_RC result; INT32 i; for(result = TPM_RC_SUCCESS, i = 0; ((result == TPM_RC_SUCCESS) && (i < count)); i++) { result = TPMT_HA_Unmarshal(&target[i], buffer, size, flag); } return result; } UINT16 TPMT_HA_Array_Marshal(TPMT_HA *source, BYTE **buffer, INT32 *size, INT32 count) { UINT16 result = 0; INT32 i; for(i = 0; i < count; i++) { result = (UINT16)(result + TPMT_HA_Marshal(&source[i], buffer, size)); } return result; } // Array Marshal/Unmarshal for TPM_ALG_ID TPM_RC TPM_ALG_ID_Array_Unmarshal(TPM_ALG_ID *target, BYTE **buffer, INT32 *size, INT32 count) { TPM_RC result; INT32 i; for(result = TPM_RC_SUCCESS, i = 0; ((result == TPM_RC_SUCCESS) && (i < count)); i++) { result = TPM_ALG_ID_Unmarshal(&target[i], buffer, size); } return result; } UINT16 TPM_ALG_ID_Array_Marshal(TPM_ALG_ID *source, BYTE **buffer, INT32 *size, INT32 count) { UINT16 result = 0; INT32 i; for(i = 0; i < count; i++) { result = (UINT16)(result + TPM_ALG_ID_Marshal(&source[i], buffer, size)); } return result; } // Array Marshal/Unmarshal for TPM_CC TPM_RC TPM_CC_Array_Unmarshal(TPM_CC *target, BYTE **buffer, INT32 *size, INT32 count) { TPM_RC result; INT32 i; for(result = TPM_RC_SUCCESS, i = 0; ((result == TPM_RC_SUCCESS) && (i < count)); i++) { result = TPM_CC_Unmarshal(&target[i], buffer, size); } return result; } UINT16 TPM_CC_Array_Marshal(TPM_CC *source, BYTE **buffer, INT32 *size, INT32 count) { UINT16 result = 0; INT32 i; for(i = 0; i < count; i++) { result = (UINT16)(result + TPM_CC_Marshal(&source[i], buffer, size)); } return result; } // Array Marshal/Unmarshal for TPM_ECC_CURVE #if ALG_ECC TPM_RC TPM_ECC_CURVE_Array_Unmarshal(TPM_ECC_CURVE *target, BYTE **buffer, INT32 *size, INT32 count) { TPM_RC result; INT32 i; for(result = TPM_RC_SUCCESS, i = 0; ((result == TPM_RC_SUCCESS) && (i < count)); i++) { result = TPM_ECC_CURVE_Unmarshal(&target[i], buffer, size); } return result; } UINT16 TPM_ECC_CURVE_Array_Marshal(TPM_ECC_CURVE *source, BYTE **buffer, INT32 *size, INT32 count) { UINT16 result = 0; INT32 i; for(i = 0; i < count; i++) { result = (UINT16)(result + TPM_ECC_CURVE_Marshal(&source[i], buffer, size)); } return result; } #endif // ALG_ECC // Array Marshal/Unmarshal for TPM_HANDLE TPM_RC TPM_HANDLE_Array_Unmarshal(TPM_HANDLE *target, BYTE **buffer, INT32 *size, INT32 count) { TPM_RC result; INT32 i; for(result = TPM_RC_SUCCESS, i = 0; ((result == TPM_RC_SUCCESS) && (i < count)); i++) { result = TPM_HANDLE_Unmarshal(&target[i], buffer, size); } return result; } UINT16 TPM_HANDLE_Array_Marshal(TPM_HANDLE *source, BYTE **buffer, INT32 *size, INT32 count) { UINT16 result = 0; INT32 i; for(i = 0; i < count; i++) { result = (UINT16)(result + TPM_HANDLE_Marshal(&source[i], buffer, size)); } return result; } go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/MathOnByteBuffers.c000066400000000000000000000216261510276467000302110ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Introduction // // This file contains implementation of the math functions that are performed // with canonical integers in byte buffers. The canonical integer is // big-endian bytes. // #include "Tpm.h" //** Functions //*** UnsignedCmpB // This function compare two unsigned values. The values are byte-aligned, // big-endian numbers (e.g, a hash). // Return Type: int // 1 if (a > b) // 0 if (a = b) // -1 if (a < b) LIB_EXPORT int UnsignedCompareB( UINT32 aSize, // IN: size of a const BYTE *a, // IN: a UINT32 bSize, // IN: size of b const BYTE *b // IN: b ) { UINT32 i; if(aSize > bSize) return 1; else if(aSize < bSize) return -1; else { for(i = 0; i < aSize; i++) { if(a[i] != b[i]) return (a[i] > b[i]) ? 1 : -1; } } return 0; } //***SignedCompareB() // Compare two signed integers: // Return Type: int // 1 if a > b // 0 if a = b // -1 if a < b int SignedCompareB( const UINT32 aSize, // IN: size of a const BYTE *a, // IN: a buffer const UINT32 bSize, // IN: size of b const BYTE *b // IN: b buffer ) { int signA, signB; // sign of a and b // For positive or 0, sign_a is 1 // for negative, sign_a is 0 signA = ((a[0] & 0x80) == 0) ? 1 : 0; // For positive or 0, sign_b is 1 // for negative, sign_b is 0 signB = ((b[0] & 0x80) == 0) ? 1 : 0; if(signA != signB) { return signA - signB; } if(signA == 1) // do unsigned compare function return UnsignedCompareB(aSize, a, bSize, b); else // do unsigned compare the other way return 0 - UnsignedCompareB(aSize, a, bSize, b); } //*** ModExpB // This function is used to do modular exponentiation in support of RSA. // The most typical uses are: 'c' = 'm'^'e' mod 'n' (RSA encrypt) and // 'm' = 'c'^'d' mod 'n' (RSA decrypt). When doing decryption, the 'e' parameter // of the function will contain the private exponent 'd' instead of the public // exponent 'e'. // // If the results will not fit in the provided buffer, // an error is returned (CRYPT_ERROR_UNDERFLOW). If the results is smaller // than the buffer, the results is de-normalized. // // This version is intended for use with RSA and requires that 'm' be // less than 'n'. // // Return Type: TPM_RC // TPM_RC_SIZE number to exponentiate is larger than the modulus // TPM_RC_NO_RESULT result will not fit into the provided buffer // TPM_RC ModExpB( UINT32 cSize, // IN: the size of the output buffer. It will // need to be the same size as the modulus BYTE *c, // OUT: the buffer to receive the results // (c->size must be set to the maximum size // for the returned value) const UINT32 mSize, const BYTE *m, // IN: number to exponentiate const UINT32 eSize, const BYTE *e, // IN: power const UINT32 nSize, const BYTE *n // IN: modulus ) { BN_MAX(bnC); BN_MAX(bnM); BN_MAX(bnE); BN_MAX(bnN); NUMBYTES tSize = (NUMBYTES)nSize; TPM_RC retVal = TPM_RC_SUCCESS; // Convert input parameters BnFromBytes(bnM, m, (NUMBYTES)mSize); BnFromBytes(bnE, e, (NUMBYTES)eSize); BnFromBytes(bnN, n, (NUMBYTES)nSize); // Make sure that the output is big enough to hold the result // and that 'm' is less than 'n' (the modulus) if(cSize < nSize) ERROR_RETURN(TPM_RC_NO_RESULT); if(BnUnsignedCmp(bnM, bnN) >= 0) ERROR_RETURN(TPM_RC_SIZE); BnModExp(bnC, bnM, bnE, bnN); BnToBytes(bnC, c, &tSize); Exit: return retVal; } //*** DivideB() // Divide an integer ('n') by an integer ('d') producing a quotient ('q') and // a remainder ('r'). If 'q' or 'r' is not needed, then the pointer to them // may be set to NULL. // // Return Type: TPM_RC // TPM_RC_NO_RESULT 'q' or 'r' is too small to receive the result // LIB_EXPORT TPM_RC DivideB( const TPM2B *n, // IN: numerator const TPM2B *d, // IN: denominator TPM2B *q, // OUT: quotient TPM2B *r // OUT: remainder ) { BN_MAX_INITIALIZED(bnN, n); BN_MAX_INITIALIZED(bnD, d); BN_MAX(bnQ); BN_MAX(bnR); // // Do divide with converted values BnDiv(bnQ, bnR, bnN, bnD); // Convert the BIGNUM result back to 2B format using the size of the original // number if(q != NULL) if(!BnTo2B(bnQ, q, q->size)) return TPM_RC_NO_RESULT; if(r != NULL) if(!BnTo2B(bnR, r, r->size)) return TPM_RC_NO_RESULT; return TPM_RC_SUCCESS; } //*** AdjustNumberB() // Remove/add leading zeros from a number in a TPM2B. Will try to make the number // by adding or removing leading zeros. If the number is larger than the requested // size, it will make the number as small as possible. Setting 'requestedSize' to // zero is equivalent to requesting that the number be normalized. UINT16 AdjustNumberB( TPM2B *num, UINT16 requestedSize ) { BYTE *from; UINT16 i; // See if number is already the requested size if(num->size == requestedSize) return requestedSize; from = num->buffer; if (num->size > requestedSize) { // This is a request to shift the number to the left (remove leading zeros) // Find the first non-zero byte. Don't look past the point where removing // more zeros would make the number smaller than requested, and don't throw // away any significant digits. for(i = num->size; *from == 0 && i > requestedSize; from++, i--); if(i < num->size) { num->size = i; MemoryCopy(num->buffer, from, i); } } // This is a request to shift the number to the right (add leading zeros) else { MemoryCopy(&num->buffer[requestedSize - num->size], num->buffer, num->size); MemorySet(num->buffer, 0, requestedSize- num->size); num->size = requestedSize; } return num->size; } //*** ShiftLeft() // This function shifts a byte buffer (a TPM2B) one byte to the left. That is, // the most significant bit of the most significant byte is lost. TPM2B * ShiftLeft( TPM2B *value // IN/OUT: value to shift and shifted value out ) { UINT16 count = value->size; BYTE *buffer = value->buffer; if(count > 0) { for(count -= 1; count > 0; buffer++, count--) { buffer[0] = (buffer[0] << 1) + ((buffer[1] & 0x80) ? 1 : 0); } *buffer <<= 1; } return value; } go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Memory.c000066400000000000000000000177521510276467000261370ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Description // This file contains a set of miscellaneous memory manipulation routines. Many // of the functions have the same semantics as functions defined in string.h. // Those functions are not used directly in the TPM because they are not 'safe' // // This version uses string.h after adding guards. This is because the math // libraries invariably use those functions so it is not practical to prevent // those library functions from being pulled into the build. //** Includes and Data Definitions #include "Tpm.h" #include "Memory_fp.h" //** Functions //*** MemoryCopy() // This is an alias for memmove. This is used in place of memcpy because // some of the moves may overlap and rather than try to make sure that // memmove is used when necessary, it is always used. void MemoryCopy( void *dest, const void *src, int sSize ) { if(dest != src) memmove(dest, src, sSize); } //*** MemoryEqual() // This function indicates if two buffers have the same values in the indicated // number of bytes. // Return Type: BOOL // TRUE(1) all octets are the same // FALSE(0) all octets are not the same BOOL MemoryEqual( const void *buffer1, // IN: compare buffer1 const void *buffer2, // IN: compare buffer2 unsigned int size // IN: size of bytes being compared ) { BYTE equal = 0; const BYTE *b1 = (BYTE *)buffer1; const BYTE *b2 = (BYTE *)buffer2; // // Compare all bytes so that there is no leakage of information // due to timing differences. for(; size > 0; size--) equal |= (*b1++ ^ *b2++); return (equal == 0); } //*** MemoryCopy2B() // This function copies a TPM2B. This can be used when the TPM2B types are // the same or different. // // This function returns the number of octets in the data buffer of the TPM2B. LIB_EXPORT INT16 MemoryCopy2B( TPM2B *dest, // OUT: receiving TPM2B const TPM2B *source, // IN: source TPM2B unsigned int dSize // IN: size of the receiving buffer ) { pAssert(dest != NULL); if(source == NULL) dest->size = 0; else { pAssert(source->size <= dSize); MemoryCopy(dest->buffer, source->buffer, source->size); dest->size = source->size; } return dest->size; } //*** MemoryConcat2B() // This function will concatenate the buffer contents of a TPM2B to an // the buffer contents of another TPM2B and adjust the size accordingly // ('a' := ('a' | 'b')). void MemoryConcat2B( TPM2B *aInOut, // IN/OUT: destination 2B TPM2B *bIn, // IN: second 2B unsigned int aMaxSize // IN: The size of aInOut.buffer (max values for // aInOut.size) ) { pAssert(bIn->size <= aMaxSize - aInOut->size); MemoryCopy(&aInOut->buffer[aInOut->size], &bIn->buffer, bIn->size); aInOut->size = aInOut->size + bIn->size; return; } //*** MemoryEqual2B() // This function will compare two TPM2B structures. To be equal, they // need to be the same size and the buffer contexts need to be the same // in all octets. // Return Type: BOOL // TRUE(1) size and buffer contents are the same // FALSE(0) size or buffer contents are not the same BOOL MemoryEqual2B( const TPM2B *aIn, // IN: compare value const TPM2B *bIn // IN: compare value ) { if(aIn->size != bIn->size) return FALSE; return MemoryEqual(aIn->buffer, bIn->buffer, aIn->size); } //*** MemorySet() // This function will set all the octets in the specified memory range to // the specified octet value. // Note: A previous version had an additional parameter (dSize) that was // intended to make sure that the destination would not be overrun. The // problem is that, in use, all that was happening was that the value of // size was used for dSize so there was no benefit in the extra parameter. void MemorySet( void *dest, int value, size_t size ) { memset(dest, value, size); } //*** MemoryPad2B() // Function to pad a TPM2B with zeros and adjust the size. void MemoryPad2B( TPM2B *b, UINT16 newSize ) { MemorySet(&b->buffer[b->size], 0, newSize - b->size); b->size = newSize; } //*** Uint16ToByteArray() // Function to write an integer to a byte array void Uint16ToByteArray( UINT16 i, BYTE *a ) { a[1] = (BYTE)(i); i >>= 8; a[0] = (BYTE)(i); } //*** Uint32ToByteArray() // Function to write an integer to a byte array void Uint32ToByteArray( UINT32 i, BYTE *a ) { a[3] = (BYTE)(i); i >>= 8; a[2] = (BYTE)(i); i >>= 8; a[1] = (BYTE)(i); i >>= 8; a[0] = (BYTE)(i); } //*** Uint64ToByteArray() // Function to write an integer to a byte array void Uint64ToByteArray( UINT64 i, BYTE *a ) { a[7] = (BYTE)(i); i >>= 8; a[6] = (BYTE)(i); i >>= 8; a[5] = (BYTE)(i); i >>= 8; a[4] = (BYTE)(i); i >>= 8; a[3] = (BYTE)(i); i >>= 8; a[2] = (BYTE)(i); i >>= 8; a[1] = (BYTE)(i); i >>= 8; a[0] = (BYTE)(i); } //*** ByteArrayToUint8() // Function to write a UINT8 to a byte array. This is included for completeness // and to allow certain macro expansions UINT8 ByteArrayToUint8( BYTE *a ) { return *a; } //*** ByteArrayToUint16() // Function to write an integer to a byte array UINT16 ByteArrayToUint16( BYTE *a ) { return ((UINT16)a[0] << 8) + a[1]; } //*** ByteArrayToUint32() // Function to write an integer to a byte array UINT32 ByteArrayToUint32( BYTE *a ) { return (UINT32)((((((UINT32)a[0] << 8) + a[1]) << 8) + (UINT32)a[2]) << 8) + a[3]; } //*** ByteArrayToUint64() // Function to write an integer to a byte array UINT64 ByteArrayToUint64( BYTE *a ) { return (((UINT64)BYTE_ARRAY_TO_UINT32(a)) << 32) + BYTE_ARRAY_TO_UINT32(&a[4]); } go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Power.c000066400000000000000000000053251510276467000257540ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Description // This file contains functions that receive the simulated power state // transitions of the TPM. //** Includes and Data Definitions #define POWER_C #include "Tpm.h" //** Functions //*** TPMInit() // This function is used to process a power on event. void TPMInit( void ) { // Set state as not initialized. This means that Startup is required g_initialized = FALSE; return; } //*** TPMRegisterStartup() // This function registers the fact that the TPM has been initialized // (a TPM2_Startup() has completed successfully). BOOL TPMRegisterStartup( void ) { g_initialized = TRUE; return TRUE; } //*** TPMIsStarted() // Indicates if the TPM has been initialized (a TPM2_Startup() has completed // successfully after a _TPM_Init). // Return Type: BOOL // TRUE(1) TPM has been initialized // FALSE(0) TPM has not been initialized BOOL TPMIsStarted( void ) { return g_initialized; } go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/PropertyCap.c000066400000000000000000000574141510276467000271360ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Description // This file contains the functions that are used for accessing the // TPM_CAP_TPM_PROPERTY values. //** Includes #include "Tpm.h" //** Functions //*** TPMPropertyIsDefined() // This function accepts a property selection and, if so, sets 'value' // to the value of the property. // // All the fixed values are vendor dependent or determined by a // platform-specific specification. The values in the table below // are examples and should be changed by the vendor. // Return Type: BOOL // TRUE(1) referenced property exists and 'value' set // FALSE(0) referenced property does not exist static BOOL TPMPropertyIsDefined( TPM_PT property, // IN: property UINT32 *value // OUT: property value ) { switch(property) { case TPM_PT_FAMILY_INDICATOR: // from the title page of the specification // For this specification, the value is "2.0". *value = TPM_SPEC_FAMILY; break; case TPM_PT_LEVEL: // from the title page of the specification *value = TPM_SPEC_LEVEL; break; case TPM_PT_REVISION: // from the title page of the specification *value = TPM_SPEC_VERSION; break; case TPM_PT_DAY_OF_YEAR: // computed from the date value on the title page of the specification *value = TPM_SPEC_DAY_OF_YEAR; break; case TPM_PT_YEAR: // from the title page of the specification *value = TPM_SPEC_YEAR; break; case TPM_PT_MANUFACTURER: // vendor ID unique to each TPM manufacturer *value = BYTE_ARRAY_TO_UINT32(MANUFACTURER); break; case TPM_PT_VENDOR_STRING_1: // first four characters of the vendor ID string *value = BYTE_ARRAY_TO_UINT32(VENDOR_STRING_1); break; case TPM_PT_VENDOR_STRING_2: // second four characters of the vendor ID string #ifdef VENDOR_STRING_2 *value = BYTE_ARRAY_TO_UINT32(VENDOR_STRING_2); #else *value = 0; #endif break; case TPM_PT_VENDOR_STRING_3: // third four characters of the vendor ID string #ifdef VENDOR_STRING_3 *value = BYTE_ARRAY_TO_UINT32(VENDOR_STRING_3); #else *value = 0; #endif break; case TPM_PT_VENDOR_STRING_4: // fourth four characters of the vendor ID string #ifdef VENDOR_STRING_4 *value = BYTE_ARRAY_TO_UINT32(VENDOR_STRING_4); #else *value = 0; #endif break; case TPM_PT_VENDOR_TPM_TYPE: // vendor-defined value indicating the TPM model *value = 1; break; case TPM_PT_FIRMWARE_VERSION_1: // more significant 32-bits of a vendor-specific value *value = gp.firmwareV1; break; case TPM_PT_FIRMWARE_VERSION_2: // less significant 32-bits of a vendor-specific value *value = gp.firmwareV2; break; case TPM_PT_INPUT_BUFFER: // maximum size of TPM2B_MAX_BUFFER *value = MAX_DIGEST_BUFFER; break; case TPM_PT_HR_TRANSIENT_MIN: // minimum number of transient objects that can be held in TPM // RAM *value = MAX_LOADED_OBJECTS; break; case TPM_PT_HR_PERSISTENT_MIN: // minimum number of persistent objects that can be held in // TPM NV memory // In this implementation, there is no minimum number of // persistent objects. *value = MIN_EVICT_OBJECTS; break; case TPM_PT_HR_LOADED_MIN: // minimum number of authorization sessions that can be held in // TPM RAM *value = MAX_LOADED_SESSIONS; break; case TPM_PT_ACTIVE_SESSIONS_MAX: // number of authorization sessions that may be active at a time *value = MAX_ACTIVE_SESSIONS; break; case TPM_PT_PCR_COUNT: // number of PCR implemented *value = IMPLEMENTATION_PCR; break; case TPM_PT_PCR_SELECT_MIN: // minimum number of bytes in a TPMS_PCR_SELECT.sizeOfSelect *value = PCR_SELECT_MIN; break; case TPM_PT_CONTEXT_GAP_MAX: // maximum allowed difference (unsigned) between the contextID // values of two saved session contexts *value = ((UINT32)1 << (sizeof(CONTEXT_SLOT) * 8)) - 1; break; case TPM_PT_NV_COUNTERS_MAX: // maximum number of NV indexes that are allowed to have the // TPMA_NV_COUNTER attribute SET // In this implementation, there is no limitation on the number // of counters, except for the size of the NV Index memory. *value = 0; break; case TPM_PT_NV_INDEX_MAX: // maximum size of an NV index data area *value = MAX_NV_INDEX_SIZE; break; case TPM_PT_MEMORY: // a TPMA_MEMORY indicating the memory management method for the TPM { union { TPMA_MEMORY att; UINT32 u32; } attributes = { TPMA_ZERO_INITIALIZER() }; SET_ATTRIBUTE(attributes.att, TPMA_MEMORY, sharedNV); SET_ATTRIBUTE(attributes.att, TPMA_MEMORY, objectCopiedToRam); // Note: For a LSb0 machine, the bits in a bit field are in the correct // order even if the machine is MSB0. For a MSb0 machine, a TPMA will // be an integer manipulated by masking (USE_BIT_FIELD_STRUCTURES will // be NO) so the bits are manipulate correctly. *value = attributes.u32; break; } case TPM_PT_CLOCK_UPDATE: // interval, in seconds, between updates to the copy of // TPMS_TIME_INFO .clock in NV *value = (1 << NV_CLOCK_UPDATE_INTERVAL); break; case TPM_PT_CONTEXT_HASH: // algorithm used for the integrity hash on saved contexts and // for digesting the fuData of TPM2_FirmwareRead() *value = CONTEXT_INTEGRITY_HASH_ALG; break; case TPM_PT_CONTEXT_SYM: // algorithm used for encryption of saved contexts *value = CONTEXT_ENCRYPT_ALG; break; case TPM_PT_CONTEXT_SYM_SIZE: // size of the key used for encryption of saved contexts *value = CONTEXT_ENCRYPT_KEY_BITS; break; case TPM_PT_ORDERLY_COUNT: // maximum difference between the volatile and non-volatile // versions of TPMA_NV_COUNTER that have TPMA_NV_ORDERLY SET *value = MAX_ORDERLY_COUNT; break; case TPM_PT_MAX_COMMAND_SIZE: // maximum value for 'commandSize' *value = MAX_COMMAND_SIZE; break; case TPM_PT_MAX_RESPONSE_SIZE: // maximum value for 'responseSize' *value = MAX_RESPONSE_SIZE; break; case TPM_PT_MAX_DIGEST: // maximum size of a digest that can be produced by the TPM *value = sizeof(TPMU_HA); break; case TPM_PT_MAX_OBJECT_CONTEXT: // Header has 'sequence', 'handle' and 'hierarchy' #define SIZE_OF_CONTEXT_HEADER \ sizeof(UINT64) + sizeof(TPMI_DH_CONTEXT) + sizeof(TPMI_RH_HIERARCHY) #define SIZE_OF_CONTEXT_INTEGRITY (sizeof(UINT16) + CONTEXT_INTEGRITY_HASH_SIZE) #define SIZE_OF_FINGERPRINT sizeof(UINT64) #define SIZE_OF_CONTEXT_BLOB_OVERHEAD \ (sizeof(UINT16) + SIZE_OF_CONTEXT_INTEGRITY + SIZE_OF_FINGERPRINT) #define SIZE_OF_CONTEXT_OVERHEAD \ (SIZE_OF_CONTEXT_HEADER + SIZE_OF_CONTEXT_BLOB_OVERHEAD) #if 0 // maximum size of a TPMS_CONTEXT that will be returned by // TPM2_ContextSave for object context *value = 0; // adding sequence, saved handle and hierarchy *value += sizeof(UINT64) + sizeof(TPMI_DH_CONTEXT) + sizeof(TPMI_RH_HIERARCHY); // add size field in TPM2B_CONTEXT *value += sizeof(UINT16); // add integrity hash size *value += sizeof(UINT16) + CryptHashGetDigestSize(CONTEXT_INTEGRITY_HASH_ALG); // Add fingerprint size, which is the same as sequence size *value += sizeof(UINT64); // Add OBJECT structure size *value += sizeof(OBJECT); #else // the maximum size of a TPMS_CONTEXT that will be returned by // TPM2_ContextSave for object context *value = SIZE_OF_CONTEXT_OVERHEAD + sizeof(OBJECT); #endif break; case TPM_PT_MAX_SESSION_CONTEXT: #if 0 // the maximum size of a TPMS_CONTEXT that will be returned by // TPM2_ContextSave for object context *value = 0; // adding sequence, saved handle and hierarchy *value += sizeof(UINT64) + sizeof(TPMI_DH_CONTEXT) + sizeof(TPMI_RH_HIERARCHY); // Add size field in TPM2B_CONTEXT *value += sizeof(UINT16); // Add integrity hash size *value += sizeof(UINT16) + CryptHashGetDigestSize(CONTEXT_INTEGRITY_HASH_ALG); // Add fingerprint size, which is the same as sequence size *value += sizeof(UINT64); // Add SESSION structure size *value += sizeof(SESSION); #else // the maximum size of a TPMS_CONTEXT that will be returned by // TPM2_ContextSave for object context *value = SIZE_OF_CONTEXT_OVERHEAD + sizeof(SESSION); #endif break; case TPM_PT_PS_FAMILY_INDICATOR: // platform specific values for the TPM_PT_PS parameters from // the relevant platform-specific specification // In this reference implementation, all of these values are 0. *value = PLATFORM_FAMILY; break; case TPM_PT_PS_LEVEL: // level of the platform-specific specification *value = PLATFORM_LEVEL; break; case TPM_PT_PS_REVISION: // specification Revision times 100 for the platform-specific // specification *value = PLATFORM_VERSION; break; case TPM_PT_PS_DAY_OF_YEAR: // platform-specific specification day of year using TCG calendar *value = PLATFORM_DAY_OF_YEAR; break; case TPM_PT_PS_YEAR: // platform-specific specification year using the CE *value = PLATFORM_YEAR; break; case TPM_PT_SPLIT_MAX: // number of split signing operations supported by the TPM *value = 0; #if ALG_ECC *value = sizeof(gr.commitArray) * 8; #endif break; case TPM_PT_TOTAL_COMMANDS: // total number of commands implemented in the TPM // Since the reference implementation does not have any // vendor-defined commands, this will be the same as the // number of library commands. { #if COMPRESSED_LISTS (*value) = COMMAND_COUNT; #else COMMAND_INDEX commandIndex; *value = 0; // scan all implemented commands for(commandIndex = GetClosestCommandIndex(0); commandIndex != UNIMPLEMENTED_COMMAND_INDEX; commandIndex = GetNextCommandIndex(commandIndex)) { (*value)++; // count of all implemented } #endif break; } case TPM_PT_LIBRARY_COMMANDS: // number of commands from the TPM library that are implemented { #if COMPRESSED_LISTS *value = LIBRARY_COMMAND_ARRAY_SIZE; #else COMMAND_INDEX commandIndex; *value = 0; // scan all implemented commands for(commandIndex = GetClosestCommandIndex(0); commandIndex < LIBRARY_COMMAND_ARRAY_SIZE; commandIndex = GetNextCommandIndex(commandIndex)) { (*value)++; } #endif break; } case TPM_PT_VENDOR_COMMANDS: // number of vendor commands that are implemented *value = VENDOR_COMMAND_ARRAY_SIZE; break; case TPM_PT_NV_BUFFER_MAX: // Maximum data size in an NV write command *value = MAX_NV_BUFFER_SIZE; break; case TPM_PT_MODES: #if FIPS_COMPLIANT *value = 1; #else *value = 0; #endif break; case TPM_PT_MAX_CAP_BUFFER: *value = MAX_CAP_BUFFER; break; // Start of variable commands case TPM_PT_PERMANENT: // TPMA_PERMANENT { union { TPMA_PERMANENT attr; UINT32 u32; } flags = { TPMA_ZERO_INITIALIZER() }; if(gp.ownerAuth.t.size != 0) SET_ATTRIBUTE(flags.attr, TPMA_PERMANENT, ownerAuthSet); if(gp.endorsementAuth.t.size != 0) SET_ATTRIBUTE(flags.attr, TPMA_PERMANENT, endorsementAuthSet); if(gp.lockoutAuth.t.size != 0) SET_ATTRIBUTE(flags.attr, TPMA_PERMANENT, lockoutAuthSet); if(gp.disableClear) SET_ATTRIBUTE(flags.attr, TPMA_PERMANENT, disableClear); if(gp.failedTries >= gp.maxTries) SET_ATTRIBUTE(flags.attr, TPMA_PERMANENT, inLockout); // In this implementation, EPS is always generated by TPM SET_ATTRIBUTE(flags.attr, TPMA_PERMANENT, tpmGeneratedEPS); // Note: For a LSb0 machine, the bits in a bit field are in the correct // order even if the machine is MSB0. For a MSb0 machine, a TPMA will // be an integer manipulated by masking (USE_BIT_FIELD_STRUCTURES will // be NO) so the bits are manipulate correctly. *value = flags.u32; break; } case TPM_PT_STARTUP_CLEAR: // TPMA_STARTUP_CLEAR { union { TPMA_STARTUP_CLEAR attr; UINT32 u32; } flags = { TPMA_ZERO_INITIALIZER() }; // if(g_phEnable) SET_ATTRIBUTE(flags.attr, TPMA_STARTUP_CLEAR, phEnable); if(gc.shEnable) SET_ATTRIBUTE(flags.attr, TPMA_STARTUP_CLEAR, shEnable); if(gc.ehEnable) SET_ATTRIBUTE(flags.attr, TPMA_STARTUP_CLEAR, ehEnable); if(gc.phEnableNV) SET_ATTRIBUTE(flags.attr, TPMA_STARTUP_CLEAR, phEnableNV); if(g_prevOrderlyState != SU_NONE_VALUE) SET_ATTRIBUTE(flags.attr, TPMA_STARTUP_CLEAR, orderly); // Note: For a LSb0 machine, the bits in a bit field are in the correct // order even if the machine is MSB0. For a MSb0 machine, a TPMA will // be an integer manipulated by masking (USE_BIT_FIELD_STRUCTURES will // be NO) so the bits are manipulate correctly. *value = flags.u32; break; } case TPM_PT_HR_NV_INDEX: // number of NV indexes currently defined *value = NvCapGetIndexNumber(); break; case TPM_PT_HR_LOADED: // number of authorization sessions currently loaded into TPM // RAM *value = SessionCapGetLoadedNumber(); break; case TPM_PT_HR_LOADED_AVAIL: // number of additional authorization sessions, of any type, // that could be loaded into TPM RAM *value = SessionCapGetLoadedAvail(); break; case TPM_PT_HR_ACTIVE: // number of active authorization sessions currently being // tracked by the TPM *value = SessionCapGetActiveNumber(); break; case TPM_PT_HR_ACTIVE_AVAIL: // number of additional authorization sessions, of any type, // that could be created *value = SessionCapGetActiveAvail(); break; case TPM_PT_HR_TRANSIENT_AVAIL: // estimate of the number of additional transient objects that // could be loaded into TPM RAM *value = ObjectCapGetTransientAvail(); break; case TPM_PT_HR_PERSISTENT: // number of persistent objects currently loaded into TPM // NV memory *value = NvCapGetPersistentNumber(); break; case TPM_PT_HR_PERSISTENT_AVAIL: // number of additional persistent objects that could be loaded // into NV memory *value = NvCapGetPersistentAvail(); break; case TPM_PT_NV_COUNTERS: // number of defined NV indexes that have NV TPMA_NV_COUNTER // attribute SET *value = NvCapGetCounterNumber(); break; case TPM_PT_NV_COUNTERS_AVAIL: // number of additional NV indexes that can be defined with their // TPMA_NV_COUNTER attribute SET *value = NvCapGetCounterAvail(); break; case TPM_PT_ALGORITHM_SET: // region code for the TPM *value = gp.algorithmSet; break; case TPM_PT_LOADED_CURVES: #if ALG_ECC // number of loaded ECC curves *value = ECC_CURVE_COUNT; #else // ALG_ECC *value = 0; #endif // ALG_ECC break; case TPM_PT_LOCKOUT_COUNTER: // current value of the lockout counter *value = gp.failedTries; break; case TPM_PT_MAX_AUTH_FAIL: // number of authorization failures before DA lockout is invoked *value = gp.maxTries; break; case TPM_PT_LOCKOUT_INTERVAL: // number of seconds before the value reported by // TPM_PT_LOCKOUT_COUNTER is decremented *value = gp.recoveryTime; break; case TPM_PT_LOCKOUT_RECOVERY: // number of seconds after a lockoutAuth failure before use of // lockoutAuth may be attempted again *value = gp.lockoutRecovery; break; case TPM_PT_NV_WRITE_RECOVERY: // number of milliseconds before the TPM will accept another command // that will modify NV. // This should make a call to the platform code that is doing rate // limiting of NV. Rate limiting is not implemented in the reference // code so no call is made. *value = 0; break; case TPM_PT_AUDIT_COUNTER_0: // high-order 32 bits of the command audit counter *value = (UINT32)(gp.auditCounter >> 32); break; case TPM_PT_AUDIT_COUNTER_1: // low-order 32 bits of the command audit counter *value = (UINT32)(gp.auditCounter); break; default: // property is not defined return FALSE; break; } return TRUE; } //*** TPMCapGetProperties() // This function is used to get the TPM_PT values. The search of properties will // start at 'property' and continue until 'propertyList' has as many values as // will fit, or the last property has been reported, or the list has as many // values as requested in 'count'. // Return Type: TPMI_YES_NO // YES more properties are available // NO no more properties to be reported TPMI_YES_NO TPMCapGetProperties( TPM_PT property, // IN: the starting TPM property UINT32 count, // IN: maximum number of returned // properties TPML_TAGGED_TPM_PROPERTY *propertyList // OUT: property list ) { TPMI_YES_NO more = NO; UINT32 i; UINT32 nextGroup; // initialize output property list propertyList->count = 0; // maximum count of properties we may return is MAX_PCR_PROPERTIES if(count > MAX_TPM_PROPERTIES) count = MAX_TPM_PROPERTIES; // if property is less than PT_FIXED, start from PT_FIXED if(property < PT_FIXED) property = PT_FIXED; // There is only the fixed and variable groups with the variable group coming // last if(property >= (PT_VAR + PT_GROUP)) return more; // Don't read past the end of the selected group nextGroup = ((property / PT_GROUP) * PT_GROUP) + PT_GROUP; // Scan through the TPM properties of the requested group. for(i = property; i < nextGroup; i++) { UINT32 value; // if we have hit the end of the group, quit if(i != property && ((i % PT_GROUP) == 0)) break; if(TPMPropertyIsDefined((TPM_PT)i, &value)) { if(propertyList->count < count) { // If the list is not full, add this property propertyList->tpmProperty[propertyList->count].property = (TPM_PT)i; propertyList->tpmProperty[propertyList->count].value = value; propertyList->count++; } else { // If the return list is full but there are more properties // available, set the indication and exit the loop. more = YES; break; } } } return more; }go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/Response.c000066400000000000000000000063711510276467000264600ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Description // This file contains the common code for building a response header, including // setting the size of the structure. 'command' may be NULL if result is // not TPM_RC_SUCCESS. //** Includes and Defines #include "Tpm.h" //** BuildResponseHeader() // Adds the response header to the response. It will update command->parameterSize // to indicate the total size of the response. void BuildResponseHeader( COMMAND *command, // IN: main control structure BYTE *buffer, // OUT: the output buffer TPM_RC result // IN: the response code ) { TPM_ST tag; UINT32 size; if(result != TPM_RC_SUCCESS) { tag = TPM_ST_NO_SESSIONS; size = 10; } else { tag = command->tag; // Compute the overall size of the response size = STD_RESPONSE_HEADER + command->handleNum * sizeof(TPM_HANDLE); size += command->parameterSize; size += (command->tag == TPM_ST_SESSIONS) ? command->authSize + sizeof(UINT32) : 0; } TPM_ST_Marshal(&tag, &buffer, NULL); UINT32_Marshal(&size, &buffer, NULL); TPM_RC_Marshal(&result, &buffer, NULL); if(result == TPM_RC_SUCCESS) { if(command->handleNum > 0) TPM_HANDLE_Marshal(&command->handles[0], &buffer, NULL); if(tag == TPM_ST_SESSIONS) UINT32_Marshal((UINT32 *)&command->parameterSize, &buffer, NULL); } command->parameterSize = size; }go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/ResponseCodeProcessing.c000066400000000000000000000044521510276467000313060ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Description // This file contains the miscellaneous functions for processing response codes. // NOTE: Currently, there is only one. //** Includes and Defines #include "Tpm.h" //** RcSafeAddToResult() // Adds a modifier to a response code as long as the response code allows a modifier // and no modifier has already been added. TPM_RC RcSafeAddToResult( TPM_RC responseCode, TPM_RC modifier ) { if((responseCode & RC_FMT1) && !(responseCode & 0xf40)) return responseCode + modifier; else return responseCode; } go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/TpmFail.c000066400000000000000000000365741510276467000262260ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Includes, Defines, and Types #define TPM_FAIL_C #include "Tpm.h" #include // On MS C compiler, can save the alignment state and set the alignment to 1 for // the duration of the TpmTypes.h include. This will avoid a lot of alignment // warnings from the compiler for the unaligned structures. The alignment of the // structures is not important as this function does not use any of the structures // in TpmTypes.h and only include it for the #defines of the capabilities, // properties, and command code values. #include "TpmTypes.h" //** Typedefs // These defines are used primarily for sizing of the local response buffer. typedef struct { TPM_ST tag; UINT32 size; TPM_RC code; } HEADER; typedef struct { BYTE tag[sizeof(TPM_ST)]; BYTE size[sizeof(UINT32)]; BYTE code[sizeof(TPM_RC)]; } PACKED_HEADER; typedef struct { BYTE size[sizeof(UINT16)]; struct { BYTE function[sizeof(UINT32)]; BYTE line[sizeof(UINT32)]; BYTE code[sizeof(UINT32)]; } values; BYTE returnCode[sizeof(TPM_RC)]; } GET_TEST_RESULT_PARAMETERS; typedef struct { BYTE moreData[sizeof(TPMI_YES_NO)]; BYTE capability[sizeof(TPM_CAP)]; // Always TPM_CAP_TPM_PROPERTIES BYTE tpmProperty[sizeof(TPML_TAGGED_TPM_PROPERTY)]; } GET_CAPABILITY_PARAMETERS; typedef struct { BYTE header[sizeof(PACKED_HEADER)]; BYTE getTestResult[sizeof(GET_TEST_RESULT_PARAMETERS)]; } TEST_RESPONSE; typedef struct { BYTE header[sizeof(PACKED_HEADER)]; BYTE getCap[sizeof(GET_CAPABILITY_PARAMETERS)]; } CAPABILITY_RESPONSE; typedef union { BYTE test[sizeof(TEST_RESPONSE)]; BYTE cap[sizeof(CAPABILITY_RESPONSE)]; } RESPONSES; // Buffer to hold the responses. This may be a little larger than // required due to padding that a compiler might add. // Note: This is not in Global.c because of the specialized data definitions above. // Since the data contained in this structure is not relevant outside of the // execution of a single command (when the TPM is in failure mode. There is no // compelling reason to move all the typedefs to Global.h and this structure // to Global.c. #ifndef __IGNORE_STATE__ // Don't define this value static BYTE response[sizeof(RESPONSES)]; #endif //** Local Functions //*** MarshalUint16() // Function to marshal a 16 bit value to the output buffer. static INT32 MarshalUint16( UINT16 integer, BYTE **buffer ) { UINT16_TO_BYTE_ARRAY(integer, *buffer); *buffer += 2; return 2; } //*** MarshalUint32() // Function to marshal a 32 bit value to the output buffer. static INT32 MarshalUint32( UINT32 integer, BYTE **buffer ) { UINT32_TO_BYTE_ARRAY(integer, *buffer); *buffer += 4; return 4; } //***Unmarshal32() static BOOL Unmarshal32( UINT32 *target, BYTE **buffer, INT32 *size ) { if((*size -= 4) < 0) return FALSE; *target = BYTE_ARRAY_TO_UINT32(*buffer); *buffer += 4; return TRUE; } //***Unmarshal16() static BOOL Unmarshal16( UINT16 *target, BYTE **buffer, INT32 *size ) { if((*size -= 2) < 0) return FALSE; *target = BYTE_ARRAY_TO_UINT16(*buffer); *buffer += 2; return TRUE; } //** Public Functions //*** SetForceFailureMode() // This function is called by the simulator to enable failure mode testing. #if SIMULATION LIB_EXPORT void SetForceFailureMode( void ) { g_forceFailureMode = TRUE; return; } #endif //*** TpmLogFailure() // This function saves the failure values when the code will continue to operate. It // if similar to TpmFail() but returns to the caller. The assumption is that the // caller will propagate a failure back up the stack. void TpmLogFailure( #if FAIL_TRACE const char *function, int line, #endif int code ) { // Save the values that indicate where the error occurred. // On a 64-bit machine, this may truncate the address of the string // of the function name where the error occurred. #if FAIL_TRACE s_failFunction = (UINT32)(ptrdiff_t)function; s_failLine = line; #else s_failFunction = 0; s_failLine = 0; #endif s_failCode = code; // We are in failure mode g_inFailureMode = TRUE; return; } //*** TpmFail() // This function is called by TPM.lib when a failure occurs. It will set up the // failure values to be returned on TPM2_GetTestResult(). NORETURN void TpmFail( #if FAIL_TRACE const char *function, int line, #endif int code ) { // Save the values that indicate where the error occurred. // On a 64-bit machine, this may truncate the address of the string // of the function name where the error occurred. #if FAIL_TRACE s_failFunction = (UINT32)(ptrdiff_t)function; s_failLine = line; #else s_failFunction = (UINT32)(ptrdiff_t)NULL; s_failLine = 0; #endif s_failCode = code; // We are in failure mode g_inFailureMode = TRUE; // if asserts are enabled, then do an assert unless the failure mode code // is being tested. #if SIMULATION # ifndef NDEBUG assert(g_forceFailureMode); # endif // Clear this flag g_forceFailureMode = FALSE; #endif // Jump to the failure mode code. // Note: only get here if asserts are off or if we are testing failure mode _plat__Fail(); } //*** TpmFailureMode( // This function is called by the interface code when the platform is in failure // mode. void TpmFailureMode( unsigned int inRequestSize, // IN: command buffer size unsigned char *inRequest, // IN: command buffer unsigned int *outResponseSize, // OUT: response buffer size unsigned char **outResponse // OUT: response buffer ) { UINT32 marshalSize; UINT32 capability; HEADER header; // unmarshaled command header UINT32 pt; // unmarshaled property type UINT32 count; // unmarshaled property count UINT8 *buffer = inRequest; INT32 size = inRequestSize; // If there is no command buffer, then just return TPM_RC_FAILURE if(inRequestSize == 0 || inRequest == NULL) goto FailureModeReturn; // If the header is not correct for TPM2_GetCapability() or // TPM2_GetTestResult() then just return the in failure mode response; if(! (Unmarshal16(&header.tag, &buffer, &size) && Unmarshal32(&header.size, &buffer, &size) && Unmarshal32(&header.code, &buffer, &size))) goto FailureModeReturn; if(header.tag != TPM_ST_NO_SESSIONS || header.size < 10) goto FailureModeReturn; switch(header.code) { case TPM_CC_GetTestResult: // make sure that the command size is correct if(header.size != 10) goto FailureModeReturn; buffer = &response[10]; marshalSize = MarshalUint16(3 * sizeof(UINT32), &buffer); marshalSize += MarshalUint32(s_failFunction, &buffer); marshalSize += MarshalUint32(s_failLine, &buffer); marshalSize += MarshalUint32(s_failCode, &buffer); if(s_failCode == FATAL_ERROR_NV_UNRECOVERABLE) marshalSize += MarshalUint32(TPM_RC_NV_UNINITIALIZED, &buffer); else marshalSize += MarshalUint32(TPM_RC_FAILURE, &buffer); break; case TPM_CC_GetCapability: // make sure that the size of the command is exactly the size // returned for the capability, property, and count if(header.size != (10 + (3 * sizeof(UINT32))) // also verify that this is requesting TPM properties || !Unmarshal32(&capability, &buffer, &size) || capability != TPM_CAP_TPM_PROPERTIES || !Unmarshal32(&pt, &buffer, &size) || !Unmarshal32(&count, &buffer, &size)) goto FailureModeReturn; // If in failure mode because of an unrecoverable read error, and the // property is 0 and the count is 0, then this is an indication to // re-manufacture the TPM. Do the re-manufacture but stay in failure // mode until the TPM is reset. // Note: this behavior is not required by the specification and it is // OK to leave the TPM permanently bricked due to an unrecoverable NV // error. if(count == 0 && pt == 0 && s_failCode == FATAL_ERROR_NV_UNRECOVERABLE) { g_manufactured = FALSE; TPM_Manufacture(0); } if(count > 0) count = 1; else if(pt > TPM_PT_FIRMWARE_VERSION_2) count = 0; if(pt < TPM_PT_MANUFACTURER) pt = TPM_PT_MANUFACTURER; // set up for return buffer = &response[10]; // if the request was for a PT less than the last one // then we indicate more, otherwise, not. if(pt < TPM_PT_FIRMWARE_VERSION_2) *buffer++ = YES; else *buffer++ = NO; marshalSize = 1; // indicate the capability type marshalSize += MarshalUint32(capability, &buffer); // indicate the number of values that are being returned (0 or 1) marshalSize += MarshalUint32(count, &buffer); // indicate the property marshalSize += MarshalUint32(pt, &buffer); if(count > 0) switch(pt) { case TPM_PT_MANUFACTURER: // the vendor ID unique to each TPM manufacturer #ifdef MANUFACTURER pt = *(UINT32*)MANUFACTURER; #else pt = 0; #endif break; case TPM_PT_VENDOR_STRING_1: // the first four characters of the vendor ID string #ifdef VENDOR_STRING_1 pt = *(UINT32*)VENDOR_STRING_1; #else pt = 0; #endif break; case TPM_PT_VENDOR_STRING_2: // the second four characters of the vendor ID string #ifdef VENDOR_STRING_2 pt = *(UINT32*)VENDOR_STRING_2; #else pt = 0; #endif break; case TPM_PT_VENDOR_STRING_3: // the third four characters of the vendor ID string #ifdef VENDOR_STRING_3 pt = *(UINT32*)VENDOR_STRING_3; #else pt = 0; #endif break; case TPM_PT_VENDOR_STRING_4: // the fourth four characters of the vendor ID string #ifdef VENDOR_STRING_4 pt = *(UINT32*)VENDOR_STRING_4; #else pt = 0; #endif break; case TPM_PT_VENDOR_TPM_TYPE: // vendor-defined value indicating the TPM model // We just make up a number here pt = 1; break; case TPM_PT_FIRMWARE_VERSION_1: // the more significant 32-bits of a vendor-specific value // indicating the version of the firmware #ifdef FIRMWARE_V1 pt = FIRMWARE_V1; #else pt = 0; #endif break; default: // TPM_PT_FIRMWARE_VERSION_2: // the less significant 32-bits of a vendor-specific value // indicating the version of the firmware #ifdef FIRMWARE_V2 pt = FIRMWARE_V2; #else pt = 0; #endif break; } marshalSize += MarshalUint32(pt, &buffer); break; default: // default for switch (cc) goto FailureModeReturn; } // Now do the header buffer = response; marshalSize = marshalSize + 10; // Add the header size to the // stuff already marshaled MarshalUint16(TPM_ST_NO_SESSIONS, &buffer); // structure tag MarshalUint32(marshalSize, &buffer); // responseSize MarshalUint32(TPM_RC_SUCCESS, &buffer); // response code *outResponseSize = marshalSize; *outResponse = (unsigned char *)&response; return; FailureModeReturn: buffer = response; marshalSize = MarshalUint16(TPM_ST_NO_SESSIONS, &buffer); marshalSize += MarshalUint32(10, &buffer); marshalSize += MarshalUint32(TPM_RC_FAILURE, &buffer); *outResponseSize = marshalSize; *outResponse = (unsigned char *)response; return; } //*** UnmarshalFail() // This is a stub that is used to catch an attempt to unmarshal an entry // that is not defined. Don't ever expect this to be called but... void UnmarshalFail( void *type, BYTE **buffer, INT32 *size ) { NOT_REFERENCED(type); NOT_REFERENCED(buffer); NOT_REFERENCED(size); FAIL(FATAL_ERROR_INTERNAL); }go-tpm-tools-0.4.7/simulator/ms-tpm-20-ref/TPMCmd/tpm/src/support/TpmSizeChecks.c000066400000000000000000000171561510276467000274010ustar00rootroot00000000000000/* Microsoft Reference Implementation for TPM 2.0 * * The copyright in this software is being made available under the BSD License, * included below. This software may be subject to other third party and * contributor rights, including patent rights, and no such rights are granted * under this license. * * Copyright (c) Microsoft Corporation * * All rights reserved. * * BSD License * * Redistribution and use in source and binary forms, with or without modification, * are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this list * of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, this * list of conditions and the following disclaimer in the documentation and/or * other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ""AS IS"" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ //** Includes, Defines, and Types #include "Tpm.h" #include #if RUNTIME_SIZE_CHECKS static int once = 0; //** TpmSizeChecks() // This function is used during the development process to make sure that the // vendor-specific values result in a consistent implementation. When possible, // the code contains #if to do compile-time checks. However, in some cases, the // values require the use of "sizeof()" and that can't be used in an #if. void TpmSizeChecks( void ) { #if DEBUG if(once++ != 0) return; { BOOL PASS = TRUE; UINT32 maxAsymSecurityStrength = MAX_ASYM_SECURITY_STRENGTH; UINT32 maxHashSecurityStrength = MAX_HASH_SECURITY_STRENGTH; UINT32 maxSymSecurityStrength = MAX_SYM_SECURITY_STRENGTH; UINT32 maxSecurityStrengthBits = MAX_SECURITY_STRENGTH_BITS; UINT32 proofSize = PROOF_SIZE; UINT32 compliantProofSize = COMPLIANT_PROOF_SIZE; UINT32 compliantPrimarySeedSize = COMPLIANT_PRIMARY_SEED_SIZE; UINT32 primarySeedSize = PRIMARY_SEED_SIZE; UINT32 cmacState = sizeof(tpmCmacState_t); UINT32 hashState = sizeof(HASH_STATE); UINT32 keyScheduleSize = sizeof(tpmCryptKeySchedule_t); // NOT_REFERENCED(cmacState); NOT_REFERENCED(hashState); NOT_REFERENCED(keyScheduleSize); NOT_REFERENCED(maxAsymSecurityStrength); NOT_REFERENCED(maxHashSecurityStrength); NOT_REFERENCED(maxSymSecurityStrength); NOT_REFERENCED(maxSecurityStrengthBits); NOT_REFERENCED(proofSize); NOT_REFERENCED(compliantProofSize); NOT_REFERENCED(compliantPrimarySeedSize); NOT_REFERENCED(primarySeedSize); { TPMT_SENSITIVE *p; // This assignment keeps compiler from complaining about a conditional // comparison being between two constants UINT16 max_rsa_key_bytes = MAX_RSA_KEY_BYTES; if((max_rsa_key_bytes / 2) != (sizeof(p->sensitive.rsa.t.buffer) / 5)) { printf("Sensitive part of TPMT_SENSITIVE is undersized. May be caused by" "use of wrong version of Part 2.\n"); PASS = FALSE; } } #if 0 printf("Size of OBJECT = %d\n", sizeof(OBJECT)); printf("Size of components in TPMT_SENSITIVE = %d\n", sizeof(TPMT_SENSITIVE)); printf(" TPMI_ALG_PUBLIC %d\n", sizeof(TPMI_ALG_PUBLIC)); printf(" TPM2B_AUTH %d\n", sizeof(TPM2B_AUTH)); printf(" TPM2B_DIGEST %d\n", sizeof(TPM2B_DIGEST)); printf(" TPMU_SENSITIVE_COMPOSITE %d\n", sizeof(TPMU_SENSITIVE_COMPOSITE)); #endif // Make sure that the size of the context blob is large enough for the largest // context // TPMS_CONTEXT_DATA contains two TPM2B values. That is not how this is // implemented. Rather, the size field of the TPM2B_CONTEXT_DATA is used to // determine the amount of data in the encrypted data. That part is not // independently sized. This makes the actual size 2 bytes smaller than // calculated using Part 2. Since this is opaque to the caller, it is not // necessary to fix. The actual size is returned by TPM2_GetCapabilties(). // Initialize output handle. At the end of command action, the output // handle of an object will be replaced, while the output handle // for a session will be the same as input // Get the size of fingerprint in context blob. The sequence value in // TPMS_CONTEXT structure is used as the fingerprint { UINT32 fingerprintSize = sizeof(UINT64); UINT32 integritySize = sizeof(UINT16) + CryptHashGetDigestSize(CONTEXT_INTEGRITY_HASH_ALG); UINT32 biggestObject = MAX(MAX(sizeof(HASH_OBJECT), sizeof(OBJECT)), sizeof(SESSION)); UINT32 biggestContext = fingerprintSize + integritySize + biggestObject; // round required size up to nearest 8 byte boundary. biggestContext = 8 * ((biggestContext + 7) / 8); if(MAX_CONTEXT_SIZE != biggestContext) { printf("MAX_CONTEXT_SIZE should be changed to %d (%d)\n", biggestContext, MAX_CONTEXT_SIZE); PASS = FALSE; } } { union u { TPMA_OBJECT attributes; UINT32 uint32Value; } u; // these are defined so that compiler doesn't complain about conditional // expressions comparing two constants. int aSize = sizeof(u.attributes); int uSize = sizeof(u.uint32Value); u.uint32Value = 0; SET_ATTRIBUTE(u.attributes, TPMA_OBJECT, Reserved_bit_at_0); if(u.uint32Value != 1) { printf("The bit allocation in a TPMA_OBJECT is not as expected"); PASS = FALSE; } if(aSize != uSize) // comparison of two sizeof() values annoys compiler { printf("A TPMA_OBJECT is not the expected size."); PASS = FALSE; } } // Make sure that the size of the Capability buffer can hold the largest // TPML_PCR_SELECTION. The list length is nominally set by the number of hash // algorithms implemented on the TPM. A requirement of this implementation is // that a list of all allowed TPMS_PCR_SELECTIONS fits in MAX_CAP_DATA. // TBD pAssert(PASS); } #endif // DEBUG } #endif // RUNTIME_SIZE_CHECKSgo-tpm-tools-0.4.7/simulator/simulator.go000066400000000000000000000107451510276467000204670ustar00rootroot00000000000000/* * Copyright 2018 Google Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); you may not * use this file except in compliance with the License. You may obtain a copy of * the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the * License for the specific language governing permissions and limitations under * the License. */ // Package simulator provides a go interface to the Microsoft TPM2 simulator. package simulator import ( "bytes" "errors" "fmt" "math/rand" "sync" "github.com/google/go-tpm-tools/simulator/internal" "github.com/google/go-tpm/legacy/tpm2" ) // Simulator represents a go-tpm compatible interface to the TPM2 simulator. // Similar to the file-based (for linux) or syscall-based (for Windows) TPM // handles, no synchronization is provided; the same simulator handle should not // be used from multiple threads. type Simulator struct { buf bytes.Buffer closed bool } // ErrUsingClosedSimulator is returned if any operation on a Simulator is // attempted after it is closed. var ErrUsingClosedSimulator = errors.New("attempting to use a closed simulator") // The simulator is a global resource, so we use the variables below to make // sure we only ever have one open reference to the Simulator at a time. var lock sync.Mutex // Get the pointer to an initialized, powered on, and started simulator. As only // one simulator may be running at a time, a second call to Get() block until // the first Simulator is Closed. func Get() (*Simulator, error) { lock.Lock() simulator := &Simulator{} internal.Reset(true) if err := simulator.on(true); err != nil { lock.Unlock() return nil, err } simulator.closed = false return simulator, nil } // GetWithFixedSeedInsecure behaves like Get() expect that all of the internal // hierarchy seeds are derived from the input seed. Note that this function // compromises the security of the keys/seeds and should only be used for tests. func GetWithFixedSeedInsecure(seed int64) (*Simulator, error) { s, err := Get() if err != nil { return nil, err } internal.SetSeeds(rand.New(rand.NewSource(seed))) return s, nil } // Reset the TPM as if the host computer had rebooted. func (s *Simulator) Reset() error { if s.IsClosed() { return ErrUsingClosedSimulator } if err := s.off(); err != nil { return err } internal.Reset(false) return s.on(false) } // ManufactureReset behaves like Reset() except that the TPM is complete wiped. // All data (NVData, Hierarchy seeds, etc...) is cleared or reset. func (s *Simulator) ManufactureReset() error { if s.IsClosed() { return ErrUsingClosedSimulator } if err := s.off(); err != nil { return err } internal.Reset(true) return s.on(true) } // Write executes the command specified by commandBuffer. The command response // can be retrieved with a subsequent call to Read(). func (s *Simulator) Write(commandBuffer []byte) (int, error) { if s.IsClosed() { return 0, ErrUsingClosedSimulator } resp, err := internal.RunCommand(commandBuffer) if err != nil { return 0, err } // write response to the internal response buffer. _, _ = s.buf.Write(resp) return len(commandBuffer), nil } // Read gets the response of a command previously issued by calling Write(). func (s *Simulator) Read(responseBuffer []byte) (int, error) { if s.IsClosed() { return 0, ErrUsingClosedSimulator } return s.buf.Read(responseBuffer) } // Close cleans up and stops the simulator, Close() should always be called when // the Simulator is no longer needed, freeing up other callers to use Get(). func (s *Simulator) Close() error { if s.IsClosed() { return ErrUsingClosedSimulator } err := s.off() s.closed = true lock.Unlock() return err } // IsClosed returns true if the simulator has been Closed() func (s *Simulator) IsClosed() bool { return s.closed } func (s *Simulator) on(_ bool) error { // TPM2_Startup must be the first command the TPM receives. if err := tpm2.Startup(s, tpm2.StartupClear); err != nil { return fmt.Errorf("startup: %w", err) } return nil } func (s *Simulator) off() error { // TPM2_Shutdown must be the last command the TPM receives. We call // Shutdown with StartupClear to simulate a full reboot. if err := tpm2.Shutdown(s, tpm2.StartupClear); err != nil { return fmt.Errorf("shutdown: %w", err) } return nil } go-tpm-tools-0.4.7/simulator/simulator_test.go000066400000000000000000000064211510276467000215220ustar00rootroot00000000000000/* * Copyright 2018 Google Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); you may not * use this file except in compliance with the License. You may obtain a copy of * the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the * License for the specific language governing permissions and limitations under * the License. */ package simulator import ( "crypto/rsa" "io" "math/big" "testing" "github.com/google/go-tpm-tools/client" "github.com/google/go-tpm/legacy/tpm2" ) func getSimulator(t *testing.T) *Simulator { t.Helper() simulator, err := Get() if err != nil { t.Fatal(err) } return simulator } func getEKModulus(t *testing.T, rwc io.ReadWriteCloser) *big.Int { t.Helper() ek, err := client.EndorsementKeyRSA(rwc) if err != nil { t.Fatal(err) } defer ek.Close() return ek.PublicKey().(*rsa.PublicKey).N } func TestResetDoesntChangeEK(t *testing.T) { s := getSimulator(t) defer client.CheckedClose(t, s) modulus1 := getEKModulus(t, s) if err := s.Reset(); err != nil { t.Fatal(err) } modulus2 := getEKModulus(t, s) if modulus1.Cmp(modulus2) != 0 { t.Fatal("Reset() should not change the EK") } } func TestManufactureResetChangesEK(t *testing.T) { s := getSimulator(t) defer client.CheckedClose(t, s) modulus1 := getEKModulus(t, s) if err := s.ManufactureReset(); err != nil { t.Fatal(err) } modulus2 := getEKModulus(t, s) if modulus1.Cmp(modulus2) == 0 { t.Fatal("ManufactureReset() should change the EK") } } func TestGetRandom(t *testing.T) { s := getSimulator(t) defer client.CheckedClose(t, s) result, err := tpm2.GetRandom(s, 10) if err != nil { t.Fatalf("GetRandom: %v", err) } t.Log(result) } // The default EK modulus returned by the simulator when using a seed of 0. func zeroSeedModulus() *big.Int { mod := new(big.Int) mod.SetString("16916951631746795233120676661491589156159944041454533323301360736206690950055927665898258850365255777475324525235640153431219834851979041935421083247812345676551677241639541392158486693550125570954276972465867114995062336740464652481116557477039581976647612151813804384773839359390083864432536639577227083497558006614244043011423717921293964465162166865351126036685960128739613171620392174911624095420039156957292384191548425395162459332733115699189854006301807847331248289929021522087915411000598437989788501679617747304391662751900488011803826205901900186771991702576478232121332699862815915856148442279432061762451", 10) return mod } func TestFixedSeedExpectedModulus(t *testing.T) { s, err := GetWithFixedSeedInsecure(0) if err != nil { t.Fatal(err) } defer client.CheckedClose(t, s) modulus := getEKModulus(t, s) if modulus.Cmp(zeroSeedModulus()) != 0 { t.Fatalf("getEKModulus() = %v, want %v", modulus, zeroSeedModulus()) } } func TestDifferentSeedDifferentModulus(t *testing.T) { s, err := GetWithFixedSeedInsecure(1) if err != nil { t.Fatal(err) } defer client.CheckedClose(t, s) modulus := getEKModulus(t, s) if modulus.Cmp(zeroSeedModulus()) == 0 { t.Fatalf("Moduli should not be equal when using different seeds") } } go-tpm-tools-0.4.7/testutil/000077500000000000000000000000001510276467000157505ustar00rootroot00000000000000go-tpm-tools-0.4.7/testutil/utils.go000066400000000000000000000010251510276467000174350ustar00rootroot00000000000000// Package testutil wraps select test utilities to make them externally usable. package testutil import ( "io" "testing" "github.com/google/go-tpm-tools/internal/test" ) // GetTPM is a cross-platform testing helper function that retrives the // appropriate TPM device from the flags passed into "go test". // // If using a test TPM, this will also retrieve a test eventlog. In this case, // GetTPM extends the test event log's events into the test TPM. func GetTPM(tb testing.TB) io.ReadWriteCloser { return test.GetTPM(tb) } go-tpm-tools-0.4.7/verifier/000077500000000000000000000000001510276467000157065ustar00rootroot00000000000000go-tpm-tools-0.4.7/verifier/client.go000066400000000000000000000053071510276467000175200ustar00rootroot00000000000000// Package verifier contains clients for various attestation verifiers. // It is meant for launcher use and testing; the API is not stable. package verifier import ( "context" attestpb "github.com/google/go-tpm-tools/proto/attest" "github.com/google/go-tpm-tools/verifier/models" "google.golang.org/genproto/googleapis/rpc/status" ) // Client is a common interface to various attestation verifiers. type Client interface { CreateChallenge(ctx context.Context) (*Challenge, error) VerifyAttestation(ctx context.Context, request VerifyAttestationRequest) (*VerifyAttestationResponse, error) VerifyConfidentialSpace(ctx context.Context, request VerifyAttestationRequest) (*VerifyAttestationResponse, error) } // Challenge is the response for CreateChallenge. It is used in the // get challenge part of a remote attestation protocol. The challenge // will be verified as part of VerifyAttestation. type Challenge struct { // Used as audience for GCP credential tokens. Name string // Used to generate attestation. Nonce []byte ConnID string Val []byte Iat []byte Signature []byte } type ContainerSignature struct { Payload []byte Signature []byte } // VerifyAttestationRequest is passed in on VerifyAttestation. It contains the // Challenge from CreateChallenge, optional GcpCredentials linked to the // attestation, the Attestation generated from the TPM, and optional container image signatures associated with the workload. type VerifyAttestationRequest struct { Challenge *Challenge GcpCredentials [][]byte // Attestation is for TPM attestation Attestation *attestpb.Attestation ContainerImageSignatures []*ContainerSignature TokenOptions *models.TokenOptions // TDCCELAttestation is for TDX CCEL RTMR attestation TDCCELAttestation *TDCCELAttestation } type TDCCELAttestation struct { CcelAcpiTable []byte CcelData []byte CanonicalEventLog []byte TdQuote []byte // still needs following two for GCE info AkCert []byte IntermediateCerts [][]byte } // VerifyAttestationResponse is the response from a successful // VerifyAttestation call. type VerifyAttestationResponse struct { ClaimsToken []byte PartialErrs []*status.Status } // ITAConfig represents the configuration needed to integrate with ITA as a verifier. type ITAConfig struct { ITARegion string ITAKey string } // AttestClients contains clients for supported verifier services that can be used to // get attestation tokens. type AttestClients struct { GCA Client ITA Client } // HasThirdPartyClient returns true if AttestClients contains an initialzied // third-party verifier client. func (ac *AttestClients) HasThirdPartyClient() bool { return ac.ITA != nil } go-tpm-tools-0.4.7/verifier/fake/000077500000000000000000000000001510276467000166145ustar00rootroot00000000000000go-tpm-tools-0.4.7/verifier/fake/fakeclaims.go000066400000000000000000000016741510276467000212520ustar00rootroot00000000000000package fake import "github.com/golang-jwt/jwt/v4" // Verify that Claims implements jwt.Claims. var _ jwt.Claims = Claims{} // Claims contains information to be formatted into a fake JWT. type Claims struct { jwt.RegisteredClaims ContainerImageSignatures []ContainerImageSignatureClaims `json:"container_image_signatures"` MachineStateMarshaled string OEMID string `json:"oemid"` HWModel string `json:"hwmodel"` SecBoot bool `json:"secboot"` SWName string `json:"swname"` } // ContainerImageSignatureClaims contains claims about a container image signature. type ContainerImageSignatureClaims struct { Payload string `json:"payload"` Signature string `json:"signature"` PubKey string `json:"public_key"` SigAlg string `json:"signature_algorithm"` } // Valid is necessary to implement the jwt.Claims interface. func (c Claims) Valid() error { return nil } go-tpm-tools-0.4.7/verifier/fake/fakeverifier.go000066400000000000000000000150511510276467000216070ustar00rootroot00000000000000// Package fake is a fake implementation of the Client interface for testing. package fake import ( "context" "crypto" "encoding/base64" "encoding/binary" "fmt" "strings" "time" "github.com/golang-jwt/jwt/v4" "github.com/google/go-eventlog/proto/state" "github.com/google/go-eventlog/register" "github.com/google/go-tpm-tools/proto/attest" "github.com/google/go-tpm-tools/proto/tpm" "github.com/google/go-tpm-tools/server" "github.com/google/go-tpm-tools/verifier" "github.com/google/go-tpm-tools/verifier/oci" "github.com/google/go-tpm/legacy/tpm2" "google.golang.org/genproto/googleapis/rpc/code" "google.golang.org/genproto/googleapis/rpc/status" "google.golang.org/protobuf/encoding/protojson" ) type fakeClient struct { signer crypto.Signer nonce []byte } // NewClient constructs a new fake client given a crypto.Signer. func NewClient(signer crypto.Signer) verifier.Client { nonce := make([]byte, 2) binary.LittleEndian.PutUint16(nonce, 15) // If signer is nil, test keys found in verifier/fake/ will be used. if signer == nil { signer = TestPrivateKey() } return &fakeClient{signer, nonce} } // CreateChallenge returns a hard coded, basic challenge. // // If you have found this method is insufficient for your tests, this class must be updated to // allow for better testing. func (fc *fakeClient) CreateChallenge(_ context.Context) (*verifier.Challenge, error) { return &verifier.Challenge{ Name: "projects/fakeProject/locations/fakeRegion/challenges/d882c62f-452f-4709-9335-0cccaf64eee1", Nonce: fc.nonce, }, nil } // VerifyAttestation calls server.VerifyAttestation against the request's public key. // It returns the marshaled MachineState as a claim. func (fc *fakeClient) VerifyAttestation(_ context.Context, req verifier.VerifyAttestationRequest) (*verifier.VerifyAttestationResponse, error) { // Determine signing algorithm. signingMethod := jwt.SigningMethodRS256 now := jwt.TimeFunc() akPub, err := tpm2.DecodePublic(req.Attestation.GetAkPub()) if err != nil { return nil, fmt.Errorf("failed to decode AKPub as TPMT_PUBLIC: %v", err) } akCrypto, err := akPub.Key() if err != nil { return nil, fmt.Errorf("failed to convert TPMT_PUBLIC to crypto.PublicKey: %v", err) } ms, err := server.VerifyAttestation(req.Attestation, server.VerifyOpts{Nonce: fc.nonce, TrustedAKs: []crypto.PublicKey{akCrypto}}) if err != nil { return nil, fmt.Errorf("failed to verify attestation: %v", err) } pcrBank, err := extractPCRBank(req.Attestation, ms.GetHash()) if err != nil { return nil, fmt.Errorf("failed to extract PCR bank: %w", err) } cosState, err := server.ParseCosCELPCR(req.Attestation.GetCanonicalEventLog(), *pcrBank) if err != nil { return nil, fmt.Errorf("failed to validate the Canonical event log: %w", err) } ms.Cos = cosState msJSON, err := protojson.Marshal(ms) if err != nil { return nil, fmt.Errorf("failed to convert proto object to JSON: %v", err) } audience := "https://sts.googleapis.com/" if req.TokenOptions != nil && req.TokenOptions.Audience != "" { audience = req.TokenOptions.Audience } claims := Claims{ RegisteredClaims: jwt.RegisteredClaims{ IssuedAt: &jwt.NumericDate{Time: now}, NotBefore: &jwt.NumericDate{Time: now}, ExpiresAt: &jwt.NumericDate{Time: now.Add(time.Hour)}, Audience: []string{audience}, Issuer: "fake-issuer-for-testing", Subject: "https://www.googleapis.com/compute/v1/projects/fakeProject/zones/fakeZone/instances/fakeInstance", }, MachineStateMarshaled: string(msJSON), OEMID: "fake-oem-id", HWModel: "fake-hw-model", SecBoot: true, SWName: "fake-sw-name", } var signatureClaims []ContainerImageSignatureClaims var partialErrs []*status.Status for _, signature := range req.ContainerImageSignatures { claims, err := extractClaims(signature) if err != nil { partialErrs = append(partialErrs, &status.Status{Code: int32(code.Code_INVALID_ARGUMENT), Message: err.Error()}) } else { signatureClaims = append(signatureClaims, claims) } } claims.ContainerImageSignatures = signatureClaims token := jwt.NewWithClaims(signingMethod, claims) // Instead of a private key, provide the signer. signed, err := token.SignedString(fc.signer) if err != nil { return nil, err } response := verifier.VerifyAttestationResponse{ ClaimsToken: []byte(signed), PartialErrs: partialErrs, } return &response, nil } // VerifyConfidentialSpace is identical in behavior to VerifyAttestation, necessary for implementing verifier.Client. func (fc *fakeClient) VerifyConfidentialSpace(ctx context.Context, req verifier.VerifyAttestationRequest) (*verifier.VerifyAttestationResponse, error) { return fc.VerifyAttestation(ctx, req) } type payload struct { Optional map[string]any `json:"optional"` // Optional represents optional metadata about the image, and its value shouldn't contain any "=" signs. } func isValid(alg string) bool { switch alg { case string(oci.ECDSAP256SHA256), string(oci.RSASSAPKCS1V152048SHA256), string(oci.RSASSAPSS2048SHA256): return true default: return false } } // Note: this is only compatible with the fake signature implementation. func extractClaims(signature *verifier.ContainerSignature) (ContainerImageSignatureClaims, error) { payloadStr := string(signature.Payload) // Fake payload consists of the expected pubkey and sigalg separated by a comma. separatorIndex := strings.LastIndex(payloadStr, ",") sigAlg := payloadStr[separatorIndex+1:] if !isValid(sigAlg) { return ContainerImageSignatureClaims{}, fmt.Errorf("unsupported algorithm %v", sigAlg) } return ContainerImageSignatureClaims{ Payload: payloadStr, Signature: base64.StdEncoding.EncodeToString(signature.Signature), PubKey: payloadStr[:separatorIndex], SigAlg: sigAlg, }, nil } // extractPCRBank finds the quote matching the given hash algorithm and returns the PCR bank. func extractPCRBank(attestation *attest.Attestation, hashAlgo tpm.HashAlgo) (*register.PCRBank, error) { for _, quote := range attestation.GetQuotes() { pcrs := quote.GetPcrs() if pcrs.GetHash() == hashAlgo { pcrBank := ®ister.PCRBank{TCGHashAlgo: state.HashAlgo(pcrs.Hash)} digestAlg, err := pcrBank.TCGHashAlgo.CryptoHash() if err != nil { return nil, fmt.Errorf("invalid digest algorithm: %w", err) } for pcrIndex, digest := range pcrs.GetPcrs() { pcrBank.PCRs = append(pcrBank.PCRs, register.PCR{ Index: int(pcrIndex), Digest: digest, DigestAlg: digestAlg}) } return pcrBank, nil } } return nil, fmt.Errorf("no PCRs found matching hash %s", hashAlgo.String()) } go-tpm-tools-0.4.7/verifier/fake/signer_rsa000066400000000000000000000032531510276467000206760ustar00rootroot00000000000000-----BEGIN PRIVATE KEY----- MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCPP/HUg2GdF86b Z4TvVgQUHIH2YPLKPJAngc35WFry+q+2Mz1PkNoWC4bcsaUD2xMoTPvZVY+zQrl+ 2Vwj78ZxsXgnjAf6PhP1VOmu9DxYT7evop36CqaZMNfwf+VlCp/8SCqZnytfNRJp cQa20ERkqK0KmBu5wTjv3zV2ESp1fvM8YlQi4pblP4lxFXBnYjmxnKpdXtxVf3H9 Sj6LYH59ZL7NAXPepc3yh4QAc+2GsV8K/zb5NFqohZf0E7MlajpOQKH6SREbisxx ZdCoT5m2xHBEOjfrZ4xRCqyjBySblcCwtZsdTP8nBUk08upPnN5Cfuu7TGUCGLTB xvfU4BRHAgMBAAECggEABx59bTtOSZlaSjzdzWsv7rPv/YeZ6VUTMPNxghfTBUpS GzL2tBKV1Aykmik18zga/qC8z3NCHf2N7HDu9FZBPXs9ZnG+H8CgC0w6BNjceuMT VOY3Basr1mcoBCrHAruBce9ANrxDUor3rEfStpkpHPuJBgLDNfsVUk58gK6ftpES ijhTcmCIv+f1KwPD243tUYOEKQRYZXTRKUKaji58d3zk3dp+G0TsZnGP3ptxkc8T 4DJu3vHlwrEofcw26QZtJLZGleyJxWpCw3jQP1ZfqHYF+B6bY4pQ/Fh0GmfC1hbw fxx6j2Mm0Wvq41JRSSssIyZAo72vlboR2ugLvw4jmQKBgQDCap40mwNJ3WkON0H9 ijiH7DU1AJU911jhUFhOeVJEcNK65GJGaeChDKk3rJ02veYWjpxlnuixyLuStC6u 0kxkVdCv1BfOoroh8UAJDaC9QFKBOoMvWMHwHFpxz0FowH62ZJLrMpAa819wwvuw PveyrEANfe3GS3Ov3zMK13O5QwKBgQC8oC4aIXVCdq/N6knAar0ALeBe62gfaYpq yMm1h8uF5mvJr5vNCGDoaJVBEww6BsIwuiQrFYnvGJ+P50HJq5f3hZHgry6wmBhp 6ZVVx5fpDTmLNG2UyJbzAbiazxErtxveCqnnp6Lb0zn7Z0KOcXG96ijgcOfUcYD5 fW1wZq12rQKBgQCABp/Z+n5m5OPqlZ7iLGRftb+wAItG5wnDjhooyyHOqhFLO1ww DEb9Jw5D+GqrAtCC6DS7grKvaIWE7RyUyS2/IPfE4cEvtN8nvOuzSoMgPTxXl0WO Jz/HM5Snv5jON3z59S7+rRRSexPNeMkvXbfVtDKV7+hlnYg4N54wNIMjawKBgQCP GtN/Pa0RzKvahIqJsjFMBoI4YU7wrgi2tTjbQXg2UTern1CLwHSNPnMmGMZo66G+ iCpSiZfJTxwXeDLgRxAXWT3wgdfhYLL8/5stpizpQgBLTW5pt7lWChM9WCXFzbkV v29h8jvLnThbNN845HaPyCxVAzPPaIGaRv+VjEDETQKBgQCrO7kQ23tpxjE1lroz 4NRPPI/doB50sHCdPXfxuxD1enKxYvST3WLn6QJGyoJIJoDAg/GUNhu2XITMrccm a8ZOkTZhk55bLFIsJkk6GZyQ75Fa2FKlUEnlpniGCCTv3jR9rj1yWXL0buBkmL3s NOhW0NUnzS1AjSY7pDIRBpA6gA== -----END PRIVATE KEY-----go-tpm-tools-0.4.7/verifier/fake/signer_rsa.pub000066400000000000000000000007021510276467000214570ustar00rootroot00000000000000-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjz/x1INhnRfOm2eE71YE FByB9mDyyjyQJ4HN+Vha8vqvtjM9T5DaFguG3LGlA9sTKEz72VWPs0K5ftlcI+/G cbF4J4wH+j4T9VTprvQ8WE+3r6Kd+gqmmTDX8H/lZQqf/EgqmZ8rXzUSaXEGttBE ZKitCpgbucE47981dhEqdX7zPGJUIuKW5T+JcRVwZ2I5sZyqXV7cVX9x/Uo+i2B+ fWS+zQFz3qXN8oeEAHPthrFfCv82+TRaqIWX9BOzJWo6TkCh+kkRG4rMcWXQqE+Z tsRwRDo362eMUQqsowckm5XAsLWbHUz/JwVJNPLqT5zeQn7ru0xlAhi0wcb31OAU RwIDAQAB -----END PUBLIC KEY-----go-tpm-tools-0.4.7/verifier/fake/testkeys.go000066400000000000000000000015621510276467000210220ustar00rootroot00000000000000package fake import ( "crypto" _ "embed" "fmt" "github.com/golang-jwt/jwt/v4" ) //go:embed signer_rsa var testPrivateKeyBytes []byte //go:embed signer_rsa.pub var testPublicKeyBytes []byte var testPrivateKey crypto.Signer var testPublicKey crypto.PublicKey func init() { var err error testPrivateKey, err = jwt.ParseRSAPrivateKeyFromPEM(testPrivateKeyBytes) if err != nil { panic(fmt.Sprintf("failed to parse embedded private key: %v", err)) } testPublicKey, err = jwt.ParseRSAPublicKeyFromPEM(testPublicKeyBytes) if err != nil { panic(fmt.Sprintf("failed to parse embedded public key: %v", err)) } } // TestPrivateKey returns the fake private key used for signing. func TestPrivateKey() crypto.Signer { return testPrivateKey } // TestPublicKey returns the public key corresponding to the fake private key. func TestPublicKey() any { return testPublicKey } go-tpm-tools-0.4.7/verifier/go.mod000066400000000000000000000045611510276467000170220ustar00rootroot00000000000000module github.com/google/go-tpm-tools/verifier go 1.23.0 toolchain go1.24.4 replace github.com/google/go-tpm-tools v0.4.4 => ../ require ( cloud.google.com/go/compute/metadata v0.8.0 cloud.google.com/go/confidentialcomputing v1.9.3-0.20250902151313-51583bd5c9b8 github.com/golang-jwt/jwt/v4 v4.5.1 github.com/google/go-cmp v0.7.0 github.com/google/go-eventlog v0.0.2-0.20241003021507-01bb555f7cba github.com/google/go-sev-guest v0.14.0 github.com/google/go-tdx-guest v0.3.2-0.20241009005452-097ee70d0843 github.com/google/go-tpm v0.9.6 github.com/google/go-tpm-tools v0.4.4 github.com/google/uuid v1.6.0 github.com/googleapis/gax-go/v2 v2.15.0 github.com/opencontainers/go-digest v1.0.0 github.com/opencontainers/image-spec v1.1.0 golang.org/x/net v0.43.0 golang.org/x/oauth2 v0.30.0 google.golang.org/api v0.247.0 google.golang.org/genproto v0.0.0-20250603155806-513f23925822 google.golang.org/genproto/googleapis/rpc v0.0.0-20250818200422-3122310a409c google.golang.org/grpc v1.74.2 google.golang.org/protobuf v1.36.7 ) require ( cloud.google.com/go/auth v0.16.4 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect github.com/go-logr/logr v1.4.3 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/google/certificate-transparency-go v1.1.2 // indirect github.com/google/go-attestation v0.5.1 // indirect github.com/google/go-configfs-tsm v0.3.3-0.20240919001351-b4b5b84fdcbc // indirect github.com/google/go-tspi v0.3.0 // indirect github.com/google/logger v1.1.1 // indirect github.com/google/s2a-go v0.1.9 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.6 // indirect go.opentelemetry.io/auto/sdk v1.1.0 // indirect go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0 // indirect go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 // indirect go.opentelemetry.io/otel v1.36.0 // indirect go.opentelemetry.io/otel/metric v1.36.0 // indirect go.opentelemetry.io/otel/trace v1.36.0 // indirect go.uber.org/multierr v1.11.0 // indirect golang.org/x/crypto v0.41.0 // indirect golang.org/x/sync v0.16.0 // indirect golang.org/x/sys v0.35.0 // indirect golang.org/x/text v0.28.0 // indirect golang.org/x/time v0.12.0 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20250818200422-3122310a409c // indirect ) go-tpm-tools-0.4.7/verifier/go.sum000066400000000000000000003772041510276467000170560ustar00rootroot00000000000000bazil.org/fuse v0.0.0-20180421153158-65cc252bf669/go.mod h1:Xbm+BRKSBEpa4q4hTSxohYNQpsxXPbPry4JJWOB3LB8= bitbucket.org/creachadair/shell v0.0.6/go.mod h1:8Qqi/cYk7vPnsOePHroKXDJYmb5x7ENhtiFtfZq8K+M= cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= cloud.google.com/go v0.39.0/go.mod h1:rVLT6fkc8chs9sfPtFc1SBH6em7n+ZoXaG+87tDISts= cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU= cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= cloud.google.com/go v0.44.3/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc= cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0= cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To= cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4= cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M= cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc= cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk= cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs= cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc= cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY= cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI= cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk= cloud.google.com/go v0.75.0/go.mod h1:VGuuCn7PG0dwsd5XPVm2Mm3wlh3EL55/79EKB6hlPTY= cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg= cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8= cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= cloud.google.com/go v0.83.0/go.mod h1:Z7MJUsANfY0pYPdw0lbnivPx4/vhy/e2FEkSkF7vAVY= cloud.google.com/go v0.84.0/go.mod h1:RazrYuxIK6Kb7YrzzhPoLmCVzl7Sup4NrbKPg8KHSUM= cloud.google.com/go v0.87.0/go.mod h1:TpDYlFy7vuLzZMMZ+B6iRiELaY7z/gJPaqbMx6mlWcY= cloud.google.com/go v0.90.0/go.mod h1:kRX0mNRHe0e2rC6oNakvwQqzyDmg57xJ+SZU1eT2aDQ= cloud.google.com/go v0.92.2/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI= cloud.google.com/go v0.92.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI= cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI= cloud.google.com/go/auth v0.16.4 h1:fXOAIQmkApVvcIn7Pc2+5J8QTMVbUGLscnSVNl11su8= cloud.google.com/go/auth v0.16.4/go.mod h1:j10ncYwjX/g3cdX7GpEzsdM+d+ZNsXAbb6qXA7p1Y5M= cloud.google.com/go/auth/oauth2adapt v0.2.8 h1:keo8NaayQZ6wimpNSmW5OPc283g65QNIiLpZnkHRbnc= cloud.google.com/go/auth/oauth2adapt v0.2.8/go.mod h1:XQ9y31RkqZCcwJWNSx2Xvric3RrU88hAYYbjDWYDL+c= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= cloud.google.com/go/compute/metadata v0.8.0 h1:HxMRIbao8w17ZX6wBnjhcDkW6lTFpgcaobyVfZWqRLA= cloud.google.com/go/compute/metadata v0.8.0/go.mod h1:sYOGTp851OV9bOFJ9CH7elVvyzopvWQFNNghtDQ/Biw= cloud.google.com/go/confidentialcomputing v1.9.3-0.20250902151313-51583bd5c9b8 h1:5sgtvzlC80YG1mSB535USESeIQBbpKXMMFzwcIIDX2M= cloud.google.com/go/confidentialcomputing v1.9.3-0.20250902151313-51583bd5c9b8/go.mod h1:u2iGBWSZ9hlgQAwwpwoz2U9V4UBYRysd/vAW7Tg7WPI= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk= cloud.google.com/go/monitoring v0.1.0/go.mod h1:Hpm3XfzJv+UTiXzCG5Ffp0wijzHTC7Cv4eR7o3x/fEE= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= cloud.google.com/go/spanner v1.17.0/go.mod h1:+17t2ixFwRG4lWRwE+5kipDR9Ef07Jkmc8z0IbMDKUs= cloud.google.com/go/spanner v1.18.0/go.mod h1:LvAjUXPeJRGNuGpikMULjhLj/t9cRvdc+fxRoLiugXA= cloud.google.com/go/spanner v1.25.0/go.mod h1:kQUft3x355hzzaeFbObjsvkzZDgpDkesp3v75WBnI8w= cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= cloud.google.com/go/trace v0.1.0/go.mod h1:wxEwsoeRVPbeSkt7ZC9nWCgmoKQRAoySN7XHW2AmI7g= code.gitea.io/sdk/gitea v0.11.3/go.mod h1:z3uwDV/b9Ls47NGukYM9XhnHtqPh/J+t40lsUrR6JDY= contrib.go.opencensus.io/exporter/aws v0.0.0-20181029163544-2befc13012d0/go.mod h1:uu1P0UCM/6RbsMrgPa98ll8ZcHM858i/AD06a9aLRCA= contrib.go.opencensus.io/exporter/ocagent v0.5.0/go.mod h1:ImxhfLRpxoYiSq891pBrLVhN+qmP8BTVvdH2YLs7Gl0= contrib.go.opencensus.io/exporter/stackdriver v0.12.1/go.mod h1:iwB6wGarfphGGe/e5CWqyUk/cLzKnWsOKPVW3no6OTw= contrib.go.opencensus.io/exporter/stackdriver v0.13.5/go.mod h1:aXENhDJ1Y4lIg4EUaVTwzvYETVNZk10Pu26tevFKLUc= contrib.go.opencensus.io/exporter/stackdriver v0.13.8/go.mod h1:huNtlWx75MwO7qMs0KrMxPZXzNNWebav1Sq/pm02JdQ= contrib.go.opencensus.io/integrations/ocsql v0.1.4/go.mod h1:8DsSdjz3F+APR+0z0WkU1aRorQCFfRxvqjUUPMbF3fE= contrib.go.opencensus.io/resource v0.1.1/go.mod h1:F361eGI91LCmW1I/Saf+rX0+OFcigGlFvXwEGEnkRLA= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= github.com/Azure/azure-amqp-common-go/v2 v2.1.0/go.mod h1:R8rea+gJRuJR6QxTir/XuEd+YuKoUiazDC/N96FiDEU= github.com/Azure/azure-pipeline-go v0.2.1/go.mod h1:UGSo8XybXnIGZ3epmeBw7Jdz+HiUVpqIlpz/HKHylF4= github.com/Azure/azure-sdk-for-go v29.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go v30.1.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-service-bus-go v0.9.1/go.mod h1:yzBx6/BUGfjfeqbRZny9AQIbIe3AcV9WZbAdpkoXOa0= github.com/Azure/azure-storage-blob-go v0.8.0/go.mod h1:lPI3aLPpuLTeUwh1sViKXFxwl2B6teiRqI0deQUvsw0= github.com/Azure/go-autorest v12.0.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/GoogleCloudPlatform/cloudsql-proxy v0.0.0-20191009163259-e802c2cb94ae/go.mod h1:mjwGPas4yKduTyubHvD1Atl9r1rUq8DfVy+gkVvZ+oo= github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0= github.com/Masterminds/goutils v1.1.0/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= github.com/Masterminds/semver v1.4.2/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= github.com/Masterminds/semver/v3 v3.0.3/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= github.com/Masterminds/semver/v3 v3.1.0/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= github.com/Masterminds/sprig v2.15.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o= github.com/Masterminds/sprig v2.22.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo= github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI= github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/4+TcAqDqk/vUH7g= github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c= github.com/alcortesm/tgz v0.0.0-20161220082320-9c5fe88206d7/go.mod h1:6zEj6s6u/ghQa61ZWa/C2Aw3RkjiTBOix7dkqa1VLIs= github.com/alecthomas/kingpin v2.2.6+incompatible/go.mod h1:59OFYbFVLKQKq+mqrL6Rw5bR0c3ACQaawgXx0QYndlE= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/aokoli/goutils v1.0.1/go.mod h1:SijmP0QR8LtwsmDs8Yii5Z/S4trXFGFC2oO5g9DP+DQ= github.com/apache/beam v2.28.0+incompatible/go.mod h1:/8NX3Qi8vGstDLLaeaU7+lzVEu/ACaQhYjeefzQ0y1o= github.com/apache/beam v2.32.0+incompatible/go.mod h1:/8NX3Qi8vGstDLLaeaU7+lzVEu/ACaQhYjeefzQ0y1o= github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= github.com/apache/thrift v0.13.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= github.com/apex/log v1.1.4/go.mod h1:AlpoD9aScyQfJDVHmLMEcx4oU6LqzkWp4Mg9GdAcEvQ= github.com/apex/logs v0.0.4/go.mod h1:XzxuLZ5myVHDy9SAmYpamKKRNApGj54PfYLcFrXqDwo= github.com/aphistic/golf v0.0.0-20180712155816-02c07f170c5a/go.mod h1:3NqKYiepwy8kCu4PNA+aP7WUV72eXWJeP9/r3/K9aLE= github.com/aphistic/sweet v0.2.0/go.mod h1:fWDlIh/isSE9n6EPsRmC0det+whmX6dJid3stzu0Xys= github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a/go.mod h1:DAHtR1m6lCRdSC2Tm3DSWRPvIPr6xNKyeHdqDQSQT+A= github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQwij/eHl5CU= github.com/aws/aws-sdk-go v1.15.27/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0= github.com/aws/aws-sdk-go v1.19.18/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.19.45/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.20.6/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.23.20/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.25.11/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.37.0/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g= github.com/aybabtme/rgbterm v0.0.0-20170906152045-cc83f3b3ce59/go.mod h1:q/89r3U2H7sSsE2t6Kca0lfwTK8JdoNGS/yzM/4iH5I= github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84= github.com/blakesmith/ar v0.0.0-20190502131153-809d4375e1fb/go.mod h1:PkYb9DJNAwrSvRx5DYA+gUcOIgTGVMNkfSCbZM8cWpI= github.com/caarlos0/ctrlc v1.0.0/go.mod h1:CdXpj4rmq0q/1Eb44M9zi2nKB0QraNKuRGYGrrHhcQw= github.com/campoy/unique v0.0.0-20180121183637-88950e537e7e/go.mod h1:9IOqJGCPMSc6E5ydlp5NIonxObaeu/Iub/X03EKPVYo= github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= github.com/cavaliercoder/go-cpio v0.0.0-20180626203310-925f9528c45e/go.mod h1:oDpT4efm8tSYHXV5tHSdRvBet/b/QzxZ+XyyPehvm3A= github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.3.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/certifi/gocertifi v0.0.0-20191021191039-0944d244cd40/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA= github.com/certifi/gocertifi v0.0.0-20200922220541-2c3bb06c6054/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA= github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= github.com/clbanning/x2j v0.0.0-20191024224557-825249438eec/go.mod h1:jMjuTZXRI4dUb/I5gc9Hdhagfvm9+RyrPryS/auMzxE= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h6jFvWxBdQXxjopDMZyH2UVceIRfR84bdzbkoKrsWNo= github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoCr5oaCLELYA= github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f/go.mod h1:i/u985jwjWRlyHXQbwatDASoW0RMlZ/3i9yJHE2xLkI= github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd/go.mod h1:sE/e/2PUdi/liOCUjSTXgM1o87ZssimdTWN964YiIeI= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk= github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd/v22 v22.1.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk= github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v0.0.0-20161028175848-04cdfd42973b/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/devigned/tab v0.1.1/go.mod h1:XG9mPq0dFghrYvoBF3xdRrJzSTX1b7IQrvaL9mzjeJY= github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8= github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs= github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU= github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I= github.com/edsrzf/mmap-go v1.0.0/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M= github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o= github.com/envoyproxy/go-control-plane v0.6.9/go.mod h1:SBwIajubJHhxtWwsL9s8ss4safvEdbitLhGGK48rN6g= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po= github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/envoyproxy/protoc-gen-validate v0.3.0-java/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/etcd-io/gofail v0.0.0-20190801230047-ad7f989257ca/go.mod h1:49H/RkXP8pKaZy4h0d+NW16rSLhyVBt4o6VLJbmOqDE= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/fortytw2/leaktest v1.2.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g= github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g= github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4= github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fullstorydev/grpcurl v1.8.0/go.mod h1:Mn2jWbdMrQGJQ8UD62uNyMumT2acsZUCkZIqFxsQf1o= github.com/fullstorydev/grpcurl v1.8.1/go.mod h1:3BWhvHZwNO7iLXaQlojdg5NA6SxUDePli4ecpK1N7gw= github.com/fullstorydev/grpcurl v1.8.2/go.mod h1:YvWNT3xRp2KIRuvCphFodG0fKkMXwaxA9CJgKCcyzUQ= github.com/getsentry/raven-go v0.2.0/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49PX4NzFV5kcQ= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI= github.com/gin-gonic/gin v1.5.0/go.mod h1:Nd6IXA8m5kNZdNEHMBd93KT+mdY3+bewLgRvmCsR2Do= github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-ini/ini v1.25.4/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.10.0/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o= github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI= github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-playground/locales v0.12.1/go.mod h1:IUMDtCfWo/w/mtMfIE/IG2K+Ey3ygWanZIBtBW0W2TM= github.com/go-playground/universal-translator v0.16.0/go.mod h1:1AnU7NaIRDWWzGEKwgtJRd2xk99HeFyHw3yid4rvQIY= github.com/go-redis/redis v6.15.9+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA= github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/gogo/googleapis v1.1.0/go.mod h1:gf4bu3Q80BeJ6H1S1vYPm8/ELATdvryBaNFGgqEef3s= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= github.com/gogo/protobuf v1.3.0/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang-jwt/jwt/v4 v4.5.1 h1:JdqV9zKUdtaa9gdPlywC3aeoEsR681PlKC+4F5gQgeo= github.com/golang-jwt/jwt/v4 v4.5.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8= github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk= github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= github.com/google/certificate-transparency-go v1.0.21/go.mod h1:QeJfpSbVSfYc7RgB3gJFj9cbuQMMchQxrWXz8Ruopmg= github.com/google/certificate-transparency-go v1.1.2-0.20210422104406-9f33727a7a18/go.mod h1:6CKh9dscIRoqc2kC6YUFICHZMT9NrClyPrRVFrdw1QQ= github.com/google/certificate-transparency-go v1.1.2-0.20210512142713-bed466244fa6/go.mod h1:aF2dp7Dh81mY8Y/zpzyXps4fQW5zQbDu2CxfpJB6NkI= github.com/google/certificate-transparency-go v1.1.2 h1:4hE0GEId6NAW28dFpC+LrRGwQX5dtmXQGDbg8+/MZOM= github.com/google/certificate-transparency-go v1.1.2/go.mod h1:3OL+HKDqHPUfdKrHVQxO6T8nDLO0HF7LRTlkIWXaWvQ= github.com/google/go-attestation v0.5.1 h1:jqtOrLk5MNdliTKjPbIPrAaRKJaKW+0LIU2n/brJYms= github.com/google/go-attestation v0.5.1/go.mod h1:KqGatdUhg5kPFkokyzSBDxwSCFyRgIgtRkMp6c3lOBQ= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= github.com/google/go-configfs-tsm v0.3.3-0.20240919001351-b4b5b84fdcbc h1:SG12DWUUM5igxm+//YX5Yq4vhdoRnOG9HkCodkOn+YU= github.com/google/go-configfs-tsm v0.3.3-0.20240919001351-b4b5b84fdcbc/go.mod h1:EL1GTDFMb5PZQWDviGfZV9n87WeGTR/JUg13RfwkgRo= github.com/google/go-eventlog v0.0.2-0.20241003021507-01bb555f7cba h1:05m5+kgZjxYUZrx3bZfkKHl6wkch+Khao6N21rFHInk= github.com/google/go-eventlog v0.0.2-0.20241003021507-01bb555f7cba/go.mod h1:7huE5P8w2NTObSwSJjboHmB7ioBNblkijdzoVa2skfQ= github.com/google/go-github/v28 v28.1.1/go.mod h1:bsqJWQX05omyWVmc00nEUql9mhQyv38lDZ8kPZcQVoM= github.com/google/go-licenses v0.0.0-20210329231322-ce1d9163b77d/go.mod h1:+TYOmkVoJOpwnS0wfdsJCV9CoD5nJYsHoFk/0CrTK4M= github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/go-replayers/grpcreplay v0.1.0/go.mod h1:8Ig2Idjpr6gifRd6pNVggX6TC1Zw6Jx74AKp7QNH2QE= github.com/google/go-replayers/httpreplay v0.1.0/go.mod h1:YKZViNhiGgqdBlUbI2MwGpq4pXxNmhJLPHQ7cv2b5no= github.com/google/go-sev-guest v0.14.0 h1:dCb4F3YrHTtrDX3cYIPTifEDz7XagZmXQioxRBW4wOo= github.com/google/go-sev-guest v0.14.0/go.mod h1:SK9vW+uyfuzYdVN0m8BShL3OQCtXZe/JPF7ZkpD3760= github.com/google/go-tdx-guest v0.3.2-0.20241009005452-097ee70d0843 h1:+MoPobRN9HrDhGyn6HnF5NYo4uMBKaiFqAtf/D/OB4A= github.com/google/go-tdx-guest v0.3.2-0.20241009005452-097ee70d0843/go.mod h1:g/n8sKITIT9xRivBUbizo34DTsUm2nN2uU3A662h09g= github.com/google/go-tpm v0.9.6 h1:Ku42PT4LmjDu1H5C5ISWLlpI1mj+Zq7sPGKoRw2XROA= github.com/google/go-tpm v0.9.6/go.mod h1:h9jEsEECg7gtLis0upRBQU+GhYVH6jMjrFxI8u6bVUY= github.com/google/go-tspi v0.3.0 h1:ADtq8RKfP+jrTyIWIZDIYcKOMecRqNJFOew2IT0Inus= github.com/google/go-tspi v0.3.0/go.mod h1:xfMGI3G0PhxCdNVcYr1C4C+EizojDg/TXuX5by8CiHI= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/licenseclassifier v0.0.0-20210325184830-bb04aff29e72/go.mod h1:qsqn2hxC+vURpyBRygGUuinTO42MFRLcsmQ/P8v94+M= github.com/google/logger v1.1.1 h1:+6Z2geNxc9G+4D4oDO9njjjn2d0wN5d7uOo0vOIW1NQ= github.com/google/logger v1.1.1/go.mod h1:BkeJZ+1FhQ+/d087r4dzojEg1u2ZX+ZqG1jTUrLM+zQ= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/martian v2.1.1-0.20190517191504-25dcb96d9e51+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/rpmpack v0.0.0-20191226140753-aa36bfddb3a0/go.mod h1:RaTPr0KUf2K7fnZYLNDrr8rxAamWs3iNywJLtQ2AzBg= github.com/google/s2a-go v0.1.9 h1:LGD7gtMgezd8a/Xak7mEWL0PjoTQFvpRudN895yqKW0= github.com/google/s2a-go v0.1.9/go.mod h1:YA0Ei2ZQL3acow2O62kdp9UlnvMmU7kA6Eutn0dXayM= github.com/google/subcommands v1.0.1/go.mod h1:ZjhPrFU+Olkh9WazFPsl27BQ4UPiG37m3yTrtFlrHVk= github.com/google/trillian v1.3.14-0.20210409160123-c5ea3abd4a41/go.mod h1:1dPv0CUjNQVFEDuAUFhZql16pw/VlPgaX8qj+g5pVzQ= github.com/google/trillian v1.3.14-0.20210511103300-67b5f349eefa/go.mod h1:s4jO3Ai4NSvxucdvqUHON0bCqJyoya32eNw6XJwsmNc= github.com/google/trillian v1.4.0/go.mod h1:1Bja2nEgMDlEJWWRXBUemSPG9qYw84ZYX2gHRVHlR+g= github.com/google/uuid v0.0.0-20161128191214-064e2069ce9c/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/wire v0.3.0/go.mod h1:i1DMg/Lu8Sz5yYl25iOdmc5CT5qusaa+zmRWs16741s= github.com/googleapis/enterprise-certificate-proxy v0.3.6 h1:GW/XbdyBFQ8Qe+YAmFU9uHLo7OnF5tL52HFAgMmyrf4= github.com/googleapis/enterprise-certificate-proxy v0.3.6/go.mod h1:MkHOF77EYAE7qfSuSS9PU6g4Nt4e11cnsDUowfwewLA= github.com/googleapis/gax-go v2.0.2+incompatible/go.mod h1:SFVmujtThgffbyetf+mdk2eWhX2bMyUtNHzFKcPA9HY= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/googleapis/gax-go/v2 v2.15.0 h1:SyjDc1mGgZU5LncH8gimWo9lW1DtIfPibOG81vgd/bo= github.com/googleapis/gax-go/v2 v2.15.0/go.mod h1:zVVkkxAQHa1RQpg9z2AUCMnKhi0Qld9rcmyfL1OZhoc= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/gordonklaus/ineffassign v0.0.0-20200309095847-7953dde2c7bf/go.mod h1:cuNKsD1zp2v6XfE/orVX2QE1LC+i254ceGcVeDT3pTU= github.com/goreleaser/goreleaser v0.134.0/go.mod h1:ZT6Y2rSYa6NxQzIsdfWWNWAlYGXGbreo66NmE+3X3WQ= github.com/goreleaser/nfpm v1.2.1/go.mod h1:TtWrABZozuLOttX2uDlYyECfQX7x5XYkVxhjYcR6G9w= github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg= github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= github.com/grpc-ecosystem/go-grpc-middleware v1.2.2/go.mod h1:EaizFBKfUKtMIF5iaDEhniwNedqGo9FuLFzppDr3uwI= github.com/grpc-ecosystem/go-grpc-middleware v1.3.0/go.mod h1:z0ButlSOZa5vEBq9m2m2hlwIgKw+rp3sdCBRoJY+30Y= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= github.com/grpc-ecosystem/grpc-gateway v1.8.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.9.2/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.14.6/go.mod h1:zdiPV4Yse/1gnckTHtghG4GkDEdKCRJduHpTxT3/jcw= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= github.com/hashicorp/consul/api v1.3.0/go.mod h1:MmDNSzIMUjNpY/mQ398R4bk2FnqQLoPndWW5VkKPlCE= github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= github.com/hashicorp/consul/sdk v0.3.0/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= github.com/hashicorp/go-retryablehttp v0.6.4/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU= github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU= github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4= github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ= github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I= github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/huandu/xstrings v1.0.0/go.mod h1:4qWG/gcEcfX4z/mBDHJ++3ReCw9ibxbsNJbcucJdbSo= github.com/huandu/xstrings v1.2.0/go.mod h1:DvyZB1rfVYsBIigL8HwpZgxHwXozlTgGqn63UyNX5k4= github.com/hudl/fargo v1.3.0/go.mod h1:y3CKSmjA+wD2gak7sUSXTAoopbhU08POFhmITJgmKTg= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/imdario/mergo v0.3.4/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.9/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d/go.mod h1:qj24IKcXYK6Iy9ceXlo3Tc+vtHo9lIhSX5JddghvEPo= github.com/jarcoal/httpmock v1.0.5/go.mod h1:ATjnClrvW/3tijVmpL/va5Z3aAyGvqU3gCT8nX0Txik= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= github.com/jhump/protoreflect v1.6.1/go.mod h1:RZQ/lnuN+zqeRVpQigTwO6o0AJUkxbnSnpuG7toUTG4= github.com/jhump/protoreflect v1.8.2/go.mod h1:7GcYQDdMU/O/BBrl/cX6PNHpXh6cenjd8pneu5yW7Tg= github.com/jhump/protoreflect v1.9.0/go.mod h1:7GcYQDdMU/O/BBrl/cX6PNHpXh6cenjd8pneu5yW7Tg= github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg= github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8= github.com/jpillora/backoff v0.0.0-20180909062703-3050d21c67d7/go.mod h1:2iMrUgbbvHEiQClaW2NsSzMyGHqN+rDFqY705q49KG0= github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= github.com/juju/ratelimit v1.0.1/go.mod h1:qapgC/Gy+xNh9UxzV13HGGl/6UXNN+ct+vwSgWNm/qk= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= github.com/kevinburke/ssh_config v0.0.0-20190725054713-01f96b0aa0cd/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= github.com/leodido/go-urn v1.1.0/go.mod h1:+cyI34gQWZcE1eQU7NVgKkkzdXDQHr1dBMtdAPozLkw= github.com/letsencrypt/pkcs11key/v4 v4.0.0/go.mod h1:EFUvBDay26dErnNb70Nd0/VW3tJiIbETBPTl9ATXQag= github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM= github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4= github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ= github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= github.com/mattn/go-ieproxy v0.0.0-20190610004146-91bb50d98149/go.mod h1:31jz6HNzdxOmlERGGEc4v/dMssOfmp2p5bT/okiKFFc= github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.5/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.9/go.mod h1:YNRxwqDuOph6SZLI9vUUz6OYw3QyUt7WiY2yME+cCiQ= github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= github.com/mattn/go-runewidth v0.0.7/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= github.com/mattn/go-shellwords v1.0.10/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y= github.com/mattn/go-zglob v0.0.1/go.mod h1:9fxibJccNxU2cnpIKLRRFA7zX7qhkJIQWBb449FYHOo= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE= github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= github.com/miekg/pkcs11 v1.0.2/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= github.com/miekg/pkcs11 v1.0.3/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg= github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY= github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/mitchellh/reflectwalk v1.0.1/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826/go.mod h1:TaXosZuwdSHYgviHp1DAtfrULt5eUgsSMsZf+YrPgl8= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mwitkow/go-proto-validators v0.0.0-20180403085117-0950a7990007/go.mod h1:m2XC9Qq0AlmmVksL6FktJCdTYyLk7V3fKyp0sl1yWQo= github.com/mwitkow/go-proto-validators v0.2.0/go.mod h1:ZfA1hW+UH/2ZHOWvQ3HnQaU0DtnpXu850MZiy+YUgcc= github.com/nats-io/jwt v0.3.0/go.mod h1:fRYCDE99xlTsqUzISS1Bi75UBJ6ljOJQOAAu5VglpSg= github.com/nats-io/jwt v0.3.2/go.mod h1:/euKqTS1ZD+zzjYrY7pseZrTtWQSjujC7xjPc8wL6eU= github.com/nats-io/nats-server/v2 v2.1.2/go.mod h1:Afk+wRZqkMQs/p45uXdrVLuab3gwv3Z8C4HTBu8GD/k= github.com/nats-io/nats.go v1.9.1/go.mod h1:ZjDU1L/7fJ09jvUSRVBR2e7+RnLiiIQyqyzEE/Zbp4w= github.com/nats-io/nkeys v0.1.0/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= github.com/nats-io/nkeys v0.1.3/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c= github.com/nishanths/predeclared v0.0.0-20200524104333-86fad755b4d3/go.mod h1:nt3d53pc1VYcphSCIaYAJtnPYnr3Zyn8fMq2wvPGPso= github.com/oklog/oklog v0.3.2/go.mod h1:FCV+B7mhrz4o+ueLpx+KqkyXRGMWOYEvfiXtdGtbWGs= github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo= github.com/olekukonko/tablewriter v0.0.4/go.mod h1:zq6QwlOf5SlnkVbMSr5EoBv3636FWnp+qbPhuoO21uA= github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.10.3/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug= github.com/opencontainers/image-spec v1.1.0/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM= github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492/go.mod h1:Ngi6UdF0k5OKD5t5wlmGhe/EDKPoUM3BXZSSfIuJbis= github.com/opentracing/basictracer-go v1.0.0/go.mod h1:QfBfYuafItcjQuMwinw9GhYKwFXS9KnPs5lxoYwgW74= github.com/opentracing/opentracing-go v1.0.2/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/openzipkin-contrib/zipkin-go-opentracing v0.4.5/go.mod h1:/wsWhb9smxSfWAKL3wpBW7V8scJMt8N8gnaMCS9E/cA= github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw= github.com/openzipkin/zipkin-go v0.2.1/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= github.com/openzipkin/zipkin-go v0.2.2/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= github.com/otiai10/copy v1.2.0/go.mod h1:rrF5dJ5F0t/EWSYODDu4j9/vEeYHMkc8jt0zJChqQWw= github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE= github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs= github.com/otiai10/mint v1.3.0/go.mod h1:F5AjcsTsWUqX+Na9fpHb52P8pcRX2CI6A3ctIT91xUo= github.com/otiai10/mint v1.3.1/go.mod h1:/yxELlJQ0ufhjUwhshSj+wFjZ78CnZ48/1wtmBH1OTc= github.com/pact-foundation/pact-go v1.0.4/go.mod h1:uExwJY4kCzNPcHRj+hCR/HBbOOIwwtUjcrb0b5/5kLM= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= github.com/pelletier/go-buffruneio v0.2.0/go.mod h1:JkE26KsDizTr40EUHkXVtNPvgGtbSNq5BcowyYOWdKo= github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9iaPbIdPPGyKcA8hKdoy6hAWba7Yac= github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc= github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6JUPA= github.com/pmezard/go-difflib v0.0.0-20151028094244-d8ed2627bdf0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs= github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso= github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.3.0/go.mod h1:hJaj2vgQTGQmVCsAACORcieXFeDPbaTKGT+JTgUa3og= github.com/prometheus/client_golang v1.5.1/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU= github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= github.com/prometheus/client_golang v1.10.0/go.mod h1:WJM3cc3yu7XKBKa/I8WeZm+V3eltZnBwfENSU7mdogU= github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.1.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt26CguLLsqA= github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4= github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= github.com/prometheus/common v0.18.0/go.mod h1:U+gB1OBLb1lF3O42bTCL+FK18tX9Oar16Clt/msog/s= github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/procfs v0.2.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA= github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= github.com/pseudomuto/protoc-gen-doc v1.4.1/go.mod h1:exDTOVwqpp30eV/EDPFLZy3Pwr2sn6hBC1WIYH/UbIg= github.com/pseudomuto/protoc-gen-doc v1.5.0/go.mod h1:exDTOVwqpp30eV/EDPFLZy3Pwr2sn6hBC1WIYH/UbIg= github.com/pseudomuto/protokit v0.2.0/go.mod h1:2PdH30hxVHsup8KpBTOXTBeMVhJZVio3Q8ViKSAXT0Q= github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= github.com/rogpeppe/fastuuid v1.1.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU= github.com/rs/cors v1.8.0/go.mod h1:EBwu+T5AvHOcXwvZIkQFjUN6s8Czyqw12GL/Y0tUyRM= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E= github.com/sassoftware/go-rpmutils v0.0.0-20190420191620-a8f1baeba37b/go.mod h1:am+Fp8Bt506lA3Rk3QCmSqmYmLMnPDhdDUcosQCAx+I= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= github.com/smartystreets/assertions v1.0.0/go.mod h1:kHHU4qYBaI3q23Pp3VPrmWhuIUrLW/7eUrw0BU5VaoM= github.com/smartystreets/go-aws-auth v0.0.0-20180515143844-0c1422d1fdb9/go.mod h1:SnhjPscd9TpLiy1LpzGSKh3bXCfxxXuqd9xmQJy3slM= github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= github.com/smartystreets/gunit v1.0.0/go.mod h1:qwPWnhz6pn0NnRBP++URONOVyNkPyr4SauJk4cUOwJs= github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= github.com/soheilhy/cmux v0.1.5-0.20210205191134-5ec6847320e5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0= github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0= github.com/sony/gobreaker v0.4.1/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY= github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU= github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE= github.com/spf13/cobra v1.1.1/go.mod h1:WnodtKOvamDL/PwE2M4iKs8aMDBZ5Q5klgD3qfVJQMI= github.com/spf13/cobra v1.1.3/go.mod h1:pGADOWyqRD/YMrPZigI/zbliZ2wVD/23d+is3pSWzOo= github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s= github.com/spf13/viper v1.4.0/go.mod h1:PTJ7Z/lr49W6bUbkmS1V3by4uWynFiR9p7+dSq/yZzE= github.com/spf13/viper v1.7.0/go.mod h1:8WkrPz2fc9jxqZNCJI/76HCieCp4Q8HaLFoCha5qpdg= github.com/src-d/gcfg v1.4.0/go.mod h1:p/UMsR43ujA89BJY9duynAwIpvqEujIH/jFlfL7jWoI= github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= github.com/streadway/amqp v0.0.0-20190827072141-edfb9018d271/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= github.com/streadway/handy v0.0.0-20190108123426-d5acb3125c2a/go.mod h1:qNTQ5P5JnDBl6z3cMAg/SywNDC5ABu5ApDIw6lUbRmI= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= github.com/stretchr/testify v0.0.0-20170130113145-4d4bfba8f1d1/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/tj/assert v0.0.0-20171129193455-018094318fb0/go.mod h1:mZ9/Rh9oLWpLLDRpvE+3b7gP/C2YyLFYxNmcLnPTMe0= github.com/tj/go-elastic v0.0.0-20171221160941-36157cbbebc2/go.mod h1:WjeM0Oo1eNAjXGDx2yma7uG2XoyRZTq1uv3M/o7imD0= github.com/tj/go-kinesis v0.0.0-20171128231115-08b17f58cb1b/go.mod h1:/yhzCV0xPfx6jb1bBgRFjl5lytqVqZXEaeqWP8lTEao= github.com/tj/go-spin v1.1.0/go.mod h1:Mg1mzmePZm4dva8Qz60H2lHwmJ2loum4VIrLgVnKwh4= github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tmc/grpc-websocket-proxy v0.0.0-20200427203606-3cfed13b9966/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tmc/grpc-websocket-proxy v0.0.0-20201229170055-e5319fda7802/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tomasen/realip v0.0.0-20180522021738-f0c99a92ddce/go.mod h1:o8v6yHRoik09Xen7gje4m9ERNah1d1PPsVq1VEx9vE4= github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw= github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY= github.com/ulikunitz/xz v0.5.6/go.mod h1:2bypXElzHzzJZwzH67Y6wb67pO62Rzfn7BSiF4ABRW8= github.com/ulikunitz/xz v0.5.7/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/urfave/cli v1.22.4/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/xanzy/go-gitlab v0.31.0/go.mod h1:sPLojNBn68fMUWSxIJtdVVIP8uSBYqesTfDUseX11Ug= github.com/xanzy/ssh-agent v0.2.1/go.mod h1:mLlQY/MoOhWBj+gOGMQkOeiEvkx+8pJSI+0Bx9h2kr4= github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8/go.mod h1:HUYIGzjTL3rfEspMxjDjgmT5uz5wzYJKVo23qUhYTos= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ= go.etcd.io/bbolt v1.3.6/go.mod h1:qXsaaIqmgQH0T+OPdb99Bf+PKfBBQVAdyD6TY9G8XM4= go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg= go.etcd.io/etcd/api/v3 v3.5.0-alpha.0/go.mod h1:mPcW6aZJukV6Aa81LSKpBjQXTWlXB5r74ymPoSWa3Sw= go.etcd.io/etcd/api/v3 v3.5.0/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs= go.etcd.io/etcd/client/pkg/v3 v3.5.0/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g= go.etcd.io/etcd/client/v2 v2.305.0-alpha.0/go.mod h1:kdV+xzCJ3luEBSIeQyB/OEKkWKd8Zkux4sbDeANrosU= go.etcd.io/etcd/client/v2 v2.305.0/go.mod h1:h9puh54ZTgAKtEbut2oe9P4L/oqKCVB6xsXlzd7alYQ= go.etcd.io/etcd/client/v3 v3.5.0-alpha.0/go.mod h1:wKt7jgDgf/OfKiYmCq5WFGxOFAkVMLxiiXgLDFhECr8= go.etcd.io/etcd/client/v3 v3.5.0/go.mod h1:AIKXXVX/DQXtfTEqBryiLTUXwON+GuvO6Z7lLS/oTh0= go.etcd.io/etcd/etcdctl/v3 v3.5.0-alpha.0/go.mod h1:YPwSaBciV5G6Gpt435AasAG3ROetZsKNUzibRa/++oo= go.etcd.io/etcd/etcdctl/v3 v3.5.0/go.mod h1:vGTfKdsh87RI7kA2JHFBEGxjQEYx+pi299wqEOdi34M= go.etcd.io/etcd/etcdutl/v3 v3.5.0/go.mod h1:o98rKMCibbFAG8QS9KmvlYDGDShmmIbmRE8vSofzYNg= go.etcd.io/etcd/pkg/v3 v3.5.0-alpha.0/go.mod h1:tV31atvwzcybuqejDoY3oaNRTtlD2l/Ot78Pc9w7DMY= go.etcd.io/etcd/pkg/v3 v3.5.0/go.mod h1:UzJGatBQ1lXChBkQF0AuAtkRQMYnHubxAEYIrC3MSsE= go.etcd.io/etcd/raft/v3 v3.5.0-alpha.0/go.mod h1:FAwse6Zlm5v4tEWZaTjmNhe17Int4Oxbu7+2r0DiD3w= go.etcd.io/etcd/raft/v3 v3.5.0/go.mod h1:UFOHSIvO/nKwd4lhkwabrTD3cqW5yVyYYf/KlD00Szc= go.etcd.io/etcd/server/v3 v3.5.0-alpha.0/go.mod h1:tsKetYpt980ZTpzl/gb+UOJj9RkIyCb1u4wjzMg90BQ= go.etcd.io/etcd/server/v3 v3.5.0/go.mod h1:3Ah5ruV+M+7RZr0+Y/5mNLwC+eQlni+mQmOVdCRJoS4= go.etcd.io/etcd/tests/v3 v3.5.0-alpha.0/go.mod h1:HnrHxjyCuZ8YDt8PYVyQQ5d1ZQfzJVEtQWllr5Vp/30= go.etcd.io/etcd/tests/v3 v3.5.0/go.mod h1:f+mtZ1bE1YPvgKdOJV2BKy4JQW0nAFnQehgOE7+WyJE= go.etcd.io/etcd/v3 v3.5.0-alpha.0/go.mod h1:JZ79d3LV6NUfPjUxXrpiFAYcjhT+06qqw+i28snx8To= go.etcd.io/etcd/v3 v3.5.0/go.mod h1:FldM0/VzcxYWLvWx1sdA7ghKw7C3L2DvUTzGrcEtsC4= go.opencensus.io v0.15.0/go.mod h1:UffZAU+4sDEINUGP/B7UfBBkq4fqLu9zXAX7ke6CHW0= go.opencensus.io v0.20.1/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= go.opencensus.io v0.20.2/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.22.6/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= go.opentelemetry.io/contrib v0.20.0/go.mod h1:G/EtFaa6qaN7+LxqfIAT3GiZa7Wv5DTBUzl5H4LY0Kc= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.20.0/go.mod h1:oVGt1LRbBOBq1A5BQLlUg9UaU/54aiHw8cgjV3aWZ/E= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0 h1:q4XOmH/0opmeuJtPsbFNivyl7bCt7yRBbeEm2sC/XtQ= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0/go.mod h1:snMWehoOh2wsEwnvvwtDyFCxVeDAODenXHtn5vzrKjo= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 h1:F7Jx+6hwnZ41NSFTO5q4LYDtJRXBf2PD0rNBkeB/lus= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0/go.mod h1:UHB22Z8QsdRDrnAtX4PntOl36ajSxcdUMt1sF7Y6E7Q= go.opentelemetry.io/otel v0.20.0/go.mod h1:Y3ugLH2oa81t5QO+Lty+zXf8zC9L26ax4Nzoxm/dooo= go.opentelemetry.io/otel v1.36.0 h1:UumtzIklRBY6cI/lllNZlALOF5nNIzJVb16APdvgTXg= go.opentelemetry.io/otel v1.36.0/go.mod h1:/TcFMXYjyRNh8khOAO9ybYkqaDBb/70aVwkNML4pP8E= go.opentelemetry.io/otel/exporters/otlp v0.20.0/go.mod h1:YIieizyaN77rtLJra0buKiNBOm9XQfkPEKBeuhoMwAM= go.opentelemetry.io/otel/metric v0.20.0/go.mod h1:598I5tYlH1vzBjn+BTuhzTCSb/9debfNp6R3s7Pr1eU= go.opentelemetry.io/otel/metric v1.36.0 h1:MoWPKVhQvJ+eeXWHFBOPoBOi20jh6Iq2CcCREuTYufE= go.opentelemetry.io/otel/metric v1.36.0/go.mod h1:zC7Ks+yeyJt4xig9DEw9kuUFe5C3zLbVjV2PzT6qzbs= go.opentelemetry.io/otel/oteltest v0.20.0/go.mod h1:L7bgKf9ZB7qCwT9Up7i9/pn0PWIa9FqQ2IQ8LoxiGnw= go.opentelemetry.io/otel/sdk v0.20.0/go.mod h1:g/IcepuwNsoiX5Byy2nNV0ySUF1em498m7hBWC279Yc= go.opentelemetry.io/otel/sdk v1.36.0 h1:b6SYIuLRs88ztox4EyrvRti80uXIFy+Sqzoh9kFULbs= go.opentelemetry.io/otel/sdk v1.36.0/go.mod h1:+lC+mTgD+MUWfjJubi2vvXWcVxyr9rmlshZni72pXeY= go.opentelemetry.io/otel/sdk/export/metric v0.20.0/go.mod h1:h7RBNMsDJ5pmI1zExLi+bJK+Dr8NQCh0qGhm1KDnNlE= go.opentelemetry.io/otel/sdk/metric v0.20.0/go.mod h1:knxiS8Xd4E/N+ZqKmUPf3gTTZ4/0TjTXukfxjzSTpHE= go.opentelemetry.io/otel/sdk/metric v1.36.0 h1:r0ntwwGosWGaa0CrSt8cuNuTcccMXERFwHX4dThiPis= go.opentelemetry.io/otel/sdk/metric v1.36.0/go.mod h1:qTNOhFDfKRwX0yXOqJYegL5WRaW376QbB7P4Pb0qva4= go.opentelemetry.io/otel/trace v0.20.0/go.mod h1:6GjCW8zgDjwGHGa6GkyeB8+/5vjT16gUEi0Nf1iBdgw= go.opentelemetry.io/otel/trace v1.36.0 h1:ahxWNuqZjpdiFAyrIoQ4GIiAIhxAunQR6MUoKrsNd4w= go.opentelemetry.io/otel/trace v1.36.0/go.mod h1:gQ+OnDZzrybY4k4seLzPAWNwVBBVlF2szhehOBB/tGA= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4= go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU= go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM= go.uber.org/zap v1.16.0/go.mod h1:MA8QOfq0BHJwdXa996Y4dYkAqRKB8/1K1QMMZVaNZjQ= go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo= gocloud.dev v0.19.0/go.mod h1:SmKwiR8YwIMMJvQBKLsC3fHNyMwXLw3PMDO+VVteJMI= golang.org/x/crypto v0.0.0-20180501155221-613d6eafa307/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190426145343-a29dc8fdc734/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191002192127-34f69633bfdc/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191117063200-497ca9f6d64f/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.41.0 h1:WKYxWedPGCTVVl5+WHSSrOBT0O8lx32+zxmHxijgXp4= golang.org/x/crypto v0.41.0/go.mod h1:pO5AFd7FA68rFak7rOAGVuygIISepHftHnr8dr6+sUc= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek= golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= golang.org/x/exp v0.0.0-20200331195152-e8c3332aa8e5/go.mod h1:4M0jN8W1tt0AVLNr8HDosyJCDCDuyL9N9+3m7wDWgKw= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs= golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY= golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181108082009-03003ca0c849/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190125091013-d26f9f9a57f3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190619014844-b5b0513f8c1b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191002035440-2ec189313ef0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191119073136-fc4aabc6c914/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200421231249-e086a090c8fd/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.43.0 h1:lat02VYK2j4aLzMzecihNvTlJNQUq316m2Mr9rnM6YE= golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20181106182150-f42d05182288/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190402181905-9f3314589c9a/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210126194326-f9ce19ea3013/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210413134643-5e61552d6c78/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210427180440-81ed05c6b58c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI= golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190412183630-56d357773e84/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw= golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190221075227-b4e8571b14e0/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190620070143-6f217b454f45/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191119060738-e882bf8e40c2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191220142924-d4481acd189f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200923182605-d9f96fdee20d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201009025420-dfb3f7c4e634/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210309074719-68d13333faf2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210403161142-5e06dd20ab57/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210412220455-f1c623a9e750/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210426230700-d19ff857e887/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210503080704-8803ae5d1324/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI= golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.28.0 h1:rhazDwis8INMIwQ4tpjLDzUhx6RlXqZNPEM0huQojng= golang.org/x/text v0.28.0/go.mod h1:U8nCwOR8jO/marOQ0QbDiOngZVEBB7MAiitBuMjXiNU= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE= golang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg= golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190422233926-fe54fb35175b/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190729092621-ff9f1409240a/go.mod h1:jcCCGcm9btYwXyDqrUWc6MKQKKGJCWEQ3AfLSRIbEuI= golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191010075000-0337d82405ff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191112195655-aa38f8e97acc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191118222007-07fc4c7f2b98/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200103221440-774c71fcf114/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= golang.org/x/tools v0.0.0-20200426102838-f3a5411a4c3b/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200522201501-cb1345f3a375/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200717024301-6ddee64345a6/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE= golang.org/x/tools v0.0.0-20201014170642-d1624618ad65/go.mod h1:z6u4i615ZeAfBE4XtMziQW1fSVJXACjjbWkB/mvPzlU= golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk= google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= google.golang.org/api v0.5.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= google.golang.org/api v0.6.0/go.mod h1:btoxGiFvQNVUZQ8W08zLtrVS08CNpINPEfxXxgJL1Q4= google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= google.golang.org/api v0.10.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM= google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc= google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg= google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE= google.golang.org/api v0.37.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8= google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8= google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= google.golang.org/api v0.46.0/go.mod h1:ceL4oozhkAiTID8XMmJBsIxID/9wMXJVVFXPg4ylg3I= google.golang.org/api v0.47.0/go.mod h1:Wbvgpq1HddcWVtzsVLyfLp8lDg6AA241LmgIL59tHXo= google.golang.org/api v0.48.0/go.mod h1:71Pr1vy+TAZRPkPs/xlCf5SsU8WjuAWv1Pfjbtukyy4= google.golang.org/api v0.50.0/go.mod h1:4bNT5pAuq5ji4SRZm+5QIkjny9JAyVD/3gaSihNefaw= google.golang.org/api v0.51.0/go.mod h1:t4HdrdoNgyN5cbEfm7Lum0lcLDLiise1F8qDKX00sOU= google.golang.org/api v0.54.0/go.mod h1:7C4bFFOvVDGXjfDTAsgGwDgAxRDeQ4X8NvUedIt6z3k= google.golang.org/api v0.247.0 h1:tSd/e0QrUlLsrwMKmkbQhYVa109qIintOls2Wh6bngc= google.golang.org/api v0.247.0/go.mod h1:r1qZOPmxXffXg6xS5uhx16Fa/UFY8QU/K4bfKrnvovM= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.3.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= google.golang.org/appengine v1.6.2/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/genproto v0.0.0-20170818010345-ee236bd376b0/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20181107211654-5fc9ac540362/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190508193815-b515fa19cec8/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190530194941-fb225487d101/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s= google.golang.org/genproto v0.0.0-20190620144150-6af8c5fc6601/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s= google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA= google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA= google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210126160654-44e461bb6506/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210331142528-b7513248f0ba/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= google.golang.org/genproto v0.0.0-20210427215850-f767ed18ee4d/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= google.golang.org/genproto v0.0.0-20210429181445-86c259c2b4ab/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= google.golang.org/genproto v0.0.0-20210513213006-bf773b8c8384/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= google.golang.org/genproto v0.0.0-20210604141403-392c879c8b08/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= google.golang.org/genproto v0.0.0-20210608205507-b6d2f5bf0d7d/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= google.golang.org/genproto v0.0.0-20210624195500-8bfb893ecb84/go.mod h1:SzzZ/N+nwJDaO1kznhnlzqS8ocJICar6hYhVyhi++24= google.golang.org/genproto v0.0.0-20210713002101-d411969a0d9a/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k= google.golang.org/genproto v0.0.0-20210716133855-ce7ef5c701ea/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k= google.golang.org/genproto v0.0.0-20210728212813-7823e685a01f/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= google.golang.org/genproto v0.0.0-20210805201207-89edb61ffb67/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= google.golang.org/genproto v0.0.0-20210813162853-db860fec028c/go.mod h1:cFeNkxwySK631ADgubI+/XFU/xp8FD5KIVV4rj8UC5w= google.golang.org/genproto v0.0.0-20210821163610-241b8fcbd6c8/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= google.golang.org/genproto v0.0.0-20250603155806-513f23925822 h1:rHWScKit0gvAPuOnu87KpaYtjK5zBMLcULh7gxkCXu4= google.golang.org/genproto v0.0.0-20250603155806-513f23925822/go.mod h1:HubltRL7rMh0LfnQPkMH4NPDFEWp0jw3vixw7jEM53s= google.golang.org/genproto/googleapis/api v0.0.0-20250818200422-3122310a409c h1:AtEkQdl5b6zsybXcbz00j1LwNodDuH6hVifIaNqk7NQ= google.golang.org/genproto/googleapis/api v0.0.0-20250818200422-3122310a409c/go.mod h1:ea2MjsO70ssTfCjiwHgI0ZFqcw45Ksuk2ckf9G468GA= google.golang.org/genproto/googleapis/rpc v0.0.0-20250818200422-3122310a409c h1:qXWI/sQtv5UKboZ/zUk7h+mrf/lXORyI+n9DKDAusdg= google.golang.org/genproto/googleapis/rpc v0.0.0-20250818200422-3122310a409c/go.mod h1:gw1tLEfykwDz2ET4a12jcXt4couGAm7IwsVaTy0Sflo= google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.0/go.mod h1:chYK+tFQF0nDUGJgXMSgLCQk3phJEuONr2DCgLDdAQM= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= google.golang.org/grpc v1.22.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60= google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.32.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8= google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= google.golang.org/grpc v1.37.1/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= google.golang.org/grpc v1.74.2 h1:WoosgB65DlWVC9FqI82dGsZhWFNBSLjQ84bjROOpMu4= google.golang.org/grpc v1.74.2/go.mod h1:CtQ+BGjaAIXHs/5YS3i473GqwBBa1zGQNevxdeBEXrM= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.25.1-0.20200805231151-a709e31e5d12/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.36.7 h1:IgrO7UwFQGJdRNXH/sQux4R1Dj1WAKcLElzeeRaXV2A= google.golang.org/protobuf v1.36.7/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= gopkg.in/cheggaaa/pb.v1 v1.0.28/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= gopkg.in/gcfg.v1 v1.2.3/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o= gopkg.in/go-playground/assert.v1 v1.2.1/go.mod h1:9RXL0bg/zibRAgZUYszZSwO/z8Y/a8bDuhia5mkpMnE= gopkg.in/go-playground/validator.v9 v9.29.1/go.mod h1:+c9/zcJMFNgbLvly1L1V+PpxWdVbfP1avr/N00E2vyQ= gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k= gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= gopkg.in/src-d/go-billy.v4 v4.3.2/go.mod h1:nDjArDMp+XMs1aFAESLRjfGSgfvoYN0hDfzEk0GjC98= gopkg.in/src-d/go-git-fixtures.v3 v3.5.0/go.mod h1:dLBcvytrw/TYZsNTWCnkNF2DSIlzWYqTe3rJR56Ac7g= gopkg.in/src-d/go-git.v4 v4.13.1/go.mod h1:nx5NYcxdKxq5fpltdHnPa2Exj4Sx0EclMWZQbYDu2z8= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= pack.ag/amqp v0.11.2/go.mod h1:4/cbmt4EJXSKlG6LCfWHoqmN0uFdy5i/+YFz+fTfhV4= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= sourcegraph.com/sourcegraph/appdash v0.0.0-20190731080439-ebfcffb1b5c0/go.mod h1:hI742Nqp5OhwiqlzhgfbWU4mW4yO10fP+LoT9WOswdU= go-tpm-tools-0.4.7/verifier/ita/000077500000000000000000000000001510276467000164635ustar00rootroot00000000000000go-tpm-tools-0.4.7/verifier/ita/client.go000066400000000000000000000157111510276467000202750ustar00rootroot00000000000000package ita import ( "bytes" "context" "crypto/sha512" "crypto/tls" "encoding/json" "errors" "fmt" "io" "net/http" "strings" "github.com/google/go-tpm-tools/verifier" ) const ( nonceEndpoint = "/appraisal/v2/nonce" tokenEndpoint = "/appraisal/v2/attest/gcp/confidentialspace" apiKeyHeader = "x-api-key" acceptHeader = "Accept" contentTypeHeader = "Content-Type" applicationJSON = "application/json" challengeNamePrefix = "ita://" ) var regionalURLs map[string]string = map[string]string{ "US": "https://api.trustauthority.intel.com", "EU": "https://api.eu.trustauthority.intel.com", } type client struct { inner *http.Client apiURL string apiKey string } func urlFromRegion(region string) (string, error) { if region == "" { return "", errors.New("API region required to initialize ITA client") } url, ok := regionalURLs[strings.ToUpper(region)] if !ok { // Create list of allowed regions. keys := []string{} for k := range regionalURLs { keys = append(keys, k) } return "", fmt.Errorf("unsupported region %v, expect one of %v", region, keys) } return url, nil } // Confirm that client implements verifier.Client interface. var _ verifier.Client = (*client)(nil) type itaNonce struct { Val []byte `json:"val"` Iat []byte `json:"iat"` Signature []byte `json:"signature"` } // The ITA evidence nonce is a concatenation+hash of Val and Iat. See references below: // https://github.com/intel/trustauthority-client-for-go/blob/main/go-connector/attest.go#L22 // https://github.com/intel/trustauthority-client-for-go/blob/main/go-tdx/tdx_adapter.go#L37 func createHashedNonce(nonce *itaNonce) ([]byte, error) { hash := sha512.New() _, err := hash.Write(append(nonce.Val, nonce.Iat...)) if err != nil { return nil, fmt.Errorf("error hashing ITA nonce: %v", err) } return hash.Sum(nil), err } func NewClient(itaConfig verifier.ITAConfig) (verifier.Client, error) { //region string, key string) (verifier.Client, error) { url, err := urlFromRegion(itaConfig.ITARegion) if err != nil { return nil, err } return &client{ inner: &http.Client{ Transport: &http.Transport{ // https://github.com/intel/trustauthority-client-for-go/blob/main/go-connector/token.go#L130. TLSClientConfig: &tls.Config{ CipherSuites: []uint16{ tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, }, InsecureSkipVerify: false, MinVersion: tls.VersionTLS12, }, Proxy: http.ProxyFromEnvironment, }, }, apiURL: url, apiKey: itaConfig.ITAKey, }, nil } func (c *client) CreateChallenge(_ context.Context) (*verifier.Challenge, error) { url := c.apiURL + nonceEndpoint headers := map[string]string{ acceptHeader: applicationJSON, } resp := &itaNonce{} if err := c.doHTTPRequest(http.MethodGet, url, nil, headers, &resp); err != nil { return nil, err } nonce, err := createHashedNonce(resp) if err != nil { return nil, err } return &verifier.Challenge{ Name: challengeNamePrefix + string(resp.Val), Nonce: nonce, Val: resp.Val, Iat: resp.Iat, Signature: resp.Signature, }, nil } func (c *client) VerifyAttestation(_ context.Context, request verifier.VerifyAttestationRequest) (*verifier.VerifyAttestationResponse, error) { if request.TDCCELAttestation == nil { return nil, errors.New("TDX required for ITA attestation") } tokenReq := convertRequestToTokenRequest(request) url := c.apiURL + tokenEndpoint headers := map[string]string{ apiKeyHeader: c.apiKey, acceptHeader: applicationJSON, contentTypeHeader: applicationJSON, } resp := &tokenResponse{} if err := c.doHTTPRequest(http.MethodPost, url, tokenReq, headers, &resp); err != nil { return nil, err } return &verifier.VerifyAttestationResponse{ ClaimsToken: []byte(resp.Token), }, nil } func (c *client) doHTTPRequest(method string, url string, reqStruct any, headers map[string]string, respStruct any) error { // Create HTTP request. var req *http.Request var err error if reqStruct != nil { body, err := json.Marshal(reqStruct) if err != nil { return fmt.Errorf("error marshaling request: %v", err) } req, err = http.NewRequest(method, url, bytes.NewReader(body)) if err != nil { return fmt.Errorf("error creating HTTP request: %v", err) } } else { req, err = http.NewRequest(method, url, nil) if err != nil { return fmt.Errorf("error creating HTTP request: %v", err) } } // Add headers to request. headers[apiKeyHeader] = string(c.apiKey) for key, val := range headers { req.Header.Add(key, val) } resp, err := c.inner.Do(req) if err != nil { return fmt.Errorf("HTTP request error: %v", err) } defer resp.Body.Close() // Read and unmarshal response body. respBody, err := io.ReadAll(resp.Body) if err != nil { return fmt.Errorf("error reading response body: %v", err) } if resp.StatusCode != http.StatusOK { return fmt.Errorf("HTTP request failed with status code %d, response body %s", resp.StatusCode, string(respBody)) } if err := json.Unmarshal(respBody, respStruct); err != nil { return fmt.Errorf("error unmarshaling response: %v", err) } return nil } func convertRequestToTokenRequest(request verifier.VerifyAttestationRequest) tokenRequest { // Trim trailing 0xFF bytes from CCEL Data. data := request.TDCCELAttestation.CcelData trimIndex := len(data) for ; trimIndex >= 0; trimIndex-- { c := data[trimIndex-1] // Proceed until 0xFF padding ends. if c != byte(255) { break } } tokenReq := tokenRequest{ PolicyMatch: true, TDX: tdxEvidence{ EventLog: data[:trimIndex], CanonicalEventLog: request.TDCCELAttestation.CanonicalEventLog, Quote: request.TDCCELAttestation.TdQuote, VerifierNonce: nonce{ Val: request.Challenge.Val, Iat: request.Challenge.Iat, Signature: request.Challenge.Signature, }, }, SigAlg: "RS256", // Figure out what this should be. GCP: gcpData{ AKCert: request.TDCCELAttestation.AkCert, IntermediateCerts: request.TDCCELAttestation.IntermediateCerts, CSInfo: confidentialSpaceInfo{ TokenOpts: tokenOptions{}, }, }, } if request.TokenOptions != nil { tokenReq.GCP.CSInfo.TokenOpts = tokenOptions{ Audience: request.TokenOptions.Audience, Nonces: request.TokenOptions.Nonces, TokenType: request.TokenOptions.TokenType, TokenTypeOpts: tokenTypeOptions{}, } } for _, token := range request.GcpCredentials { tokenReq.GCP.GcpCredentials = append(tokenReq.GCP.GcpCredentials, string(token)) } for _, sig := range request.ContainerImageSignatures { itaSig := containerSignature{ Payload: sig.Payload, Signature: sig.Signature, } tokenReq.GCP.CSInfo.SignedEntities = append(tokenReq.GCP.CSInfo.SignedEntities, itaSig) } return tokenReq } func (c *client) VerifyConfidentialSpace(ctx context.Context, request verifier.VerifyAttestationRequest) (*verifier.VerifyAttestationResponse, error) { return c.VerifyAttestation(ctx, request) } go-tpm-tools-0.4.7/verifier/ita/client_test.go000066400000000000000000000256401510276467000213360ustar00rootroot00000000000000package ita import ( "bytes" "context" "encoding/json" "io" "net/http" "net/http/httptest" "strings" "testing" "github.com/google/go-cmp/cmp" "github.com/google/go-tpm-tools/verifier" "github.com/google/go-tpm-tools/verifier/models" ) var testVerifierRequest = verifier.VerifyAttestationRequest{ GcpCredentials: [][]byte{ []byte("test-token1"), []byte("test-token2"), }, ContainerImageSignatures: []*verifier.ContainerSignature{ { Payload: []byte("test-payload1"), Signature: []byte("test-signature1"), }, { Payload: []byte("test-payload2"), Signature: []byte("test-signature2"), }, }, TDCCELAttestation: &verifier.TDCCELAttestation{ CcelData: []byte("test-ccelData"), CanonicalEventLog: []byte("test-cel"), TdQuote: []byte("test-quote"), AkCert: []byte("test-akcert"), IntermediateCerts: [][]byte{ []byte("test-intermediate1"), []byte("test-intermediate2"), }, }, Challenge: &verifier.Challenge{ Val: []byte("test-nonce-val"), Iat: []byte("123456"), Signature: []byte("test-nonce-sig"), }, TokenOptions: &models.TokenOptions{ Audience: "testaud", Nonces: []string{"testnonces"}, TokenType: "testtokentype", }, } func validateHTTPRequest(t *testing.T, r *http.Request, expectedMethod string, expectedHeaders map[string]string, expectedPath string) { // Verify HTTP Method. if r.Method != expectedMethod { t.Errorf("HTTP request does not have expected method: got %v, want %v", r.Method, http.MethodGet) } // Verify HTTP headers. for key, val := range expectedHeaders { if r.Header.Get(key) != val { t.Errorf("HTTP request does not have expected Content-Type header: got %s, want %s", r.Header.Get(key), val) } } // Verify requested path. if expectedPath != "" && r.URL.Path != expectedPath { t.Errorf("HTTP request does not have expected endpoint: got %v, want %v", r.URL.Path, nonceEndpoint) } } func TestCreateChallenge(t *testing.T) { testNonce := &itaNonce{ Val: []byte("test-val"), Iat: []byte("test-iat"), Signature: []byte("test-signature"), } expectedNonce, err := createHashedNonce(testNonce) if err != nil { t.Fatalf("Unable to create expected nonce: %v", err) } expectedAPIKey := "test-api-key" expectedHeaders := map[string]string{ apiKeyHeader: expectedAPIKey, acceptHeader: applicationJSON, } ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { validateHTTPRequest(t, r, http.MethodGet, expectedHeaders, nonceEndpoint) // Send HTTP Response. marshaled, err := json.Marshal(testNonce) if err != nil { t.Fatalf("Unable to marshal server response: %s", testNonce) } w.Write(marshaled) })) itaClient := &client{ inner: http.DefaultClient, apiURL: ts.URL, apiKey: expectedAPIKey, } challenge, err := itaClient.CreateChallenge(context.Background()) if err != nil { t.Fatalf("CreateChallenge() returned error: %v", err) } expectedChallenge := &verifier.Challenge{ Name: challengeNamePrefix + string(testNonce.Val), Nonce: expectedNonce, Val: testNonce.Val, Iat: testNonce.Iat, Signature: testNonce.Signature, } if diff := cmp.Diff(*challenge, *expectedChallenge); diff != "" { t.Errorf("CreateChallenge() did not return the expected challenge: %v", diff) } } func TestVerifyAttestation(t *testing.T) { expectedReq := convertRequestToTokenRequest(testVerifierRequest) expectedResp := &verifier.VerifyAttestationResponse{ ClaimsToken: []byte("test-ita-token"), } expectedAPIKey := "test-api-key" expectedHeaders := map[string]string{ apiKeyHeader: expectedAPIKey, acceptHeader: applicationJSON, contentTypeHeader: applicationJSON, } ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { validateHTTPRequest(t, r, http.MethodPost, expectedHeaders, tokenEndpoint) // Verify HTTP Request body. defer r.Body.Close() reqBody, err := io.ReadAll(r.Body) if err != nil { t.Fatalf("Error reading HTTP request body: %s", err) } req := tokenRequest{} if err = json.Unmarshal(reqBody, &req); err != nil { t.Fatalf("Error unmarshaling HTTP request body: %s", err) } if diff := cmp.Diff(req, expectedReq); diff != "" { t.Errorf("Incorrect request recieved by server: %v", diff) } // Send HTTP Response. resp := tokenResponse{ Token: string(expectedResp.ClaimsToken), } marshaled, err := json.Marshal(resp) if err != nil { t.Fatalf("Unable to marshal server response: %s", expectedResp) } w.Write(marshaled) })) itaClient := &client{ inner: http.DefaultClient, apiURL: ts.URL, apiKey: expectedAPIKey, } verifyResp, err := itaClient.VerifyAttestation(context.Background(), testVerifierRequest) if err != nil { t.Fatalf("VerifyAttestation() returned error: %v", err) } if diff := cmp.Diff(verifyResp, expectedResp); diff != "" { t.Errorf("VerifyAttestation did not return expected response: %v", diff) } } func TestDoHTTPRequest(t *testing.T) { expectedHeaders := map[string]string{ apiKeyHeader: "testAPIKey", acceptHeader: applicationJSON, } expectedMethod := http.MethodPost expectedReq := tokenRequest{ PolicyMatch: true, SigAlg: "testsigalg", TDX: tdxEvidence{ EventLog: []byte("test event log"), CanonicalEventLog: []byte("test CEL"), Quote: []byte("test quote"), }, } expectedResp := tokenResponse{ Token: "test-token", } ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { validateHTTPRequest(t, r, expectedMethod, expectedHeaders, "") // Verify HTTP Request body. defer r.Body.Close() reqBody, err := io.ReadAll(r.Body) if err != nil { t.Fatalf("Error reading HTTP request body: %s", err) } req := tokenRequest{} if err = json.Unmarshal(reqBody, &req); err != nil { t.Fatalf("Error unmarshaling HTTP request body: %s", err) } if diff := cmp.Diff(req, expectedReq); diff != "" { t.Errorf("Incorrect request recieved by server: %v", diff) } // Send HTTP Response. marshaled, err := json.Marshal(expectedResp) if err != nil { t.Fatalf("Unable to marshal server response: %s", expectedResp) } w.Write(marshaled) })) itaClient := client{ inner: http.DefaultClient, } resp := &tokenResponse{} if err := itaClient.doHTTPRequest(expectedMethod, ts.URL, expectedReq, expectedHeaders, resp); err != nil { t.Fatalf("doHTTPRequest returned error: %v", err) } if diff := cmp.Diff(*resp, expectedResp); diff != "" { t.Errorf("doHTTPRequest did not return expected response: %v", diff) } } func TestConvertRequestToTokenRequest(t *testing.T) { expectedRequest := tokenRequest{ PolicyMatch: true, TDX: tdxEvidence{ // Add EventLog field. EventLog: testVerifierRequest.TDCCELAttestation.CcelData, CanonicalEventLog: testVerifierRequest.TDCCELAttestation.CanonicalEventLog, Quote: testVerifierRequest.TDCCELAttestation.TdQuote, VerifierNonce: nonce{ Val: testVerifierRequest.Challenge.Val, Iat: testVerifierRequest.Challenge.Iat, Signature: testVerifierRequest.Challenge.Signature, }, }, SigAlg: "RS256", // Figure out what this should be. GCP: gcpData{ GcpCredentials: []string{ string(testVerifierRequest.GcpCredentials[0]), string(testVerifierRequest.GcpCredentials[1]), }, AKCert: testVerifierRequest.TDCCELAttestation.AkCert, IntermediateCerts: testVerifierRequest.TDCCELAttestation.IntermediateCerts, CSInfo: confidentialSpaceInfo{ SignedEntities: []containerSignature{ { Payload: testVerifierRequest.ContainerImageSignatures[0].Payload, Signature: testVerifierRequest.ContainerImageSignatures[0].Signature, }, { Payload: testVerifierRequest.ContainerImageSignatures[1].Payload, Signature: testVerifierRequest.ContainerImageSignatures[1].Signature, }, }, TokenOpts: tokenOptions{ Audience: testVerifierRequest.TokenOptions.Audience, Nonces: testVerifierRequest.TokenOptions.Nonces, TokenType: testVerifierRequest.TokenOptions.TokenType, TokenTypeOpts: tokenTypeOptions{}, }, }, }, } convertedReq := convertRequestToTokenRequest(testVerifierRequest) if diff := cmp.Diff(convertedReq, expectedRequest); diff != "" { t.Errorf("convertRequestToTokenRequest did not return expected tokenRequest: %v", diff) } } func TestConvertRequestToTokenRequestWithCCELDataPadding(t *testing.T) { padding := bytes.Repeat([]byte{255}, 20) request := verifier.VerifyAttestationRequest{ TDCCELAttestation: &verifier.TDCCELAttestation{ CcelData: append(testVerifierRequest.TDCCELAttestation.CcelData, padding...), CanonicalEventLog: []byte("test-cel"), TdQuote: []byte("test-quote"), AkCert: []byte("test-akcert"), IntermediateCerts: [][]byte{ []byte("test-intermediate1"), []byte("test-intermediate2"), }, }, Challenge: testVerifierRequest.Challenge, } expectedRequest := tokenRequest{ PolicyMatch: true, TDX: tdxEvidence{ // Expect padding to be stripped in converted request. EventLog: testVerifierRequest.TDCCELAttestation.CcelData, CanonicalEventLog: request.TDCCELAttestation.CanonicalEventLog, Quote: request.TDCCELAttestation.TdQuote, VerifierNonce: nonce{ Val: request.Challenge.Val, Iat: request.Challenge.Iat, Signature: request.Challenge.Signature, }, }, SigAlg: "RS256", // Figure out what this should be. GCP: gcpData{ AKCert: testVerifierRequest.TDCCELAttestation.AkCert, IntermediateCerts: testVerifierRequest.TDCCELAttestation.IntermediateCerts, }, } convertedReq := convertRequestToTokenRequest(request) if diff := cmp.Diff(convertedReq, expectedRequest); diff != "" { t.Errorf("convertRequestToTokenRequest did not return expected tokenRequest: %v", diff) } } func TestURLFromRegion(t *testing.T) { for region, expectedURL := range regionalURLs { t.Run(region+" region", func(t *testing.T) { url, err := urlFromRegion(region) if err != nil { t.Fatalf("urlAndKey returned error: %v", err) } if url != expectedURL { t.Errorf("urlAndKey did not return expected URL: got %v, want %v", url, expectedURL) } }) } } func TestURLFromRegionError(t *testing.T) { testcases := []struct { name string region string expectedSubstr string }{ { name: "Unsupported region", region: "ANTARCTICA", expectedSubstr: "unsupported region", }, { name: "Empty input", region: "", expectedSubstr: "region required", }, } for _, tc := range testcases { t.Run(tc.name, func(t *testing.T) { _, err := urlFromRegion(tc.region) if err == nil { t.Fatal("urlAndKey returned successfully, expected error") } if !strings.Contains(err.Error(), tc.expectedSubstr) { t.Errorf("urlAndKey did not return expected error: got %v, want %v", err.Error(), tc.expectedSubstr) } }) } } go-tpm-tools-0.4.7/verifier/ita/evidence.go000066400000000000000000000032341510276467000205760ustar00rootroot00000000000000package ita type tdxEvidence struct { EventLog []byte `json:"event_log"` CanonicalEventLog []byte `json:"canonical_event_log"` Quote []byte `json:"quote"` VerifierNonce nonce `json:"verifier_nonce"` } type nonce struct { Val []byte `json:"val"` Iat []byte `json:"iat"` Signature []byte `json:"signature"` } type containerSignature struct { Payload []byte `json:"payload"` Signature []byte `json:"signature"` } type keyIDs struct { IDs map[string][]string `json:"key_ids"` } type principalTags struct { ContainerSignatureKIDs keyIDs `json:"container_image_signatures"` } type tokenTypeOptions struct { AllowedPrincipalTags principalTags `json:"allowed_principal_tags"` } type tokenOptions struct { Audience string `json:"audience"` Nonces []string `json:"nonce"` TokenType string `json:"token_type"` TokenTypeOpts tokenTypeOptions `json:"token_type_options"` } type confidentialSpaceInfo struct { SignedEntities []containerSignature `json:"signed_entities"` TokenOpts tokenOptions `json:"token_options"` } type gcpData struct { GcpCredentials []string `json:"gcp_credentials"` AKCert []byte `json:"ak_cert"` IntermediateCerts [][]byte `json:"intermediate_certs"` CSInfo confidentialSpaceInfo `json:"confidential_space_info"` } type tokenRequest struct { PolicyMatch bool `json:"policy_must_match"` TDX tdxEvidence `json:"tdx"` SigAlg string `json:"token_signing_alg"` GCP gcpData `json:"gcpcs"` } type tokenResponse struct { Token string `json:"token"` } go-tpm-tools-0.4.7/verifier/models/000077500000000000000000000000001510276467000171715ustar00rootroot00000000000000go-tpm-tools-0.4.7/verifier/models/token_options.go000066400000000000000000000023101510276467000224070ustar00rootroot00000000000000// Package models contains models needed in client and server package models // TokenOptions contains fields that will be passed to the Attestation Service TokenOptions field. // These fields are used to customize several claims in the token from the Attestation service. type TokenOptions struct { Audience string `json:"audience"` Nonces []string `json:"nonces"` TokenType string `json:"token_type"` PrincipalTagOptions *AWSPrincipalTagsOptions `json:"aws_principal_tag_options"` } // AWSPrincipalTagsOptions represents the options for the AWSPrincipalTag token type. type AWSPrincipalTagsOptions struct { AllowedPrincipalTags *AllowedPrincipalTags `json:"allowed_principal_tags"` } // AllowedPrincipalTags allows for requestors to configure what principal tags are contained in the // resulting GCA token. type AllowedPrincipalTags struct { ContainerImageSignatures *ContainerImageSignatures `json:"container_image_signatures"` } // ContainerImageSignatures represents the configuration for AllowedPrincipalTags for // ContainerImageSignature claims type ContainerImageSignatures struct { KeyIDs []string `json:"key_ids"` } go-tpm-tools-0.4.7/verifier/oci/000077500000000000000000000000001510276467000164605ustar00rootroot00000000000000go-tpm-tools-0.4.7/verifier/oci/cosign/000077500000000000000000000000001510276467000177425ustar00rootroot00000000000000go-tpm-tools-0.4.7/verifier/oci/cosign/fakesignature.go000066400000000000000000000017351510276467000231270ustar00rootroot00000000000000package cosign import ( "encoding/base64" "fmt" "github.com/google/go-tpm-tools/verifier/oci" ) type fakeSig struct { data string sigAlg oci.SigningAlgorithm } // NewFakeSignature constructs a new fake oci.Signature given data and signature algorithm. func NewFakeSignature(data string, sigAlg oci.SigningAlgorithm) oci.Signature { return &fakeSig{data, sigAlg} } // Payload returns a fake payload. func (f fakeSig) Payload() ([]byte, error) { return []byte(f.data + "," + string(f.sigAlg)), nil } // Base64Encoded returns a fake base64 encoded signature. func (f fakeSig) Base64Encoded() (string, error) { return base64.StdEncoding.EncodeToString([]byte(f.data)), nil } // PublicKey returns a fake public key. func (f fakeSig) PublicKey() ([]byte, error) { return nil, fmt.Errorf("not implemented") } // SigningAlgorithm returns a fake signature algorithm. func (f fakeSig) SigningAlgorithm() (oci.SigningAlgorithm, error) { return "", fmt.Errorf("not implemented") } go-tpm-tools-0.4.7/verifier/oci/cosign/signature.go000066400000000000000000000065511510276467000223010ustar00rootroot00000000000000// Package cosign contains functionalities to interact with signatures generated by cosign. // https://github.com/sigstore/cosign/blob/main/specs/SIGNATURE_SPEC.md. package cosign import ( "encoding/base64" "errors" "fmt" "github.com/google/go-tpm-tools/verifier/oci" "github.com/opencontainers/go-digest" v1 "github.com/opencontainers/image-spec/specs-go/v1" ) // Sig implements oci.Signature interface for cosign-generated signatures. type Sig struct { // Layer represents a layer descriptor for OCI image manifest. // This contains the simple signing payload digest and Cosign signature, // collected from the OCI image manifest object found using https://github.com/sigstore/cosign/blob/main/specs/SIGNATURE_SPEC.md#tag-based-discovery. Layer v1.Descriptor // Blob represents the opaque data uploaded to OCI registry associated with the layer. // This contains the Simple Signing Payload as described in https://github.com/sigstore/cosign/blob/main/specs/SIGNATURE_SPEC.md#tag-based-discovery. Blob []byte // SourceRepo represents the location that stores this signature. SourceRepo string } // CosignSigKey is the key of the cosign-generated signature embedded in OCI image manifest. const CosignSigKey = "dev.cosignproject.cosign/signature" var ( // Verify that our Sig struct implements the expected public interface. _ oci.Signature = Sig{} encoding = base64.StdEncoding ) // Payload implements oci.Signature interface. func (s Sig) Payload() ([]byte, error) { // The payload bytes are uploaded to an OCI registry as blob, and are referenced by digest. // This digiest is embedded into the OCI image manifest as a layer via a descriptor (see https://github.com/opencontainers/image-spec/blob/main/descriptor.md). // Here we compare the digest of the blob data with the layer digest to verify if this blob is associated with the layer. if digest.FromBytes(s.Blob) != s.Layer.Digest { return nil, errors.New("an unmatched payload digest is paired with a layer descriptor digest") } return s.Blob, nil } // Base64Encoded implements oci.Signature interface. func (s Sig) Base64Encoded() (string, error) { sig, ok := s.Layer.Annotations[CosignSigKey] if !ok { return "", errors.New("cosign signature not found in the layer annotations") } if _, err := encoding.DecodeString(sig); err != nil { return "", fmt.Errorf("invalid base64 encoded signature: %w", err) } return sig, nil } // PublicKey implements oci.Signature interface. // Since public key is attached to the `optional` field of payload, we don't actually implement this method. // Instead we send payload directly to the Attestation service and let the service parse the payload. func (s Sig) PublicKey() ([]byte, error) { return nil, fmt.Errorf("not implemented") } // SigningAlgorithm implements oci.Signature interface. // Since signing algorithm is attached to the `optional` field of payload, we don't actually implement this method. // Instead we send payload directly to the Attestation service and let the service parse the payload. func (s Sig) SigningAlgorithm() (oci.SigningAlgorithm, error) { return "", fmt.Errorf("not implemented") } // String returns signature details func (s Sig) String() string { sig, err := s.Base64Encoded() if err != nil { return fmt.Sprintf("[signature error: %s]", err.Error()) } return fmt.Sprintf("[signature: %q, sourceRepo: %q]", sig, s.SourceRepo) } go-tpm-tools-0.4.7/verifier/oci/cosign/signature_test.go000066400000000000000000000126321510276467000233350ustar00rootroot00000000000000package cosign import ( "bytes" "crypto/rand" "strings" "testing" "github.com/opencontainers/go-digest" v1 "github.com/opencontainers/image-spec/specs-go/v1" ) func TestPayload(t *testing.T) { testCases := []struct { name string blob []byte wantDigest digest.Digest wantPayload []byte wantPass bool }{ { name: "cosign signature Payload() success", blob: []byte(`{"critical":{"identity":{"docker-reference":"us-docker.pkg.dev/confidential-space-images-dev/cs-cosign-tests/base"},"image":{"docker-manifest-digest":"sha256:9494e567c7c44e8b9f8808c1658a47c9b7979ef3cceef10f48754fc2706802ba"},"type":"cosign container image signature"},"optional":null}`), wantDigest: "sha256:d1e44a76902409836227b982beb920189949927c2011f196594bd34c5bb8f8b1", wantPayload: []byte(`{"critical":{"identity":{"docker-reference":"us-docker.pkg.dev/confidential-space-images-dev/cs-cosign-tests/base"},"image":{"docker-manifest-digest":"sha256:9494e567c7c44e8b9f8808c1658a47c9b7979ef3cceef10f48754fc2706802ba"},"type":"cosign container image signature"},"optional":null}`), wantPass: true, }, { name: "cosign signature Payload() failed with unmatched digest", blob: []byte(`{"critical":{"identity":{"docker-reference":"us-docker.pkg.dev/confidential-space-images-dev/cs-cosign-tests/base"},"image":{"docker-manifest-digest":"sha256:9494e567c7c44e8b9f8808c1658a47c9b7979ef3cceef10f48754fc2706802ba"},"type":"cosign container image signature"},"optional":null}`), wantDigest: "sha256:unmatched digest", wantPayload: []byte{}, wantPass: false, }, } for _, tc := range testCases { t.Run(tc.name, func(t *testing.T) { sig := &Sig{ Layer: v1.Descriptor{ Digest: tc.wantDigest, }, Blob: tc.blob, } gotPayload, err := sig.Payload() if err != nil && tc.wantPass { t.Errorf("Payload() failed for test case %v: %v", tc.name, err) } if !bytes.Equal(gotPayload, tc.wantPayload) { t.Errorf("Payload() failed for test case %v: got %v, but want %v", tc.name, gotPayload, tc.wantPayload) } }) } } func TestBase64Encoded(t *testing.T) { testCases := []struct { name string wantSignatureKey string wantSignature string wantPass bool }{ { name: "cosign signature Base64Encoded() success", wantSignatureKey: CosignSigKey, wantSignature: randomBase64EncodedString(32), wantPass: true, }, { name: "cosign signature Base64Encoded() failed with mismatched signature key", wantSignatureKey: "mismatched signature key", wantSignature: "", wantPass: false, }, { name: "cosign signature Base64Encoded() failed with invalid base64 encoded signature", wantSignatureKey: CosignSigKey, wantSignature: "", wantPass: false, }, } for _, tc := range testCases { t.Run(tc.name, func(t *testing.T) { sig := &Sig{ Layer: v1.Descriptor{ Annotations: map[string]string{ tc.wantSignatureKey: tc.wantSignature, }, }, } gotSignature, err := sig.Base64Encoded() if err != nil && tc.wantPass { t.Errorf("Base64Encoded() failed for test case %v: %v", tc.name, err) } if gotSignature != tc.wantSignature { t.Errorf("Base64Encoded() failed for test case %v: got %v, but want %v", tc.name, gotSignature, tc.wantSignature) } }) } } func TestWorkflow(t *testing.T) { wantSig := randomBase64EncodedString(32) blob := []byte(`{"critical":{"identity":{"docker-reference":"us-docker.pkg.dev/confidential-space-images-dev/cs-cosign-tests/base"},"image":{"docker-manifest-digest":"sha256:9494e567c7c44e8b9f8808c1658a47c9b7979ef3cceef10f48754fc2706802ba"},"type":"cosign container image signature"},"optional":null}`) sig := &Sig{ Layer: v1.Descriptor{ Digest: digest.FromBytes(blob), Annotations: map[string]string{ CosignSigKey: wantSig, }, }, Blob: blob, } gotPayload, err := sig.Payload() if err != nil { t.Errorf("Payload() failed: %v", err) } if !bytes.Equal(gotPayload, blob) { t.Errorf("Payload() failed: got %v, but want %v", gotPayload, blob) } gotSig, err := sig.Base64Encoded() if err != nil { t.Errorf("Base64Encoded() failed: %v", err) } if gotSig != wantSig { t.Errorf("Base64Encoded() failed, got %s, but want %s", gotSig, wantSig) } } func TestString(t *testing.T) { testCases := []struct { name string sourceRepo string b64Sig string wantString string }{ { name: "successful signature details", sourceRepo: "gcr.io/hello_world", b64Sig: "aGVsbG8gd29ybGQ=", // base64 encoded "hello world" wantString: `signature: "aGVsbG8gd29ybGQ=", sourceRepo: "gcr.io/hello_world"`, }, { name: "erronous signature details", sourceRepo: "gcr.io/hello_world", b64Sig: "invalid", wantString: `signature error: invalid base64 encoded signature`, }, } for _, tc := range testCases { t.Run(tc.name, func(t *testing.T) { sig := &Sig{ Layer: v1.Descriptor{ Annotations: map[string]string{ CosignSigKey: tc.b64Sig, }, }, SourceRepo: tc.sourceRepo, } gotString := sig.String() if !strings.Contains(gotString, tc.wantString) { t.Errorf("String() failed, got %s, but want %s", gotString, tc.wantString) } }) } } func randomBase64EncodedString(n int) string { b := make([]byte, n) _, err := rand.Read(b) if err != nil { return "" } return encoding.EncodeToString(b) } go-tpm-tools-0.4.7/verifier/oci/interface.go000066400000000000000000000052401510276467000207500ustar00rootroot00000000000000// Package oci contains functionalities to interact with OCI image signatures. // https://github.com/opencontainers/image-spec/tree/main#readme. package oci // SigningAlgorithm is a specific type for string constants used for sigature signing and verification. type SigningAlgorithm string const ( // RSASSAPSS2048SHA256 is RSASSA-PSS 2048 bit key with a SHA256 digest supported for cosign sign. RSASSAPSS2048SHA256 SigningAlgorithm = "RSASSA_PSS_SHA256" // RSASSAPSS3072SHA256 is RSASSA-PSS 3072 bit key with a SHA256 digest supported for cosign sign. RSASSAPSS3072SHA256 SigningAlgorithm = "RSASSA_PSS_SHA256" // RSASSAPSS4096SHA256 is RSASSA-PSS 4096 bit key with a SHA256 digest supported for cosign sign. RSASSAPSS4096SHA256 SigningAlgorithm = "RSASSA_PSS_SHA256" // RSASSAPKCS1V152048SHA256 is RSASSA-PKCS1 v1.5 2048 bit key with a SHA256 digest supported for cosign sign. RSASSAPKCS1V152048SHA256 SigningAlgorithm = "RSASSA_PKCS1V15_SHA256" // RSASSAPKCS1V153072SHA256 is RSASSA-PKCS1 v1.5 3072 bit key with a SHA256 digest supported for cosign sign. RSASSAPKCS1V153072SHA256 SigningAlgorithm = "RSASSA_PKCS1V15_SHA256" // RSASSAPKCS1V154096SHA256 is RSASSA-PKCS1 v1.5 4096 bit key with a SHA256 digest supported for cosign sign. RSASSAPKCS1V154096SHA256 SigningAlgorithm = "RSASSA_PKCS1V15_SHA256" // ECDSAP256SHA256 is ECDSA on the P-256 Curve with a SHA256 digest supported for cosign sign. ECDSAP256SHA256 SigningAlgorithm = "ECDSA_P256_SHA256" ) // Signature represents a single OCI image signature. type Signature interface { // Payload returns the blob data associated with a signature uploaded to an OCI registry. Payload() ([]byte, error) // Base64Encoded returns the base64-encoded signature of the signed payload. Base64Encoded() (string, error) // PublicKey returns a public key in the format of PEM-encoded byte slice. PublicKey() ([]byte, error) // SigningAlgorithm returns the signing algorithm specifications in the format of: // 1. RSASSAPSS2048SHA256 (RSASSA algorithm with PSS padding 2048 bit key with a SHA256 digest) // 2. RSASSAPSS3072SHA256 (RSASSA algorithm with PSS padding 3072 bit key with a SHA256 digest) // 3. RSASSAPSS4096SHA256 (RSASSA algorithm with PSS padding 4096 bit key with a SHA256 digest) // 4. RSASSAPKCS1V152048SHA256 (RSASSA algorithm with PKCS #1 v1.5 padding 2048 bit key with a SHA256 digest) // 5. RSASSAPKCS1V153072SHA256 (RSASSA algorithm with PKCS #1 v1.5 padding 3072 bit key with a SHA256 digest) // 6. RSASSAPKCS1V154096SHA256 (RSASSA algorithm with PKCS #1 v1.5 padding 4096 bit key with a SHA256 digest) // 7. ECDSAP256SHA256 (ECDSA on the P-256 Curve with a SHA256 digest) SigningAlgorithm() (SigningAlgorithm, error) } go-tpm-tools-0.4.7/verifier/rest/000077500000000000000000000000001510276467000166635ustar00rootroot00000000000000go-tpm-tools-0.4.7/verifier/rest/errors.go000066400000000000000000000010361510276467000205260ustar00rootroot00000000000000package rest import ( "fmt" "strings" ) // BadRegionError indicates that: // - the requested Region cannot be used with this API // - other Regions _can_ be used with this API type BadRegionError struct { RequestedRegion string AvailableRegions []string err error } func (e *BadRegionError) Error() string { return fmt.Sprintf( "invalid region %q, available regions are [%s]: %v", e.RequestedRegion, strings.Join(e.AvailableRegions, ", "), e.err, ) } func (e *BadRegionError) Unwrap() error { return e.err } go-tpm-tools-0.4.7/verifier/rest/rest.go000066400000000000000000000340341510276467000201730ustar00rootroot00000000000000// Package rest contains the code to use the REST-based Google API package rest import ( "context" "encoding/base64" "fmt" "log" "time" sabi "github.com/google/go-sev-guest/abi" spb "github.com/google/go-sev-guest/proto/sevsnp" tabi "github.com/google/go-tdx-guest/abi" tpb "github.com/google/go-tdx-guest/proto/tdx" "github.com/google/go-tpm-tools/verifier" "github.com/google/go-tpm-tools/verifier/models" "github.com/google/go-tpm-tools/verifier/oci" "github.com/googleapis/gax-go/v2" v1 "cloud.google.com/go/confidentialcomputing/apiv1" ccpb "cloud.google.com/go/confidentialcomputing/apiv1/confidentialcomputingpb" "google.golang.org/api/iterator" "google.golang.org/api/option" locationpb "google.golang.org/genproto/googleapis/cloud/location" "google.golang.org/grpc/codes" ) /* confComputeCallOptions retries as follows for all confidential computing APIs: Timeout = 1000 milliseconds Initial interval = 500 milliseconds Maximum interval = 1000 milliseconds Maximum retries = 2 */ func confComputeCallOptions() *v1.CallOptions { callOption := []gax.CallOption{ gax.WithTimeout(1000 * time.Millisecond), gax.WithRetry(func() gax.Retryer { return gax.OnCodes([]codes.Code{ codes.Unavailable, codes.Internal, }, gax.Backoff{ Initial: 500 * time.Millisecond, Max: 1000 * time.Millisecond, Multiplier: 2.0, }) }), } return &v1.CallOptions{ CreateChallenge: callOption, VerifyAttestation: callOption, GetLocation: callOption, ListLocations: callOption, } } // NewClient creates a new REST client which is configured to perform // attestations in a particular project and region. Returns a *BadRegionError // if the requested project is valid, but the region is invalid. func NewClient(ctx context.Context, projectID string, region string, opts ...option.ClientOption) (verifier.Client, error) { client, err := v1.NewRESTClient(ctx, opts...) if err != nil { return nil, fmt.Errorf("can't create ConfidentialComputing v1 API client: %w", err) } // Override the default retry CallOptions with specific retry policies. client.CallOptions = confComputeCallOptions() projectName := fmt.Sprintf("projects/%s", projectID) locationName := fmt.Sprintf("%s/locations/%v", projectName, region) getReq := &locationpb.GetLocationRequest{ Name: locationName, } location, getErr := client.GetLocation(ctx, getReq) if getErr == nil { return &restClient{client, location}, nil } // If we can't get the location, try to list the locations. This handles // situations where the projectID is invalid. listReq := &locationpb.ListLocationsRequest{ Name: projectName, } listIter := client.ListLocations(ctx, listReq) // The project is valid, but can't get the desired region. var regions []string for { resp, err := listIter.Next() if err == iterator.Done { break } if err != nil { return nil, fmt.Errorf("listing regions in project %q: %w", projectID, err) } regions = append(regions, resp.LocationId) } return nil, &BadRegionError{ RequestedRegion: region, AvailableRegions: regions, err: getErr, } } type restClient struct { v1Client *v1.Client location *locationpb.Location } // CreateChallenge implements verifier.Client func (c *restClient) CreateChallenge(ctx context.Context) (*verifier.Challenge, error) { // Pass an empty Challenge for the input (all params are output-only) req := &ccpb.CreateChallengeRequest{ Parent: c.location.Name, Challenge: &ccpb.Challenge{}, } chal, err := c.v1Client.CreateChallenge(ctx, req) if err != nil { return nil, fmt.Errorf("calling v1.CreateChallenge in %v: %w", c.location.LocationId, err) } return convertChallengeFromREST(chal) } // VerifyAttestation implements verifier.Client func (c *restClient) VerifyAttestation(ctx context.Context, request verifier.VerifyAttestationRequest) (*verifier.VerifyAttestationResponse, error) { if request.Challenge == nil { return nil, fmt.Errorf("nil value provided in challenge") } if request.Attestation == nil && request.TDCCELAttestation == nil { return nil, fmt.Errorf("neither TPM nor TDX attestation is present") } req := convertRequestToREST(request) req.Challenge = request.Challenge.Name response, err := c.v1Client.VerifyAttestation(ctx, req) if err != nil { return nil, fmt.Errorf("calling v1.VerifyAttestation in %v: %w", c.location.LocationId, err) } return convertResponseFromREST(response) } func (c *restClient) VerifyConfidentialSpace(ctx context.Context, request verifier.VerifyAttestationRequest) (*verifier.VerifyAttestationResponse, error) { if request.Challenge == nil { return nil, fmt.Errorf("nil value provided in challenge") } if request.Attestation == nil && request.TDCCELAttestation == nil { return nil, fmt.Errorf("neither TPM nor TDX attestation is present") } csReq := convertCSRequestToREST(request) csReq.Challenge = request.Challenge.Name response, err := c.v1Client.VerifyConfidentialSpace(ctx, csReq) if err != nil { return nil, fmt.Errorf("calling v1.VerifyConfidentialSpace in %v: %w", c.location.LocationId, err) } return convertCSResponseFromREST(response), nil } var encoding = base64.StdEncoding func convertChallengeFromREST(chal *ccpb.Challenge) (*verifier.Challenge, error) { nonce, err := encoding.DecodeString(chal.TpmNonce) if err != nil { return nil, fmt.Errorf("failed to decode Challenge.Nonce: %w", err) } return &verifier.Challenge{ Name: chal.Name, Nonce: nonce, }, nil } func convertTokenOptionsToREST(tokenOpts *models.TokenOptions) *ccpb.TokenOptions { if tokenOpts == nil { return nil } optsPb := &ccpb.TokenOptions{ Audience: tokenOpts.Audience, Nonce: tokenOpts.Nonces, } switch tokenOpts.TokenType { case "OIDC": optsPb.TokenType = ccpb.TokenType_TOKEN_TYPE_OIDC case "PKI": optsPb.TokenType = ccpb.TokenType_TOKEN_TYPE_PKI case "LIMITED_AWS": optsPb.TokenType = ccpb.TokenType_TOKEN_TYPE_LIMITED_AWS case "AWS_PRINCIPALTAGS": optsPb.TokenType = ccpb.TokenType_TOKEN_TYPE_AWS_PRINCIPALTAGS optsPb.TokenTypeOptions = setAwsPrincipalTagOptions(tokenOpts) default: optsPb.TokenType = ccpb.TokenType_TOKEN_TYPE_UNSPECIFIED } return optsPb } func convertRequestToREST(request verifier.VerifyAttestationRequest) *ccpb.VerifyAttestationRequest { idTokens := make([]string, len(request.GcpCredentials)) for i, token := range request.GcpCredentials { idTokens[i] = string(token) } signatures := make([]*ccpb.ContainerImageSignature, len(request.ContainerImageSignatures)) for i, sig := range request.ContainerImageSignatures { signatures[i] = &ccpb.ContainerImageSignature{ Payload: sig.Payload, Signature: sig.Signature, } } verifyReq := &ccpb.VerifyAttestationRequest{ GcpCredentials: &ccpb.GcpCredentials{ ServiceAccountIdTokens: idTokens, }, ConfidentialSpaceInfo: &ccpb.ConfidentialSpaceInfo{ SignedEntities: []*ccpb.SignedEntity{{ContainerImageSignatures: signatures}}, }, TokenOptions: convertTokenOptionsToREST(request.TokenOptions), } if request.Attestation != nil { // TPM attestation route quotes := make([]*ccpb.TpmAttestation_Quote, len(request.Attestation.GetQuotes())) for i, quote := range request.Attestation.GetQuotes() { pcrVals := map[int32][]byte{} for idx, val := range quote.GetPcrs().GetPcrs() { pcrVals[int32(idx)] = val } quotes[i] = &ccpb.TpmAttestation_Quote{ RawQuote: quote.GetQuote(), RawSignature: quote.GetRawSig(), HashAlgo: int32(quote.GetPcrs().GetHash()), PcrValues: pcrVals, } } certs := make([][]byte, len(request.Attestation.GetIntermediateCerts())) for i, cert := range request.Attestation.GetIntermediateCerts() { certs[i] = cert } verifyReq.TpmAttestation = &ccpb.TpmAttestation{ Quotes: quotes, TcgEventLog: request.Attestation.GetEventLog(), CanonicalEventLog: request.Attestation.GetCanonicalEventLog(), AkCert: request.Attestation.GetAkCert(), CertChain: certs, } if request.Attestation.GetSevSnpAttestation() != nil { sevsnp, err := convertSEVSNPProtoToREST(request.Attestation.GetSevSnpAttestation()) if err != nil { log.Fatalf("Failed to convert SEVSNP proto to API proto: %v", err) } verifyReq.TeeAttestation = sevsnp } if request.Attestation.GetTdxAttestation() != nil { tdx, err := convertTDXProtoToREST(request.Attestation.GetTdxAttestation()) if err != nil { log.Fatalf("Failed to convert TD quote proto to API proto: %v", err) } verifyReq.TeeAttestation = tdx } } else if request.TDCCELAttestation != nil { // TDX attestation route // still need AK for GCE info! verifyReq.TpmAttestation = &ccpb.TpmAttestation{ AkCert: request.TDCCELAttestation.AkCert, CertChain: request.TDCCELAttestation.IntermediateCerts, } verifyReq.TeeAttestation = &ccpb.VerifyAttestationRequest_TdCcel{ TdCcel: &ccpb.TdxCcelAttestation{ TdQuote: request.TDCCELAttestation.TdQuote, CcelAcpiTable: request.TDCCELAttestation.CcelAcpiTable, CcelData: request.TDCCELAttestation.CcelData, CanonicalEventLog: request.TDCCELAttestation.CanonicalEventLog, }, } } return verifyReq } func convertResponseFromREST(resp *ccpb.VerifyAttestationResponse) (*verifier.VerifyAttestationResponse, error) { token := []byte(resp.GetOidcClaimsToken()) return &verifier.VerifyAttestationResponse{ ClaimsToken: token, PartialErrs: resp.PartialErrors, }, nil } func convertOCISignatureToREST(signature oci.Signature) (*ccpb.ContainerImageSignature, error) { payload, err := signature.Payload() if err != nil { return nil, err } b64Sig, err := signature.Base64Encoded() if err != nil { return nil, err } sigBytes, err := encoding.DecodeString(b64Sig) if err != nil { return nil, err } return &ccpb.ContainerImageSignature{ Payload: payload, Signature: sigBytes, }, nil } func convertSEVSNPProtoToREST(att *spb.Attestation) (*ccpb.VerifyAttestationRequest_SevSnpAttestation, error) { auxBlob := sabi.CertsFromProto(att.GetCertificateChain()).Marshal() rawReport, err := sabi.ReportToAbiBytes(att.GetReport()) if err != nil { return nil, err } return &ccpb.VerifyAttestationRequest_SevSnpAttestation{ SevSnpAttestation: &ccpb.SevSnpAttestation{ AuxBlob: auxBlob, Report: rawReport, }, }, nil } func convertTDXProtoToREST(att *tpb.QuoteV4) (*ccpb.VerifyAttestationRequest_TdCcel, error) { rawQuote, err := tabi.QuoteToAbiBytes(att) if err != nil { return nil, err } return &ccpb.VerifyAttestationRequest_TdCcel{ TdCcel: &ccpb.TdxCcelAttestation{ TdQuote: rawQuote, }, }, nil } func setAwsPrincipalTagOptions(requestTokenOptions *models.TokenOptions) *ccpb.TokenOptions_AwsPrincipalTagsOptions { if requestTokenOptions.PrincipalTagOptions == nil { return nil } options := &ccpb.TokenOptions_AwsPrincipalTagsOptions{ AwsPrincipalTagsOptions: &ccpb.AwsPrincipalTagsOptions{}, } if requestTokenOptions.PrincipalTagOptions.AllowedPrincipalTags == nil { return options } options.AwsPrincipalTagsOptions.AllowedPrincipalTags = &ccpb.AwsPrincipalTagsOptions_AllowedPrincipalTags{} if requestTokenOptions.PrincipalTagOptions.AllowedPrincipalTags.ContainerImageSignatures == nil { return options } options.AwsPrincipalTagsOptions.GetAllowedPrincipalTags().ContainerImageSignatures = &ccpb.AwsPrincipalTagsOptions_AllowedPrincipalTags_ContainerImageSignatures{ KeyIds: requestTokenOptions.PrincipalTagOptions.AllowedPrincipalTags.ContainerImageSignatures.KeyIDs, } return options } func convertCSRequestToREST(request verifier.VerifyAttestationRequest) *ccpb.VerifyConfidentialSpaceRequest { // Use convertRequestToREST to avoid duplicating conversion logic. verifyAttRequest := convertRequestToREST(request) csReq := &ccpb.VerifyConfidentialSpaceRequest{ Challenge: verifyAttRequest.Challenge, GcpCredentials: verifyAttRequest.GcpCredentials, SignedEntities: verifyAttRequest.ConfidentialSpaceInfo.SignedEntities, } if request.TDCCELAttestation != nil { // TDX Attestation. csReq.TeeAttestation = &ccpb.VerifyConfidentialSpaceRequest_TdCcel{ TdCcel: verifyAttRequest.GetTdCcel(), } // Set AK cert info. csReq.GceShieldedIdentity = &ccpb.GceShieldedIdentity{ AkCert: verifyAttRequest.TpmAttestation.AkCert, AkCertChain: verifyAttRequest.TpmAttestation.CertChain, } } else { // TPM Attestation. csReq.TeeAttestation = &ccpb.VerifyConfidentialSpaceRequest_TpmAttestation{ TpmAttestation: verifyAttRequest.TpmAttestation, } } csReq.Options = convertToCSOpts(verifyAttRequest.TokenOptions) return csReq } func convertToCSOpts(tokenOpts *ccpb.TokenOptions) *ccpb.VerifyConfidentialSpaceRequest_ConfidentialSpaceOptions { if tokenOpts == nil { return &ccpb.VerifyConfidentialSpaceRequest_ConfidentialSpaceOptions{ TokenProfile: ccpb.TokenProfile_TOKEN_PROFILE_DEFAULT_EAT, } } csOpts := &ccpb.VerifyConfidentialSpaceRequest_ConfidentialSpaceOptions{ Audience: tokenOpts.Audience, Nonce: tokenOpts.Nonce, } switch tokenOpts.TokenType { case ccpb.TokenType_TOKEN_TYPE_OIDC: csOpts.SignatureType = ccpb.SignatureType_SIGNATURE_TYPE_OIDC csOpts.TokenProfile = ccpb.TokenProfile_TOKEN_PROFILE_DEFAULT_EAT case ccpb.TokenType_TOKEN_TYPE_PKI: csOpts.SignatureType = ccpb.SignatureType_SIGNATURE_TYPE_PKI csOpts.TokenProfile = ccpb.TokenProfile_TOKEN_PROFILE_DEFAULT_EAT case ccpb.TokenType_TOKEN_TYPE_AWS_PRINCIPALTAGS, ccpb.TokenType_TOKEN_TYPE_LIMITED_AWS: csOpts.SignatureType = ccpb.SignatureType_SIGNATURE_TYPE_OIDC csOpts.TokenProfile = ccpb.TokenProfile_TOKEN_PROFILE_AWS if tokenOpts.TokenTypeOptions != nil { csOpts.TokenProfileOptions = &ccpb.VerifyConfidentialSpaceRequest_ConfidentialSpaceOptions_AwsPrincipalTagsOptions{ AwsPrincipalTagsOptions: tokenOpts.GetAwsPrincipalTagsOptions(), } } default: // TokenProfile must be specified. csOpts.TokenProfile = ccpb.TokenProfile_TOKEN_PROFILE_DEFAULT_EAT } return csOpts } func convertCSResponseFromREST(resp *ccpb.VerifyConfidentialSpaceResponse) *verifier.VerifyAttestationResponse { token := []byte(resp.GetAttestationToken()) return &verifier.VerifyAttestationResponse{ ClaimsToken: token, PartialErrs: resp.PartialErrors, } } go-tpm-tools-0.4.7/verifier/rest/rest_test.go000066400000000000000000000555271510276467000212440ustar00rootroot00000000000000package rest import ( "testing" "github.com/google/go-cmp/cmp" "github.com/google/go-cmp/cmp/cmpopts" "github.com/google/go-tpm-tools/proto/tpm" "github.com/google/go-tpm-tools/verifier" "github.com/google/go-tpm-tools/verifier/models" "github.com/google/uuid" "google.golang.org/genproto/googleapis/rpc/status" "google.golang.org/protobuf/encoding/prototext" "google.golang.org/protobuf/testing/protocmp" ccpb "cloud.google.com/go/confidentialcomputing/apiv1/confidentialcomputingpb" sabi "github.com/google/go-sev-guest/abi" spb "github.com/google/go-sev-guest/proto/sevsnp" tabi "github.com/google/go-tdx-guest/abi" tpb "github.com/google/go-tdx-guest/proto/tdx" tgtestdata "github.com/google/go-tdx-guest/testing/testdata" attestpb "github.com/google/go-tpm-tools/proto/attest" ) var ( tokenOptionsCompareOpts = []cmp.Option{ cmpopts.IgnoreUnexported(ccpb.TokenOptions{}), cmpopts.IgnoreUnexported(ccpb.TokenOptions_AwsPrincipalTagsOptions{}), cmpopts.IgnoreUnexported(ccpb.AwsPrincipalTagsOptions{}), cmpopts.IgnoreUnexported(ccpb.AwsPrincipalTagsOptions_AllowedPrincipalTags{}), cmpopts.IgnoreUnexported(ccpb.AwsPrincipalTagsOptions_AllowedPrincipalTags_ContainerImageSignatures{}), cmpopts.IgnoreUnexported(ccpb.VerifyConfidentialSpaceRequest_ConfidentialSpaceOptions{}), } ) // Make sure our conversion function can handle empty values. func TestConvertEmpty(t *testing.T) { if _, err := convertChallengeFromREST(&ccpb.Challenge{}); err != nil { t.Errorf("Converting empty challenge: %v", err) } _ = convertRequestToREST(verifier.VerifyAttestationRequest{}) if _, err := convertResponseFromREST(&ccpb.VerifyAttestationResponse{}); err != nil { t.Errorf("Converting empty challenge: %v", err) } } const ( emptyReport = ` version: 2 policy: 0xa0000 signature_algo: 1 report_data: '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01' family_id: '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' image_id: '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' measurement: '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' host_data: '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' id_key_digest: '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' author_key_digest: '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' report_id: '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' report_id_ma: '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' chip_id: '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' signature: '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' ` extraGUID = "00000000-0000-c0de-0000-000000000000" ) func TestConvertSEVSNPProtoToREST(t *testing.T) { report := &spb.Report{} if err := prototext.Unmarshal([]byte(emptyReport), report); err != nil { t.Fatalf("Unable to unmarshal SEV-SNP report proto: %v", err) } rawCertTable := testRawCertTable(t) certTable := &sabi.CertTable{} if err := certTable.Unmarshal(rawCertTable.table); err != nil { t.Fatalf("Failed to unmarshal certTable bytes: %v", err) } sevsnp := &spb.Attestation{Report: report, CertificateChain: certTable.Proto()} got, err := convertSEVSNPProtoToREST(sevsnp) if err != nil { t.Errorf("failed to convert SEVSNP proto to API proto: %v", err) } wantReport, err := sabi.ReportToAbiBytes(report) if err != nil { t.Fatalf("Unable to convert SEV-SNP report proto to ABI bytes: %v", err) } want := &ccpb.VerifyAttestationRequest_SevSnpAttestation{ SevSnpAttestation: &ccpb.SevSnpAttestation{ AuxBlob: rawCertTable.table, Report: wantReport, }, } if diff := cmp.Diff(got, want, protocmp.Transform()); diff != "" { t.Errorf("SEVSNP API proto mismatch: %s", diff) } } type testCertTable struct { table []byte extraraw []byte } func testRawCertTable(t testing.TB) *testCertTable { t.Helper() headers := make([]sabi.CertTableHeaderEntry, 6) // ARK, ASK, VCEK, VLEK, extra, NULL arkraw := []byte("ark") askraw := []byte("ask") vcekraw := []byte("vcek") vlekraw := []byte("vlek") extraraw := []byte("extra") var err error headers[0].GUID, err = uuid.Parse(sabi.ArkGUID) if err != nil { t.Fatalf("cannot parse uuid: %v", err) } headers[0].Offset = uint32(len(headers) * sabi.CertTableEntrySize) headers[0].Length = uint32(len(arkraw)) headers[1].GUID, err = uuid.Parse(sabi.AskGUID) if err != nil { t.Fatalf("cannot parse uuid: %v", err) } headers[1].Offset = headers[0].Offset + headers[0].Length headers[1].Length = uint32(len(askraw)) headers[2].GUID, err = uuid.Parse(sabi.VcekGUID) if err != nil { t.Fatalf("cannot parse uuid: %v", err) } headers[2].Offset = headers[1].Offset + headers[1].Length headers[2].Length = uint32(len(vcekraw)) headers[3].GUID, err = uuid.Parse(sabi.VlekGUID) if err != nil { t.Fatalf("cannot parse uuid: %v", err) } headers[3].Offset = headers[2].Offset + headers[2].Length headers[3].Length = uint32(len(vlekraw)) headers[4].GUID, err = uuid.Parse(extraGUID) if err != nil { t.Fatalf("cannot parse uuid: %v", err) } headers[4].Offset = headers[3].Offset + headers[3].Length headers[4].Length = uint32(len(extraraw)) result := &testCertTable{ table: make([]byte, headers[4].Offset+headers[4].Length), extraraw: extraraw, } for i, cert := range [][]byte{arkraw, askraw, vcekraw, vlekraw, extraraw} { if err := (&headers[i]).Write(result.table[i*sabi.CertTableEntrySize:]); err != nil { t.Fatalf("could not write header %d: %v", i, err) } copy(result.table[headers[i].Offset:], cert) } return result } func TestConvertTDXProtoToREST(t *testing.T) { testCases := []struct { name string quote func() *tpb.QuoteV4 wantPass bool }{ { name: "successful TD quote conversion", quote: func() *tpb.QuoteV4 { tdx, err := tabi.QuoteToProto(tgtestdata.RawQuote) if err != nil { t.Fatalf("Unable to convert Raw TD Quote to TDX V4 quote: %v", err) } quote, ok := tdx.(*tpb.QuoteV4) if !ok { t.Fatal("Quote format not supported, want QuoteV4 format") } return quote }, wantPass: true, }, { name: "nil TD quote conversion", quote: func() *tpb.QuoteV4 { return nil }, wantPass: false, }, } for _, tc := range testCases { got, err := convertTDXProtoToREST(tc.quote()) if err != nil && tc.wantPass { t.Errorf("failed to convert TDX proto to API proto: %v", err) } if tc.wantPass { want := &ccpb.VerifyAttestationRequest_TdCcel{ TdCcel: &ccpb.TdxCcelAttestation{ TdQuote: tgtestdata.RawQuote, }, } if diff := cmp.Diff(got, want, protocmp.Transform()); diff != "" { t.Errorf("TDX API proto mismatch: %s", diff) } } } } func TestConvertTokenOptionsToREST(t *testing.T) { testCases := []struct { name string tokenOptions *models.TokenOptions wantpb *ccpb.TokenOptions }{ { name: "NilTokenOptions", tokenOptions: nil, wantpb: nil, }, { name: "EmptyTokenOptions", tokenOptions: &models.TokenOptions{}, wantpb: &ccpb.TokenOptions{}, }, { name: "TokenOptionsHappyPath", tokenOptions: &models.TokenOptions{ Audience: "TestingAudience", Nonces: []string{"thisisthefirstnonce", "thisisthesecondnonce"}, TokenType: "AWS_PRINCIPALTAGS", PrincipalTagOptions: &models.AWSPrincipalTagsOptions{ AllowedPrincipalTags: &models.AllowedPrincipalTags{ ContainerImageSignatures: &models.ContainerImageSignatures{ KeyIDs: []string{"abcdefg", "12345"}, }, }, }, }, wantpb: &ccpb.TokenOptions{ Audience: "TestingAudience", Nonce: []string{"thisisthefirstnonce", "thisisthesecondnonce"}, TokenType: ccpb.TokenType_TOKEN_TYPE_AWS_PRINCIPALTAGS, TokenTypeOptions: &ccpb.TokenOptions_AwsPrincipalTagsOptions{ AwsPrincipalTagsOptions: &ccpb.AwsPrincipalTagsOptions{ AllowedPrincipalTags: &ccpb.AwsPrincipalTagsOptions_AllowedPrincipalTags{ ContainerImageSignatures: &ccpb.AwsPrincipalTagsOptions_AllowedPrincipalTags_ContainerImageSignatures{ KeyIds: []string{"abcdefg", "12345"}, }, }, }, }, }, }, { name: "TokenTypeOptionsMissingSubClasses", tokenOptions: &models.TokenOptions{ Audience: "TestingAudience", Nonces: []string{"thisisthefirstnonce", "thisisthesecondnonce"}, TokenType: "AWS_PRINCIPALTAGS", PrincipalTagOptions: &models.AWSPrincipalTagsOptions{ AllowedPrincipalTags: &models.AllowedPrincipalTags{}, }, }, wantpb: &ccpb.TokenOptions{ Audience: "TestingAudience", Nonce: []string{"thisisthefirstnonce", "thisisthesecondnonce"}, TokenType: ccpb.TokenType_TOKEN_TYPE_AWS_PRINCIPALTAGS, TokenTypeOptions: &ccpb.TokenOptions_AwsPrincipalTagsOptions{ AwsPrincipalTagsOptions: &ccpb.AwsPrincipalTagsOptions{ AllowedPrincipalTags: &ccpb.AwsPrincipalTagsOptions_AllowedPrincipalTags{}, }, }, }, }, { name: "MissingAudNonceTokenType", tokenOptions: &models.TokenOptions{ PrincipalTagOptions: &models.AWSPrincipalTagsOptions{ AllowedPrincipalTags: &models.AllowedPrincipalTags{}, }, }, wantpb: &ccpb.TokenOptions{ TokenTypeOptions: nil, }, }, { name: "MissingAudNonce", tokenOptions: &models.TokenOptions{ TokenType: "AWS_PRINCIPALTAGS", PrincipalTagOptions: &models.AWSPrincipalTagsOptions{ AllowedPrincipalTags: &models.AllowedPrincipalTags{}, }, }, wantpb: &ccpb.TokenOptions{ TokenType: ccpb.TokenType_TOKEN_TYPE_AWS_PRINCIPALTAGS, TokenTypeOptions: &ccpb.TokenOptions_AwsPrincipalTagsOptions{ AwsPrincipalTagsOptions: &ccpb.AwsPrincipalTagsOptions{ AllowedPrincipalTags: &ccpb.AwsPrincipalTagsOptions_AllowedPrincipalTags{}, }, }, }, }, { name: "TokenOptionsHappyPath", tokenOptions: &models.TokenOptions{ Audience: "TestingAudience", Nonces: []string{"thisisthefirstnonce", "thisisthesecondnonce"}, TokenType: "AWS_PRINCIPALTAGS", PrincipalTagOptions: &models.AWSPrincipalTagsOptions{ AllowedPrincipalTags: &models.AllowedPrincipalTags{ ContainerImageSignatures: &models.ContainerImageSignatures{ KeyIDs: []string{"abcdefg", "12345"}, }, }, }, }, wantpb: &ccpb.TokenOptions{ Audience: "TestingAudience", Nonce: []string{"thisisthefirstnonce", "thisisthesecondnonce"}, TokenType: ccpb.TokenType_TOKEN_TYPE_AWS_PRINCIPALTAGS, TokenTypeOptions: &ccpb.TokenOptions_AwsPrincipalTagsOptions{ AwsPrincipalTagsOptions: &ccpb.AwsPrincipalTagsOptions{ AllowedPrincipalTags: &ccpb.AwsPrincipalTagsOptions_AllowedPrincipalTags{ ContainerImageSignatures: &ccpb.AwsPrincipalTagsOptions_AllowedPrincipalTags_ContainerImageSignatures{ KeyIds: []string{"abcdefg", "12345"}, }, }, }, }, }, }, { name: "OIDCTokenType", tokenOptions: &models.TokenOptions{ TokenType: "OIDC", }, wantpb: &ccpb.TokenOptions{ TokenType: ccpb.TokenType_TOKEN_TYPE_OIDC, }, }, { name: "OIDCTokenType", tokenOptions: &models.TokenOptions{ TokenType: "OIDC", }, wantpb: &ccpb.TokenOptions{ TokenType: ccpb.TokenType_TOKEN_TYPE_OIDC, }, }, { name: "LimitedAWSTokenType", tokenOptions: &models.TokenOptions{ TokenType: "LIMITED_AWS", }, wantpb: &ccpb.TokenOptions{ TokenType: ccpb.TokenType_TOKEN_TYPE_LIMITED_AWS, }, }, { name: "SingleNonce", tokenOptions: &models.TokenOptions{ Nonces: []string{"thisistheonlynonce"}, }, wantpb: &ccpb.TokenOptions{ Nonce: []string{"thisistheonlynonce"}, }, }, } for _, tc := range testCases { pbTokenOpts := convertTokenOptionsToREST(tc.tokenOptions) diff := cmp.Diff(tc.wantpb, pbTokenOpts, tokenOptionsCompareOpts...) if diff != "" { t.Errorf("%v: %s", tc.name, diff) } } } func TestConvertTokenOptionsToCSOptions(t *testing.T) { testcases := []struct { name string tokenOpts *ccpb.TokenOptions expectedOpts *ccpb.VerifyConfidentialSpaceRequest_ConfidentialSpaceOptions }{ { name: "nil input", tokenOpts: nil, expectedOpts: &ccpb.VerifyConfidentialSpaceRequest_ConfidentialSpaceOptions{ TokenProfile: ccpb.TokenProfile_TOKEN_PROFILE_DEFAULT_EAT, }, }, { name: "custom audience and nonce", tokenOpts: &ccpb.TokenOptions{ Audience: "test-audience", Nonce: []string{"test-nonce-1", "test-nonce-2"}, }, expectedOpts: &ccpb.VerifyConfidentialSpaceRequest_ConfidentialSpaceOptions{ Audience: "test-audience", Nonce: []string{"test-nonce-1", "test-nonce-2"}, TokenProfile: ccpb.TokenProfile_TOKEN_PROFILE_DEFAULT_EAT, }, }, { name: "OIDC token type", tokenOpts: &ccpb.TokenOptions{ TokenType: ccpb.TokenType_TOKEN_TYPE_OIDC, }, expectedOpts: &ccpb.VerifyConfidentialSpaceRequest_ConfidentialSpaceOptions{ SignatureType: ccpb.SignatureType_SIGNATURE_TYPE_OIDC, TokenProfile: ccpb.TokenProfile_TOKEN_PROFILE_DEFAULT_EAT, }, }, { name: "PKI token type", tokenOpts: &ccpb.TokenOptions{ TokenType: ccpb.TokenType_TOKEN_TYPE_PKI, }, expectedOpts: &ccpb.VerifyConfidentialSpaceRequest_ConfidentialSpaceOptions{ SignatureType: ccpb.SignatureType_SIGNATURE_TYPE_PKI, TokenProfile: ccpb.TokenProfile_TOKEN_PROFILE_DEFAULT_EAT, }, }, { name: "AWS token type", tokenOpts: &ccpb.TokenOptions{ TokenType: ccpb.TokenType_TOKEN_TYPE_AWS_PRINCIPALTAGS, TokenTypeOptions: &ccpb.TokenOptions_AwsPrincipalTagsOptions{ AwsPrincipalTagsOptions: &ccpb.AwsPrincipalTagsOptions{ AllowedPrincipalTags: &ccpb.AwsPrincipalTagsOptions_AllowedPrincipalTags{ ContainerImageSignatures: &ccpb.AwsPrincipalTagsOptions_AllowedPrincipalTags_ContainerImageSignatures{ KeyIds: []string{"keyid1", "keyid2"}, }, }, }, }, }, expectedOpts: &ccpb.VerifyConfidentialSpaceRequest_ConfidentialSpaceOptions{ SignatureType: ccpb.SignatureType_SIGNATURE_TYPE_OIDC, TokenProfile: ccpb.TokenProfile_TOKEN_PROFILE_AWS, TokenProfileOptions: &ccpb.VerifyConfidentialSpaceRequest_ConfidentialSpaceOptions_AwsPrincipalTagsOptions{ AwsPrincipalTagsOptions: &ccpb.AwsPrincipalTagsOptions{ AllowedPrincipalTags: &ccpb.AwsPrincipalTagsOptions_AllowedPrincipalTags{ ContainerImageSignatures: &ccpb.AwsPrincipalTagsOptions_AllowedPrincipalTags_ContainerImageSignatures{ KeyIds: []string{"keyid1", "keyid2"}, }, }, }, }, }, }, } for _, tc := range testcases { t.Run(tc.name, func(t *testing.T) { gotOpts := convertToCSOpts(tc.tokenOpts) if diff := cmp.Diff(gotOpts, tc.expectedOpts, tokenOptionsCompareOpts...); diff != "" { t.Errorf("convertToCSOpts did not return expected opts (-got, +want): %v", diff) } }) } } func TestConvertCSRequestToREST(t *testing.T) { testcases := []struct { name string verifierReq verifier.VerifyAttestationRequest expectedReq *ccpb.VerifyConfidentialSpaceRequest }{ { name: "TPM attestation request", verifierReq: verifier.VerifyAttestationRequest{ Attestation: &attestpb.Attestation{ Quotes: []*tpm.Quote{{ Quote: []byte("raw quote 1"), RawSig: []byte("raw sig 1"), Pcrs: &tpm.PCRs{ Hash: tpm.HashAlgo_SHA1, Pcrs: map[uint32][]byte{ 1: []byte("PCR A"), 2: []byte("PCR B"), }, }, }}, EventLog: []byte("test-tcg-event-log"), CanonicalEventLog: []byte("test-canonical-event-log"), AkCert: []byte("test-ak-cert"), IntermediateCerts: [][]byte{[]byte("chain-1"), []byte("chain-2")}, }, ContainerImageSignatures: []*verifier.ContainerSignature{{ Payload: []byte("test-payload"), Signature: []byte("test-signature"), }}, GcpCredentials: [][]byte{[]byte("testcredentials@google.com")}, TokenOptions: &models.TokenOptions{ Audience: "test-aud", Nonces: []string{"test-nonce"}, TokenType: "PKI", }, }, expectedReq: &ccpb.VerifyConfidentialSpaceRequest{ TeeAttestation: &ccpb.VerifyConfidentialSpaceRequest_TpmAttestation{ TpmAttestation: &ccpb.TpmAttestation{ Quotes: []*ccpb.TpmAttestation_Quote{ { RawQuote: []byte("raw quote 1"), RawSignature: []byte("raw sig 1"), HashAlgo: int32(tpm.HashAlgo_SHA1), PcrValues: map[int32][]byte{ 1: []byte("PCR A"), 2: []byte("PCR B"), }, }, }, TcgEventLog: []byte("test-tcg-event-log"), CanonicalEventLog: []byte("test-canonical-event-log"), AkCert: []byte("test-ak-cert"), CertChain: [][]byte{[]byte("chain-1"), []byte("chain-2")}, }, }, SignedEntities: []*ccpb.SignedEntity{{ ContainerImageSignatures: []*ccpb.ContainerImageSignature{{ Payload: []byte("test-payload"), Signature: []byte("test-signature"), }}, }}, GcpCredentials: &ccpb.GcpCredentials{ServiceAccountIdTokens: []string{"testcredentials@google.com"}}, Options: &ccpb.VerifyConfidentialSpaceRequest_ConfidentialSpaceOptions{ Audience: "test-aud", Nonce: []string{"test-nonce"}, TokenProfile: ccpb.TokenProfile_TOKEN_PROFILE_DEFAULT_EAT, SignatureType: ccpb.SignatureType_SIGNATURE_TYPE_PKI, }, }, }, { name: "TDCCEL Attestation", verifierReq: verifier.VerifyAttestationRequest{ TDCCELAttestation: &verifier.TDCCELAttestation{ TdQuote: []byte("test td quote"), CcelAcpiTable: []byte("test CCEL table"), CcelData: []byte("test CCEL data"), CanonicalEventLog: []byte("test CEL"), AkCert: []byte("test-ak-cert"), IntermediateCerts: [][]byte{[]byte("chain-1"), []byte("chain-2")}, }, }, expectedReq: &ccpb.VerifyConfidentialSpaceRequest{ TeeAttestation: &ccpb.VerifyConfidentialSpaceRequest_TdCcel{ TdCcel: &ccpb.TdxCcelAttestation{ TdQuote: []byte("test td quote"), CcelAcpiTable: []byte("test CCEL table"), CcelData: []byte("test CCEL data"), CanonicalEventLog: []byte("test CEL"), }, }, GceShieldedIdentity: &ccpb.GceShieldedIdentity{ AkCert: []byte("test-ak-cert"), AkCertChain: [][]byte{[]byte("chain-1"), []byte("chain-2")}, }, Options: &ccpb.VerifyConfidentialSpaceRequest_ConfidentialSpaceOptions{ TokenProfile: ccpb.TokenProfile_TOKEN_PROFILE_DEFAULT_EAT, }, GcpCredentials: &ccpb.GcpCredentials{ServiceAccountIdTokens: []string{}}, SignedEntities: []*ccpb.SignedEntity{{ContainerImageSignatures: []*ccpb.ContainerImageSignature{}}}, }, }, } cmpOpts := append( tokenOptionsCompareOpts, cmpopts.IgnoreUnexported(ccpb.VerifyConfidentialSpaceRequest{}), cmpopts.IgnoreUnexported(ccpb.TpmAttestation{}), cmpopts.IgnoreUnexported(ccpb.TpmAttestation_Quote{}), cmpopts.IgnoreUnexported(ccpb.TdxCcelAttestation{}), cmpopts.IgnoreUnexported(ccpb.GceShieldedIdentity{}), cmpopts.IgnoreUnexported(ccpb.GcpCredentials{}), cmpopts.IgnoreUnexported(ccpb.VerifyConfidentialSpaceRequest_ConfidentialSpaceOptions{}), cmpopts.IgnoreUnexported(ccpb.ContainerImageSignature{}), cmpopts.IgnoreUnexported(ccpb.SignedEntity{}), ) for _, tc := range testcases { t.Run(tc.name, func(t *testing.T) { gotReq := convertCSRequestToREST(tc.verifierReq) if diff := cmp.Diff(gotReq, tc.expectedReq, cmpOpts...); diff != "" { t.Errorf("convertCSRequestToREST returned unexpected output (-got, +want): %v", diff) } }) } } func TestConvertCSResponseFromREST(t *testing.T) { expectedResp := &verifier.VerifyAttestationResponse{ ClaimsToken: []byte("test-token"), PartialErrs: []*status.Status{ {Code: 404, Message: "Partial Error Message"}, }, } csResp := &ccpb.VerifyConfidentialSpaceResponse{ AttestationToken: string(expectedResp.ClaimsToken), PartialErrors: expectedResp.PartialErrs, } gotResp := convertCSResponseFromREST(csResp) if diff := cmp.Diff(gotResp, expectedResp, cmpopts.IgnoreUnexported(status.Status{})); diff != "" { t.Errorf("convertCSResponseFromREST(%v) did not return expected output(-got, +want): %v", csResp, diff) } } go-tpm-tools-0.4.7/verifier/util/000077500000000000000000000000001510276467000166635ustar00rootroot00000000000000go-tpm-tools-0.4.7/verifier/util/fake_attestation_server.go000066400000000000000000000102271510276467000241270ustar00rootroot00000000000000package util import ( "fmt" "io" "net/http" "net/http/httptest" "cloud.google.com/go/confidentialcomputing/apiv1/confidentialcomputingpb" "github.com/golang-jwt/jwt/v4" "golang.org/x/net/http2" "google.golang.org/protobuf/encoding/protojson" ) // FakeChallengeUUID is the challenge for fake attestation server const FakeChallengeUUID = "947b4f7b-e6d4-4cfe-971c-39ffe00268ba" // FakeTpmNonce is the tpm nonce for fake attestation server const FakeTpmNonce = "R29vZ0F0dGVzdFYxeGtJUGlRejFPOFRfTzg4QTRjdjRpQQ==" // FakeCustomNonce is the custom nonce for fake attestation server var FakeCustomNonce = []string{"1234567890", "1234567890"} // FakeCustomNonce is the custom audience for fake attestation server const FakeCustomAudience = "https://api.test.com" // MockAttestationServer provides fake implementation for the GCE attestation server. type MockAttestationServer struct { Server *httptest.Server } type fakeOidcTokenPayload struct { Audience string `json:"aud"` IssuedAt int64 `json:"iat"` ExpiredAt int64 `json:"exp"` } func (payload *fakeOidcTokenPayload) Valid() error { return nil } // NewMockAttestationServer creates a mock verifier func NewMockAttestationServer() (*MockAttestationServer, error) { handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { locationPath := "/v1/projects/test-project/locations/us-central" if r.URL.Path == locationPath { location := "{\n \"name\": \"projects/test-project/locations/us-central-1\",\n \"locationId\": \"us-central-1\"\n}\n" w.Write([]byte(location)) } challengePath := locationPath + "-1/challenges" if r.URL.Path == challengePath { challenge := "{\n \"name\": \"projects/test-project/locations/us-central-1/challenges/" + FakeChallengeUUID + "\",\n \"createTime\": \"2023-09-21T01:04:48.230111757Z\",\n \"expireTime\": \"2023-09-21T02:04:48.230111757Z\",\n \"tpmNonce\": \"" + FakeTpmNonce + "\"\n}\n" w.Write([]byte(challenge)) } verifyAttestationPath := challengePath + "/" + FakeChallengeUUID + ":verifyAttestation" if r.URL.Path == verifyAttestationPath { err := validateCustomNonceAndAudienceFromRequest(r) if err != nil { fmt.Print("error validating Custom Nonce and Custom Audience") http.Error(w, "Invalid Nonce or Audience", http.StatusBadRequest) // Return 400 Bad Request return } payload := &fakeOidcTokenPayload{ Audience: "test", IssuedAt: 1709752525, ExpiredAt: 1919752525, } jwtTokenUnsigned := jwt.NewWithClaims(jwt.SigningMethodHS256, payload) fakeJwtToken, err := jwtTokenUnsigned.SignedString([]byte("kcxjxnalpraetgccnnwhpnfwocxscaih")) if err != nil { fmt.Print("error creating test OIDC token") http.Error(w, "Invalid OIDC token creation", http.StatusBadRequest) // Return 400 Bad Request return } w.Write([]byte("{\n \"oidcClaimsToken\": \"" + fakeJwtToken + "\"\n}\n")) } }) httpServer := httptest.NewUnstartedServer(handler) if err := http2.ConfigureServer(httpServer.Config, new(http2.Server)); err != nil { return nil, fmt.Errorf("failed to configure HTTP/2 server: %v", err) } httpServer.Start() return &MockAttestationServer{Server: httpServer}, nil } // Stop shuts down the server. func (s *MockAttestationServer) Stop() { s.Server.Close() } // validateCustomNonceAndAudienceFromRequest validates the custom nonce and custom audience from a VerifyAttestationRequest. func validateCustomNonceAndAudienceFromRequest(r *http.Request) error { req := &confidentialcomputingpb.VerifyAttestationRequest{} body, err := io.ReadAll(r.Body) if err != nil { return fmt.Errorf("error reading request body: %v", err) } defer r.Body.Close() if err := protojson.Unmarshal(body, req); err != nil { return fmt.Errorf("error decoding attestation request: %v", err) } if req.TokenOptions != nil { if req.TokenOptions.Nonce != nil { if req.TokenOptions.Nonce[0] != FakeCustomNonce[0] || req.TokenOptions.Nonce[1] != FakeCustomNonce[1] { return fmt.Errorf("error comparing custom nonce: %v", err) } } if req.TokenOptions.Audience != "" { if req.TokenOptions.Audience != FakeCustomAudience { return fmt.Errorf("error comparing custom audience: %v", err) } } } return nil } go-tpm-tools-0.4.7/verifier/util/fake_metadata.go000066400000000000000000000037471510276467000217730ustar00rootroot00000000000000package util import ( "fmt" "net/http" "net/http/httptest" "os" "strings" "cloud.google.com/go/compute/metadata" ) const metadataHostEnv = "GCE_METADATA_HOST" // Instance struct for supported fake values for metadata server. type Instance struct { ProjectID string ProjectNumber string InstanceID string InstanceName string Zone string } // MetadataServer provides fake implementation for the GCE metadata server. type MetadataServer struct { server *httptest.Server oldMetadataHostEnv string responses map[string]string } // NewMetadataServer starts and hooks up a Server, serving env. // data is the mock Instance data the metadata server will respond with. func NewMetadataServer(data Instance) (*MetadataServer, error) { resp := map[string]string{} resp["project/project-id"] = data.ProjectID resp["project/numeric-project-id"] = data.ProjectNumber resp["instance/id"] = data.InstanceID resp["instance/zone"] = data.Zone resp["instance/name"] = data.InstanceName resp["instance/service-accounts/default/identity"] = "test_jwt_token" handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { path := "/computeMetadata/v1/" uri := strings.TrimPrefix(r.URL.Path, path) if uri != "" { res, found := resp[uri] if found { w.Write([]byte(res)) return } } http.Error(w, http.StatusText(http.StatusNotImplemented), http.StatusNotImplemented) }) httpServer := httptest.NewServer(handler) old := os.Getenv(metadataHostEnv) s := &MetadataServer{oldMetadataHostEnv: old, server: httpServer, responses: resp} os.Setenv(metadataHostEnv, strings.TrimPrefix(s.server.URL, "http://")) if !metadata.OnGCE() { s.Stop() return nil, fmt.Errorf("gcpmocks.NewMetadataServer: failed to fake being on a GCE instance") } return s, nil } // Stop shuts down the server and restores original metadataHostEnv env var. func (s *MetadataServer) Stop() { os.Setenv(metadataHostEnv, s.oldMetadataHostEnv) s.server.Close() } go-tpm-tools-0.4.7/verifier/util/fake_oauth2_server.go000066400000000000000000000043401510276467000227710ustar00rootroot00000000000000package util import ( "encoding/json" "net/http" "net/http/httptest" "os" ) // Application Default Credentials (ADC) is a strategy used by the Google authentication libraries to automatically find credentials based on the application environment. // ADC searches for credentials in GOOGLE_APPLICATION_CREDENTIALS environment variable first (https://cloud.google.com/docs/authentication/application-default-credentials) // We use fakeAsHostEnv to let ADC find fake credential. const oauth2CredentialHostEnv = "GOOGLE_APPLICATION_CREDENTIALS" // MockOauth2Server is a struct for mocking Oauth2Server type MockOauth2Server struct { Server *httptest.Server OriginalCred string } // NewMockOauth2Server creates a mock Oauth2 server for testing purpose func NewMockOauth2Server() (*MockOauth2Server, error) { mux := http.NewServeMux() mux.HandleFunc("/o/oauth2/auth", func(_ http.ResponseWriter, _ *http.Request) { // Unimplemented: Should return authorization code back to the user }) mux.HandleFunc("/token", func(w http.ResponseWriter, _ *http.Request) { // Should return acccess token back to the user w.Header().Set("Content-Type", "application/x-www-form-urlencoded") w.Write([]byte("access_token=mocktoken&scope=user&token_type=bearer")) }) server := httptest.NewServer(mux) // create test oauth2 credentials testCredentials := map[string]string{ "client_id": "id", "client_secret": "testdata", "refresh_token": "testdata", "type": "authorized_user", } fakeOauthCredentialData, err := json.MarshalIndent(testCredentials, "", " ") // Indent for readability if err != nil { return nil, err } file, err := os.CreateTemp("", "fake_oauth2_test_credentials") if err != nil { return nil, err } defer file.Close() _, err = file.Write(fakeOauthCredentialData) if err != nil { return nil, err } old := os.Getenv(oauth2CredentialHostEnv) os.Setenv(oauth2CredentialHostEnv, file.Name()) return &MockOauth2Server{Server: server, OriginalCred: old}, nil } // Stop cleans up the fake credential, reset the original one, and shuts down the server. func (s *MockOauth2Server) Stop() { os.Remove(os.Getenv(oauth2CredentialHostEnv)) os.Setenv(oauth2CredentialHostEnv, s.OriginalCred) s.Server.Close() } go-tpm-tools-0.4.7/verifier/util/util.go000066400000000000000000000043661510276467000202000ustar00rootroot00000000000000// Package util provides helper funtions to prepare materials for talking to attestation verifiers. package util import ( "context" "fmt" "io" "net/url" "strings" "cloud.google.com/go/compute/metadata" "github.com/google/go-tpm-tools/client" "github.com/google/go-tpm-tools/verifier" "github.com/google/go-tpm-tools/verifier/rest" "golang.org/x/oauth2/google" "google.golang.org/api/option" ) // TpmKeyFetcher abstracts the fetching of various types of Attestation Key from TPM type TpmKeyFetcher func(rw io.ReadWriter) (*client.Key, error) // PrincipalFetcher fetch ID token with specific audience from Metadata server. // See https://cloud.google.com/functions/docs/securing/authenticating#functions-bearer-token-example-go. func PrincipalFetcher(audience string, mdsClient *metadata.Client) ([][]byte, error) { u := url.URL{ Path: "instance/service-accounts/default/identity", RawQuery: url.Values{ "audience": {audience}, "format": {"full"}, }.Encode(), } idToken, err := mdsClient.Get(u.String()) if err != nil { return nil, fmt.Errorf("failed to get principal tokens: %w", err) } tokens := [][]byte{[]byte(idToken)} return tokens, nil } // NewRESTClient returns a REST verifier.Client that points to the given address. // It defaults to the Attestation Verifier instance at // https://confidentialcomputing.googleapis.com. func NewRESTClient(ctx context.Context, asAddr string, ProjectID string, Region string) (verifier.Client, error) { httpClient, err := google.DefaultClient(ctx) if err != nil { return nil, fmt.Errorf("failed to create HTTP client: %v", err) } opts := []option.ClientOption{option.WithHTTPClient(httpClient)} if asAddr != "" { opts = append(opts, option.WithEndpoint(asAddr)) } restClient, err := rest.NewClient(ctx, ProjectID, Region, opts...) if err != nil { return nil, err } return restClient, nil } // GetRegion retrieves region information from GCE metadata server func GetRegion(client *metadata.Client) (string, error) { zone, err := client.Zone() if err != nil { return "", fmt.Errorf("failed to retrieve zone from MDS: %v", err) } lastDash := strings.LastIndex(zone, "-") if lastDash == -1 { return "", fmt.Errorf("got malformed zone from MDS: %v", zone) } return zone[:lastDash], nil } go-tpm-tools-0.4.7/verifier/util/util_test.go000066400000000000000000000023751510276467000212350ustar00rootroot00000000000000package util import ( "testing" "cloud.google.com/go/compute/metadata" "github.com/google/go-cmp/cmp" ) func TestPrincipleFetcher(t *testing.T) { var dummyMetaInstance = Instance{ProjectID: "test-project", ProjectNumber: "1922337278274", Zone: "us-central-1a", InstanceID: "12345678", InstanceName: "default"} mockMdsServer, err := NewMetadataServer(dummyMetaInstance) if err != nil { t.Error(err) } defer mockMdsServer.Stop() mdsClient := metadata.NewClient(nil) gotTokens, err := PrincipalFetcher("test_audience", mdsClient) if err != nil { t.Error(err) } wantTokens := [][]byte{[]byte("test_jwt_token")} if !cmp.Equal(wantTokens, gotTokens) { t.Error("ID Token Mismatch") } } func TestGetRegion(t *testing.T) { var dummyMetaInstance = Instance{ProjectID: "test-project", ProjectNumber: "1922337278274", Zone: "us-central-1a", InstanceID: "12345678", InstanceName: "default"} mockMdsServer, err := NewMetadataServer(dummyMetaInstance) if err != nil { t.Error(err) } defer mockMdsServer.Stop() // Metadata Server (MDS). A GCP specific client. mdsClient := metadata.NewClient(nil) region, err := GetRegion(mdsClient) if err != nil { t.Errorf("Failed to GetRegion %s", err) } if region != "us-central" { t.Error("Region Mismatch") } }